new release 2.4, backport CVE-2015-1863 fix, drop libeap
This commit is contained in:
parent
3391589fc4
commit
47da8a0463
1
.gitignore
vendored
1
.gitignore
vendored
@ -15,3 +15,4 @@ wpa_supplicant-0.6.8.tar.gz
|
||||
/wpa_supplicant-1.1.tar.gz
|
||||
/wpa_supplicant-2.0.tar.gz
|
||||
/wpa_supplicant-2.3.tar.gz
|
||||
/wpa_supplicant-2.4.tar.gz
|
||||
|
@ -1,143 +0,0 @@
|
||||
From 89de07a9442072f88d49869d8ecd8d42bae050a0 Mon Sep 17 00:00:00 2001
|
||||
From: Jouni Malinen <jouni@qca.qualcomm.com>
|
||||
Date: Mon, 6 Oct 2014 16:27:44 +0300
|
||||
Subject: [PATCH 1/2] Add os_exec() helper to run external programs
|
||||
|
||||
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
||||
---
|
||||
src/utils/os.h | 9 +++++++++
|
||||
src/utils/os_unix.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
src/utils/os_win32.c | 6 ++++++
|
||||
3 files changed, 70 insertions(+)
|
||||
|
||||
diff --git a/src/utils/os.h b/src/utils/os.h
|
||||
index f196209..b9247d8 100644
|
||||
--- a/src/utils/os.h
|
||||
+++ b/src/utils/os.h
|
||||
@@ -597,14 +597,23 @@ size_t os_strlcpy(char *dest, const char *src, size_t siz);
|
||||
* Returns: Total length of the target string (length of src) (not including
|
||||
* NUL-termination)
|
||||
*
|
||||
* This function matches in behavior with the strlcpy(3) function in OpenBSD.
|
||||
*/
|
||||
size_t os_strlcpy(char *dest, const char *src, size_t siz);
|
||||
|
||||
+/**
|
||||
+ * os_exec - Execute an external program
|
||||
+ * @program: Path to the program
|
||||
+ * @arg: Command line argument string
|
||||
+ * @wait_completion: Whether to wait until the program execution completes
|
||||
+ * Returns: 0 on success, -1 on error
|
||||
+ */
|
||||
+int os_exec(const char *program, const char *arg, int wait_completion);
|
||||
+
|
||||
|
||||
#ifdef OS_REJECT_C_LIB_FUNCTIONS
|
||||
#define malloc OS_DO_NOT_USE_malloc
|
||||
#define realloc OS_DO_NOT_USE_realloc
|
||||
#define free OS_DO_NOT_USE_free
|
||||
#define memcpy OS_DO_NOT_USE_memcpy
|
||||
#define memmove OS_DO_NOT_USE_memmove
|
||||
diff --git a/src/utils/os_unix.c b/src/utils/os_unix.c
|
||||
index 7498967..523a4d0 100644
|
||||
--- a/src/utils/os_unix.c
|
||||
+++ b/src/utils/os_unix.c
|
||||
@@ -5,14 +5,15 @@
|
||||
* This software may be distributed under the terms of the BSD license.
|
||||
* See README for more details.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#include <time.h>
|
||||
+#include <sys/wait.h>
|
||||
|
||||
#ifdef ANDROID
|
||||
#include <linux/capability.h>
|
||||
#include <linux/prctl.h>
|
||||
#include <private/android_filesystem_config.h>
|
||||
#endif /* ANDROID */
|
||||
|
||||
@@ -550,7 +551,61 @@ char * os_strdup(const char *s)
|
||||
return NULL;
|
||||
os_memcpy(d, s, len);
|
||||
d[len] = '\0';
|
||||
return d;
|
||||
}
|
||||
|
||||
#endif /* WPA_TRACE */
|
||||
+
|
||||
+
|
||||
+int os_exec(const char *program, const char *arg, int wait_completion)
|
||||
+{
|
||||
+ pid_t pid;
|
||||
+ int pid_status;
|
||||
+
|
||||
+ pid = fork();
|
||||
+ if (pid < 0) {
|
||||
+ perror("fork");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (pid == 0) {
|
||||
+ /* run the external command in the child process */
|
||||
+ const int MAX_ARG = 30;
|
||||
+ char *_program, *_arg, *pos;
|
||||
+ char *argv[MAX_ARG + 1];
|
||||
+ int i;
|
||||
+
|
||||
+ _program = os_strdup(program);
|
||||
+ _arg = os_strdup(arg);
|
||||
+
|
||||
+ argv[0] = _program;
|
||||
+
|
||||
+ i = 1;
|
||||
+ pos = _arg;
|
||||
+ while (i < MAX_ARG && pos && *pos) {
|
||||
+ while (*pos == ' ')
|
||||
+ pos++;
|
||||
+ if (*pos == '\0')
|
||||
+ break;
|
||||
+ argv[i++] = pos;
|
||||
+ pos = os_strchr(pos, ' ');
|
||||
+ if (pos)
|
||||
+ *pos++ = '\0';
|
||||
+ }
|
||||
+ argv[i] = NULL;
|
||||
+
|
||||
+ execv(program, argv);
|
||||
+ perror("execv");
|
||||
+ os_free(_program);
|
||||
+ os_free(_arg);
|
||||
+ exit(0);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (wait_completion) {
|
||||
+ /* wait for the child process to complete in the parent */
|
||||
+ waitpid(pid, &pid_status, 0);
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
diff --git a/src/utils/os_win32.c b/src/utils/os_win32.c
|
||||
index 55937de..57ee132 100644
|
||||
--- a/src/utils/os_win32.c
|
||||
+++ b/src/utils/os_win32.c
|
||||
@@ -254,7 +254,13 @@ int os_memcmp_const(const void *a, const void *b, size_t len)
|
||||
*dest = '\0';
|
||||
while (*s++)
|
||||
; /* determine total src string length */
|
||||
}
|
||||
|
||||
return s - src - 1;
|
||||
}
|
||||
+
|
||||
+
|
||||
+int os_exec(const char *program, const char *arg, int wait_completion)
|
||||
+{
|
||||
+ return -1;
|
||||
+}
|
||||
--
|
||||
1.9.3
|
||||
|
@ -0,0 +1,42 @@
|
||||
From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001
|
||||
From: Jouni Malinen <jouni@qca.qualcomm.com>
|
||||
Date: Tue, 7 Apr 2015 11:32:11 +0300
|
||||
Subject: [PATCH] P2P: Validate SSID element length before copying it
|
||||
(CVE-2015-1863)
|
||||
|
||||
This fixes a possible memcpy overflow for P2P dev->oper_ssid in
|
||||
p2p_add_device(). The length provided by the peer device (0..255 bytes)
|
||||
was used without proper bounds checking and that could have resulted in
|
||||
arbitrary data of up to 223 bytes being written beyond the end of the
|
||||
dev->oper_ssid[] array (of which about 150 bytes would be beyond the
|
||||
heap allocation) when processing a corrupted management frame for P2P
|
||||
peer discovery purposes.
|
||||
|
||||
This could result in corrupted state in heap, unexpected program
|
||||
behavior due to corrupted P2P peer device information, denial of service
|
||||
due to process crash, exposure of memory contents during GO Negotiation,
|
||||
and potentially arbitrary code execution.
|
||||
|
||||
Thanks to Google security team for reporting this issue and smart
|
||||
hardware research group of Alibaba security team for discovering it.
