From 81473488560b092439c6dcddb9f86bbb2768d8d8 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 1 Mar 2022 07:08:58 -0500 Subject: [PATCH] import hostapd-2.10-1.el9 --- .gitignore | 1 + .hostapd.metadata | 1 + SOURCES/hostapd.conf | 40 ++++ SOURCES/hostapd.conf.5 | 127 ++++++++++ SOURCES/hostapd.init | 89 ++++++++ SOURCES/hostapd.service | 12 + SOURCES/hostapd.sysconfig | 5 + SPECS/hostapd.spec | 470 ++++++++++++++++++++++++++++++++++++++ 8 files changed, 745 insertions(+) create mode 100644 .gitignore create mode 100644 .hostapd.metadata create mode 100644 SOURCES/hostapd.conf create mode 100644 SOURCES/hostapd.conf.5 create mode 100644 SOURCES/hostapd.init create mode 100644 SOURCES/hostapd.service create mode 100644 SOURCES/hostapd.sysconfig create mode 100644 SPECS/hostapd.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bcb5994 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/hostapd-2.10.tar.gz diff --git a/.hostapd.metadata b/.hostapd.metadata new file mode 100644 index 0000000..28bbf9d --- /dev/null +++ b/.hostapd.metadata @@ -0,0 +1 @@ +1012a46ed74d7760aec3cfe435eb8bac23f5dde9 SOURCES/hostapd-2.10.tar.gz diff --git a/SOURCES/hostapd.conf b/SOURCES/hostapd.conf new file mode 100644 index 0000000..1d86ab4 --- /dev/null +++ b/SOURCES/hostapd.conf @@ -0,0 +1,40 @@ +# +# This will give you a minimal, insecure wireless network. +# +# DO NOT BE SATISFIED WITH THAT!!! +# +# A complete, well commented example configuration file is +# available here: +# +# /usr/share/doc/hostapd/hostapd.conf +# +# For more information, look here: +# +# http://wireless.kernel.org/en/users/Documentation/hostapd +# + +ctrl_interface=/var/run/hostapd +ctrl_interface_group=wheel + +# Some usable default settings... +macaddr_acl=0 +auth_algs=1 +ignore_broadcast_ssid=0 + +# Uncomment these for base WPA & WPA2 support with a pre-shared key +#wpa=3 +#wpa_key_mgmt=WPA-PSK +#wpa_pairwise=TKIP +#rsn_pairwise=CCMP + +# DO NOT FORGET TO SET A WPA PASSPHRASE!! +#wpa_passphrase=YourPassPhrase + +# Most modern wireless drivers in the kernel need driver=nl80211 +driver=nl80211 + +# Customize these for your local configuration... +interface= +hw_mode= +channel= +ssid= diff --git a/SOURCES/hostapd.conf.5 b/SOURCES/hostapd.conf.5 new file mode 100644 index 0000000..3e7e2af --- /dev/null +++ b/SOURCES/hostapd.conf.5 @@ -0,0 +1,127 @@ +.\" Manpage for hostapd.conf. +.\" Original scrape of https://www.daemon-systems.org/man/hostapd.conf.5.html +.\" Contact linville@redhat.com to correct errors or typos. +.TH hostapd.conf 5 "10 Feb 2021" "1.0" "hostapd.conf man page" +.SH NAME +hostapd.conf \- configuration file for hostapd(8) utility +.SH DESCRIPTION +The hostapd.conf utility is an authenticator for IEEE 802.11 networks. +It provides full support for WPA/IEEE 802.11i and can also act as an IEEE +802.1X Authenticator with a suitable backend Authentication Server +(typically FreeRADIUS). +The configuration file consists of global parameters and domain specific +configuration: +.P +\(bu IEEE 802.1X-2004 +.P +\(bu RADIUS client +.P +\(bu RADIUS authentication server +.P +\(bu WPA/IEEE 802.11i +.SH GLOBAL PARAMETERS +The following parameters are recognized: +.SS interface +Interface name. Should be set in "hostap" mode. +.SS debug +Debugging mode: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps, +4 = excessive. +.SS dump_file +Dump file for state information (on SIGUSR1). +.SS ctrl_interface +The pathname of the directory in which hostapd(8) creates