rpms/wpa_supplicant/F-9 wpa_supplicant-0.6.4-fix-peap-with-windows-server-2008.patch, NONE, 1.1 wpa_supplicant-0.6.7-quiet-scan-results-message.patch, NONE, 1.1 wpa_supplicant.spec, 1.48, 1.49
Daniel Williams
dcbw at fedoraproject.org
Fri Jan 30 18:09:56 UTC 2009
- Previous message (by thread): rpms/kernel/devel patch-2.6.29-rc3-git1.bz2.sign, NONE, 1.1 .cvsignore, 1.999, 1.1000 kernel.spec, 1.1250, 1.1251 sources, 1.961, 1.962 upstream, 1.873, 1.874
- Next message (by thread): rpms/sugar-terminal/devel .cvsignore, 1.2, 1.3 sources, 1.2, 1.3 sugar-terminal.spec, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dcbw
Update of /cvs/extras/rpms/wpa_supplicant/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22115
Modified Files:
wpa_supplicant.spec
Added Files:
wpa_supplicant-0.6.4-fix-peap-with-windows-server-2008.patch
wpa_supplicant-0.6.7-quiet-scan-results-message.patch
Log Message:
* Fri Jan 30 2009 Dan Williams <dcbw at redhat.com> - 1:0.6.4-3
- Fix PEAP connections to Windows Server 2008 authenticators (rh #465022)
- Stop supplicant on uninstall (rh #447843)
- Suppress scan results message in logs (rh #466601)
wpa_supplicant-0.6.4-fix-peap-with-windows-server-2008.patch:
--- NEW FILE wpa_supplicant-0.6.4-fix-peap-with-windows-server-2008.patch ---
From: Jouni Malinen <j at w1.fi>
Date: Sun, 14 Dec 2008 22:15:54 +0000 (+0200)
Subject: Fixed interoperability issue with PEAPv0 cryptobinding and NPS
X-Git-Tag: hostap_0_6_7~111
X-Git-Url: http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff_plain;h=f4f2774a96d91753811e921380856bc859888153
Fixed interoperability issue with PEAPv0 cryptobinding and NPS
Windows Server 2008 NPS gets very confused if the TLS Message Length is
not included in the Phase 1 messages even if fragmentation is not used.
If the TLS Message Length field is not included in ClientHello message,
NPS seems to decide to use the ClientHello data (excluding first six
octets, i.e., EAP header, type, Flags) as the OuterTLVs data in
Cryptobinding Compound_MAC calculation (per PEAPv2; not MS-PEAP)..
Lets add the TLS Message Length to PEAPv0 Phase 1 messages to get rid of
this issue. This seems to fix Cryptobinding issues with NPS and PEAPv0
is now using optional Cryptobinding by default (again) since there are
no known interop issues with it anymore.
---
diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index 9ff4eed..5db8bf6 100644
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -501,6 +501,17 @@ static int eap_tls_process_output(struct eap_ssl_data *data, EapType eap_type,
length_included = data->tls_out_pos == 0 &&
(data->tls_out_len > data->tls_out_limit ||
data->include_tls_length);
+ if (!length_included &&
+ eap_type == EAP_TYPE_PEAP && peap_version == 0 &&
+ !tls_connection_established(data->eap->ssl_ctx, data->conn)) {
+ /*
+ * Windows Server 2008 NPS really wants to have the TLS Message
+ * length included in phase 0 even for unfragmented frames or
+ * it will get very confused with Compound MAC calculation and
+ * Outer TLVs.
+ */
+ length_included = 1;
+ }
*out_data = eap_msg_alloc(EAP_VENDOR_IETF, eap_type,
1 + length_included * 4 + len,
wpa_supplicant-0.6.7-quiet-scan-results-message.patch:
--- NEW FILE wpa_supplicant-0.6.7-quiet-scan-results-message.patch ---
diff -up wpa_supplicant-0.6.4/wpa_supplicant/events.c.quiet-scan-results-msg wpa_supplicant-0.6.4/wpa_supplicant/events.c
--- wpa_supplicant-0.6.4/wpa_supplicant/events.c.quiet-scan-results-msg 2009-01-30 12:56:10.000000000 -0500
+++ wpa_supplicant-0.6.4/wpa_supplicant/events.c 2009-01-30 12:56:10.000000000 -0500
@@ -557,7 +557,7 @@ static void wpa_supplicant_event_scan_re
wpa_msg(wpa_s, MSG_DEBUG, "Cached scan results are "
"empty - not posting");
} else {
- wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS);
+ wpa_msg(wpa_s, MSG_DEBUG, WPA_EVENT_SCAN_RESULTS);
wpa_supplicant_dbus_notify_scan_results(wpa_s);
}
Index: wpa_supplicant.spec
===================================================================
RCS file: /cvs/extras/rpms/wpa_supplicant/F-9/wpa_supplicant.spec,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- wpa_supplicant.spec 13 Oct 2008 16:08:42 -0000 1.48
+++ wpa_supplicant.spec 30 Jan 2009 18:09:26 -0000 1.49
@@ -2,7 +2,7 @@
Name: wpa_supplicant
Epoch: 1
Version: 0.6.4
-Release: 2%{?dist}
+Release: 3%{?dist}
License: BSD
Group: System Environment/Base
Source0: http://hostap.epitest.fi/releases/%{name}-%{version}.tar.gz
@@ -23,6 +23,8 @@
Patch7: wpa_supplicant-0.6.4-scan-fixes-2.patch
Patch8: wpa_supplicant-0.6.4-validate-wext-event.patch
Patch9: wpa_supplicant-0.6.4-set-mode-handler.patch
+Patch10: wpa_supplicant-0.6.4-fix-peap-with-windows-server-2008.patch
+Patch11: wpa_supplicant-0.6.7-quiet-scan-results-message.patch
URL: http://w1.fi/wpa_supplicant/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -60,6 +62,8 @@
%patch7 -p1 -b .scan-fixes-2
%patch8 -p1 -b .validate-wext-event
%patch9 -p1 -b .set-mode-handler
+%patch10 -p1 -b .fix-peap-windows-server-2008
+%patch11 -p1 -b .quiet-scan-results-msg
%build
pushd src
@@ -127,6 +131,7 @@
%preun
if [ $1 = 0 ]; then
service %{name} stop > /dev/null 2>&1
+ killall -TERM wpa_supplicant >/dev/null 2>&1
/sbin/chkconfig --del %{name}
fi
@@ -153,6 +158,11 @@
%{_bindir}/wpa_gui
%changelog
+* Fri Jan 30 2009 Dan Williams <dcbw at redhat.com> - 1:0.6.4-3
+- Fix PEAP connections to Windows Server 2008 authenticators (rh #465022)
+- Stop supplicant on uninstall (rh #447843)
+- Suppress scan results message in logs (rh #466601)
+
* Mon Oct 15 2008 Dan Williams <dcbw at redhat.com> - 1:0.6.4-2
- Handle encryption keys correctly when switching 802.11 modes (rh #459399)
- Better scanning behavior on resume from suspend/hibernate
- Previous message (by thread): rpms/kernel/devel patch-2.6.29-rc3-git1.bz2.sign, NONE, 1.1 .cvsignore, 1.999, 1.1000 kernel.spec, 1.1250, 1.1251 sources, 1.961, 1.962 upstream, 1.873, 1.874
- Next message (by thread): rpms/sugar-terminal/devel .cvsignore, 1.2, 1.3 sources, 1.2, 1.3 sugar-terminal.spec, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list