|
||||
|
||||
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
||||
---
|
||||
src/p2p/p2p.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
|
||||
index f584fae..a45fe73 100644
|
||||
--- a/src/p2p/p2p.c
|
||||
+++ b/src/p2p/p2p.c
|
||||
@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq,
|
||||
if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
|
||||
os_memcpy(dev->interface_addr, addr, ETH_ALEN);
|
||||
if (msg.ssid &&
|
||||
+ msg.ssid[1] <= sizeof(dev->oper_ssid) &&
|
||||
(msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
|
||||
os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
|
||||
!= 0)) {
|
||||
--
|
||||
2.3.5
|
||||
|
@ -1,67 +0,0 @@
|
||||
From c5f258de76dbb67fb64beab39a99e5c5711f41fe Mon Sep 17 00:00:00 2001
|
||||
From: Jouni Malinen <jouni@qca.qualcomm.com>
|
||||
Date: Mon, 6 Oct 2014 17:25:52 +0300
|
||||
Subject: [PATCH 2/2] wpa_cli: Use os_exec() for action script execution
|
||||
|
||||
Use os_exec() to run the action script operations to avoid undesired
|
||||
command line processing for control interface event strings. Previously,
|
||||
it could have been possible for some of the event strings to include
|
||||
unsanitized data which is not suitable for system() use. (CVE-2014-3686)
|
||||
|
||||
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
||||
---
|
||||
wpa_supplicant/wpa_cli.c | 25 ++++++++-----------------
|
||||
1 file changed, 8 insertions(+), 17 deletions(-)
|
||||
|
||||
diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
|
||||
index 18b9b77..fe30b41 100644
|
||||
--- a/wpa_supplicant/wpa_cli.c
|
||||
+++ b/wpa_supplicant/wpa_cli.c
|
||||
@@ -3155,36 +3155,27 @@ static int str_match(const char *a, const char *b)
|
||||
return os_strncmp(a, b, os_strlen(b)) == 0;
|
||||
}
|
||||
|
||||
|
||||
static int wpa_cli_exec(const char *program, const char *arg1,
|
||||
const char *arg2)
|
||||
{
|
||||
- char *cmd;
|
||||
+ char *arg;
|
||||
size_t len;
|
||||
int res;
|
||||
- int ret = 0;
|
||||
|
||||
- len = os_strlen(program) + os_strlen(arg1) + os_strlen(arg2) + 3;
|
||||
- cmd = os_malloc(len);
|
||||
- if (cmd == NULL)
|
||||
+ len = os_strlen(arg1) + os_strlen(arg2) + 2;
|
||||
+ arg = os_malloc(len);
|
||||
+ if (arg == NULL)
|
||||
return -1;
|
||||
- res = os_snprintf(cmd, len, "%s %s %s", program, arg1, arg2);
|
||||
- if (res < 0 || (size_t) res >= len) {
|
||||
- os_free(cmd);
|
||||
- return -1;
|
||||
- }
|
||||
- cmd[len - 1] = '\0';
|
||||
-#ifndef _WIN32_WCE
|
||||
- if (system(cmd) < 0)
|
||||
- ret = -1;
|
||||
-#endif /* _WIN32_WCE */
|
||||
- os_free(cmd);
|
||||
+ os_snprintf(arg, len, "%s %s", arg1, arg2);
|
||||
+ res = os_exec(program, arg, 1);
|
||||
+ os_free(arg);
|
||||
|
||||
- return ret;
|
||||
+ return res;
|
||||
}
|
||||
|
||||
|
||||
static void wpa_cli_action_process(const char *msg)
|
||||
{
|
||||
const char *pos;
|
||||
char *copy = NULL, *id, *pos2;
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,13 +0,0 @@
|
||||
diff --git a/src/drivers/drivers.mak b/src/drivers/drivers.mak
|
||||
index cdb913e..e9fc83c 100644
|
||||
--- a/src/drivers/drivers.mak
|
||||
+++ b/src/drivers/drivers.mak
|
||||
@@ -35,7 +35,7 @@ NEED_RFKILL=y
|
||||
ifdef CONFIG_LIBNL32
|
||||
DRV_LIBS += -lnl-3
|
||||
DRV_LIBS += -lnl-genl-3
|
||||
- DRV_CFLAGS += -DCONFIG_LIBNL20 -I/usr/include/libnl3
|
||||
+ DRV_CFLAGS += -DCONFIG_LIBNL20 `pkg-config --cflags libnl-3.0`
|
||||
ifdef CONFIG_LIBNL3_ROUTE
|
||||
DRV_LIBS += -lnl-route-3
|
||||
DRV_CFLAGS += -DCONFIG_LIBNL3_ROUTE
|
@ -1,150 +0,0 @@
|
||||
From 4033935dd9098938838d6d7934ceb65f92a1fa3c Mon Sep 17 00:00:00 2001
|
||||
From: Jouni Malinen <jouni@qca.qualcomm.com>
|
||||
Date: Wed, 22 May 2013 13:24:30 +0300
|
||||
Subject: [PATCH] Fix OKC-based PMKSA cache entry clearing
|
||||
|
||||
Commit c3fea272747f738f5723fc577371fe03711d988f added a call to clear
|
||||
all other PMKSA cache entries for the same network if the PMKSA cache
|
||||
entry of the current AP changed. This was needed to fix OKC cases since
|
||||
the other APs would likely use the new PMK in the future. However, this
|
||||
ended up clearing entries in cases where that is not desired and this
|
||||
resulted in needing additional full EAP authentication with networks
|
||||
that did not support OKC if wpa_supplicant was configured to try to use
|
||||
it.
|
||||
|
||||
Make PMKSA cache entry flushing more limited so that the other entries
|
||||
are removed only if they used the old PMK that was replaced for the
|
||||
current AP and only if that PMK had previously been used successfully
|
||||
(i.e., opportunistic flag was already cleared back to 0 in
|
||||
wpa_supplicant_key_neg_complete()). This is still enough to fix the
|
||||
issue described in that older commit while not causing problems for
|
||||
standard PMKSA caching operations even if OKC is enabled in
|
||||
wpa_supplicant configuration.
|
||||
|
||||
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
|
||||
---
|
||||
src/rsn_supp/pmksa_cache.c | 27 ++++++++++++++++++++-------
|
||||
src/rsn_supp/pmksa_cache.h | 3 ++-
|
||||
src/rsn_supp/wpa.c | 2 +-
|
||||
3 files changed, 23 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c
|
||||
index df67583..93056ea 100644
|
||||
--- a/src/rsn_supp/pmksa_cache.c
|
||||
+++ b/src/rsn_supp/pmksa_cache.c
|
||||
@@ -160,25 +160,31 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
|
||||
os_free(entry);
|
||||
return pos;
|
||||
}
|
||||
if (prev == NULL)
|
||||
pmksa->pmksa = pos->next;
|
||||
else
|
||||
prev->next = pos->next;
|
||||
- wpa_printf(MSG_DEBUG, "RSN: Replace PMKSA entry for "
|
||||
- "the current AP");
|
||||
- pmksa_cache_free_entry(pmksa, pos, PMKSA_REPLACE);
|
||||
|
||||
/*
|
||||
* If OKC is used, there may be other PMKSA cache
|
||||
* entries based on the same PMK. These needs to be
|
||||
* flushed so that a new entry can be created based on
|
||||
- * the new PMK.
|
||||
+ * the new PMK. Only clear other entries if they have a
|
||||
+ * matching PMK and this PMK has been used successfully
|
||||
+ * with the current AP, i.e., if opportunistic flag has
|
||||
+ * been cleared in wpa_supplicant_key_neg_complete().