UNIX +domain socket files for communication with frontend programs such +as hostapd_cli(8). +.SS ctrl_interface_group +A group name or group ID to use in setting protection on the +control interface file. This can be set to allow non-root users +to access the control interface files. If no group is specified, +the group ID of the control interface is not modified and will, +typically, be the group ID of the directory in which the socket +is created. +.SH IEEE 802.1X-2004 PARAMETERS +The following parameters are recognized: +.SS ieee8021x +Require IEEE 802.1X authorization. +.SS eap_message +Optional displayable message sent with EAP Request-Identity. +.SS wep_key_len_broadcast +Key lengths for broadcast keys. +.SS wep_key_len_unicast +Key lengths for unicast keys. +.SS wep_rekey_period +Rekeying period in seconds. +.SS eapol_key_index_workaround +EAPOL-Key index workaround (set bit7) for WinXP Supplicant. +.SS eap_reauth_period +EAP reauthentication period in seconds. To disable +reauthentication, use "0". +.SH RADIUS CLIENT PARAMETERS +The following parameters are recognized: +.SS own_ip_addr +The own IP address of the access point (used as NAS-IP-Address). +.SS nas_identifier +Optional NAS-Identifier string for RADIUS messages. +.SS auth_server_addr, auth_server_port, auth_server_shared_secret +RADIUS authentication server parameters. Can be defined twice +for secondary servers to be used if primary one does not reply to +RADIUS packets. +.SS acct_server_addr, acct_server_port, acct_server_shared_secret +RADIUS accounting server parameters. Can be defined twice for +secondary servers to be used if primary one does not reply to +RADIUS packets. +.SS radius_retry_primary_interval +Retry interval for trying to return to the primary RADIUS server +(in seconds). +.SS radius_acct_interim_interval +Interim accounting update interval. If this is set (larger than +0) and acct_server is configured, hostapd(8) will send interim +accounting updates every N seconds. +.SH RADIUS AUTHENTICATION SERVER PARAMETERS +The following parameters are recognized: +.SS radius_server_clients +File name of the RADIUS clients configuration for the RADIUS +server. If this is commented out, RADIUS server is disabled. +.SS radius_server_auth_port +The UDP port number for the RADIUS authentication server. +.SS radius_server_ipv6 +Use IPv6 with RADIUS server. +.SH WPA/IEEE 802.11i PARAMETERS +The following parameters are recognized: +.SS wpa +Enable WPA. Setting this variable configures the AP to require +WPA (either WPA-PSK or WPA-RADIUS/EAP based on other +configuration). +.SS wpa_psk, wpa_passphrase +WPA pre-shared keys for WPA-PSK. This can be either entered as a +256-bit secret in hex format (64 hex digits), wpa_psk, or as an +ASCII passphrase (8..63 characters) that will be converted to +PSK. This conversion uses SSID so the PSK changes when ASCII +passphrase is used and the SSID is changed. +.SS wpa_psk_file +Optionally, WPA PSKs can be read from a separate text file +(containing a list of (PSK,MAC address) pairs. +.SS wpa_key_mgmt +Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or +both). +.SS wpa_pairwise +Set of accepted cipher suites (encryption algorithms) for +pairwise keys (unicast packets). See the example file for more +information. +.SS wpa_group_rekey +Time interval for rekeying GTK (broadcast/multicast encryption +keys) in seconds. +.SS wpa_strict_rekey +Rekey GTK when any STA that possesses the current GTK is leaving +the