diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..73c97f9
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/wpa_supplicant-2.0.tar.gz
diff --git a/.wpa_supplicant.metadata b/.wpa_supplicant.metadata
new file mode 100644
index 0000000..f038e04
--- /dev/null
+++ b/.wpa_supplicant.metadata
@@ -0,0 +1 @@
+78a456ff3c4af4b9bae2e0908a40f48755ffc59c SOURCES/wpa_supplicant-2.0.tar.gz
diff --git a/README.md b/README.md
deleted file mode 100644
index 0e7897f..0000000
--- a/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-The master branch has no content
-
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
-
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/0001-Add-os_exec-helper-to-run-external-programs.patch b/SOURCES/0001-Add-os_exec-helper-to-run-external-programs.patch
new file mode 100644
index 0000000..4b774bd
--- /dev/null
+++ b/SOURCES/0001-Add-os_exec-helper-to-run-external-programs.patch
@@ -0,0 +1,143 @@
+From 89de07a9442072f88d49869d8ecd8d42bae050a0 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Mon, 6 Oct 2014 16:27:44 +0300
+Subject: [PATCH 1/2] Add os_exec() helper to run external programs
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+---
+ src/utils/os.h | 9 +++++++++
+ src/utils/os_unix.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++
+ src/utils/os_win32.c | 6 ++++++
+ 3 files changed, 70 insertions(+)
+
+diff --git a/src/utils/os.h b/src/utils/os.h
+index f196209..b9247d8 100644
+--- a/src/utils/os.h
++++ b/src/utils/os.h
+@@ -597,14 +597,23 @@ size_t os_strlcpy(char *dest, const char *src, size_t siz);
+ * Returns: Total length of the target string (length of src) (not including
+ * NUL-termination)
+ *
+ * This function matches in behavior with the strlcpy(3) function in OpenBSD.
+ */
+ size_t os_strlcpy(char *dest, const char *src, size_t siz);
+
++/**
++ * os_exec - Execute an external program
++ * @program: Path to the program
++ * @arg: Command line argument string
++ * @wait_completion: Whether to wait until the program execution completes
++ * Returns: 0 on success, -1 on error
++ */
++int os_exec(const char *program, const char *arg, int wait_completion);
++
+
+ #ifdef OS_REJECT_C_LIB_FUNCTIONS
+ #define malloc OS_DO_NOT_USE_malloc
+ #define realloc OS_DO_NOT_USE_realloc
+ #define free OS_DO_NOT_USE_free
+ #define memcpy OS_DO_NOT_USE_memcpy
+ #define memmove OS_DO_NOT_USE_memmove
+diff --git a/src/utils/os_unix.c b/src/utils/os_unix.c
+index 7498967..523a4d0 100644
+--- a/src/utils/os_unix.c
++++ b/src/utils/os_unix.c
+@@ -5,14 +5,15 @@
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+ #include "includes.h"
+
+ #include <time.h>
++#include <sys/wait.h>
+
+ #ifdef ANDROID
+ #include <linux/capability.h>
+ #include <linux/prctl.h>
+ #include <private/android_filesystem_config.h>
+ #endif /* ANDROID */
+
+@@ -550,7 +551,61 @@ char * os_strdup(const char *s)
+ return NULL;
+ os_memcpy(d, s, len);
+ d[len] = '\0';
+ return d;
+ }
+
+ #endif /* WPA_TRACE */
++
++
++int os_exec(const char *program, const char *arg, int wait_completion)
++{
++ pid_t pid;
++ int pid_status;
++
++ pid = fork();
++ if (pid < 0) {
++ perror("fork");
++ return -1;
++ }
++
++ if (pid == 0) {
++ /* run the external command in the child process */
++ const int MAX_ARG = 30;
++ char *_program, *_arg, *pos;
++ char *argv[MAX_ARG + 1];
++ int i;
++
++ _program = os_strdup(program);
++ _arg = os_strdup(arg);
++
++ argv[0] = _program;
++
++ i = 1;
++ pos = _arg;
++ while (i < MAX_ARG && pos && *pos) {
++ while (*pos == ' ')
++ pos++;
++ if (*pos == '\0')
++ break;
++ argv[i++] = pos;
++ pos = os_strchr(pos, ' ');
++ if (pos)
++ *pos++ = '\0';
++ }
++ argv[i] = NULL;
++
++ execv(program, argv);
++ perror("execv");
++ os_free(_program);
++ os_free(_arg);
++ exit(0);
++ return -1;
++ }
++
++ if (wait_completion) {
++ /* wait for the child process to complete in the parent */
++ waitpid(pid, &pid_status, 0);
++ }
++
++ return 0;
++}
+diff --git a/src/utils/os_win32.c b/src/utils/os_win32.c
+index 55937de..57ee132 100644
+--- a/src/utils/os_win32.c
++++ b/src/utils/os_win32.c
+@@ -254,7 +254,13 @@ int os_memcmp_const(const void *a, const void *b, size_t len)
+ *dest = '\0';
+ while (*s++)
+ ; /* determine total src string length */
+ }
+
+ return s - src - 1;
+ }
++
++
++int os_exec(const char *program, const char *arg, int wait_completion)
++{
++ return -1;
++}
+--
+1.9.3
+
diff --git a/SOURCES/0002-wpa_cli-Use-os_exec-for-action-script-execution.patch b/SOURCES/0002-wpa_cli-Use-os_exec-for-action-script-execution.patch
new file mode 100644
index 0000000..2ff9301
--- /dev/null
+++ b/SOURCES/0002-wpa_cli-Use-os_exec-for-action-script-execution.patch
@@ -0,0 +1,67 @@
+From c5f258de76dbb67fb64beab39a99e5c5711f41fe Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Mon, 6 Oct 2014 17:25:52 +0300
+Subject: [PATCH 2/2] wpa_cli: Use os_exec() for action script execution
+
+Use os_exec() to run the action script operations to avoid undesired
+command line processing for control interface event strings. Previously,
+it could have been possible for some of the event strings to include
+unsanitized data which is not suitable for system() use. (CVE-2014-3686)
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+---
+ wpa_supplicant/wpa_cli.c | 25 ++++++++-----------------
+ 1 file changed, 8 insertions(+), 17 deletions(-)
+
+diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
+index 18b9b77..fe30b41 100644
+--- a/wpa_supplicant/wpa_cli.c
++++ b/wpa_supplicant/wpa_cli.c
+@@ -3155,36 +3155,27 @@ static int str_match(const char *a, const char *b)
+ return os_strncmp(a, b, os_strlen(b)) == 0;
+ }
+
+
+ static int wpa_cli_exec(const char *program, const char *arg1,
+ const char *arg2)
+ {
+- char *cmd;
++ char *arg;
+ size_t len;
+ int res;
+- int ret = 0;
+
+- len = os_strlen(program) + os_strlen(arg1) + os_strlen(arg2) + 3;
+- cmd = os_malloc(len);
+- if (cmd == NULL)
++ len = os_strlen(arg1) + os_strlen(arg2) + 2;
++ arg = os_malloc(len);
++ if (arg == NULL)
+ return -1;
+- res = os_snprintf(cmd, len, "%s %s %s", program, arg1, arg2);
+- if (res < 0 || (size_t) res >= len) {
+- os_free(cmd);
+- return -1;
+- }
+- cmd[len - 1] = '\0';
+-#ifndef _WIN32_WCE
+- if (system(cmd) < 0)
+- ret = -1;
+-#endif /* _WIN32_WCE */
+- os_free(cmd);
++ os_snprintf(arg, len, "%s %s", arg1, arg2);
++ res = os_exec(program, arg, 1);
++ os_free(arg);
+
+- return ret;
++ return res;
+ }
+
+
+ static void wpa_cli_action_process(const char *msg)
+ {
+ const char *pos;
+ char *copy = NULL, *id, *pos2;
+--
+1.9.3
+
diff --git a/SOURCES/build-config b/SOURCES/build-config
new file mode 100644
index 0000000..5337f8a
--- /dev/null
+++ b/SOURCES/build-config
@@ -0,0 +1,38 @@
+CONFIG_CTRL_IFACE=y
+CONFIG_CTRL_IFACE_DBUS=y
+CONFIG_CTRL_IFACE_DBUS_NEW=y
+CONFIG_CTRL_IFACE_DBUS_INTRO=y
+CONFIG_DRIVER_WEXT=y
+CONFIG_LIBNL32=y
+CONFIG_DRIVER_NL80211=y
+CONFIG_DRIVER_WIRED=y
+CONFIG_IEEE8021X_EAPOL=y
+CONFIG_EAP_MD5=y
+CONFIG_EAP_MSCHAPV2=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_TTLS=y
+CONFIG_EAP_FAST=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_OTP=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_LEAP=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK_SHA256=y
+CONFIG_EAP_TNC=y
+CONFIG_WPS=y
+CONFIG_EAP_IKEV2=y
