upg wpa_supplicant weird as hell upgrade
This commit is contained in:
parent
64da9a2665
commit
bc8a5dcf97
23 changed files with 1277 additions and 99 deletions
File diff suppressed because one or more lines are too long
|
@ -0,0 +1,37 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>
|
||||
Date: Mon, 13 Mar 2017 13:46:12 -0400
|
||||
Subject: [PATCH] Add IgnoreOnIsolate=yes to keep wpa-supplicant running while
|
||||
systemctl isolate
|
||||
|
||||
> Add IgnoreOnIsolate=yes so that when switching "runlevels" in
|
||||
> oem-config will not kill off wpa and cause wireless to be
|
||||
> unavailable on first boot. (LP: #1576024)
|
||||
|
||||
Also happens when running systemctl isolate default.target:
|
||||
|
||||
> NM should be detecting that wpasupplicant is not running and start
|
||||
> it -- this should already have been working by way of wpasupplicant
|
||||
> being dbus-activated.
|
||||
[...]
|
||||
> It seems to me like IgnoreOnIsolate for wpasupplicant would be the
|
||||
> right thing to do, or to figure out why it isn't being properly
|
||||
> started when NM tries to use it.
|
||||
|
||||
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1576024
|
||||
---
|
||||
wpa_supplicant/systemd/wpa_supplicant.service.in | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.in b/wpa_supplicant/systemd/wpa_supplicant.service.in
|
||||
index bc0688a800d3..561ae8f827ab 100644
|
||||
--- a/wpa_supplicant/systemd/wpa_supplicant.service.in
|
||||
+++ b/wpa_supplicant/systemd/wpa_supplicant.service.in
|
||||
@@ -3,6 +3,7 @@ Description=WPA supplicant
|
||||
Before=network.target
|
||||
After=dbus.service
|
||||
Wants=network.target
|
||||
+IgnoreOnIsolate=true
|
||||
|
||||
[Service]
|
||||
Type=dbus
|
|
@ -0,0 +1,32 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: James Ralston <ralston@pobox.com>
|
||||
Date: Sun, 1 May 2022 16:15:23 -0700
|
||||
Subject: [PATCH] Allow legacy renegotiation to fix PEAP issues with some
|
||||
servers
|
||||
|
||||
Upstream: http://lists.infradead.org/pipermail/hostap/2022-May/040511.html
|
||||
---
|
||||
src/crypto/tls_openssl.c | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
|
||||
index 273e5cbc6093..ad3aa1a7a7bb 100644
|
||||
--- a/src/crypto/tls_openssl.c
|
||||
+++ b/src/crypto/tls_openssl.c
|
||||
@@ -1056,6 +1056,16 @@ void * tls_init(const struct tls_config *conf)
|
||||
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
|
||||
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
|
||||
|
||||
+ /* Many enterprise PEAP server implementations (e.g. used in large
|
||||
+ corporations and universities) do not support RFC5746 secure
|
||||
+ renegotiation, and starting with OpenSSL 3.0,
|
||||
+ SSL_OP_LEGACY_SERVER_CONNECT is no longer set as part of SSL_OP_ALL.
|
||||
+ So until we implement a way to request SSL_OP_LEGACY_SERVER_CONNECT
|
||||
+ only in EAP peer mode, just set SSL_OP_LEGACY_SERVER_CONNECT
|
||||
+ globally. */
|
||||
+
|
||||
+ SSL_CTX_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
|
||||
+
|
||||
SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY);
|
||||
|
||||
#ifdef SSL_MODE_NO_AUTO_CHAIN
|
|
@ -0,0 +1,52 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Jouni Malinen <j@w1.fi>
|
||||
Date: Sun, 22 May 2022 17:01:35 +0300
|
||||
Subject: [PATCH] OpenSSL: Drop security level to 0 with OpenSSL 3.0 when using
|
||||
TLS 1.0/1.1
|
||||
|
||||
Commit 9afb68b03976 ("OpenSSL: Allow systemwide secpolicy overrides for
|
||||
TLS version") with commit 58bbcfa31b18 ("OpenSSL: Update security level
|
||||
drop for TLS 1.0/1.1 with OpenSSL 3.0") allow this workaround to be
|
||||
enabled with an explicit network configuration parameter. However, the
|
||||
default settings are still allowing TLS 1.0 and 1.1 to be negotiated
|
||||
just to see them fail immediately when using OpenSSL 3.0. This is not
|
||||
exactly helpful especially when the OpenSSL error message for this
|
||||
particular case is "internal error" which does not really say anything
|
||||
about the reason for the error.
