Cumulative patch to Release 2.3
724fce8 Change version information for the 2.3 release
5cb1440 Update ChangeLog files for v2.3
2b28ef6 browser-wpadebug: Use more robust mechanism for starting browser
3d8a3ff browser-android: Use more robust mechanism for starting browser
17dc39a browser-system: Use more robust mechanism for starting browser
4a274f4 DFS: Allow 80+80 MHz be configured for VHT
Change-Id: I5562ac22e5bf8a55d0f7f8944ca0d9c8ebd8d13f
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog
index 9de9438..f0e4604 100644
--- a/hostapd/ChangeLog
+++ b/hostapd/ChangeLog
@@ -1,5 +1,24 @@
ChangeLog for hostapd
+2014-10-09 - v2.3
+ * fixed number of minor issues identified in static analyzer warnings
+ * fixed DFS and channel switch operation for multi-BSS cases
+ * started to use constant time comparison for various password and hash
+ values to reduce possibility of any externally measurable timing
+ differences
+ * extended explicit clearing of freed memory and expired keys to avoid
+ keeping private data in memory longer than necessary
+ * added support for number of new RADIUS attributes from RFC 7268
+ (Mobility-Domain-Id, WLAN-HESSID, WLAN-Pairwise-Cipher,
+ WLAN-Group-Cipher, WLAN-AKM-Suite, WLAN-Group-Mgmt-Pairwise-Cipher)
+ * fixed GET_CONFIG wpa_pairwise_cipher value
+ * added code to clear bridge FDB entry on station disconnection
+ * fixed PMKSA cache timeout from Session-Timeout for WPA/WPA2 cases
+ * fixed OKC PMKSA cache entry fetch to avoid a possible infinite loop
+ in case the first entry does not match
+ * fixed hostapd_cli action script execution to use more robust mechanism
+ (CVE-2014-3686)
+
2014-06-04 - v2.2
* fixed SAE confirm-before-commit validation to avoid a potential
segmentation fault in an unexpected message sequence that could be
diff --git a/src/ap/dfs.c b/src/ap/dfs.c
index 20419f3..a6ec20b 100644
--- a/src/ap/dfs.c
+++ b/src/ap/dfs.c
@@ -18,10 +18,12 @@
#include "dfs.h"
-static int dfs_get_used_n_chans(struct hostapd_iface *iface)
+static int dfs_get_used_n_chans(struct hostapd_iface *iface, int *seg1)
{
int n_chans = 1;
+ *seg1 = 0;
+
if (iface->conf->ieee80211n && iface->conf->secondary_channel)
n_chans = 2;
@@ -35,6 +37,10 @@
case VHT_CHANWIDTH_160MHZ:
n_chans = 8;
break;
+ case VHT_CHANWIDTH_80P80MHZ:
+ n_chans = 4;
+ *seg1 = 4;
+ break;
default:
break;
}
@@ -170,10 +176,10 @@
{
struct hostapd_hw_modes *mode;
struct hostapd_channel_data *chan;
- int i, channel_idx = 0, n_chans;
+ int i, channel_idx = 0, n_chans, n_chans1;
mode = iface->current_mode;
- n_chans = dfs_get_used_n_chans(iface);
+ n_chans = dfs_get_used_n_chans(iface, &n_chans1);
wpa_printf(MSG_DEBUG, "DFS new chan checking %d channels", n_chans);
for (i = 0; i < mode->num_channels; i++) {
@@ -246,12 +252,15 @@
/* Return start channel idx we will use for mode->channels[idx] */
-static int dfs_get_start_chan_idx(struct hostapd_iface *iface)
+static int dfs_get_start_chan_idx(struct hostapd_iface *iface, int *seg1_start)
{
struct hostapd_hw_modes *mode;
struct hostapd_channel_data *chan;
int channel_no = iface->conf->channel;
int res = -1, i;
+ int chan_seg1 = -1;
+
+ *seg1_start = -1;
/* HT40- */
if (iface->conf->ieee80211n && iface->conf->secondary_channel == -1)
@@ -270,9 +279,15 @@
channel_no =
iface->conf->vht_oper_centr_freq_seg0_idx - 14;
break;
+ case VHT_CHANWIDTH_80P80MHZ:
+ channel_no =
+ iface->conf->vht_oper_centr_freq_seg0_idx - 6;
+ chan_seg1 =
+ iface->conf->vht_oper_centr_freq_seg1_idx - 6;
+ break;
default:
wpa_printf(MSG_INFO,
- "DFS only VHT20/40/80/160 is supported now");
+ "DFS only VHT20/40/80/160/80+80 is supported now");
channel_no = -1;
break;
}
@@ -288,6 +303,23 @@
}
}
+ if (res != -1 && chan_seg1 > -1) {
+ int found = 0;
+
+ /* Get idx for seg1 */
+ mode = iface->current_mode;
+ for (i = 0; i < mode->num_channels; i++) {
+ chan = &mode->channels[i];
+ if (chan->chan == chan_seg1) {
+ *seg1_start = i;
+ found = 1;
+ break;
+ }
+ }
+ if (!found)
+ res = -1;
+ }
+
if (res == -1) {
wpa_printf(MSG_DEBUG,
"DFS chan_idx seems wrong; num-ch: %d ch-no: %d conf-ch-no: %d 11n: %d sec-ch: %d vht-oper-width: %d",
@@ -511,17 +543,17 @@
static int dfs_are_channels_overlapped(struct hostapd_iface *iface, int freq,
int chan_width, int cf1, int cf2)
{
- int start_chan_idx;
+ int start_chan_idx, start_chan_idx1;
struct hostapd_hw_modes *mode;
struct hostapd_channel_data *chan;
- int n_chans, i, j, frequency = freq, radar_n_chans = 1;
+ int n_chans, n_chans1, i, j, frequency = freq, radar_n_chans = 1;
u8 radar_chan;
int res = 0;
/* Our configuration */
mode = iface->current_mode;
- start_chan_idx = dfs_get_start_chan_idx(iface);
- n_chans = dfs_get_used_n_chans(iface);
+ start_chan_idx = dfs_get_start_chan_idx(iface, &start_chan_idx1);
+ n_chans = dfs_get_used_n_chans(iface, &n_chans1);
/* Check we are on DFS channel(s) */
if (!dfs_check_chans_radar(iface, start_chan_idx, n_chans))
@@ -604,19 +636,20 @@
int hostapd_handle_dfs(struct hostapd_iface *iface)
{
struct hostapd_channel_data *channel;
- int res, n_chans, start_chan_idx;
+ int res, n_chans, n_chans1, start_chan_idx, start_chan_idx1;
int skip_radar = 0;
iface->cac_started = 0;
do {
/* Get start (first) channel for current configuration */
- start_chan_idx = dfs_get_start_chan_idx(iface);
+ start_chan_idx = dfs_get_start_chan_idx(iface,
+ &start_chan_idx1);
if (start_chan_idx == -1)
return -1;
/* Get number of used channels, depend on width */
- n_chans = dfs_get_used_n_chans(iface);
+ n_chans = dfs_get_used_n_chans(iface, &n_chans1);
/* Setup CAC time */
iface->dfs_cac_ms = dfs_get_cac_time(iface, start_chan_idx,
@@ -928,20 +961,25 @@
int hostapd_is_dfs_required(struct hostapd_iface *iface)
{
- int n_chans, start_chan_idx;
+ int n_chans, n_chans1, start_chan_idx, start_chan_idx1, res;
if (!iface->conf->ieee80211h || !iface->current_mode ||
iface->current_mode->mode != HOSTAPD_MODE_IEEE80211A)
return 0;
/* Get start (first) channel for current configuration */
- start_chan_idx = dfs_get_start_chan_idx(iface);
+ start_chan_idx = dfs_get_start_chan_idx(iface, &start_chan_idx1);
if (start_chan_idx == -1)
return -1;
/* Get number of used channels, depend on width */
- n_chans = dfs_get_used_n_chans(iface);
+ n_chans = dfs_get_used_n_chans(iface, &n_chans1);
/* Check if any of configured channels require DFS */
- return dfs_check_chans_radar(iface, start_chan_idx, n_chans);
+ res = dfs_check_chans_radar(iface, start_chan_idx, n_chans);
+ if (res)
+ return res;
+ if (start_chan_idx1 >= 0 && n_chans1 > 0)
+ res = dfs_check_chans_radar(iface, start_chan_idx1, n_chans1);
+ return res;
}
diff --git a/src/common/version.h b/src/common/version.h
index 1f25432..726289d 100644
--- a/src/common/version.h