BSS. +.SS wpa_gmk_rekey +Time interval for rekeying GMK (master key used internally to +generate GTKs (in seconds). +.SH SEE ALSO +hostapd(8), hostapd_cli(8), /usr/share/examples/hostapd/hostapd.conf +.SH HISTORY +The hostapd.conf manual page and hostapd(8) functionality first appeared +in NetBSD 4.0. +.SH AUTHORS +This manual page is derived from the README and hostapd.conf files in the +hostapd distribution provided by Jouni Malinen . diff --git a/SOURCES/hostapd.init b/SOURCES/hostapd.init new file mode 100644 index 0000000..707761a --- /dev/null +++ b/SOURCES/hostapd.init @@ -0,0 +1,89 @@ +#!/bin/bash +# +# hostapd +# +# chkconfig: - 23 88 +# description: hostapd is a user space daemon for access point and +# authentication servers. It implements IEEE 802.11 access point +# management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS +# authentication server. +# processname: hostapd +# config: /etc/hostapd/hostapd.conf +# +### BEGIN INIT INFO +# Provides: hostapd +# Required-Start: $network +# Required-Stop: $network +# Default-Start: +# Default-Stop: 0 1 6 +# Short-Description: start and stop hostapd +# Description: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator +### END INIT INFO + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +exec="/usr/sbin/hostapd" +prog=hostapd +conf="/etc/hostapd/hostapd.conf" +lockfile=/var/lock/subsys/$prog + +[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog + +start() { + echo -n $"Starting $prog: $conf" + daemon $prog -B $OTHER_ARGS $conf + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + killproc $prog + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + stop + start +} + +reload() { + restart +} + +force_reload() { + restart +} + +fdr_status() { + status $prog +} + + +case "$1" in + start|stop|restart|reload) + $1 + ;; + force-reload) + force_reload + ;; + status) + fdr_status + ;; + condrestart|try-restart) + [ -f $lockfile ] && restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|try-restart|reload|force-reload}" + exit 1 +esac + diff --git a/SOURCES/hostapd.service b/SOURCES/hostapd.service new file mode 100644 index 0000000..d7c2ca0 --- /dev/null +++ b/SOURCES/hostapd.service @@ -0,0 +1,12 @@ +[Unit] +Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator +After=network.target + +[Service] +Type=forking +PIDFile=/run/hostapd.pid +EnvironmentFile=/etc/sysconfig/hostapd +ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B $OTHER_ARGS + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/hostapd.sysconfig b/SOURCES/hostapd.sysconfig new file mode 100644 index 0000000..1d9f8e3 --- /dev/null +++ b/SOURCES/hostapd.sysconfig @@ -0,0 +1,5 @@ +# Other arguments +# -d show more debug messages (-dd for even more) +# -K include key data in debug messages +# -t include timestamps in some debug messages +OTHER_ARGS="" diff --git a/SPECS/hostapd.spec b/SPECS/hostapd.spec new file mode 100644 index 0000000..e45644a --- /dev/null +++ b/SPECS/hostapd.spec @@ -0,0 +1,470 @@ +%global _hardened_build 1 + +Name: hostapd +Version: 2.10 +Release: 1%{?dist} +Summary: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator +License: BSD +URL: http://w1.fi/hostapd + +Source0: http://w1.fi/releases/%{name}-%{version}.tar.gz +Source1: %{name}.service +Source2: %{name}.conf +Source3: %{name}.conf.5 +Source4: %{name}.sysconfig +Source5: %{name}.init + +BuildRequires: libnl3-devel +BuildRequires: openssl-devel +BuildRequires: perl-generators +BuildRequires: gcc + +%if 