|
||||
*/
|
||||
- pmksa_cache_flush(pmksa, network_ctx);
|
||||
+ wpa_printf(MSG_DEBUG, "RSN: Replace PMKSA entry for "
|
||||
+ "the current AP and any PMKSA cache entry "
|
||||
+ "that was based on the old PMK");
|
||||
+ if (!pos->opportunistic)
|
||||
+ pmksa_cache_flush(pmksa, network_ctx, pos->pmk,
|
||||
+ pos->pmk_len);
|
||||
+ pmksa_cache_free_entry(pmksa, pos, PMKSA_REPLACE);
|
||||
break;
|
||||
}
|
||||
prev = pos;
|
||||
pos = pos->next;
|
||||
}
|
||||
|
||||
if (pmksa->pmksa_count >= pmksa_cache_max_entries && pmksa->pmksa) {
|
||||
@@ -231,23 +237,30 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* pmksa_cache_flush - Flush PMKSA cache entries for a specific network
|
||||
* @pmksa: Pointer to PMKSA cache data from pmksa_cache_init()
|
||||
* @network_ctx: Network configuration context or %NULL to flush all entries
|
||||
+ * @pmk: PMK to match for or %NYLL to match all PMKs
|
||||
+ * @pmk_len: PMK length
|
||||
*/
|
||||
-void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, void *network_ctx)
|
||||
+void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, void *network_ctx,
|
||||
+ const u8 *pmk, size_t pmk_len)
|
||||
{
|
||||
struct rsn_pmksa_cache_entry *entry, *prev = NULL, *tmp;
|
||||
int removed = 0;
|
||||
|
||||
entry = pmksa->pmksa;
|
||||
while (entry) {
|
||||
- if (entry->network_ctx == network_ctx || network_ctx == NULL) {
|
||||
+ if ((entry->network_ctx == network_ctx ||
|
||||
+ network_ctx == NULL) &&
|
||||
+ (pmk == NULL ||
|
||||
+ (pmk_len == entry->pmk_len &&
|
||||
+ os_memcmp(pmk, entry->pmk, pmk_len) == 0))) {
|
||||
wpa_printf(MSG_DEBUG, "RSN: Flush PMKSA cache entry "
|
||||
"for " MACSTR, MAC2STR(entry->aa));
|
||||
if (prev)
|
||||
prev->next = entry->next;
|
||||
else
|
||||
pmksa->pmksa = entry->next;
|
||||
tmp = entry;
|
||||
diff --git a/src/rsn_supp/pmksa_cache.h b/src/rsn_supp/pmksa_cache.h
|
||||
index 6f3dfb3..d5aa229 100644
|
||||
--- a/src/rsn_supp/pmksa_cache.h
|
||||
+++ b/src/rsn_supp/pmksa_cache.h
|
||||
@@ -62,15 +62,16 @@ struct rsn_pmksa_cache_entry * pmksa_cache_get_current(struct wpa_sm *sm);
|
||||
void pmksa_cache_clear_current(struct wpa_sm *sm);
|
||||
int pmksa_cache_set_current(struct wpa_sm *sm, const u8 *pmkid,
|
||||
const u8 *bssid, void *network_ctx,
|
||||
int try_opportunistic);
|
||||
struct rsn_pmksa_cache_entry *
|
||||
pmksa_cache_get_opportunistic(struct rsn_pmksa_cache *pmksa,
|
||||
void *network_ctx, const u8 *aa);
|
||||
-void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, void *network_ctx);
|
||||
+void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, void *network_ctx,
|
||||
+ const u8 *pmk, size_t pmk_len);
|
||||
|
||||
#else /* IEEE8021X_EAPOL and !CONFIG_NO_WPA2 */
|
||||
|
||||
static inline struct rsn_pmksa_cache *
|
||||
pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
|
||||
void *ctx, int reason),
|
||||
void *ctx, struct wpa_sm *sm)
|
||||
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
|
||||
index e50404c..365a710 100644
|
||||
--- a/src/rsn_supp/wpa.c
|
||||
+++ b/src/rsn_supp/wpa.c
|
||||
@@ -2618,15 +2618,15 @@ void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
|
||||
os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN);
|
||||
}
|
||||
|
||||
|
||||
void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
|
||||
{
|
||||
#ifndef CONFIG_NO_WPA2
|
||||
- pmksa_cache_flush(sm->pmksa, network_ctx);
|
||||
+ pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0);
|
||||
#endif /* CONFIG_NO_WPA2 */
|
||||
}
|
||||
|
||||
|
||||
#ifdef CONFIG_WNM
|
||||
int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
|
||||
{
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,397 +0,0 @@
|
||||
diff -up wpa_supplicant-2.0/wpa_supplicant/doc/docbook/eapol_test.sgml.man-page wpa_supplicant-2.0/wpa_supplicant/doc/docbook/eapol_test.sgml
|
||||
--- wpa_supplicant-2.0/wpa_supplicant/doc/docbook/eapol_test.sgml.man-page 2014-01-20 16:40:02.340869189 -0600
|
||||
+++ wpa_supplicant-2.0/wpa_supplicant/doc/docbook/eapol_test.sgml 2014-01-20 16:40:02.340869189 -0600
|
||||
@@ -0,0 +1,205 @@
|
||||
+<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
|
||||
+
|
||||
+<refentry>
|
||||
+ <refmeta>
|
||||
+ <refentrytitle>eapol_test</refentrytitle>
|
||||
+ <manvolnum>8</manvolnum>
|
||||
+ </refmeta>
|
||||
+ <refnamediv>
|
||||
+ <refname>eapol_test</refname>
|
||||
+
|
||||
+ <refpurpose>EAP peer and RADIUS client testing</refpurpose>
|
||||
+ </refnamediv>
|
||||
+
|
||||
+ <refsynopsisdiv>
|
||||
+ <cmdsynopsis>
|
||||
+ <command>eapol_test</command>
|
||||
+ <arg>-nWS</arg>
|
||||
+ <arg>-c<replaceable>config file</replaceable></arg>
|
||||
+ <arg>-a<replaceable>server IP address</replaceable></arg>
|
||||
+ <arg>-A<replaceable>client IP address</replaceable></arg>
|
||||
+ <arg>-p<replaceable>UDP port</replaceable></arg>
|
||||
+ <arg>-s<replaceable>shared secret</replaceable></arg>
|
||||
+ <arg>-r<replaceable>re-authentications</replaceable></arg>
|
||||
+ <arg>-t<replaceable>timeout</replaceable></arg>
|
||||
+ <arg>-C<replaceable>Connect-Info</replaceable></arg>
|
||||
+ <arg>-M<replaceable>MAC address</replaceable></arg>
|
||||
+ <arg>-o<replaceable>file</replaceable></arg>
|
||||
+ <arg>-N<replaceable>attr spec</replaceable></arg>
|
||||
+ </cmdsynopsis>
|
||||
+ <cmdsynopsis>
|
||||
+ <command>eapol_test scard</command>
|
||||
+ </cmdsynopsis>
|
||||
+ <cmdsynopsis>
|
||||
+ <command>eapol_test sim</command>
|
||||
+ <arg>PIN</arg>
|
||||
+ <arg>num triplets</arg>
|
||||
+ </cmdsynopsis>
|
||||
+ </refsynopsisdiv>
|
||||
+
|
||||
+ <refsect1>
|
||||
+ <title>Overview</title>
|
||||
+
|
||||
+ <para>eapol_test is a program that links together the same EAP
|
||||
+ peer implementation that wpa_supplicant is using and the RADIUS
|
||||
+ authentication client code from hostapd. In addition, it has
|
||||
+ minimal glue code to combine these two components in similar
|
||||
+ ways to IEEE 802.1X/EAPOL Authenticator state machines. In other
|
||||
+ words, it integrates IEEE 802.1X Authenticator (normally, an
|
||||
+ access point) and IEEE 802.1X Supplicant (normally, a wireless
|
||||
+ client) together to generate a single program that can be used to
|
||||
+ test EAP methods without having to setup an access point and a
|
||||
+ wireless client.</para>
|
||||
+
|
||||
+ <para>The main uses for eapol_test are in interoperability testing
|
||||
+ of EAP methods against RADIUS servers and in development testing
|
||||
+ for new EAP methods. It can be easily used to automate EAP testing
|
||||
+ for interoperability and regression since the program can be run
|
||||
+ from shell scripts without require additional test components apart
|
||||
+ from a RADIUS server. For example, the automated EAP tests described
|
||||
+ in eap_testing.txt are implemented with eapol_test. Similarly,
|
||||
+ eapol_test could be used to implement an automated regression
|
||||
+ test suite for a RADIUS authentication server.</para>
|
||||
+
|
||||
+
|
||||
+ <para>As an example:</para>
|
||||
+
|
||||
+<blockquote><programlisting>
|
||||
+eapol_test -ctest.conf -a127.0.0.1 -p1812 -ssecret -r1
|
||||
+</programlisting></blockquote>
|
||||
+
|
||||
+ <para>tries to complete EAP authentication based on the network
|
||||
+ configuration from test.conf against the RADIUS server running
|
||||
+ on the local host. A re-authentication is triggered to test fast
|
||||
+ re-authentication. The configuration file uses the same format for
|
||||
+ network blocks as wpa_supplicant.</para>
|
||||
+
|
||||
+ </refsect1>
|
||||
+ <refsect1>
|
||||
+ <title>Command Arguments</title>
|
||||
+ <variablelist>
|
||||
+ <varlistentry>
|
||||
+ <term>-c configuration file path</term>
|
||||
+
|
||||
+ <listitem><para>A configuration to use. The configuration should
|
||||
+ use the same format for network blocks as wpa_supplicant.
|
||||
+ </para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-a AS address</term>
|
||||
+
|
||||
+ <listitem><para>IP address of the authentication server. The
|
||||
+ default is '127.0.0.1'.</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-A client address</term>
|
||||
+
|
||||
+ <listitem><para>IP address of the client. The default is to
|
||||
+ select an address automatically.</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-p AS port</term>
|
||||
+
|
||||
+ <listitem><para>UDP port of the authentication server. The
|
||||
+ default is '1812'.</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-s AS secret</term>
|
||||
+
|
||||
+ <listitem><para>Shared secret with the authentication server.
