debian/0000775000000000000000000000000012305662662007200 5ustar debian/wpasupplicant.examples0000664000000000000000000000013112271776544013634 0ustar wpa_supplicant/wpa_supplicant.conf wpa_supplicant/examples/*.conf debian/examples/*.conf debian/hostapd.lintian-overrides0000664000000000000000000000025712271776544014235 0ustar # We distribute the package under the terms of the BSD license due to the # openssl issue, tell lintian to not complain: hostapd binary: possible-gpl-code-linked-with-openssl debian/hostapd.examples0000664000000000000000000000022112271776544012404 0ustar hostapd/hostapd.accept hostapd/hostapd.conf hostapd/hostapd.deny hostapd/hostapd.eap_user hostapd/hostapd.radius_clients hostapd/hostapd.wpa_psk debian/wpasupplicant.install0000664000000000000000000000021112271776544013463 0ustar debian/ifupdown/wpa_action sbin/ wpa_supplicant/wpa_cli sbin/ wpa_supplicant/wpa_passphrase usr/bin/ wpa_supplicant/wpa_supplicant sbin/ debian/get-orig-source0000775000000000000000000000331312272000005012115 0ustar #!/bin/sh if [ -n "${1}" ]; then CURDIR="${1}" else echo "ERROR: not called with \$(CURDIR) parameter" >&2 exit 1 fi # parse versions VERSION="$(dpkg-parsechangelog -l${CURDIR}/debian/changelog | sed -ne 's,^Version: *\([0-9]*:\)\?\(.*\)$,\2,p')" DEB_VER="$(echo ${VERSION} | sed 's,\-[0-9a-z\~\.]*,,')" UP_VER="$(echo ${DEB_VER} | sed 's,\~,\-,g')" UP_VER_TAG="hostap_$(echo $UP_VER | sed -e 's,\.,_,g' -e 's,\-,_,g')" # write to ../tarballs/, if it exists - ../ otherwise if [ -d "${CURDIR}/../tarballs" ]; then ORIG_TARBALL="${CURDIR}/../tarballs/wpa_${DEB_VER}.orig.tar.gz" else ORIG_TARBALL="${CURDIR}/../wpa_${DEB_VER}.orig.tar.gz" fi # don't overwrite existing tarballs if [ -e "${ORIG_TARBALL}" ]; then echo "ERROR: don't overwrite existing ${ORIG_TARBALL}" >&2 exit 2 fi TEMP_SOURCE="$(mktemp -d --tmpdir wpa-orig-source.XXXXXXXXXX)" if [ "$?" -ne 0 ] || [ -z "${TEMP_SOURCE}" ] || [ ! -d "${TEMP_SOURCE}" ]; then echo "ERROR: failed to create temporary working directory" >&2 exit 3 fi # clone upstream git repository git clone git://w1.fi/srv/git/hostap.git "${TEMP_SOURCE}" if [ "$?" -ne 0 ] || [ ! -d "${TEMP_SOURCE}" ]; then echo "ERROR: cloning git://w1.fi/srv/git/hostap-1.git failed" >&2 rm -rf "${TEMP_SOURCE}" exit 4 fi # create new usptream tarball cd "${TEMP_SOURCE}" && \ git archive \ --format=tar \ --prefix="wpa-${UP_VER}/" \ "${UP_VER_TAG}" \ README COPYING patches src wpa_supplicant hostapd | \ gzip -c9 > "${ORIG_TARBALL}" if [ "$?" -ne 0 ] || [ ! -e "${ORIG_TARBALL}" ]; then echo "ERROR: failure to create ${ORIG_TARBALL}" >&2 rm -rf "${TEMP_SOURCE}" exit 5 else echo "SUCCESS: New upstream tarball has been saved at ${ORIG_TARBALL}" rm -rf "${TEMP_SOURCE}" exit 0 fi debian/wpa_gui/0000775000000000000000000000000012305662656010636 5ustar debian/wpa_gui/wpa_gui-16.xpm0000664000000000000000000000514512271776544013254 0ustar /* XPM */ static char *__x__[] = { /* columns rows colors chars-per-pixel */ "16 16 127 2", " c black", ". c gray5", "X c gray8", "o c #151515", "O c gray10", "+ c #1B1B1B", "@ c #1D1D1D", "# c #1E1E1E", "$ c #202020", "% c gray13", "& c #222222", "* c #232323", "= c gray14", "- c #252525", "; c gray15", ": c #272727", "> c #282828", ", c gray16", "< c #2A2A2A", "1 c gray17", "2 c #2C2C2C", "3 c #2F2F2F", "4 c gray19", "5 c #323232", "6 c gray20", "7 c #343434", "8 c #353535", "9 c #373737", "0 c gray22", "q c gray23", "w c #3C3C3C", "e c gray24", "r c #3E3E3E", "t c #414141", "y c gray26", "u c #434343", "i c #444444", "p c gray27", "a c #464646", "s c gray28", "d c #484848", "f c #494949", "g c #4B4B4B", "h c #4C4C4C", "j c gray30", "k c #4E4E4E", "l c gray31", "z c #505050", "x c #515151", "c c gray32", "v c gray33", "b c #555555", "n c gray34", "m c #585858", "M c #5A5A5A", "N c #5B5B5B", "B c gray36", "V c gray37", "C c #5F5F5F", "Z c #606060", "A c #626262", "S c gray39", "D c gray40", "F c #676767", "G c DimGray", "H c #6C6C6C", "J c #6D6D6D", "K c gray43", "L c #6F6F6F", "P c #717171", "I c #747474", "U c #777777", "Y c #7B7B7B", "T c #7C7C7C", "R c #818181", "E c gray51", "W c gray52", "Q c #898989", "! c gray55", "~ c #8D8D8D", "^ c #9B9B9B", "/ c gray61", "( c gray62", ") c gray63", "_ c #A2A2A2", "` c gray64", "' c #A4A4A4", "] c #A5A5A5", "[ c gray65", "{ c #A7A7A7", "} c #ACACAC", "| c gray68", " . c gray69", ".. c #B2B2B2", "X. c gray70", "o. c gray71", "O. c gray72", "+. c #BBBBBB", "@. c #BCBCBC", "#. c gray75", "$. c #C0C0C0", "%. c #C3C3C3", "&. c #C8C8C8", "*. c gray79", "=. c gray82", "-. c #D2D2D2", ";. c LightGray", ":. c gray83", ">. c #E1E1E1", ",. c #E2E2E2", "<. c #E4E4E4", "1. c #E6E6E6", "2. c #EAEAEA", "3. c #ECECEC", "4. c gray93", "5. c #EEEEEE", "6. c gray95", "7. c gray96", "8. c #F6F6F6", "9. c gray97", "0. c gray98", "q. c #FBFBFB", "w. c gray99", "e. c #FDFDFD", "r. c #FEFEFE", "t. c gray100", "y. c None", /* pixels */ "y.y.e s x z f a f h n S G F y.y.", "y.9 k n g N ! } | ! C c s l M y.", "4 e S Z ( 4.t.t.t.t.5.' J M d w ", "< i v ( r.<.) Q ~ { 1.r.` C - 7 ", "> 5 G e.=.G ) -.:._ K ;.e.K 1 > ", "> < O.7.B [ t.3.2.t.{ A 9.@.2 & ", "; - ,.+.c w.%.m n $.q.m #.<.; # ", "- & q./ j t.W ^ ^ E t.v ( 0.% + ", "- % >...6 7.&.< : *.8.7 o.>.% + ", ": % .6.7 I t.S H t.U 8 6. .& + ", "1 % a w.+.2 l m Y L y #.w.s * + ", "3 % & E t.] i C K V X.r.R = & O ", "$ 4 % * G D t v B v T P - * & o ", "y.r % & * , 0 s h i 8 > * * @ y.", "y.X 0 q t p d h z c b k u : . y.", "y.y.y. y.y.y." }; debian/wpa_gui/wpa_gui.xpm0000664000000000000000000001201712271776544013024 0ustar /* XPM */ static char *__x__[] = { /* columns rows colors chars-per-pixel */ "32 32 183 2", " c black", ". c #060606", "X c gray3", "o c #191919", "O c #1B1B1B", "+ c #1E1E1E", "@ c gray12", "# c #202020", "$ c gray13", "% c #222222", "& c #232323", "* c gray14", "= c #252525", "- c gray15", "; c #272727", ": c #282828", "> c gray16", ", c #2A2A2A", "< c gray17", "1 c #2C2C2C", "2 c #2D2D2D", "3 c gray18", "4 c #2F2F2F", "5 c gray19", "6 c #313131", "7 c #323232", "8 c gray20", "9 c #343434", "0 c #353535", "q c gray21", "w c #373737", "e c gray22", "r c #393939", "t c #3A3A3A", "y c gray23", "u c #3C3C3C", "i c gray24", "p c #3E3E3E", "a c #3F3F3F", "s c gray25", "d c #414141", "f c gray26", "g c #434343", "h c #444444", "j c gray27", "k c #464646", "l c gray28", "z c #484848", "x c #494949", "c c gray29", "v c #4B4B4B", "b c #4C4C4C", "n c gray30", "m c #4E4E4E", "M c gray31", "N c #505050", "B c #515151", "V c gray32", "C c #535353", "Z c gray33", "A c #555555", "S c #565656", "D c #585858", "F c gray35", "G c #5A5A5A", "H c #5B5B5B", "J c gray36", "K c #5D5D5D", "L c gray37", "P c #5F5F5F", "I c #606060", "U c gray38", "Y c #626262", "T c #646464", "R c #656565", "E c gray40", "W c #676767", "Q c #686868", "! c DimGray", "~ c #6A6A6A", "^ c gray42", "/ c #6C6C6C", "( c #6D6D6D", ") c gray43", "_ c #6F6F6F", "` c #717171", "' c #727272", "] c gray45", "[ c #747474", "{ c gray46", "} c #767676", "| c #777777", " . c gray47", ".. c #797979", "X. c gray48", "o. c #7B7B7B", "O. c #7C7C7C", "+. c gray49", "@. c #7E7E7E", "#. c #7F7F7F", "$. c #808080", "%. c #818181", "&. c gray51", "*. c #838383", "=. c gray52", "-. c gray53", ";. c #888888", ":. c #898989", ">. c gray54", ",. c gray55", "<. c #8D8D8D", "1. c #8E8E8E", "2. c #909090", "3. c #939393", "4. c gray58", "5. c #959595", "6. c gray59", "7. c #989898", "8. c #9A9A9A", "9. c #9D9D9D", "0. c gray62", "q. c #A0A0A0", "w. c gray63", "e. c #A2A2A2", "r. c gray64", "t. c #A4A4A4", "y. c #A5A5A5", "u. c gray66", "i. c #AAAAAA", "p. c gray67", "a. c #ACACAC", "s. c gray68", "d. c gray69", "f. c #B1B1B1", "g. c #B2B2B2", "h. c gray71", "j. c #B6B6B6", "k. c #B7B7B7", "l. c #B9B9B9", "z. c #BBBBBB", "x. c gray74", "c. c gray", "v. c gray75", "b. c #C0C0C0", "n. c #C1C1C1", "m. c #C3C3C3", "M. c #C6C6C6", "N. c gray81", "B. c #D0D0D0", "V. c gray82", "C. c #D2D2D2", "Z. c gray83", "A. c gray84", "S. c #D7D7D7", "D. c #DADADA", "F. c gray86", "G. c #DDDDDD", "H. c gray87", "J. c #DFDFDF", "K. c gray88", "L. c #E1E1E1", "P. c #E2E2E2", "I. c gray89", "U. c #E4E4E4", "Y. c #E7E7E7", "T. c gray91", "R. c #E9E9E9", "E. c gray92", "W. c gray93", "Q. c #EEEEEE", "!. c gray94", "~. c #F3F3F3", "^. c #F4F4F4", "/. c gray96", "(. c #F6F6F6", "). c gray97", "_. c #F8F8F8", "`. c #F9F9F9", "'. c #FBFBFB", "]. c gray99", "[. c #FDFDFD", "{. c gray100", "}. c None", /* pixels */ "}.}.}.}.t i d k b V A D J P Y R ! / _ ' } ..O.#.*.@.' U }.}.}.}.", "}.}.}.0 e x M B z t 1 : > , , , , , , , > : 1 t z F Y ] E }.}.}.", "}.}.5 t v k d q 3 8 u g z N F T T F N l s u 0 2 > q h n R J }.}.", "}.4 3 j j F T T ^ ] | -.k.B.U.(.`.Y.V.z.,.o.} ' ^ U B f l P g }.", "}.2 y s D U I Q ) O.x._.{.{.{.{.{.{.{.{.`.c.@.` ( Q I m u M l }.", "}., i p J J Y E 7.).{.{.{.{.{.{.{.{.{.{.{.{./.9.^ E U F 2 d l }.", "}.= s w Z H P 3.'.{.{.{.T.j.q.<.<.r.l.R.{.{.{.].5.T P G ; 6 h }.", "}.= w 2 C S <.'.{.{.Q.e.' ] [ { | { [ [ r.W.{.{.'.,.H S 4 # d }.", "}.- , 6 m K /.{.{.R.{ W ! #.i.n.m.p.$.^ ! } R.{.{._.Y V 8 $ i }.", "}.; # 9 z u.{.{.E./ K R v.[.{.{.{.{.[.b.Q P _ E.{.{.s.b q $ t }.", "}.: $ 0 B (.{.{.<.Z H C.{.{.{.{.{.{.{.{.C.K A >.{.{.(.B w $ q }.", "}.> $ 9 6.{.{.K.c b a.{.{.{.S.t.r.S.{.{.{.p.m n H.{.{.8.w # 8 }.", "}.< $ 6 h.{.{.2.f C ).{.{.y.n n n n t.{.{./.C j 1.{.{.z.0 # 5 }.", "}.1 $ = V.{.{.~ u ..{.{.K.j x 0.0.x h J.{.{.+.p ^ {.{.Z.- $ 1 }.", "}.2 $ $ !.{.{.j 9 4.{.{.p.u $.{.{.$.y i.{.{.5.w x {.{.Q.$ $ > }.", "}.3 $ % `.{.{.0 2 ,.{.{.g.8 H '.'.H 6 f.{.{.:.5 0 {.{.].& $ = }.", "}.4 $ $ A.{.{.D * K {.{.Q.7 : u t ; 7 W.{.{.J = D {.{.F.$ $ % }.", "}.5 $ $ d.{.{.%.= > P.{.{.M.4 > , 7 M.{.{.I.< = *.{.{.f.% $ @ }.", "}.6 $ $ >.{.{.C.- - ] {.{.{.6.a d 5.{.{.{.] ; - N.{.{.;.% $ + }.", "}.8 $ % y `.{.{.( - ; 1.{.{.2.S J r.{.{.5.> ; ! {.{.'.a % % + }.", "}.9 $ % & 0.{.{.L.e ; 5 L #.D ! o.) ,.X.i 5 0 H.{.{.w.& & % + }.", "}.0 $ % & 9 ^.{.{.D.i 0 d N P ) | _ I N f k S.{.{.~.q & & % + }.", "}.q $ $ % & } [.{.{.G.h h B P ! ) ! L B B L.{.{.[.{ * & % $ + }.", "}.w # $ % & * ] ].{.{.#.h m F Y R Y H M 7.{.{.'._ * * & % $ + }.", "}.e 2 $ $ & & * _ Q.T.A d v Z G J G Z b ~ [.).E = * & & $ $ @ }.", "}.9 t # $ % % * * : 0 0 p l n B C B n l p a p = * * % % $ @ # }.", "}.% d 7 # $ % & & * , 7 t s l c b c l s t 7 , * & & % $ # $ o }.", "}. r j 2 $ $ % & * ; 3 q y s g j g s y 0 < = * & % $ % : % }.", "}.}.X p m r : $ % % * * = : , 2 2 < > = * * * % % , 4 9 * . }.}.", "}.}.}. = j B H L Y R Q ^ _ ' { .O.#.&.=.&.o.[ ( V r O }.}.}.", "}.}.}.}. }.}.}.}.", "}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}.}." }; debian/hostapd.postinst0000775000000000000000000000212412271776544012460 0ustar #!/bin/sh # This script can be called in the following ways: # # After the package was installed: # configure # # # If prerm fails during upgrade or fails on failed upgrade: # abort-upgrade # # If prerm fails during deconfiguration of a package: # abort-deconfigure in-favour # removing # # If prerm fails during replacement due to conflict: # abort-remove in-favour set -e case "$1" in configure) # Migrate existing sendsigs omission pid files to /run target="/run/sendsigs.omit.d/" if [ -d $target ] && \ [ -d /lib/init/rw/sendsigs.omit.d/ ]; then for f in /lib/init/rw/sendsigs.omit.d/hostapd.*.pid do if [ "$(readlink -f $f)" != "$target$(basename $f)" ]; then if [ -f "$f" ]; then mv "$f" "$target" fi fi done fi ;; abort-upgrade|abort-deconfigure|abort-remove) ;; *) echo "$0 called with unknown argument \`$1'" 1>&2 exit 1 ;; esac #DEBHELPER# exit 0 debian/wpasupplicant.README.Debian0000664000000000000000000005164112271776544014150 0ustar Modes of Operation in wpasupplicant for Debian ============================================== The Debian wpasupplicant package provides two (2) convenient modes of operation that are closely integrated to the core networking infrastructure; ifupdown. Table of Contents ================= 1. Specifying the wpa_supplicant driver backend - Table of supported drivers - Choosing driver backend 2. Mode #1: Managed Mode - Examples - Table of Common Options - Important Notes About Managed Mode - How It Works 3. Mode #2: Roaming Mode - wpa_supplicant.conf - /etc/network/interfaces - Interacting with wpa_supplicant with wpa_cli and wpa_gui - Controlling the Roaming Daemon with wpa_action - Fine Tuning the Roaming Setup - Using External Mapping Scripts (e.g. guessnet) - /etc/network/interfaces with external mapping 4. Troubleshooting - Hidden ssids 5. Security Considerations - Configuration File Permissions 1. Specifying the wpa_supplicant driver backend =============================================== The wext driver backend will be used for all interfaces that do not explicitly set 'wpa-driver' to the driver type required for that device. Users of linux 2.4 kernels, or 2.6 kernels less than 2.6.14 will be required to specify a wpa-driver type. Table of supported drivers ========================== A summary of supported drivers follows: Driver Description ====== =========== nl80211 Linux 802.11 netlink interface wext Linux wireless extensions (generic) wired wired Ethernet driver Choosing driver backend ======================= Set the driver type in the interfaces(5) stanza for your device with the 'wpa-driver' option. For example: iface eth0 inet dhcp wpa-driver wext . . . . . more options If no wpa-driver configuration is supplied, the wext backend is used. 2. Mode #1: Managed Mode ======================== This mode provides the ability to establish a connection via wpa_supplicant to one known network. It is similar to how the wireless-tools package works. Each element required to establish the connection via wpa_supplicant is prefixed with 'wpa-' and followed by the value that will be used for that element. Examples ======== NOTE: the 'wpa-psk' value is only valid if: 1) It is a plaintext (ascii) string between 8 and 63 characters in length 2) It is a hexadecimal string of 64 characters # Connect to access point of ssid 'NETBEER' with an encryption type of # WPA-PSK/WPA2-PSK. It assumes the driver will use the 'wext' driver backend # of wpa_supplicant because no wpa-driver option has been specified. # The passphrase is given as a ASCII (plaintext) string. DHCP is used to # obtain a network address. # iface wlan0 inet dhcp wpa-ssid MyNetWork # plaintext passphrase wpa-psk plaintextsecret # Connect to access point of ssid 'homezone' with an encryption type of # WPA-PSK/WPA2-PSK, using the 'wext' driver backend of wpa_supplicant. # The psk is given as an encoded hexadecimal string. DHCP is used to obtain # a network address. # iface wlan0 inet dhcp wpa-driver wext wpa-ssid homezone # hexadecimal psk is encoded from a plaintext passphrase wpa-psk 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f # Connect to access point of ssid 'HotSpot1' and bssid of '00:1a:2b:3c:4d:5e' # with an encryption type of WPA-PSK/WPA2-PSK, using the the 'nl80211' driver # backend of wpa_supplicant. The passphrase is given as a plaintext string. # A static network address assignment is used. # iface wlan0 inet static wpa-driver nl80211 wpa-ssid HotSpot1 wpa-bssid 00:1a:2b:3c:4d:5e # plaintext passphrase wpa-psk madhotspot wpa-key-mgmt WPA-PSK wpa-pairwise TKIP CCMP wpa-group TKIP CCMP wpa-proto WPA RSN # static ip settings address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 # User supplied wpa_supplicant.conf is used for eth1. All network information # is contained within the user supplied wpa_supplicant.conf. No wpa-driver type # is specified, so wext is used. DHCP is used to obtain a network address. # iface eth1 inet dhcp wpa-conf /path/to/wpa_supplicant.conf Table of Common Options ======================= A brief summary of common 'wpa-' options that may be used in the /etc/network/interfaces stanza for a wireless device. See the 'Important Notes About Managed Mode' section for information about valid and invalid 'wpa-' values. NOTE: ALL values are CASE SeNsItVe Element Example Value Description ======= ============= =========== wpa-ssid plaintextstring sets the ssid of your network wpa-bssid 00:1a:2b:3c:4d:5e the bssid of your AP wpa-psk 0123456789...... your preshared wpa key. Use wpa_passphrase(8) to generate your psk from a passphrase and ssid pair wpa-key-mgmt NONE, WPA-PSK, WPA-EAP, list of accepted authenticated key IEEE8021X management protocols wpa-group CCMP, TKIP, WEP104, list of accepted group ciphers for WPA WEP40 wpa-pairwise CCMP, TKIP, NONE list of accepted pairwise ciphers for WPA wpa-auth-alg OPEN, SHARED, LEAP list of allowed IEEE 802.11 authentication algorithms wpa-proto WPA, RSN list of accepted protocols wpa-identity myplaintextname administrator provided username (EAP authentication) wpa-password myplaintextpassword your password (EAP authentication) wpa-scan-ssid 0 or 1 toggles scanning of ssid with specific Probe Request frames wpa-ap-scan 0 or 1 or 2 adjusts the scanning logic of wpa_supplicant The complete functionality of wpa_cli(8) should be implemented. Anything missing is considered a bug and should be reported as such. Patches are always welcome. Important Notes About Managed Mode ================================== Almost all 'wpa-' options require there is at least a ssid specified. Only a handful of options have a global effect. These are: 'wpa-ap-scan' and 'wpa-preauthenticate'. Any 'wpa-' option given for a device in the interfaces(5) file is sufficient to trigger the wpa_supplicant daemon into action. The wpasupplicant ifupdown script makes assumptions about the 'type' of input that is valid for each option. For example, it assumes that some input is plaintext and wraps quotation marks around the input before passing it on to wpa_cli, which then adds the input to the network block being formed via the wpa_supplicant ctrl_interface socket. Running ifup manually with the '--verbose' option will reveal all of the commands used to form the network block via wpa_cli. If the value you used for any wpa-* option in /etc/network/interfaces is surrounded by double quotes, than it has been assumed to be of "plaintext" or "ascii" type input. Some input is assumed to be a hexadecimal string (eg. wpa-wep-key*). The value 'type' of the wpa-psk option however, is determined via a simple check for more than one non hexadecimal character. How It Works ============ As mentioned earlier, each wpa_supplicant specific element is prefixed with 'wpa-'. Each element correlates to a property of wpa_supplicant described in the wpa_supplicant.conf(5), wpa_supplicant(8) and wpa_cli(8) manpages. The supplicant is launched without any pre-configuration whatsoever, and wpa_cli forms a network configuration from the input provided by the 'wpa-*' lines. Initially, wpa_supplicant/wpa_cli does not directly set the properties of the device (like setting an essid with iwconfig, for example), rather it informs the device of what access point is suitable to associate with. Once the device has scanned the area, and found that the suitable access point is available for use, these properties are set. The scripts that do all the work are located at: /etc/wpa_supplicant/ifupdown.sh /etc/wpa_supplicant/functions.sh ifupdown.sh is executed by run-parts, which in turn is invoked by ifupdown during the 'pre-up', 'pre-down' and 'post-down' phases. In the 'pre-up' phase, a wpa_supplicant daemon is launched followed by a series of wpa_cli commands that set up a network configuration according to what 'wpa-' options were used in /etc/network/interfaces for the physical device. If wpa-roam is used, a wpa_cli daemon is launched in the 'post-up' phase. In the 'pre-down' phase, the wpa_cli daemon is terminated. In the 'post-down' phase, the wpa_supplicant daemon is terminated. 3. Mode #2: Roaming Mode ======================== A self contained, simplistic roaming mechanism is provided by this package. It is in the form of a wpa_cli action script, /sbin/wpa_action, and it assumes control of ifupdown once activated. The wpa_action(8) manpage describes its technical details in great depth. To activate a roaming interface, adapt the following example interfaces(5) stanza: iface eth1 inet manual wpa-driver wext wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf Two daemons are spawned from the above example; wpa_supplicant and wpa_cli. It is required to provide a wpa_supplicant.conf containing a minimal amount of global options, and any known network blocks that should be connected to without interaction. A good starting point is provided by an example configuration file: # copy the template to /etc/wpa_supplicant/ cp /usr/share/doc/wpasupplicant/examples/wpa-roam.conf \ /etc/wpa_supplicant/wpa_supplicant.conf # allow only root to read and write to file chmod 0600 /etc/wpa_supplicant/wpa_supplicant.conf NOTE: it is critical that the used wpa_supplicant.conf defines the location of the 'ctrl_interface' so that a communication socket is created for the wpa_cli (wpa-roam daemon) to attach. The mentioned example configuration, /usr/share/doc/wpasupplicant/examples/wpa-roam.conf, has been set to a sane default. It is required to edit this configuration file, and add the network blocks for all known networks. If you do not understand what this means, start reading the wpa_supplicant.conf(5) manpage now. For each network, you may specify a special option 'id_str'. It should be set to a simple text string. This text string forms the basis for network profiling; it correlates to a logical interface defined in the interfaces(5) file. When no 'id_str' is given for a network, wpa_action assumes it will use the 'default' logical interface as fallback. The fallback interface can be chosen via the 'wpa-roam-default-iface' option. So what does all this mean? Lets illustrate it with a small example taken from the wpa_action(8) manpage. wpa_supplicant.conf =================== network={ ssid="foo" key_mgmt=NONE # this id_str will notify /sbin/wpa_action to 'ifup uni' id_str="uni" } network={ ssid="bar" psk=123456789... # this id_str will notify /sbin/wpa_action to 'ifup home_static' id_str="home_static" } network={ ssid="" key_mgmt=NONE # no 'id_str' parameter is given, /sbin/wpa_action will 'ifup default' } /etc/network/interfaces ======================= # the roaming interface MUST use the manual inet method # 'allow-hotplug' or 'auto' ensures the daemon starts automatically allow-hotplug eth1 iface eth1 inet manual wpa-driver wext wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf # no id_str, 'default' is used as the fallback mapping target iface default inet dhcp # id_str="uni" iface uni inet dhcp # id_str="home_static" iface home_static inet static address 192.168.0.20 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 A logical interface is brought up via ifup, and taken down via ifdown, as wpa_supplicant associates and de-associates with the network associated to it by the 'id_str' option used in the wpa_supplicant.conf configuration file. /sbin/wpa_action's actions are logged to syslog. Interacting with wpa_supplicant with wpa_cli and wpa_gui ======================================================== The wpa_supplicant process can be interacted with by members of the "netdev" group if the example roaming configuration was used as is (or by whatever group or gid specified by the GROUP= crtl_interface parameter). # the default ctrl_interface option used in the example file # /usr/share/doc/wpasupplicant/examples/wpa-roam.conf ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev To interact with the supplicant, the wpa_cli (command line) and wpa_gui (QT) have been provided. With these you may connect, disconnect, add/delete new network blocks, provide required interactive security information and so on. Controlling the Roaming Daemon with wpa_action ============================================== Once the roaming daemon is started, it assumes control of ifupdown. That is; wpa_cli calls ifup when wpa_supplicant has successfully associated with an access point, and calls ifdown when the connection is lost or terminated. While the roaming daemon is active, ifupdown should not be controlled directly by manually issued commands, rather /sbin/wpa_action is supplied to stop and reload the roaming daemon. For example, to stop the romaing daemon on the device 'eth1': wpa_action eth1 stop When it is required to update the roaming daemon with a new networks details, it can be done without stopping it. Edit the wpa_supplicant.conf file that is being used by the daemon with the new networks details, add optional network settings to /etc/network/interfaces that are specific to the new network (linked by the 'id_str') and then 'reload' the daemon like so: wpa_action eth1 reload For the complete technical details of what wpa_action can do, read the wpa_action(8) manpage. Fine Tuning the Roaming Setup ============================= You may face situations where multiple known access points are in close proximity. You can choose which one is preferred manually, with wpa_cli or wpa_gui, or you can give each network its own priority. This is provided by the 'priority' option of wpa_supplicant.conf. Using External Mapping Scripts (e.g. guessnet) ============================================== In addition to the internal mapping of logical interfaces via 'id_str', wpa_action can call external mapping scripts. A mapping script should return the name of the logical interface which should be brought up. Any mapping script that works from ifupdowns mapping mechanism (see man interfaces) should also work when called from wpa_action. To call a mapping script add a line 'wpa-mapping-script name-of-the-script' to the interfaces stanza of the physical roaming device. (You may have to specify the absolute path to the mapping script.) The contents of lines starting with wpa-map are passed to stdin of the mapping script. Since ifupdown allows only one wpa-map line you can append any number to wpa-map for additional lines. For example: iface wlan0 inet manual wpa-driver wext wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf wpa-mapping-script guessnet-ifupdown wpa-map0 home wpa-map1 work wpa-map2 school # ... additional wpa-mapX lines as required By default the mapping script will only be used when no 'id_str' is available for the current network. If you want to completely disable 'id_str' matching and use only an external mapping script, use the 'wpa-mapping-script-priority 1' option to override default behaviour. If the mapping script returns an empty string wpa_action will fallback to using the 'default' interface, unless an alternative is defined by the 'wpa-roam-default-iface' option. Below is an advanced example, using guessnet-ifupdown as the external mapping script. /etc/network/interfaces with external mapping ============================================= allow-hotplug wlan0 iface wlan0 inet manual wpa-driver wext wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf wpa-roam-default-iface default-wparoam wpa-mapping-script guessnet-ifupdown wpa-map default: default-guessnet wpa-map0 home_static wpa-map1 work_static # school can only be chosen via 'id_str' matching iface school inet dhcp # resolvconf dns-nameservers 11.22.33.44 55.66.77.88 iface home_static inet static address 192.168.0.20 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 test peer address 192.168.0.1 mac 00:01:02:03:04:05 iface work_static inet static address 192.168.3.200 netmask 255.255.255.0 network 192.168.3.0 broadcast 192.168.3.255 gateway 192.168.3.1 test peer address 192.168.3.1 mac 00:01:02:03:04:05 iface default-guessnet inet dhcp iface default-wparoam inet dhcp In this example wpa_action will use guessnet for the selection of a suitable logical interface only when no 'id_str' option has been provided for the current network in the provided wpa_supplicant.conf. The 'wpa-map' lines provide guessnet with the logical interfaces that are to be tested as well as the default interface to be used when all tests fail. The 'test' lines of each logical interface are used by guessnet to determine if we are actually connected to that network. For instance, guessnet will choose the logical interface 'home_static' if there's a device with an IP address of 192.168.0.1 and MAC of 00:01:02:03:04:05 on the current network. If all tests fail, the 'default-guessnet' interface will be configured. Please, read the guessnet(8) manpage for more information. 4. Troubleshooting ================== In order to debug connection, association and authentication problems, increase the verbosity level of wpa_supplicant to log debug output by adding the wpa-debug-level option to /etc/network/interfaces like in the following example: iface eth1 inet dhcp wpa-debug-level 3 ... Debug level number 3 starts the supplicant with the -ddd command line option, level 2 with -dd an level 1 with -d. Values of -1 and -2 will cause wpa_supplicant to be started with -q and -qq options respectively (quiet mode). Any other wpa-debug-level value will cause the supplicant to be started with default debug level. If wpa_supplicant is started via D-Bus, then you must edit /usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service and add the debugging command line option to the Exec field. It is also possible to have wpa_supplicant write all debug output to a text file with the -f command line option. You may specify a file to log to with the wpa-logfile in /etc/network/interfaces if starting wpa_supplicant via ifupdown. Another method is to start `wpa_cli -i ` in another shell before starting the interface. Use the command 'level 0' first, to get all debug messages sent to the control socket by wpa_supplicant. To debug the ifupdown scripts that start wpa_supplicant and friends, use `ifup --verbose ` to get verbose messages, or set wpa-maint-debug to any value to see shell code execution (set -x). Hidden ssids ============ For reference, see #358137 [1]. In order to be able to associate to hidden ssids, please try to set the option 'ap_scan=1' in the global section, and 'scan_ssid=1' in your network block section of your wpa_supplicant.conf file. If you are using the managed mode, you can do so by these stanzas: iface eth1 inet dhcp wpa-ap-scan 1 wpa-scan-ssid 1 # ... additional options for your setup According to #368770 [2], association can take a very long time under certain circumstances. In some cases, setting the parameter 'ap_scan=2' in the config file, (or using a 'wpa-ap-scan 2' stanza, which is equivalent) can greatly help to speed up association. Please note that setting ap_scan to the value of 2 also requires that all networks have a precisely defined security policy for for key_mgmt, pairwise, group and proto network policy variables. [1] http://bugs.debian.org/358137 [2] http://bugs.debian.org/368770 5. Security Considerations ========================== Configuration File Permissions ============================== It is important to keep PSK's and other sensitive information concerning your network settings private, therefore ensure that important configuration files containing such data are only readable by their owner. For example: chmod 0600 /etc/network/interfaces chmod 0600 /etc/wpa_supplicant/wpa_supplicant.conf By default, /etc/network/interfaces is world readable, and thus unsuitable for containing secret keys and passwords. debian/wpasupplicant.manpages0000664000000000000000000000036712271776544013624 0ustar debian/ifupdown/wpa_action.8 wpa_supplicant/doc/docbook/wpa_background.8 wpa_supplicant/doc/docbook/wpa_cli.8 wpa_supplicant/doc/docbook/wpa_passphrase.8 wpa_supplicant/doc/docbook/wpa_supplicant.8 wpa_supplicant/doc/docbook/wpa_supplicant.conf.5 debian/compat0000664000000000000000000000000212271776544010405 0ustar 9 debian/examples/0000775000000000000000000000000012305662656011021 5ustar debian/examples/wpa-roam.conf0000664000000000000000000000655312271776544013430 0ustar ######################## Debian wpa-roam Template ############################# # # Template configuration for wpa-roam mode of Debian's wpasupplicant package. # wpa-roam mode is described in detail in the wpa_action(8) manpage, and also # at /usr/share/doc/wpasupplicant/README.modes.gz. Please read these documents # to get an overview of how to setup this mode. # # For a detailed set of configuration examples for different networks, refer to # /usr/share/doc/wpasupplicant/README.wpa_supplicant.conf.gz # # Also see the other files in /usr/share/doc/wpasupplicant/examples/ for # specific network configuration examples. # # Empty lines and lines starting with # are ignored # # NOTE! This file may contain password information and should be made readable # only by root user or netdev group on multiuser systems. # ######################## Global Configuration Options ######################### # # The update_config option can be used to allow wpa_supplicant to overwrite # configuration file whenever configuration is changed (e.g., new network block # is added with wpa_cli or wpa_gui, or a password is changed). This is required # for wpa_cli/wpa_gui to be able to store the configuration changes # permanently. # # NOTE! Any comments will be removed from the configuration file when the # update_config option is used. # #update_config=1 # The ctrl_interface specifies the path to a unix socket through which the # supplicant may be controlled and interacted with. # # DIR= Path to UNIX socket control interface, mandatory for wpa-roam mode # GROUP= Users in this group to control wpa_supplicant via wpa_cli/wpa_gui # ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev # ######################## Network Block Configurations ######################### # # Each network is configured as a separate block in this configuration file. # The network blocks are listed in preference of order, the top most network # to be found in scan results is used. # # By default, all networks will get same priority (0). If some of the networks # are more desirable, the "priority=" network parameter can be used to change # the order in which wpa_supplicant goes through the network blocks when # selecting what network will be used. The priority groups will be iterated # in decreasing priority, the network with the highest priority value will be # considered for selection first and the network with the lowest priority value # will be considered last. # # NOTE! The scan_ssid=1 and ap_scan=2 modes ignore the priority field. Instead, # the networks will be considered in the order specified in this configuration # file. # # The "id_str=" network identifier string parameter is given to wpa_action when # a network has been selected, and contains this field in its configuration # block. The given id_str string will be used to select a logical interfaces # from ifupdown's /etc/network/interfaces file. # ############################################################################### #network={ # ssid="Example WEP Network" # key_mgmt=NONE # wep_key0=6162636465 # wep_tx_keyidx=0 # id_str="johns_house" #} #network={ # ssid="Example WPA Network" # psk="mysecretpassphrase" # id_str="home" #} ############################################################################### # Default behaviour is to associate with any open access point, further # networks can be configured with wpa_cli/wpa_gui. # network={ key_mgmt=NONE } debian/changelog.hostapd0000664000000000000000000004650612271776544012535 0ustar hostapd (1:0.7.3-5) UNRELEASED; urgency=low * NOT RELEASED YET * bump standards version to 3.9.3, no changes necessary. * update dep-5 version to final 1.0: - add format qualifier - s/Upstream-Maintainer/Upstream-Contact/ - s/Upstream-Source/Source/ - use "or" instead of "BSD | GPL-2" for dual-licensed sources - order licenses alphabetically. - fix lists of copyright holders for the final syntax - fix license continuation. -- Stefan Lippers-Hollmann Mon, 27 Feb 2012 22:07:19 +0100 hostapd (1:0.7.3-4) unstable; urgency=low * add myself to uploaders. * add "hostap: Allow linking with libnl-3" from Ben Greear to allow building against libnl3 3.2. * switch build dependency from libnl-dev (libnl1) to libnl-3-dev && libnl-genl-3-dev accordingly. * add libpcap-dev and libbsd-dev to kFreeBSD specific build-depends. * disable IAPP on kFreeBSD, to avoid FTBS. * restrict hostapd to linux-any and kfreebsd-any, hurd lacks kernel support. * raise versioned build-dependency to (>= 3.2.3-2~), we need libnl-genl-3-200-udeb and expect it in /lib/. * add "For MS-CHAP, convert the password from UTF-8 to UCS-2" from Evan Broder , accepted upstream into hostap-1.git * fix long description, driver_madwifi is no longer enabled, while driver_bsd got enabled. -- Stefan Lippers-Hollmann Tue, 20 Dec 2011 02:51:49 +0100 hostapd (1:0.7.3-3) unstable; urgency=low [ Kel Modderman ] * Use /run/sendsigs.omit.d/ for sendsigs omission pid file and depend on initscripts (>= 2.88dsf-13.3). (Closes: #633026) * Migrate existing sendsigs omission pid files from /lib/init/rw to /run. * Add a loop to ifupdown.sh to wait for creation of hostapd pid file before attempting creation of sensigs omission pid file, in some cases hostapd daemon can return before creation of the pid file has been written to disk. * Adjust standards version to 3.9.2, no further changes required to satisfy that. * Only test that DAEMON_CONF is set in init.d script, do not test if what is set is readable (which assumes only one configuration file is being used). (Closes: #615821) [ Stefan Lippers-Hollmann ] * use new anonscm URIs for alioth. -- Kel Modderman Sun, 11 Dec 2011 20:32:06 +1000 hostapd (1:0.7.3-2) unstable; urgency=low * upload to unstable -- Jan Dittberner Sun, 06 Feb 2011 13:20:42 +0100 hostapd (1:0.7.3-1) experimental; urgency=low * New upstream release, upstream declares this as the new stable release. * debian/control: update Standards-Version to 3.9.1 (no changes necessary) * debian/copyright: include license text of the BSD license variant, add myself to the list of copyright holders for the debian/* files * add debian/hostapd.lintian-overrides and install it as /usr/share/lintian/overrides/hostapd to fix possible-gpl-code-linked- with-openssl Lintian error -- Jan Dittberner Tue, 07 Sep 2010 20:43:01 +0200 hostapd (1:0.7.2-2) experimental; urgency=low * disable madwifi driver - remove debian/driver_madwifi - disable madwifi driver in debian/config/linux -- Jan Dittberner Tue, 27 Apr 2010 21:09:08 +0200 hostapd (1:0.7.2-1) experimental; urgency=low * New upstream release * debian/control: add myself to Uploaders * update debian/watch to track version 0.7.x * disable debian/patches/DTIM.patch that does not apply to current upstream sources -- Jan Dittberner Mon, 26 Apr 2010 20:21:00 +0200 hostapd (1:0.6.10-2) unstable; urgency=low * Switch to source format 3.0 (quilt). * Add DTIM.patch, cherry picked from upstream, which works around problem setting DTIM period too early causing hostapd to bail out unceremoniously. (Closes: #570116) * Fix syntax error in ifupdown.sh. (Closes: #571029) -- Kel Modderman Wed, 24 Feb 2010 19:36:11 +1000 hostapd (1:0.6.10-1) unstable; urgency=low * New upstream release. - drop all patches applied upstream * Install hostapd_cli to /usr/sbin/ from /usr/bin/, as it requires explicit permissions to be usable by non-admin. * Support the status command in init.d script. Depend on lsb-base (>= 3.2-13) for status_of_proc. Patch thanks to Peter Eisentraut. (Closes: #535633) * Add debian/README.source to describe use of quilt patch system. * Increase Standards-Version to 3.8.4 without extra changes. * Reduce debian/rules by tweaking the sequence of a few things and using the --sourcedirectory option of dh in debhelper (>= 7.3.7~). Build-Depend on that debhelper version. * No longer install /etc/hostapd/hostapd.conf per default as there are no sane defaults. Instead provide the configuration as an example only and take care to remove previously installed conffiles which remain unedited on upgrade. * Clean up init.d script a bit by using existance of hostapd daemon configuration file as defined in /etc/default/hostapd as conditional for starting instead of magic RUN_DAEMON variable. * Update README.Debian to contain information about the example hostapd.conf file. * Remove Reinhard Tartler from uploaders at his request. Thanks for past contribution. * Remove uupdate command from debian/watch, unused by maintainer. * Adjust debian/watch to scan for the 0.6.X stable releases only. -- Kel Modderman Thu, 11 Feb 2010 14:49:44 +1000 hostapd (1:0.6.9-3) unstable; urgency=low * Change Maintainer to pkg-wpa-devel team and add Reinhard and myself to Uploaders to better reflect the organisation which makes the package available. * Import upstream patches: - hostap_reuse_existing_ctrl_iface_socket.patch allows to reuse ctrl interface sockets left over as result of unclean shutdown - hostap_reject_conf_without_channel_nl80211.patch adds code to reject configurations which use nl80211 driver without setting a channel because this will always fail for the time being * Build-Depend on quilt >= 0.46-7 for dh integration. * Update debian/control long description to mention mac80211 based drivers. Thanks to Jan Braunisch for noticing. * Also remove reference to the Prism54 driver in package long description, we do not support it. -- Kel Modderman Sun, 17 May 2009 04:35:12 +1000 hostapd (1:0.6.9-2) unstable; urgency=low * Enable CONFIG_IEEE80211W, IEEE 802.11w (management frame protection). (Closes: #522328) -- Kel Modderman Fri, 03 Apr 2009 07:07:06 +1000 hostapd (1:0.6.9-1) unstable; urgency=low [ Kel Modderman ] * New upstream release. (Closes: #521142) * Document copyright errata of hostapd/driver_atheros.c in debian/copyright. - activate nl80211 driver backend (Closes: #429734) - deactivate prism54 driver, it is now working. Do not mention it in README.Debian (Closes: #475451) * Add build dependency of libnl-dev (>= 1.1) for the nl80211 driver backend. * Remove need for patch system. - ship madwifi headers in debian/driver_madwifi - use sed to patch hostapd.conf in order to change /etc/hostapd.* to /etc/hostapd/* - copy in build configuration from debian/config/$(DEB_HOST_ARCH_OS) to hostapd/.config rather than using a patch * Add support for kfreebsd build by providing debian/config/kfreebsd without Linux specific build options. * Use dh-centric debian/rules and build-depend on debhelper (>= 7.0.50) in order to take advantage of the override_dh_* feature. * Bump debian/compat to 7. * Adjust Standards-Version to 3.8.0, no further changes needed. * Use machine parsable debian/copyright format. * Add debian/manpages instead of using explicit dh_installmanpages command in debian/rules. * Rename debian/lintian-overrides to debian/hostapd.lintian-overrides so that dh_lintian automatically picks it up. * Bump Standards-Version to 3.8.1, no other changes required. * Remove var/run/hostapd and usr/share/lintian/overrides from debian/dirs. hostapd is able to create its own directory for unix sockets (and that may be anywhere admin decides) and lintian stuff is taken care of by debhelper now. * Update copyright information in debian/ifupdown.sh [ Faidon Liambotis ] * Switch Maintainer/Uploaders roles with Kel; he's the de facto maintainer nowadays, he may as well listed as such. -- Faidon Liambotis Sun, 29 Mar 2009 21:37:22 +0300 hostapd (1:0.5.10-1) unstable; urgency=low * New upstream release. * Document the two methods of managing hostapd in README.Debian. Also add a hint to /etc/default/hostapd to consult README.Debian for more information. (Closes: #443786) * Cleanup of debian/rules, actually honor nostrip by specifying default CFLAGS when invoking make. Remove redundant commented out content. * Fix incorrect LSB dependency information, hostapd now requires $remote_fs virtual facility for start and stop. Thanks to Petter Reinholdtsen. (Closes: #466283) -- Kel Modderman Tue, 11 Mar 2008 12:36:03 +1000 hostapd (1:0.5.9-1) unstable; urgency=low * New upstream release. * Bumped to Standards-Version 3.7.3, no changed needed. * Switched to Vcs-* instead of XS-Vcs. * Added Homepage field. * Refer to GPL-2 explicitely, as this is a GPL v2-only software. * Remove remnants of patches for dscape/mac80211. * Update to madwifi 0.9.3.3 headers; no functional changes. -- Faidon Liambotis Wed, 12 Dec 2007 03:43:13 +0200 hostapd (1:0.5.8-1) unstable; urgency=low [ Kel Modderman ] * New upstream release. * Add bash script to prepare madwifi_headers.patch. * patches/20_madwifi_headers.dpatch made from madwifi 0.9.3, which is what is currently in the archive, and stable upstream release. (Closes: #408642) * Rename 21_madwifi_includes.dpatch to 21_madwifi_enable.dpatch. * Make our new mac80211 header dpatches similar to that of madwifi; keep upstream include directory tree intact and modify CFLAGS. * Refresh our build config with upstreams current defconfig. * CONFIG_STAKEY is deprecated in favour of CONFIG_PEERKEY. [ Faidon Liambotis ] * Remove upgrade paths from pre-etch versions, we only support incremental updates. Fix a lintian error in the process. * Don't ignore "make clean" errors, if they exist; fixes a lintian warning. -- Faidon Liambotis Tue, 24 Jul 2007 17:43:44 +0300 hostapd (1:0.5.7-1) unstable; urgency=low * New upstream release. * Drop backported code included in this upstream release. * Bump debhelper compat level to 5, no other changes required. * Include ifupdown integration; it is now possible to start hostapd via a /etc/network/interfaces line such as: 'hostapd /etc/hostapd/hostapd.conf' for any given interface. The daemon will start in pre-up phase of ifup, and be killed in post-down phase of ifdown. A pidfile of /var/run/hostapd.$IFACE.pid will be created for each interface's daemon. * Add XS-Vcs fields to debian/control. * Change of Uploader email address in debian/control. * Update madwifi includes to r2157 upstream madwifi.org/trunk. * Update debian/copyright with new upstream URL, contact information and copyright years. * Modify debian/watch file for new upstream release URL. * Make debian/watch version 3, remove useless comments from file. -- Kel Modderman Mon, 09 Apr 2007 18:31:22 +1000 hostapd (1:0.5.5-3.1) unstable; urgency=high * Non-maintainer upload. * Urgency high for RC bugfix. * Backport hostapd.c fix from CVS: (Closes: #398466) - Allow hostapd_flush_old_stations to fail, otherwise configuration of unencrypted modes failed with madwifi. (1.168) The correct setup is handled by the backported fixes in the previous revision. -- Matt Brown Sat, 9 Dec 2006 11:03:47 +1300 hostapd (1:0.5.5-3) unstable; urgency=medium * Update madwifi headers to r1757. * Backport driver_madwifi.c fixes from CVS: - Set forgotten im_op for sta_disassoc handlers (1.49) - Fixed configuration of unencrypted modes (plaintext and IEEE 802.1X without WEP) (1.51) * Urgency medium because of a bugfix revision. -- Faidon Liambotis Sun, 12 Nov 2006 02:37:43 +0200 hostapd (1:0.5.5-2) unstable; urgency=low * Versioned dependency on lsb-base (>= 3.0-3) for log_daemon_message used in hostapd init script. (Closes: #386156) -- Kel Modderman Wed, 6 Sep 2006 14:31:14 +1000 hostapd (1:0.5.5-1) unstable; urgency=low [ Kel Modderman ] * New upstream release. * Allow hostapd to install, by first checking for existance of /etc/hostapd/hostapd.conf before attempting to change permissions. [ Faidon Liambotis ] * Also fix ownership of hostapd.conf on upgrades. -- Faidon Liambotis Tue, 29 Aug 2006 15:29:47 +0300 hostapd (1:0.5.4-1) unstable; urgency=low [ Kel Modderman ] * New upstream release. (Closes: #378703) * Add LSB INIT info header to init script, as per specs. Source lsb-base init functions, use them to report daemon status in a standard way. (Closes: #376327) * Add dpatch (30_hostapd_pidfile) to allow hostapd process to create a pid file when daemonized. * The init daemon now creates a pid file at /var/run/hostapd.pid. * Allow multiple configuration files to be given to hostapd via /etc/default/hostapd, enabling the possibility of managing multiple interfaces with one process. If the configuration files are not specified use /etc/hostapd/hostapd.conf to preserve backwards compatability. This also allows the user to use a single configuration file != /etc/hostapd/hostapd.conf. (Closes: #377054) * Add 'reload' option to init script. Send HUP signal to hostapd, causing it to reload its configuration file. * Add some extra DAEMON_OPTIONS hints to the /etc/default/hostapd file. * Set hostapd.conf permissions to 0600, it may contain sensitive details. (Closes: #380632) * Update madwifi headers to r1705. This should ensure maximum compatibility with the madwifi-source package currently available. (Closes: #384504) * Slightly change the way madwifi is activated, add an extra CFLAG instead of hardcoding the paths to the headers in driver_madwifi.c. * Add myself to uploaders. [ Faidon Liambotis ] * Fixes a potential DoS fix in RSN preauthentication (upstream bug #152). * Add lintian override for hostapd.conf unusual permissions. * Exclude hostapd.conf from dh_fixperms. * Fix permissions of hostapd.conf retroactively in upgrades. -- Faidon Liambotis Fri, 25 Aug 2006 04:28:00 +0300 hostapd (1:0.5.3-1) unstable; urgency=low * New upstream release - Fix some warnings when compiling with GCC 4.1. - Adapt 12_conf_etc_hostapd.dpatch to the new hostapd.conf. * Include the test driver, for debugging purposes. (Closes: #372107) * Delete unmodified obsolete conffiles when upgrading from a previous version (namely, hostapd.{accept,deny}). Thanks to Lars Wirzenius and piuparts! (Closes: #353191) * Update madwifi-ng headers to version 0.9.0. * Remove the suggestion of hostap-modules, hostap is merged to the latest 2.6 kernels and it's one of the many options anyway. * Changed maintainer's e-mail address. * Updated Standards-Version to 3.7.2, no changes needed. -- Faidon Liambotis Fri, 9 Jun 2006 03:23:23 +0300 hostapd (1:0.5.0-1) unstable; urgency=low * New upstream release - Removed patch 01-prism54-hostap_common, merged upstream. * Update madwifi headers to madwifi-ng, rev1390. * Updated 'Standards-Version' to 3.6.2.2 (no changes). -- Faidon Liambotis Thu, 5 Jan 2006 02:13:17 +0200 hostapd (1:0.4.5-2) unstable; urgency=low * No changes, previous version appeared as an NMU. -- Faidon Liambotis Tue, 11 Oct 2005 19:15:27 +0300 hostapd (1:0.4.5-1) unstable; urgency=low * New upstream release - added experimental support for EAP-PSK - added support for WE-19 * Update madwifi headers to the latest CVS. (Closes: #326893) * README.Debian: - Document that in-kernel versions of prism54 won't work. (Closes: #315852) - Mention Prism2/2.5/3.0's STA firmware limitations. * Updated 'Standards-Version' to 3.6.2.1 (no changes). -- Faidon Liambotis Mon, 10 Oct 2005 15:55:13 +0300 hostapd (1:0.4.2-1) unstable; urgency=low * New upstream release - Manpages incorporated upstream. - Removed patches 01_makefile, 02_conf_wpa_to_hostapd, 03_usage_cleanup, accepted upstream. - Adapted patch 21_madwifi_includes - Added support for RADIUS over IPv6 - Added support for EAP-PAX * Removed /etc/hostapd/hostapd.accept & hostapd.deny, now shipping all example configuration files to /usr/share/doc/hostapd/examples/ -- Faidon Liambotis Wed, 15 Jun 2005 18:23:33 +0300 hostapd (1:0.3.7-2) unstable; urgency=medium * Better handling of patching upstream using dpatch. * Added madwifi support. Hack stolen from wpasupplicant, thanks to Kyle McMartin. * Changed hostapd_cli path to /usr/bin/ from /usr/sbin/. * Report failed start of hostapd when starting from the init.d script. (Closes: #303206). * Added hostapd(8) and hostapd_cli(1) manpages. Now lintian & linda clean ;) * Cleaned-up hostapd/hostapd_cli usage information. -- Faidon Liambotis Mon, 11 Apr 2005 11:53:58 +0300 hostapd (1:0.3.7-1) unstable; urgency=medium * New upstream release - Changed license to Dual GPL/BSD. - New tool hostapd_cli for command-line administration. * Adapt description to reflect new features. * Now Suggesting instead of Recommending hostap-modules, hostapd can now work with other drivers. -- Faidon Liambotis Wed, 23 Feb 2005 10:12:06 +0200 hostapd (1:0.2.6-1) unstable; urgency=low * New upstream release. * Modified description to match v0.2.x features. * Modified debian/rules to use 'dh_install'. * Removed source code documentation from /usr/share/doc/. -- Faidon Liambotis Tue, 28 Dec 2004 19:01:26 +0200 hostapd (1:0.2.5-1) unstable; urgency=low * Adopted by new maintainer (Closes: #265332). * New upstream release (Closes: #255302). * Create init.d script disabled by default via /etc/default/hostapd (Closes: #208027). * Updated 'Standards-Version' to 3.6.1. * Other minor bugfixes. -- Faidon Liambotis Thu, 18 Nov 2004 18:11:57 +0200 hostapd (1:0.1.3-2) unstable; urgency=low * Orphaned -- Francois Gurin Thu, 12 Aug 2004 14:18:11 -0400 hostapd (1:0.1.3-1) unstable; urgency=low * New upstream release -- Francois Gurin Sun, 4 Apr 2004 19:05:28 -0400 hostapd (1:0.1.0-4) unstable; urgency=low * changed depends to recommends. -- Francois Gurin Mon, 8 Dec 2003 15:12:45 -0500 hostapd (1:0.1.0-3) unstable; urgency=low * fixed a pebcak issue with upload -- Francois Gurin Mon, 27 Oct 2003 01:37:06 -0500 hostapd (1:0.1.0-2) unstable; urgency=low * fixed version epoch -- Francois Gurin Mon, 27 Oct 2003 00:52:01 -0500 hostapd (0.1.0-1) unstable; urgency=low * Initial Release. -- Francois Gurin Sun, 26 Oct 2003 04:55:36 -0500 debian/hostapd.README.Debian0000664000000000000000000000244012271776544012711 0ustar hostapd for Debian ------------------ This package provides two methods for managing hostapd process(es); an initscript and an ifupdown hook. Both methods require creation of a hostapd daemon configuration file (eg. /etc/hostapd/hostapd.conf) to function correctly. An example hostapd.conf may be used as a template but _must_ be edited to suit your local configuration. An example is located at: /usr/share/doc/hostapd/examples/hostapd.conf.gz To use the example as a template: # zcat /usr/share/doc/hostapd/examples/hostapd.conf.gz > \ /etc/hostapd/hostapd.conf # $EDITOR /etc/hostapd/hostapd.conf To use the initscript method of starting a hostapd daemon see /etc/default/hostapd. To use the ifupdown method, the path to hostapd configuration file can be specified in a network interfaces configuration stanza in /etc/network/interfaces like so: iface eth1 inet static hostapd /etc/hostapd/hostapd.conf ... The hostapd process will be started in the pre-up phase of ifup, and be terminated in the post-down phase of ifdown. -- Kel Modderman Tue, 27 Oct 2009 12:03:01 +1000 Please note: * If you want to use hostapd with a Prism2/2.5/3 card in WPA mode, you'll need STA firmware version >= 1.7.0. -- Faidon Liambotis , Mon, 10 Oct 2005 14:57:11 +0300 debian/wpasupplicant.docs0000664000000000000000000000011212271776544012745 0ustar wpa_supplicant/README wpa_supplicant/README-WPS wpa_supplicant/README-P2P debian/config/0000775000000000000000000000000012305662656010450 5ustar debian/config/wpasupplicant/0000775000000000000000000000000012305662656013342 5ustar debian/config/wpasupplicant/linux0000664000000000000000000004212212271776544014431 0ustar # Debian wpa_supplicant build time configuration # # This file lists the configuration options that are used when building the # hostapd binary. All lines starting with # are ignored. Configuration option # lines must be commented out complete, if they are not to be included, i.e., # just setting VARIABLE=n is not disabling that variable. # # This file is included in Makefile, so variables like CFLAGS and LIBS can also # be modified from here. In most cases, these lines should use += in order not # to override previous values of the variables. # Uncomment following two lines and fix the paths if you have installed OpenSSL # or GnuTLS in non-default location #CFLAGS += -I/usr/local/openssl/include #LIBS += -L/usr/local/openssl/lib # Some Red Hat versions seem to include kerberos header files from OpenSSL, but # the kerberos files are not in the default include path. Following line can be # used to fix build issues on such systems (krb5.h not found). #CFLAGS += -I/usr/include/kerberos # Example configuration for various cross-compilation platforms #### sveasoft (e.g., for Linksys WRT54G) ###################################### #CC=mipsel-uclibc-gcc #CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc #CFLAGS += -Os #CPPFLAGS += -I../src/include -I../../src/router/openssl/include #LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl ############################################################################### #### openwrt (e.g., for Linksys WRT54G) ####################################### #CC=mipsel-uclibc-gcc #CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc #CFLAGS += -Os #CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \ # -I../WRT54GS/release/src/include #LIBS = -lssl ############################################################################### # Driver interface for Host AP driver #CONFIG_DRIVER_HOSTAP=y # Driver interface for Agere driver #CONFIG_DRIVER_HERMES=y # Change include directories to match with the local setup #CFLAGS += -I../../hcf -I../../include -I../../include/hcf #CFLAGS += -I../../include/wireless # Driver interface for madwifi driver # Deprecated; use CONFIG_DRIVER_WEXT=y instead. #CONFIG_DRIVER_MADWIFI=y # Set include directory to the madwifi source tree #CFLAGS += -I../../madwifi # Driver interface for ndiswrapper # Deprecated; use CONFIG_DRIVER_WEXT=y instead. #CONFIG_DRIVER_NDISWRAPPER=y # Driver interface for Atmel driver #CONFIG_DRIVER_ATMEL=y # Driver interface for old Broadcom driver # Please note that the newer Broadcom driver ("hybrid Linux driver") supports # Linux wireless extensions and does not need (or even work) with the old # driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver. #CONFIG_DRIVER_BROADCOM=y # Example path for wlioctl.h; change to match your configuration #CFLAGS += -I/opt/WRT54GS/release/src/include # Driver interface for Intel ipw2100/2200 driver # Deprecated; use CONFIG_DRIVER_WEXT=y instead. #CONFIG_DRIVER_IPW=y # Driver interface for Ralink driver #CONFIG_DRIVER_RALINK=y # Driver interface for generic Linux wireless extensions # Note: WEXT is deprecated in the current Linux kernel version and no new # functionality is added to it. nl80211-based interface is the new # replacement for WEXT and its use allows wpa_supplicant to properly control # the driver to improve existing functionality like roaming and to support new # functionality. CONFIG_DRIVER_WEXT=y # Driver interface for Linux drivers using the nl80211 kernel interface CONFIG_DRIVER_NL80211=y CONFIG_LIBNL32=y # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) #CONFIG_DRIVER_BSD=y #CFLAGS += -I/usr/local/include #LIBS += -L/usr/local/lib #LIBS_p += -L/usr/local/lib #LIBS_c += -L/usr/local/lib # Driver interface for Windows NDIS #CONFIG_DRIVER_NDIS=y #CFLAGS += -I/usr/include/w32api/ddk #LIBS += -L/usr/local/lib # For native build using mingw #CONFIG_NATIVE_WINDOWS=y # Additional directories for cross-compilation on Linux host for mingw target #CFLAGS += -I/opt/mingw/mingw32/include/ddk #LIBS += -L/opt/mingw/mingw32/lib #CC=mingw32-gcc # By default, driver_ndis uses WinPcap for low-level operations. This can be # replaced with the following option which replaces WinPcap calls with NDISUIO. # However, this requires that WZC is disabled (net stop wzcsvc) before starting # wpa_supplicant. # CONFIG_USE_NDISUIO=y # Driver interface for development testing #CONFIG_DRIVER_TEST=y # Driver interface for wired Ethernet drivers CONFIG_DRIVER_WIRED=y # Driver interface for the Broadcom RoboSwitch family #CONFIG_DRIVER_ROBOSWITCH=y # Driver interface for no driver (e.g., WPS ER only) CONFIG_DRIVER_NONE=y # Solaris libraries #LIBS += -lsocket -ldlpi -lnsl #LIBS_c += -lsocket # Enable IEEE 802.1X Supplicant (automatically included if any EAP method is # included) CONFIG_IEEE8021X_EAPOL=y # EAP-MD5 CONFIG_EAP_MD5=y # EAP-MSCHAPv2 CONFIG_EAP_MSCHAPV2=y # EAP-TLS CONFIG_EAP_TLS=y # EAL-PEAP CONFIG_EAP_PEAP=y # EAP-TTLS CONFIG_EAP_TTLS=y # EAP-FAST # Note: Default OpenSSL package does not include support for all the # functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, # the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch) # to add the needed functions. CONFIG_EAP_FAST=y # EAP-GTC CONFIG_EAP_GTC=y # EAP-OTP CONFIG_EAP_OTP=y # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) CONFIG_EAP_SIM=y # EAP-PSK (experimental; this is _not_ needed for WPA-PSK) CONFIG_EAP_PSK=y # EAP-pwd (secure authentication using only a password) CONFIG_EAP_PWD=y # EAP-PAX CONFIG_EAP_PAX=y # LEAP CONFIG_EAP_LEAP=y # EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) CONFIG_EAP_AKA=y # EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). # This requires CONFIG_EAP_AKA to be enabled, too. CONFIG_EAP_AKA_PRIME=y # Enable USIM simulator (Milenage) for EAP-AKA #CONFIG_USIM_SIMULATOR=y # EAP-SAKE CONFIG_EAP_SAKE=y # EAP-GPSK CONFIG_EAP_GPSK=y # Include support for optional SHA256 cipher suite in EAP-GPSK CONFIG_EAP_GPSK_SHA256=y # EAP-TNC and related Trusted Network Connect support (experimental) CONFIG_EAP_TNC=y # Wi-Fi Protected Setup (WPS) CONFIG_WPS=y # Enable WSC 2.0 support CONFIG_WPS2=y # Enable WPS external registrar functionality CONFIG_WPS_ER=y # Disable credentials for an open network by default when acting as a WPS # registrar. CONFIG_WPS_REG_DISABLE_OPEN=y # EAP-IKEv2 CONFIG_EAP_IKEV2=y # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y # Smartcard support (i.e., private key on a smartcard), e.g., with openssl # engine. CONFIG_SMARTCARD=y # PC/SC interface for smartcards (USIM, GSM SIM) # Enable this if EAP-SIM or EAP-AKA is included CONFIG_PCSC=y # Development testing #CONFIG_EAPOL_TEST=y # Select control interface backend for external programs, e.g, wpa_cli: # unix = UNIX domain sockets (default for Linux/*BSD) # udp = UDP sockets using localhost (127.0.0.1) # named_pipe = Windows Named Pipe (default for Windows) # y = use default (backwards compatibility) # If this option is commented out, control interface is not included in the # build. CONFIG_CTRL_IFACE=y # Include support for GNU Readline and History Libraries in wpa_cli. # When building a wpa_cli binary for distribution, please note that these # libraries are licensed under GPL and as such, BSD license may not apply for # the resulting binary. CONFIG_READLINE=y # Include internal line edit mode in wpa_cli. This can be used as a replacement # for GNU Readline to provide limited command line editing and history support. #CONFIG_WPA_CLI_EDIT=y # Remove debugging code that is printing out debug message to stdout. # This can be used to reduce the size of the wpa_supplicant considerably # if debugging code is not needed. The size reduction can be around 35% # (e.g., 90 kB). #CONFIG_NO_STDOUT_DEBUG=y # Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save # 35-50 kB in code size. #CONFIG_NO_WPA=y # Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to # save about 1 kB in code size when building only WPA-Personal (no EAP support) # or 6 kB if building for WPA-Enterprise. #CONFIG_NO_WPA2=y # Remove IEEE 802.11i/WPA-Personal ASCII passphrase support # This option can be used to reduce code size by removing support for # converting ASCII passphrases into PSK. If this functionality is removed, the # PSK can only be configured as the 64-octet hexstring (e.g., from # wpa_passphrase). This saves about 0.5 kB in code size. #CONFIG_NO_WPA_PASSPHRASE=y # Disable scan result processing (ap_mode=1) to save code size by about 1 kB. # This can be used if ap_scan=1 mode is never enabled. #CONFIG_NO_SCAN_PROCESSING=y # Select configuration backend: # file = text file (e.g., wpa_supplicant.conf; note: the configuration file # path is given on command line, not here; this option is just used to # select the backend that allows configuration files to be used) # winreg = Windows registry (see win_example.reg for an example) CONFIG_BACKEND=file # Remove configuration write functionality (i.e., to allow the configuration # file to be updated based on runtime configuration changes). The runtime # configuration can still be changed, the changes are just not going to be # persistent over restarts. This option can be used to reduce code size by # about 3.5 kB. #CONFIG_NO_CONFIG_WRITE=y # Remove support for configuration blobs to reduce code size by about 1.5 kB. #CONFIG_NO_CONFIG_BLOBS=y # Select program entry point implementation: # main = UNIX/POSIX like main() function (default) # main_winsvc = Windows service (read parameters from registry) # main_none = Very basic example (development use only) CONFIG_MAIN=main # Select wrapper for operatins system and C library specific functions # unix = UNIX/POSIX like systems (default) # win32 = Windows systems # none = Empty template CONFIG_OS=unix # Select event loop implementation # eloop = select() loop (default) # eloop_win = Windows events and WaitForMultipleObject() loop # eloop_none = Empty template CONFIG_ELOOP=eloop # Select layer 2 packet implementation # linux = Linux packet socket (default) # pcap = libpcap/libdnet/WinPcap # freebsd = FreeBSD libpcap # winpcap = WinPcap with receive thread # ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) # none = Empty template CONFIG_L2_PACKET=linux # PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) CONFIG_PEERKEY=y # IEEE 802.11w (management frame protection) # This version is an experimental implementation based on IEEE 802.11w/D1.0 # draft and is subject to change since the standard has not yet been finalized. # Driver support is also needed for IEEE 802.11w. CONFIG_IEEE80211W=y # Select TLS implementation # openssl = OpenSSL (default) # gnutls = GnuTLS # internal = Internal TLSv1 implementation (experimental) # none = Empty template CONFIG_TLS=openssl # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) # can be enabled to get a stronger construction of messages when block ciphers # are used. It should be noted that some existing TLS v1.0 -based # implementation may not be compatible with TLS v1.1 message (ClientHello is # sent prior to negotiating which version will be used) CONFIG_TLSV11=y # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of # LibTomMath can be used. See beginning of libtommath.c for details on benefits # and drawbacks of this option. #CONFIG_INTERNAL_LIBTOMMATH=y #ifndef CONFIG_INTERNAL_LIBTOMMATH #LTM_PATH=/usr/src/libtommath-0.39 #CFLAGS += -I$(LTM_PATH) #LIBS += -L$(LTM_PATH) #LIBS_p += -L$(LTM_PATH) #endif # At the cost of about 4 kB of additional binary size, the internal LibTomMath # can be configured to include faster routines for exptmod, sqr, and div to # speed up DH and RSA calculation considerably #CONFIG_INTERNAL_LIBTOMMATH_FAST=y # Include NDIS event processing through WMI into wpa_supplicant/wpasvc. # This is only for Windows builds and requires WMI-related header files and # WbemUuid.Lib from Platform SDK even when building with MinGW. #CONFIG_NDIS_EVENTS_INTEGRATED=y #PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" # Add support for old DBus control interface # (fi.epitest.hostap.WPASupplicant) CONFIG_CTRL_IFACE_DBUS=y # Add support for new DBus control interface # (fi.w1.hostap.wpa_supplicant1) CONFIG_CTRL_IFACE_DBUS_NEW=y # Add introspection support for new DBus control interface CONFIG_CTRL_IFACE_DBUS_INTRO=y # Add support for loading EAP methods dynamically as shared libraries. # When this option is enabled, each EAP method can be either included # statically (CONFIG_EAP_=y) or dynamically (CONFIG_EAP_=dyn). # Dynamic EAP methods are build as shared objects (eap_*.so) and they need to # be loaded in the beginning of the wpa_supplicant configuration file # (see load_dynamic_eap parameter in the example file) before being used in # the network blocks. # # Note that some shared parts of EAP methods are included in the main program # and in order to be able to use dynamic EAP methods using these parts, the # main program must have been build with the EAP method enabled (=y or =dyn). # This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries # unless at least one of them was included in the main build to force inclusion # of the shared code. Similarly, at least one of EAP-SIM/AKA must be included # in the main build to be able to load these methods dynamically. # # Please also note that using dynamic libraries will increase the total binary # size. Thus, it may not be the best option for targets that have limited # amount of memory/flash. #CONFIG_DYNAMIC_EAP_METHODS=y # IEEE Std 802.11r-2008 (Fast BSS Transition) CONFIG_IEEE80211R=y # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) CONFIG_DEBUG_FILE=y # Send debug messages to syslog instead of stdout CONFIG_DEBUG_SYSLOG=y # Set syslog facility for debug messages CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON # Enable privilege separation (see README 'Privilege separation' for details) #CONFIG_PRIVSEP=y # Enable mitigation against certain attacks against TKIP by delaying Michael # MIC error reports by a random amount of time between 0 and 60 seconds CONFIG_DELAYED_MIC_ERROR_REPORT=y # Enable tracing code for developer debugging # This tracks use of memory allocations and other registrations and reports # incorrect use with a backtrace of call (or allocation) location. #CONFIG_WPA_TRACE=y # For BSD, uncomment these. #LIBS += -lexecinfo #LIBS_p += -lexecinfo #LIBS_c += -lexecinfo # Use libbfd to get more details for developer debugging # This enables use of libbfd to get more detailed symbols for the backtraces # generated by CONFIG_WPA_TRACE=y. #CONFIG_WPA_TRACE_BFD=y # For