0%{?fedora} || 0%{?rhel} >= 7 +BuildRequires: systemd +BuildRequires: make +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +%endif + +%if 0%{?rhel} == 6 +Requires(post): /sbin/chkconfig +Requires(preun): /sbin/chkconfig +Requires(preun): /sbin/service +Requires(postun): /sbin/service +%endif + +%description +%{name} is a user space daemon for access point and authentication servers. It +implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP +Authenticators and RADIUS authentication server. + +%{name} is designed to be a "daemon" program that runs in the back-ground and +acts as the backend component controlling authentication. %{name} supports +separate frontend programs and an example text-based frontend, hostapd_cli, is +included with %{name}. + +%package logwatch +Summary: Logwatch scripts for hostapd +Requires: %{name} = %{version}-%{release} +Requires: logwatch +%if 0%{?rhel} == 6 || 0%{?rhel} == 7 +Requires: perl +%else +Requires: perl-interpreter +%endif + +%description logwatch +Logwatch scripts for hostapd. + +%prep +%setup -q + +%build +cd hostapd +cat defconfig | sed \ + -e '$ a CONFIG_SAE=y' \ + -e '$ a CONFIG_SUITEB192=y' \ + -e '$ a CONFIG_TLS_DEFAULT_CIPHERS="PROFILE=SYSTEM:3DES"' \ + -e '/^#CONFIG_DRIVER_NL80211=y/s/^#//' \ + -e '/^#CONFIG_RADIUS_SERVER=y/s/^#//' \ + -e '/^#CONFIG_DRIVER_WIRED=y/s/^#//' \ + -e '/^#CONFIG_DRIVER_NONE=y/s/^#//' \ + -e '/^#CONFIG_IEEE80211N=y/s/^#//' \ + -e '/^#CONFIG_IEEE80211R=y/s/^#//' \ + -e '/^#CONFIG_IEEE80211AC=y/s/^#//' \ + -e '/^#CONFIG_FULL_DYNAMIC_VLAN=y/s/^#//' \ + -e '/^#CONFIG_LIBNL32=y/s/^#//' \ + -e '/^#CONFIG_ACS=y/s/^#//' \ + -e '/^#CONFIG_OWE=y/s/^#//' \ + > .config +echo "CFLAGS += -I%{_includedir}/libnl3" >> .config +echo "LIBS += -L%{_libdir}" >> .config +export CFLAGS="${CFLAGS:-%optflags} -fPIE -DPIE" +export CXXFLAGS="${CXXFLAGS:-%optflags} -fPIE -DPIE" +export LDFLAGS="${LDFLAGS:-%optflags} -pie -Wl,-z,now" +make %{?_smp_mflags} V=1 + +%install +%if 0%{?fedora} || 0%{?rhel} >= 7 + +# Systemd unit files +install -p -m 644 -D %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service + +%else + +# Initscripts +install -p -m 755 -D %{SOURCE5} %{buildroot}%{_initrddir}/%{name} + +%endif + +# logwatch files +install -d %{buildroot}/%{_sysconfdir}/logwatch/conf/services +install -pm 0644 %{name}/logwatch/%{name}.conf \ + %{buildroot}/%{_sysconfdir}/logwatch/conf/services/%{name}.conf +install -d %{buildroot}/%{_sysconfdir}/logwatch/scripts/services +install -pm 0755 %{name}/logwatch/%{name} \ + %{buildroot}/%{_sysconfdir}/logwatch/scripts/services/%{name} + +# config files +install -d %{buildroot}/%{_sysconfdir}/%{name} +install -pm 0600 %{SOURCE2} %{buildroot}/%{_sysconfdir}/%{name} + +install -d %{buildroot}/%{_sysconfdir}/sysconfig +install -pm 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/sysconfig/%{name} + +# binaries +install -d %{buildroot}/%{_sbindir} +install -pm 0755 %{name}/%{name} %{buildroot}%{_sbindir}/%{name} +install -pm 0755 %{name}/%{name}_cli %{buildroot}%{_sbindir}/%{name}_cli + +# man pages +install -d %{buildroot}%{_mandir}/man{1,5,8} +install -pm 0644 %{name}/%{name}_cli.1 %{buildroot}%{_mandir}/man1 +install -pm 0644 %{SOURCE3} %{buildroot}%{_mandir}/man5 +install -pm 0644 %{name}/%{name}.8 %{buildroot}%{_mandir}/man8 + +# prepare docs +cp %{name}/README ./README.%{name} +cp %{name}/README-WPS ./README-WPS.