|
||||
+ The default is 'radius'.</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-r count</term>
|
||||
+
|
||||
+ <listitem><para>Number of reauthentications.</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-t timeout</term>
|
||||
+
|
||||
+ <listitem><para>Timeout in seconds. The default is 30.</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-C info</term>
|
||||
+
|
||||
+ <listitem><para>RADIUS Connect-Info. The default is
|
||||
+ 'CONNECT 11Mbps 802.11b'.</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-M mac address</term>
|
||||
+
|
||||
+ <listitem><para>Client MAC address (Calling-Station-Id). The
|
||||
+ default is '02:00:00:00:00:01'.</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-o file</term>
|
||||
+
|
||||
+ <listitem><para>Location to write out server certificate.
|
||||
+ </para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-N attr spec</term>
|
||||
+
|
||||
+ <listitem><para>Send arbitrary attribute specific by
|
||||
+ attr_id:syntax:value, or attr_id alone. attr_id should be the numeric
|
||||
+ ID of the attribute, and syntax should be one of 's' (string),
|
||||
+ 'd' (integer), or 'x' (octet string). The value is the attribute value
|
||||
+ to send. When attr_id is given alone, NULL is used as the attribute
|
||||
+ value. Multiple attributes can be specified by using the option
|
||||
+ several times.</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-n</term>
|
||||
+
|
||||
+ <listitem><para>Indicates that no MPPE keys are expected.
|
||||
+ </para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-W</term>
|
||||
+
|
||||
+ <listitem><para>Wait for a control interface monitor before starting.
|
||||
+ </para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-S</term>
|
||||
+
|
||||
+ <listitem><para>Save configuration after authentication.
|
||||
+ </para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ </variablelist>
|
||||
+ </refsect1>
|
||||
+ <refsect1>
|
||||
+ <title>See Also</title>
|
||||
+ <para>
|
||||
+ <citerefentry>
|
||||
+ <refentrytitle>wpa_supplicant</refentrytitle>
|
||||
+ <manvolnum>8</manvolnum>
|
||||
+ </citerefentry>
|
||||
+ </para>
|
||||
+ </refsect1>
|
||||
+ <refsect1>
|
||||
+ <title>Legal</title>
|
||||
+ <para>wpa_supplicant is copyright (c) 2003-2012,
|
||||
+ Jouni Malinen <email>j@w1.fi</email> and
|
||||
+ contributors.
|
||||
+ All Rights Reserved.</para>
|
||||
+
|
||||
+ <para>This program is licensed under the BSD license (the one with
|
||||
+ advertisement clause removed).</para>
|
||||
+ </refsect1>
|
||||
+</refentry>
|
||||
diff -up wpa_supplicant-2.0/wpa_supplicant/doc/docbook/Makefile.man-page wpa_supplicant-2.0/wpa_supplicant/doc/docbook/Makefile
|
||||
--- wpa_supplicant-2.0/wpa_supplicant/doc/docbook/Makefile.man-page 2013-01-12 09:42:53.000000000 -0600
|
||||
+++ wpa_supplicant-2.0/wpa_supplicant/doc/docbook/Makefile 2014-01-20 16:40:02.342869164 -0600
|
||||
@@ -1,4 +1,4 @@
|
||||
-all: man html pdf
|
||||
+all: man
|
||||
|
||||
FILES += wpa_background
|
||||
FILES += wpa_cli
|
||||
@@ -7,6 +7,7 @@ FILES += wpa_passphrase
|
||||
FILES += wpa_priv
|
||||
FILES += wpa_supplicant.conf
|
||||
FILES += wpa_supplicant
|
||||
+FILES += eapol_test
|
||||
|
||||
man:
|
||||
for i in $(FILES); do docbook2man $$i.sgml; done
|
||||
@@ -20,7 +21,7 @@ pdf:
|
||||
|
||||
|
||||
clean:
|
||||
- rm -f wpa_background.8 wpa_cli.8 wpa_gui.8 wpa_passphrase.8 wpa_priv.8 wpa_supplicant.8
|
||||
+ rm -f wpa_background.8 wpa_cli.8 wpa_gui.8 wpa_passphrase.8 wpa_priv.8 wpa_supplicant.8 eapol_test.8
|
||||
rm -f wpa_supplicant.conf.5
|
||||
rm -f manpage.links manpage.refs
|
||||
rm -f $(FILES:%=%.pdf)
|
||||
diff -up wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_cli.sgml.man-page wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_cli.sgml
|
||||
--- wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_cli.sgml.man-page 2013-01-12 09:42:53.000000000 -0600
|
||||
+++ wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_cli.sgml 2014-01-20 16:40:02.339869202 -0600
|
||||
@@ -15,10 +15,12 @@
|
||||
<cmdsynopsis>
|
||||
<command>wpa_cli</command>
|
||||
<arg>-p <replaceable>path to ctrl sockets</replaceable></arg>
|
||||
+ <arg>-g <replaceable>path to global ctrl_interface socket</replaceable></arg>
|
||||
<arg>-i <replaceable>ifname</replaceable></arg>
|
||||
<arg>-hvB</arg>
|
||||
<arg>-a <replaceable>action file</replaceable></arg>
|
||||
<arg>-P <replaceable>pid file</replaceable></arg>
|
||||
+ <arg>-G <replaceable>ping interval</replaceable></arg>
|
||||
<arg><replaceable>command ...</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
</refsynopsisdiv>
|
||||
@@ -111,6 +113,14 @@ CTRL-REQ-OTP-2:Challenge 1235663 needed
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
+ <term>-g control socket path</term>
|
||||
+
|
||||
+ <listitem><para>Connect to the global control socket at the
|
||||
+ indicated path rather than an interface-specific control
|
||||
+ socket.</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
<term>-i ifname</term>
|
||||
|
||||
<listitem><para>Specify the interface that is being
|
||||
@@ -161,6 +171,13 @@ CTRL-REQ-OTP-2:Challenge 1235663 needed
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
+ <term>-G ping interval</term>
|
||||
+
|
||||
+ <listitem><para>Set the interval (in seconds) at which
|
||||
+ wpa_cli pings the supplicant.</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
<term>command</term>
|
||||
|
||||
<listitem><para>Run a command. The available commands are
|
||||
diff -up wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_supplicant.sgml.man-page wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_supplicant.sgml
|
||||
--- wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_supplicant.sgml.man-page 2013-01-12 09:42:53.000000000 -0600
|
||||
+++ wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_supplicant.sgml 2014-01-20 16:40:02.339869202 -0600
|
||||
@@ -12,7 +12,7 @@
|
||||
<refsynopsisdiv>
|
||||
<cmdsynopsis>
|
||||
<command>wpa_supplicant</command>
|
||||
- <arg>-BddfhKLqqtuvW</arg>
|
||||
+ <arg>-BddfhKLqqsTtuvW</arg>
|
||||
<arg>-i<replaceable>ifname</replaceable></arg>
|
||||
<arg>-c<replaceable>config file</replaceable></arg>
|
||||
<arg>-D<replaceable>driver</replaceable></arg>
|
||||
@@ -344,9 +344,20 @@
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