|
||||
|
||||
It is is a bit inconvenient to update the security policy for this
|
||||
particular issue based on the negotiated TLS version since that happens
|
||||
in the middle of processing for the first message from the server.
|
||||
However, this can be done by using the debug callback for printing out
|
||||
the received TLS messages during processing.
|
||||
|
||||
Drop the OpenSSL security level to 0 if that is the only option to
|
||||
continue the TLS negotiation, i.e., when TLS 1.0/1.1 are still allowed
|
||||
in wpa_supplicant default configuration and OpenSSL 3.0 with the
|
||||
constraint on MD5-SHA1 use.
|
||||
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
---
|
||||
src/crypto/tls_openssl.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
|
||||
index ad3aa1a7a7bb..dad1135c692d 100644
|
||||
--- a/src/crypto/tls_openssl.c
|
||||
+++ b/src/crypto/tls_openssl.c
|
||||
@@ -1516,6 +1516,15 @@ static void tls_msg_cb(int write_p, int version, int content_type,
|
||||
struct tls_connection *conn = arg;
|
||||
const u8 *pos = buf;
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
+ if ((SSL_version(ssl) == TLS1_VERSION ||
|
||||
+ SSL_version(ssl) == TLS1_1_VERSION) &&
|
||||
+ SSL_get_security_level(ssl) > 0) {
|
||||
+ wpa_printf(MSG_DEBUG,
|
||||
+ "OpenSSL: Drop security level to 0 to allow TLS 1.0/1.1 use of MD5-SHA1 signature algorithm");
|
||||
+ SSL_set_security_level(ssl, 0);
|
||||
+ }
|
||||
+#endif /* OpenSSL version >= 3.0 */
|
||||
if (write_p == 2) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"OpenSSL: session ver=0x%x content_type=%d",
|
26
wpa_supplicant/0006-Disable-Werror-for-eapol_test.patch
Normal file
26
wpa_supplicant/0006-Disable-Werror-for-eapol_test.patch
Normal file
|
@ -0,0 +1,26 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Andrej Shadura <andrew.shadura@collabora.co.uk>
|
||||
Date: Fri, 12 Feb 2021 14:28:19 +0100
|
||||
Subject: [PATCH] Disable -Werror for eapol_test
|
||||
|
||||
This may make sense for the upstream, but we just want to build
|
||||
the tool to be useful to our users; dealing with build errors due
|
||||
to issues normally manifesting themselves as warnings is burdening
|
||||
for Debian and its downstreams.
|
||||
---
|
||||
wpa_supplicant/Makefile | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
|
||||
index cb66defac7c8..26b0c930aafb 100644
|
||||
--- a/wpa_supplicant/Makefile
|
||||
+++ b/wpa_supplicant/Makefile
|
||||
@@ -170,7 +170,7 @@ CFLAGS += -DCONFIG_ELOOP_KQUEUE
|
||||
endif
|
||||
|
||||
ifdef CONFIG_EAPOL_TEST
|
||||
-CFLAGS += -Werror -DEAPOL_TEST
|
||||
+CFLAGS += -DEAPOL_TEST
|
||||
endif
|
||||
|
||||
ifdef CONFIG_CODE_COVERAGE
|
|
@ -0,0 +1,73 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: David Bauer <mail@david-bauer.net>
|
||||
Date: Sun, 30 Jan 2022 20:22:00 +0100
|
||||
Subject: [PATCH] nl80211: add extra-ies only if allowed by driver
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Upgrading wpa_supplicant from 2.9 to 2.10 breaks broadcom-wl
|
||||
based adapters. The reason for it is hostapd tries to install additional
|
||||
IEs for scanning while the driver does not support this.
|
||||
|
||||
The kernel indicates the maximum number of bytes for additional scan IEs
|
||||
using the NL80211_ATTR_MAX_SCAN_IE_LEN attribute. Save this value and
|
||||
only add additional scan IEs in case the driver can accommodate these
|
||||
additional IEs.