%{name} +cp %{name}/logwatch/README ./README.logwatch + +%if 0%{?fedora} || 0%{?rhel} >= 7 + +%post +%systemd_post %{name}.service + +%preun +%systemd_preun %{name}.service + +%postun +%systemd_postun_with_restart %{name}.service + +%endif + +%if 0%{?rhel} == 6 + +%post +/sbin/chkconfig --add %{name} + +%preun +if [ $1 -eq 0 ]; then + /sbin/service %{name} stop >/dev/null 2>&1 || : + /sbin/chkconfig --del %{name} +fi + +%postun +if [ $1 -ge 1 ]; then + /sbin/service %{name} condrestart >/dev/null 2>&1 || : +fi + +%endif + +%files +%license COPYING +%doc README README.hostapd README-WPS.hostapd +%doc %{name}/%{name}.conf %{name}/wired.conf +%doc %{name}/%{name}.accept %{name}/%{name}.deny +%doc %{name}/%{name}.eap_user %{name}/%{name}.radius_clients +%doc %{name}/%{name}.vlan %{name}/%{name}.wpa_psk +%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf +%config(noreplace) %{_sysconfdir}/sysconfig/%{name} +%{_sbindir}/%{name} +%{_sbindir}/%{name}_cli +%dir %{_sysconfdir}/%{name} +%{_mandir}/man1/* +%{_mandir}/man5/* +%{_mandir}/man8/* +%if 0%{?fedora} || 0%{?rhel} >= 7 +%{_unitdir}/%{name}.service +%else +%{_initrddir}/%{name} +%endif + +%files logwatch +%doc %{name}/logwatch/README +%config(noreplace) %{_sysconfdir}/logwatch/conf/services/%{name}.conf +%{_sysconfdir}/logwatch/scripts/services/%{name} + +%changelog +* Fri Jan 21 2022 Davide Caratti - 2.10-1 +- Update to version 2.10 + +* Wed Dec 22 2021 Davide Caratti - 2.9-17 +- fix typo while enabling support for suite B-192 + +* Wed Dec 22 2021 Davide Caratti - 2.9-16 +- fix CONFIG_TLS_DEFAULT_CIPHERS to allow 3DES + +* Mon Dec 20 2021 Davide Caratti - 2.9-15 +- Disable 'badfuncs' in rpminspect tests +- Build with -fPIE, and enable verbose build log +- enable CONFIG_SUITEB192 + +* Fri Dec 17 2021 Tomas Pelka - 2.9-14 +- Bump release and rebuilt to trigger gating process + +* Tue Sep 14 2021 Sahana Prasad - 2.9-13 +- Rebuilt with OpenSSL 3.0.0 + +* Fri Sep 3 2021 Davide Caratti - 2.9-12 +- backport fix for NetworkManager-ci failures with openssl-3.0.0 + +* Thu Jul 22 2021 Fedora Release Engineering - 2.9-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue May 11 2021 John W. Linville - 2.9-10 +- Enable CONFIG_OWE build option in order to provide WPA3 capability + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 2.9-9 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Wed Feb 10 2021 John W. Linville - 2.9-8 +- Add hostapd.conf.5 man file, with content borrowed from NetBSD + +* Tue Jan 26 2021 Fedora Release Engineering - 2.9-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Dec 10 2020 John W. Linville - 2.9-6 +- Enable environment file in hostapd service definition + +* Tue Jul 28 2020 Fedora Release Engineering - 2.9-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jun 24 2020 John W. Linville - 2.9-4 +- Fix CVE-2020-12695 (UPnP SUBSCRIBE misbehavior in hostapd WPS AP) + +* Wed Jan 29 2020 Fedora Release Engineering - 2.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Oct 30 2019 John W. Linville - 2.9-2 +- Fix CVE-2019-16275 (AP mode PMF disconnection protection bypass) + +* Fri Aug 09 2019 John W. Linville - 2.9-1 +- Update to version 2.9 from upstream + +* Thu Jul 25 2019 Fedora Release Engineering - 2.