+ <term>-e entropy file</term>
|
||||
+ <listitem>
|
||||
+ <para>File for <command>wpa_supplicant</command> to use to
|
||||
+ maintain its internal entropy store in over restarts.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
<term>-f output file</term>
|
||||
<listitem>
|
||||
- <para>Log output to specified file instead of stdout.</para>
|
||||
+ <para>Log output to specified file instead of stdout. (This
|
||||
+ is only available if <command>wpa_supplicant</command> was
|
||||
+ built with the <literal>CONFIG_DEBUG_FILE</literal>
|
||||
+ option.)</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@@ -387,6 +398,22 @@
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
+ <term>-o override driver</term>
|
||||
+ <listitem>
|
||||
+ <para>Override the driver parameter for new
|
||||
+ interfaces.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-O override ctrl_interface</term>
|
||||
+ <listitem>
|
||||
+ <para>Override the ctrl_interface parameter for new
|
||||
+ interfaces.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
<term>-p</term>
|
||||
<listitem>
|
||||
<para>Driver parameters. (Per interface)</para>
|
||||
@@ -409,10 +436,40 @@
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
+ <term>-s</term>
|
||||
+ <listitem>
|
||||
+ <para>Log output to syslog instead of stdout. (This is only
|
||||
+ available if <command>wpa_supplicant</command> was built
|
||||
+ with the <literal>CONFIG_DEBUG_SYSLOG</literal>
|
||||
+ option.)</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-T</term>
|
||||
+ <listitem>
|
||||
+ <para>Log output to Linux tracing in addition to any other
|
||||
+ destinations. (This is only available
|
||||
+ if <command>wpa_supplicant</command> was built with
|
||||
+ the <literal>CONFIG_DEBUG_LINUX_TRACING</literal>
|
||||
+ option.)</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-t</term>
|
||||
+ <listitem>
|
||||
+ <para>Include timestamp in debug messages.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
<term>-u</term>
|
||||
<listitem>
|
||||
- <para>Enabled DBus control interface. If enabled, interface
|
||||
- definitions may be omitted.</para>
|
||||
+ <para>Enable DBus control interface. If enabled, interface
|
||||
+ definitions may be omitted. (This is only available
|
||||
+ if <command>wpa_supplicant</command> was built with
|
||||
+ the <literal>CONFIG_DBUS</literal> option.)</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
diff -up wpa_supplicant-2.0/wpa_supplicant/main.c.man-page wpa_supplicant-2.0/wpa_supplicant/main.c
|
||||
--- wpa_supplicant-2.0/wpa_supplicant/main.c.man-page 2013-01-12 09:42:53.000000000 -0600
|
||||
+++ wpa_supplicant-2.0/wpa_supplicant/main.c 2014-01-20 16:40:02.340869189 -0600
|
||||
@@ -23,11 +23,11 @@ static void usage(void)
|
||||
int i;
|
||||
printf("%s\n\n%s\n"
|
||||
"usage:\n"
|
||||
- " wpa_supplicant [-BddhKLqqstuvW] [-P<pid file>] "
|
||||
+ " wpa_supplicant [-BddhKLqqtvW] [-P<pid file>] "
|
||||
"[-g<global ctrl>] \\\n"
|
||||
" -i<ifname> -c<config file> [-C<ctrl>] [-D<driver>] "
|
||||
"[-p<driver_param>] \\\n"
|
||||
- " [-b<br_ifname>] [-f<debug file>] [-e<entropy file>] "
|
||||
+ " [-b<br_ifname>] [-e<entropy file>] "
|
||||
"\\\n"
|
||||
" [-o<override driver>] [-O<override ctrl>] \\\n"
|
||||
" [-N -i<ifname> -c<conf> [-C<ctrl>] "
|
2
sources
2
sources
@ -1 +1 @@
|
||||
f2ed8fef72cf63d8d446a2d0a6da630a wpa_supplicant-2.3.tar.gz
|
||||
f0037dbe03897dcaf2ad2722e659095d wpa_supplicant-2.4.tar.gz
|
||||
|
@ -1,402 +0,0 @@
|
||||
From 818ac0e07c9eaf4bc0026bda7d42718afcf1f92d Mon Sep 17 00:00:00 2001
|
||||
From: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
|
||||
Date: Sat, 2 Oct 2010 00:11:51 -0700
|
||||
Subject: [PATCH] eap_peer: create a libeap library, with header files and
|
||||
pkg-config [v2]
|
||||
|
||||
This adds infrastructe in src/eap_peer to make libeap.so and install
|
||||
the needed header files and pkg-config files.
|
||||
|
||||
Now, this is quite dirty and probably not what we want in the long
|
||||
term, but serves as an starting point:
|
||||
|
||||
- we don't build from the wpa_supplicant directory because the
|
||||
objects the .so have to be built with -fPIC. So if you need to
|
||||
build both the binary and the library:
|
||||
|
||||
make -C wpa_supplicant
|
||||
make -C src/eap_peer clean
|
||||
make -C src/eap_peer
|
||||
|
||||
As I said, it's dirty -- we'd need either wpa_supplicant linking
|
||||
against the library properly (but that seems not to be desirable)
|
||||
or a multiple object build approach ala automake.
|
||||
|
||||
- need to use 'override CFLAGS' in src/eap_peer/Makefile, otherwise
|
||||
any CFLAGS setting will kill the build infrastructure. I miss
|
||||
AM_CFLAGS.
|
||||
|
||||
- adds 'eap_register_methods()' that will register every compiled in
|
||||
method.
|
||||
|
||||
Signed-off-by: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
|
||||
---
|
||||
src/eap_peer/Makefile | 198 +++++++++++++++++++++++++++++++++++++++++++--
|
||||
src/eap_peer/eap_methods.c | 114 ++++++++++++++++++++++++++
|
||||
src/eap_peer/eap_methods.h | 1 +
|
||||
src/eap_peer/libeap0.pc | 10 +++
|
||||
4 files changed, 315 insertions(+), 8 deletions(-)
|
||||
create mode 100644 src/eap_peer/libeap0.pc
|
||||
|
||||
diff --git a/src/eap_peer/Makefile b/src/eap_peer/Makefile
|
||||
index f79519b..cedd89f 100644
|
||||
--- a/src/eap_peer/Makefile
|
||||
+++ b/src/eap_peer/Makefile
|
||||
@@ -1,11 +1,193 @@
|
||||
-all:
|
||||
- @echo Nothing to be made.
|
||||
+LIBEAP_NAME = libeap
|
||||
+LIBEAP_CURRENT = 0
|
||||
+LIBEAP_REVISION = 0
|
||||
+LIBEAP_AGE = 0
|
||||
+
|
||||
+LIBEAP = $(LIBEAP_NAME).so.$(LIBEAP_CURRENT).$(LIBEAP_REVISION).$(LIBEAP_AGE)
|
||||
+LIBEAP_SO = $(LIBEAP_NAME).so.$(LIBEAP_CURRENT)
|
||||
+
|
||||
+.PHONY: all clean install uninstall
|
||||
+
|
||||
+all: $(LIBEAP)
|
||||
+
|
||||
+ifndef CC
|
||||
+CC=gcc
|
||||
+endif
|
||||
+
|
||||
+ifndef CFLAGS
|
||||
+CFLAGS = -MMD -O0 -Wall -g
|
||||
+endif
|
||||
+
|
||||
+CONFIG_TLS=openssl
|
||||
+
|
||||
+INCLUDE_INSTALL_DIR=/usr/include/eap_peer
|
||||
+
|
||||
+ifndef LIB
|
||||
+LIB = lib
|
||||
+endif
|
||||
+
|
||||
+# Got to use override all across the board, otherwise a 'make
|
||||
+# CFLAGS=XX' will kill us because the command line's CFLAGS will
|
||||
+# overwrite Make's and we'll loose all the infrastructure it sets.
