Hello community, here is the log from the commit of package wpa_supplicant for openSUSE:Factory checked in at 2016-03-01 09:39:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/wpa_supplicant (Old) and /work/SRC/openSUSE:Factory/.wpa_supplicant.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "wpa_supplicant" Changes: -------- --- /work/SRC/openSUSE:Factory/wpa_supplicant/wpa_supplicant.changes 2015-05-10 10:56:19.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.wpa_supplicant.new/wpa_supplicant.changes 2016-03-01 09:39:21.000000000 +0100 @@ -1,0 +2,110 @@ +Fri Feb 26 21:10:55 UTC 2016 - crrodrig...@opensuse.org + +- Revert CONFIG_ELOOP_EPOLL=y, it is broken in combination + with CONFIG_DBUS=yes. + +------------------------------------------------------------------- +Sat Feb 20 16:56:01 UTC 2016 - crrodrig...@opensuse.org + +- spec: Compile the GUI against QT5 in 13.2 and later. + +------------------------------------------------------------------- +Thu Feb 18 15:36:23 UTC 2016 - crrodrig...@opensuse.org + +- Previous update did not include version 2.5 tarball + or changed the version number in spec, only the changelog + and removed patches. +- config: set CONFIG_NO_RANDOM_POOL=y, we have a reliable· + random number generator by using /dev/urandom, no need to + keep an internal random number pool which draws entropy from + /dev/random. +- config: prefer using epoll(7) instead of select(2) + by setting CONFIG_ELOOP_EPOLL=y +- wpa_supplicant-getrandom.patch: Prefer to use the getrandom(2) + system call to collect entropy. if it is not present disable + buffering when reading /dev/urandom, otherwise each os_get_random() + call will request BUFSIZ of entropy instead of the few needed bytes. + +------------------------------------------------------------------- +Wed Feb 17 13:47:43 UTC 2016 - lnus...@suse.de + +- add aliases for both provided dbus names to avoid systemd stopping the + service when switching runlevels (boo#966535) + +------------------------------------------------------------------- +Thu Feb 4 10:18:54 UTC 2016 - mich...@stroeder.com + +- removed obsolete security patches: + * 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch + * 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch + * 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch + * 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch + * wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch + * 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch + * 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch + * 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch + * 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch +- Update to upstream release 2.5 + * fixed P2P validation of SSID element length before copying it + [http://w1.fi/security/2015-1/] (CVE-2015-1863) + * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding + [http://w1.fi/security/2015-2/] (CVE-2015-4141) + * fixed WMM Action frame parser (AP mode) + [http://w1.fi/security/2015-3/] (CVE-2015-4142) + * fixed EAP-pwd peer missing payload length validation + [http://w1.fi/security/2015-4/] + (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146) + * fixed validation of WPS and P2P NFC NDEF record payload length + [http://w1.fi/security/2015-5/] + * nl80211: + - added VHT configuration for IBSS + - fixed vendor command handling to check OUI properly + - allow driver-based roaming to change ESS + * added AVG_BEACON_RSSI to SIGNAL_POLL output + * wpa_cli: added tab completion for number of commands + * removed unmaintained and not yet completed SChannel/CryptoAPI support + * modified Extended Capabilities element use in Probe Request frames to + include all cases if any of the values are non-zero + * added support for dynamically creating/removing a virtual interface + with interface_add/interface_remove + * added support for hashed password (NtHash) in EAP-pwd peer + * added support for memory-only PSK/passphrase (mem_only_psk=1 and + CTRL-REQ/RSP-PSK_PASSPHRASE) + * P2P + - optimize scan frequencies list when re-joining a persistent group + - fixed number of sequences with nl80211 P2P Device interface + - added operating class 125 for P2P use cases (this allows 5 GHz + channels 161 and 169 to be used if they are enabled in the current + regulatory domain) + - number