Is there a reason wpa_supplicant isn't compiled with
?
I'm aware that there was a security problem in wpa_supplicant 2.4 which could be solved by removing support for eap-pwd as indicated in the changelog:
Code:
Tue May 12 07:17:33 UTC 2015
n/wpa_supplicant-2.4-x86_64-2.txz: Rebuilt.
This update fixes potential denial of service issues.
For more information, see:
http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt
http://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt
http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt
http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1863
(* Security fix *)
However, this is solved in wpa_supplicant 2.5 which ships with Slackware 14.2. I recompiled wpa_supplicant with this enabled to be able to access eduroam using wpa-pwd, but I'd prefer to have Slackware supporting it without recompiling - unless there is a reason not to, then I'd probably want to stick with the default package.