|
||||
+override CFLAGS += -I. -I.. -I../crypto -I../utils -I../common
|
||||
+
|
||||
+# at least for now, need to include config_ssid.h and config_blob.h from
|
||||
+# wpa_supplicant directory
|
||||
+override CFLAGS += -I ../../wpa_supplicant
|
||||
+
|
||||
+OBJS_both += ../utils/common.o
|
||||
+OBJS_both += ../utils/eloop.o
|
||||
+OBJS_both += ../utils/os_unix.o
|
||||
+OBJS_both += ../utils/wpa_debug.o
|
||||
+OBJS_both += ../utils/base64.o
|
||||
+OBJS_both += ../utils/wpabuf.o
|
||||
+OBJS_both += ../crypto/md5.o
|
||||
+OBJS_both += ../crypto/sha1-tlsprf.o
|
||||
+OBJS_both += ../crypto/aes-encblock.o
|
||||
+OBJS_both += ../crypto/aes-wrap.o
|
||||
+OBJS_both += ../crypto/aes-ctr.o
|
||||
+OBJS_both += ../crypto/aes-eax.o
|
||||
+OBJS_both += ../crypto/aes-omac1.o
|
||||
+OBJS_both += ../crypto/ms_funcs.o
|
||||
+OBJS_both += ../crypto/sha256.o
|
||||
+OBJS_both += ../crypto/random.o
|
||||
+
|
||||
+
|
||||
+OBJS_both += ../eap_common/eap_peap_common.o
|
||||
+OBJS_both += ../eap_common/eap_psk_common.o
|
||||
+OBJS_both += ../eap_common/eap_pax_common.o
|
||||
+OBJS_both += ../eap_common/eap_sake_common.o
|
||||
+OBJS_both += ../eap_common/eap_gpsk_common.o
|
||||
+OBJS_both += ../eap_common/chap.o
|
||||
+
|
||||
+OBJS_peer += ../eap_peer/eap_tls.o
|
||||
+OBJS_peer += ../eap_peer/eap_peap.o
|
||||
+OBJS_peer += ../eap_peer/eap_ttls.o
|
||||
+OBJS_peer += ../eap_peer/eap_md5.o
|
||||
+OBJS_peer += ../eap_peer/eap_mschapv2.o
|
||||
+OBJS_peer += ../eap_peer/mschapv2.o
|
||||
+OBJS_peer += ../eap_peer/eap_otp.o
|
||||
+OBJS_peer += ../eap_peer/eap_gtc.o
|
||||
+OBJS_peer += ../eap_peer/eap_leap.o
|
||||
+OBJS_peer += ../eap_peer/eap_psk.o
|
||||
+OBJS_peer += ../eap_peer/eap_pax.o
|
||||
+OBJS_peer += ../eap_peer/eap_sake.o
|
||||
+OBJS_peer += ../eap_peer/eap_gpsk.o
|
||||
+OBJS_peer += ../eap_peer/eap.o
|
||||
+OBJS_peer += ../eap_common/eap_common.o
|
||||
+OBJS_peer += ../eap_peer/eap_methods.o
|
||||
+OBJS_peer += ../eap_peer/eap_tls_common.o
|
||||
+
|
||||
+override CFLAGS += -DEAP_TLS
|
||||
+override CFLAGS += -DEAP_PEAP
|
||||
+override CFLAGS += -DEAP_TTLS
|
||||
+override CFLAGS += -DEAP_MD5
|
||||
+override CFLAGS += -DEAP_MSCHAPv2
|
||||
+override CFLAGS += -DEAP_GTC
|
||||
+override CFLAGS += -DEAP_OTP
|
||||
+override CFLAGS += -DEAP_LEAP
|
||||
+override CFLAGS += -DEAP_PSK
|
||||
+override CFLAGS += -DEAP_PAX
|
||||
+override CFLAGS += -DEAP_SAKE
|
||||
+override CFLAGS += -DEAP_GPSK -DEAP_GPSK_SHA256
|
||||
+override CFLAGS += -DEAP_TLS_FUNCS
|
||||
+
|
||||
+override CFLAGS += -DIEEE8021X_EAPOL
|
||||
+
|
||||
+ifeq ($(CONFIG_TLS), openssl)
|
||||
+override CFLAGS += -DEAP_TLS_OPENSSL
|
||||
+OBJS_both += ../crypto/tls_openssl.o
|
||||
+OBJS_both += ../crypto/crypto_openssl.o
|
||||
+LIBS += -lssl -lcrypto
|
||||
+override CFLAGS += -DINTERNAL_SHA256
|
||||
+else
|
||||
+OBJS_both += ../crypto/sha1.o
|
||||
+endif
|
||||
+
|
||||
+ifeq ($(CONFIG_TLS), internal)
|
||||
+OBJS_both += ../crypto/tls_internal.o
|
||||
+OBJS_both += ../tls/tlsv1_common.o ../../tls/tlsv1_record.o
|
||||
+OBJS_both += ../tls/tlsv1_cred.o
|
||||
+OBJS_both += ../tls/asn1.o ../../tls/x509v3.o
|
||||
+OBJS_both += ../crypto/crypto_internal.o ../../tls/rsa.o ../../tls/bignum.o
|
||||
+
|
||||
+OBJS_peer += ../tls/tlsv1_client.o
|
||||
+OBJS_peer += ../tls/tlsv1_client_write.o ../../tls/tlsv1_client_read.o
|
||||
+override CFLAGS += -DCONFIG_TLS_INTERNAL_CLIENT
|
||||
+
|
||||
+OBJS_server += ../tls/tlsv1_server.o
|
||||
+OBJS_server += ../tls/tlsv1_server_write.o ../../tls/tlsv1_server_read.o
|
||||
+override CFLAGS += -DCONFIG_TLS_INTERNAL_SERVER
|
||||
+
|
||||
+override CFLAGS += -DCONFIG_TLS_INTERNAL
|
||||
+override CFLAGS += -DCONFIG_CRYPTO_INTERNAL
|
||||
+override CFLAGS += -DCONFIG_INTERNAL_X509
|
||||
+override CFLAGS += -DINTERNAL_AES
|
||||
+override CFLAGS += -DINTERNAL_SHA1
|
||||
+override CFLAGS += -DINTERNAL_SHA256
|
||||
+override CFLAGS += -DINTERNAL_MD5
|
||||
+override CFLAGS += -DINTERNAL_MD4
|
||||
+override CFLAGS += -DINTERNAL_DES
|
||||
+ifdef CONFIG_INTERNAL_LIBTOMMATH
|
||||
+override CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH
|
||||
+else
|
||||
+LIBS += -ltommath
|
||||
+endif
|
||||
+endif
|
||||
+
|
||||
+ifndef LDO
|
||||
+LDO=$(CC)
|
||||
+endif
|
||||
+
|
||||
+
|
||||
+OBJS_lib=$(OBJS_both) $(OBJS_peer)
|
||||
+
|
||||
+ #$(OBJS_server)
|
||||
+
|
||||
+override CFLAGS += -fPIC -DPIC
|
||||
+LDFLAGS += -shared
|
||||
+
|
||||
+$(LIBEAP): $(OBJS_lib)
|
||||
+ $(LDO) $(LDFLAGS) $(OBJS_lib) -Wl,-soname -Wl,$(LIBEAP_SO) -o $(LIBEAP) $(LIBS)
|
||||
+
|
||||
+
|
||||
+UTIL_HEADERS = ../utils/includes.h ../utils/common.h \
|
||||
+ ../utils/wpabuf.h ../utils/build_config.h \
|
||||
+ ../utils/os.h ../utils/wpa_debug.h
|
||||
+COMMON_HEADERS = ../common/defs.h
|
||||
+EAP_COMMON_HEADERS = ../eap_common/eap_defs.h
|
||||
+MAIN_HEADERS = eap.h eap_methods.h eap_config.h
|
||||
+CRYPTO_HEADERS = ../crypto/tls.h
|
||||
+
|
||||
+install:
|
||||
+
|
||||
+ mkdir -p $(DESTDIR)/usr/$(LIB)
|
||||
+# copy the lib file to std lib location
|
||||
+ cp $(LIBEAP) $(DESTDIR)/usr/$(LIB)
|
||||
+ ln -fs $(LIBEAP_SO) $(DESTDIR)/usr/$(LIB)/$(LIBEAP_NAME).so
|
||||
+
|
||||
+# copy the headers reqd by apps using eap peer library in its own subfolder under /usr/include
|
||||
+ mkdir -p \
|
||||
+ $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/eap_common \
|
||||
+ $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/common \
|
||||
+ $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/util \
|
||||
+ $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/crypto
|
||||
+ install -m 0644 $(EAP_COMMON_HEADERS) $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/eap_common
|
||||
+ install -m 0644 $(COMMON_HEADERS) $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/common
|
||||
+ install -m 0644 $(CRYPTO_HEADERS) $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/crypto
|
||||
+ install -m 0644 $(UTIL_HEADERS) $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/util
|
||||
+ install -m 0644 $(MAIN_HEADERS) $(DESTDIR)/$(INCLUDE_INSTALL_DIR)/
|
||||
+
|
||||
+ mkdir -p $(DESTDIR)/usr/$(LIB)/pkgconfig
|
||||
+ cp libeap0.pc $(DESTDIR)/usr/$(LIB)/pkgconfig
|
||||
+
|
||||
+uninstall:
|
||||
+
|
||||
+ rm $(DESTDIR)/usr/$(LIB)/$(LIBEAP)
|
||||
+ rm -fr $(DESTDIR)/$(INCLUDE_INSTALL_DIR)
|
||||
+ rm -f $(DESTDIR)/usr/$(LIB)/pkgconfig/libeap0.pc
|
||||
|
||||
clean:
|
||||
- rm -f *~ *.o *.so *.d *.gcno *.gcda *.gcov
|
||||
+ rm -f *~ *.o *.so *.d *.gcno *.gcda *.gcov libeap.a $(LIBEAP) $(OBJS_lib)
|
||||
|
||||
-install:
|
||||
- if ls *.so >/dev/null 2>&1; then \
|
||||
- install -d $(DESTDIR)$(LIBDIR)/wpa_supplicant && \
|
||||
- cp *.so $(DESTDIR)$(LIBDIR)/wpa_supplicant \
|
||||
- ; fi
|
||||
+-include $(OBJS:%.o=%.d)
|
||||
diff --git a/src/eap_peer/eap_methods.c b/src/eap_peer/eap_methods.c
|
||||
index 83a1457..95a41e6 100644
|
||||
--- a/src/eap_peer/eap_methods.c
|
||||
+++ b/src/eap_peer/eap_methods.c
|
||||
@@ -336,6 +336,120 @@ int eap_peer_method_register(struct eap_method *method)
|
||||
|
||||
|
||||
/**
|
||||
+ * eap_peer_register_methods - Register all known EAP peer methods
|
||||
+ *
|
||||
+ * This function is called at program start to register all compiled
|
||||
+ * in EAP peer methods.