BSD, uncomment these. #LIBS += -lbfd -liberty -lz #LIBS_p += -lbfd -liberty -lz #LIBS_c += -lbfd -liberty -lz # wpa_supplicant depends on strong random number generation being available # from the operating system. os_get_random() function is used to fetch random # data when needed, e.g., for key generation. On Linux and BSD systems, this # works by reading /dev/urandom. It should be noted that the OS entropy pool # needs to be properly initialized before wpa_supplicant is started. This is # important especially on embedded devices that do not have a hardware random # number generator and may by default start up with minimal entropy available # for random number generation. # # As a safety net, wpa_supplicant is by default trying to internally collect # additional entropy for generating random data to mix in with the data fetched # from the OS. This by itself is not considered to be very strong, but it may # help in cases where the system pool is not initialized properly. However, it # is very strongly recommended that the system pool is initialized with enough # entropy either by using hardware assisted random number generator or by # storing state over device reboots. # # wpa_supplicant can be configured to maintain its own entropy store over # restarts to enhance random number generation. This is not perfect, but it is # much more secure than using the same sequence of random numbers after every # reboot. This can be enabled with -e command line option. The # specified file needs to be readable and writable by wpa_supplicant. # # If the os_get_random() is known to provide strong random data (e.g., on # Linux/BSD, the board in question is known to have reliable source of random # data from /dev/urandom), the internal wpa_supplicant random pool can be # disabled. This will save some in binary size and CPU use. However, this # should only be considered for builds that are known to be used on devices # that meet the requirements described above. #CONFIG_NO_RANDOM_POOL=y # IEEE 802.11n (High Throughput) support (mainly for AP mode) CONFIG_IEEE80211N=y # Interworking (IEEE 802.11u) # This can be used to enable functionality to improve interworking with # external networks (GAS/ANQP to learn more about the networks and network # selection based on available credentials). CONFIG_INTERWORKING=y # XXX: Debian #650834 CONFIG_BGSCAN_SIMPLE=y # IBSS RSN support (RSN for adhoc) CONFIG_IBSS_RSN=y # P2P support CONFIG_P2P=y # AP-mode support (ad-hoc via infrastructure-type) CONFIG_AP=y debian/config/wpasupplicant/kfreebsd-udeb0000664000000000000000000000031112271776544015766 0ustar # Debian's wpa_supplicant build time configuration CONFIG_DRIVER_BSD=y LIBS += -lbsd CONFIG_CTRL_IFACE=y CONFIG_BACKEND=file CONFIG_MAIN=main CONFIG_OS=unix CONFIG_ELOOP=eloop CONFIG_L2_PACKET=freebsd debian/config/wpasupplicant/linux-udeb0000664000000000000000000000060712271776544015350 0ustar # Debian's wpa_supplicant build time configuration CONFIG_DRIVER_WEXT=y CONFIG_DRIVER_NL80211=y CONFIG_LIBNL32=y CONFIG_CTRL_IFACE=y CONFIG_BACKEND=file CONFIG_MAIN=main CONFIG_OS=unix CONFIG_ELOOP=eloop CONFIG_L2_PACKET=linux # At least one of these two is needed to get # the netlink driver working, why this is the case # is currently mysterious #CONFIG_IEEE8021X_EAPOL=y CONFIG_WPS=y debian/config/wpasupplicant/kfreebsd0000664000000000000000000004172212271776544015064 0ustar # Debian wpa_supplicant build time configuration # # This file lists the configuration options that are used when building the # hostapd binary. All lines starting with # are ignored. Configuration option # lines must be commented out complete, if they are not to be included, i.e., # just setting VARIABLE=n is not disabling that variable. # # This file is included in Makefile, so variables like CFLAGS and LIBS can also # be modified from here. In most cases, these lines should use += in order not # to override previous values of the variables. # Uncomment following two lines and fix the paths if you have installed OpenSSL # or GnuTLS in non-default location #CFLAGS += -I/usr/local/openssl/include #LIBS += -L/usr/local/openssl/lib # Some Red Hat versions seem to include kerberos header files from OpenSSL, but # the kerberos files are not in the default include path. Following line can be # used to fix build issues on such systems (krb5.h not found). #CFLAGS += -I/usr/include/kerberos # Example configuration for various cross-compilation platforms #### sveasoft (e.g., for Linksys WRT54G) ###################################### #CC=mipsel-uclibc-gcc #CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc #CFLAGS += -Os #CPPFLAGS += -I../src/include -I../../src/router/openssl/include #LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl ############################################################################### #### openwrt (e.g., for Linksys WRT54G) ####################################### #CC=mipsel-uclibc-gcc #CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc #CFLAGS += -Os #CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \ # -I../WRT54GS/release/src/include #LIBS = -lssl ############################################################################### # Driver interface for Host AP driver #CONFIG_DRIVER_HOSTAP=y # Driver interface for Agere driver #CONFIG_DRIVER_HERMES=y # Change include directories to match with the local setup #CFLAGS += -I../../hcf -I../../include -I../../include/hcf #CFLAGS += -I../../include/wireless # Driver interface for madwifi driver # Deprecated; use CONFIG_DRIVER_WEXT=y instead. #CONFIG_DRIVER_MADWIFI=y # Set include directory to the madwifi source tree #CFLAGS += -I../../madwifi # Driver interface for ndiswrapper # Deprecated; use CONFIG_DRIVER_WEXT=y instead. #CONFIG_DRIVER_NDISWRAPPER=y # Driver interface for Atmel driver #CONFIG_DRIVER_ATMEL=y # Driver interface for old Broadcom driver # Please note that the newer Broadcom driver ("hybrid Linux driver") supports # Linux wireless extensions and does not need (or even work) with the old # driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver. #CONFIG_DRIVER_BROADCOM=y # Example path for wlioctl.h; change to match your configuration #CFLAGS += -I/opt/WRT54GS/release/src/include # Driver interface for Intel ipw2100/2200 driver # Deprecated; use CONFIG_DRIVER_WEXT=y instead. #CONFIG_DRIVER_IPW=y # Driver interface for Ralink driver #CONFIG_DRIVER_RALINK=y # Driver interface for generic Linux wireless extensions # Note: WEXT is deprecated in the current Linux kernel version and no new # functionality is added to it. nl80211-based interface is the new # replacement for WEXT and its use allows wpa_supplicant to properly control # the driver to improve existing functionality like roaming and to support new # functionality. #CONFIG_DRIVER_WEXT=y # Driver interface for Linux drivers using the nl80211 kernel interface #CONFIG_DRIVER_NL80211=y #CONFIG_LIBNL32=y # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) CONFIG_DRIVER_BSD=y #CFLAGS += -I/usr/local/include #LIBS += -L/usr/local/lib #LIBS_p += -L/usr/local/lib #LIBS_c += -L/usr/local/lib LIBS += -lbsd # Driver interface for Windows NDIS #CONFIG_DRIVER_NDIS=y #CFLAGS += -I/usr/include/w32api/ddk #LIBS += -L/usr/local/lib # For native build using mingw #CONFIG_NATIVE_WINDOWS=y # Additional directories for cross-compilation on Linux host for mingw target #CFLAGS += -I/opt/mingw/mingw32/include/ddk #LIBS += -L/opt/mingw/mingw32/lib #CC=mingw32-gcc # By default, driver_ndis uses WinPcap for low-level operations. This can be # replaced with the following option which replaces WinPcap calls with NDISUIO. # However, this requires that WZC is disabled (net stop wzcsvc) before starting # wpa_supplicant. # CONFIG_USE_NDISUIO=y # Driver interface for development testing #CONFIG_DRIVER_TEST=y # Driver interface for wired Ethernet drivers CONFIG_DRIVER_WIRED=y # Driver interface for the Broadcom RoboSwitch family #CONFIG_DRIVER_ROBOSWITCH=y # Driver interface for no driver (e.g., WPS ER only) CONFIG_DRIVER_NONE=y # Solaris libraries #LIBS += -lsocket -ldlpi -lnsl #LIBS_c += -lsocket # Enable IEEE 802.1X Supplicant (automatically included if any EAP method is # included) CONFIG_IEEE8021X_EAPOL=y # EAP-MD5 CONFIG_EAP_MD5=y # EAP-MSCHAPv2 CONFIG_EAP_MSCHAPV2=y # EAP-TLS CONFIG_EAP_TLS=y # EAL-PEAP CONFIG_EAP_PEAP=y # EAP-TTLS CONFIG_EAP_TTLS=y # EAP-FAST # Note: Default OpenSSL package does not include support for all the # functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, # the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch) # to add the needed functions. #CONFIG_EAP_FAST=y # EAP-GTC CONFIG_EAP_GTC=y # EAP-OTP CONFIG_EAP_OTP=y # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) CONFIG_EAP_SIM=y # EAP-PSK (experimental; this is _not_ needed for WPA-PSK) CONFIG_EAP_PSK=y # EAP-pwd (secure authentication using only a password) CONFIG_EAP_PWD=y # EAP-PAX CONFIG_EAP_PAX=y # LEAP CONFIG_EAP_LEAP=y # EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) CONFIG_EAP_AKA=y # EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). # This requires CONFIG_EAP_AKA to be enabled, too. CONFIG_EAP_AKA_PRIME=y # Enable USIM simulator (Milenage) for EAP-AKA #CONFIG_USIM_SIMULATOR=y # EAP-SAKE CONFIG_EAP_SAKE=y # EAP-GPSK CONFIG_EAP_GPSK=y # Include support for optional SHA256 cipher suite in EAP-GPSK CONFIG_EAP_GPSK_SHA256=y # EAP-TNC and related Trusted Network Connect support (experimental) CONFIG_EAP_TNC=y # Wi-Fi Protected Setup (WPS) CONFIG_WPS=y # Enable WSC 2.0 support CONFIG_WPS2=y # Enable WPS external registrar functionality CONFIG_WPS_ER=y # Disable credentials for an open network by default when acting as a WPS # registrar. CONFIG_WPS_REG_DISABLE_OPEN=y # EAP-IKEv2 CONFIG_EAP_IKEV2=y # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y # Smartcard support (i.e., private key on a smartcard), e.g., with openssl # engine. CONFIG_SMARTCARD=y # PC/SC interface for smartcards (USIM, GSM SIM) # Enable this if EAP-SIM or EAP-AKA is included CONFIG_PCSC=y # Development testing #CONFIG_EAPOL_TEST=y # Select control interface backend for external programs, e.g, wpa_cli: # unix = UNIX domain sockets (default for Linux/*BSD) # udp = UDP sockets using localhost (127.0.0.1) # named_pipe = Windows Named Pipe (default for Windows) # y = use default (backwards compatibility) # If this option is commented out, control interface is not included in the # build. CONFIG_CTRL_IFACE=y # Include support for GNU Readline and History Libraries in wpa_cli. # When building a wpa_cli binary for distribution, please note that these # libraries are licensed under GPL and as such, BSD license may not apply for # the resulting binary. CONFIG_READLINE=y # Include internal line edit mode in wpa_cli. This can be used as a replacement # for GNU Readline to provide limited command line editing and history support. #CONFIG_WPA_CLI_EDIT=y # Remove debugging code that is printing out debug message to stdout. # This can be used to reduce the size of the wpa_supplicant considerably # if debugging code is not needed. The size reduction can be around 35% # (e.g., 90 kB). #CONFIG_NO_STDOUT_DEBUG=y # Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save # 35-50 kB in code size. #CONFIG_NO_WPA=y # Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to # save about 1 kB in code size when building only WPA-Personal (no EAP support) # or 6 kB if building for WPA-Enterprise. #CONFIG_NO_WPA2=y # Remove IEEE 802.11i/WPA-Personal ASCII passphrase support # This option can be used to reduce code size by removing support for # converting ASCII passphrases into PSK. If this functionality is removed, the # PSK can only be configured as the 64-octet hexstring (e.g., from # wpa_passphrase). This saves about 0.5 kB in code size. #CONFIG_NO_WPA_PASSPHRASE=y # Disable scan result processing (ap_mode=1) to save code size by about 1 kB. # This can be used if ap_scan=1 mode is never enabled. #CONFIG_NO_SCAN_PROCESSING=y # Select configuration backend: # file = text file (e.g., wpa_supplicant.conf; note: the configuration file # path is given on command line, not here; this option is just used to # select the backend that allows configuration files to be used) # winreg = Windows registry (see win_example.reg for an example) CONFIG_BACKEND=file # Remove configuration write functionality (i.e., to allow the configuration # file to be updated based on runtime configuration changes). The runtime # configuration can still be changed, the changes are just not going to be # persistent over restarts. This option can be used to reduce code size by # about 3.5 kB. #CONFIG_NO_CONFIG_WRITE=y # Remove support for configuration blobs to reduce code size by about 1.5 kB. #CONFIG_NO_CONFIG_BLOBS=y # Select program entry point implementation: # main = UNIX/POSIX like main() function (default) # main_winsvc = Windows service (read parameters from registry) # main_none = Very basic example (development use only) CONFIG_MAIN=main # Select wrapper for operatins system and C library specific functions # unix = UNIX/POSIX like systems (default) # win32 = Windows systems # none = Empty template CONFIG_OS=unix # Select event loop implementation # eloop = select() loop (default) # eloop_win = Windows events and WaitForMultipleObject() loop # eloop_none = Empty template CONFIG_ELOOP=eloop # Select layer 2 packet implementation # linux = Linux packet socket (default) # pcap = libpcap/libdnet/WinPcap # freebsd = FreeBSD libpcap # winpcap = WinPcap with receive thread # ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) # none = Empty template CONFIG_L2_PACKET=freebsd # PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) CONFIG_PEERKEY=y # IEEE 802.11w (management frame protection) # This version is an experimental implementation based on IEEE 802.11w/D1.0 # draft and is subject to change since the standard has not yet been finalized. # Driver support is also needed for IEEE 802.11w. CONFIG_IEEE80211W=y # Select TLS implementation # openssl = OpenSSL (default) # gnutls = GnuTLS # internal = Internal TLSv1 implementation (experimental) # none = Empty template CONFIG_TLS=openssl # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) # can be enabled to get a stronger construction of messages when block ciphers # are used. It should be noted that some existing TLS v1.0 -based # implementation may not be compatible with TLS v1.1 message (ClientHello is # sent prior to negotiating which version will be used) CONFIG_TLSV11=y # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of # LibTomMath can be used. See beginning of libtommath.c for details on benefits # and drawbacks of this option. #CONFIG_INTERNAL_LIBTOMMATH=y #ifndef CONFIG_INTERNAL_LIBTOMMATH #LTM_PATH=/usr/src/libtommath-0.39 #CFLAGS += -I$(LTM_PATH) #LIBS += -L$(LTM_PATH) #LIBS_p += -L$(LTM_PATH) #endif # At the cost of about 4 kB of additional binary size, the internal LibTomMath # can be configured to include faster routines for exptmod, sqr, and div to # speed up DH and RSA calculation considerably #CONFIG_INTERNAL_LIBTOMMATH_FAST=y # Include NDIS event processing through WMI into wpa_supplicant/wpasvc. # This is only for Windows builds and requires WMI-related header files and # WbemUuid.Lib from Platform SDK even when building with MinGW. #CONFIG_NDIS_EVENTS_INTEGRATED=y #PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" # Add support for old DBus control interface # (fi.epitest.hostap.WPASupplicant) CONFIG_CTRL_IFACE_DBUS=y # Add support for new DBus control interface # (fi.w1.hostap.wpa_supplicant1) CONFIG_CTRL_IFACE_DBUS_NEW=y # Add introspection support for new DBus control interface CONFIG_CTRL_IFACE_DBUS_INTRO=y # Add support for loading EAP methods dynamically as shared libraries. # When this option is enabled, each EAP method can be either included # statically (CONFIG_EAP_=y) or dynamically (CONFIG_EAP_=dyn). # Dynamic EAP methods are build as shared objects (eap_*.so) and they need to # be loaded in the beginning of the wpa_supplicant configuration file # (see load_dynamic_eap parameter in the example file) before being used in # the network blocks. # # Note that some shared parts of EAP methods are included in the main program # and in order to be able to use dynamic EAP methods using these parts, the # main program must have been build with the EAP method enabled (=y or =dyn). # This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries # unless at least one of them was included in the main build to force inclusion # of the shared code. Similarly, at least one of EAP-SIM/AKA must be included # in the main build to be able to load these methods dynamically. # # Please also note that using dynamic libraries will increase the total binary # size. Thus, it may not be the best option for targets that have limited # amount of memory/flash. #CONFIG_DYNAMIC_EAP_METHODS=y # IEEE Std 802.11r-2008 (Fast BSS Transition) CONFIG_IEEE80211R=y # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) CONFIG_DEBUG_FILE=y # Send debug messages to syslog instead of stdout CONFIG_DEBUG_SYSLOG=y # Set syslog facility for debug messages CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON # Enable privilege separation (see README 'Privilege separation' for details) #CONFIG_PRIVSEP=y # Enable mitigation against certain attacks against TKIP by delaying Michael # MIC error reports by a random amount of time between 0 and 60 seconds CONFIG_DELAYED_MIC_ERROR_REPORT=y # Enable tracing code for developer debugging # This tracks use of memory allocations and other registrations and reports # incorrect use with a backtrace of call (or allocation) location. #CONFIG_WPA_TRACE=y # For BSD, uncomment these. #LIBS += -lexecinfo #LIBS_p += -lexecinfo #LIBS_c += -lexecinfo # Use libbfd to get more details for developer debugging # This enables use of libbfd to get more detailed symbols for the backtraces # generated by CONFIG_WPA_TRACE=y. #CONFIG_WPA_TRACE_BFD=y # For BSD, uncomment these. #LIBS += -lbfd -liberty -lz #LIBS_p += -lbfd -liberty -lz #LIBS_c += -lbfd -liberty -lz # wpa_supplicant depends on strong random number generation being available # from the operating system. os_get_random() function is used to fetch random # data when needed, e.g., for key generation. On Linux and BSD systems, this # works by reading /dev/urandom. It should be noted that the OS entropy pool # needs to be properly initialized before wpa_supplicant is started. This is # important especially on embedded devices that do not have a hardware random # number generator and may by default start up with minimal entropy available # for random number generation. # # As a safety net, wpa_supplicant is by default trying to internally collect # additional entropy for generating random data to mix in with the data fetched # from the OS. This by itself is not considered to be very strong, but it may # help in cases where the system pool is not initialized properly. However, it # is very strongly recommended that the system pool is initialized with enough # entropy either by using hardware assisted random number generator or by # storing state over device reboots. # # wpa_supplicant can be configured to maintain its own entropy store over # restarts to enhance random number generation. This is not perfect, but it is # much more secure than using the same sequence of random numbers after every # reboot. This can be enabled with -e command line option. The # specified file needs to be readable and writable by wpa_supplicant. # # If the os_get_random() is known to provide strong random data (e.g., on # Linux/BSD, the board in question is known to have reliable source of random # data from /dev/urandom), the internal wpa_supplicant random pool can be # disabled. This will save some in binary size and CPU use. However, this # should only be considered for builds that are known to be used on devices # that meet the requirements described above. #CONFIG_NO_RANDOM_POOL=y # IEEE 802.11n (High Throughput) support (mainly for AP mode) CONFIG_IEEE80211N=y # Interworking (IEEE 802.11u) # This can be used to enable functionality to improve interworking with # external networks (GAS/ANQP to learn more about the networks and network # selection based on available credentials). CONFIG_INTERWORKING=y # XXX: Debian #650834 CONFIG_BGSCAN_SIMPLE=y debian/config/hostapd/0000775000000000000000000000000012305662656012112 5ustar debian/config/hostapd/linux0000664000000000000000000002033312271776544013201 0ustar # Debian hostapd build time configuration # # This file lists the configuration options that are used when building the # hostapd binary. All lines starting with # are ignored. Configuration option # lines must be commented out complete, if they are not to be included, i.e., # just setting VARIABLE=n is not disabling that variable. # # This file is included in Makefile, so variables like CFLAGS and LIBS can also # be modified from here. In most cass, these lines should use += in order not # to override previous values of the variables. # Driver interface for Host AP driver CONFIG_DRIVER_HOSTAP=y # Driver interface for wired authenticator CONFIG_DRIVER_WIRED=y # Driver interface for madwifi driver #CONFIG_DRIVER_MADWIFI=y #CFLAGS += -I../../madwifi # change to the madwifi source directory # Driver interface for drivers using the nl80211 kernel interface CONFIG_DRIVER_NL80211=y CONFIG_LIBNL32=y # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) #CONFIG_DRIVER_BSD=y #CFLAGS += -I/usr/local/include #LIBS += -L/usr/local/lib #LIBS_p += -L/usr/local/lib #LIBS_c += -L/usr/local/lib # Driver interface for no driver (e.g., RADIUS server only) CONFIG_DRIVER_NONE=y # IEEE 802.11F/IAPP CONFIG_IAPP=y # WPA2/IEEE 802.11i RSN pre-authentication CONFIG_RSN_PREAUTH=y # PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) CONFIG_PEERKEY=y # IEEE 802.11w (management frame protection) # This version is an experimental implementation based on IEEE 802.11w/D1.0 # draft and is subject to change since the standard has not yet been finalized. # Driver support is also needed for IEEE 802.11w. CONFIG_IEEE80211W=y # Integrated EAP server CONFIG_EAP=y # EAP-MD5 for the integrated EAP server CONFIG_EAP_MD5=y # EAP-TLS for the integrated EAP server CONFIG_EAP_TLS=y # EAP-MSCHAPv2 for the integrated EAP server CONFIG_EAP_MSCHAPV2=y # EAP-PEAP for the integrated EAP server CONFIG_EAP_PEAP=y # EAP-GTC for the integrated EAP server CONFIG_EAP_GTC=y # EAP-TTLS for the integrated EAP server CONFIG_EAP_TTLS=y # EAP-SIM for the integrated EAP server CONFIG_EAP_SIM=y # EAP-AKA for the integrated EAP server CONFIG_EAP_AKA=y # EAP-AKA' for the integrated EAP server # This requires CONFIG_EAP_AKA to be enabled, too. CONFIG_EAP_AKA_PRIME=y # EAP-PAX for the integrated EAP server CONFIG_EAP_PAX=y # EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) CONFIG_EAP_PSK=y # EAP-pwd for the integrated EAP server (secure authentication with a password) CONFIG_EAP_PWD=y # EAP-SAKE for the integrated EAP server CONFIG_EAP_SAKE=y # EAP-GPSK for the integrated EAP server CONFIG_EAP_GPSK=y # Include support for optional SHA256 cipher suite in EAP-GPSK CONFIG_EAP_GPSK_SHA256=y # EAP-FAST for the integrated EAP server # Note: Default OpenSSL package does not include support for all the # functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, # the OpenSSL library must be patched (openssl-0.9.9-session-ticket.patch) # to add the needed functions. #CONFIG_EAP_FAST=y # Wi-Fi Protected Setup (WPS) CONFIG_WPS=y # Enable WSC 2.0 support CONFIG_WPS2=y # Enable UPnP support for external WPS Registrars CONFIG_WPS_UPNP=y # EAP-IKEv2 CONFIG_EAP_IKEV2=y # Trusted Network Connect (EAP-TNC) CONFIG_EAP_TNC=y # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y # RADIUS authentication server. This provides access to the integrated EAP # server from external hosts using RADIUS. CONFIG_RADIUS_SERVER=y # Build IPv6 support for RADIUS operations CONFIG_IPV6=y # IEEE Std 802.11r-2008 (Fast BSS Transition) CONFIG_IEEE80211R=y # Use the hostapd's IEEE 802.11 authentication (ACL), but without # the IEEE 802.11 Management capability (e.g., madwifi or FreeBSD/net80211) #CONFIG_DRIVER_RADIUS_ACL=y # IEEE 802.11n (High Throughput) support CONFIG_IEEE80211N=y # Remove debugging code that is printing out debug messages to stdout. # This can be used to reduce the size of the hostapd considerably if debugging # code is not needed. #CONFIG_NO_STDOUT_DEBUG=y # Add support for writing debug log to a file: -f /tmp/hostapd.log # Disabled by default. CONFIG_DEBUG_FILE=y # Remove support for RADIUS accounting #CONFIG_NO_ACCOUNTING=y # Remove support for RADIUS #CONFIG_NO_RADIUS=y # Remove support for VLANs #CONFIG_NO_VLAN=y # Enable support for fully dynamic VLANs. This enables hostapd to # automatically create bridge and VLAN interfaces if necessary. CONFIG_FULL_DYNAMIC_VLAN=y # Remove support for dumping state into a file on SIGUSR1 signal # This can be used to reduce binary size at the cost of disabling a debugging # option. #CONFIG_NO_DUMP_STATE=y # Enable tracing code for developer debugging # This tracks use of memory allocations and other registrations and reports # incorrect use with a backtrace of call (or allocation) location. #CONFIG_WPA_TRACE=y # For BSD, comment out these. #LIBS += -lexecinfo #LIBS_p += -lexecinfo #LIBS_c += -lexecinfo # Use libbfd to get more details for developer debugging # This enables use of libbfd to get more detailed symbols for the backtraces # generated by CONFIG_WPA_TRACE=y. #CONFIG_WPA_TRACE_BFD=y # For BSD, comment out these. #LIBS += -lbfd -liberty -lz #LIBS_p += -lbfd -liberty -lz #LIBS_c += -lbfd -liberty -lz # hostapd depends on strong random number generation being available from the # operating system. os_get_random() function is used to fetch random data when # needed, e.g., for key generation. On Linux and BSD systems, this works by # reading /dev/urandom. It should be noted that the OS entropy pool needs to be # properly initialized before hostapd is started. This is important especially # on embedded devices that do not have a hardware random number generator and # may by default start up with minimal entropy available for random number # generation. # # As a safety net, hostapd is by default trying to internally collect # additional entropy for generating random data to mix in with the data # fetched from the OS. This by itself is not considered to be very strong, but # it may help in cases where the system pool is not initialized properly. # However, it is very strongly recommended that the system pool is initialized # with enough entropy either by using hardware assisted random number # generator or by storing state over device reboots. # # hostapd can be configured to maintain its own entropy store over restarts to # enhance random number generation. This is not perfect, but it is much more # secure than using the same sequence of random numbers after every reboot. # This can be enabled with -e command line option. The specified # file needs to be readable and writable by hostapd. # # If the os_get_random() is known to provide strong random data (e.g., on # Linux/BSD, the board in question is known to have reliable source of random # data from /dev/urandom), the internal hostapd random pool can be disabled. # This will save some in binary size and CPU use. However, this should only be # considered for builds that are known to be used on devices that meet the # requirements described above. #CONFIG_NO_RANDOM_POOL=y # Select TLS implementation # openssl = OpenSSL (default) # gnutls = GnuTLS # internal = Internal TLSv1 implementation (experimental) # none = Empty template CONFIG_TLS=openssl # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) # can be enabled to get a stronger construction of messages when block ciphers # are used. CONFIG_TLSV11=y # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of # LibTomMath can be used. See beginning of libtommath.c for details on benefits # and drawbacks of this option. #CONFIG_INTERNAL_LIBTOMMATH=y #ifndef CONFIG_INTERNAL_LIBTOMMATH #LTM_PATH=/usr/src/libtommath-0.39 #CFLAGS += -I$(LTM_PATH) #LIBS += -L$(LTM_PATH) #LIBS_p += -L$(LTM_PATH) #endif # At the cost of about 4 kB of additional binary size, the internal LibTomMath # can be configured to include faster routines for exptmod, sqr, and div to # speed up DH and RSA calculation considerably #CONFIG_INTERNAL_LIBTOMMATH_FAST=y # Interworking (IEEE 802.11u) # This can be used to enable functionality to improve interworking with # external networks. CONFIG_INTERWORKING=y debian/config/hostapd/kfreebsd0000664000000000000000000002035512271776544013633 0ustar # Debian hostapd build time configuration # # This file lists the configuration options that are used when building the # hostapd binary. All lines starting with # are ignored. Configuration option # lines must be commented out complete, if they are not to be included, i.e., # just setting VARIABLE=n is not disabling that variable. # # This file is included in Makefile, so variables like CFLAGS and LIBS can also # be modified from here. In most cass, these lines should use += in order not # to override previous values of the variables. # Driver interface for Host AP driver #CONFIG_DRIVER_HOSTAP=y # Driver interface for wired authenticator CONFIG_DRIVER_WIRED=y # Driver interface for madwifi driver #CONFIG_DRIVER_MADWIFI=y #CFLAGS += -I../../madwifi # change to the madwifi source directory # Driver interface for drivers using the nl80211 kernel interface #CONFIG_DRIVER_NL80211=y #CONFIG_LIBNL32=y # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) CONFIG_DRIVER_BSD=y #CFLAGS += -I/usr/local/include #LIBS += -L/usr/local/lib #LIBS_p += -L/usr/local/lib #LIBS_c += -L/usr/local/lib LIBS += -lbsd # Driver interface for no driver (e.g., RADIUS server only) CONFIG_DRIVER_NONE=y # IEEE 802.11F/IAPP #CONFIG_IAPP=y # WPA2/IEEE 802.11i RSN pre-authentication CONFIG_RSN_PREAUTH=y # PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) CONFIG_PEERKEY=y # IEEE 802.11w (management frame protection) # This version is an experimental implementation based on IEEE 802.11w/D1.0 # draft and is subject to change since the standard has not yet been finalized. # Driver support is also needed for IEEE 802.11w. CONFIG_IEEE80211W=y # Integrated EAP server CONFIG_EAP=y # EAP-MD5 for the integrated EAP server CONFIG_EAP_MD5=y # EAP-TLS for the integrated EAP server CONFIG_EAP_TLS=y # EAP-MSCHAPv2 for the integrated EAP server CONFIG_EAP_MSCHAPV2=y # EAP-PEAP for the integrated EAP server CONFIG_EAP_PEAP=y # EAP-GTC for the integrated EAP server CONFIG_EAP_GTC=y # EAP-TTLS for the integrated EAP server CONFIG_EAP_TTLS=y # EAP-SIM for the integrated EAP server CONFIG_EAP_SIM=y # EAP-AKA for the integrated EAP server CONFIG_EAP_AKA=y # EAP-AKA' for the integrated EAP server # This requires CONFIG_EAP_AKA to be enabled, too. CONFIG_EAP_AKA_PRIME=y # EAP-PAX for the integrated EAP server CONFIG_EAP_PAX=y # EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) CONFIG_EAP_PSK=y # EAP-pwd for the integrated EAP server (secure authentication with a password) CONFIG_EAP_PWD=y # EAP-SAKE for the integrated EAP server CONFIG_EAP_SAKE=y # EAP-GPSK for the integrated EAP server CONFIG_EAP_GPSK=y # Include support for optional SHA256 cipher suite in EAP-GPSK CONFIG_EAP_GPSK_SHA256=y # EAP-FAST for the integrated EAP server # Note: Default OpenSSL package does not include support for all the # functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, # the OpenSSL library must be patched (openssl-0.9.9-session-ticket.patch) # to add the needed functions. #CONFIG_EAP_FAST=y # Wi-Fi Protected Setup (WPS) CONFIG_WPS=y # Enable WSC 2.0 support CONFIG_WPS2=y # Enable UPnP support for external WPS Registrars CONFIG_WPS_UPNP=y # EAP-IKEv2 CONFIG_EAP_IKEV2=y # Trusted Network Connect (EAP-TNC) CONFIG_EAP_TNC=y # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y # RADIUS authentication server. This provides access to the integrated EAP # server from external hosts using RADIUS. CONFIG_RADIUS_SERVER=y # Build IPv6 support for RADIUS operations CONFIG_IPV6=y # IEEE Std 802.11r-2008 (Fast BSS Transition) CONFIG_IEEE80211R=y # Use the hostapd's IEEE 802.11 authentication (ACL), but without # the IEEE 802.11 Management capability (e.g., madwifi or FreeBSD/net80211) #CONFIG_DRIVER_RADIUS_ACL=y # IEEE 802.11n (High Throughput) support CONFIG_IEEE80211N=y # Remove debugging code that is printing out debug messages to stdout. # This can be used to reduce the size of the hostapd considerably if debugging # code is not needed. #CONFIG_NO_STDOUT_DEBUG=y # Add support for writing debug log to a file: -f /tmp/hostapd.log # Disabled by default. CONFIG_DEBUG_FILE=y # Remove support for RADIUS accounting #CONFIG_NO_ACCOUNTING=y # Remove support for RADIUS #CONFIG_NO_RADIUS=y # Remove support for VLANs #CONFIG_NO_VLAN=y # Enable support for fully dynamic VLANs. This enables hostapd to # automatically create bridge and VLAN interfaces if necessary. #CONFIG_FULL_DYNAMIC_VLAN=y # Remove support for dumping state into a file on SIGUSR1 signal # This can be used to reduce binary size at the cost of disabling a debugging # option. #CONFIG_NO_DUMP_STATE=y # Enable tracing code for developer debugging # This tracks use of memory allocations and other registrations and reports # incorrect use with a backtrace of call (or allocation) location. #CONFIG_WPA_TRACE=y # For BSD, comment out these. #LIBS += -lexecinfo #LIBS_p += -lexecinfo #LIBS_c += -lexecinfo # Use libbfd to get more details for developer debugging # This enables use of libbfd to get more detailed symbols for the backtraces # generated by CONFIG_WPA_TRACE=y. #CONFIG_WPA_TRACE_BFD=y # For BSD, comment out these. #LIBS += -lbfd -liberty -lz #LIBS_p += -lbfd -liberty -lz #LIBS_c += -lbfd -liberty -lz # hostapd depends on strong random number generation being available from the # operating system. os_get_random() function is used to fetch random data when # needed, e.g., for key generation. On Linux and BSD systems, this works by # reading /dev/urandom. It should be noted that the OS entropy pool needs to be # properly initialized before hostapd is started. This is important especially # on embedded devices that do not have a hardware random number generator and # may by default start up with minimal entropy available for random number # generation. # # As a safety net, hostapd is by default trying to internally collect # additional entropy for generating random data to mix in with the data # fetched from the OS. This by itself is not considered to be very strong, but # it may help in cases where the system pool is not initialized properly. # However, it is very strongly recommended that the system pool is initialized # with enough entropy either by using hardware assisted random number # generator or by storing state over device reboots. # # hostapd can be configured to maintain its own entropy store over restarts to # enhance random number generation. This is not perfect, but it is much more # secure than using the same sequence of random numbers after every reboot. # This can be enabled with -e command line option. The specified # file needs to be readable and writable by hostapd. # # If the os_get_random() is known to provide strong random data (e.g., on # Linux/BSD, the board in question is known to have reliable source of random # data from /dev/urandom), the internal hostapd random pool can be disabled. # This will save some in binary size and CPU use. However, this should only be # considered for builds that are known to be used on devices that meet the # requirements described above. #CONFIG_NO_RANDOM_POOL=y # Select TLS implementation # openssl = OpenSSL (default) # gnutls = GnuTLS # internal = Internal TLSv1 implementation (experimental) # none = Empty template CONFIG_TLS=openssl # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) # can be enabled to get a stronger construction of messages when block ciphers # are used. CONFIG_TLSV11=y # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of # LibTomMath can be used. See beginning of libtommath.c for details on benefits # and drawbacks of this option. #CONFIG_INTERNAL_LIBTOMMATH=y #ifndef CONFIG_INTERNAL_LIBTOMMATH #LTM_PATH=/usr/src/libtommath-0.39 #CFLAGS += -I$(LTM_PATH) #LIBS += -L$(LTM_PATH) #LIBS_p += -L$(LTM_PATH) #endif # At the cost of about 4 kB of additional binary size, the internal LibTomMath # can be configured to include faster routines for exptmod, sqr, and div to # speed up DH and RSA calculation considerably #CONFIG_INTERNAL_LIBTOMMATH_FAST=y # Interworking (IEEE 802.11u) # This can be used to enable functionality to improve interworking with # external networks. CONFIG_INTERWORKING=y debian/wpasupplicant.links0000664000000000000000000000073612271776544013151 0ustar etc/wpa_supplicant/ifupdown.sh etc/network/if-pre-up.d/wpasupplicant etc/wpa_supplicant/ifupdown.sh etc/network/if-up.d/wpasupplicant etc/wpa_supplicant/ifupdown.sh etc/network/if-down.d/wpasupplicant etc/wpa_supplicant/ifupdown.sh etc/network/if-post-down.d/wpasupplicant etc/wpa_supplicant/action_wpa.sh etc/ifplugd/action.d/action_wpa usr/share/doc/wpasupplicant usr/share/doc/wpa_supplicant usr/share/doc/wpasupplicant/README.Debian usr/share/doc/wpasupplicant/README.modes debian/hostapd.manpages0000664000000000000000000000005012271776544012361 0ustar hostapd/hostapd.8 hostapd/hostapd_cli.1 debian/wpasupplicant.lintian-overrides0000664000000000000000000000046312271776544015464 0ustar # We distribute the package under the terms of the BSD license due to the # openssl issue, tell lintian to not complain: wpasupplicant binary: possible-gpl-code-linked-with-openssl # These are numerous and unlikely to be fixed anytime soon, filter them out. wpasupplicant binary: hyphen-used-as-minus-sign debian/hostapd.preinst0000775000000000000000000000110512271776544012257 0ustar #!