of fixes to P2PS functionality + - do not allow 40 MHz co-ex PRI/SEC switch to force MCC + - extended support for preferred channel listing + * D-Bus: + - fixed WPS property of fi.w1.wpa_supplicant1.BSS interface + - fixed PresenceRequest to use group interface + - added new signals: FindStopped, WPS pbc-overlap, + GroupFormationFailure, WPS timeout, InvitationReceived + - added new methods: WPS Cancel, P2P Cancel, Reconnect, RemoveClient + - added manufacturer info + * added EAP-EKE peer support for deriving Session-Id + * added wps_priority configuration parameter to set the default priority + for all network profiles added by WPS + * added support to request a scan with specific SSIDs with the SCAN + command (optional "ssid <hexdump>" arguments) + * removed support for WEP40/WEP104 as a group cipher with WPA/WPA2 + * fixed SAE group selection in an error case + * modified SAE routines to be more robust and PWE generation to be + stronger against timing attacks + * added support for Brainpool Elliptic Curves with SAE + * added support for CCMP-256 and GCMP-256 as group ciphers with FT + * fixed BSS selection based on estimated throughput + * added option to disable TLSv1.0 with OpenSSL + (phase1="tls_disable_tlsv1_0=1") + * added Fast Session Transfer (FST) module + * fixed OpenSSL PKCS#12 extra certificate handling + * fixed key derivation for Suite B 192-bit AKM (this breaks + compatibility with the earlier version) + * added RSN IE to Mesh Peering Open/Confirm frames + * number of small fixes + +------------------------------------------------------------------- Old: ---- 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch wpa_supplicant-2.4.tar.gz New: ---- wpa_supplicant-2.5.tar.gz wpa_supplicant-getrandom.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wpa_supplicant.spec ++++++ --- /var/tmp/diff_new_pack.vqEcVk/_old 2016-03-01 09:39:23.000000000 +0100 +++ /var/tmp/diff_new_pack.vqEcVk/_new 2016-03-01 09:39:23.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package wpa_supplicant # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,24 +16,16 @@ # -Name: wpa_supplicant -BuildRequires: dbus-1-devel -BuildRequires: libqt4 -BuildRequires: libqt4-devel -BuildRequires: openssl-devel -BuildRequires: pkg-config -BuildRequires: readline-devel -%if 0%{?suse_version} > 1230 -BuildRequires: systemd-rpm-macros -%systemd_requires +%if ! %{defined _rundir} +%define _rundir %{_localstatedir}/run %endif -BuildRequires: libnl3-devel -Url: http://hostap.epitest.fi/wpa_supplicant/ -Version: 2.4 +Name: wpa_supplicant +Version: 2.5 Release: 0 Summary: WPA supplicant implementation License: BSD-3-Clause and GPL-2.0+ Group: Productivity/Networking/Other +Url: http://hostap.epitest.fi/wpa_supplicant/ Source: http://hostap.epitest.fi/releases/wpa_supplicant-%{version}.tar.gz Source1: config Source2: %{name}.conf @@ -47,29 +39,26 @@ # wpa_supplicant-sigusr1-changes-debuglevel.patch won't go upstream as it # is not portable Patch2: wpa_supplicant-sigusr1-changes-debuglevel.patch -Patch3: 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch -Patch4: wpa_supplicant-alloc_size.patch -# PATCH-FIX-UPSTREAM wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch arch#44740 zai...@opensuse.org -- Fix Segmentation fault in wpa_supplicant. Patch taken from upstream master git. -Patch5: wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch -# PATCH-FIX-UPSTREAM 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch bnc#930077 -Patch6: 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch -# PATCH-FIX-UPSTREAM 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch bnc#930078 -Patch7: 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch -# PATCH-FIX-UPSTREAM 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch bnc#930079 -Patch8: 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch -# PATCH-FIX-UPSTREAM 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch bnc#930079 -Patch9: 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch -# PATCH-FIX-UPSTREAM 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch bnc#930079 -Patch10: 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch -# PATCH-FIX-UPSTREAM 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch bnc#930079 -Patch11: 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch -# PATCH-FIX-UPSTREAM 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch bnc#930079 -Patch12: 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch - -BuildRoot: %{_tmppath}/%{name}-%{version}-build +Patch3: wpa_supplicant-alloc_size.patch +Patch4: wpa_supplicant-getrandom.patch +BuildRequires: dbus-1-devel +BuildRequires: libnl3-devel +%if 0%{?suse_version} < 1320 +BuildRequires: libqt4 +BuildRequires: libqt4-devel +%else +BuildRequires: pkgconfig(Qt5Core) +BuildRequires: pkgconfig(Qt5Gui) +BuildRequires: pkgconfig(Qt5Widgets) +%endif +BuildRequires: openssl-devel +BuildRequires: pkg-config +BuildRequires: readline-devel Requires: logrotate -%if ! %{defined _rundir} -%define _rundir %{_localstatedir}/run +BuildRoot: %{_tmppath}/%{name}-%{version}-build +%if 0%{?suse_version} > 1230 +BuildRequires: systemd-rpm-macros +%systemd_requires %endif %description @@ -78,11 +67,6 @@ negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. - -Authors: --------- - Jouni Malinen <jkmal...@cc.hut.fi> - %package gui Summary: WPA supplicant graphical front-end Group: System/Monitoring @@ -92,33 +76,23 @@ This package contains a graphical front-end to wpa_supplicant, an implementation of the WPA Supplicant component. - -Authors: --------- - Jouni Malinen <jkmal...@cc.hut.fi> - %prep %setup -q -n wpa_supplicant-%{version} rm -rf wpa_supplicant-%{version}/patches cp %{SOURCE1} wpa_supplicant/.config -%patch1 -p0 +%patch1 %patch2 -p1 %patch3 -p1 %patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 - %build cd wpa_supplicant -CFLAGS="$RPM_OPT_FLAGS" make V=1 %{?_smp_mflags} +CFLAGS="%{optflags}" make V=1 %{?_smp_mflags} cd wpa_gui-qt4 -qmake QMAKE_CXXFLAGS="$RPM_OPT_FLAGS" QMAKE_CFLAGS="$RPM_OPT_FLAGS" +%if 0%{?suse_version} < 1320 +qmake QMAKE_CXXFLAGS="%{optflags}" QMAKE_CFLAGS="%{optflags}" +%else +qmake-qt5 QMAKE_CXXFLAGS="%{optflags}" QMAKE_CFLAGS="%{optflags}" +%endif make %{?_smp_mflags} %install @@ -149,6 +123,11 @@ %endif # avoid spurious dependency on /usr/bin/python chmod -x wpa_supplicant/examples/*.py +%if 0%{?suse_version} > 1230 +# dbus auto activation boo#966535 +ln -s wpa_supplicant.service %{buildroot}%{_unitdir}/dbus-fi.epitest.hostap.WPASupplicant.service +ln -s wpa_supplicant.service %{buildroot}%{_unitdir}/dbus-fi.w1.wpa_supplicant1.service +%endif %if 0%{?suse_version} > 1230 %pre @@ -180,15 +159,17 @@ %endif %if 0%{?suse_version} > 1230 %{_unitdir}/wpa_supplicant.service +%{_unitdir}/dbus-fi.epitest.hostap.WPASupplicant.service +%{_unitdir}/dbus-fi.w1.wpa_supplicant1.service %endif %dir %{_sysconfdir}/%{name} -%doc %{_mandir}/man8/* +%{_mandir}/man8/* %exclude %{_mandir}/man8/wpa_gui.* -%doc %{_mandir}/man5/* +%{_mandir}/man5/* %files gui %defattr(-,root,root) -/usr/sbin/wpa_gui -%doc %{_mandir}/man8/wpa_gui.* +%{_sbindir}/wpa_gui +%{_mandir}/man8/wpa_gui.* %changelog ++++++ config ++++++ --- /var/tmp/diff_new_pack.vqEcVk/_old 2016-03-01 09:39:23.000000000 +0100 +++ /var/tmp/diff_new_pack.vqEcVk/_new 2016-03-01 09:39:23.000000000 +0100 @@ -433,7 +433,7 @@ # disabled. This will save some in binary size and CPU use. However, this # should only be considered for builds that are known to be used on devices # that meet the requirements described above. -#CONFIG_NO_RANDOM_POOL=y +CONFIG_NO_RANDOM_POOL=y # IEEE 802.11n (High Throughput) support (mainly for AP mode) CONFIG_IEEE80211N=y ++++++ wpa_supplicant-2.4.tar.gz -> wpa_supplicant-2.5.tar.gz ++++++ ++++ 43861 lines of diff (skipped) ++++++ wpa_supplicant-getrandom.patch ++++++ --- wpa_supplicant-2.4.orig/src/utils/os_unix.c +++ wpa_supplicant-2.4/src/utils/os_unix.c @@ -6,11 +6,15 @@ * See README for more details. */ +#ifndef _GNU_SOURCE +#define _GNU_SOURCE +#endif #include "includes.h" #include <time.h> #include <sys/wait.h> - +#include <sys/syscall.h> +#include <unistd.h> #ifdef ANDROID #include <sys/capability.h> #include <sys/prctl.h> @@ -223,6 +227,10 @@ void os_daemonize_terminate(const char * int os_get_random(unsigned char *buf, size_t len) { +#ifdef SYS_getrandom + int gr = TEMP_FAILURE_RETRY(syscall(SYS_getrandom, buf, len, 0)); + return (gr != -1 && gr == len) ? 0 : -1; +#else FILE *f; size_t rc; @@ -232,10 +240,13 @@ int os_get_random(unsigned char *buf, si return -1; } + setbuf(f, NULL); + rc = fread(buf, 1, len, f); fclose(f); return rc != len ? -1 : 0; +#endif }