+CONFIG_PKCS12=y
+CONFIG_SMARTCARD=y
+CONFIG_DEBUG_FILE=y
+CONFIG_BACKEND=file
+CONFIG_PEERKEY=y
+CONFIG_BGSCAN_SIMPLE=y
+#CONFIG_FIPS=y
+CONFIG_AP=y
+CONFIG_P2P=y
+CONFIG_IBSS_RSN=y
+CONFIG_IEEE80211N=y
+CONFIG_EAPOL_TEST=y
diff --git a/SOURCES/libnl3-includes.patch b/SOURCES/libnl3-includes.patch
new file mode 100644
index 0000000..53a3c85
--- /dev/null
+++ b/SOURCES/libnl3-includes.patch
@@ -0,0 +1,12 @@
+diff -up wpa_supplicant-1.0-rc2/src/drivers/drivers.mak.foo wpa_supplicant-1.0-rc2/src/drivers/drivers.mak
+--- wpa_supplicant-1.0-rc2/src/drivers/drivers.mak.foo 2012-03-02 16:11:43.176448714 -0600
++++ wpa_supplicant-1.0-rc2/src/drivers/drivers.mak 2012-03-02 16:12:29.759866341 -0600
+@@ -48,7 +48,7 @@ NEED_RFKILL=y
+ ifdef CONFIG_LIBNL32
+ DRV_LIBS += -lnl-3
+ DRV_LIBS += -lnl-genl-3
+- DRV_CFLAGS += -DCONFIG_LIBNL20 -I/usr/include/libnl3
++ DRV_CFLAGS += -DCONFIG_LIBNL20 `pkg-config --cflags libnl-3.0`
+ else
+ ifdef CONFIG_LIBNL_TINY
+ DRV_LIBS += -lnl-tiny
diff --git a/SOURCES/rh1032758-fix-pmksa-cache-entry-clearing.patch b/SOURCES/rh1032758-fix-pmksa-cache-entry-clearing.patch
new file mode 100644
index 0000000..91fdc12
--- /dev/null
+++ b/SOURCES/rh1032758-fix-pmksa-cache-entry-clearing.patch
@@ -0,0 +1,150 @@
+From 4033935dd9098938838d6d7934ceb65f92a1fa3c Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Wed, 22 May 2013 13:24:30 +0300
+Subject: [PATCH] Fix OKC-based PMKSA cache entry clearing
+
+Commit c3fea272747f738f5723fc577371fe03711d988f added a call to clear
+all other PMKSA cache entries for the same network if the PMKSA cache
+entry of the current AP changed. This was needed to fix OKC cases since
+the other APs would likely use the new PMK in the future. However, this
+ended up clearing entries in cases where that is not desired and this
+resulted in needing additional full EAP authentication with networks
+that did not support OKC if wpa_supplicant was configured to try to use
+it.
+
+Make PMKSA cache entry flushing more limited so that the other entries
+are removed only if they used the old PMK that was replaced for the
+current AP and only if that PMK had previously been used successfully
+(i.e., opportunistic flag was already cleared back to 0 in
+wpa_supplicant_key_neg_complete()). This is still enough to fix the
+issue described in that older commit while not causing problems for
+standard PMKSA caching operations even if OKC is enabled in
+wpa_supplicant configuration.
+
+Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
+---
+ src/rsn_supp/pmksa_cache.c | 27 ++++++++++++++++++++-------
+ src/rsn_supp/pmksa_cache.h | 3 ++-
+ src/rsn_supp/wpa.c | 2 +-
+ 3 files changed, 23 insertions(+), 9 deletions(-)
+
+diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c
+index df67583..93056ea 100644
+--- a/src/rsn_supp/pmksa_cache.c
++++ b/src/rsn_supp/pmksa_cache.c
+@@ -160,25 +160,31 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
+ os_free(entry);
+ return pos;
+ }
+ if (prev == NULL)
+ pmksa->pmksa = pos->next;
+ else
+ prev->next = pos->next;
+- wpa_printf(MSG_DEBUG, "RSN: Replace PMKSA entry for "
+- "the current AP");
+- pmksa_cache_free_entry(pmksa, pos, PMKSA_REPLACE);
+
+ /*
+ * If OKC is used, there may be other PMKSA cache
+ * entries based on the same PMK. These needs to be
+ * flushed so that a new entry can be created based on
+- * the new PMK.
++ * the new PMK. Only clear other entries if they have a
++ * matching PMK and this PMK has been used successfully
++ * with the current AP, i.e., if opportunistic flag has
++ * been cleared in wpa_supplicant_key_neg_complete().
+ */
+- pmksa_cache_flush(pmksa, network_ctx);
++ wpa_printf(MSG_DEBUG, "RSN: Replace PMKSA entry for "
++ "the current AP and any PMKSA cache entry "
++ "that was based on the old PMK");
++ if (!pos->opportunistic)
++ pmksa_cache_flush(pmksa, network_ctx, pos->pmk,
++ pos->pmk_len);
++ pmksa_cache_free_entry(pmksa, pos, PMKSA_REPLACE);
+ break;
+ }
+ prev = pos;
+ pos = pos->next;
+ }
+
+ if (pmksa->pmksa_count >= pmksa_cache_max_entries && pmksa->pmksa) {
+@@ -231,23 +237,30 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
+ }
+
+
+ /**
+ * pmksa_cache_flush - Flush PMKSA cache entries for a specific network
+ * @pmksa: Pointer to PMKSA cache data from pmksa_cache_init()
+ * @network_ctx: Network configuration context or %NULL to flush all entries
++ * @pmk: PMK to match for or %NYLL to match all PMKs
++ * @pmk_len: PMK length
+ */
+-void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, void *network_ctx)
++void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, void *network_ctx,
++ const u8 *pmk, size_t pmk_len)
+ {
+ struct rsn_pmksa_cache_entry *entry, *prev = NULL, *tmp;
+ int removed = 0;
+
+ entry = pmksa->pmksa;
+ while (entry) {
+- if (entry->network_ctx == network_ctx || network_ctx == NULL) {
++ if ((entry->network_ctx == network_ctx ||
++ network_ctx == NULL) &&
++ (pmk == NULL ||
++ (pmk_len == entry->pmk_len &&
++ os_memcmp(pmk, entry->pmk, pmk_len) == 0))) {
+ wpa_printf(MSG_DEBUG, "RSN: Flush PMKSA cache entry "
+ "for " MACSTR, MAC2STR(entry->aa));
+ if (prev)
+ prev->next = entry->next;
+ else
+ pmksa->pmksa = entry->next;
+ tmp = entry;
+diff --git a/src/rsn_supp/pmksa_cache.h b/src/rsn_supp/pmksa_cache.h
+index 6f3dfb3..d5aa229 100644
+--- a/src/rsn_supp/pmksa_cache.h
++++ b/src/rsn_supp/pmksa_cache.h
+@@ -62,15 +62,16 @@ struct rsn_pmksa_cache_entry * pmksa_cache_get_current(struct wpa_sm *sm);
+ void pmksa_cache_clear_current(struct wpa_sm *sm);
+ int pmksa_cache_set_current(struct wpa_sm *sm, const u8 *pmkid,
+ const u8 *bssid, void *network_ctx,
+ int try_opportunistic);
+ struct rsn_pmksa_cache_entry *
+ pmksa_cache_get_opportunistic(struct rsn_pmksa_cache *pmksa,
+ void *network_ctx, const u8 *aa);
+-void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, void *network_ctx);
++void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, void *network_ctx,
++ const u8 *pmk, size_t pmk_len);
+
+ #else /* IEEE8021X_EAPOL and !CONFIG_NO_WPA2 */
+
+ static inline struct rsn_pmksa_cache *
+ pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
+ void *ctx, int reason),
+ void *ctx, struct wpa_sm *sm)
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index e50404c..365a710 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -2618,15 +2618,15 @@ void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr)
+ os_memcpy(sm->rx_replay_counter, replay_ctr, WPA_REPLAY_COUNTER_LEN);
+ }
+
+
+ void wpa_sm_pmksa_cache_flush(struct wpa_sm *sm, void *network_ctx)
+ {
+ #ifndef CONFIG_NO_WPA2
+- pmksa_cache_flush(sm->pmksa, network_ctx);
++ pmksa_cache_flush(sm->pmksa, network_ctx, NULL, 0);
+ #endif /* CONFIG_NO_WPA2 */
+ }
+
+
+ #ifdef CONFIG_WNM
+ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ {
+--
+1.8.3.1
+
diff --git a/SOURCES/rh837402-less-aggressive-roaming.patch b/SOURCES/rh837402-less-aggressive-roaming.patch
new file mode 100644
index 0000000..29f827b
--- /dev/null
+++ b/SOURCES/rh837402-less-aggressive-roaming.patch
@@ -0,0 +1,27 @@
+diff -up wpa_supplicant-0.7.3/wpa_supplicant/events.c.foo wpa_supplicant-0.7.3/wpa_supplicant/events.c
+--- wpa_supplicant-0.7.3/wpa_supplicant/events.c.foo 2012-06-12 12:03:36.172962193 -0500
++++ wpa_supplicant-0.7.3/wpa_supplicant/events.c 2012-06-12 12:03:51.388771973 -0500
