diff --git a/package/wpa_supplicant/Makefile b/package/wpa_supplicant/Makefile index 6d141402a9a..c1592a9a709 100644 --- a/package/wpa_supplicant/Makefile +++ b/package/wpa_supplicant/Makefile @@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wpa_supplicant -PKG_VERSION:=0.6.8 +PKG_VERSION:=0.6.9 PKG_RELEASE:=1 -PKG_MD5SUM:=e933332490e0e5acfef2279457f1070a +PKG_MD5SUM:=0efb8fcedf0a8acf6f423dfdb0658fdd PKG_SOURCE_URL:=http://hostap.epitest.fi/releases PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz diff --git a/package/wpa_supplicant/config b/package/wpa_supplicant/config index 8a2b0b089c6..b14aa3446ac 100644 --- a/package/wpa_supplicant/config +++ b/package/wpa_supplicant/config @@ -41,7 +41,7 @@ # Driver interface for Host AP driver -# CONFIG_DRIVER_HOSTAP=y +#CONFIG_DRIVER_HOSTAP=y # Driver interface for Agere driver #CONFIG_DRIVER_HERMES=y @@ -51,8 +51,8 @@ # Driver interface for madwifi driver CONFIG_DRIVER_MADWIFI=y -# Change include directories to match with the local setup -#CFLAGS += -I../madwifi/wpa +# Set include directory to the madwifi source tree +#CFLAGS += -I../../madwifi # Driver interface for Prism54 driver # (Note: Prism54 is not yet supported, i.e., this will not work as-is and is @@ -65,7 +65,10 @@ CONFIG_DRIVER_MADWIFI=y # Driver interface for Atmel driver #CONFIG_DRIVER_ATMEL=y -# Driver interface for Broadcom driver +# Driver interface for old Broadcom driver +# Please note that the newer Broadcom driver ("hybrid Linux driver") supports +# Linux wireless extensions and does not need (or even work) with the old +# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver. #CONFIG_DRIVER_BROADCOM=y # Example path for wlioctl.h; change to match your configuration #CFLAGS += -I/opt/WRT54GS/release/src/include @@ -79,6 +82,9 @@ CONFIG_DRIVER_MADWIFI=y # Driver interface for generic Linux wireless extensions CONFIG_DRIVER_WEXT=y +# Driver interface for Linux drivers using the nl80211 kernel interface +CONFIG_DRIVER_NL80211=y + # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) #CONFIG_DRIVER_BSD=y #CFLAGS += -I/usr/local/include @@ -106,6 +112,9 @@ CONFIG_DRIVER_WEXT=y # Driver interface for wired Ethernet drivers CONFIG_DRIVER_WIRED=y +# Driver interface for the Broadcom RoboSwitch family +#CONFIG_DRIVER_ROBOSWITCH=y + # Enable IEEE 802.1X Supplicant (automatically included if any EAP method is # included) CONFIG_IEEE8021X_EAPOL=y @@ -153,6 +162,13 @@ CONFIG_EAP_LEAP=y # EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) #CONFIG_EAP_AKA=y +# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). +# This requires CONFIG_EAP_AKA to be enabled, too. +#CONFIG_EAP_AKA_PRIME=y + +# Enable USIM simulator (Milenage) for EAP-AKA +#CONFIG_USIM_SIMULATOR=y + # EAP-SAKE #CONFIG_EAP_SAKE=y @@ -164,6 +180,9 @@ CONFIG_EAP_LEAP=y # EAP-TNC and related Trusted Network Connect support (experimental) #CONFIG_EAP_TNC=y +# Wi-Fi Protected Setup (WPS) +#CONFIG_WPS=y + # EAP-IKEv2 #CONFIG_EAP_IKEV2=y @@ -307,6 +326,10 @@ CONFIG_INTERNAL_LIBTOMMATH=y #LIBS += -L$(LTM_PATH) #LIBS_p += -L$(LTM_PATH) #endif +# At the cost of about 4 kB of additional binary size, the internal LibTomMath +# can be configured to include faster routines for exptmod, sqr, and div to +# speed up DH and RSA calculation considerably +#CONFIG_INTERNAL_LIBTOMMATH_FAST=y # Include NDIS event processing through WMI into wpa_supplicant/wpasvc. # This is only for Windows builds and requires WMI-related header files and @@ -339,20 +362,13 @@ CONFIG_INTERNAL_LIBTOMMATH=y #CONFIG_DYNAMIC_EAP_METHODS=y # Include client MLME (management frame processing). -# This can be used to move MLME processing of Devicescape IEEE 802.11 stack -# into user space. +# This can be used to move MLME processing of Linux mac80211 stack into user +# space. Please note that this is currently only available with +# driver_nl80211.c and only with a modified version of Linux kernel and +# wpa_supplicant. #CONFIG_CLIENT_MLME=y -# Currently, driver_devicescape.c build requires some additional parameters -# to be able to include some of the kernel header files. Following