|
||||
+ */
|
||||
+int eap_peer_register_methods(void)
|
||||
+{
|
||||
+ int ret = 0;
|
||||
+
|
||||
+#ifdef EAP_MD5
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_md5_register();
|
||||
+#endif /* EAP_MD5 */
|
||||
+
|
||||
+#ifdef EAP_TLS
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_tls_register();
|
||||
+#endif /* EAP_TLS */
|
||||
+
|
||||
+#ifdef EAP_MSCHAPv2
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_mschapv2_register();
|
||||
+#endif /* EAP_MSCHAPv2 */
|
||||
+
|
||||
+#ifdef EAP_PEAP
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_peap_register();
|
||||
+#endif /* EAP_PEAP */
|
||||
+
|
||||
+#ifdef EAP_TTLS
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_ttls_register();
|
||||
+#endif /* EAP_TTLS */
|
||||
+
|
||||
+#ifdef EAP_GTC
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_gtc_register();
|
||||
+#endif /* EAP_GTC */
|
||||
+
|
||||
+#ifdef EAP_OTP
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_otp_register();
|
||||
+#endif /* EAP_OTP */
|
||||
+
|
||||
+#ifdef EAP_SIM
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_sim_register();
|
||||
+#endif /* EAP_SIM */
|
||||
+
|
||||
+#ifdef EAP_LEAP
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_leap_register();
|
||||
+#endif /* EAP_LEAP */
|
||||
+
|
||||
+#ifdef EAP_PSK
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_psk_register();
|
||||
+#endif /* EAP_PSK */
|
||||
+
|
||||
+#ifdef EAP_AKA
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_aka_register();
|
||||
+#endif /* EAP_AKA */
|
||||
+
|
||||
+#ifdef EAP_AKA_PRIME
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_aka_prime_register();
|
||||
+#endif /* EAP_AKA_PRIME */
|
||||
+
|
||||
+#ifdef EAP_FAST
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_fast_register();
|
||||
+#endif /* EAP_FAST */
|
||||
+
|
||||
+#ifdef EAP_PAX
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_pax_register();
|
||||
+#endif /* EAP_PAX */
|
||||
+
|
||||
+#ifdef EAP_SAKE
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_sake_register();
|
||||
+#endif /* EAP_SAKE */
|
||||
+
|
||||
+#ifdef EAP_GPSK
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_gpsk_register();
|
||||
+#endif /* EAP_GPSK */
|
||||
+
|
||||
+#ifdef EAP_WSC
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_wsc_register();
|
||||
+#endif /* EAP_WSC */
|
||||
+
|
||||
+#ifdef EAP_IKEV2
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_ikev2_register();
|
||||
+#endif /* EAP_IKEV2 */
|
||||
+
|
||||
+#ifdef EAP_VENDOR_TEST
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_vendor_test_register();
|
||||
+#endif /* EAP_VENDOR_TEST */
|
||||
+
|
||||
+#ifdef EAP_TNC
|
||||
+ if (ret == 0)
|
||||
+ ret = eap_peer_tnc_register();
|
||||
+#endif /* EAP_TNC */
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+/**
|
||||
* eap_peer_unregister_methods - Unregister EAP peer methods
|
||||
*
|
||||
* This function is called at program termination to unregister all EAP peer
|
||||
diff --git a/src/eap_peer/eap_methods.h b/src/eap_peer/eap_methods.h
|
||||
index e35c919..da14e42 100644
|
||||
--- a/src/eap_peer/eap_methods.h
|
||||
+++ b/src/eap_peer/eap_methods.h
|
||||
@@ -26,6 +26,7 @@ EapType eap_peer_get_type(const char *name, int *vendor);
|
||||
const char * eap_get_name(int vendor, EapType type);
|
||||
size_t eap_get_names(char *buf, size_t buflen);
|
||||
char ** eap_get_names_as_string_array(size_t *num);
|
||||
+int eap_peer_register_methods(void);
|
||||
void eap_peer_unregister_methods(void);
|
||||
|
||||
#else /* IEEE8021X_EAPOL */
|
||||
diff --git a/src/eap_peer/libeap0.pc b/src/eap_peer/libeap0.pc
|
||||
new file mode 100644
|
||||
index 0000000..594fa2c
|
||||
--- /dev/null
|
||||
+++ b/src/eap_peer/libeap0.pc
|
||||
@@ -0,0 +1,10 @@
|
||||
+prefix=/usr
|
||||
+exec_prefix=/usr
|
||||
+libdir=/usr/lib
|
||||
+includedir=${prefix}/include/eap_peer
|
||||
+
|
||||
+Name: libeap0
|
||||
+Description: EAP Peer Library API
|
||||
+Version: 0.7.2
|
||||
+Libs: -L${libdir} -leap
|
||||
+Cflags: -I${includedir}
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,16 +1,16 @@
|
||||
diff -up wpa_supplicant-0.7.3/src/crypto/tls_openssl.c.more-openssl-algs wpa_supplicant-0.7.3/src/crypto/tls_openssl.c
|
||||
--- wpa_supplicant-0.7.3/src/crypto/tls_openssl.c.more-openssl-algs 2010-09-07 10:43:39.000000000 -0500
|
||||
+++ wpa_supplicant-0.7.3/src/crypto/tls_openssl.c 2010-12-08 10:01:02.967664004 -0600
|
||||
@@ -710,6 +710,11 @@ void * tls_init(const struct tls_config
|
||||
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
|
||||
index 52db8fc..c5c10f7 100644
|
||||
--- a/src/crypto/tls_openssl.c
|
||||
+++ b/src/crypto/tls_openssl.c
|
||||
@@ -770,6 +770,11 @@ void * tls_init(const struct tls_config *conf)
|
||||
#endif /* OPENSSL_FIPS */
|
||||
#endif /* CONFIG_FIPS */
|
||||
SSL_load_error_strings();
|
||||
+ /* Only add potentially weak hashes and encryption algorithms
|
||||
+ * when FIPS mode is not enabled.
|
||||
+ */
|
||||
+ if (!conf || !conf->fips_mode)
|
||||
+ OpenSSL_add_all_algorithms();
|
||||
+ /* Only add potentially weak hashes and encryption algorithms
|
||||
+ * when FIPS mode is not enabled.