+@@ -871,16 +871,14 @@ static int wpa_supplicant_need_to_roam(s
+
+ min_diff = 2;
+ if (current_bss->level < 0) {
+- if (current_bss->level < -85)
+- min_diff = 1;
+- else if (current_bss->level < -80)
+- min_diff = 2;
+- else if (current_bss->level < -75)
+- min_diff = 3;
+- else if (current_bss->level < -70)
++ if (current_bss->level < -75)
+ min_diff = 4;
++ else if (current_bss->level < -70)
++ min_diff = 6;
++ else if (current_bss->level < -65)
++ min_diff = 8;
+ else
+- min_diff = 5;
++ min_diff = 15;
+ }
+ if (abs(current_bss->level - selected->level) < min_diff) {
+ wpa_dbg(wpa_s, MSG_DEBUG, "Skip roam - too small difference "
+
diff --git a/SOURCES/rh948453-man-page.patch b/SOURCES/rh948453-man-page.patch
new file mode 100644
index 0000000..06e95ca
--- /dev/null
+++ b/SOURCES/rh948453-man-page.patch
@@ -0,0 +1,397 @@
+diff -up wpa_supplicant-2.0/wpa_supplicant/doc/docbook/eapol_test.sgml.man-page wpa_supplicant-2.0/wpa_supplicant/doc/docbook/eapol_test.sgml
+--- wpa_supplicant-2.0/wpa_supplicant/doc/docbook/eapol_test.sgml.man-page 2014-01-20 16:40:02.340869189 -0600
++++ wpa_supplicant-2.0/wpa_supplicant/doc/docbook/eapol_test.sgml 2014-01-20 16:40:02.340869189 -0600
+@@ -0,0 +1,205 @@
++<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
++
++<refentry>
++ <refmeta>
++ <refentrytitle>eapol_test</refentrytitle>
++ <manvolnum>8</manvolnum>
++ </refmeta>
++ <refnamediv>
++ <refname>eapol_test</refname>
++
++ <refpurpose>EAP peer and RADIUS client testing</refpurpose>
++ </refnamediv>
++
++ <refsynopsisdiv>
++ <cmdsynopsis>
++ <command>eapol_test</command>
++ <arg>-nWS</arg>
++ <arg>-c<replaceable>config file</replaceable></arg>
++ <arg>-a<replaceable>server IP address</replaceable></arg>
++ <arg>-A<replaceable>client IP address</replaceable></arg>
++ <arg>-p<replaceable>UDP port</replaceable></arg>
++ <arg>-s<replaceable>shared secret</replaceable></arg>
++ <arg>-r<replaceable>re-authentications</replaceable></arg>
++ <arg>-t<replaceable>timeout</replaceable></arg>
++ <arg>-C<replaceable>Connect-Info</replaceable></arg>
++ <arg>-M<replaceable>MAC address</replaceable></arg>
++ <arg>-o<replaceable>file</replaceable></arg>
++ <arg>-N<replaceable>attr spec</replaceable></arg>
++ </cmdsynopsis>
++ <cmdsynopsis>
++ <command>eapol_test scard</command>
++ </cmdsynopsis>
++ <cmdsynopsis>
++ <command>eapol_test sim</command>
++ <arg>PIN</arg>
++ <arg>num triplets</arg>
++ </cmdsynopsis>
++ </refsynopsisdiv>
++
++ <refsect1>
++ <title>Overview</title>
++
++ <para>eapol_test is a program that links together the same EAP
++ peer implementation that wpa_supplicant is using and the RADIUS
++ authentication client code from hostapd. In addition, it has
++ minimal glue code to combine these two components in similar
++ ways to IEEE 802.1X/EAPOL Authenticator state machines. In other
++ words, it integrates IEEE 802.1X Authenticator (normally, an
++ access point) and IEEE 802.1X Supplicant (normally, a wireless
++ client) together to generate a single program that can be used to
++ test EAP methods without having to setup an access point and a
++ wireless client.</para>
++
++ <para>The main uses for eapol_test are in interoperability testing
++ of EAP methods against RADIUS servers and in development testing
++ for new EAP methods. It can be easily used to automate EAP testing
++ for interoperability and regression since the program can be run
++ from shell scripts without require additional test components apart
++ from a RADIUS server. For example, the automated EAP tests described
++ in eap_testing.txt are implemented with eapol_test. Similarly,
++ eapol_test could be used to implement an automated regression
++ test suite for a RADIUS authentication server.</para>
++
++
++ <para>As an example:</para>
++
++<blockquote><programlisting>
++eapol_test -ctest.conf -a127.0.0.1 -p1812 -ssecret -r1
++</programlisting></blockquote>
++
++ <para>tries to complete EAP authentication based on the network
++ configuration from test.conf against the RADIUS server running
++ on the local host. A re-authentication is triggered to test fast
++ re-authentication. The configuration file uses the same format for
++ network blocks as wpa_supplicant.</para>
++
++ </refsect1>
++ <refsect1>
++ <title>Command Arguments</title>
++ <variablelist>
++ <varlistentry>
++ <term>-c configuration file path</term>
++
++ <listitem><para>A configuration to use. The configuration should
++ use the same format for network blocks as wpa_supplicant.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-a AS address</term>
++
++ <listitem><para>IP address of the authentication server. The
++ default is '127.0.0.1'.</para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-A client address</term>
++
++ <listitem><para>IP address of the client. The default is to
++ select an address automatically.</para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-p AS port</term>
++
++ <listitem><para>UDP port of the authentication server. The
++ default is '1812'.</para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-s AS secret</term>
++
++ <listitem><para>Shared secret with the authentication server.
++ The default is 'radius'.</para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-r count</term>
++
++ <listitem><para>Number of reauthentications.</para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-t timeout</term>
++
++ <listitem><para>Timeout in seconds. The default is 30.</para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-C info</term>
++
++ <listitem><para>RADIUS Connect-Info. The default is
++ 'CONNECT 11Mbps 802.11b'.</para></listitem>
++ </varlistentry>
++
++
++ <varlistentry>
++ <term>-M mac address</term>
++
++ <listitem><para>Client MAC address (Calling-Station-Id). The
++ default is '02:00:00:00:00:01'.</para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-o file</term>
++
++ <listitem><para>Location to write out server certificate.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-N attr spec</term>
++
++ <listitem><para>Send arbitrary attribute specific by
++ attr_id:syntax:value, or attr_id alone. attr_id should be the numeric
++ ID of the attribute, and syntax should be one of 's' (string),
++ 'd' (integer), or 'x' (octet string). The value is the attribute value
++ to send. When attr_id is given alone, NULL is used as the attribute
++ value. Multiple attributes can be specified by using the option
++ several times.</para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-n</term>
++
++ <listitem><para>Indicates that no MPPE keys are expected.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-W</term>
++
++ <listitem><para>Wait for a control interface monitor before starting.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-S</term>
++
++ <listitem><para>Save configuration after authentication.
++ </para></listitem>
++ </varlistentry>
++
++ </variablelist>
++ </refsect1>
++ <refsect1>
++ <title>See Also</title>
++ <para>
++ <citerefentry>
++ <refentrytitle>wpa_supplicant</refentrytitle>
++ <manvolnum>8</manvolnum>
++ </citerefentry>
++ </para>
++ </refsect1>
++ <refsect1>
++ <title>Legal</title>
++ <para>wpa_supplicant is copyright (c) 2003-2012,
++ Jouni Malinen <email>j@w1.fi</email> and
++ contributors.