/bin/sh set -e rm_conffile() { local PKGNAME="$1" local CONFFILE="$2" [ -e "$CONFFILE" ] || return 0 local md5sum="$(md5sum $CONFFILE | sed -e 's/ .*//')" local old_md5sum="$(dpkg-query -W -f='${Conffiles}' $PKGNAME | \ sed -n -e "\' $CONFFILE ' { s/ obsolete$//; s/.* //; p }")" if [ "$md5sum" = "$old_md5sum" ]; then echo "Removing obsolete conffile $CONFFILE ..." rm -f "$CONFFILE" fi } case "$1" in install|upgrade) if dpkg --compare-versions "$2" le "1:0.6.9-3"; then rm_conffile hostapd /etc/hostapd/hostapd.conf fi ;; esac #DEBHELPER# exit 0 debian/changelog0000664000000000000000000030603512305662655011063 0ustar wpa (2.1-0ubuntu1) trusty; urgency=medium * New upstream release (LP: #1099755) * debian/get-orig-source: update for new git repository for the current hostap/wpasupplicant versions. * Dropped patches due to being applied upstream and included in the current source tarball: - debian/patches/11_wpa_gui_ftbfs_gcc_4_7.patch - debian/patches/13_human_readable_signal.patch - debian/patches/git_deinit_p2p_context_on_mgmt_remove_ff1f9c8.patch - debian/patches/libnl3-includes.patch * debian/patches/git_accept_client_cert_from_server.patch: revert the commit: "OpenSSL: Do not accept SSL Client certificate for server", which breaks many AAA servers that include both client and server EKUs. Cherry-picked from hostap git commit b62d5b5. -- Mathieu Trudel-Lapierre Tue, 04 Mar 2014 16:13:24 -0500 wpa (1.0-3ubuntu4) trusty; urgency=low * debian/patches/git_deinit_p2p_context_on_mgmt_remove_ff1f9c8.patch: deinitialize the P2P context when the management interface gets removed for whatever reason, such as a suspend/resume cycle. (LP: #1210785) -- Mathieu Trudel-Lapierre Mon, 18 Nov 2013 20:31:00 -0500 wpa (1.0-3ubuntu3) trusty; urgency=low * debian/config/wpasupplicant/linux: enable EAP-FAST (LP: #34982) -- Mathieu Trudel-Lapierre Wed, 30 Oct 2013 09:25:39 -0700 wpa (1.0-3ubuntu2) saucy; urgency=low * debian/config/wpasupplicant/linux: - Enable CONFIG_AP_MODE (AP mode support) (LP: #1209511). - Enable CONFIG_P2P (Wi-Fi Direct support). -- Mathieu Trudel-Lapierre Thu, 08 Aug 2013 10:20:17 -0400 wpa (1.0-3ubuntu1) raring; urgency=low * Merge from Debian unstable. Remaining changes: - Enable CONFIG_IBSS_RSN, so that we can turn back on "secure" adhoc support in NetworkManager using IBSS RSN (WPA2). - debian/wpasupplicant.postinst, debian/hostapd.postinst: Only move sendsigs.omit.d/*.pid if the target isn't the same as the source (as is the case when /lib/init/rw is a symlink to /run) - debian/patches/dbus-activation-cmdline.patch: have wpasupplicant create a pid file in /run/sendsigs.omit.d when activated by DBus. - debian/patches/session-ticket.patch: disable the TLS Session Ticket extension to fix auth with 802.1x PEAP on some hardware. -- Logan Rosen Fri, 30 Nov 2012 11:49:00 -0500 wpa (1.0-3) unstable; urgency=high * ship forgotten README-P2P. * revert to GNU readline for wpa_cli, instead of using the internal readline implementation added in wpa 1~. Prefer libreadline-gplv2-dev, because libnl is GPL-2 (only) - switching back to the internal readline implementation is targeted for wheezy+1 (Closes: #677993, #678077). * Fix DoS via specially crafted EAP-TLS messages with longer message length than TLS data length (CVE-2012-4445, DSA 2557-1, Closes: #689990). -- Stefan Lippers-Hollmann Mon, 08 Oct 2012 17:48:04 +0200 wpa (1.0-2ubuntu5) quantal; urgency=low * debian/patches/session-ticket.patch: disable the TLS Session Ticket extension to fix auth with 802.1x PEAP on some hardware. (LP: #969343) -- Mathieu Trudel-Lapierre Wed, 12 Sep 2012 15:57:50 -0400 wpa (1.0-2ubuntu4) quantal; urgency=low * Enable CONFIG_IBSS_RSN, so that we can turn back on "secure" adhoc support in NetworkManager using IBSS RSN (WPA2). (LP: #1046918) -- Mathieu Trudel-Lapierre Fri, 07 Sep 2012 15:49:45 -0400 wpa (1.0-2ubuntu3) quantal; urgency=low * debian/patches/fix_driver_wext_for_broadcom_wl.patch: Drop the patch, it appears to break at least some scans with some Broadcom devices. (LP: #994739) -- Mathieu Trudel-Lapierre Wed, 01 Aug 2012 12:02:44 -0400 wpa (1.0-2ubuntu2) quantal; urgency=low * debian/patches/fix_driver_wext_for_broadcom_wl.patch: Add a workaround for Broadcom wl driver's first failing scan (LP: #994739) -- Pau Oliva Fora (pof) Mon, 09 Jul 2012 16:44:32 +0200 wpa (1.0-2ubuntu1) quantal; urgency=low * debian/wpasupplicant.postinst, debian/hostapd.postinst: Only move sendsigs.omit.d/*.pid if the target isn't the same as the source (as is the case when /lib/init/rw is a symlink to /run) * debian/patches/dbus-activation-cmdline.patch: have wpasupplicant create a pid file in /run/sendsigs.omit.d when activated by DBus. -- Mathieu Trudel-Lapierre Fri, 25 May 2012 14:07:55 -0400 wpa (1.0-2) unstable; urgency=low * Really enable hardened build flags, thanks Simon Ruderich . (Closes: #657332) * Do not suppress compilation output, set V=1. -- Kel Modderman Mon, 14 May 2012 06:39:13 +1000 wpa (1.0-1) unstable; urgency=low [ Stefan Lippers-Hollmann ] * New upstream release, no code changes since 1.0~rc3. * upload to unstable, to fix FTBS with gcc-4.7. * update debian/README.source. [ Kel Modderman ] * No longer explicitly add --as-needed to LDFLAGS, it is no longer required since wpa_cli stopped linking to libreadline (WPA_CLI_EDIT=y). -- Kel Modderman Fri, 11 May 2012 13:58:51 +1000 wpa (1.0~rc3-1) experimental; urgency=low [ Stefan Lippers-Hollmann ] * import new upstream snapshot 1.0-rc3: - fixes: - hostapd: Fails to authenticate on wpa2 password (Closes: #483924) - hostapd: EAPOL reauthentication/rekeying timeout loop when using WMM (Closes: #655129, #659059) - rebase patches: - libnl3-includes - update hostapd configs. - update wpa_supplicant configs. * merge source packages for hostapd and wpasupplicant under the new name "wpa", which is also used by upstream. * restrict wpasupplicant to linux-any and kfreebsd-any, hurd lacks kernel support. * bump standards version to 3.9.3, no changes necessary. * update dep-5 version to final 1.0, no changes necessary: - order licenses alphabetically. * build-depend on docbook-to-man explicitly. * convert packaging to Multi-Arch, bump compat level to 9 and debhelper build-dependency accordingly; all binaries are Multi-Arch=foreign. * update debian/copyright for wpa 1.0~rc2 and merged sources. * fix clean target and make sure to succeed building twice in a row. * drop build-dependency on libreadline-dev, it's no longer needed with WPA_CLI_EDIT. * remove watch file, there is no corresponding upstream tarballs at the moment. * add (temporary?) get-orig-source target to debian/rules, which fetches the last tagged upstream version corresponding to debian/changelog. - add a lintian override for this, upstream doesn't want to release tarballs at the moment. * use epoche only for hostapd binaries. [ Kel Modderman ] * export BINDIR=/sbin, the build system now requires it when patching D-Bus/systemd configuration. * quieten the upstream build system so that errors/warning are more visible. * assist with adaptation of debian/rules for merge of wpa_supplicant/hostapd: - add docbook-utils to build dependency list and make documentation from sgml source - ensure shared code under src/ is cleaned between wpa_supplicant/hostapd builds - put wpa_supplicant/hostapd ifupdown hooks in their own namespace, adapt installation of ifupdown hooks * drop the netdev_wrapper script from wpagui and associated patch * install systemd service unit file * refresh D-Bus service activation file patch which starts process with syslog and control socket support, also patch systemd service file * drop 09_dbus_emit_change_events.patch, applied upstream. * fix ftbfs with gcc/g++ 4.7 (Closes: 667416) * enable hardened build flags. (Closes: #657332) * remove DEB_BUILD_OPTIONS=noopt handling from debian/rules, no longer required since dpkg-buildflags honors it. * Add ability to set CC for cross building support (untested). * Remove Faidon Liambotis from Uploaders as per his request, many thanks for all past efforts Faidon. * Only build manpages from docbook source, we do not currently use the html or pdf products. -- Kel Modderman Sat, 21 Apr 2012 15:59:32 +1000 wpasupplicant (0.7.3-6) unstable; urgency=low * add "hostap: Allow linking with libnl-3" from Ben Greear to allow building against libnl3 3.2. * raise versioned build-dependency to (>= 3.2.3-2~), we need libnl-genl-3-200-udeb and expect it in /lib/. * switch build dependency from libnl3-dev to libnl-3-dev && libnl-genl-3-dev accordingly. * symlink /usr/share/doc/wpasupplicant/ to /usr/share/doc/wpa_supplicant, which is referred to from upstream documentation (Closes: #537375, #616120). * enable BGSCAN_SIMPLE (Closes: #650834). * add "For MS-CHAP, convert the password from UTF-8 to UCS-2" from Evan Broder , accepted upstream into hostap-1.git (Closes: #649202). -- Stefan Lippers-Hollmann Mon, 19 Dec 2011 23:31:20 +0100 wpasupplicant (0.7.3-5) unstable; urgency=low * restrict wpasupplicant-udeb to linux-any, until a udeb for libpcap0.8 gets available for kfreebsd-any (Closes: #644823). * build-depend on libncurses5-dev explicitly, as it is no longer pulled in indirectly. -- Stefan Lippers-Hollmann Fri, 14 Oct 2011 10:35:42 +0200 wpasupplicant (0.7.3-4) unstable; urgency=low [ Kel Modderman ] * Support /run/sendsigs.omit.d/ (Closes: #633040): - depend on initscripts (>= 2.88dsf-13.3) - create new omission pid files in /run/sendsigs.omit.d/ unconditionally - migrate existing omission pid files from /lib/init/rw/ to /run/sendsigs.omit.d/ * ACK NMU (Closes: #610931) - add wpasupplicant-udeb - build against libnl3 * Improve integration of the udeb addition with existing debian/rules: - build the required binary in the build target in similar way to standard package build - install binary manually in dh_auto_install override rather than wpasupplicant-udeb.install to handle renaming of binary - sync udeb CFLAGS with the standard build - allow potential for non-linux udebs, add a kfreebsd udeb configuration snippet * Filter the numerous hyphen-used-as-minus-sign informational messages from lintian output. * Add preferred options to debian/source/local-options to assist with quilt patch management. * Add patch for wpa_gui-qt4 which displays scan results signal strength in dBm with bar indicator. (Closes: #630681) [ Stefan Lippers-Hollmann ] * make wpasupplicant-udeb arch=any, an initial kfreebsd udeb config is now provided as well. * use Package-Type instead of XC-Package-Type for wpasupplicant-udeb, dpkg-dev >1.15.7 is available in squeeze. * add a dependency on ${misc:Depends} for the udeb package as well. * adapt debian/copyright to recent changes (r174) in DEP-5 and use the new anonscm URL. * don't use /run/sendsigs.omit.d/ if it hasn't already been created by mountkernfs.sh (e.g. when using systemd), thanks to Michael Biebl. -- Stefan Lippers-Hollmann Mon, 26 Sep 2011 23:30:00 +0200 wpasupplicant (0.7.3-3.1) unstable; urgency=low * Non-maintainer upload with the agreement of Kel Modderman. [ Stefan Lippers-Hollmann ] * bump standards version to 3.9.2, no changes necessary. [ Gaudenz Steinlin ] * Add wpasupplicant-udeb for debian-installer. Thanks to Mathew Palmer for providing the initial patch. (Closes: #610931) * Build against libnl3 -- Gaudenz Steinlin Sat, 30 Jul 2011 14:10:31 +0200 wpasupplicant (0.7.3-3) unstable; urgency=low * Restore code which loop waits for wpa_supplicant generated PID and UNIX socket on the filesystem before proceeeding with execution of ifupdown script. (Closes: #622757, #622589) * On DISCONNECTED event using wpa-roam, do not immediately issue reassociation command. (Closes: #622821) * Enable CONFIG_IEEE80211W in build configuration. (Closes: #622587) -- Kel Modderman Sun, 17 Apr 2011 21:07:58 +1000 wpasupplicant (0.7.3-2) unstable; urgency=low * Upload to unstable. * Remove 08_pcsc_dynamic.patch and forget the idea about dynamically loading libpcsc. (Closes: #618719) * Build with support for pcsc and link with libpcsc. Reopens #531592 and #612715. -- Kel Modderman Tue, 12 Apr 2011 22:37:40 +1000 wpasupplicant (0.7.3-1) experimental; urgency=low [ Kel Modderman ] * ACK NMU (Closes: #582917) and integrate changelog. * New upstream release (Closes: #591371). - nl80211 driver interface doesn't use WEXT compat layer (Closes: #570688) * Adjust debian/watch for 0.7.X series of upstream. * Drop patches applied upstream: - 11_syslog.patch - 18_wpa_gui_wps_ap_avail_annoyance.patch - 20_wpa_msg_ctrl_wps.patch - 21_kfreebsd.patch - 30_cfg80211_association_optimisation.patch * Refresh patch series and merge with new upstream. * Change build configuration: - remove all comments from our config - enable new D-Bus interface - disable experimental feature CONFIG_EAP_PSK - enable CONFIG_AP, which allows hostapd-like functionality * Install D-Bus service activation file for new interface. * Set default driver type to nl80211,wext in ifupdown glue. * Remove duplicate handling of wpa-mode in ifupdown/functions.sh. * Add support for scan_freq and freq_list in ifupdown/functions.sh. * Install pm-utils action script to notify wpa_supplicant of susepnd and resume events. * Remove pm-utils stuff from debian/ifupdown/action_wpa.sh. * Remove sleep loops which wait for creation of interface specific control sockets, these are now created before the process is backgrounded (http://w1.fi/bugz/show_bug.cgi?id=283). * After a disconnected event, attempt to reassociate to a network when using wpa-roam. * Add statement to debian/copyright about our choice to distribute this software under BSD license and link with openssl. * Override lintian in the case of possible-gpl-code-linked-with- openssl. * Establish control interface when D-Bus activated wpa_supplicant daemon starts. (Closes: #606051) * Update all patches with DEP-3 compliant header information. * Cherry pick upstream commit which fixes up emission of change events over D-bus. (Closes: #617199) * Add patch to load libpcsclite1 via dlopen(), making pcsc support optional. (Closes: #612842, #612715, #583671, #531592) * Set build config option CONFIG_PCSC=dyn to use above mentioned feature. * Add patch to wpa_gui to use KDE's KNotify when running under KDE. (Closes: #582793) * Adjust versioned debhelper build-depends to (>> 8). * Use architecture wildcards in debian/control. * Adjust wpagui versioned dependency on wpasupplicant to >= 0.7.3 to make sure all new UI features are supported. [ Stefan Lippers-Hollmann ] * Add myself to uploaders. * Bump policy version to 3.9.1: - Include full text of the employed BSD license variant and no longer refer to Debian's common license template. * Bump compat level to 8 and debhelper build-depends to >= 7.9.3~ accordingly, retaining backportability for squeeze (plain lenny isn't an option due to simplified dh7 usage). * Refresh patch series and merge with new upstream (0.7.3). * Drop patches applied upstream: - patches/10_wpa_gui_qt4_network_id_qregexp.patch - patches/11_wpa_supplicant_enable_network_tweak.patch * update machine readable debian/copyright to be compatible with DEP5 r135. * initial update of existing debian/copyright entries. -- Kel Modderman Tue, 08 Mar 2011 22:02:17 +1000 wpasupplicant (0.6.10-2.1) unstable; urgency=low * Non-maintainer upload approved by Kel Modderman. * Added patch 31_fallback_to_full_EAP_authentication.patch (closes: #582917). -- Micha Lenk Sun, 28 Nov 2010 12:22:01 +0100 wpasupplicant (0.6.10-2) unstable; urgency=low * Switch to source format 3.0 (quilt), drop quilt build dependency and remove '--with quilt' from dh command in debian/rules. * Fix "FTBFS on kfreebsd-gnu" with addition of 21_kfreebsd.patch. Thanks to work by Stefan Lippers-Hollmann and Petr Salinger. (Closes: #480572) * Disable experimental feature CONFIG_IEEE80211W (management frame protection) due to it not being supported by any driver but ath9k and it generating ioctl errors which cause much concern among users for little to no benefit. * Add traling blank line to debian/NEWS to assist apt-listchanges as per lintian advice. * Cherry pick 30_cfg80211_association_optimisation.patch from upstream git. Add cfg80211-specific optimization to avoid silly behavior. -- Kel Modderman Sat, 27 Feb 2010 11:30:53 +1000 wpasupplicant (0.6.10-1) unstable; urgency=low * New upstream release. - wpa_msg_ctrl helper which can send messages to the control interface without logging when running in non-debug mode. Used for CTRL-EVENT-SCAN-RESULTS. (Closes: #539915) (LP: #352118) * Remove members of pkg-wpa-devel team from Uploaders who no longer participate in maintenance. Thanks for their past work. (Closes: #529501) * Disable building of atmel driver backend, neither atmel_{cs,pci}, nor at76c50x-usb ever used it and atmelwlandriver is not in Debian and has been abandoned upstream in 2005. Thanks to Stefan Lippers- Hollmann for doing the research. * Remove a few traces of ath/madwifi from debian/NEWS and debian/README.Debian, thanks again to Stefan Lippers-Hollmann. * Prefix etc/pm/sleep.d/ pm-utils hook in the 50 - 74 sequence range to comply with sequencing rules as per pm-action(8) (LP: #307493). Provide the symlink to our hook in /usr/lib/pm-utils/sleep.d/ rather than /etc/pm/sleep.d/. (Closes: #557344) * Modify wpa_action and associated functions to use logger(1) instead of piping to /var/log/wpa_action.$IFACE.log. * Ensure removal of obsolete logrotate conffiles now that all wpa_supplicant/wpa_cli output is logged to syslog. * Support help action in action_wpa.sh. (Closes: #548995) * Build-depend on libreadline-dev instead of libreadline5-dev. (Closes: #553891) * Do not use sed to comment all network blocks out in the example wpa_supplicant.conf. * Do not strip upstream manual pages from source tree, do no generate them at build time, do not build-depend on dockbook. We currently do not modify them, so these build-dependencies and steps are expensive. * Convert debian/rules to use dh - build depend on debhelper (>= 7.4.12~) for dh override support, qmake build class support and --builddirectory argument support - install wpagui files via debian/wpagui.install - rename debian/ifupdown/wpa_action.sh to debian/ifupdown/wpa_action and install via debian/wpasupplicant.install - install wpasupplicant ifupdown scripts via debian/wpasupplicant.install * CFLAGS, CXXFLAGS, LDFLAGS and V are exported by debian/rules. * Remove uupdate command from debian/watch, it is not useful. * Add ${misc:Depends} to debian/control for debhelpers to use as required. * Remove debian/get-git-snapshot and debian/rules target. * Bump Standards-Version to 3.8.4, no extra changes required. * wpa_action shell functions no longer require an ifupdown state file to function as future providers of ifup/ifdown may not need or provide it. * wpa_action shell functions ifup and ifdown create and delete the wpa_supplicant sendsigs omission file thus removing the need for /etc/init.d/wpa-ifupdown. Remove /etc/init.d/wpa-ifupdown on upgrade via maintainer scripts. (Closes: #545173) * Drop debian/patches/10_multi_driver.patch due to its invasiveness - it may make future patches which fix serious issues harder to apply while providing an experimental feature only. * Add debian/patches/18_wpa_gui_wps_ap_avail_annoyance.patch to stop notifying about WPS_EVENT_AP_* events via wpa_gui tray status bubbles - they are too frequent. * Cherry pick 20_wpa_msg_ctrl_wps.patch from upstream to avoid too frequent logging of WPS events. * Drop debian/patches/05_qmake_version_makefile.patch, use qmake build class in debian/rules, Build-Depend on qt4-qmake and Build-Conflict with libqt3-dev. * Ensure wpa_supplicant/wpa_gui-qt4 is really clean, qmake seems to leave some crumbs (.obj, .moc & .ui). * Adjust debian/watch to scan for the 0.6.X stable releases only. * Remove debian/wpasupplicant.postrm - it is no longer needed to handle purge of log files, none are created anymore. * Enable make concurrency via dh --parallel option in debian/rules. -- Kel Modderman Tue, 16 Feb 2010 21:26:26 +1000 wpasupplicant (0.6.9-3) unstable; urgency=low * Drop debian/patches/12_syslog_supplement.patch. It adds code which attempts to prettify output but doesn't handle large output well. (Closes: #528639) -- Kel Modderman Sat, 16 May 2009 03:47:08 +1000 wpasupplicant (0.6.9-2) unstable; urgency=low * Add debian/patches/07_dbus_service_syslog.patch to enable syslog logging when wpa_supplicant is started via D-Bus. * Start wpa_supplicant with default level of verbosity via ifupdown hooks, rather than in quiet mode. * Merge some differences from wpasupplicant_0.6.6-2ubuntu1.patch, with very minor modification: - 12_syslog_supplement.patch: Add a few more bits missing from the upstream patch, based on http://cvs.fedoraproject.org/viewvc/rpms/wpa_supplicant/OLPC-2/wpa_supplicant-0.5.7-use-syslog.patch. Compile with -DCONFIG_DEBUG_SYSLOG if CONFIG_DEBUG_SYSLOG is set in the configuration file. - Enable CONFIG_DEBUG_SYSLOG in debian/config/* (rather than CFLAGS += -DCONFIG_DEBUG_SYSLOG). - debian/ifupdown/functions.sh: Silence wpa_log_* if /var/log is not yet writable; there is little we can do in this case (logger is in /usr, so may well also be unusable), and the user can always get more information by reconnecting later. - Thanks to Colin Watson * Sync common build configuration options between debian/config/kfreebsd and debian/config/linux. * Add patch description to debian/patches/06_wpa_gui_menu_exec_path.patch. -- Kel Modderman Mon, 13 Apr 2009 23:25:17 +1000 wpasupplicant (0.6.9-1) unstable; urgency=low * New upstream release * Drop patches applied upstream: - 10_wpa_gui_qt4_wps_tab_cleanups.patch - 11_wpa_gui_qt4_qsession.patch * Refresh debian/patches/04_append_mmd_to_default_cflags.patch to apply. * Refresh all other patches to apply without offset. * Activate CONFIG_DRIVER_NL80211 in debian/config/linux. * Sync debian/config/linux with wpa_supplicant/defconfig. * Add libnl-dev to build dependencies. * Modify debian/wpasupplicant.postrm and debian/wpasupplicant.postinst to set -e in body of script rather than in shebang line as per pedantic lintian suggestion. * Upload to unstable. * Add copyright information for src/wps/wps* to debian/copyright. * Add note about linkage with OpenSSL and impact it has on the choice of BSD license in lieu of GPL imcompatibility to debian/copyright. * Add copyright information about src/wps/httpread.* to debian/copyright. * Bump Standards-Version to 3.8.1, no other changes required. * Instead of patching upstream to append -MMD compiler flag set that as default in debian/rules. Purge debian/patches/04_append_mmd_to_default_cflags.patch. * Backport syslog support patch from 0.7.X development branch. Patch name is debian/patches/11_syslog.patch. * Backport patch from 0.7.X to allow multiple driver wrappers to be tried until one works. This will allow some kind of transition smoothing as drivers transition from wext -> nl80211 in the future. * Remove debian/patches/03_dbus_service_activation_logfile.patch, wpa_supplicant can now log to syslog instead. * Update copyright info in debian/ifupdown/*. * When starting wpa_supplicant via ifupdown hook script, do not log to file by default now that we have syslog support. * Update README.Debian for nl80211 driver and change in logging behaviour. -- Kel Modderman Sat, 28 Mar 2009 03:46:12 +1000 wpasupplicant (0.6.7-1) experimental; urgency=low * New upstream release. * Enable CONFIG_WPS in debian/config/*. * Install README-WPS to docs directory. * Refresh debian/copyright for new years which are covered by copyright. * Refresh debian/patches/05_qmake_version_makefile.patch and debian/patches/01_use_pkg-config_for_pcsc-lite_module.patch. * Add debian/patches/10_wpa_gui_qt4_wps_tab_cleanups.patch to cleanup a couple of minor glitches with new wpa_gui-qt4 WPS additions. * Add debian/patches/11_wpa_gui_qt4_qsession.patch to enhance wpa_gui with session saving support. -- Kel Modderman Mon, 02 Feb 2009 06:57:36 +1000 wpasupplicant (0.6.6-2) experimental; urgency=low [ Martin Pitt ] * debian/ifupdown/action_wpa.sh: pm-utils now supplies a second argument to the hooks, thus telling ifplugd and pm-utils apart by the number of arguments does not work any more. Fix up the script to just evaluate the arguments themselves, to work with current and older pm-utils. This unbreaks suspend. (LP: #307312) (Closes: #508526, #509484) [ Kel Modderman ] * It has been reported by Alexander E. Patrakov that WEP keys are set in quick time in newer wpa_supplicant releases and no longer cause problems attempting to connect to specific access point during boot sequence. (Closes: #489948) * Do not start wpa_gui in system tray per default when executed from menu system (discussion with upstream resulted in desire to have app opened in foreground, no need to diverge from that). -- Kel Modderman Sun, 28 Dec 2008 23:53:53 +1000 wpasupplicant (0.6.6-1) experimental; urgency=low * New upstream release. * Update debian/copyright to include copyright holders of new source files (src/drivers/driver_roboswitch.*). * Drop patches applied upstream: - debian/patches/10_ftbfs_gcc_4.4.patch - debian/patches/20_delay_mic_error_report.patch * Add libqt4-svg to Dependencies of wpagui for tray icon support. (Closes: #505492) -- Kel Modderman Mon, 08 Dec 2008 00:47:32 +1000 wpasupplicant (0.6.5-2) experimental; urgency=low * Bugfix: "Missing -d in testing for a directory in init script". Thanks to Braun Gábor for reporting and the patch. (Closes: #506328) -- Reinhard Tartler Tue, 02 Dec 2008 20:52:16 +0100 wpasupplicant (0.6.5-1) experimental; urgency=low * New upstream release. * Purge patches applied upstream. * Modify 20_wpa_gui_menu_exec_path.patch to use the new -t command line option and start wpa_gui in the system tray and avoid desktop startup notifications. * When using wpa-roam and connecting to an interface for which an id_str is defined but no matching /e/n/i logical interfaces has been configured, try to configure the default logical interface. * Adjust debian/ifupdown/functions.sh to use not depend on /sbin/ip to use ip. * Rename 20_wpa_gui_menu_exec_path.patch to 06_wpa_gui_menu_exec_path.patch, it will possibly be a long term patch. * Update debian/copyright for new files, as well as better conformance with proposed copyright format. * Cleanup wording of README.Debian paragraph which explains how to debug wpa_supplicant via logging. * Reduce difference with wpa_supplicant/defconfig, adding sections for new options, updating option description, and removal of CONFIG_EAP_WSC which had previously been removed from wpa_supplicant. * Refresh debian/patches/01_use_pkg-config_for_pcsc-lite_module.patch and debian/patches/05_qmake_version_makefile.patch to apply without offset. * Add 10_ftbfs_gcc_4.4.patch to include header files required for compilation with GCC 4.4, thanks to Martin Michlmayr. (Closes: #505041) * Add 20_delay_mic_error_report.patch, an upstream commit which adds a mitigation mechanism for certain attacks against TKIP by delaying Michael MIC error reports by a random amount of time between 0 and 60 seconds. * Enable CONFIG_DELAYED_MIC_ERROR_REPORT in debian/config/linux. -- Kel Modderman Sun, 09 Nov 2008 21:19:13 +1000 wpasupplicant (0.6.4-3) experimental; urgency=low * Target at experimental due to current archive conditions with respect to stable release freeze. * Install /etc/wpa_supplicant/action_wpa.sh to enhance wpa-roam integration with pm-utils and ifplugd. (Closes: #488538) * wpa_gui need not depend stricly upon the same binary version of wpa_supplicant, it just requires a version of wpa_supplicant which support the set of ctrl_interface commands that are used, which to the best of my knowledge is (>= 0.6.2-1). [debian/control] * Cleanup short description of wpasupplicant, and improve short description of wpagui. [debian/control] * Add a series of patches to enhance wpa_gui-qt4: - 10_wpa_gui_icons.patch - 11_desktop_entry.patch - 12_wpa_gui_icons_resource.patch - 13_remove_qPixmapFromMimeSource_ref.patch - 14_qsystemtray_icon.patch - 15_tray_status_state.patch - 16_wpa_gui_icon_touchup.patch * Install icon and menu entry for wpa_gui. [debian/rules] (Closes: #498923) * Add a shell script wrapper, debian/wpa_gui/netdev_wrapper, which will be used by the menu entry to try and exec /usr/sbin/wpa_gui with best estimated privilege level. Install it to /usr/share/wpagui/netdev_wrapper. [debian/rules] * Add 20_wpa_gui_menu_exec_path.patch to modify exec path of wpa_gui.desktop to point at our new wrapper, /usr/share/wpagui/netdev_wrapper. * Add debian menu file for wpa_gui, it also uses the netdev_wrapper. * Create xpm icons from new upstream icon build system, and store them in debian/wpa_gui/*.xpm to avoid creating them during package build because inkscape and imagemagick would be required which are quite large and uneccessary build dependencies. Leave a note in debian/rules to remind us about their origin and the reasoning behind this decision. * wpagui package Recommends: menu, as menu provides su-to-root, which we may need. [debian/control] * Add two upstream patches to improve the retrieval of scan results from userspace: - 07_restore_scanreq_if_initassoc_failed.patch - 08_only_use_cached_scan_results_if_nonempty.patch * Refresh patch series to apply without offset. -- Kel Modderman Thu, 25 Sep 2008 07:52:06 +1000 wpasupplicant (0.6.4-2) unstable; urgency=low * Bugfix: wpasupplicant crashes (closes: #485769). Patch taken from upstream git. -- Reinhard Tartler Wed, 27 Aug 2008 10:10:20 +0200 wpasupplicant (0.6.4-1) unstable; urgency=low [ Kel Modderman ] * New upstream release * Retroactively cleanse past changelog entries of information indicating that they were not released, as they were. * Use short option for grep (-q) and sed (-n) instead of the busybox incompatible --quiet as per advice of Charles-Henri Gros. * wpa_action: on connected action, call wpa_hysteresis_event before ifup, so that a disconnected action may still be effective should the ifup take a long time (eg. dhcp request takes a long time and eventually fails). [ Alessio Treglia ] * Added build-depends on libdbus-glib-1-dev, fixes FTBFS (LP: #256274). -- Reinhard Tartler Sat, 16 Aug 2008 10:09:01 +0200 wpasupplicant (0.6.4~git20080716.93ef879-1) unstable; urgency=low [ Kel Modderman ] * New upstream git snapshot. * Drop patches applied upstream: - 10_silence_siocsiwauth_icotl_failure.patch - 11_avoid_dbus_version_namespace.patch - 12_fix_potential_use_after_free.patch - 13_defined_IEEE8021X_EAPOL.patch - 14_fix_compile_without_eap.patch - 15_silence_out_of_bounds_warnings.patch - 41_manpage_format_fixes.patch - 42_manpage_explain_available_drivers.patch - 43_remove_w_from_help.patch - 50_wext_dont_overwrite_bss_freq.patch - 51_dont_reschedule_specific_scans_for_hidden_ssids.patch - 52_handle_mac80211_mode_switch.patch - 53_give_adhoc_assoc_more_time.patch * Drop -20_wpa_gui_qt4_disable_link_prl.patch, the qt4 linking problem has been fixed by our qt4 maintainers. * Refresh remaining patch series. * Increase Standards_version to 3.8.0. Explain in debian/README.Debian-source that the `debian/rules patch` command is required to prepare the source tree for building. * Cleanup debian/wpasupplicant.links, removing trailing whitespace and leading / from target symlink pathname. * Remove debian/README.Debian, the information therin was irrelevant for the current release cycle, and is better explained by the README.modes document. * Move debian/README.modes to debian/README.Debian, and create a backwards compat symlink (/usr/share/doc/wpasupplicant/README.modes.gz -> README.Debian.gz) to avoid breaking current online documentation. * Fix spelling error in new debian/README.Debian found by lintian. * Don't install the wpa_supplicant/eap_testing.txt document, it contains information about development features and testing that is not possible with what is provided by the wpasupplicant package. * Remove the QMAKE variable from debian/rules, it is no longer used with upstream build system. * Remove debian/wpagui.install and instead invoke dh_install explicitly in debian/rules, making use of the WPAGUI variable, to have the correct version of wpa_gui installed (assist in switch to-fro different QT ports). * Remove possible bashisms (local(x, y)) from debian/ifupdown/functions.sh. * Add rudimentary locking system when wpa_action(8) calls ifup/ifdown, so that /etc/network/if-*.d/wpasupplicant can differentiate between admin calling ifup/ifdown or wpa_action. (Closes: #488078, #373180) * When wpa_action calls ifup/ifdown, use verbose command line option for more detailed log of what hook scripts are executed. * wpa-ifupdown.init should always stop wpa_action daemon, ifupdown is only guaranteed to stop it if interface is currently configured. * Move debian/README.Debian-source to debian/README.source, as policy seem to prefer this filename now as of version 3.8.0. [ Reinhard Tartler ] * lower debhelper compat level to 6 to ease backporting -- Kel Modderman Wed, 16 Jul 2008 22:59:25 +1000 wpasupplicant (0.6.3-2) unstable; urgency=low * Add patch to remove -w option from help output, it has been removed in previous versions. (Closes: #472853) * Correctly refer to wpa-debug-level (not wpa-verbosity-level) ifupdown parameter to control logging output. (Closes: #474440) * Apply patch to permit package build on GNU/kFreeBSD. - add debian/config.kfreebsd build configuration file - adapt debian/rules to use debian/config/kfreebsd when building for kfreebsd DEB_HOST_ARCH_OS * Fix arch specific build dependency declarations introduced by GNU/kFreeBSD compat patch. * Build depend on debhelper >= 7, adjust debian/compat to suit. * Simplify debian/rules, cleaning up the sanitization of README.wpa_supplicant.conf, clean , build and install targets. * Span the Build-Depends field of debian/control over multiple lines. * Add debian/patches/13_defined_IEEE8021X_EAPOL.patch to allow compilation when CONFIG_IEEE8021X_EAPOL is not defined and allow people attempting to progress on wpasuplicant udeb (and netcfg integration) to move on. * Add 14_fix_compile_without_eap.patch to fix another FTBFS when IEEE8021X_EAPOL is not defined. * Rename debian/extra-examples/ to debian/examples/. * Slightly modify the way get-git-snapshot is invoked by debian/rules. * Create debian/config/ directory to contain various build configuration files for different targets (eg. udeb, kfreebsd, linux). * Disable building of test driver backend, no development can sanely be done with this binary package. * Disable building of hostap driver backend, the version of hostap driver in existence since Linux 2.6.14 (or before) uses the wext driver backend. * Provide code in ./debian/ifupdown/functions.sh that warns about invalid wpa-driver choice, and falls back to the usage of a default backend. * Modify debian/README.modes to not contain blurb about which driver_backend to use, wext should almost _always_ be used. * Refresh debian/patches/14_fix_compile_without_eap.patch with what was applied upstream. * Add 50_wext_dont_overwrite_bss_freq.patch to fix handling of channel and frequency information returned by mac80211 using drivers in ad-hoc mode. * 51_dont_reschedule_specific_scans_for_hidden_ssids.patch to optimize scan rescheduling in order to better detect hidden SSIDs. * Simplify debian/rules handling of wpa_supplicant/.config, just cp it in as needed in build target. Move dh_install into install target. These will make integration of possible future udeb cleaner. * Add 52_handle_mac80211_mode_switch.patch to enhance handling of mode switching for mac80211 using interfaces. * Add 53_give_adhoc_assoc_more_time.patch to give adhoc associations a bit more time. * Add 15_silence_out_of_bounds_warnings.patch to silence gcc-4.3 warnings about accessing out of bounds array index. * Purge debian/madwifi-headers/* and no longer activate the driver_madwifi backend of wpa_supplicant. Remove reference to it in support documentation. If "wpa-driver madwifi" is used in an /e/n/i stanza print a warning and use "wext" instead. -- Kel Modderman Mon, 09 Jun 2008 09:30:23 +1000 wpasupplicant (0.6.3-1) unstable; urgency=low * New upstream release. * Drop patches applied upstream: - debian/patches/30_wpa_gui_qt4_eventhistoryui_rework.patch - debian/patches/31_wpa_gui_qt4_eventhistory_always_scrollbar.patch - debian/patches/32_wpa_gui_qt4_eventhistory_scroll_with_events.patch - debian/patches/40_dbus_ssid_data.patch * Tidy up the clean target of debian/rules. Now that the madwifi headers are handled differently we no longer need to do any cleanup. * Fix formatting error in debian/ifupdown/wpa_action.8 to make lintian quieter. * Add patch to fix formatting errors in manpages build from sgml source. Use tags to hightlight keywords instead of surrounding them in strong quotes. - debian/patches/41_manpage_format_fixes.patch * wpasupplicant binary package no longer suggests pcscd, guessnet, iproute or wireless-tools, nor does it recommend dhcp3-client. These are not needed. * Add debian/patches/10_silence_siocsiwauth_icotl_failure.patch to disable ioctl failure messages that occur under normal conditions. * Cherry pick two upstream git commits concerning the dbus interface: - debian/patches/11_avoid_dbus_version_namespace.patch - debian/patches/12_fix_potential_use_after_free.patch * Add debian/patches/42_manpage_explain_available_drivers.patch to explain that not all of the driver backends are available in the provided wpa_supplicant binary, and that the canonical list of supported driver backends can be retrieved from the wpa_supplicant -h (help) output. (Closes: #466910) * Add debian/patches/20_wpa_gui_qt4_disable_link_prl.patch to remove link_prl CONFIG compile flag added by qmake-qt4 >= 4.3.4-2 to avoid excess linking. -- Kel Modderman Wed, 12 Mar 2008 20:03:04 +1000 wpasupplicant (0.6.2+git20080206.g8c0dad4-1) unstable; urgency=low [ Kel Modderman ] * New Upstream git snapshot. - fixes infinite loop in EAPOL state machine when dynamic wep keys are used (Closes: #464514) * install-stamp was not properly implimented, fix it up. [debian/rules] * Drop patches to ctrl interface bss scan results iterator that will not be applied upstream. The iterator will be redesigned to not suffer from the identified problem of one bssid being encountered in more than one cell of the scan results. - debian/patches/84_ctrl_iface_scan_bss_count.patch - debian/patches/85_ctrl_iface_scan_bss_count_warning.patch - debian/patches/94_wpa_gui_qt4_scanres_bss_count.patch * Drop patches applied upstream. - debian/patches/30_src_clean_existing_dirs.patch - debian/patches/31_ctrl_iface_x86_64_compile_warning.patch - debian/patches/93_wpa_gui_qt4_scanres_really_remove_qtimer.patch * wpa_gui should depend on the wpa_supplicant binary from the same build, therefore set versioned dependency of wpasupplicant (= ${binary:Version}) for the wpagui package. [debian/control] * Reimpliment 70_wpa_gui_qt4_wpagui_scroll_follow_eventhistory.patch in the form of three patch series for resubmission to upstream. - debian/patches/30_wpa_gui_qt4_eventhistoryui_rework.patch - debian/patches/31_wpa_gui_qt4_eventhistory_always_scrollbar.patch - debian/patches/32_wpa_gui_qt4_eventhistory_scroll_with_events.patch [ Reinhard Tartler ] * move debian/patches/01_debian_wpa_roam_example.patch to debian/extra-examples/wpa-roam.conf to have the example as proper file instead of a diff. * Add documentation headers to the files in debian/patches/* * Don't manage wpasupplicant/.config as patch system, but have it as debian/config instead. therefore remove 00_defconfig.patch and 21_config_driver_madwifi.patch * move madwifi headers from debian/patches/20_madwifi_headers to debian/madwifi-headers. also update debian/copyright. * remove ${misc:Depends}. Nothing does use it and generates an unnecessary warning. * use -Wl,--as-needed to avoid unnecessary linking to ncurses, libpthread and libdl. * use pkg-config for detecting how to link against pcsc-lite - debian/patches/01_use_pkg-config_for_pcsc-lite_module -- Reinhard Tartler Sat, 09 Feb 2008 23:21:37 +0100 wpasupplicant (0.6.2+git20080202.gde6ccd7-1) unstable; urgency=low * New Upstream git snapshot. - the -w (wait for interface) option has been removed (Closes: #350963) - wpa_gui has been massively enhanced * Drop all patches applied to upstream git. * Add debian/patches/30_src_clean_existing_dirs.patch to adjust upstream build system for removal of src/wps (as done in upstream build_release script). * Make sure wpa_supplicant process is checked for and killed by wpa_action on stop or down actions. * Update debian/NEWS to alert users about the removal of the -w command line option. * Truncate debian/NEWS, none of the items are relevant for current upgrade paths, nor do they hold any historical relevance. * Clarify the license of the debian packaging. No license was initially given until now, so we could assume the original packager contributed the packaging under the same terms as the upstream license (BSD | GPL-2). * /etc/init.d/wpa-ifupdown must stop before sendsigs does when using dependency based init system. Add $remote_fs to Required-Stop keyword of LSB header in debian/wpasupplicant.wpa-ifupdown.init. * Add debian/patches/38_dbus_blob_support.patch to allow support for loading of blobs via the D-Bus interface. Patch cherry picked from upstream git. * Move README.wpa_supplicant.conf from examples to docs. Generate the file in the wpa_supplicant/ directory. * Add ${misc:depends} to Depends field of our packages to ensure we do not miss out on any substvars that debhelper may provide us with. * Add debian/patches/39_wpa_gui_qt4_closeevent.patch to improve handling of wpa_gui-qt4 exit, both from File->exit and the X button on the titlebar. * Start daemon in quiet mode by default, the scan event is being written to logfile far too often. [debian/ifupdown/functions.sh] * When starting daemon with debug option, include timestamps in logfile. [debian/ifupdown/functions.sh] * Simplfy return check in init_wpa_supplicant(), init_wpa_cli() kill_wpa_supplicant() and kill_wpa_cli() reduce one level of indentation for each function. [debian/ifupdown/functions.sh] * Add patch to invoke versioned qmake binary when preparing the Makefile for wpa_gui/wpa_gui-qt4 or else a failure to build from source can be possible when more than one QT version is installed. (Closes: #463547) - debian/patches/05_qmake_version_makefile.patch -- Kel Modderman Mon, 04 Feb 2008 16:00:38 +1000 wpasupplicant (0.6.2-1) experimental; urgency=low * New upstream release. * Allow "wpa-key-mgmt NONE" to form a network block via the wpa_cli calls in wpa_conf() of functions.sh. * Overhaul wpa_key_check_and_set() function of functions.sh to better handle wep keys. Function now does similar checking of wep keys that it does for wpa keys. Valid wep keys can be hex of length 10|26|32|58 or ascii with length of at least 5. * Check wpa_cli return value in wpa_cli() function of functions.sh. * Adjust Standards-Version to 3.7.3, no extra changes required. * Switch to quilt patch management from dpatch: - build-depend on quilt, adjust debian/rules accordingly - debian/madwifi/mk-madwifi-header-patch becomes obsolete, removed * Remove debian/defconfig.sh, and re-impliment it in patch form again, but this time with a patch management system that can be used more naturally. This also allows an oppurtunity to go over our default build configuration. * Add svn:ignore property for .pc quilt by-product. * Ensure src/drivers/driver_madwifi/ directory is purged from source tree in clean target of debian/rules. * /var/lock/wpa_action.*.lock was not used in a version of wpasupplicant package in a stable release, no longer need to handle its removal in postrm anymore. * Activate support for PC/SC interface for smartcards along with SIM and AKA EAP methods. Build-depend on libpcsclite-dev. Suggest pcscd. * Update email address in debian/ifupdown/wpa_action.8 manpage. * Sanitize whitepsace in debian/README.modes, swapping tabs for 8 spaces, improving layout of basic tables. Fix a couple of typo's too. * Clarify in debian/README.modes the URI to BTS discussions. Also add a note that using ap_scan=2 requires explicit security policies to be set for each network. * dbus-wpa_supplicant.service now provided by upstream. * Impliment debian/examples/wpa_supplicant.conf.template in patch form. It is planned to expand this small template into a more usable and documented beginning point for the wpa-roam schema. * Add useful comments to the new wpa-roam.conf example configuration file. * README.modes now gives sound advice to setup the roaming daemon to be used with the netdev group, and offers advice on howto set various data sensitive conffiles to be readable only by owner. (Closes: #428620) * wpa_gui manpage exists in upstream, remove debian/wpa_gui.8. * If the path to ctrl_interface directory can be determined from the supplied configuration, do not append the -C option to wpa_supplicant start-stop-daemon command in ifupdown.sh. This breaks the new DIR= GROUP= ctrl_interface syntax. * Add initial subsection to README.modes about "Interacting with wpa_supplicant with wpa_cli and wpa_gui". * Activate CONFIG_IEEE80211R, CONFIG_IEEE80211W and CONFIG_EAP_WSC in the default build configuration. * Log wpa_supplicant output to /var/log/wpa_supplicant.$IFACE.log per default when using ifupdown to manage wpa_supplicant. wpa_supplicant supports logging somewhere via -f cli option. (Closes: #317180) * Add support for managing debug level of wpa_supplicant via the ifupdown scripts. * Enhance README.modes with new supplicant debugging methods. * Build the wpa_gui-qt4 variant now that it doesn't require qt3 support code. It also closes all child windows on File->Exit. (Closes: #426924) * wpasupplicant now Suggests wpagui. * wpa_action now logs to an interface specific logfile, and the logrotate rule was updated to take care of both the old and new locations. * Update copyright headers of ifupdown scripts, also add a few more code comments, a statement of purpose and package ownership as well as some other trivial cleanups. * Remove upgrade removal of conffiles from wpasupplicant versions that exist in oldstable and before. The preinst part of the upgrade handling was removed in pkg-wpa commit r852. * Create sendsigs omission pidfile in /lib/init/rw/sendsigs.omit.d/ for wpa_supplicant and wpa_cli processes managed by ifupdown. Determine runlevel when wpa_cli roaming daemon is active, and allow ot to be killed in runlevels 0 and 6. This allows wpa_supplicant process to survive until networking is stopped. (Closes: #401645) * Add debian/patches/03_dbus_service_activation_customise.patch to start wpa_supplicant with "-f /var/log/wpa_supplicant.log" per default. * Add debian/patches/30_scan_even_when_disconnected.patch to allow scan request to succeed even when interface is in disconnected state. * Modify debian/copyright to be machine-interpretable. Annotate all copyright holders in new format. * State clearly in debian/copyright that the BSD license has been chosen by us, the maintainers, as there is no exception to link against OpenSSL in the text of the given GPL-2 license. * No license had been chosen for the debian packaging information, so GPL-2+ has been chosen and recorded in debian/copyright. * Add debian/README.Debian-source to document handling of upstream manual pages. * Build upstream manual pages from sgml source. Build-Depend on docbook and docbook-utils. * Add debian/patches/31_wpa_gui_qt4_select_any.patch to allow selection of any network already defined in network combobox when more than 1 network is defined. * Modify debian/wpasupplicant.wpa-ifupdown.init to be no-op when sendsigs omission interface is supported. * Add debian/patches/32_append_mmd_to_default_cflags.patch to assist in allowing CFLAGS to be overriden without possible bad effects on upstream build system. -- Kel Modderman Tue, 08 Jan 2008 22:51:36 +1000 wpasupplicant (0.6.1~git20071119-1) unstable; urgency=low * New upstream git snapshot. - support for dbus >= 1.1.1 dbus_watch_get_unix_fd() api * Convert to non-cdbs traditional debhelper-centric debian/rules and remove build dependency on cdbs. This converges with style of hostapd package. * Correct poorly formatted debian/NEWS entry that was causing lintian to complain. * Cleanup files in ./debian/* - move debian/wpa_supplicant.conf.template to debian/examples/ - move debian/mk-madwifi-header-patch to debian/madwifi/ - move debian/dbus-wpa_supplicant.service to debian/dbus/ - rename debian/dot.config.mk to debian/defconfig.mk * Remove MADWIFI variable from debian/defconfig.mk. * No longer build "ndiswrapper" or "ipw" backends. Etch shipped with a kernel in which neither of these backends could work (> Linux 2.6.14) so it is about time we no longer pretended to support for them. * Activate D-Bus system activation support. Install the service file into /usr/share/dbus-1/system-service/. The filename reflects the service bus name of "fi.epitest.hostap.WPASupplicant". In addition, the service must be started by root user. Thanks to Michael Biebl. (Closes: #412179) * Build depend on docbook and docbook-utils to generate upstream manpages from sgml source. * Upstream wpa_cli(8) is no longer incorrect with regard to CONNECTED and DISCONNECTED signal events. (Closes: #432904) * Drop debian/patches/10_fix_non_wpa_zero_len_ssid.dpatch and debian/patches/50_fix_wext_tsf_stack_overflow.dpatch, applied upstream. * debian/patches/40_debian_doc_examples.dpatch does not apply to git snapshot, remove it and rethink how we can best integrate our debian specific bits. * wpa_action: check status with respect to ifupdown after CONNECTED event has ensued. If the interface is not recorded in ifupdown's state file attempt reassociation. (Closes: #428304). * Adjust logic when using sed to determine ctrl_interface socket directory from the configfile to handle ctrl_interface=DIR= GROUP= syntax. -- Kel Modderman Thu, 22 Nov 2007 17:10:29 +1000 wpasupplicant (0.6.0-4) unstable; urgency=low * Fix stack overflow condition that could exist if driver reported bad tsf data in iwevent and scan results. (Closes: #442387) * Update Vcs fields of debian/control to format of current consensus. * Add Homepage field to debian/control. -- Kel Modderman Tue, 16 Oct 2007 18:12:03 +1000 wpasupplicant (0.6.0-3) unstable; urgency=low * Add debian/mk-madwifi-header-patch, a quick and dirty bash script for generating the madwifi header patch. * Fix typo in README.modes, wpa-default-iface is really wpa-roam-default-iface. (Closes: #435718) * Simplify debian/dot.config.mk. * Confirm that the ifupdown scripts do set ssid when wpa-ssid is used with a value in /etc/network/interfaces. (Closes: #367655) * Truncate default build .config. Make madwifi config option conditional on MADWIFI variable. * Add 10_fix_non_wpa_zero_len_ssid.dpatch to fix regression inhibiting selection of non-WPA zero length ssid. (Closes: #431102) * Fix debian-rules-ignores-make-clean-error lintian error. -- Kel Modderman Sat, 25 Aug 2007 00:23:50 +1000 wpasupplicant (0.6.0-2) unstable; urgency=low * Really allow 'wpa-conf managed' to pass through. -- Kel Modderman Wed, 04 Jul 2007 17:18:45 +1000 wpasupplicant (0.6.0-1) unstable; urgency=low [Kel Modderman] * New upstream release. - restructured source layout * Adjust debian/wpasupplicant.examples, debian/wpagui.install, debian/wpasupplicant.install, debian/wpasupplicant.manpages, and debian/wpasupplicant.docs for new layout. * Redjust debian/patches/30_dbus_policy.dpatch and debian/patches/40_debian_doc_examples.dpatch to apply against new layout. * Drop debian/patches/10_config.dpatch and debian/patches/21_madwifi_includes.dpatch. * Introduce makefile fragment for wpa_supplicant .config creation. Call it from debian/rules. It is named debian/dot.config.mk. * Add WPADIR variable to debian/rules, adjust build and install targets to use WPADIR. * Update madwifi_headers patch with code from current madwifi SVN trunk. * Damage control: allow 'wpa-conf managed' to pass through without failure for those people who followed the poor example outlined in the hidden ssid's section of README.modes. Also remove the offending line from the documentaion. (Closes: #428137) [Reinhard Tartler] * Fix building wpagui. * remove debian/wpasupplicant.preinst, since we don't support upgrades from oldstable. This way we don't need to look at /var/lib/dpkg/status anymore, which is unreliable anyway. Makes lintian happy. -- Reinhard Tartler Sun, 17 Jun 2007 10:33:31 +0100 wpasupplicant (0.6.0~cvs20070224-3) unstable; urgency=low * Add netdev group if it does not exist, since we provide a dbus configuration file that insists on using that group. (Closes: #418641) -- Kel Modderman Sun, 22 Apr 2007 19:19:07 +1000 wpasupplicant (0.6.0~cvs20070224-2) unstable; urgency=low [Kel Modderman] * Update XS-Vcs fields of debian/control to reflect pkg-wpa archive change. * Update debian/copyright with new upstream URL's and Jouni's new email address. * Rename madwifi related dpatches to match that of hostapd source package. * Update debian/watch with new upstream release URL. [Reinhard Tartler] * Remove the prerm script as discussed on pkg-wpa-devel@ * upload to unstable -- Kel Modderman Mon, 09 Apr 2007 18:09:08 +1000 wpasupplicant (0.6.0~cvs20070224-1) experimental; urgency=low * New upstream development release. (Closes: #401809) * wpa_supplicant no longer segfaults on failure to initialize a network interface. (Closes: #403301, #403313) * Fixes EAP-PEAP/TTLS/FAST to use the correct EAP identifier in tunnelled identity request. (Closes: #402619) * Drop deprecated init script example. debian/wpa_supplicant.init-daemon. * Drop debian/patches/10_orinoco_wep_key_fix.dpatch as the appropriate driver fix has been included in mainline linux since 2.6.19-rc. * Drop debian/patches/21_madwifiold_20060207_includes.dpatch, madwifi-old is deprecated upstream. * Remove false instructions from NEWS file regarding madwifi-old support that has since been discarded from the source package. * Drop debian/patches/11_erroneous_manpage_ref.dpatch, applied upstream. * Remove wpa-stakey code from conf_wpasupplicant() in functions.sh since it is removed from upstream. * Allow 'wpa-essid' to do the same thing as 'wpa-ssid'. (Closes: #403316) * Update Uploader: email address. * Update private madwifi includes to r2156 of madwifi.org SVN trunk. * Make a large note in README.modes wpa-roam documentation that a ctrl_interface MUST be defined for the roaming setup to function. (Closes: #407936). * Activate wpa_supplicant's dbus interface by installing dbus-wpa_supplicant.conf to the appropriate location. (Closes: #412179) * Add debian/patches/30_dbus_policy.dpatch to allow access control to wpa_supplicant's dbus interface via the netdev group. (Michael Biebl). * Install a service file to /usr/share/dbus-1/services/ for dbus aware applications that may take advantage of that in the future (Michael Biebl). * Add support to ifupdown.sh for `wpa-mode' and `wpa-frequency' options used in IBSS mode. Note that ifupdown.sh does not do any sanity checking for the other many requirements for using wpa_supplicant in IBSS mode. * Update XS-Vcs-* fields in control file, add Vcs-Browser token. * Move debian spcific ifupdown sh glue into debian/ifupdown/. * Have prerm gracefully bring down interfaces under the influence of wpa_supplicant via wpa-ifupdown init script. * Remove unrequired `unset' usage in wpa-ifupdown.init, discard stderr of find invocations. * Don't stop dbus wpasupplicant daemon via wpa-ifupdown. * Suggest wireless-tools. (Closes: #413689) -- Kel Modderman Thu, 8 Mar 2007 03:23:51 +1000 wpasupplicant (0.5.5-4) unstable; urgency=low * Settings for wired networks are no longer ignored by functions.sh. (Closes: #401413) -- Kel Modderman Sun, 10 Dec 2006 01:25:11 +1000 wpasupplicant (0.5.5-3) unstable; urgency=low * Make needlessly global shell function variables local. Use local consistently. [debian/functions.sh] * Enhance error message when wpa-conf or wpa-roam mode is requested, but the supplied configuration file is not readable or incorrect. [debian/ifupdown.sh] * Exchange bogus copyright holder information of functions.sh, ifupdown.sh and wpa_action.sh for information reflecting the _group_ behind them. * Force ap_scan=0 for "wired" IEEE8021X type authentication. [debian/functions.sh] * Add debian specific location for example wpa_supplicant.conf files to wpa_supplicant.conf(8). (Closes: #396005) * Fix typo in wpa_supplicant(8) that referred to non-existant manpage. (Closes: #389948) * Update madwifi private includes to latest (r1794). * Add XS-X-Vcs-Svn field to debian/control file. * Shunt env var IFACE to WPA_IFACE in the ifupdown.sh, wpa_action.sh and function.sh scripts. This allows further flexibility, such as the ability to start wpa_supplicant on an arbitary interface specified by a 'wpa-iface' line in /etc/network/interfaces. -- Kel Modderman Fri, 10 Nov 2006 11:12:56 +1000 wpasupplicant (0.5.5-2) unstable; urgency=low * Update madwifi headers to latest SVN. (Closes: #388316) * Remove failed attempt at action locking. [debian/functions.sh, debian/wpa_action.sh] * Add hysteresis checking functions, to avoid "event loops" while using wpa-roam. [debian/functions.sh, debian/wpa_action.sh] * Change of co-maintainer email address. * Add ishex() function to functions.sh to determine wpa-psk value type in plaintext or hex. This effectively eliminates the need for the bogus and somewhat confusing wpa-passphrase contruct specific to our scripts and allows wpa-psk to work with either a 8 to 63 character long plaintext string or 64 character long hex string. * Adjust README.modes to not refer to the redundant wpa-passphrase stuff. * Add big fat NOTE about acceptable wpa-psk's to top of example gallery. * Strip surrounding quotes from wpa-ssid if present, instead of just whining about them. * Update email address in copyright blurb of functions.sh, ifupdown.sh and wpa_action.sh. -- Kel Modderman Thu, 5 Oct 2006 08:04:01 +1000 wpasupplicant (0.5.5-1) unstable; urgency=low * wpa_supplicant(8) now describes the -P (PID file) line option in the manpage. (Closes: #381721) * wpa_passphrase(8) is clearer about describing its purpose. * Start a paragraph in README.modes containing information about best security practises while using and configuring wpa_supplicant. For now it briefly covers the topic of file permissions. (Closes: #382241) * Implement PSK and ASCII passphrase key sanity checking, and warn user about suspicious key lengths (managed mode only). * Add leading example network conf, using wpa-passphrase, to README.modes. * README.Debian documentation changes as sugested by Eduard Bloch (Closes: #382314) - reordered sections by importance for a new user, this ensures wext info for ipw drivers is obvious (Closes: #384299) - rewrote the first chapter to give a fluent introduction, refered to wireless-tools doc - add missing .gz to README.notes path (Closes: #386603) * Reshuffle of README.modes, moving How It Works section toward the latter end to avoid stopping people from missing out on important info. * Rename 'Notes About Managed Mode' to 'Important Notes About Managed Mode'. * Clarify the status of madwifi and 'wext' in README.modes. (Closes: #382651) * Return exit status of daemon start commands. * Further cleanup of ifupdown.sh, move functions to head of script. * wpa-ifupdown no longer checks interface state. * Touch logfile before redirecting output to it via exec, to make sure it is writeable. * Split common code into /etc/wpa_supplicant/ifupdown_common.sh, so that ifupdown.sh and wpa_action.sh may share it. * Add 'wpa_action iface check' option, to test if interface is under influence of wpa_cli or not.. * Start wpa_cli daemon from post-up to avoid a race condition with the roaming daemon where association occurred before the master interface state was recorded. This would cause the mapped logical interface to fail on ifup, as wpa_action would fail to detect the state of the master interface, thus not supply the --force option. This is where a stateless ifupdown would really help. * Make conf_wpa_supplicant no-act for roaming daemon. This is important, so that we do not attach wpa_cli to the ctrl_interface socket and initiate roaming before state is tracked. * Add hints about 'auto' and 'allow-hotplug' options with respect to the roaming interface in README.modes. (Closes: #384501) * Drop patchset for commenting out large wpa_supplicant.conf, use sed instead. * Active dbus interface via CONFIG_CTRL_IFACE_DBUS, add build-dep of libdbus-1-dev to debian/control. * Upstream now provides a connect-to-open-ssid example in the large wpa_supplicant.conf file, therefore there is no need to maintain such an example. Rename wpa_connect_open_ap.conf to wpa_supplicant.conf.template and adjust docs to use this as a starting point for the wpa-roam daemon. * Install wpa_passphrase to /usr/bin, there is no need for it in early boot. * Build qt4 wpa_gui from wpa_gui dir rather than pure qt4 variant (wpa_gui-qt4) as per Jouni's advice. * Add versioned dependency on lsb-base >= 3.0-6 for use of log_action_* in wpa-ifupdown.init. (Closes: #386164) * Use correct terminology when describing wpa-roam in wpa_action(8). (Closes: #386813) -- Kel Modderman Mon, 11 Sep 2006 19:23:05 +1000 wpasupplicant (0.5.4-5) unstable; urgency=low * STDIN was not given to external mapping script correctly. Use the power of eval to fix the issue. [wpa_action.sh] * Fix stupid debian/control error: duplicate Suggests fields. -- Kel Modderman Thu, 10 Aug 2006 01:03:38 +1000 wpasupplicant (0.5.4-4) unstable; urgency=low * Add support to wpa_action.sh and ifupdown.sh for allowing external mapping logic to be used as opposed to the id_str logic. Thanks to Felix Homman for the great insight while implementing this feature. * Add a timeout loop of max 60s when waiting for an action to finish. [wpa_action.sh] * Minor cleanups wrt code comments and function placement in ifupdown.sh. * Suggest guessnet, now that it can directly "plug in" to wpa_action. Also demote iproute from Recommends to Suggests, it is not important by any means and was only added to honour a wishlist request. * Prepare for ctrl_interface socket changes in 0.5.5. It can be provided by 'DIR=foo GID=bar' or 'ctrl_interface=foo' in wpa_supplicant.conf. Our sed check for this path in ifupdown.sh should now support both alternatives. * Move LOCKFILE and LOGFILE into WPA_ namespace. [wpa_action.sh] * Use semi-colon instead of comma for verbose output as that seems to be a standard among many different applications. -- Kel Modderman Tue, 8 Aug 2006 20:04:11 +1000 wpasupplicant (0.5.4-3) unstable; urgency=low * UNRELEASED * Further optimisation of ifupdown.sh, use return values in init_wpa_supplicant() to dictate if further commands should follow, rather than exiting immediately. * Standardize echo'ing in ifupdown.sh. Add a wpa_msg() function to take care of "verbose|action|stdout|stderr" messages. * Add a 5 second timeout loop to init_wpa_supplicant() that waits for the ctrl_interface socket to be established before allowing wpa_cli to launch, and avoid a race condition. This means other functions no longer need to test for existance of the ctrl_interface socket. [ifupdown.sh] * Rename WPA_DRIVER to WPA_SUP_DRIVER to conform with name scheme of other similar variables. [ifupdown.sh] * Add (untested) wpa-bridge support to ifupdown.sh. This is an experimental upstream feature. * Major refactoring of wpa_action.sh, with all related commands put into independent shell functions. * Improve feedback from wpa_action.sh when used interactively. Give usage statement instead of simply returning "insufficient parameters". * 'wpa_action reload' is logged after the action. It is called interactively, and should also give interactive feedback. Same for 'wpa_action stop'. * Remove superfluous check for /var/log, and put logging initialisation into its own function, log_init(). [wpa_action.sh] * Shut `ip addr flush dev "$IFACE" up', it almost always has nothing to flush. * wpa-ifupdown init script now takes care of all interfaces while displaying only one line. * Don't set -e in wpa_action.sh. wpa-ifupdown script no longer takes exit status into account, and I'd prefer to account for all possible avenues of exit possible and log all encountered problems. * Really fix #375599, by containing the CTRL_IFACE_DIR path in WPA_SUP_CONF always, customised or not. The WPA_CTRL_IFACE socket was not being created when ommitted from the wpa_supplicant.conf file. * Add 'wpa-maint-debug' to enable set -x in ifupdown.sh, so that we can easy track down vague problems. * Slightly modify the way in which madwifi is activated. The default config we apply does not activate madwifi by default any longer, it is done via seperate patches; 20_include_madwifi modifies the .config file to activate the driver_madwifi backend, and adds the required CFLAGS to find the includes that are later added via one of the 21_madwifi*_includes patches. * Update madwifi includes to that of the current offering in the debian archive, r1680. * Implement basic locking for wpa_action action's for when the user callable "stop" action is executed while wpa_action is busy configuring the device. The wpa_cli daemon is killed, then wpa_action waits for the current action to finish gracefully before killing wpa_suppliant. This helps avoid inconsistencies with ifupdown when volatile conditions are experienced as part of the roaming setup (for example, driver problems causing connection loops). * Rename WPA_CLI_ACTFILE to WPA_CLI_LOCKFILE in ifupdown.sh. * Condemn the use of wpa-action scripts: - add NEWS item describing the superior alternative: wpa-roam - remove example action scripts - remove conf_wpa_cli() from ifupdown.sh * Condense README.Debian and NEWS, so that they contain only relevant items, and do not repeat the same information. * Massive enhancement of README.modes, in an attempt to relay the information about how this package, and wpa_supplicant work in debian with the greatest of clarity. * Harden tests for daemon pidfiles. No longer be satisfied that a pidfile exists, but use start-stop-daemon to test its validity by sending a signal 