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Wed Jul 03 2019 Lubomir Rintel - 2.8-2 +- Enable SAE + +* Wed May 15 2019 John W. Linville - 2.8-1 +- Update to version 2.8 from upstream +- Drop obsoleted patches + +* Fri Apr 12 2019 John W. Linville - 2.7-2 +- Bump N-V-R for rebuild + +* Fri Apr 12 2019 John W. Linville - 2.7-1 +- Update to version 2.7 from upstream +- Remove obsolete patches for NL80211_ATTR_SMPS_MODE encoding and KRACK +- Fix CVE-2019-9494 (cache attack against SAE) +- Fix CVE-2019-9495 (cache attack against EAP-pwd) +- Fix CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP) +- Fix CVE-2019-9497 (EAP-pwd server not checking for reflection attack) +- Fix CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element) +- Fix CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element) + +* Fri Feb 01 2019 Fedora Release Engineering - 2.6-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jul 20 2018 John W. Linville - 2.6-11 +- Add previously unnecessary BuildRequires for gcc + +* Fri Jul 13 2018 Fedora Release Engineering - 2.6-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue May 29 2018 Davide Caratti - 2.6-9 +- backport fix for Fix NL80211_ATTR_SMPS_MODE encoding (rh #1582839) + +* Wed Feb 07 2018 Fedora Release Engineering - 2.6-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Dec 07 2017 Simone Caronni - 2.6-7 +- Fix dependencies on the logwatch package for RHEL/CentOS. + +* Fri Nov 03 2017 Xavier Bachelot - 2.6-6 +- Add patches for KRACK : CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, + CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, + CVE-2017-13087, CVE-2017-13088 (RHBZ#1502588). + +* Wed Aug 02 2017 Fedora Release Engineering - 2.6-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 2.6-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Thu Jul 13 2017 Petr Pisar - 2.6-3 +- perl dependency renamed to perl-interpreter + + +* Fri Feb 10 2017 Fedora Release Engineering - 2.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Oct 03 2016 John W. Linville - 2.6-1 +- Update to version 2.6 from upstream +- Remove patch for CVE-2016-4476, now included in base tarball + +* Fri Jul 15 2016 John W. Linville - 2.5-5 +- Bump NVR and rebuild to resolve GLIBC_2.24 symbol issue + +* Mon Jun 06 2016 John W. Linville - 2.5-4 +- Add WPS patch for CVE-2016-4476 + +* Tue Apr 19 2016 Sascha Spreitzer - 2.5-3 +- Enable ACS feature (automatic channel switching) + +* Wed Feb 03 2016 Fedora Release Engineering - 2.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Oct 13 2015 John W. Linville - 2.5-1 +- Update to version 2.5 from upstream +- Remove patches made redundant by version update + +* Fri Jul 10 2015 John W. Linville - 2.4-3 +- apply fix for NDEF record payload length checking + +* Wed Jun 17 2015 Fedora Release Engineering - 2.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri May 15 2015 John W. Linville - 2.4-2 +- apply fix for underflow in WMM action frame parser + +* Tue Apr 21 2015 John W. Linville - 2.4-1 +- Update to version 2.4 from upstream +- Enable support for IEEE802.11r and IEEE802.11ac + +* Wed Feb 4 2015 John W. Linville - 2.3-4 +- Use %%license instead of %%doc for file containing license information + +* Sun Nov 02 2014 poma - 2.3-3 +- Further simplify hostapd.conf installation +- Rebase "EAP-TLS server" patch to 2.3 + +* Tue Oct 28 2014 John W. Linville - 2.3-2 +- Remove version info from /usr/share/doc/hostapd/hostapd.conf + +* Thu Oct 23 2014 John W. Linville - 2.3-1 +- Update to version 2.3 from upstream + +* Sat Aug 16 2014 Fedora Release Engineering - 2.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 2.