++ All Rights Reserved.</para>
++
++ <para>This program is licensed under the BSD license (the one with
++ advertisement clause removed).</para>
++ </refsect1>
++</refentry>
+diff -up wpa_supplicant-2.0/wpa_supplicant/doc/docbook/Makefile.man-page wpa_supplicant-2.0/wpa_supplicant/doc/docbook/Makefile
+--- wpa_supplicant-2.0/wpa_supplicant/doc/docbook/Makefile.man-page 2013-01-12 09:42:53.000000000 -0600
++++ wpa_supplicant-2.0/wpa_supplicant/doc/docbook/Makefile 2014-01-20 16:40:02.342869164 -0600
+@@ -1,4 +1,4 @@
+-all: man html pdf
++all: man
+
+ FILES += wpa_background
+ FILES += wpa_cli
+@@ -7,6 +7,7 @@ FILES += wpa_passphrase
+ FILES += wpa_priv
+ FILES += wpa_supplicant.conf
+ FILES += wpa_supplicant
++FILES += eapol_test
+
+ man:
+ for i in $(FILES); do docbook2man $$i.sgml; done
+@@ -20,7 +21,7 @@ pdf:
+
+
+ clean:
+- rm -f wpa_background.8 wpa_cli.8 wpa_gui.8 wpa_passphrase.8 wpa_priv.8 wpa_supplicant.8
++ rm -f wpa_background.8 wpa_cli.8 wpa_gui.8 wpa_passphrase.8 wpa_priv.8 wpa_supplicant.8 eapol_test.8
+ rm -f wpa_supplicant.conf.5
+ rm -f manpage.links manpage.refs
+ rm -f $(FILES:%=%.pdf)
+diff -up wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_cli.sgml.man-page wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_cli.sgml
+--- wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_cli.sgml.man-page 2013-01-12 09:42:53.000000000 -0600
++++ wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_cli.sgml 2014-01-20 16:40:02.339869202 -0600
+@@ -15,10 +15,12 @@
+ <cmdsynopsis>
+ <command>wpa_cli</command>
+ <arg>-p <replaceable>path to ctrl sockets</replaceable></arg>
++ <arg>-g <replaceable>path to global ctrl_interface socket</replaceable></arg>
+ <arg>-i <replaceable>ifname</replaceable></arg>
+ <arg>-hvB</arg>
+ <arg>-a <replaceable>action file</replaceable></arg>
+ <arg>-P <replaceable>pid file</replaceable></arg>
++ <arg>-G <replaceable>ping interval</replaceable></arg>
+ <arg><replaceable>command ...</replaceable></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+@@ -111,6 +113,14 @@ CTRL-REQ-OTP-2:Challenge 1235663 needed
+ </varlistentry>
+
+ <varlistentry>
++ <term>-g control socket path</term>
++
++ <listitem><para>Connect to the global control socket at the
++ indicated path rather than an interface-specific control
++ socket.</para></listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term>-i ifname</term>
+
+ <listitem><para>Specify the interface that is being
+@@ -161,6 +171,13 @@ CTRL-REQ-OTP-2:Challenge 1235663 needed
+ </varlistentry>
+
+ <varlistentry>
++ <term>-G ping interval</term>
++
++ <listitem><para>Set the interval (in seconds) at which
++ wpa_cli pings the supplicant.</para></listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term>command</term>
+
+ <listitem><para>Run a command. The available commands are
+diff -up wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_supplicant.sgml.man-page wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_supplicant.sgml
+--- wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_supplicant.sgml.man-page 2013-01-12 09:42:53.000000000 -0600
++++ wpa_supplicant-2.0/wpa_supplicant/doc/docbook/wpa_supplicant.sgml 2014-01-20 16:40:02.339869202 -0600
+@@ -12,7 +12,7 @@
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>wpa_supplicant</command>
+- <arg>-BddfhKLqqtuvW</arg>
++ <arg>-BddfhKLqqsTtuvW</arg>
+ <arg>-i<replaceable>ifname</replaceable></arg>
+ <arg>-c<replaceable>config file</replaceable></arg>
+ <arg>-D<replaceable>driver</replaceable></arg>
+@@ -344,9 +344,20 @@
+ </varlistentry>
+
+ <varlistentry>
++ <term>-e entropy file</term>
++ <listitem>
++ <para>File for <command>wpa_supplicant</command> to use to
++ maintain its internal entropy store in over restarts.</para>
++ </listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term>-f output file</term>
+ <listitem>
+- <para>Log output to specified file instead of stdout.</para>
++ <para>Log output to specified file instead of stdout. (This
++ is only available if <command>wpa_supplicant</command> was
++ built with the <literal>CONFIG_DEBUG_FILE</literal>
++ option.)</para>
+ </listitem>
+ </varlistentry>
+
+@@ -387,6 +398,22 @@
+ </varlistentry>
+
+ <varlistentry>
++ <term>-o override driver</term>
++ <listitem>
++ <para>Override the driver parameter for new
++ interfaces.</para>
++ </listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-O override ctrl_interface</term>
++ <listitem>
++ <para>Override the ctrl_interface parameter for new
++ interfaces.</para>
++ </listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term>-p</term>
+ <listitem>
+ <para>Driver parameters. (Per interface)</para>
+@@ -409,10 +436,40 @@
+ </varlistentry>
+
+ <varlistentry>
++ <term>-s</term>
++ <listitem>
++ <para>Log output to syslog instead of stdout. (This is only
++ available if <command>wpa_supplicant</command> was built
++ with the <literal>CONFIG_DEBUG_SYSLOG</literal>
++ option.)</para>
++ </listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-T</term>
++ <listitem>
++ <para>Log output to Linux tracing in addition to any other
++ destinations. (This is only available
++ if <command>wpa_supplicant</command> was built with
++ the <literal>CONFIG_DEBUG_LINUX_TRACING</literal>
++ option.)</para>
++ </listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-t</term>
++ <listitem>
++ <para>Include timestamp in debug messages.</para>
++ </listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term>-u</term>
+ <listitem>
+- <para>Enabled DBus control interface. If enabled, interface
+- definitions may be omitted.</para>
++ <para>Enable DBus control interface. If enabled, interface
++ definitions may be omitted. (This is only available
++ if <command>wpa_supplicant</command> was built with
++ the <literal>CONFIG_DBUS</literal> option.)</para>
+ </listitem>
+ </varlistentry>
+
+diff -up wpa_supplicant-2.0/wpa_supplicant/main.c.man-page wpa_supplicant-2.0/wpa_supplicant/main.c
+--- wpa_supplicant-2.0/wpa_supplicant/main.c.man-page 2013-01-12 09:42:53.000000000 -0600
++++ wpa_supplicant-2.0/wpa_supplicant/main.c 2014-01-20 16:40:02.340869189 -0600
+@@ -23,11 +23,11 @@ static void usage(void)
+ int i;
+ printf("%s\n\n%s\n"
+ "usage:\n"
+- " wpa_supplicant [-BddhKLqqstuvW] [-P<pid file>] "
++ " wpa_supplicant [-BddhKLqqtvW] [-P<pid file>] "
+ "[-g<global ctrl>] \\\n"
+ " -i<ifname> -c<config file> [-C<ctrl>] [-D<driver>] "
+ "[-p<driver_param>] \\\n"
+- " [-b<br_ifname>] [-f<debug file>] [-e<entropy file>] "
++ " [-b<br_ifname>] [-e<entropy file>] "
+ "\\\n"
+ " [-o<override driver>] [-O<override ctrl>] \\\n"
+ " [-N -i<ifname> -c<conf> [-C<ctrl>] "
diff --git a/SOURCES/wpa_supplicant-assoc-timeout.patch b/SOURCES/wpa_supplicant-assoc-timeout.patch
new file mode 100644
index 0000000..c3b3568
--- /dev/null
+++ b/SOURCES/wpa_supplicant-assoc-timeout.patch
@@ -0,0 +1,16 @@
+diff -up wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c.assoc-timeout wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c
+--- wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c.assoc-timeout 2010-09-07 10:43:39.000000000 -0500
++++ wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c 2010-12-07 18:57:45.163457000 -0600
+@@ -1262,10 +1262,10 @@ void wpa_supplicant_associate(struct wpa
+
+ if (assoc_failed) {
+ /* give IBSS a bit more time */
+- timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
++ timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
+ } else if (wpa_s->conf->ap_scan == 1) {
+ /* give IBSS a bit more time */
+- timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
++ timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 20;
+ }
+ wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
+ }
diff --git a/SOURCES/wpa_supplicant-dbus-service-file-args.patch b/SOURCES/wpa_supplicant-dbus-service-file-args.patch
new file mode 100644
index 0000000..b7478da
--- /dev/null
+++ b/SOURCES/wpa_supplicant-dbus-service-file-args.patch
@@ -0,0 +1,20 @@
+diff -up wpa_supplicant-0.7.3/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in.fedora wpa_supplicant-0.7.3/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
+--- wpa_supplicant-0.7.3/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in.fedora 2008-03-02 20:58:35.000000000 -0500
++++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in 2008-03-02 20:58:41.000000000 -0500
+@@ -1,5 +1,5 @@
+ [D-BUS Service]
+ Name=fi.w1.wpa_supplicant1
+-Exec=@BINDIR@/wpa_supplicant -u
++Exec=@BINDIR@/wpa_supplicant -B -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -P /var/run/wpa_supplicant.pid
+ User=root
+ SystemdService=wpa_supplicant.service
+diff -up wpa_supplicant-0.7.3/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in.fedora wpa_supplicant-0.7.3/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in
+--- wpa_supplicant-0.7.3/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in.fedora 2008-03-02 20:58:35.000000000 -0500
++++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in 2008-03-02 20:58:41.000000000 -0500
+@@ -1,5 +1,5 @@
+ [D-BUS Service]
+ Name=fi.epitest.hostap.WPASupplicant
+-Exec=@BINDIR@/wpa_supplicant -u
++Exec=@BINDIR@/wpa_supplicant -B -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -P /var/run/wpa_supplicant.pid
+ User=root
+ SystemdService=wpa_supplicant.service
diff --git a/SOURCES/wpa_supplicant-flush-debug-output.patch b/SOURCES/wpa_supplicant-flush-debug-output.patch
new file mode 100644
index 0000000..a686851
--- /dev/null
+++ b/SOURCES/wpa_supplicant-flush-debug-output.patch
@@ -0,0 +1,49 @@
+--- wpa_supplicant-0.6.3/src/utils/wpa_debug.c.flush-debug 2007-07-30 23:15:34.000000000 -0400
++++ wpa_supplicant-0.6.3/src/utils/wpa_debug.c 2007-07-30 23:17:06.000000000 -0400
+@@ -157,6 +157,7 @@ void wpa_debug_print_timestamp(void)
+ if (out_file) {
+ fprintf(out_file, "%ld.%06u: ", (long) tv.sec,
+ (unsigned int) tv.usec);
++ fflush(out_file);
+ } else
+ #endif /* CONFIG_DEBUG_FILE */
+ printf("%ld.%06u: ", (long) tv.sec, (unsigned int) tv.usec);
+@@ -185,6 +186,7 @@ void wpa_printf(int level, char *fmt, ..