0. Remove pidfiles that do not pass the test. * Fix stupid $DAEMON_VEROSITY typo that was used consistently throughout script. [ifupdown.sh] * Assoctiate "down" with the stop action of wpa_action. * Thanks Marc Haber for reading over docs and notifying of some of the follwoing issues. - Fix typo "automattically" in README.modes. - Remove bogus pre-up example from wpa_action(8) and README.modes - Explain in more detail how /etc/wpa_supplicant/ifupdown.sh works in README.modes. * Add "The Logfile" section to README.modes. * Add patch from upstream to fix writing of stakey, peerkey, and id_str network configuration variables into the configuration file when update_config=1 is set. Thanks to Felix for reporting. -- Kel Modderman Thu, 3 Aug 2006 15:58:24 +1000 wpasupplicant (0.5.4-2) unstable; urgency=low [ Kel Modderman ] * End testing period. The 0.5 branch of wpa_supplicant upstream has proven to be non disruptive to users' configurations over the past few weeks, lets now allow this to propogate to testing. (Closes: #374342) * Clean up the LSB Init header block. Provide all fields as per LSB Init Script Comment Convention specification. * Do not use /usr/bin/env to interrogate the environment for IF_WPA variables, /usr may not be mounted at time of invocation. Use `set' (shell built-in) instead. (Closes: #376243) * Exit if IFSTATE_FILE or INTERFACES_FILE do not exist. Also, look for ifstate file in /var/run/network to remain compatible with Ubuntu's ifupdown divergence. (lp#51351) * Add a similar IFSTATE_FILE test to wpa-ifupdown.init, to remain compatible with Ubuntu. (lp#51351) * Update wpa_action.8 with the behaviour of wpa_action when IFSTATE_FILE or INTERFACES_FILE cannot be found, and the pathnames searched for their existance. * Mention wpa_cli(8) in Custom Action Script section of README.Debian, as it contains information about environment variables available to the script at runtime. * Also clarify dhclient wpacli-action script usage, to avoid people mistakenly cp'ing the skeleton script. * Add some info about howto revert installation of deprecated init script to NEWS file. * Add 'wpa-verbosity' switch, so that setting 'wpa-verbosity 1' in an interfaces stanza will cause wpa_supplicant's ifupdown hook to be loud. This was overlooked when #361586 was closed some time ago. * Remove return value hack in wpa_action, use set -e to exit on error instead. (Closes: #376553) * Not only flush IFACE when iproute is installed, but also use /sbin/ip to set 'up' operstate as well. * Default to wext without exception. Remove the check for wireless extensions via /proc/net/wireless, and prevent driver type of "wired" from being selected in the case that the iface may not be "prepared" yet. (Closes: #376651) * Remove duplicating pidfile shell var's in wpa_action.sh by simply making them global. [ Reinhard Tartler ] * Note that ap_scap=2 can help speeding up associations (Closes: #368770) * wpa_action: flush the ip addr, if the package iproute is installed * wpa_action: add action 'reload' to reload the wpa_supplicant configuration * debian/control: add iproute to Recommends -- Kel Modderman Wed, 5 Jul 2006 18:42:06 +1000 wpasupplicant (0.5.4-1) unstable; urgency=low * New upstream release. * WPA_CRTL_DIR environment variable is now exported to action scripts, we will use it to print a status report after a CONNECTED event. * Make logfile contents easier to read by adding a break between each ACTION event. * Recommend dhcp3-client, it handles consecutive wpa_action events with more grace than dhcp-client by not starting multiple dhclient processes on the same interface. * Don't remove wpa_action logfile on 'stop'. * Enhance wpa_action(8) to better explain the concept of a LOGICAL interface. * Install wpa_passphrase to /bin. (Closes: #373948) * Manpages have been slightly enhanced, and now briefly explain wpa_cli action environment variables and wpa_supplicant -C and -g options. (Closes: #372615) * Rename wpa_cli daemon pidfile to wpa_action.IFACE.pid for wpa-roam. * Further env variable testing cleanups to ifupdown.sh. * Global rename of WPA_COMMON_CTRL_IFACE to WPA_CTRL_DIR, as this is used for the same purposes upstream. * No longer penalise users for not having ctrl_interface explicitly contained within their wpa_supplicant.conf. (Closes: #375599) * Move WPA_ACTION_SCRIPT sanity checking into init_wpa_supplicant() to avoid ifupdown.sh exiting when bringing down an interface when ifup previously failed due to a missing or non-executable action script. * Add numerous code comments to ifupdown.sh. * Move WPA_CLI_OPTIONS and WPA_SUP_OPTIONS into their respective init() functions. * wpa_action now logs 'stop' events to file, updated manpage. * Split wpa_action logging into two parts, event and environment. Only wpa_cli events will echo env var's. * wpa_action exits with retval of ifdown command on 'stop' event. * Add workaround for sendsigs (initscripts) terminating wpa_supplicant processes before networking is shutdown gracefully. An init script wpa-ifupdown is called at sequence number 15 in runlevels 0 and 6 to bring down all interfaces that were started via ifupdown.sh. -- Kel Modderman Tue, 27 Jun 2006 20:29:33 +1000 wpasupplicant (0.5.3+20060522-3) unstable; urgency=low [Reinhard Tartler] * review and make the warnings in debian/NEWS even more obvious. * advertise the manpage wpa_action(8) and the implemented roaming solution better. [Kel Modderman] * Bugfix: /etc/network/ifstate is not guarenteed to exist, we should grep /etc/network/run/ifstate in wpa_action. (Closes: #373179) * Include madwifi old development headers and provide a series of steps to enable support for users of the madwifi-old driver in debian/NEWS. * Restore init script example and information about its usage. * Use INTERFACES_FILE and IFSTATE_FILE in wpa_action.sh. Thanks for idea from Modestas Vainius. -- Kel Modderman Wed, 14 Jun 2006 01:13:08 +1000 wpasupplicant (0.5.3+20060522-2) experimental; urgency=low * Warn user and exit when wpa-roam is not started with manual inet METHOD. * Remove awk line to "guess" a network_id, instead create the new block and store output of wpa_cli in WPA_ID. (make sure that -i IFACE is used) * Rename wpa_cli_wrapper() to wpa_cli() and make it absoluetly generic, including only the IFACE and path to ctrl_iface socket. * Introduce wpa_cli_do() and rewrite conf_wpa_supplicant() to enhance readability and maintainability. * Make WPA_ID variable local to conf_wpa_supplicant() * Exit with status 1 when wpa-action fails. * Move test's into init/conf/kill function header and clean up phase specific case constructs at the tail of ifupdown.sh. * Ensure lang barrier does not interfere with wpa_cli, use LC_ALL=C. * Add patch from Dan Williams that works around a problem specific to wep keys and orinoco chipsets. * Update madwifing_includes dpatch to latest madwifi.org svn. * Add WPAGUI to debian/rules, so that only one change has to be made to use a different wpa_gui target. Remove $(WPAGUI)/Makefile in clean target. * Purge and forget about the old init example script. -- Kel Modderman Sat, 10 Jun 2006 22:25:58 +1000 wpasupplicant (0.5.3+20060522-1) experimental; urgency=low * New upstream development snapshot. * Oops: Disable CONFIG_EAP_SAKE. (Closes: #366937) * Rename debian/wpasupplicant.ifupdown to debian/ifupdown.sh. There is no need for that script to be named that way, as it may falsely seem to be handled by a debhelper target. * Don't attempt to send terminate signal via wpa_cli when start-stop-daemon can be used. * Use debhelper 5 compat level. * Use wpa_gui-qt4, and build-depend on libqt4-dev. * Use WPA_ID instead of NW_ID to make variable similar with what upstream uses for a similar purpose (unique identifier). * Add ifupdown environment var's to verbose output to assist in debugging. * Fix some typo's (engine_id, key_id) in ifupdown.sh. * ifupdown.sh no longer busy-loops when using an action script with wpa-action-timeout 0. Thanks to Elmar Hoffmann! * Allow wpa_cli action daemon to engage before configuring wpa_supplicant via wpa_cli set_network commands to avoid a possibly racy condition. * Move VERBOSITY variable to the beginning of ifupdown.sh, with the others. * Indent shell code in wpacli-action-* scripts. * Bumb Standards-Version to 3.7.2. * Allow for future PHASE specific stuff in start MODE of ifupdown.sh. * Move the action script sanity checks out of init_wpa_supplicant into common section of ifupdown.sh. * Create wpa_cli_wrapper to assist in major code clean up and future maintenance of ifupdown.sh. * Support madwifi-ng private ioctl's with the inclusion of the headers from madwifi.org svn trunk. (At the expense of not supporting the madwifi-old driver, which is deprecated by upstream madwifi) * Add wpa_action.sh to provide /sbin/wpa_action and facilitate roaming via ifupdown and network settings defined in /etc/network/interfaces (refer to wpa_action(8) for more details). -- Kel Modderman Sun, 28 May 2006 20:33:38 +1000 wpasupplicant (0.5.3-1) experimental; urgency=low * New upstream development release. * Orphaned daemons that are spawned during an ifup process that is manually terminated are now checked for and killed. * Don't make noise when we are not using the manual inet method and wpa-action is used. * Warn about non-executable action script. * Ensure wpa_cli actfile is destroyed. * Make start-stop-daemon verbose when VERBOSITY is set. * Renumber dpatches for sanity. * Make ifupdown script modular; split into shell functions. * Fix typo in README.Debian, referring to a non-existant location. * Disconnect and terminate existing ctrl_interface sockets. -- Kel Modderman Sat, 29 Apr 2006 14:53:51 +1000 wpasupplicant (0.5.2-3) experimental; urgency=low [ Kel Modderman ] * Remove bad information about wpa-driver-file in docs. * Actually fall back to wext as DRIVER type in example init script. * Fix typo in debian/control, remove suggests of dhcp*-client alltogether. * Remove bogus commands to set eapol_version and fast_reauth. They cannot be set via wpa_cli. * Make preauthenticate a global wpa_cli setting, rather than a per-ssid one. * Kill dhclient process after a DISCONNECT signal in dhclient action script example. * Document that the action script must must be executable. * Fix check for wireless extensions for when there is not whitespace after $IFACE:. * grep for $IFACE in /proc/net/dev to verify it is a valid network interface. * Improve documentation about wpa-driver, and further clarify that all wpa_cli commands should be supported in e/n/i by prefixing them with "wpa-". * Add a note about wpa-action-timeout. [ Reinhard Tartler ] * remove last reference to /etc/default/wpasupplicant. It is gone, don't revive zombies! * small cleanups in debian/rules * further clarifications in README.Debian -- Kel Modderman Tue, 11 Apr 2006 22:05:06 +1000 wpasupplicant (0.5.2-2) experimental; urgency=low [ Kel Modderman ] * Bump debian revision to upgrade over the previously version uploaded to experimental, which has sufficiently changed since that time to warrant rebasing the package upon the 0.4.8-1 release to unstable. * Make ifupdown script exit silently when binaries are not found or executable. * When ifupdown exits with an error status, do not hide the echo'd problem description behind the VERBOSITY environment variable. * Remove check for wpa_cli pidfile when executing an action script. This check was racy, and not always successful. Sometimes, the device was marked as up without allowing the action script a chance to finish. * Improve feedback for wpa_cli action script daemon. * Ensure WPA_CLI_ACTFILE is removed when wpa_cli is terminated. * Fix typo in ifupdown script that later propogated into some example information in README.debian (wpa-apscan should have been wpa-ap-scan). Provide backwards compatibility for this change for those who already followed the example. * Check for existing pidfiles before executing daemons via ifupdown. [ Reinhard Tartler ] * enable driver test * add eap_testing.txt to documentation * enhance Readme.txt -- Kel Modderman Tue, 4 Apr 2006 06:40:35 +1000 wpasupplicant (0.4.8-1) unstable; urgency=low [ Reinhard Tartler ] * Finally bringing in the new Upstream version with the ap scan patch for wpa-cli, required by network-manager (Closes: #356072) * Dropping Mode 3 (start by init script) (Closes: #356842, #357760) * add hint for associating to hidden ssids (Closes: #358137) * add a note for faciliating debugging connection problems * add this note to README.modes as well. * remove or backup obsolete conffiles /etc/network/if-p{re-up,ost-down}.d/wpasupplicant * install the wpasupplicant.conf(5) manpage (Closes: #358138) * don't start wpa_supplicant for loopback interface (Closes: #359814) * add explanation about action scripts, mentioning that we expect now the action script to create a file indicating that the interface is ready for use. * add warning in NEWS.Debian that upgrading to this package requires manual intervention by the local admin. * move old 'default configuration' to /usr/share/doc/wpasupplicant/examples as example for connecting to open APs. * remove version restriction from preinst. This means that obsoleted conffiles are always removed! * moved the ifupdown script to /etc/wpa_supplicant/ifupdown.sh * added note about binaries beeing moved to /sbin [ Scott James Remnant ] * Undo 0.4.8-0ubuntu2's replacement of the preinst/postinst/postrm triad, which replaced the upgrade-failure proof and policy compliant code with "something else". * Restore change to ifupdown script that makes "wpa-conf" unnecessary. * Move /etc/wpa_supplicant.conf to /etc/wpa_supplicant/wpa_supplicant.conf if the user has modified it, otherwise remove it and install the new file. * Remove 0_ from if-*.d symlink names as we don't force an order or even serialisation. [ Kel Modderman ] * Remove check for /proc/net/packet. (Closes: M#37121) * Add timeout loop when launching a wpa_cli action script in conjunction with the manual inet METHOD, to allow other ifupdown hooks to post-configure the interface just as they would have if using a standard method such as dhcp or static. Introduce WPA_CLI_ACTFILE to allow a wpa_cli action script to signal connected state to ifupdown. * Add skeleton wpa_cli action script to examples. * Simplify wpasupplicant.examples. * Don't install wpa_supplcant.defconf as the default wpa_supplicant conffile, our users don't want that file interrogated by anyone, even dpkg. -- Reinhard Tartler Fri, 31 Mar 2006 10:58:16 +0200 wpasupplicant (0.4.8-0ubuntu3) dapper; urgency=low * Add 40_ctrl_iface_hide_keys.dpatch to hide passwords and PINs from our logfiles, preventing an information disclosure vulnerability. -- Adam Conrad Wed, 29 Mar 2006 23:49:26 +1100 wpasupplicant (0.4.8-0ubuntu2) dapper; urgency=low [ Kel Modderman ] - done in debian experimental for version 0.5.2-1 * New upstream release. * Add myself to Uploaders. * Convert to cdbs. - rewrite debian/rules to take advantage of cdbs - update control file build-deps * Update README.modes. - clarify that wext is used by default, when no driver is specified - fix exmaple of wpa-psk using a plaintext string - fix typo's * Fold pre-up scripts into one, and symlink from /etc/network/if-{pre-up,down}.d/wpasupplicant * Use VERBOSITY of ifupdown to assist debugging of wpa stanza's in /etc/network/interfaces. * Add support for wpa_cli action scripts. * Use start-stop-daemon to initiate wpa_supplicant and wpa_cli background processes. * Daemons now create pidfiles. * Quote tested var's in wpasupplicant.init. * Quote all var's in wpsupplicant.default for uniformity. * Move wpa_* to /sbin. * Conffile for wpa_supplicant now installed to /etc/wpa_supplicant/wpa_supplicant.conf. That directory will hold any other files that we may require to use wpa_supplicant. * Don't start wpasupplicant pre-up if the current kernel lacks support for "Packet Socket" (CONFIG_PACKET=y). * Fix blunders in the init script. - typo, $PIFFILE should have been $PIDFILE - init script exited when a configuration file WAS found * Force init daemon's pidfile to be the same as wpasupplicant.ifupdown uses, to avoid duplicate wpa_supplicant processes binding to the same interface. * Remove the margin for error from the init daemon, by forcing the default variables to be set. Helpful and informative comments were placed in the default file. The init script will exit if these variables are not set correctly. (Closes: #357957) * Add comment to defconf about ctrl_interface and wpa_cli. * Add comments to previously uncommented dpatch's. * Include proof-of-concept dhlcient wpa-action script. Suggest dhcp(3)-client. * Thanks to Henrik Brix Andersen from gentoo for the ideas and inspriration for some of the above changes. [ Reinhard Tartler ] * compile wpa_gui with qt3 rather than qt4. (in order to faciliate backporting to sarge) * revert to debhelper 4 * take the complete packaging from our experimental branch. The last upload did not document all changes properly (see the list above), and had still a lot of issues. * fixing typo in the preinst -- Reinhard Tartler Mon, 27 Mar 2006 15:28:22 +0200 wpasupplicant (0.5.1-1) experimental; urgency=low [ Reinhard Tartler ] * New Upstream Release. This is the current development branch of wpasupplicant. * revised the init script for supporting roaming mode * introduce README.modes explaining the differnet modes of operation * install manpage wpa_supplicant.conf(5) (Closes: #358138) * make wpasupplicant create a PID file (Closes: #355052) * Revise wpasupplicant.postinst (Closes: #322176) [ Kel Modderman ] * New experimental ifupdown scripts. (Closes: #322176, #356205, #356144) * Drop wpasupplicant.{postrm,postinst,override,docs}. * Use dh_installchangelogs to handle upstream changelog. * Enforce permissions on installed files. * Clean up handling of madwifi includes - dpatch contains description of origin - dpatch does not modify upstream, use CFLAGS to include madwifi headers * Add wpa_background manpage provided by upstream. -- Kel Modderman Tue, 14 Mar 2006 23:00:47 +1000 wpasupplicant (0.4.8-0ubuntu1) dapper; urgency=low * New upstream release: - Various bug fixes - Support for EAP-FAST key derivation using other ciphers than RC4-128-SHA for authentication and AES128-SHA for provisioning. - UVF exception granted by Kamion. * Packaging and configuration is based on Debian Experimental however, making this package something of a bastard love child of what's in Debian. * Deliberately dropped support for wpasupplicant being run at startup to make it easier for Ubuntu to support. It's now run on a per-interface basis when the interface is brought up. Consult /usr/share/doc/wpasupplicant/README.Debian for documentation if upgrading from universe. * Unlike Debian the wpa-conf /etc/network/interfaces is only needed for explicitly giving a configuration file; simply include any setting for wpa to be used. * Binaries moved to /sbin for seb128. -- Scott James Remnant Thu, 23 Mar 2006 23:29:57 +0000 wpasupplicant (0.4.7-4) unstable; urgency=low [Daniel T Chen] * Convert rcS.d script to use /etc/network/if-p{ost-down,re-up}.d instead. Remove the rcS.d script installed in 0.4.7-0ubuntu{1,2}. If you manually modified /etc/network/interfaces to use the pre-up and post-down directives with wpasupplicant, please remove them. Thanks to Scott James Remnant for the guidance. (Closes: #304032) [Kel Modderman - submitted via bug #353530] (Closes: #353530) * Use upstream manpages. * added watch file * cleanups in debian/rules * Install wpagui manpage to man8 * Use qmake-qt4 directly, to avoid ftbfs on systems with other qt versions installed. [Reinhard Tartler] * Merged with ubuntu package * added myself to Uploaders * use debhelper 5 * remove debian/wpasupplicant.conffiles, debhelper handles this on its own * renamed ChangeLog.gz to changelog.gz, (Policy 12.7) * installed lintian override for possible multiple calling of update-rc.d. This is necessary to support different upgrade paths. * revised postinst, so that updating initskript links happens in when configuring the package only * introduce debian/NEWS, documenting importants bits of debian/changelogs, and a bit about future development of wpasupplicant * verified working WPA EAP-TLS on ipw2200. (Closes: #317548) * /etc/init.d/wpasupplicant is now a initscript which is not started on startup by default. (see changes by Daniel T Chen). lintian is not happy about this, so another lintian override was added -- Reinhard Tartler Fri, 24 Feb 2006 18:27:52 +0100 wpasupplicant (0.4.7-3) unstable; urgency=low * Another brown paper bag release. * Fix mistype of $CONFIG_FILE variable name in default script. Also make this the same variable checked for existance in the init script, as that was another bug I missed. (closes: #350900) -- Kyle McMartin Wed, 01 Feb 2006 09:21:41 -0500 wpasupplicant (0.4.7-2) unstable; urgency=low * Brown paper bag release. * Add description for wpagui binary package... -- Kyle McMartin Sat, 28 Jan 2006 16:51:56 -0500 wpasupplicant (0.4.7-1) unstable; urgency=low * New upstream version. (closes: #347347) * New binary package, wpa_gui; build-deps on Qt4. (closes: #332654) * Move wpasupplicant to run in rcS, before networking. This will likely upset a few people, but as wpasupplicant can wait for the interface to exist before doing anything, it shouldn't cause any real problems. (closes: #310136) * Document in default config file that EAP-FAST will not work without a patch to OpenSSL. (closes: #322174) * Comment out most of the default config file, some people kept the whole file verbatim, causing OpenSSL to try and load some uncommon libraries people likely didn't have installed, resulting in wpasupplicant segfaulting (closes: #330138, #336423) * Also for #336423, Suggest: libengine-pkcs11-openssl, and document why. * Make more noise when the daemon fails to run. (closes: #346265) * Don't advertise that -i may not be required in default/wpasupplicant, this option was removed as it did not scale to handle multiple interfaces. (closes: #322175) * Document typical location of config file in manpage. Note, wpasupplicant no longer implicitly finds a config file. (closes: #315963) * Add simple WPA-PSK example to default config file. (closes: #331533) * Split up $OPTIONS in default/wpasupplicant. (closes: #331533) -- Kyle McMartin Sat, 28 Jan 2006 02:30:27 -0500 wpasupplicant (0.4.6-0.2) unstable; urgency=low * New upstream version (closes: #335487). * This version is designed for Wireless Extensions 19 and so will work with Linux kernel 2.6.14. Closes: #338131. * Note that WPA support was added in Wireless Extensions 18 and should therefore exist in new (2.6.14-compliant) drivers, including ipw2200 v1.0.8. In order to take advantage of this new support you need to invoke wpasupplicant with the wext driver ("-D wext" in /etc/default/wpasupplicant for instance, instead of "-D ipw" say). Probably closes also #304087 and #317548, but I'm not going to confirm that just for an NMU. * Added comments to README.Debian amounting to the above. * Borrowed some of Norbert Preining's improvements: - add debhelper token to postrm script - fix address of FSF in copyright file - bump standards version to 3.6.2 (Kyle, when you get back to this package, find Norbert's other changes upgrading to debhelper 4 in bug #338131). * Set NMU version to 0.2 for Norbert's convenience. * Marked /etc/init.d/wpasupplicant as a conffile (should really use debhelper4 to take care of this, but I'm not going to make the other changes needed for this). -- Drew Parsons Thu, 10 Nov 2005 20:34:35 +1100 wpasupplicant (0.4.4-1) unstable; urgency=low * New upstream version. * Ship a default /etc/wpa_supplicant.conf which associates with any open access point. (closes: #287220, #322171, #315964) * /etc/default/wpasupplicant is no longer mode 755 (closes: #315031) * Add a postrm script, oops, overlooked this initially... (closes: #327522) * Fix hyphen/minus in man pages. (closes: #296310) * patches/ - 01_config + update + Enable wired driver. (closes: #325296) + Add EAP_FAST to config, but comment it out. EAP_FAST requires a patch to openssl before it is compileable. - 10_madwifi_includes + update from madwifi CVS. (closes: #326226) -- Kyle McMartin Sat, 24 Sep 2005 12:35:02 -0400 wpasupplicant (0.4.2-1) unstable; urgency=low * New upstream release. * Add debhelper flag to postinst. -- Kyle McMartin Sat, 18 Jun 2005 19:04:02 -0400 wpasupplicant (0.4.1-0) unstable; urgency=low * New upstream release. * This release was not uploaded. -- Kyle McMartin Sun, 29 May 2005 17:40:11 -0400 wpasupplicant (0.4.0-1) unstable; urgency=low * New upstream release. * patches/ - 12_ipw_open_aps + remove patch: It seems to cause problems with associating with open access points. - 11_madwifi_open_aps + remove patch, fixed upstream driver_madwifi: fixed association in plaintext mode -- Kyle McMartin Sat, 30 Apr 2005 11:28:01 -0400 wpasupplicant (0.3.8-1) unstable; urgency=low * New upstream release. * This release fixes a crash due to a buffer overflow, caused by a missing validation step on EAPOL-Key frames. Receiving malformed frames trigger the crash. More information available in the notes: http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html * Fix some badness with the init script. Missed the -B option to daemonize wpa_supplicant... pidfile is not currently being used as it requires modifying wpa_supplicant. * patches/ - 12_ipw_open_aps (closes: #295143) + merge patch against driver_ipw to fix association with open access points. -- Kyle McMartin Tue, 15 Feb 2005 00:51:28 -0500 wpasupplicant (0.3.7-1) unstable; urgency=low * New upstream stable release. * Add preliminary init script for wpasupplicant. Currently it will start after pcmcia, for obvious reasons. (closes: #287219) * patches/ - 11_madwifi_open_aps (closes: #294909) + merge patch against driver_madwifi to fix association with open access points. -- Kyle McMartin Sat, 12 Feb 2005 22:56:11 -0500 wpasupplicant (0.3.2-2) unstable; urgency=low * patches/ - 06_default_ifname + support a default interface specified in wpa_supplicant.conf -- Kyle McMartin Sun, 23 Jan 2005 03:26:01 -0500 wpasupplicant (0.3.2-1) unstable; urgency=low * New upstream release. * From upstream changelog, and verified: (closes: #286443) + fixed private key loading for cases where passphrase is not set -- Kyle McMartin Mon, 20 Dec 2004 10:22:11 -0500 wpasupplicant (0.3.1-2) unstable; urgency=low * Add CONFIG_CTRL_IFACE=y option to maintain old configuration file compatibility. -- Kyle McMartin Sat, 18 Dec 2004 14:03:19 -0500 wpasupplicant (0.3.1-1) unstable; urgency=low * The "Kyle is a lazy, lazy, lazy hacker" release. * Removed patch for ipw2100, as it's been integrated upstream. (closes: #281979) * Remove default wpa_supplicant.conf from /etc, since we aren't installing a configuration file that will work by default. Instead, it has been moved to /usr/share/doc/wpasupplicant/examples. * Enable a few more options. Unfortunately support for Broadcom's wl.o must be disabled, since it requires a header file with an "All Rights Reserved" copyright. LinuxAnt DriverLoader is similarly disabled, though NDISWrapper is supported. -- Kyle McMartin Thu, 16 Dec 2004 12:39:01 -0500 wpasupplicant (0.2.5-2) unstable; urgency=low * Merged patch from Lorenzo Martignoni, to enable support for WPA on the Intel IPW2100 wireless chipset (aka: Centrino). -- Kyle McMartin Sat, 23 Oct 2004 15:21:11 -0400 wpasupplicant (0.2.5-1) unstable; urgency=low * New upstream version. (closes: #276368) -- Kyle McMartin Tue, 12 Oct 2004 09:10:19 -0400 wpasupplicant (0.2.4-2) unstable; urgency=low * patches/ - 01_config + enable TLS support (and various other non-default configurations) - 05_default_conf + patch to use "/etc/wpa_supplicant.conf" by default, instead of prompting for the configuration on the command line. * Add Build-Depends on libssl-dev, used by various EAPs. -- Kyle McMartin Sun, 12 Sep 2004 11:16:19 -0400 wpasupplicant (0.2.4-1) unstable; urgency=low * Initial release. * patches/ - 01_config + default configuration - 10_madwifi + support for wireless cards using the madwifi driver -- Kyle McMartin Sun, 5 Sep 2004 13:19:27 -0400 debian/source.lintian-overrides0000664000000000000000000000026012271776544014065 0ustar # there are no upstream tarballs for the hostapd-1.git branch at the moment, # please use debian/rules' get-orig-source target instead wpa source: debian-watch-file-is-missing debian/ifupdown/0000775000000000000000000000000012305662656011036 5ustar debian/ifupdown/wpa_action.80000664000000000000000000001210712271776544013260 0ustar .TH WPA_ACTION "8" "26 May 2006" "" "" .SH NAME wpa_action \- wpa_cli action script .SH SYNOPSIS \fBwpa_action\fR \fIIFACE ACTION\fR .SH "DESCRIPTION" \fBwpa_action\fR is a shell script designed to control the \fBifupdown\fR framework according to \fIACTION\fR events received from \fBwpa_supplicant\fR. \fBwpa_cli\fR receives \fICONNECTED\fR and \fIDISCONNECTED\fR events from \fBwpa_supplicant\fR via the crtl_iface socket and gives the \fIACTION\fR event to the \fBwpa_action\fR script as an argument, along with the \fIIFACE\fR to be acted upon. .PP \fBwpa_action\fR also receives an environment variable from \fBwpa_cli\fR, \fIWPA_ID_STR\fR, containing an alphanumeric identification string for the \fICURRENT\fR network block. \fIWPA_ID_STR\fR is provided by the 'id_str' network block option of \fBwpa_supplicant.conf\fR, and provides a means to map the \fIACTION\fR to a \fILOGICAL\fR interface configured in the \fBinterfaces\fR file. .PP If either the ifupdown \fBinterfaces\fR or \fIifstate\fR file cannot be found, \fBwpa_action\fR will exit silently (status 0). \fBwpa_action\fR will search the following locations for their existance: .nf /etc/network/run/ifstate /var/run/network/ifstate /etc/network/interfaces .fi .PP .SH IFACE Network interface to be acted upon, for example 'eth1' or 'wlan0'. .SH ACTION An \fIACTION\fR to be performed on the \fIIFACE\fR. .TP \fBCONNECTED\fR \fBwpa_supplicant\fR has completed authentication. \fBifup\fR \fIIFACE=WPA_ID_STR\fR is invoked and the action is logged to syslog. Network settings for the \fILOGICAL\fR interface \fIWPA_ID_STR\fR are applied. .TP \fBDISCONNECTED\fR \fBwpa_supplicant\fR has detected disconnection. \fBifdown\fR \fIIFACE=WPA_ID_STR\fR is invoked and the action is logged to syslog. Network settings for the \fILOGICAL\fR interface \fIWPA_ID_STR\fR are undone. .TP \fBstop\fR The 'stop' \fIACTION\fR is a called manually by the user, to stop the \fBwpa_cli\fR daemon, invoke \fBifdown\fR \fIIFACE\fR (if the \fIIFACE\fR is present in the \fIifstate\fR file) and stop the \fBwpa_supplicant\fR daemon. .TP \fBreload\fR The 'reload' \fIACTION\fR can be used to reload the \fBwpa_supplicant\fR configuration file specified by \fIwpa-roam\fR . 'restart' is a synonym for 'reload' and can be used equally. The action is logged to \fI/var/log/wpa_action.log\fR. .SH ENVIRONMENT An alphanumeric identification string provided by the 'id_str' network block option of \fBwpa_supplicant.conf\fR is exported to \fBwpa_action\fR as an environment variable, \fIWPA_ID_STR\fR. When 'id_str' is not configured for the \fICURRENT\fR network block, 'default' is substituted for the absent \fIWPA_ID_STR\fR environment variable. .PP A unique network identifier, \fIWPA_ID\fR, is exported to \fBwpa_action\fR. It is the number assigned to the \fICURRENT\fR \fBwpa_supplicant\fR network block (network_id). .SH USAGE The only reasons for \fBwpa_action\fR to be explicitly executed by the user is to stop \fBwpa_cli\fR from controlling \fBifupdown\fR or reload the \fIwpa_supplicant.conf\fR file after editing. .PP .RS \fBwpa_action\fR \fIeth1 stop\fR .RE .PP Otherwise, \fBwpa_action\fR is given as an argument to a \fBwpa_cli\fR daemon. .PP .RS \fBwpa_cli\fR \fI-i eth1 -a /sbin/wpa_action -B\fR .RE .PP This can be done by using the \fIwpa-roam\fR option in the \fBinterfaces\fR file. \fIwpa-roam\fR takes one argument, a user provided \fBwpa_supplicant.conf\fR file. .PP The inet \fIMETHOD\fR must be 'manual' for this interface, as it will be configured according to \fBwpa_cli\fR action events. Also supply a 'default' \fBinterfaces\fR stanza using the dhcp inet \fIMETHOD\fR so that networks without an 'id_str' option can fallback to attempting to receive an ip via dhcp. If one or more networks requires additional network configuration, provide an unique 'id_str' for each network, and an \fBinterfaces\fR stanza using the 'id_str' value as a \fILOGICAL\fR interface. The following interfaces file is configured to use dhcp for any network without an 'id_str', a static ip for the network with an 'id_str' of 'home_static' and dhcp plus an additional post-up command for the network with an 'id_str' of 'uni'. .PP An example wpa_supplicant.conf configured to roam between 3 different networks: .PP .RS .nf network={ ssid="foo" id_str="uni" key_mgmt=NONE } network={ ssid="bar" id_str="home_static" psk=123456789... } network={ ssid="" key_mgmt=NONE } .fi .RE .PP The corresponding \fBinterfaces\fR file would contain \fILOGICAL\fR interfaces, that correlate to each unique 'id_str' provided by the configuration file: .PP .RS .nf iface eth1 inet manual wpa-driver wext wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf iface default inet dhcp iface uni inet dhcp iface home_static inet static address 192.168.0.20 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 .fi .RE .PP .SH SEE ALSO \fBwpa_cli(8)\fR, \fBwpa_supplicant(8)\fR, \fBwpa_supplicant.conf(5)\fR, \fBifup(8)\fR, \fBinterfaces(5)\fR .SH AUTHOR This manual page was written by Kel Modderman for the Debian GNU system (but may be used by others). debian/ifupdown/hostapd.sh0000664000000000000000000000607512271776544013050 0ustar #!/bin/sh # Copyright (C) 2006-2009 Debian hostapd maintainers # Faidon Liambotis # Kel Modderman # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # On Debian GNU/Linux systems, the text of the GPL license, # version 2, can be found in /usr/share/common-licenses/GPL-2. # quit if we're called for lo if [ "$IFACE" = lo ]; then exit 0 fi if [ -n "$IF_HOSTAPD" ]; then HOSTAPD_CONF="$IF_HOSTAPD" else exit 0 fi HOSTAPD_BIN="/usr/sbin/hostapd" HOSTAPD_PNAME="hostapd" HOSTAPD_PIDFILE="/var/run/hostapd.$IFACE.pid" HOSTAPD_OMIT_PIDFILE="/run/sendsigs.omit.d/hostapd.