|
||||
|
||||
Reported-by: Étienne Morice <neon.emorice@mail.com>
|
||||
Tested-by: Étienne Morice <neon.emorice@mail.com>
|
||||
Signed-off-by: David Bauer <mail@david-bauer.net>
|
||||
|
||||
Bug: http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
|
||||
Bug-ArchLinux: https://bugs.archlinux.org/task/73495
|
||||
Bug-Debian: https://bugs.debian.org/1004524
|
||||
Origin: http://lists.infradead.org/pipermail/hostap/2022-January/040185.html
|
||||
---
|
||||
src/drivers/driver.h | 3 +++
|
||||
src/drivers/driver_nl80211_capa.c | 4 ++++
|
||||
src/drivers/driver_nl80211_scan.c | 2 +-
|
||||
3 files changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
|
||||
index d3312a34d8f8..b5b626451ffd 100644
|
||||
--- a/src/drivers/driver.h
|
||||
+++ b/src/drivers/driver.h
|
||||
@@ -2052,6 +2052,9 @@ struct wpa_driver_capa {
|
||||
/** Maximum number of iterations in a single scan plan */
|
||||
u32 max_sched_scan_plan_iterations;
|
||||
|
||||
+ /** Maximum number of extra IE bytes for scans */
|
||||
+ u16 max_scan_ie_len;
|
||||
+
|
||||
/** Whether sched_scan (offloaded scanning) is supported */
|
||||
int sched_scan_supported;
|
||||
|
||||
diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
|
||||
index 83868b78e6f0..b33b6badb13e 100644
|
||||
--- a/src/drivers/driver_nl80211_capa.c
|
||||
+++ b/src/drivers/driver_nl80211_capa.c
|
||||
@@ -885,6 +885,10 @@ static int wiphy_info_handler(struct nl_msg *msg, void *arg)
|
||||
nla_get_u32(tb[NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS]);
|
||||
}
|
||||
|
||||
+ if (tb[NL80211_ATTR_MAX_SCAN_IE_LEN])
|
||||
+ capa->max_scan_ie_len =
|
||||
+ nla_get_u16(tb[NL80211_ATTR_MAX_SCAN_IE_LEN]);
|
||||
+
|
||||
if (tb[NL80211_ATTR_MAX_MATCH_SETS])
|
||||
capa->max_match_sets =
|
||||
nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]);
|
||||
diff --git a/src/drivers/driver_nl80211_scan.c b/src/drivers/driver_nl80211_scan.c
|
||||
index 1316084805a3..b0f095192714 100644
|
||||
--- a/src/drivers/driver_nl80211_scan.c
|
||||
+++ b/src/drivers/driver_nl80211_scan.c
|
||||
@@ -207,7 +207,7 @@ nl80211_scan_common(struct i802_bss *bss, u8 cmd,
|
||||
wpa_printf(MSG_DEBUG, "nl80211: Passive scan requested");
|
||||
}
|
||||
|
||||
- if (params->extra_ies) {
|
||||
+ if (params->extra_ies && drv->capa.max_scan_ie_len >= params->extra_ies_len) {
|
||||
wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs",
|
||||
params->extra_ies, params->extra_ies_len);
|
||||
if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len,
|
|
@ -0,0 +1,57 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Beniamino Galvani <bgalvani@redhat.com>
|
||||
Date: Mon, 4 Apr 2022 09:13:12 +0200
|
||||
Subject: [PATCH] AP: guard FT-SAE code with CONFIG_IEEE80211R_AP
|
||||
|
||||
wpa_supplicant doesn't support FT in AP mode, but it still negotiates
|
||||
FT-SAE. This can lead to an authentication failure when the AP is
|
||||
started with key_mgmt="SAE FT-SAE" and the STA supports both.
|
||||
|
||||
Ensure that FT-SAE is not negotiated when CONFIG_IEEE80211R_AP is not
|
||||
defined.