+ if (out_file) {
+ vfprintf(out_file, fmt, ap);
+ fprintf(out_file, "\n");
++ fflush(out_file);
+ } else {
+ #endif /* CONFIG_DEBUG_FILE */
+ vprintf(fmt, ap);
+@@ -217,6 +219,7 @@ static void _wpa_hexdump(int level, cons
+ fprintf(out_file, " [REMOVED]");
+ }
+ fprintf(out_file, "\n");
++ fflush(out_file);
+ } else {
+ #endif /* CONFIG_DEBUG_FILE */
+ printf("%s - hexdump(len=%lu):", title, (unsigned long) len);
+@@ -262,12 +265,14 @@ static void _wpa_hexdump_ascii(int level
+ fprintf(out_file,
+ "%s - hexdump_ascii(len=%lu): [REMOVED]\n",
+ title, (unsigned long) len);
++ fflush(out_file);
+ return;
+ }
+ if (buf == NULL) {
+ fprintf(out_file,
+ "%s - hexdump_ascii(len=%lu): [NULL]\n",
+ title, (unsigned long) len);
++ fflush(out_file);
+ return;
+ }
+ fprintf(out_file, "%s - hexdump_ascii(len=%lu):\n",
+@@ -292,6 +297,7 @@ static void _wpa_hexdump_ascii(int level
+ pos += llen;
+ len -= llen;
+ }
++ fflush(out_file);
+ } else {
+ #endif /* CONFIG_DEBUG_FILE */
+ if (!show) {
diff --git a/SOURCES/wpa_supplicant-gui-qt4.patch b/SOURCES/wpa_supplicant-gui-qt4.patch
new file mode 100644
index 0000000..ab7a38d
--- /dev/null
+++ b/SOURCES/wpa_supplicant-gui-qt4.patch
@@ -0,0 +1,16 @@
+diff -up wpa_supplicant-0.7.3/wpa_supplicant/Makefile.qt4 wpa_supplicant-0.7.3/wpa_supplicant/Makefile
+--- wpa_supplicant-0.7.3/wpa_supplicant/Makefile.qt4 2010-09-07 10:43:39.000000000 -0500
++++ wpa_supplicant-0.7.3/wpa_supplicant/Makefile 2010-12-08 10:07:44.152664004 -0600
+@@ -1352,10 +1352,10 @@ wpa_gui: wpa_gui/Makefile
+ @echo "wpa_gui has been removed - see wpa_gui-qt4 for replacement"
+
+ wpa_gui-qt4/Makefile:
+- qmake -o wpa_gui-qt4/Makefile wpa_gui-qt4/wpa_gui.pro
++ qmake-qt4 -o wpa_gui-qt4/Makefile wpa_gui-qt4/wpa_gui.pro
+
+ wpa_gui-qt4/lang/wpa_gui_de.qm: wpa_gui-qt4/lang/wpa_gui_de.ts
+- lrelease wpa_gui-qt4/wpa_gui.pro
++ lrelease-qt4 wpa_gui-qt4/wpa_gui.pro
+
+ wpa_gui-qt4: wpa_gui-qt4/Makefile wpa_gui-qt4/lang/wpa_gui_de.qm
+ $(MAKE) -C wpa_gui-qt4
diff --git a/SOURCES/wpa_supplicant-openssl-more-algs.patch b/SOURCES/wpa_supplicant-openssl-more-algs.patch
new file mode 100644
index 0000000..b44c463
--- /dev/null
+++ b/SOURCES/wpa_supplicant-openssl-more-algs.patch
@@ -0,0 +1,16 @@
+diff -up wpa_supplicant-0.7.3/src/crypto/tls_openssl.c.more-openssl-algs wpa_supplicant-0.7.3/src/crypto/tls_openssl.c
+--- wpa_supplicant-0.7.3/src/crypto/tls_openssl.c.more-openssl-algs 2010-09-07 10:43:39.000000000 -0500
++++ wpa_supplicant-0.7.3/src/crypto/tls_openssl.c 2010-12-08 10:01:02.967664004 -0600
+@@ -710,6 +710,11 @@ void * tls_init(const struct tls_config
+ #endif /* OPENSSL_FIPS */
+ #endif /* CONFIG_FIPS */
+ SSL_load_error_strings();
++ /* Only add potentially weak hashes and encryption algorithms
++ * when FIPS mode is not enabled.
++ */
++ if (!conf || !conf->fips_mode)
++ OpenSSL_add_all_algorithms();
+ SSL_library_init();
+ #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
+ EVP_add_digest(EVP_sha256());
+
diff --git a/SOURCES/wpa_supplicant-quiet-scan-results-message.patch b/SOURCES/wpa_supplicant-quiet-scan-results-message.patch
new file mode 100644
index 0000000..5bb36a4
--- /dev/null
+++ b/SOURCES/wpa_supplicant-quiet-scan-results-message.patch
@@ -0,0 +1,13 @@
+diff -up wpa_supplicant-0.6.7/wpa_supplicant/events.c.scan-results-msg wpa_supplicant-0.6.7/wpa_supplicant/events.c
+--- wpa_supplicant-0.6.7/wpa_supplicant/events.c.scan-results-msg 2009-01-30 12:08:34.000000000 -0500
++++ wpa_supplicant-0.6.7/wpa_supplicant/events.c 2009-01-30 12:08:37.000000000 -0500
+@@ -911,7 +911,7 @@ static void wpa_supplicant_event_scan_re
+ }
+
+ wpa_dbg(wpa_s, MSG_DEBUG, "New scan results available");
+- wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS);
++ wpa_msg_ctrl(wpa_s, MSG_DEBUG, WPA_EVENT_SCAN_RESULTS);
+ wpas_notify_scan_results(wpa_s);
+
+ wpas_notify_scan_done(wpa_s, 1);
+
diff --git a/SOURCES/wpa_supplicant.conf b/SOURCES/wpa_supplicant.conf
new file mode 100644
index 0000000..65ad645
--- /dev/null
+++ b/SOURCES/wpa_supplicant.conf
@@ -0,0 +1,3 @@
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+
diff --git a/SOURCES/wpa_supplicant.logrotate b/SOURCES/wpa_supplicant.logrotate
new file mode 100644
index 0000000..bd7ef91
--- /dev/null
+++ b/SOURCES/wpa_supplicant.logrotate
@@ -0,0 +1,6 @@
+/var/log/wpa_supplicant.log {
+ missingok
+ notifempty
+ size 30k
+ create 0600 root root
+}
diff --git a/SOURCES/wpa_supplicant.service b/SOURCES/wpa_supplicant.service
new file mode 100644
index 0000000..45d8b99
--- /dev/null
+++ b/SOURCES/wpa_supplicant.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=WPA Supplicant daemon
+Before=network.target
+After=syslog.target
+
+[Service]
+Type=dbus
+BusName=fi.w1.wpa_supplicant1
+EnvironmentFile=-/etc/sysconfig/wpa_supplicant
+ExecStart=/usr/sbin/wpa_supplicant -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf $INTERFACES $DRIVERS $OTHER_ARGS
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/SOURCES/wpa_supplicant.sysconfig b/SOURCES/wpa_supplicant.sysconfig
new file mode 100644
index 0000000..23fc1e7
--- /dev/null
+++ b/SOURCES/wpa_supplicant.sysconfig
@@ -0,0 +1,16 @@
+# Use the flag "-i" before each of your interfaces, like so:
+# INTERFACES="-ieth1 -iwlan0"
+INTERFACES=""
+
+# Use the flag "-D" before each driver, like so:
+# DRIVERS="-Dwext"
+DRIVERS=""
+
+# Other arguments
+# -u Enable the D-Bus interface (required for use with NetworkManager)
+# -f Log to /var/log/wpa_supplicant.log
+# -P Write pid file to /var/run/wpa_supplicant.pid
+# required to return proper codes by init scripts (e.g. double "start" action)
+# -B to daemonize that has to be used together with -P is already in wpa_supplicant.init.d
+OTHER_ARGS="-u -f /var/log/wpa_supplicant.log -P /var/run/wpa_supplicant.pid"
+
diff --git a/SPECS/wpa_supplicant.spec b/SPECS/wpa_supplicant.spec
new file mode 100644
index 0000000..a36ae21
--- /dev/null
+++ b/SPECS/wpa_supplicant.spec
@@ -0,0 +1,621 @@
+%define rcver %{nil}
+%define snapshot %{nil}
+
+%global _hardened_build 1
+
+Summary: WPA/WPA2/IEEE 802.1X Supplicant
+Name: wpa_supplicant
+Epoch: 1
+Version: 2.0
+Release: 14%{?dist}
+License: BSD
+Group: System Environment/Base
+Source0: http://w1.fi/releases/%{name}-%{version}%{rcver}%{snapshot}.tar.gz
+Source1: build-config
+Source2: %{name}.conf
+Source3: %{name}.service