$IFACE.pid" if [ ! -x "$HOSTAPD_BIN" ]; then exit 0 fi if [ "$VERBOSITY" = "1" ]; then TO_NULL="/dev/stdout" else TO_NULL="/dev/null" fi hostapd_msg () { case "$1" in verbose) shift echo "$HOSTAPD_PNAME: $@" > "$TO_NULL" ;; stderr) shift echo "$HOSTAPD_PNAME: $@" > /dev/stderr ;; *) ;; esac } test_hostapd_pidfile () { if [ -n "$1" ] && [ -f "$2" ]; then if start-stop-daemon --stop --quiet --signal 0 \ --exec "$1" --pidfile "$2"; then return 0 else rm -f "$2" return 1 fi else return 1 fi } init_hostapd () { HOSTAPD_OPTIONS="-B -P $HOSTAPD_PIDFILE $HOSTAPD_CONF" HOSTAPD_MESSAGE="$HOSTAPD_BIN $HOSTAPD_OPTIONS" test_hostapd_pidfile "$HOSTAPD_BIN" "$HOSTAPD_PIDFILE" && return 0 hostapd_msg verbose "$HOSTAPD_MESSAGE" start-stop-daemon --start --oknodo --quiet --exec "$HOSTAPD_BIN" \ --pidfile "$HOSTAPD_PIDFILE" -- $HOSTAPD_OPTIONS > "$TO_NULL" if [ "$?" -ne 0 ]; then return "$?" fi HOSTAPD_PIDFILE_WAIT=0 until [ -s "$HOSTAPD_PIDFILE" ]; do if [ "$HOSTAPD_PIDFILE_WAIT" -ge 5 ]; then hostapd_msg stderr \ "timeout waiting for pid file creation" return 1 fi HOSTAPD_PIDFILE_WAIT=$(($HOSTAPD_PIDFILE_WAIT + 1)) sleep 1 done cat "$HOSTAPD_PIDFILE" > "$HOSTAPD_OMIT_PIDFILE" return 0 } kill_hostapd () { HOSTAPD_MESSAGE="stopping $HOSTAPD_PNAME via pidfile: $HOSTAPD_PIDFILE" test_hostapd_pidfile "$HOSTAPD_BIN" "$HOSTAPD_PIDFILE" || return 0 hostapd_msg verbose "$HOSTAPD_MESSAGE" start-stop-daemon --stop --oknodo --quiet --exec "$HOSTAPD_BIN" \ --pidfile "$HOSTAPD_PIDFILE" > "$TO_NULL" [ "$HOSTAPD_OMIT_PIDFILE" ] && rm -f "$HOSTAPD_OMIT_PIDFILE" } case "$MODE" in start) case "$PHASE" in pre-up) init_hostapd || exit 1 ;; *) hostapd_msg stderr "unknown phase: \"$PHASE\"" exit 1 ;; esac ;; stop) case "$PHASE" in post-down) kill_hostapd ;; *) hostapd_msg stderr "unknown phase: \"$PHASE\"" exit 1 ;; esac ;; *) hostapd_msg stderr "unknown mode: \"$MODE\"" exit 1 ;; esac exit 0 debian/ifupdown/wpasupplicant.sh0000664000000000000000000001113012271776544014264 0ustar #!/bin/sh ##################################################################### ## Purpose # This file is executed by ifupdown in pre-up, post-up, pre-down and # post-down phases of network interface configuration. It allows # ifup(8), and ifdown(8) to manage wpa_supplicant(8) and wpa_cli(8) # processes running in daemon mode. # # /etc/wpa_supplicant/functions.sh is sourced by this file. # # This file is provided by the wpasupplicant package. ##################################################################### # Copyright (C) 2006 - 2009 Debian/Ubuntu wpasupplicant Maintainers # # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # On Debian GNU/Linux systems, the text of the GPL license, # version 2, can be found in /usr/share/common-licenses/GPL-2. if [ -n "$IF_WPA_MAINT_DEBUG" ]; then set -x fi # quit if we're called for the loopback if [ "$IFACE" = lo ]; then exit 0 fi # allow wpa_supplicant interface to be specified via wpa-iface # useful for starting wpa_supplicant on one interface of a bridge if [ -n "$IF_WPA_IFACE" ]; then WPA_IFACE="$IF_WPA_IFACE" else WPA_IFACE="$IFACE" fi # source functions if [ -f /etc/wpa_supplicant/functions.sh ]; then . /etc/wpa_supplicant/functions.sh else exit 0 fi # quit if executables are not installed if [ ! -x "$WPA_SUP_BIN" ] || [ ! -x "$WPA_CLI_BIN" ]; then exit 0 fi do_start () { if test_wpa_cli; then # if wpa_action is active for this IFACE, do nothing ifupdown_locked && exit 0 # if the administrator is calling ifup, say something useful if [ "$PHASE" = "pre-up" ]; then wpa_msg stderr "wpa_action is managing ifup/ifdown state of $WPA_IFACE" wpa_msg stderr "execute \`ifdown --force $WPA_IFACE' to stop wpa_action" fi exit 1 elif ! set | grep -q "^IF_WPA"; then # no wpa- option defined for IFACE, do nothing exit 0 fi # ensure stale ifupdown_lock marker is purged ifupdown_unlock # preliminary sanity checks for roaming daemon if [ -n "$IF_WPA_ROAM" ]; then if [ "$METHOD" != "manual" ]; then wpa_msg stderr "wpa-roam can only be used with the \"manual\" inet METHOD" exit 1 fi if [ -n "$IF_WPA_MAPPING_SCRIPT" ]; then if ! type "$IF_WPA_MAPPING_SCRIPT" >/dev/null; then wpa_msg stderr "wpa-mapping-script \"$IF_WPA_MAPPING_SCRIPT\" is not valid" exit 1 fi fi if [ -n "$IF_WPA_MAPPING_SCRIPT_PRIORITY" ] && [ -z "$IF_WPA_MAPPING_SCRIPT" ]; then wpa_msg stderr "\"wpa-mapping-script-priority 1\" is invalid without a wpa-mapping-script" exit 1 fi IF_WPA_CONF="$IF_WPA_ROAM" WPA_ACTION_SCRIPT="/sbin/wpa_action" fi # master function; determines if ifupdown.sh should do something or not if [ -n "$IF_WPA_CONF" ] && [ "$IF_WPA_CONF" != "managed" ]; then if [ ! -s "$IF_WPA_CONF" ]; then wpa_msg stderr "cannot read contents of $IF_WPA_CONF" exit 1 fi WPA_SUP_CONF_CTRL_DIR=$(sed -n -e 's/[[:space:]]*#.*//g' -e 's/[[:space:]]\+.*$//g' \ -e 's/^ctrl_interface=\(DIR=\)\?\(.*\)/\2/p' "$IF_WPA_CONF") if [ -n "$WPA_SUP_CONF_CTRL_DIR" ]; then WPA_CTRL_DIR="$WPA_SUP_CONF_CTRL_DIR" WPA_SUP_CONF="-c $IF_WPA_CONF" else # specify the default ctrl_interface since none was defined in # the given IF_WPA_CONF WPA_SUP_CONF="-c $IF_WPA_CONF -C $WPA_CTRL_DIR" fi else # specify the default ctrl_interface WPA_SUP_CONF="-C $WPA_CTRL_DIR" fi } do_stop () { if test_wpa_cli; then # if wpa_action is active for this IFACE and calling ifdown, # do nothing ifupdown_locked && exit 0 elif test_wpa_supplicant; then # wpa_supplicant process exists for this IFACE, but wpa_cli # process does not. Allow stop mode to kill this process. : else exit 0 fi } case "$MODE" in start) do_start case "$PHASE" in pre-up) kill_wpa_supplicant init_wpa_supplicant || exit 1 conf_wpa_supplicant || { kill_wpa_supplicant; exit 1; } ;; post-up) init_wpa_cli || { kill_wpa_supplicant; exit 1; } ;; esac ;; stop) do_stop case "$PHASE" in pre-down) kill_wpa_cli ;; post-down) kill_wpa_supplicant ;; *) wpa_msg stderr "unknown phase: \"$PHASE\"" exit 1 ;; esac ;; *) wpa_msg stderr "unknown mode: \"$MODE\"" exit 1 ;; esac exit 0 debian/ifupdown/wpa_action0000664000000000000000000000330712271776544013114 0ustar #!/bin/sh # Copyright (C) 2006 - 2009 Debian/Ubuntu wpasupplicant Maintainers # # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # On Debian GNU/Linux systems, the text of the GPL license, # version 2, can be found in /usr/share/common-licenses/GPL-2. if [ -n "$IF_WPA_ROAM_MAINT_DEBUG" ]; then set -x fi if [ -z "$1" ] || [ -z "$2" ]; then echo "Usage: $0 IFACE ACTION" exit 1 fi # network interface WPA_IFACE="$1" # [CONNECTED|DISCONNECTED|stop|reload|check] WPA_ACTION="$2" if [ -f /etc/wpa_supplicant/functions.sh ]; then . /etc/wpa_supplicant/functions.sh else exit 0 fi case "$WPA_ACTION" in "CONNECTED") wpa_log_env wpa_hysteresis_check || exit 1 wpa_hysteresis_event if ifup; then wpa_cli status | wpa_msg log else wpa_cli status | wpa_msg log wpa_cli reassociate fi ;; "DISCONNECTED") wpa_log_env wpa_hysteresis_check || exit 1 ifdown if_post_down_up ;; "stop"|"down") test_wpa_cli && kill_wpa_cli ifdown test_wpa_supplicant && kill_wpa_supplicant ;; "restart"|"reload") test_wpa_supplicant || exit 1 reload_wpa_supplicant ;; "check") test_wpa_supplicant || exit 1 test_wpa_cli || exit 1 ;; *) echo "Unknown action: \"$WPA_ACTION\"" exit 1 ;; esac exit 0 debian/ifupdown/action_wpa.sh0000664000000000000000000000166112271776544013526 0ustar #!/bin/sh # Action script to enable/disable wpa-roam interfaces in reaction to # ifplugd events. # # Copyright: Copyright (c) 2008-2010, Kel Modderman # License: GPL-2 # PATH=/sbin:/usr/sbin:/bin:/usr/bin if [ ! -x /sbin/wpa_action ]; then exit 0 fi # ifplugd(8) - # # If an ifplugd managed interface is brought up, disconnect any # wpa-roam managed interfaces so that only one "roaming" interface # remains active on the system. IFPLUGD_IFACE="${1}" case "${2}" in up) COMMAND=disconnect ;; down) COMMAND=reconnect ;; *) echo "$0: unknown arguments: ${@}" >&2 exit 1 ;; esac for CTRL in /var/run/wpa_supplicant/*; do [ -S "${CTRL}" ] || continue IFACE="${CTRL#/var/run/wpa_supplicant/}" # skip if ifplugd is managing this interface if [ "${IFPLUGD_IFACE}" = "${IFACE}" ]; then continue fi if wpa_action "${IFACE}" check; then wpa_cli -i "${IFACE}" "${COMMAND}" fi done debian/ifupdown/functions.sh0000664000000000000000000006246312271776544013421 0ustar #!/bin/sh ##################################################################### ## Purpose # This file contains common shell functions used by scripts of the # wpasupplicant package to allow ifupdown to manage wpa_supplicant. # It also contains some functions used by wpa_action(8) that allow # ifupdown to be managed by wpa_cli(8) action events. # # This file is provided by the wpasupplicant package. ##################################################################### # Copyright (C) 2006 - 2009 Debian/Ubuntu wpasupplicant Maintainers # # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # On Debian GNU/Linux systems, the text of the GPL license, # version 2, can be found in /usr/share/common-licenses/GPL-2. ##################################################################### ## global variables # wpa_supplicant variables WPA_SUP_BIN="/sbin/wpa_supplicant" WPA_SUP_PNAME="wpa_supplicant" WPA_SUP_PIDFILE="/var/run/wpa_supplicant.${WPA_IFACE}.pid" WPA_SUP_OMIT_DIR="/run/sendsigs.omit.d" WPA_SUP_OMIT_PIDFILE="${WPA_SUP_OMIT_DIR}/wpasupplicant.wpa_supplicant.${WPA_IFACE}.pid" # wpa_cli variables WPA_CLI_BIN="/sbin/wpa_cli" WPA_CLI_PNAME="wpa_cli" WPA_CLI_PIDFILE="/var/run/wpa_action.${WPA_IFACE}.pid" WPA_CLI_TIMESTAMP="/var/run/wpa_action.${WPA_IFACE}.timestamp" WPA_CLI_IFUPDOWN="/var/run/wpa_action.${WPA_IFACE}.ifupdown" # default ctrl_interface socket directory if [ -z "$WPA_CTRL_DIR" ]; then WPA_CTRL_DIR="/var/run/wpa_supplicant" fi # verbosity variables if [ -n "$IF_WPA_VERBOSITY" ] || [ "$VERBOSITY" = "1" ]; then TO_NULL="/dev/stdout" DAEMON_VERBOSITY="--verbose" else TO_NULL="/dev/null" DAEMON_VERBOSITY="--quiet" fi ##################################################################### ## wpa_cli wrapper # Path to common ctrl_interface socket and iface supplied. # NB: WPA_CTRL_DIR cannot be used for interactive commands, it is # set only in the environment that wpa_cli provides when processing # action events. # wpa_cli () { "$WPA_CLI_BIN" -p "$WPA_CTRL_DIR" -i "$WPA_IFACE" "$@" return "$?" } ##################################################################### ## verbose and stderr message wrapper # Ensures a standard and easily identifiable message is printed by # scripts using this function library. # # log Log a message to syslog when called non-interactively # by wpa_action # # verbose To stdout when IF_WPA_VERBOSITY or VERBOSITY is true # # action Same as verbose but without newline # Useful for allowing wpa_cli commands to echo result # value of 'OK' or 'FAILED' # # stderr Echo warning or error messages to stderr # # NB: when called by wpa_action, there is no redirection (verbose) # wpa_msg () { if [ "$1" = "log" ]; then shift case "$WPA_ACTION" in "CONNECTED"|"DISCONNECTED") [ -x /usr/bin/logger ] || return if [ "$#" -gt 0 ]; then logger -t "wpa_action" "$@" else logger -t "wpa_action" fi ;; *) [ "$#" -gt 0 ] && echo "wpa_action: $@" ;; esac return fi case "$1" in "verbose") shift echo "$WPA_SUP_PNAME: $@" >$TO_NULL ;; "action") shift echo -n "$WPA_SUP_PNAME: $@ -- " >$TO_NULL ;; "stderr") shift echo "$WPA_SUP_PNAME: $@" >/dev/stderr ;; *) ;; esac } ##################################################################### ## validate daemon pid files # Test daemon process ID files via start-stop-daemon with a signal 0 # given the exec binary and pidfile location. # # $1 daemon # $2 pidfile # # Returns true when pidfile exists, the process ID exists _and_ was # created by the exec binary. # # If the test fails, but the pidfile exists, it is stale # test_daemon_pidfile () { local DAEMON local PIDFILE if [ -n "$1" ]; then DAEMON="$1" fi if [ -f "$2" ]; then PIDFILE="$2" fi if [ -n "$DAEMON" ] && [ -f "$PIDFILE" ]; then if start-stop-daemon --stop --quiet --signal 0 \ --exec "$DAEMON" --pidfile "$PIDFILE"; then return 0 else rm -f "$PIDFILE" return 1 fi else return 1 fi } # validate wpa_supplicant pidfile test_wpa_supplicant () { test_daemon_pidfile "$WPA_SUP_BIN" "$WPA_SUP_PIDFILE" } # validate wpa_cli pidfile test_wpa_cli () { test_daemon_pidfile "$WPA_CLI_BIN" "$WPA_CLI_PIDFILE" } ##################################################################### ## daemonize wpa_supplicant # Start wpa_supplicant via start-stop-dameon with all required # options. Will start if environment variable WPA_SUP_CONF is present # # Default options: # -B dameonize/background process # -D driver backend ('wext' if none given) # -P process ID file # -C path to ctrl_interface socket directory # -s log to syslog # # Conditional options: # -c configuration file # -W wait for wpa_cli to attach to ctrl_interface socket # -b bridge interface name # -f path to log file # init_wpa_supplicant () { [ -n "$WPA_SUP_CONF" ] || return 0 local WPA_SUP_OPTIONS WPA_SUP_OPTIONS="-s -B -P $WPA_SUP_PIDFILE -i $WPA_IFACE" if [ -n "$WPA_ACTION_SCRIPT" ]; then if [ -x "$WPA_ACTION_SCRIPT" ]; then WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -W" wpa_msg verbose "wait for wpa_cli to attach" else wpa_msg stderr "action script \"$WPA_ACTION_SCRIPT\" not executable" return 1 fi fi if [ -n "$IF_WPA_BRIDGE" ]; then WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -b $IF_WPA_BRIDGE" wpa_msg verbose "wpa-bridge $IF_WPA_BRIDGE" fi if [ -n "$IF_WPA_DRIVER" ]; then wpa_msg verbose "wpa-driver $IF_WPA_DRIVER" case "$IF_WPA_DRIVER" in hostap|ipw|madwifi|ndiswrapper) WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -D nl80211,wext" wpa_msg stderr "\"$IF_WPA_DRIVER\" wpa-driver is unsupported" wpa_msg stderr "using \"nl80211,wext\" wpa-driver instead ..." ;; *) WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -D $IF_WPA_DRIVER" ;; esac else WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -D nl80211,wext" wpa_msg verbose "wpa-driver nl80211,wext (default)" fi if [ -n "$IF_WPA_DEBUG_LEVEL" ]; then case "$IF_WPA_DEBUG_LEVEL" in 3) WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -t -ddd" ;; 2) WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -t -dd" ;; 1) WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -t -d" ;; 0) # wpa_supplicant default verbosity ;; -1) WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -q" ;; -2) WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -qq" ;; esac wpa_msg verbose "using debug level: $IF_WPA_DEBUG_LEVEL" fi if [ -n "$IF_WPA_LOGFILE" ]; then # custom log file WPA_SUP_OPTIONS="$WPA_SUP_OPTIONS -f $IF_WPA_LOGFILE" WPA_SUP_LOGFILE="$IF_WPA_LOGFILE" wpa_msg verbose "logging to $IF_WPA_LOGFILE" fi wpa_msg verbose "$WPA_SUP_BIN $WPA_SUP_OPTIONS $WPA_SUP_CONF" start-stop-daemon --start --oknodo $DAEMON_VERBOSITY \ --name $WPA_SUP_PNAME --startas $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE \ -- $WPA_SUP_OPTIONS $WPA_SUP_CONF if [ "$?" -ne 0 ]; then wpa_msg stderr "$WPA_SUP_BIN daemon failed to start" return 1 fi local WPA_PIDFILE_WAIT local MAX_WPA_PIDFILE_WAIT WPA_PIDFILE_WAIT="0" MAX_WPA_PIDFILE_WAIT="5" until [ -s "$WPA_SUP_PIDFILE" ]; do if [ "$WPA_PIDFILE_WAIT" -ge "$MAX_WPA_PIDFILE_WAIT" ]; then wpa_msg stderr "timed out waiting for creation of $WPA_SUP_PIDFILE" return 1 else wpa_msg verbose "waiting for \"$WPA_SUP_PIDFILE\": " \ "$WPA_PIDFILE_WAIT (max. $MAX_WPA_PIDFILE_WAIT)" fi WPA_PIDFILE_WAIT=$(($WPA_PIDFILE_WAIT + 1)) sleep 1 done if [ -d "${WPA_SUP_OMIT_DIR}" ]; then wpa_msg verbose "creating sendsigs omission pidfile: $WPA_SUP_OMIT_PIDFILE" cat "$WPA_SUP_PIDFILE" > "$WPA_SUP_OMIT_PIDFILE" fi local WPA_SOCKET_WAIT local MAX_WPA_SOCKET_WAIT WPA_SOCKET_WAIT="0" MAX_WPA_SOCKET_WAIT="5" until [ -S "$WPA_CTRL_DIR/$WPA_IFACE" ]; do if [ "$WPA_SOCKET_WAIT" -ge "$MAX_WPA_SOCKET_WAIT" ]; then wpa_msg stderr "ctrl_interface socket not found at $WPA_CTRL_DIR/$WPA_IFACE" return 1 else wpa_msg verbose "waiting for \"$WPA_CTRL_DIR/$WPA_IFACE\": " \ "$WPA_SOCKET_WAIT (max. $MAX_WPA_SOCKET_WAIT)" fi WPA_SOCKET_WAIT=$(($WPA_SOCKET_WAIT + 1)) sleep 1 done wpa_msg verbose "ctrl_interface socket located at $WPA_CTRL_DIR/$WPA_IFACE" } ##################################################################### ## stop wpa_supplicant process # Kill wpa_supplicant via start-stop-daemon, given the location of # the pidfile or ctrl_interface socket path and interface name # kill_wpa_supplicant () { test_wpa_supplicant || return 0 wpa_msg verbose "terminating $WPA_SUP_PNAME daemon via pidfile $WPA_SUP_PIDFILE" start-stop-daemon --stop --oknodo $DAEMON_VERBOSITY \ --exec $WPA_SUP_BIN --pidfile $WPA_SUP_PIDFILE if [ -f "$WPA_SUP_PIDFILE" ]; then rm -f "$WPA_SUP_PIDFILE" fi if [ -f "$WPA_SUP_OMIT_PIDFILE" ]; then wpa_msg verbose "removing $WPA_SUP_OMIT_PIDFILE" rm -f "$WPA_SUP_OMIT_PIDFILE" fi } ##################################################################### ## reload wpa_supplicant process # Sending a HUP signal causes wpa_supplicant to reparse its # configuration file # reload_wpa_supplicant () { if test_wpa_supplicant; then wpa_msg verbose "reloading wpa_supplicant configuration file via HUP signal" start-stop-daemon --stop --signal HUP \ --name "$WPA_SUP_PNAME" --pidfile "$WPA_SUP_PIDFILE" else wpa_msg verbose "cannot $WPA_ACTION, $WPA_SUP_PIDFILE does not exist" fi } ##################################################################### ## daemonize wpa_cli and action script # If environment variable WPA_ACTION_SCRIPT is present, wpa_cli will # be spawned via start-stop-daemon # # Required options: # -a action script => wpa_action # -P process ID file # -B background process # init_wpa_cli () { [ -n "$WPA_ACTION_SCRIPT" ] || return 0 local WPA_CLI_OPTIONS WPA_CLI_OPTIONS="-B -P $WPA_CLI_PIDFILE -i $WPA_IFACE" wpa_msg verbose "$WPA_CLI_BIN $WPA_CLI_OPTIONS -p $WPA_CTRL_DIR -a $WPA_ACTION_SCRIPT" start-stop-daemon --start --oknodo $DAEMON_VERBOSITY \ --name $WPA_CLI_PNAME --startas $WPA_CLI_BIN --pidfile $WPA_CLI_PIDFILE \ -- $WPA_CLI_OPTIONS -p $WPA_CTRL_DIR -a $WPA_ACTION_SCRIPT if [ "$?" -ne 0 ]; then wpa_msg stderr "$WPA_CLI_BIN daemon failed to start" return 1 fi } ##################################################################### ## stop wpa_cli process # Kill wpa_cli via start-stop-daemon, given the location of the # pidfile # kill_wpa_cli () { test_wpa_cli || return 0 wpa_msg verbose "terminating $WPA_CLI_PNAME daemon via pidfile $WPA_CLI_PIDFILE" start-stop-daemon --stop --oknodo $DAEMON_VERBOSITY \ --exec $WPA_CLI_BIN --pidfile $WPA_CLI_PIDFILE if [ -f "$WPA_CLI_PIDFILE" ]; then rm -f "$WPA_CLI_PIDFILE" fi if [ -f "$WPA_CLI_TIMESTAMP" ]; then rm -f "$WPA_CLI_TIMESTAMP" fi if [ -L "$WPA_CLI_IFUPDOWN" ]; then rm -f "$WPA_CLI_IFUPDOWN" fi } ##################################################################### ## higher level wpa_cli wrapper for variable and set_network commands # wpa_cli_do [set_network variable] # # $1 envorinment variable # $2 data type of variable {raw|ascii} # $3 wpa_cli variable, if $3 is set_network, shift and take # set_network subvariable # $4 wpa-* string as it would appear in interfaces file, enhances # verbose messages # wpa_cli_do () { if [ -z "$1" ]; then return 0 fi local WPACLISET_VALUE local WPACLISET_VARIABLE local WPACLISET_DESC case "$2" in ascii) # Double quote WPACLISET_VALUE="\"$1\"" ;; raw|*) # Provide raw value WPACLISET_VALUE="$1" ;; esac case "$3" in set_network) if [ -z "$WPA_ID" ]; then return 1 fi shift WPACLISET_VARIABLE="set_network $WPA_ID $3" ;; *) WPACLISET_VARIABLE="$3" ;; esac case "$4" in *-psk|*-passphrase|*-passwd*|*-wep-key*) WPACLISET_DESC="$4 *****" ;; *) WPACLISET_DESC="$4 $WPACLISET_VALUE" ;; esac wpa_msg action "$WPACLISET_DESC" wpa_cli $WPACLISET_VARIABLE "$WPACLISET_VALUE" >$TO_NULL if [ "$?" -ne 0 ]; then wpa_msg stderr "$WPACLISET_DESC failed!" fi } ##################################################################### ## check value data type in plaintext or hex # returns 0 if input consists of hexadecimal digits only, 1 otherwise # ishex () { if [ -z "$1" ]; then return 0 fi case "$1" in *[!0-9a-fA-F]*) # plaintext return 1 ;; *) # hexadecimal return 0 ;; esac } ##################################################################### ## sanity check and set psk|passphrase # Warn about strange psk|passphrase values # # $1 psk or passphrase value # # If psk is surrounded by quotes strip them. # # If psk contains all hexadecimal characters and string length is 64: # is 256bit hexadecimal # else: # is plaintext # # plaintext passphrases must be 8 - 63 characters in length # 256-bit hexadecimal key must be 64 characters in length # wpa_key_check_and_set () { if [ "$#" -ne 3 ]; then return 0 fi local KEY local KEY_LEN local KEY_TYPE local ENC_TYPE case "$1" in '"'*'"') # Strip surrounding quotation marks KEY=$(echo -n "$1" | sed 's/^"//;s/"$//') ;; *) KEY="$1" ;; esac KEY_LEN="${#KEY}" case "$2" in wep_key*) ENC_TYPE="WEP" ;; psk) ENC_TYPE="WPA" ;; *) return 0 ;; esac if [ "$ENC_TYPE" = "WEP" ]; then if ishex "$KEY"; then case "$KEY_LEN" in 10|26|32|58) # 64/128/152/256-bit WEP KEY_TYPE="raw" ;; *) KEY_TYPE="ascii" ;; esac else KEY_TYPE="ascii" fi if [ "$KEY_TYPE" = "ascii" ]; then if [ "$KEY_LEN" -lt "5" ]; then wpa_msg stderr "WARNING: plaintext or ascii WEP key has $KEY_LEN characters," wpa_msg stderr "it must have at least 5 to be valid." fi fi elif [ "$ENC_TYPE" = "WPA" ]; then if ishex "$KEY"; then case "$KEY_LEN" in 64) # 256-bit WPA KEY_TYPE="raw" ;; *) KEY_TYPE="ascii" ;; esac else KEY_TYPE="ascii" fi if [ "$KEY_TYPE" = "ascii" ]; then if [ "$KEY_LEN" -lt "8" ] || [ "$KEY_LEN" -gt "63" ]; then wpa_msg stderr "WARNING: plaintext or ascii WPA key has $KEY_LEN characters," wpa_msg stderr "it must have between 8 and 63 to be valid." wpa_msg stderr "If the WPA key is a 256-bit hexadecimal key, it must have" wpa_msg stderr "exactly 64 characters." fi fi fi wpa_cli_do "$KEY" "$KEY_TYPE" set_network "$2" "$3" } ##################################################################### ## formulate a usable configuration from interfaces(5) wpa- lines # A series of wpa_cli commands corresponding to environment variables # created as a result of wpa- lines in an interfaces stanza. # # NB: no-act when roaming daemon is used (to avoid prematurely # attaching to ctrl_interface socket) # conf_wpa_supplicant () { if [ -n "$WPA_ACTION_SCRIPT" ]; then return 0 fi if [ "$IF_WPA_DRIVER" = "wired" ]; then IF_WPA_AP_SCAN="0" wpa_msg verbose "forcing ap_scan=0 (required for wired IEEE8021X auth)" fi if [ -n "$IF_WPA_ESSID" ]; then # #403316, be similar to wireless tools IF_WPA_SSID="$IF_WPA_ESSID" fi wpa_cli_do "$IF_WPA_AP_SCAN" raw \ ap_scan wpa-ap-scan wpa_cli_do "$IF_WPA_PREAUTHENTICATE" raw \ preauthenticate wpa-preauthenticate if [ -n "$IF_WPA_SSID" ] || [ "$IF_WPA_DRIVER" = "wired" ] || \ [ -n "$IF_WPA_KEY_MGMT" ]; then case "$IF_WPA_SSID" in '"'*'"') IF_WPA_SSID=$(echo -n "$IF_WPA_SSID" | sed 's/^"//;s/"$//') ;; *) ;; esac WPA_ID=$(wpa_cli add_network) wpa_msg verbose "configuring network block -- $WPA_ID" wpa_cli_do "$IF_WPA_SSID" ascii \ set_network ssid wpa-ssid wpa_cli_do "$IF_WPA_PRIORITY" raw \ set_network priority wpa-priority wpa_cli_do "$IF_WPA_BSSID" raw \ set_network bssid wpa-bssid if [ -s "$IF_WPA_PSK_FILE" ]; then IF_WPA_PSK=$(cat "$IF_WPA_PSK_FILE") fi # remain compat with wpa-passphrase-file if [ -s "$IF_WPA_PASSPHRASE_FILE" ]; then IF_WPA_PSK=$(cat "$IF_WPA_PASSPHRASE_FILE") fi # remain compat with wpa-passphrase if [ -n "$IF_WPA_PASSPHRASE" ]; then IF_WPA_PSK="$IF_WPA_PASSPHRASE" fi if [ -n "$IF_WPA_PSK" ]; then wpa_key_check_and_set "$IF_WPA_PSK" \ psk wpa-psk fi wpa_cli_do "$IF_WPA_PAIRWISE" raw \ set_network pairwise wpa-pairwise wpa_cli_do "$IF_WPA_GROUP" raw \ set_network group wpa-group wpa_cli_do "$IF_WPA_MODE" raw \ set_network mode wpa-mode wpa_cli_do "$IF_WPA_FREQUENCY" raw \ set_network frequency wpa-frequency wpa_cli_do "$IF_WPA_SCAN_FREQ" raw \ set_network scan_freq wpa-scan-freq wpa_cli_do "$IF_WPA_FREQ_LIST" raw \ set_network freq_list wpa-freq-list wpa_cli_do "$IF_WPA_KEY_MGMT" raw \ set_network key_mgmt wpa-key-mgmt wpa_cli_do "$IF_WPA_PROTO" raw \ set_network proto wpa-proto wpa_cli_do "$IF_WPA_AUTH_ALG" raw \ set_network auth_alg wpa-auth-alg wpa_cli_do "$IF_WPA_SCAN_SSID" raw \ set_network scan_ssid wpa-scan-ssid wpa_cli_do "$IF_WPA_IDENTITY" ascii \ set_network identity wpa-identity wpa_cli_do "$IF_WPA_ANONYMOUS_IDENTITY" ascii \ set_network anonymous_identity wpa-anonymous-identity wpa_cli_do "$IF_WPA_EAP" raw \ set_network eap wpa-eap wpa_cli_do "$IF_WPA_EAPPSK" raw \ set_network eappsk wpa-eappsk wpa_cli_do "$IF_WPA_NAI" ascii \ set_network nai wpa-nai wpa_cli_do "$IF_WPA_PASSWORD" ascii \ set_network password wpa-password wpa_cli_do "$IF_WPA_CA_CERT" ascii \ set_network ca_cert wpa-ca-cert wpa_cli_do "$IF_WPA_CA_PATH" ascii \ set_network ca_path wpa-ca-path wpa_cli_do "$IF_WPA_CLIENT_CERT" ascii \ set_network client_cert wpa-client-cert wpa_cli_do "$IF_WPA_PRIVATE_KEY" ascii \ set_network private_key wpa-private-key wpa_cli_do "$IF_WPA_PRIVATE_KEY_PASSWD" ascii \ set_network private_key_passwd wpa-private-key-passwd wpa_cli_do "$IF_WPA_DH_FILE" ascii \ set_network dh_file wpa-dh-file wpa_cli_do "$IF_WPA_SUBJECT_MATCH" ascii \ set_network subject_match wpa-subject-match wpa_cli_do "$IF_WPA_ALTSUBJECT_MATCH" ascii \ set_network altsubject_match wpa-altsubject-match wpa_cli_do "$IF_WPA_CA_CERT2" ascii \ set_network ca_cert2 wpa-ca-cert2 wpa_cli_do "$IF_WPA_CA_PATH2" ascii \ set_network ca_path2 wpa-ca-path2 wpa_cli_do "$IF_WPA_CLIENT_CERT2" ascii \ set_network client_cert2 wpa-client-cert2 wpa_cli_do "$IF_WPA_PRIVATE_KEY2" ascii \ set_network private_key2 wpa-private-key2 wpa_cli_do "$IF_WPA_PRIVATE_KEY_PASSWD2" ascii \ set_network private_key_passwd2 wpa-private-key-passwd2 wpa_cli_do "$IF_WPA_DH_FILE2" ascii \ set_network dh_file2 wpa-dh-file2 wpa_cli_do "$IF_WPA_SUBJECT_MATCH2" ascii \ set_network subject_match2 wpa-subject-match2 wpa_cli_do "$IF_WPA_ALTSUBJECT_MATCH2" ascii \ set_network altsubject_match2 wpa-altsubject-match2 wpa_cli_do "$IF_WPA_EAP_METHODS" raw \ set_network eap_methods wpa-eap-methods wpa_cli_do "$IF_WPA_PHASE1" ascii \ set_network phase1 wpa-phase1 wpa_cli_do "$IF_WPA_PHASE2" ascii \ set_network phase2 wpa-phase2 wpa_cli_do "$IF_WPA_PCSC" raw \ set_network pcsc wpa-pcsc wpa_cli_do "$IF_WPA_PIN" ascii \ set_network pin wpa-pin wpa_cli_do "$IF_WPA_ENGINE" raw \ set_network engine wpa-engine wpa_cli_do "$IF_WPA_ENGINE_ID" ascii \ set_network engine_id wpa-engine-id wpa_cli_do "$IF_WPA_KEY_ID" ascii \ set_network key_id wpa-key-id wpa_cli_do "$IF_WPA_EAPOL_FLAGS" raw \ set_network eapol_flags wpa-eapol-flags if [ -n "$IF_WPA_WEP_KEY0" ]; then wpa_key_check_and_set "$IF_WPA_WEP_KEY0" \ wep_key0 wpa-wep-key0 fi if [ -n "$IF_WPA_WEP_KEY1" ]; then wpa_key_check_and_set "$IF_WPA_WEP_KEY1" \ wep_key1 wpa-wep-key1 fi if [ -n "$IF_WPA_WEP_KEY2" ]; then wpa_key_check_and_set "$IF_WPA_WEP_KEY2" \ wep_key2 wpa-wep-key2 fi if [ -n "$IF_WPA_WEP_KEY3" ]; then wpa_key_check_and_set "$IF_WPA_WEP_KEY3" \ wep_key3 wpa-wep-key3 fi wpa_cli_do "$IF_WPA_WEP_TX_KEYIDX" raw \ set_network wep_tx_keyidx wpa-wep-tx-keyidx wpa_cli_do "$IF_WPA_PROACTIVE_KEY_CACHING" raw \ set_network proactive_key_caching wpa-proactive-key-caching wpa_cli_do "$IF_WPA_PAC_FILE" ascii \ set_network pac_file wpa-pac-file wpa_cli_do "$IF_WPA_PEERKEY" raw \ set_network peerkey wpa-peerkey wpa_cli_do "$IF_FRAGMENT_SIZE" raw \ set_network fragment_size wpa-fragment-size wpa_cli_do "$IF_WPA_ID_STR" ascii \ set_network id_str wpa-id-str wpa_cli_do "$WPA_ID" raw \ enable_network "enabling network block" fi } ##################################################################### ## Log wpa_cli environment variables wpa_log_env () { wpa_msg log "WPA_IFACE=$WPA_IFACE WPA_ACTION=$WPA_ACTION" wpa_msg log "WPA_ID=$WPA_ID WPA_ID_STR=$WPA_ID_STR WPA_CTRL_DIR=$WPA_CTRL_DIR" } ##################################################################### ## hysteresis checking # Networking tools such as dhcp clients used with ifupdown can # synthesize artificial ACTION events, particuarly just after a # DISCONNECTED/CONNECTED events are experienced in quick succession. # This can lead to infinite event loops, and in extreme cases has the # potential to cause system instability. # wpa_hysteresis_event () { echo "$(date +%s)" > "$WPA_CLI_TIMESTAMP" 2>/dev/null } wpa_hysteresis_check () { if [ -f "$WPA_CLI_TIMESTAMP" ]; then local TIME local TIMESTAMP local TIMEWAIT TIME=$(date +%s) # current time minus 4 second event buffer TIMEWAIT=$(($TIME-4)) # get time of last event TIMESTAMP=$(cat $WPA_CLI_TIMESTAMP) # compare values, allowing new action to be processed # only if last action was more than 4 seconds ago if [ "$TIMEWAIT" -le "$TIMESTAMP" ]; then wpa_msg log "$WPA_ACTION event blocked by hysteresis check" return 1 fi fi return 0 } ##################################################################### ## ifupdown locking functions # A collection of rudimentary locking functions to lock ifup/ifdown # actions. # ifupdown_lock () { ln -s lock "$WPA_CLI_IFUPDOWN" } ifupdown_locked () { [ -L "$WPA_CLI_IFUPDOWN" ] && return 0 return 1 } ifupdown_unlock () { rm -f "$WPA_CLI_IFUPDOWN" } ##################################################################### ## apply mapping logic and ifup logical interface # Apply mapping logic via id_str or external mapping script, check # state of IFACE with respect to ifupdown and ifup logical interaface # ifup () { local INTERFACES_FILE local IFSTATE_FILE local IFUP_RETVAL local WPA_LOGICAL_IFACE if [ -e /etc/network/interfaces ]; then INTERFACES_FILE="/etc/network/interfaces" else wpa_msg log "/etc/network/interfaces does not exist, $WPA_IFACE will not be configured" return 1 fi if [ -e /etc/network/run/ifstate ]; then # debian's ifupdown IFSTATE_FILE="/etc/network/run/ifstate" elif [ -e /var/run/network/ifstate ]; then # ubuntu's IFSTATE_FILE="/var/run/network/ifstate" else unset IFSTATE_FILE fi if [ -z "$IF_WPA_MAPPING_SCRIPT_PRIORITY" ] && [ -n "$WPA_ID_STR" ]; then WPA_LOGICAL_IFACE="$WPA_ID_STR" fi if [ -z "$WPA_LOGICAL_IFACE" ] && [ -n "$IF_WPA_MAPPING_SCRIPT" ]; then local WPA_MAP_STDIN WPA_MAP_STDIN=$(set | sed -n 's/^\(IF_WPA_MAP[0-9]*\)=.*/echo \$\1/p') if [ -n "$WPA_MAP_STDIN" ]; then WPA_LOGICAL_IFACE=$(eval "$WPA_MAP_STDIN" | "$IF_WPA_MAPPING_SCRIPT" "$WPA_IFACE") else WPA_LOGICAL_IFACE=$("$IF_WPA_MAPPING_SCRIPT" "$WPA_IFACE") fi if [ -n "$WPA_LOGICAL_IFACE" ]; then wpa_msg log "mapping script result: $WPA_LOGICAL_IFACE" else wpa_msg log "mapping script failed." fi fi if [ -z "$WPA_LOGICAL_IFACE" ]; then if [ -n "$IF_WPA_ROAM_DEFAULT_IFACE" ]; then WPA_LOGICAL_IFACE="$IF_WPA_ROAM_DEFAULT_IFACE" else WPA_LOGICAL_IFACE="default" fi fi if [ -n "$WPA_LOGICAL_IFACE" ]; then if egrep -q "^iface[[:space:]]+${WPA_LOGICAL_IFACE}[[:space:]]+inet" "$INTERFACES_FILE"; then : # logical network is defined else wpa_msg log "network settings not defined for $WPA_LOGICAL_IFACE in $INTERFACES_FILE" WPA_LOGICAL_IFACE="default" fi wpa_msg log "ifup $WPA_IFACE=$WPA_LOGICAL_IFACE" ifupdown_lock if [ -n "$IFSTATE_FILE" ] && grep -q "^$WPA_IFACE=$WPA_IFACE" "$IFSTATE_FILE"; then # Force settings over the unconfigured "master" IFACE /sbin/ifup -v --force "$WPA_IFACE=$WPA_LOGICAL_IFACE" else /sbin/ifup -v "$WPA_IFACE=$WPA_LOGICAL_IFACE" fi IFUP_RETVAL="$?" ifupdown_unlock fi if [ -d "${WPA_SUP_OMIT_DIR}" ]; then wpa_msg log "creating sendsigs omission pidfile: $WPA_SUP_OMIT_PIDFILE" cat "$WPA_SUP_PIDFILE" > "$WPA_SUP_OMIT_PIDFILE" fi return "$IFUP_RETVAL" } ##################################################################### ## ifdown IFACE # Check IFACE state and ifdown as requested. # ifdown () { wpa_msg log "ifdown $WPA_IFACE" ifupdown_lock /sbin/ifdown -v "$WPA_IFACE" ifupdown_unlock wpa_msg log "removing sendsigs omission pidfile: $WPA_SUP_OMIT_PIDFILE" rm -f "$WPA_SUP_OMIT_PIDFILE" } ##################################################################### ## keep IFACE scanning # After ifdown, the IFACE may be left "down", and inhibits # wpa_supplicant's ability to continue roaming. # # NB: use iproute if present, flushing the IFACE first # if_post_down_up () { if [ -x /bin/ip ]; then ip addr flush dev "$WPA_IFACE" 2>/dev/null ip link set "$WPA_IFACE" up else ifconfig "$WPA_IFACE" up fi } debian/hostapd.install0000664000000000000000000000007612271776544012244 0ustar hostapd/hostapd usr/sbin/ hostapd/hostapd_cli usr/sbin/ debian/README.source0000664000000000000000000000666612271776544011404 0ustar "wpa" sources for Debian ------------------------ This "wpa" source package merges wpa_supplicant and hostapd sources, which are maintained in one source repository[1] upstream and share considerable/ duplicate amounts of source. Starting with the 1.x branch, both wpa_supplicant and hostapd are built from this common source package for Debian, while not released together as tarball by upstream, the source can be obtained from the upstream git repositories. The preferred way to generate the orig.tar.gz is by calling $ debian/rules get-orig-source which will clone the upstream git repository under $TMPDIR, using mktemp(1), and create a new tarballs based on the git tag corresponding to the top most entry in debian/changelog. This newly generated tarball will be stored as ../wpa_${VERSION}.orig.tar.gz or ../tarballs/wpa_${VERSION}.orig.tar.gz, if a directory called ../tarballs/ exists. Eventually existing tarballs corresponding to the current version will not be overwritten. Required dependencies to generate a new orig.tar.gz: - a SUSv3 compatible shell, like dash or bash - dpkg-parsechangelog, available from dpkg-dev - git - gzip, available from gzip or busybox - mktemp and rm, available from coreutils or busybox - sed, available from sed or busybox - tar, available from tar or busybox It is recommended to base tarballs for development snapshots of "wpa" on according git tag from the upstream git repository, the available git tags can be queried by: $ git clone git://w1.fi/srv/git/hostap-1.git # 1.x branch or $ git clone git://w1.fi/srv/git/hostap.git # development branch changing into the corresponding directory (hostap-1 or hostapd) and calling git tag. $ cd hostapd-1 $ git tag hostap_0_6_3 […] hostap_1_0 […] hostap_1_0_rc3 […] The Debian versions for these tags would be 0.6.3-1, 1.0 or 1.0~rc3 in debian/changelog. Intermediate states between tags or HEAD are usually best dealt with by creating a patch series based on the newest matching tag. Exporting commits between "hostap_1_0" and the current git HEAD: $ git format-patch hostap_1_0..HEAD Exporting commits between "hostap_1_0_rc3" and "hostap_1_0": $ git format-patch hostap_1_0_rc3..hostap_1_0 In both cases numbered patches will be dropped in the base directory of the git clone. These numbered patches can be imported to the Debian package using standard procedures for "3.0 (quilt)" source packages. Tarballs can also be created manually from the upstream git repository: $ git clone git://w1.fi/srv/git/hostap-1.git $ cd hostap-1 $ git archive \ --format=tar \ --prefix="wpa-1.0/" \ hostap_1_0 \ README COPYING patches src wpa_supplicant hostapd | \ gzip -c9 > wpa_1.0.orig.tar.gz Arbitrary git tags or commit IDs can be used for this purpose. The Debian packaging for wpa_supplicant/ hostapd is maintained in a subversion repository at: Vcs-Svn: svn://anonscm.debian.org/svn/pkg-wpa/wpa/trunk/ Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-wpa/wpa/trunk/ The development mailing list and its mailing list archive is located at: http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-wpa-devel Work for the wpa package can be coordinated on this mailing list through: -- Stefan Lippers-Hollmann Thu, 10 May 2012 22:29:24 +0200 [1] http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap-1.git [1.x branch] http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git [development] debian/source/0000775000000000000000000000000012305662656010503 5ustar debian/source/format0000664000000000000000000000001412271776544011715 0ustar 3.0 (quilt) debian/NEWS0000664000000000000000000000134612271776544007712 0ustar wpasupplicant (0.6.2-1) unstable; urgency=low The -w (wait for network interface to exist) command line option no longer exists. If you have scripts that require this option, it is time to change them, or use one of the two supported modes of operation explained at /usr/share/doc/wpasupplicant/README.modes.gz. ifupdown supports hot-plugged network devices via the "allow-hotplug" class of operation. An example /etc/network/interfaces configuration stanza would look like: allow-hotplug wlan0 iface wlan0 inet dhcp wpa-ssid myssid wpa-psk mysecretpassphrase network-manager is also able to handle hot-plugged network devices. -- Kel Modderman Mon, 14 Jan 2008 18:02:17 +1000 debian/wpasupplicant.preinst0000775000000000000000000000265312271776544013520 0ustar #!