+++ b/src/common/version.h
@@ -5,6 +5,6 @@
#define VERSION_STR_POSTFIX ""
#endif /* VERSION_STR_POSTFIX */
-#define VERSION_STR "2.3-devel" VERSION_STR_POSTFIX
+#define VERSION_STR "2.3" VERSION_STR_POSTFIX
#endif /* VERSION_H */
diff --git a/src/utils/browser-android.c b/src/utils/browser-android.c
index a066392..d5ff5b5 100644
--- a/src/utils/browser-android.c
+++ b/src/utils/browser-android.c
@@ -75,7 +75,7 @@
os_memset(&data, 0, sizeof(data));
ret = os_snprintf(cmd, sizeof(cmd),
- "am start -a android.intent.action.VIEW -d '%s' "
+ "start -a android.intent.action.VIEW -d %s "
"-n com.android.browser/.BrowserActivity", url);
if (ret < 0 || (size_t) ret >= sizeof(cmd)) {
wpa_printf(MSG_ERROR, "Too long URL");
@@ -94,7 +94,7 @@
return -1;
}
- if (system(cmd) != 0) {
+ if (os_exec("/system/bin/am", cmd, 1) != 0) {
wpa_printf(MSG_INFO, "Failed to launch Android browser");
eloop_cancel_timeout(browser_timeout, NULL, NULL);
http_server_deinit(http);
@@ -109,7 +109,7 @@
eloop_destroy();
wpa_printf(MSG_INFO, "Closing Android browser");
- if (system("input keyevent 3") != 0) {
+ if (os_exec("/system/bin/input", "keyevent 3", 1) != 0) {
wpa_printf(MSG_INFO, "Failed to inject keyevent");
}
diff --git a/src/utils/browser-system.c b/src/utils/browser-system.c
index 2884d34..a080e2c 100644
--- a/src/utils/browser-system.c
+++ b/src/utils/browser-system.c
@@ -92,7 +92,7 @@
return -1;
}
- if (system(cmd) != 0) {
+ if (os_exec("/usr/bin/x-www-browser", url, 0) != 0) {
wpa_printf(MSG_INFO, "Failed to launch browser");
eloop_cancel_timeout(browser_timeout, NULL, NULL);
http_server_deinit(http);
diff --git a/src/utils/browser-wpadebug.c b/src/utils/browser-wpadebug.c
index eeb8f65..ce3054b 100644
--- a/src/utils/browser-wpadebug.c
+++ b/src/utils/browser-wpadebug.c
@@ -76,7 +76,7 @@
os_memset(&data, 0, sizeof(data));
ret = os_snprintf(cmd, sizeof(cmd),
- "am start -a android.action.MAIN "
+ "start -a android.action.MAIN "
"-c android.intent.category.LAUNCHER "
"-n w1.fi.wpadebug/.WpaWebViewActivity "
"-e w1.fi.wpadebug.URL '%s'", url);
@@ -97,7 +97,7 @@
return -1;
}
- if (system(cmd) != 0) {
+ if (os_exec("/system/bin/am", cmd, 1) != 0) {
wpa_printf(MSG_INFO, "Failed to launch wpadebug browser");
eloop_cancel_timeout(browser_timeout, NULL, NULL);
http_server_deinit(http);
@@ -112,10 +112,11 @@
eloop_destroy();
wpa_printf(MSG_INFO, "Closing Android browser");
- if (system("am start -a android.action.MAIN "
- "-c android.intent.category.LAUNCHER "
- "-n w1.fi.wpadebug/.WpaWebViewActivity "
- "-e w1.fi.wpadebug.URL FINISH") != 0) {
+ if (os_exec("/system/bin/am",
+ "start -a android.action.MAIN "
+ "-c android.intent.category.LAUNCHER "
+ "-n w1.fi.wpadebug/.WpaWebViewActivity "
+ "-e w1.fi.wpadebug.URL FINISH", 1) != 0) {
wpa_printf(MSG_INFO, "Failed to close wpadebug browser");
}
diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog
index 5558a5e..f09e7a0 100644
--- a/wpa_supplicant/ChangeLog
+++ b/wpa_supplicant/ChangeLog
@@ -1,5 +1,70 @@
ChangeLog for wpa_supplicant
+2014-10-09 - v2.3
+ * fixed number of minor issues identified in static analyzer warnings
+ * fixed wfd_dev_info to be more careful and not read beyond the buffer
+ when parsing invalid information for P2P-DEVICE-FOUND
+ * extended P2P and GAS query operations to support drivers that have