+Source4: %{name}.sysconfig
+Source6: %{name}.logrotate
+
+%define build_gui 1
+%if 0%{?rhel} >= 1
+%define build_gui 0
+%endif
+
+# distro specific customization and not suitable for upstream,
+# works around busted drivers
+Patch0: wpa_supplicant-assoc-timeout.patch
+# ensures that debug output gets flushed immediately to help diagnose driver
+# bugs, not suitable for upstream
+Patch1: wpa_supplicant-flush-debug-output.patch
+# disto specific customization for log paths, not suitable for upstream
+Patch2: wpa_supplicant-dbus-service-file-args.patch
+# quiet an annoying and frequent syslog message
+Patch3: wpa_supplicant-quiet-scan-results-message.patch
+# allow more private key encryption algorithms
+Patch5: wpa_supplicant-openssl-more-algs.patch
+# distro specific customization for Qt4 build tools, not suitable for upstream
+Patch6: wpa_supplicant-gui-qt4.patch
+# Fix libnl3 includes path
+Patch7: libnl3-includes.patch
+# Less aggressive roaming; signal strength is wildly variable
+Patch8: rh837402-less-aggressive-roaming.patch
+# Add missing command-line options to man page, also filed upstream
+Patch9: rh948453-man-page.patch
+# Don't evict current AP from PMKSA cache when it's large
+Patch10: rh1032758-fix-pmksa-cache-entry-clearing.patch
+# CVE-2014-3686
+Patch11: 0001-Add-os_exec-helper-to-run-external-programs.patch
+Patch12: 0002-wpa_cli-Use-os_exec-for-action-script-execution.patch
+
+URL: http://w1.fi/wpa_supplicant/
+
+%if %{build_gui}
+BuildRequires: qt-devel >= 4.0
+%endif
+BuildRequires: openssl-devel
+BuildRequires: readline-devel
+BuildRequires: dbus-devel
+BuildRequires: libnl3-devel
+BuildRequires: systemd-units
+BuildRequires: docbook-utils
+Requires(post): systemd-sysv
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+
+%description
+wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support
+for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA
+component that is used in the client stations. It implements key negotiation
+with a WPA Authenticator and it controls the roaming and IEEE 802.11
+authentication/association of the wlan driver.
+
+%if %{build_gui}
+
+%package gui
+Summary: Graphical User Interface for %{name}
+Group: Applications/System
+
+%description gui
+Graphical User Interface for wpa_supplicant written using QT
+
+%endif
+
+%prep
+%setup -q -n %{name}-%{version}%{rcver}
+%patch0 -p1 -b .assoc-timeout
+%patch1 -p1 -b .flush-debug-output
+%patch2 -p1 -b .dbus-service-file
+%patch3 -p1 -b .quiet-scan-results-msg
+%patch5 -p1 -b .more-openssl-algs
+%patch6 -p1 -b .qt4
+%patch7 -p1 -b .libnl3
+%patch8 -p1 -b .rh837402-less-aggressive-roaming
+%patch9 -p1 -b .man-page
+%patch10 -p1 -b .pmksa-clear-fix
+%patch11 -p1 -b .CVE-2014-3686-1
+%patch12 -p1 -b .CVE-2014-3686-2
+
+%build
+pushd wpa_supplicant
+ cp %{SOURCE1} .config
+ CFLAGS="${CFLAGS:-%optflags} -fPIE -DPIE" ; export CFLAGS ;
+ CXXFLAGS="${CXXFLAGS:-%optflags} -fPIE -DPIE" ; export CXXFLAGS ;
+ LDFLAGS="${LDFLAGS:-%optflags} -pie -Wl,-z,now" ; export LDFLAGS ;
+ # yes, BINDIR=_sbindir
+ BINDIR="%{_sbindir}" ; export BINDIR ;
+ LIBDIR="%{_libdir}" ; export LIBDIR ;
+ make %{_smp_mflags}
+%if %{build_gui}
+ QTDIR=%{_libdir}/qt4 make wpa_gui-qt4 %{_smp_mflags}
+%endif
+ make eapol_test
+popd
+
+pushd wpa_supplicant/doc/docbook
+ make
+popd
+
+%install
+# init scripts
+install -D -m 0755 %{SOURCE3} %{buildroot}/%{_unitdir}/%{name}.service
+install -D -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/sysconfig/%{name}
+install -D -m 0644 %{SOURCE6} %{buildroot}/%{_sysconfdir}/logrotate.d/%{name}
+
+# config
+install -D -m 0600 %{SOURCE2} %{buildroot}/%{_sysconfdir}/%{name}/%{name}.conf
+
+# binary
+install -d %{buildroot}/%{_sbindir}
+install -m 0755 %{name}/wpa_passphrase %{buildroot}/%{_sbindir}
+install -m 0755 %{name}/wpa_cli %{buildroot}/%{_sbindir}
+install -m 0755 %{name}/wpa_supplicant %{buildroot}/%{_sbindir}
+install -m 0755 %{name}/eapol_test %{buildroot}/%{_sbindir}
+install -D -m 0644 %{name}/dbus/dbus-wpa_supplicant.conf %{buildroot}/%{_sysconfdir}/dbus-1/system.d/wpa_supplicant.conf
+install -D -m 0644 %{name}/dbus/fi.w1.wpa_supplicant1.service %{buildroot}/%{_datadir}/dbus-1/system-services/fi.w1.wpa_supplicant1.service
+install -D -m 0644 %{name}/dbus/fi.epitest.hostap.WPASupplicant.service %{buildroot}/%{_datadir}/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service
+
+%if %{build_gui}
+# gui
+install -d %{buildroot}/%{_bindir}
+install -m 0755 %{name}/wpa_gui-qt4/wpa_gui %{buildroot}/%{_bindir}
+%endif
+
+# running
+mkdir -p %{buildroot}/%{_localstatedir}/run/%{name}
+
+# man pages
+install -d %{buildroot}%{_mandir}/man{5,8}
+install -m 0644 %{name}/doc/docbook/*.8 %{buildroot}%{_mandir}/man8
+install -m 0644 %{name}/doc/docbook/*.5 %{buildroot}%{_mandir}/man5
+
+# some cleanup in docs and examples
+rm -f %{name}/doc/.cvsignore
+rm -rf %{name}/doc/docbook
+chmod -R 0644 %{name}/examples/*.py
+
+%post
+if [ $1 -eq 1 ] ; then
+ # Initial installation
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+fi
+
+%preun
+if [ $1 -eq 0 ] ; then
+ # Package removal, not upgrade
+ /bin/systemctl --no-reload disable wpa_supplicant.service > /dev/null 2>&1 || :
+ /bin/systemctl stop wpa_supplicant.service > /dev/null 2>&1 || :
+fi
+
+%postun
+/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+if [ $1 -ge 1 ] ; then
+ # Package upgrade, not uninstall
+ /bin/systemctl try-restart wpa_supplicant.service >/dev/null 2>&1 || :
+fi
+
+%triggerun -- wpa_supplicant < 0.7.3-10
+# Save the current service runlevel info
+# User must manually run systemd-sysv-convert --apply wpa_supplicant
+# to migrate them to systemd targets
+/usr/bin/systemd-sysv-convert --save wpa_supplicant >/dev/null 2>&1 ||:
+
+# Run these because the SysV package being removed won't do them
+/sbin/chkconfig --del wpa_supplicant >/dev/null 2>&1 || :
+/bin/systemctl try-restart wpa_supplicant.service >/dev/null 2>&1 || :
+
+
+%files
+%doc COPYING %{name}/ChangeLog README %{name}/eap_testing.txt %{name}/todo.txt %{name}/wpa_supplicant.conf %{name}/examples
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
+%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
+%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
+%{_unitdir}/%{name}.service
+%{_sysconfdir}/dbus-1/system.d/%{name}.conf
+%{_datadir}/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service