/bin/sh # This script can be called in the following ways: # # Before the package is installed: # install # # Before removed package is upgraded: # install # # Before the package is upgraded: # upgrade # # # If postrm fails during upgrade or fails on failed upgrade: # abort-upgrade set -e rm_conffile() { local PKGNAME="$1" local CONFFILE="$2" [ -e "$CONFFILE" ] || return 0 local md5sum="$(md5sum $CONFFILE | sed -e 's/ .*//')" local old_md5sum="$(dpkg-query -W -f='${Conffiles}' $PKGNAME | \ sed -n -e "\' $CONFFILE ' { s/ obsolete$//; s/.* //; p }")" if [ "$md5sum" != "$old_md5sum" ]; then echo "Obsolete conffile $CONFFILE has been modified by you." echo "Saving as $CONFFILE.dpkg-bak ..." mv -f "$CONFFILE" "$CONFFILE".dpkg-bak else echo "Removing obsolete conffile $CONFFILE ..." rm -f "$CONFFILE" fi } case "$1" in install|upgrade) if dpkg --compare-versions "$2" lt "0.6.9-4"; then rm_conffile wpasupplicant /etc/logrotate.d/wpa_supplicant rm_conffile wpasupplicant /etc/logrotate.d/wpa_action fi if dpkg --compare-versions "$2" lt "0.6.10-1"; then rm_conffile wpasupplicant /etc/init.d/wpa-ifupdown update-rc.d -f wpa-ifupdown remove >/dev/null fi ;; abort-upgrade) ;; *) echo "$0 called with unknown argument \`$1'" 1>&2 exit 1 ;; esac #DEBHELPER# exit 0 debian/control0000664000000000000000000000714012271776544010614 0ustar Source: wpa Section: net Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian/Ubuntu wpasupplicant Maintainers Uploaders: Kel Modderman , Stefan Lippers-Hollmann , Jan Dittberner Build-Depends: debhelper (>> 9.20120115), libdbus-glib-1-dev, libssl-dev, libqt4-dev, libdbus-1-dev, libncurses5-dev, libpcsclite-dev, libnl-3-dev (>= 3.2.3-2~) [linux-any], libnl-genl-3-dev (>= 3.2.3-2~) [linux-any], libpcap-dev [kfreebsd-any], libbsd-dev [kfreebsd-any], libreadline-gplv2-dev, pkg-config, qt4-qmake, docbook-to-man, docbook-utils Build-Conflicts: libqt3-dev Standards-Version: 3.9.3 Vcs-Svn: svn://anonscm.debian.org/svn/pkg-wpa/wpa/trunk/ Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-wpa/wpa/trunk/ Homepage: http://w1.fi/wpa_supplicant/ Package: hostapd Architecture: linux-any kfreebsd-any Multi-Arch: foreign Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.2-13), initscripts (>= 2.88dsf-13.3) Description: user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator Originally, hostapd was an optional user space component for Host AP driver. It adds more features to the basic IEEE 802.11 management included in the kernel driver: using external RADIUS authentication server for MAC address based access control, IEEE 802.1X Authenticator and dynamic WEP keying, RADIUS accounting, WPA/WPA2 (IEEE 802.11i/RSN) Authenticator and dynamic TKIP/CCMP keying. . The current version includes support for other drivers, an integrated EAP authenticator (i.e., allow full authentication without requiring an external RADIUS authentication server), and RADIUS authentication server for EAP authentication. . hostapd works with the following drivers: . * mac80211 based drivers with support for master mode [linux] * Host AP driver for Prism2/2.5/3 [linux] * Driver interface for FreeBSD net80211 layer [kfreebsd] * Any wired Ethernet driver for wired IEEE 802.1X authentication. Package: wpagui Architecture: linux-any kfreebsd-any Multi-Arch: foreign Depends: ${shlibs:Depends}, ${misc:Depends}, wpasupplicant (>= 0.7.3~), libqt4-svg Recommends: menu Description: graphical user interface for wpa_supplicant wpagui provides a Qt interface for choosing which configured network to connect to. It also provides a method for browsing 802.11 SSID scan results, an event history log of messages generated by wpa_supplicant, and a method to add or edit wpa_supplicant networks. Package: wpasupplicant Architecture: linux-any kfreebsd-any Multi-Arch: foreign Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.0-6), adduser, initscripts (>= 2.88dsf-13.3) Suggests: wpagui, libengine-pkcs11-openssl Description: client support for WPA and WPA2 (IEEE 802.11i) WPA and WPA2 are methods for securing wireless networks, the former using IEEE 802.1X, and the latter using IEEE 802.11i. This software provides key negotiation with the WPA Authenticator, and controls association with IEEE 802.11i networks. Package: wpasupplicant-udeb Section: debian-installer Priority: standard Architecture: linux-any Package-Type: udeb Depends: ${shlibs:Depends}, ${misc:Depends}, busybox-udeb Description: Client support for WPA and WPA2 (IEEE 802.11i) WPA and WPA2 are methods for securing wireless networks, the former using IEEE 802.1X, and the latter using IEEE 802.11i. This software provides key negotiation with the WPA Authenticator, and controls association with IEEE 802.11i networks. . This is a udeb of wpasupplicant for use by the debian-installer. debian/hostapd.default0000664000000000000000000000140212271776544012214 0ustar # Defaults for hostapd initscript # # See /usr/share/doc/hostapd/README.Debian for information about alternative # methods of managing hostapd. # # Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration # file and hostapd will be started during system boot. An example configuration # file can be found at /usr/share/doc/hostapd/examples/hostapd.conf.gz # #DAEMON_CONF="" # Additional daemon options to be appended to hostapd command:- # -d show more debug messages (-dd for even more) # -K include key data in debug messages # -t include timestamps in some debug messages # # Note that -B (daemon mode) and -P (pidfile) options are automatically # configured by the init.d script and must not be added to DAEMON_OPTS. # #DAEMON_OPTS="" debian/rules0000775000000000000000000001161412271776544010272 0ustar #!/usr/bin/make -f # The build system doesn't use CPPFLAGS, pass them to CFLAGS/CXXFLAGS to # enable the missing (hardening) flags CFLAGS += -MMD -Wall $(CPPFLAGS) CXXFLAGS += $(CPPFLAGS) UCFLAGS = -MMD -Wall -g -Os BINDIR = /sbin V = 1 DEB_BUILD_GNU_TYPE := $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) DEB_HOST_GNU_TYPE := $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE)) CC=$(DEB_HOST_GNU_TYPE)-gcc endif export CC BINDIR V DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) HOSTAPD_DOT_CONFIG := debian/config/hostapd/$(DEB_HOST_ARCH_OS) WPASUPPLICANT_DOT_CONFIG := debian/config/wpasupplicant/$(DEB_HOST_ARCH_OS) WPASUPPLICANT_UDEB_DOT_CONFIG := debian/config/wpasupplicant/$(DEB_HOST_ARCH_OS)-udeb VERSION := $(shell dpkg-parsechangelog | sed -ne 's,^Version: *\([0-9]*:\)\?\(.*\)$$,\2,p') ### start dh overrides override_dh_auto_configure: dh_auto_configure --sourcedirectory=wpa_supplicant/wpa_gui-qt4 \ --buildsystem=qmake override_dh_auto_build: # build documentation dh_auto_build --sourcedirectory=wpa_supplicant/doc/docbook \ --buildsystem=makefile \ --parallel \ -- man # build wpasupplicant-udeb cp -v --remove-destination $(WPASUPPLICANT_UDEB_DOT_CONFIG) wpa_supplicant/.config CFLAGS="$(UCFLAGS)" dh_auto_build --sourcedirectory=wpa_supplicant \ --buildsystem=makefile \ --parallel mv -v wpa_supplicant/wpa_supplicant wpa_supplicant/wpa_supplicant-udeb dh_auto_clean --sourcedirectory=wpa_supplicant \ --buildsystem=makefile # build wpasupplicant cp -v --remove-destination $(WPASUPPLICANT_DOT_CONFIG) wpa_supplicant/.config dh_auto_build --sourcedirectory=wpa_supplicant \ --buildsystem=makefile \ --parallel # build wpa_gui-qt4 dh_auto_build --sourcedirectory=wpa_supplicant/wpa_gui-qt4 \ --buildsystem=qmake \ --parallel dh_auto_clean --sourcedirectory=src --buildsystem=makefile # build hostapd cp -v --remove-destination $(HOSTAPD_DOT_CONFIG) hostapd/.config dh_auto_build --sourcedirectory=hostapd \ --buildsystem=makefile \ --parallel dh_auto_clean --sourcedirectory=src --buildsystem=makefile override_dh_auto_clean: dh_auto_clean --sourcedirectory=wpa_supplicant/doc/docbook \ --buildsystem=makefile dh_auto_clean --sourcedirectory=wpa_supplicant \ --buildsystem=makefile dh_auto_clean --sourcedirectory=wpa_supplicant/wpa_gui-qt4 \ --buildsystem=qmake -find wpa_supplicant/wpa_gui-qt4 -type d \ -name \.moc -o -name \.ui -o -name \.obj -exec rm -rf {} \; dh_auto_clean --sourcedirectory=hostapd \ --buildsystem=makefile override_dh_auto_install: $(info Skip dh_auto_install ...) override_dh_clean: # make sure to remove the staging directory for the udeb rm -rf debian/wpasupplicant-udeb dh_clean wpa_supplicant/.config \ hostapd/.config \ wpa_supplicant/wpa_supplicant-udeb override_dh_install: dh_install # install systemd support install --mode=644 -D wpa_supplicant/systemd/wpa_supplicant.service \ debian/wpasupplicant/lib/systemd/system/wpa_supplicant.service # install D-Bus service activation files & configuration install --mode=644 -D wpa_supplicant/dbus/dbus-wpa_supplicant.conf \ debian/wpasupplicant/etc/dbus-1/system.d/wpa_supplicant.conf install --mode=644 -D wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service \ debian/wpasupplicant/usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service install --mode=644 -D wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service \ debian/wpasupplicant/usr/share/dbus-1/system-services/fi.w1.wpa_supplicant1.service install --mode=755 -D wpa_supplicant/examples/60_wpa_supplicant \ debian/wpasupplicant/usr/lib/pm-utils/sleep.d/60_wpa_supplicant # install ifupdown hook scripts install --mode=755 -D debian/ifupdown/action_wpa.sh \ debian/wpasupplicant/etc/wpa_supplicant/action_wpa.sh install --mode=755 -D debian/ifupdown/functions.sh \ debian/wpasupplicant/etc/wpa_supplicant/functions.sh install --mode=755 -D debian/ifupdown/wpasupplicant.sh \ debian/wpasupplicant/etc/wpa_supplicant/ifupdown.sh install --mode=755 -D debian/ifupdown/hostapd.sh \ debian/hostapd/etc/hostapd/ifupdown.sh # Install udeb install --mode=755 -D wpa_supplicant/wpa_supplicant-udeb \ debian/wpasupplicant-udeb/sbin/wpa_supplicant override_dh_installchangelogs: dh_installchangelogs --package=hostapd hostapd/ChangeLog dh_installchangelogs --package=wpasupplicant wpa_supplicant/ChangeLog dh_installchangelogs --package=wpagui wpa_supplicant/ChangeLog override_dh_gencontrol: dh_gencontrol -phostapd -- '-v1:$(VERSION)' dh_gencontrol --remaining-packages ### end dh overrides %: dh $@ get-orig-source: chmod +x $(CURDIR)/debian/get-orig-source $(CURDIR)/debian/get-orig-source $(CURDIR) debian/hostapd.init0000664000000000000000000000276112271776544011544 0ustar #!/bin/sh ### BEGIN INIT INFO # Provides: hostapd # Required-Start: $remote_fs # Required-Stop: $remote_fs # Should-Start: $network # Should-Stop: # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Advanced IEEE 802.11 management daemon # Description: Userspace IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP # Authenticator ### END INIT INFO PATH=/sbin:/bin:/usr/sbin:/usr/bin DAEMON_SBIN=/usr/sbin/hostapd DAEMON_DEFS=/etc/default/hostapd DAEMON_CONF= NAME=hostapd DESC="advanced IEEE 802.11 management" PIDFILE=/var/run/hostapd.pid [ -x "$DAEMON_SBIN" ] || exit 0 [ -s "$DAEMON_DEFS" ] && . /etc/default/hostapd [ -n "$DAEMON_CONF" ] || exit 0 DAEMON_OPTS="-B -P $PIDFILE $DAEMON_OPTS $DAEMON_CONF" . /lib/lsb/init-functions case "$1" in start) log_daemon_msg "Starting $DESC" "$NAME" start-stop-daemon --start --oknodo --quiet --exec "$DAEMON_SBIN" \ --pidfile "$PIDFILE" -- $DAEMON_OPTS >/dev/null log_end_msg "$?" ;; stop) log_daemon_msg "Stopping $DESC" "$NAME" start-stop-daemon --stop --oknodo --quiet --exec "$DAEMON_SBIN" \ --pidfile "$PIDFILE" log_end_msg "$?" ;; reload) log_daemon_msg "Reloading $DESC" "$NAME" start-stop-daemon --stop --signal HUP --exec "$DAEMON_SBIN" \ --pidfile "$PIDFILE" log_end_msg "$?" ;; restart|force-reload) $0 stop sleep 8 $0 start ;; status) status_of_proc "$DAEMON_SBIN" "$NAME" exit $? ;; *) N=/etc/init.d/$NAME echo "Usage: $N {start|stop|restart|force-reload|reload|status}" >&2 exit 1 ;; esac exit 0 debian/wpasupplicant.postinst0000775000000000000000000000235312271776544013714 0ustar #!/bin/sh # This script can be called in the following ways: # # After the package was installed: # configure # # # If prerm fails during upgrade or fails on failed upgrade: # abort-upgrade # # If prerm fails during deconfiguration of a package: # abort-deconfigure in-favour # removing # # If prerm fails during replacement due to conflict: # abort-remove in-favour set -e case "$1" in configure) # Add the netdev group unless it's already there if ! getent group netdev >/dev/null; then addgroup --quiet --system netdev || true fi # Migrate existing sendsigs omission pid files to /run target="/run/sendsigs.omit.d/" if [ -d $target ] && \ [ -d /lib/init/rw/sendsigs.omit.d/ ]; then for f in /lib/init/rw/sendsigs.omit.d/wpasupplicant.*.pid do if [ "$(readlink -f $f)" != "$target$(basename $f)" ]; then if [ -f "$f" ]; then mv "$f" "$target" fi fi done fi ;; abort-upgrade|abort-deconfigure|abort-remove) ;; *) echo "$0 called with unknown argument \`$1'" 1>&2 exit 1 ;; esac #DEBHELPER# exit 0 debian/copyright0000664000000000000000000002761612271776544011156 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: wpa_supplicant Upstream-Contact: Jouni Malinen Source: http://w1.fi/wpa_supplicant/ Files: * Copyright: 2002-2012, Jouni Malinen License: BSD or GPL-2 Files: hostapd/logwatch/* Copyright: 2005, Henrik Brix Andersen License: BSD or GPL-2 Files: hostapd/hostapd.8 hostapd/hostapd_cli.1 Copyright: 2005, Faidon Liambotis License: BSD or GPL-2 Files: patches/* Copyright: 2005, Alexey Kobozev 2005-2012, Jouni Malinen License: BSD or GPL-2 Files: src/ap/ap_list.* src/ap/ap_mlme.* src/ap/beacon.* src/ap/hw_features.* src/ap/vlan_init.* src/ap/wmm.* Copyright: 2002-2009, Jouni Malinen 2002-2004, Instant802 Networks, Inc. 2005-2006, Devicescape Software, Inc. License: BSD or GPL-2 Files: src/ap/ieee802_11_ht.c Copyright: 2002-2009, Jouni Malinen 2007-2008, Intel Corporation License: BSD or GPL-2 Files: src/ap/p2p_hostapd.* Copyright: 2009-2010, Atheros Communications License: BSD or GPL-2 Files: src/common/gas.* Copyright: 2009, Atheros Communications 2011, Qualcomm Atheros License: BSD or GPL-2 Files: src/common/ieee802_11_defs.h Copyright: 2002-2009, Jouni Malinen 2007-2008, Intel Corporation License: BSD or GPL-2 Files: src/common/wireless_copy.h Copyright: 1997-2007, Jean Tourrilhes License: BSD or GPL-2 Files: src/drivers/driver_atheros.c Copyright: 2004, Sam Leffler 2004, Video54 Technologies 2005-2007, Jouni Malinen 2009, Atheros Communications License: BSD or GPL-2 Files: src/drivers/driver_broadcom.c Copyright: 2004, Nikki Chumkov 2004, Jouni Malinen License: BSD or GPL-2 Files: src/drivers/driver_bsd.c Copyright: 2004, Sam Leffler 2004, 2Wire, Inc License: BSD or GPL-2 Files: src/drivers/driver_madwifi.c Copyright: 2004, Sam Leffler 2004, Video54 Technologies 2004-2007, Jouni Malinen License: BSD or GPL-2 Files: src/drivers/driver_nl80211.c Copyright: 2002-2010, Jouni Malinen 2003-2004, Instant802 Networks, Inc. 2005-2006, Devicescape Software, Inc. 2007, Johannes Berg 2009-2010, Atheros Communications License: BSD or GPL-2 Files: src/drivers/driver_none.c Copyright: 2008, Atheros Communications License: BSD or GPL-2 Files: src/drivers/driver_ralink.* Copyright: 2003-2006, Jouni Malinen 2007, Snowpin Lee License: BSD or GPL-2 Files: src/drivers/driver_roboswitch.c Copyright: 2008-2009, Jouke Witteveen License: BSD or GPL-2 Files: src/drivers/driver_wired.c Copyright: 2005-2009, Jouni Malinen 2004, Gunter Burchardt License: BSD or GPL-2 Files: src/drivers/nl80211_copy.h Copyright: 2006-2010, Johannes Berg 2008, Michael Wu 2008, Luis Carlos Cobo 2008, Michael Buesch 2008-2009, Luis R. Rodriguez 2008, Jouni Malinen 2008, Colin McCabe License: ISC Files: src/eap_common/eap_pwd_common.* src/eap_peer/eap_pwd.c src/eap_server/eap_server_pwd.c Copyright: 2010, Dan Harkins License: BSD or GPL-2 Files: src/l2_packet/l2_packet_freebsd.c Copyright: 2003-2005, Jouni Malinen 2005, Sam Leffler License: BSD or GPL-2 Files: src/p2p/* Copyright: 2009-2010, Atheros Communications License: BSD or GPL-2 Files: src/rsn_supp/tdls.c Copyright: 2010-2011, Atheros Communications License: BSD or GPL-2 Files: src/tls/libtommath.c Copyright: Tom St Denis License: public-domain Files: src/utils/radiotap.c src/utils/radiotap_iter.h Copyright: 2007, Andy Green 2007, Johannes Berg License: BSD or GPL-2 Files: src/utils/radiotap.h Copyright: 2003-2004, David Young License: BSD Files: src/wps/http.h src/wps/upnp_xml.* src/wps/wps_upnp.* src/wps/wps_upnp_event.c src/wps/wps_upnp_i.h src/wps/wps_upnp_ssdp.c src/wps/wps_upnp_web.c Copyright: 2000-2003, Intel Corporation 2006-2007, Sony Corporation 2008-2009, Atheros Communications 2009, Jouni Malinen License: BSD Files: src/wps/httpread.* Copyright: 2008, Ted Merrill, Atheros Communications License: BSD or GPL-2 Files: src/wps/ndef.c src/wps/wps_nfc.c src/wps/wps_nfc_pn531.c src/wps/wps_ufd.c Copyright: 2009, Masashi Honma License: BSD or GPL-2 Files: src/wps/wps_validate.c Copyright: 2010, Atheros Communications, Inc. License: BSD or GPL-2 Files: wpa_supplicant/dbus/dbus_common.* wpa_supplicant/dbus/dbus_common_i.h wpa_supplicant/dbus/dbus_new.* wpa_supplicant/dbus/dbus_new_handlers.* wpa_supplicant/dbus/dbus_new_handlers_wps.c wpa_supplicant/dbus/dbus_new_helpers.* Copyright: 2006, Dan Williams and Red Hat, Inc. 2009-2010, Witold Sowa 2009, Jouni Malinen License: BSD or GPL-2 Files: wpa_supplicant/dbus/dbus_dict_helpers.* wpa_supplicant/dbus/dbus_old* Copyright: 2006, Dan Williams and Red Hat, Inc. License: BSD or GPL-2 Files: wpa_supplicant/wpa_gui-qt4/icons/ap.svg Copyright: 2008, mystica License: public-domain Files: wpa_supplicant/wpa_gui-qt4/icons/group.svg Copyright: 2009, Andrew Fitzsimon / Anonymous License: public-domain Files: wpa_supplicant/wpa_gui-qt4/icons/invitation.svg Copyright: 2009, Jean Victor Balin License: public-domain Files: wpa_supplicant/wpa_gui-qt4/icons/laptop.svg Copyright: 2008, metalmarious License: public-domain Files: wpa_supplicant/wpa_gui-qt4/icons/wpa_gui.svg Copyright: 2008, Bernard Gray License: BSD or GPL-2 Files: wpa_supplicant/wpa_gui-qt4/peers.* wpa_supplicant/wpa_gui-qt4/stringquery.* Copyright: 2009-2010, Atheros Communications License: BSD or GPL-2 Files: wpa_supplicant/wpa_gui-qt4/signalbar.* Copyright: 2011, Kel Modderman License: BSD or GPL-2 Files: wpa_supplicant/Android.mk Copyright: 2008, The Android Open Source Project License: Apache-2.0 Files: wpa_supplicant/ap.* Copyright: 2003-2009, Jouni Malinen 2009, Atheros Communications License: BSD or GPL-2 Files: wpa_supplicant/gas_query.* wpa_supplicant/offchannel.* wpa_supplicant/p2p_supplicant.* Copyright: 2009-2010, Atheros Communications 2011, Qualcomm Atheros License: BSD or GPL-2 Files: wpa_supplicant/interworking.* Copyright: 2011, Qualcomm Atheros License: BSD or GPL-2 Files: debian/* Copyright: 2004-2006, Kyle McMartin 2005-2009, Faidon Liambotis 2006-2008, Reinhard Tartler 2006-2012, Kel Modderman 2010, Jan Dittberner 2010-2012, Stefan Lippers-Hollmann License: BSD or GPL-2 License: Apache-2.0 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at . http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. . On Debian systems, the complete text of the Apache version 2.0 license can be found in "/usr/share/common-licenses/Apache-2.0". License: BSD Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. . 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. . 3. Neither the name(s) of the above-listed copyright holder(s) nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. . Note that this distribution of hostapd comes with configuration options that link it to the OpenSSL library. The OpenSSL license is GPL-incompatible, therefore in this distribution only the BSD license applies. License: GPL-2 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA . On Debian GNU/Linux systems, the complete text of the GNU General Public License version 2 can be found in `/usr/share/common-licenses/GPL-2'. . Note that this distribution of hostapd comes with configuration options that link it to the OpenSSL library. The OpenSSL license is GPL-incompatible, therefore in this distribution only the BSD license applies. License: ISC Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. . THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. License: public-domain Minimal code for RSA support from LibTomMath 0.41 http://libtom.org/ http://libtom.org/files/ltm-0.41.tar.bz2 This library was released in public domain by Tom St Denis. . The combination in this file may not use all of the optimized algorithms from LibTomMath and may be considerable slower than the LibTomMath with its default settings. The main purpose of having this version here is to make it easier to build bignum.c wrapper without having to install and build an external library. debian/wpagui.menu0000664000000000000000000000036512271776544011375 0ustar ?package(wpagui): \ needs="X11" \ section="Applications/Network/Monitoring" \ title="wpa_supplicant user interface" \ icon32x32="/usr/share/pixmaps/wpa_gui.xpm" \ icon16x16="/usr/share/pixmaps/wpa_gui-16.xpm" \ command="/usr/sbin/wpa_gui" debian/hostapd.links0000664000000000000000000000016512271776544011715 0ustar etc/hostapd/ifupdown.sh /etc/network/if-pre-up.d/hostapd etc/hostapd/ifupdown.sh /etc/network/if-post-down.d/hostapd debian/wpagui.install0000664000000000000000000000036312271776544012075 0ustar debian/wpa_gui/wpa_gui*.xpm usr/share/pixmaps/ wpa_supplicant/wpa_gui-qt4/wpa_gui usr/sbin/ wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop usr/share/applications/ wpa_supplicant/wpa_gui-qt4/icons/wpa_gui.svg usr/share/icons/hicolor/scalable/apps/ debian/patches/0000775000000000000000000000000012305662656010632 5ustar debian/patches/12_wpa_gui_knotify_support.patch0000664000000000000000000000246412271776544017161 0ustar Description: Use KDE's KNotify when running under KDE Author: Raphael Geissert Bug-Debian: http://bugs.debian.org/582793 --- --- a/wpa_supplicant/wpa_gui-qt4/wpagui.cpp +++ b/wpa_supplicant/wpa_gui-qt4/wpagui.cpp @@ -17,11 +17,14 @@ #endif /* CONFIG_NATIVE_WINDOWS */ #include +#include #include #include #include #include +#include #include +#include #include "wpagui.h" #include "dirent.h" @@ -1339,10 +1342,21 @@ void WpaGui::createTrayIcon(bool trayOnl void WpaGui::showTrayMessage(QSystemTrayIcon::MessageIcon type, int sec, const QString & msg) { - if (!QSystemTrayIcon::supportsMessages()) + if (isVisible() || !tray_icon || !tray_icon->isVisible()) return; - if (isVisible() || !tray_icon || !tray_icon->isVisible()) + /* first try to use KDE's notifications system if running under + * a KDE session */ + if (getenv("KDE_FULL_SESSION") != NULL) { + QStringList args; + args << "--passivepopup" << msg << QString::number(sec); + args << "--title" << "wpa_gui"; + + if (QProcess::execute("/usr/bin/kdialog", args) == 0) + return; + } + + if (!QSystemTrayIcon::supportsMessages()) return; tray_icon->showMessage(qAppName(), msg, type, sec * 1000); debian/patches/06_wpa_gui_menu_exec_path.patch0000664000000000000000000000074312271776544016667 0ustar Description: Debian specific patch to desktop meny entry, so that we may exec wpa_gui which being in /usr/sbin may not be in the PATH Author: Kel Modderman --- --- a/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop +++ b/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop @@ -2,7 +2,7 @@ Version=1.0 Name=wpa_gui Comment=Graphical user interface for wpa_supplicant -Exec=wpa_gui +Exec=/usr/sbin/wpa_gui Icon=wpa_gui GenericName=wpa_supplicant user interface Terminal=false debian/patches/dbus-activation-cmdline.patch0000664000000000000000000000344312271776544016370 0ustar From: Mathieu Trudel-Lapierre Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/wpasupplicant/+bug/869635 Subject: Have wpasupplicant write a pid file to /run/sendsigs.omit.d when activated via DBUS. This allows us to skip over killing it right away with sendsigs, because some other processes (read: NetworkManager) may be using it and won't be shut down just yet. This avoids wpasupplicant being respawned during shutdown for no reason and slowing down the shutdown process. --- wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in | 2 +- wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Index: b/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in =================================================================== --- a/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in +++ b/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in @@ -1,5 +1,5 @@ [D-BUS Service] Name=fi.epitest.hostap.WPASupplicant -Exec=@BINDIR@/wpa_supplicant -u -s -O /var/run/wpa_supplicant +Exec=@BINDIR@/wpa_supplicant -B -P /run/sendsigs.omit.d/wpasupplicant.pid -u -s -O /var/run/wpa_supplicant User=root SystemdService=wpa_supplicant.service Index: b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in =================================================================== --- a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in +++ b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in @@ -1,5 +1,5 @@ [D-BUS Service] Name=fi.w1.wpa_supplicant1 -Exec=@BINDIR@/wpa_supplicant -u -s -O /var/run/wpa_supplicant +Exec=@BINDIR@/wpa_supplicant -B -P /run/sendsigs.omit.d/wpasupplicant.pid -u -s -O /var/run/wpa_supplicant User=root SystemdService=wpa_supplicant.service debian/patches/EAP-TLS-server_fix-TLS-Message-length-validation.patch0000664000000000000000000000322312271776544022527 0ustar From: Jouni Malinen Date: Sun, 7 Oct 2012 17:06:29 +0000 (+0300) Subject: EAP-TLS server: Fix TLS Message Length validation X-Git-Url: http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff_plain;h=586c446e0ff42ae00315b014924ec669023bd8de EAP-TLS server: Fix TLS Message Length validation EAP-TLS/PEAP/TTLS/FAST server implementation did not validate TLS Message Length value properly and could end up trying to store more information into the message buffer than the allocated size if the first fragment is longer than the indicated size. This could result in hostapd process terminating in wpabuf length validation. Fix this by rejecting messages that have invalid TLS Message Length value. This would affect cases that use the internal EAP authentication server in hostapd either directly with IEEE 802.1X or when using hostapd as a RADIUS authentication server and when receiving an incorrectly constructed EAP-TLS message. Cases where hostapd uses an external authentication are not affected. Thanks to Timo Warns for finding and reporting this issue. Signed-hostap: Jouni Malinen intended-for: hostap-1 --- --- a/src/eap_server/eap_server_tls_common.c +++ b/src/eap_server/eap_server_tls_common.c @@ -224,6 +224,14 @@ static int eap_server_tls_process_fragme return -1; } + if (len > message_length) { + wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in " + "first fragment of frame (TLS Message " + "Length %d bytes)", + (int) len, (int) message_length); + return -1; + } + data->tls_in = wpabuf_alloc(message_length); if (data->tls_in == NULL) { wpa_printf(MSG_DEBUG, "SSL: No memory for message"); debian/patches/02_dbus_group_policy.patch0000664000000000000000000000224612271776544015714 0ustar Description: Debian does not use pam_console but uses group membership to control access to D-Bus. Activating both options in the conf file makes it work on Debian and Ubuntu. Author: Michael Biebl Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=15;bug=412179 --- --- a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf +++ b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf @@ -14,6 +14,14 @@ + + + + + + + + debian/patches/git_accept_client_cert_from_server.patch0000664000000000000000000000452512305636373020744 0ustar From b62d5b5450101676a0c05691b4bcd94e11426397 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 19 Feb 2014 09:56:02 +0000 Subject: Revert "OpenSSL: Do not accept SSL Client certificate for server" This reverts commit 51e3eafb68e15e78e98ca955704be8a6c3a7b304. There are too many deployed AAA servers that include both id-kp-clientAuth and id-kp-serverAuth EKUs for this change to be acceptable as a generic rule for AAA authentication server validation. OpenSSL enforces the policy of not connecting if only id-kp-clientAuth is included. If a valid EKU is listed with it, the connection needs to be accepted. Signed-off-by: Jouni Malinen --- diff --git a/src/crypto/tls.h b/src/crypto/tls.h index 287fd33..feba13f 100644 --- a/src/crypto/tls.h +++ b/src/crypto/tls.h @@ -41,8 +41,7 @@ enum tls_fail_reason { TLS_FAIL_ALTSUBJECT_MISMATCH = 6, TLS_FAIL_BAD_CERTIFICATE = 7, TLS_FAIL_SERVER_CHAIN_PROBE = 8, - TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9, - TLS_FAIL_SERVER_USED_CLIENT_CERT = 10 + TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9 }; union tls_event_data { diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index a13fa38..8cf1de8 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -105,7 +105,6 @@ struct tls_connection { unsigned int ca_cert_verify:1; unsigned int cert_probe:1; unsigned int server_cert_only:1; - unsigned int server:1; u8 srv_cert_hash[32]; @@ -1480,16 +1479,6 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) TLS_FAIL_SERVER_CHAIN_PROBE); } - if (!conn->server && err_cert && preverify_ok && depth == 0 && - (err_cert->ex_flags & EXFLAG_XKUSAGE) && - (err_cert->ex_xkusage & XKU_SSL_CLIENT)) { - wpa_printf(MSG_WARNING, "TLS: Server used client certificate"); - openssl_tls_fail_event(conn, err_cert, err, depth, buf, - "Server used client certificate", - TLS_FAIL_SERVER_USED_CLIENT_CERT); - preverify_ok = 0; - } - if (preverify_ok && context->event_cb != NULL) context->event_cb(context->cb_ctx, TLS_CERT_CHAIN_SUCCESS, NULL); @@ -2541,8 +2530,6 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data, int res; struct wpabuf *out_data; - conn->server = !!server; - /* * Give TLS handshake data from the server (if available) to OpenSSL * for processing. -- cgit v0.9.2 debian/patches/01_use_pkg-config_for_pcsc-lite_module.patch0000664000000000000000000000076112271776544021241 0ustar Description: Use pkg-config for libpcsclite linkage flags At least in debian, we can rely on pkg-config being available and returning more accurate ldflags. Author: Reinhard Tartler --- --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -776,7 +776,7 @@ ifdef CONFIG_NATIVE_WINDOWS #dynamic symbol loading that is now used in pcsc_funcs.c #LIBS += -lwinscard else -LIBS += -lpcsclite -lpthread +LIBS += $(shell pkg-config --libs libpcsclite) endif endif debian/patches/series0000664000000000000000000000047112305636536012047 0ustar 01_use_pkg-config_for_pcsc-lite_module.patch 02_dbus_group_policy.patch 06_wpa_gui_menu_exec_path.patch 07_dbus_service_syslog.patch 12_wpa_gui_knotify_support.patch dbus-activation-cmdline.patch session-ticket.patch EAP-TLS-server_fix-TLS-Message-length-validation.patch git_accept_client_cert_from_server.patch debian/patches/session-ticket.patch0000664000000000000000000000133012271776544014620 0ustar From: Jeremy Nickurak Subject: Disable the session ticket TLS extension. Bug-ubuntu: https://bugs.launchpad.net/ubuntu/+source/wpasupplicant/+bug/969343 Bug: http://w1.fi/bugz/show_bug.cgi?id=447 --- src/crypto/tls_openssl.c | 1 + 1 file changed, 1 insertion(+) Index: b/src/crypto/tls_openssl.c =================================================================== --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -917,6 +917,7 @@ struct tls_connection * tls_connection_i #ifdef SSL_OP_NO_COMPRESSION options |= SSL_OP_NO_COMPRESSION; #endif /* SSL_OP_NO_COMPRESSION */ + options |= SSL_OP_NO_TICKET; SSL_set_options(conn->ssl, options); conn->ssl_in = BIO_new(BIO_s_mem()); debian/patches/07_dbus_service_syslog.patch0000664000000000000000000000243512271776544016246 0ustar Description: Tweak D-Bus/systemd service activation configuration files: * log wpa_supplicant messages to syslog * activate control socket interface so that wpa_cli can be used by D-Bus activated wpa_supplicant daemon Author: Kel Modderman --- --- a/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in +++ b/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in @@ -1,5 +1,5 @@ [D-BUS Service] Name=fi.epitest.hostap.WPASupplicant -Exec=@BINDIR@/wpa_supplicant -u +Exec=@BINDIR@/wpa_supplicant -u -s -O /var/run/wpa_supplicant User=root SystemdService=wpa_supplicant.service --- a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in +++ b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in @@ -1,5 +1,5 @@ [D-BUS Service] Name=fi.w1.wpa_supplicant1 -Exec=@BINDIR@/wpa_supplicant -u +Exec=@BINDIR@/wpa_supplicant -u -s -O /var/run/wpa_supplicant User=root SystemdService=wpa_supplicant.service --- a/wpa_supplicant/systemd/wpa_supplicant.service.in +++ b/wpa_supplicant/systemd/wpa_supplicant.service.in @@ -4,7 +4,7 @@ Description=WPA supplicant [Service] Type=dbus BusName=fi.epitest.hostap.WPASupplicant -ExecStart=@BINDIR@/wpa_supplicant -u +ExecStart=@BINDIR@/wpa_supplicant -u -s -O /var/run/wpa_supplicant [Install] WantedBy=multi-user.target debian/wpagui.manpages0000664000000000000000000000004512271776544012217 0ustar wpa_supplicant/doc/docbook/wpa_gui.8