lines can -# be used to set these (WIRELESS_DEV must point to the root directory of the -# wireless-dev.git tree). -#WIRELESS_DEV=/usr/src/wireless-dev -#CFLAGS += -I$(WIRELESS_DEV)/net/mac80211 -# IEEE 802.11r/D4.1 (Fast BSS Transition) -# This enables an experimental implementation of a draft version of -# IEEE 802.11r. This draft is still subject to change, so it should be noted -# that this version may not comply with the final standard. +# IEEE Std 802.11r-2008 (Fast BSS Transition) #CONFIG_IEEE80211R=y # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) @@ -360,3 +376,7 @@ CONFIG_DEBUG_FILE=y # Enable privilege separation (see README 'Privilege separation' for details) #CONFIG_PRIVSEP=y + +# Enable mitigation against certain attacks against TKIP by delaying Michael +# MIC error reports by a random amount of time between 0 and 60 seconds +#CONFIG_DELAYED_MIC_ERROR_REPORT=y diff --git a/package/wpa_supplicant/patches/110-roaming.patch b/package/wpa_supplicant/patches/110-roaming.patch index 9e54eb51079..077c2e56b30 100644 --- a/package/wpa_supplicant/patches/110-roaming.patch +++ b/package/wpa_supplicant/patches/110-roaming.patch @@ -1,7 +1,7 @@ This patch decreases the timeouts for assoc/auth to more realistic values. Improves roaming speed --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c -@@ -849,7 +849,7 @@ static void wpa_supplicant_event_assoc(s +@@ -854,7 +854,7 @@ static void wpa_supplicant_event_assoc(s wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); } else if (!ft_completed) { /* Timeout for receiving the first EAPOL packet */ diff --git a/package/wpa_supplicant/patches/130-scanning.patch b/package/wpa_supplicant/patches/130-scanning.patch index 4c95bb9f600..aad4450f7d9 100644 --- a/package/wpa_supplicant/patches/130-scanning.patch +++ b/package/wpa_supplicant/patches/130-scanning.patch @@ -50,7 +50,7 @@ Add a scan result cache to improve roaming speed if the driver gave us a backgro #ifdef EAP_TLS_OPENSSL --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c -@@ -536,7 +536,7 @@ wpa_supplicant_select_bss_non_wpa(struct +@@ -541,7 +541,7 @@ wpa_supplicant_select_bss_non_wpa(struct "BSSID mismatch"); continue; } @@ -59,7 +59,7 @@ Add a scan result cache to improve roaming speed if the driver gave us a backgro if (!(ssid->key_mgmt & WPA_KEY_MGMT_NONE) && !(ssid->key_mgmt & WPA_KEY_MGMT_WPS) && !(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) -@@ -546,7 +546,7 @@ wpa_supplicant_select_bss_non_wpa(struct +@@ -551,7 +551,7 @@ wpa_supplicant_select_bss_non_wpa(struct continue; } @@ -68,7 +68,7 @@ Add a scan result cache to improve roaming speed if the driver gave us a backgro (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_FT_PSK | WPA_KEY_MGMT_IEEE8021X_SHA256 | -@@ -635,6 +635,9 @@ static void wpa_supplicant_event_scan_re +@@ -640,6 +640,9 @@ static void wpa_supplicant_event_scan_re wpa_s->disconnected) return; @@ -78,7 +78,7 @@ Add a scan result cache to improve roaming speed if the driver gave us a backgro while (selected == NULL) { for (prio = 0; prio < wpa_s->conf->num_prio; prio++) { selected = wpa_supplicant_select_bss( -@@ -647,6 +650,7 @@ static void wpa_supplicant_event_scan_re +@@ -652,6 +655,7 @@ static void wpa_supplicant_event_scan_re wpa_printf(MSG_DEBUG, "No APs found - clear blacklist " "and try again"); wpa_blacklist_clear(wpa_s); @@ -86,7 +86,7 @@ Add a scan result cache to improve roaming speed if the driver gave us a backgro wpa_s->blacklist_cleared++; } else if (selected == NULL) { break; -@@ -682,10 +686,12 @@ static void wpa_supplicant_event_scan_re +@@ -687,10 +691,12 @@ static void wpa_supplicant_event_scan_re rsn_preauth_scan_results(wpa_s->wpa, wpa_s->scan_res); } else { wpa_printf(MSG_DEBUG, "No suitable AP found."); @@ -100,7 +100,7 @@ Add a scan result cache to improve roaming speed if the driver gave us a backgro return; req_scan: -@@ -889,6 +895,9 @@ static void wpa_supplicant_event_disasso +@@ -894,6 +900,9 @@ static void wpa_supplicant_event_disasso } if (wpa_s->wpa_state >= WPA_ASSOCIATED) wpa_supplicant_req_scan(wpa_s, 0, 100000);