+%{_datadir}/dbus-1/system-services/fi.w1.wpa_supplicant1.service
+%{_sbindir}/wpa_passphrase
+%{_sbindir}/wpa_supplicant
+%{_sbindir}/wpa_cli
+%{_sbindir}/eapol_test
+%dir %{_localstatedir}/run/%{name}
+%dir %{_sysconfdir}/%{name}
+%{_mandir}/man8/*
+%{_mandir}/man5/*
+
+%if %{build_gui}
+%files gui
+%{_bindir}/wpa_gui
+%endif
+
+%changelog
+* Wed Oct 22 2014 Dan Williams <dcbw@redhat.com> - 1:2.0-14
+- Use os_exec() for action script execution (CVE-2014-3686)
+
+* Mon Jul 14 2014 Thomas Haller <thaller@redhat.com - 1:2.0-13
+- cleanup spec file and remove obsolete libeap parts (rh #1085240)
+
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1:2.0-12
+- Mass rebuild 2014-01-24
+
+* Mon Jan 20 2014 Dan Williams <dcbw@redhat.com> - 1:2.0-11
+- Add eapol_test manpage (rh #948453)
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1:2.0-10
+- Mass rebuild 2013-12-27
+
+* Mon Dec 16 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-9
+- Don't disconnect when PMKSA cache gets too large (rh #1032758) (rh #1016707)
+
+* Mon Dec 16 2013 Dan Winship <danw@redhat.com> - 1:2.0-8
+- Fill in some gaps in the man pages (rh #948453)
+
+* Wed Jul 10 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-6
+- Enable full RELRO/PIE/PIC for wpa_supplicant and libeap
+- Fix changelog dates
+
+* Wed Jul 10 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-5
+- Build and package eapol_test (rh #638218)
+
+* Wed Jul 10 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-4
+- Disable WiMAX libeap hack for RHEL
+
+* Wed May 15 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-3
+- Enable HT (802.11n) for AP mode
+
+* Tue May 7 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-2
+- Use hardened build macros and ensure they apply to libeap too
+
+* Mon May 6 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-1
+- Update to 2.0
+- Be less aggressive when roaming due to signal strength changes (rh #837402)
+
+* Mon Apr 1 2013 Dan Williams <dcbw@redhat.com> - 1:1.1-1
+- Update to 1.1
+- Be less aggressive when roaming due to signal strength changes
+
+* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Sun Jan 20 2013 Dan Horák <dan@danny.cz> - 1:1.0-3
+- rebuilt again for fixed soname in libnl3
+
+* Sun Jan 20 2013 Kalev Lember <kalevlember@gmail.com> - 1:1.0-2
+- Rebuilt for libnl3
+
+* Wed Aug 29 2012 Dan Williams <dcbw@redhat.com> - 1:1.0-1
+- Enable lightweight AP mode support
+- Enable P2P (WiFi Direct) support
+- Enable RSN IBSS/AdHoc support
+
+* Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.0-0.5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Tue May 1 2012 Dan Williams <dcbw@redhat.com> - 1:1.0-0.4
+- Update to wpa_supplicant 1.0-rc3
+- Fix systemd target dependencies (rh #815091)
+
+* Fri Mar 2 2012 Dan Williams <dcbw@redhat.com> - 1:1.0-0.3
+- Update to latest 1.0 git snapshot
+- Rebuild against libnl3
+
+* Thu Feb 2 2012 Dan Williams <dcbw@redhat.com> - 1:1.0-0.2
+- Fix driver fallback for non nl80211-based drivers (rh #783712)
+
+* Tue Jan 10 2012 Dan Williams <dcbw@redhat.com> - 1:1.0-0.1
+- Update to 1.0-rc1 + git
+
+* Fri Sep 9 2011 Tom Callaway <spot@fedoraproject.org> - 1:0.7.3-11
+- add missing systemd scriptlets
+
+* Thu Sep 8 2011 Tom Callaway <spot@fedoraproject.org> - 1:0.7.3-10
+- convert to systemd
+
+* Wed Jul 27 2011 Dan Williams <dcbw@redhat.com> - 1:0.7.3-9
+- Fix various crashes with D-Bus interface (rh #678625) (rh #725517)
+
+* Tue May 3 2011 Dan Williams <dcbw@redhat.com> - 1:0.7.3-8
+- Don't crash when trying to access invalid properties via D-Bus (rh #678625)
+
+* Mon May 2 2011 Dan Williams <dcbw@redhat.com> - 1:0.7.3-7
+- Make examples read-only to avoid erroneous python dependency (rh #687952)
+
+* Tue Apr 19 2011 Bill Nottingham <notting@redhat.com> - 1:0.7.3-6
+- Fix EAP patch to only apply when building libeap
+
+* Fri Mar 25 2011 Bill Nottingham <notting@redhat.com> - 1:0.7.3-5
+- Add libeap/libeap-devel subpackge for WiMAX usage
+
+* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:0.7.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Tue Jan 11 2011 Dan Williams <dcbw@redhat.com> - 1:0.7.3-3
+- Enable EAP-TNC (rh #659038)
+
+* Wed Dec 15 2010 Dan Williams <dcbw@redhat.com> - 1:0.7.3-2
+- Enable the bgscan_simple plugin
+
+* Wed Dec 8 2010 Dan Williams <dcbw@redhat.com> - 1:0.7.3-1
+- Update to 0.7.3
+- Drop upstreamed and backported patches
+- Drop support for Qt3
+
+* Thu Oct 7 2010 Peter Lemenkov <lemenkov@gmail.com> - 1:0.6.8-11
+- Added comments to some patches (see rhbz #226544#c17)
+- Shortened %%install section a bit
+
+* Thu May 13 2010 Dan Williams <dcbw@redhat.com> - 1:0.6.8-10
+- Remove prereq on chkconfig
+- Build GUI with qt4 for rawhide (rh #537105)
+
+* Thu May 6 2010 Dan Williams <dcbw@redhat.com> - 1:0.6.8-9
+- Fix crash when interfaces are removed (like suspend/resume) (rh #589507)
+
+* Wed Jan 6 2010 Dan Williams <dcbw@redhat.com> - 1:0.6.8-8
+- Fix handling of newer PKCS#12 files (rh #541924)
+
+* Sun Nov 29 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.8-7
+- Fix supplicant initscript return value (rh #521807)
+- Fix race when connecting to WPA-Enterprise/802.1x-enabled access points (rh #508509)
+- Don't double-scan when attempting to associate
+
+* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1:0.6.8-6
+- rebuilt with new openssl
+
+* Mon Jul 27 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:0.6.8-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed May 13 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.8-4
+- Let D-Bus clients know when the supplicant is scanning
+
+* Tue May 12 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.8-3
+- Ensure the supplicant starts and ends with clean driver state
+- Handle driver disconnect spammage by forcibly clearing SSID
+- Don't switch access points unless the current association is dire (rh #493745)
+
+* Tue May 12 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.8-2
+- Avoid creating bogus Ad-Hoc networks when forcing the driver to disconnect (rh #497771)
+
+* Mon Mar 9 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.8-1
+- Update to latest upstream release
+
+* Wed Feb 25 2009 Colin Walters <walters@verbum.org> - 1:0.6.7-4
+- Add patch from upstream to suppress unrequested replies, this
+ quiets a dbus warning.