+ maximum remain-on-channel time below 1000 ms (500 ms is the current
+ minimum supported value)
+ * added p2p_search_delay parameter to make the default p2p_find delay
+ configurable
+ * improved P2P operating channel selection for various multi-channel
+ concurrency cases
+ * fixed some TDLS failure cases to clean up driver state
+ * fixed dynamic interface addition cases with nl80211 to avoid adding
+ ifindex values to incorrect interface to skip foreign interface events
+ properly
+ * added TDLS workaround for some APs that may add extra data to the
+ end of a short frame
+ * fixed EAP-AKA' message parser with multiple AT_KDF attributes
+ * added configuration option (p2p_passphrase_len) to allow longer
+ passphrases to be generated for P2P groups
+ * fixed IBSS channel configuration in some corner cases
+ * improved HT/VHT/QoS parameter setup for TDLS
+ * modified D-Bus interface for P2P peers/groups
+ * started to use constant time comparison for various password and hash
+ values to reduce possibility of any externally measurable timing
+ differences
+ * extended explicit clearing of freed memory and expired keys to avoid
+ keeping private data in memory longer than necessary
+ * added optional scan_id parameter to the SCAN command to allow manual
+ scan requests for active scans for specific configured SSIDs
+ * fixed CTRL-EVENT-REGDOM-CHANGE event init parameter value
+ * added option to set Hotspot 2.0 Rel 2 update_identifier in network
+ configuration to support external configuration
+ * modified Android PNO functionality to send Probe Request frames only
+ for hidden SSIDs (based on scan_ssid=1)
+ * added generic mechanism for adding vendor elements into frames at
+ runtime (VENDOR_ELEM_ADD, VENDOR_ELEM_GET, VENDOR_ELEM_REMOVE)
+ * added fields to show unrecognized vendor elements in P2P_PEER
+ * removed EAP-TTLS/MSCHAPv2 interoperability workaround so that
+ MS-CHAP2-Success is required to be present regardless of
+ eap_workaround configuration
+ * modified EAP fast session resumption to allow results to be used only
+ with the same network block that generated them
+ * extended freq_list configuration to apply for sched_scan as well as
+ normal scan
+ * modified WPS to merge mixed-WPA/WPA2 credentials from a single session
+ * fixed nl80211/RTM_DELLINK processing when a P2P GO interface is
+ removed from a bridge
+ * fixed number of small P2P issues to make negotiations more robust in
+ corner cases
+ * added experimental support for using temporary, random local MAC
+ address (mac_addr and preassoc_mac_addr parameters); this is disabled
+ by default (i.e., previous behavior of using permanent address is
+ maintained if configuration is not changed)
+ * added D-Bus interface for setting/clearing WFD IEs
+ * fixed TDLS AID configuration for VHT
+ * modified -m<conf> configuration file to be used only for the P2P
+ non-netdev management device and do not load this for the default
+ station interface or load the station interface configuration for
+ the P2P management interface
+ * fixed external MAC address changes while wpa_supplicant is running
+ * started to enable HT (if supported by the driver) for IBSS
+ * fixed wpa_cli action script execution to use more robust mechanism
+ (CVE-2014-3686)
+
2014-06-04 - v2.2
* added DFS indicator to get_capability freq
* added/fixed nl80211 functionality