|
||||
+ */
|
||||
+ if (!conf || !conf->fips_mode)
|
||||
+ OpenSSL_add_all_algorithms();
|
||||
SSL_library_init();
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
|
||||
#ifndef OPENSSL_NO_SHA256
|
||||
EVP_add_digest(EVP_sha256());
|
||||
|
||||
|
@ -1,9 +1,9 @@
|
||||
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
|
||||
index 49d32c2..f1d1f92 100644
|
||||
index d275ca4..fc335c0 100644
|
||||
--- a/wpa_supplicant/events.c
|
||||
+++ b/wpa_supplicant/events.c
|
||||
@@ -1328,11 +1328,11 @@ static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
|
||||
wpa_s->own_scan_running, wpa_s->external_scan_running);
|
||||
@@ -1356,11 +1356,11 @@ static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
|
||||
wpa_s->own_scan_running, wpa_s->radio->external_scan_running);
|
||||
if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
|
||||
wpa_s->manual_scan_use_id && wpa_s->own_scan_running) {
|
||||
- wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u",
|
||||
|
@ -6,8 +6,8 @@
|
||||
Summary: WPA/WPA2/IEEE 802.1X Supplicant
|
||||
Name: wpa_supplicant
|
||||
Epoch: 1
|
||||
Version: 2.3
|
||||
Release: 2%{?dist}
|
||||
Version: 2.4
|
||||
Release: 1%{?dist}
|
||||
License: BSD
|
||||
Group: System Environment/Base
|
||||
Source0: http://w1.fi/releases/%{name}-%{version}%{rcver}%{snapshot}.tar.gz
|
||||
@ -18,11 +18,6 @@ Source4: %{name}.sysconfig
|
||||
Source6: %{name}.logrotate
|
||||
|
||||
%define build_gui 1
|
||||
%define build_libeap 1
|
||||
%if 0%{?rhel} >= 1
|
||||
%define build_gui 0
|
||||
%define build_libeap 0
|
||||
%endif
|
||||
|
||||
# distro specific customization and not suitable for upstream,
|
||||
# works around busted drivers
|
||||
@ -34,27 +29,18 @@ Patch1: wpa_supplicant-flush-debug-output.patch
|
||||
Patch2: wpa_supplicant-dbus-service-file-args.patch
|
||||
# quiet an annoying and frequent syslog message
|
||||
Patch3: wpa_supplicant-quiet-scan-results-message.patch
|
||||
# allow more private key encryption algorithms
|
||||
# allow more private key encryption algorithms. is this really a good idea?
|
||||
# seems to be related to RHBZ #538851, see comment #12
|
||||
Patch5: wpa_supplicant-openssl-more-algs.patch
|
||||
# distro specific customization for Qt4 build tools, not suitable for upstream
|
||||
Patch6: wpa_supplicant-gui-qt4.patch
|
||||
# Fix libnl3 includes path
|
||||
Patch7: libnl3-includes.patch
|
||||
# Less aggressive roaming; signal strength is wildly variable
|
||||
# dcbw states (2015-04):
|
||||
# "upstream doesn't like that patch so it's been discussed and I think rejected"
|
||||
Patch8: rh837402-less-aggressive-roaming.patch
|
||||
# Add missing command-line options to man page, also filed upstream
|
||||
Patch9: rh948453-man-page.patch
|
||||
# Don't evict current AP from PMKSA cache when it's large
|
||||
Patch10: rh1032758-fix-pmksa-cache-entry-clearing.patch
|
||||
# CVE-2014-3686
|
||||
Patch11: 0001-Add-os_exec-helper-to-run-external-programs.patch
|
||||
Patch12: 0002-wpa_cli-Use-os_exec-for-action-script-execution.patch
|
||||
|
||||
%if %{build_libeap}
|
||||
# Dirty hack for WiMAX
|
||||
# http://linuxwimax.org/Download?action=AttachFile&do=get&target=wpa-1.5-README.txt
|
||||
Patch100: wpa_supplicant-2.3-generate-libeap-peer.patch
|
||||
%endif
|
||||
# CVE-2015-1863, backport from upstream master, will be in 2.5
|
||||
# http://w1.fi/cgit/hostap/commit/?id=9ed4eee345f85e3025c33c6e20aa25696e341ccd
|
||||
Patch9: 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
|
||||
|
||||
URL: http://w1.fi/wpa_supplicant/
|
||||
|
||||
@ -71,6 +57,13 @@ Requires(post): systemd-sysv
|
||||
Requires(post): systemd-units
|
||||
Requires(preun): systemd-units
|
||||
Requires(postun): systemd-units
|
||||
# libeap used to be built from wpa_supplicant with some fairly horrible
|
||||
# hackery, solely for use by WiMAX. We dropped all WiMAX support around
|
||||
# F21. This is here so people don't wind up with obsolete libeap packages
|
||||
# lying around. If it's ever resurrected for any reason, this needs
|
||||
# dropping.
|
||||
Obsoletes: libeap < %{epoch}:%{version}-%{release}
|
||||
Obsoletes: libeap-devel < %{epoch}:%{version}-%{release}
|
||||
|
||||
%description
|
||||
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support
|
||||
@ -90,25 +83,6 @@ Graphical User Interface for wpa_supplicant written using QT
|
||||
|
||||
%endif
|
||||
|
||||
%if %{build_libeap}
|
||||
%package -n libeap
|
||||
Summary: EAP peer library
|
||||
Group: System Environment/Libraries
|
||||
|
||||
%description -n libeap
|
||||
This package contains the runtime EAP peer library. Don't use this
|
||||
unless you know what you're doing.
|
||||
|
||||
%package -n libeap-devel
|
||||
Summary: Header files for EAP peer library
|
||||
Group: Development/Libraries
|
||||
Requires: libeap = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description -n libeap-devel
|
||||
This package contains header files for using the EAP peer library.
|
||||
Don't use this unless you know what you're doing.
|
||||
%endif
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}%{rcver}
|
||||
%patch0 -p1 -b .assoc-timeout
|
||||
@ -117,8 +91,8 @@ Don't use this unless you know what you're doing.
|
||||
%patch3 -p1 -b .quiet-scan-results-msg
|
||||
%patch5 -p1 -b .more-openssl-algs
|
||||
%patch6 -p1 -b .qt4
|
||||
%patch7 -p1 -b .libnl3
|
||||
%patch8 -p1 -b .rh837402-less-aggressive-roaming
|
||||
%patch9 -p1 -b .cve-2015-1863
|
||||
|
||||
%build
|
||||
pushd wpa_supplicant
|
||||
@ -178,25 +152,6 @@ rm -f %{name}/doc/.cvsignore
|
||||
rm -rf %{name}/doc/docbook
|
||||
chmod -R 0644 %{name}/examples/*.py
|
||||
|
||||
%if %{build_libeap}
|
||||
# HAAACK
|
||||
patch -p1 -b --suffix .wimax < %{PATCH100}
|
||||
pushd wpa_supplicant
|
||||
make clean
|
||||
|
||||
CFLAGS="${CFLAGS:-%optflags} -fPIC -DPIC" ; export CFLAGS ;
|
||||
CXXFLAGS="${CXXFLAGS:-%optflags} -fPIC -DPIC" ; export CXXFLAGS ;
|
||||
LDFLAGS="${LDFLAGS:-%optflags} -Wl,-z,now" ; export LDFLAGS ;
|
||||
# yes, BINDIR=_sbindir
|
||||
BINDIR="%{_sbindir}" ; export BINDIR ;
|
||||
LIBDIR="%{_libdir}" ; export LIBDIR ;
|
||||
|
||||
make V=1 -C ../src/eap_peer
|
||||
make DESTDIR=%{buildroot} LIB=%{_lib} -C ../src/eap_peer install
|
||||
sed -i -e 's|libdir=/usr/lib|libdir=%{_libdir}|g' %{buildroot}/%{_libdir}/pkgconfig/*.pc
|
||||
popd
|
||||
%endif
|
||||
|
||||
%post
|
||||
if [ $1 -eq 1 ] ; then
|
||||
# Initial installation
|
||||
@ -251,22 +206,16 @@ fi
|
||||
%{_bindir}/wpa_gui
|
||||
%endif
|
||||
|
||||
%if %{build_libeap}
|
||||
%files -n libeap
|
||||
%{_libdir}/libeap.so.0*
|
||||
|
||||
%files -n libeap-devel
|
||||
%{_includedir}/eap_peer
|
||||
%{_libdir}/libeap.so
|
||||
%{_libdir}/pkgconfig/*.pc
|
||||
|
||||
%post -n libeap -p /sbin/ldconfig
|
||||
|
||||
%postun -n libeap -p /sbin/ldconfig
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Nov 01 2014 Orion Poplawski <orion@cora.nwra.com> - 1:2.3-2
|
||||
* Thu Apr 23 2015 Adam Williamson <awilliam@redhat.com> - 1:2.4-1
|
||||
- new release 2.4
|
||||
- add some info on a couple of patches
|
||||
- drop some patches merged or superseded upstream
|
||||
- rediff other patches
|
||||
- drop libeap hackery (we dropped the kernel drivers anyhow)
|
||||
- backport fix for CVE-2015-1863
|
||||
|
||||
* Sat Nov 01 2014 Orion Poplawski <orion@cora.nwra.com> - 1:2.3-2
|
||||
- Do not install wpa_supplicant.service as executable (bug #803980)
|
||||
|
||||
* Thu Oct 30 2014 Lubomir Rintel <lkundrak@v3.sk> - 1:2.3-1
|
||||
|
Loading…
Reference in New Issue
Block a user