+
+* Fri Feb 6 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.7-3
+- Fix scan result retrieval in very dense wifi environments
+
+* Fri Feb 6 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.7-2
+- Ensure that drivers don't retry association when they aren't supposed to
+
+* Fri Jan 30 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.7-1
+- Fix PEAP connections to Windows Server 2008 authenticators (rh #465022)
+- Stop supplicant on uninstall (rh #447843)
+- Suppress scan results message in logs (rh #466601)
+
+* Sun Jan 18 2009 Tomas Mraz <tmraz@redhat.com> - 1:0.6.4-3
+- rebuild with new openssl
+
+* Wed Oct 15 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.4-2
+- Handle encryption keys correctly when switching 802.11 modes (rh #459399)
+- Better scanning behavior on resume from suspend/hibernate
+- Better interaction with newer kernels and drivers
+
+* Wed Aug 27 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.4-1
+- Update to 0.6.4
+- Remove 'hostap', 'madwifi', and 'prism54' drivers; use standard 'wext' instead
+- Drop upstreamed patches
+
+* Tue Jun 10 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.3-6
+- Fix 802.11a frequency bug
+- Always schedule specific SSID scans to help find hidden APs
+- Properly switch between modes on mac80211 drivers
+- Give adhoc connections more time to assocate
+
+* Mon Mar 10 2008 Christopher Aillon <caillon@redhat.com> - 1:0.6.3-5
+- BuildRequires qt3-devel
+
+* Sat Mar 8 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.3-4
+- Fix log file path in service config file
+
+* Thu Mar 6 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.3-3
+- Don't start the supplicant by default when installed (rh #436380)
+
+* Tue Mar 4 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.3-2
+- Fix a potential use-after-free in the D-Bus byte array demarshalling code
+
+* Mon Mar 3 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.3-1
+- Update to latest development release; remove upstreamed patches
+
+* Fri Feb 22 2008 Dan Williams <dcbw@redhat.com> 1:0.5.7-23
+- Fix gcc 4.3 rebuild issues
+
+* Mon Feb 18 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1:0.5.7-22
+- Autorebuild for GCC 4.3
+
+* Tue Dec 25 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-21
+- Backport 'frequency' option for Ad-Hoc network configs
+
+* Mon Dec 24 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-20
+- Fix LSB initscript header to ensure 'messagebus' is started first (rh #244029)
+
+* Thu Dec 6 2007 Dan Williams <dcbw@redhat.com> - 1:0.5.7-19
+- Fix two leaks when signalling state and scan results (rh #408141)
+- Add logrotate config file (rh #404181)
+- Add new LSB initscript header to initscript with correct deps (rh #244029)
+- Move other runtime arguments to /etc/sysconfig/wpa_supplicant
+- Start after messagebus service (rh #385191)
+- Fix initscript 'condrestart' command (rh #217281)
+
+* Tue Dec 4 2007 Matthias Clasen <mclasen@redhat.com> - 1:0.5.7-18
+- Rebuild against new openssl
+
+* Tue Dec 4 2007 Ville Skyttä <ville.skytta at iki.fi> - 1:0.5.7-17
+- Group: Application/System -> Applications/System in -gui.
+
+* Tue Nov 13 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-16
+- Add IW_ENCODE_TEMP patch for airo driver and Dynamic WEP
+- Fix error in wpa_supplicant-0.5.7-ignore-dup-ca-cert-addition.patch that
+ caused the last error to not be printed
+- Fix wpa_supplicant-0.5.7-ignore-dup-ca-cert-addition.patch to ignore
+ duplicate cert additions for all certs and keys
+- Change license to BSD due to linkage against OpenSSL since there is no
+ OpenSSL exception in the GPLv2 license text that upstream ships
+
+* Sun Oct 28 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-15
+- Fix Dynamic WEP associations with mac80211-based drivers
+
+* Sun Oct 28 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-14
+- Don't error an association on duplicate CA cert additions
+
+* Wed Oct 24 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-13
+- Correctly set the length of blobs added via the D-Bus interface
+
+* Wed Oct 24 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-12
+- Fix conversion of byte arrays to strings by ensuring the buffer is NULL
+ terminated after conversion
+
+* Sat Oct 20 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-11
+- Add BLOB support to the D-Bus interface
+- Fix D-Bus interface permissions so that only root can use the wpa_supplicant
+ D-Bus interface
+
+* Tue Oct 9 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-10
+- Don't segfault with dbus control interface enabled and invalid network
+ interface (rh #310531)
+
+* Tue Sep 25 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-9
+- Always allow explicit wireless scans triggered from a control interface
+
+* Thu Sep 20 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-8
+- Change system bus activation file name to work around D-Bus bug that fails
+ to launch services unless their .service file is named the same as the
+ service itself
+
+* Fri Aug 24 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-7
+- Make SIGUSR1 change debug level on-the-fly; useful in combination with
+ the -f switch to log output to /var/log/wpa_supplicant.log
+- Stop stripping binaries on install so we get debuginfo packages
+- Remove service start requirement for interfaces & devices from sysconfig file,
+ since wpa_supplicant's D-Bus interface is now turned on
+
+* Fri Aug 17 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-6
+- Fix compilation with RPM_OPT_FLAGS (rh #249951)
+- Make debug output to logfile a runtime option
+
+* Fri Aug 17 2007 Christopher Aillon <caillon@redhat.com> - 0.5.7-5
+- Update the license tag
+
+* Tue Jun 19 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-4
+- Fix initscripts to use -Dwext by default, be more verbose on startup
+ (rh #244511)
+
+* Mon Jun 4 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-3
+- Fix buffer overflow by removing syslog patch (#rh242455)
+
+* Mon Apr 9 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-2
+- Add patch to send output to syslog
+
+* Thu Mar 15 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-1
+- Update to 0.5.7 stable release
+
+* Fri Oct 27 2006 Dan Williams <dcbw@redhat.com> - 0.4.9-1
+- Update to 0.4.9 for WE-21 fixes, remove upstreamed patches
+- Don't package doc/ because they aren't actually wpa_supplicant user documentation,
+ and becuase it pulls in perl
+
+* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.4.8-10.1
+- rebuild
+
+* Thu Apr 27 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-10
+- Add fix for madwifi and WEP (wpa_supplicant/hostap bud #140) (#rh190075#)
+- Fix up madwifi-ng private ioctl()s for r1331 and later
+- Update madwifi headers to r1475
+
+* Tue Apr 25 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-9
+- Enable Wired driver, PKCS12, and Smartcard options (#rh189805#)
+
+* Tue Apr 11 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-8
+- Fix control interface key obfuscation a bit
+
+* Sun Apr 2 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-7
+- Work around older & incorrect drivers that return null-terminated SSIDs
+
+* Mon Mar 27 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-6
+- Add patch to make orinoco happy with WEP keys
+- Enable Prism54-specific driver
+- Disable ipw-specific driver; ipw2x00 should be using WEXT instead
+
+* Fri Mar 3 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-5
+- Increase association timeout, mainly for drivers that don't
+ fully support WPA ioctls yet
+
+* Fri Mar 3 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-4
+- Add additional BuildRequires #rh181914#
+- Add prereq on chkconfig #rh182905# #rh182906#
+- Own /var/run/wpa_supplicant and /etc/wpa_supplicant #rh183696#
+
+* Wed Mar 1 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-3
+- Install wpa_passphrase too #rh183480#
+
+* Mon Feb 27 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-2
+- Don't expose private data on the control interface unless requested
+
+* Fri Feb 24 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-1
+- Downgrade to 0.4.8 stable release rather than a dev release
+
+* Sun Feb 12 2006 Dan Williams <dcbw@redhat.com> - 0.5.1-3
+- Documentation cleanup (Terje Rosten <terje.rosten@ntnu.no>)
+
+* Sun Feb 12 2006 Dan Williams <dcbw@redhat.com> - 0.5.1-2
+- Move initscript to /etc/rc.d/init.d
+
+* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.5.1-1.2
+- bump again for double-long bug on ppc(64)
+
+* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.5.1-1.1
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Sun Feb 5 2006 Dan Williams <dcbw@redhat.com> 0.5.1-1
+- Update to 0.5.1
+- Add WE auth fallback to actually work with older drivers
+
+* Thu Jan 26 2006 Dan Williams <dcbw@redhat.com> 0.4.7-2
+- Bring package into Fedora Core
+- Add ap_scan control interface patch
+- Enable madwifi-ng driver
+
+* Sun Jan 15 2006 Douglas E. Warner <silfreed@silfreed.net> 0.4.7-1
+- upgrade to 0.4.7
+- added package w/ wpa_gui in it
+
+* Mon Nov 14 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.6-1
+- upgrade to 0.4.6
+- adding ctrl interface changes recommended
+ by Hugo Paredes <hugo.paredes@e-know.org>
+
+* Sun Oct 9 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.5-1
+- upgrade to 0.4.5
+- updated config file wpa_supplicant is built with
+ especially, the ipw2100 driver changed to just ipw
+ and enabled a bunch more EAP
+- disabled dist tag
+
+* Thu Jun 30 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.2-3
+- fix typo in init script
+
+* Thu Jun 30 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.2-2
+- fixing init script using fedora-extras' template
+- removing chkconfig default startup
+
+* Tue Jun 21 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.2-1
+- upgrade to 0.4.2
+- new sample conf file that will use any unrestricted AP
+- make sysconfig config entry
+- new BuildRoot for Fedora Extras
+- adding dist tag to Release
+
+* Fri May 06 2005 Douglas E. Warner <silfreed@silfreed.net> 0.3.8-1
+- upgrade to 0.3.8
+
+* Thu Feb 10 2005 Douglas E. Warner <silfreed@silfreed.net> 0.3.6-2
+- compile ipw driver in
+
+* Wed Feb 09 2005 Douglas E. Warner <silfreed@silfreed.net> 0.3.6-1
+- upgrade to 0.3.6
+
+* Thu Dec 23 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-4
+- fixing init script
+
+* Mon Dec 20 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-3
+- fixing init script
+- adding post/preun items to add/remove via chkconfig
+
+* Mon Dec 20 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-2
+- adding sysV scripts
+
+* Mon Dec 20 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-1
+- Initial RPM release.
+