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu Jun 5 2014 John W. Linville - 2.2-1 +- Update to version 2.2 from upstream + +* Sat Feb 22 2014 Simone Caronni - 2.1-2 +- Re-enable drivers (#1068849). + +* Fri Feb 14 2014 John W. Linville - 2.1-1 +- Update to version 2.1 from upstream +- Remove obsolete patch for libnl build documentation + +* Mon Feb 03 2014 Simone Caronni - 2.0-6 +- Add libnl build documentation and switch libnl-devel to libnl3-devel build + dependency (#1041471). + +* Fri Nov 22 2013 John W. Linville - 2.0-5 +- Enable CONFIG_FULL_DYNAMIC_VLAN build option + +* Wed Aug 07 2013 Simone Caronni - 2.0-4 +- Add EPEL 6 support. +- Remove obsolete EPEL 5 tags. +- Little spec file formatting. + +* Sat Aug 03 2013 Fedora Release Engineering - 2.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 17 2013 Petr Pisar - 2.0-2 +- Perl 5.18 rebuild + +* Thu May 30 2013 John W. Linville - 2.0-1 +- Update to version 2.0 from upstream +- Convert to use of systemd-rpm macros +- Build with PIE flags + +* Thu Feb 14 2013 Fedora Release Engineering - 1.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Oct 8 2012 John W. Linville - 1.0-3 +- EAP-TLS: Add extra validation for TLS Message Length + +* Thu Jul 19 2012 Fedora Release Engineering - 1.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jun 8 2012 John W. Linville - 1.0-1 +- Update to version 1.0 from upstream + +* Fri Jun 8 2012 John W. Linville - 0.7.3-9 +- Remove hostapd-specific runtime state directory + +* Wed Jun 6 2012 John W. Linville - 0.7.3-8 +- Fixup typo in pid file path in hostapd.service + +* Wed May 30 2012 John W. Linville - 0.7.3-7 +- Add BuildRequires for systemd-units + +* Fri May 25 2012 John W. Linville - 0.7.3-6 +- Fixup typo in configuration file path in hostapd.service +- Tighten-up default permissions for hostapd.conf + +* Tue Feb 28 2012 Jon Ciesla - 0.7.3-5 +- Migrate to systemd, BZ 770310. + +* Wed Jan 18 2012 John W. Linville - 0.7.3-4 +- Add reference to sample hostapd.conf in the default installed version +- Include README-WPS from the hostapd distribution as part of the docs + +* Fri Jan 13 2012 Fedora Release Engineering - 0.7.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Feb 09 2011 Fedora Release Engineering - 0.7.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Dec 23 2010 John W. Linville - 0.7.3-1 +- Update to version 0.7.3 + +* Wed Nov 24 2010 John W. Linville - 0.6.10-3 +- Use ghost directive for /var/run/hostapd +- Remove some rpmlint warnings + +* Thu May 27 2010 John W. Linville - 0.6.10-2 +- Move DTIM period configuration into Beacon set operation + +* Mon May 10 2010 John W. Linville - 0.6.10-1 +- Update to version 0.6.10 + +* Tue Jan 19 2010 John W. Linville - 0.6.9-8 +- Do not compress man pages manually in spec file +- Correct date of previous changelog entry + +* Thu Jan 14 2010 John W. Linville - 0.6.9-7 +- Enable 802.11n support + +* Thu Dec 17 2009 John W. Linville - 0.6.9-6 +- Enable RADIUS server +- Enable "wired" and "none" drivers +- Use BSD license option + +* Wed Dec 16 2009 John W. Linville - 0.6.9-5 +- Use openssl instead of gnutls (broken) + +* Wed Dec 16 2009 John W. Linville - 0.6.9-4 +- Remove wired.conf from doc (not in chosen configuration) +- Use $RPM_OPT_FLAGS +- Add dist tag + +* Wed Dec 16 2009 John W. Linville - 0.6.9-3 +- Use gnutls instead of openssl +- Turn-off internal EAP server (broken w/ gnutls) +- Remove doc files not applicable to chosen configuration +- Un-mangle README filename for logwatch sub-package + +* Wed Dec 16 2009 John W. Linville - 0.6.9-2 +- Initial build +- Start release at 2 to avoid conflicts w/ previous attempts by others