|
||||
|
||||
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
|
||||
---
|
||||
src/ap/wpa_auth_ie.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
|
||||
index 524922e4e686..d63cbeb92599 100644
|
||||
--- a/src/ap/wpa_auth_ie.c
|
||||
+++ b/src/ap/wpa_auth_ie.c
|
||||
@@ -228,11 +228,13 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
|
||||
pos += RSN_SELECTOR_LEN;
|
||||
num_suites++;
|
||||
}
|
||||
+#ifdef CONFIG_IEEE80211R_AP
|
||||
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) {
|
||||
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
|
||||
pos += RSN_SELECTOR_LEN;
|
||||
num_suites++;
|
||||
}
|
||||
+#endif /* CONFIG_IEEE80211R_AP */
|
||||
#endif /* CONFIG_SAE */
|
||||
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
|
||||
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B);
|
||||
@@ -670,8 +672,10 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
||||
#ifdef CONFIG_SAE
|
||||
else if (data.key_mgmt & WPA_KEY_MGMT_SAE)
|
||||
selector = RSN_AUTH_KEY_MGMT_SAE;
|
||||
+#ifdef CONFIG_IEEE80211R_AP
|
||||
else if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE)
|
||||
selector = RSN_AUTH_KEY_MGMT_FT_SAE;
|
||||
+#endif /* CONFIG_IEEE80211R_AP */
|
||||
#endif /* CONFIG_SAE */
|
||||
else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
|
||||
selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
|
||||
@@ -778,8 +782,10 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
||||
#ifdef CONFIG_SAE
|
||||
else if (key_mgmt & WPA_KEY_MGMT_SAE)
|
||||
sm->wpa_key_mgmt = WPA_KEY_MGMT_SAE;
|
||||
+#ifdef CONFIG_IEEE80211R_AP
|
||||
else if (key_mgmt & WPA_KEY_MGMT_FT_SAE)
|
||||
sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_SAE;
|
||||
+#endif /* CONFIG_IEEE80211R_AP */
|
||||
#endif /* CONFIG_SAE */
|
||||
else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
|
||||
sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
|
|
@ -0,0 +1,42 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Jouni Malinen <quic_jouni@quicinc.com>
|
||||
Date: Wed, 30 Nov 2022 14:01:55 +0200
|
||||
Subject: [PATCH] OpenSSL: Apply connection flags before reading certificates
|
||||
|
||||
This is needed to be able to drop the OpenSSL security level, if
|
||||
necessary, for cases where old certificates (e.g., something using SHA-1
|
||||
signatures) are still needed. openssl_ciphers="DEFAULT@SECLEVEL=0" can
|
||||
achieve this, but only if applied before attempting to load the
|
||||
certificates.
|
||||
|
||||
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
|
||||
---
|
||||
src/crypto/tls_openssl.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
|
||||
index dad1135c692d..7a929450b949 100644
|
||||
--- a/src/crypto/tls_openssl.c
|
||||
+++ b/src/crypto/tls_openssl.c
|
||||
@@ -5203,6 +5203,10 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
|
||||
__func__, ERR_error_string(err, NULL));
|
||||
}
|
||||
|
||||
+ if (tls_set_conn_flags(conn, params->flags,
|
||||
+ params->openssl_ciphers) < 0)
|
||||
+ return -1;
|
||||
+
|
||||
if (engine_id) {
|
||||
wpa_printf(MSG_DEBUG, "SSL: Initializing TLS engine %s",
|
||||
engine_id);
|
||||
@@ -5308,10 +5312,6 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
|
||||
#endif /* OPENSSL_IS_BORINGSSL */
|
||||
}
|
||||
|
||||
- if (tls_set_conn_flags(conn, params->flags,
|
||||
- params->openssl_ciphers) < 0)
|
||||
- return -1;
|
||||
-
|
||||
#ifdef OPENSSL_IS_BORINGSSL
|
||||
if (params->flags & TLS_CONN_REQUEST_OCSP) {
|
||||
SSL_enable_ocsp_stapling(conn->ssl);
|
|
@ -0,0 +1,29 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: "Jan Alexander Steffens (heftig)" <heftig@archlinux.org>
|
||||
Date: Wed, 14 Jun 2023 00:54:15 +0200
|
||||
Subject: [PATCH] Don't upgrade SSL security level to 1 when setting ciphers
|
||||
|
||||
This resets it from our intended zero from tls_set_conn_flags.
|
||||
---
|
||||
src/crypto/tls_openssl.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
|
||||
index 7a929450b949..3e157a2dd2f3 100644
|
||||
--- a/src/crypto/tls_openssl.c
|
||||
+++ b/src/crypto/tls_openssl.c
|
||||
@@ -4703,10 +4703,13 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
|
||||
* cipher suites for EAP-FAST.
|
||||
*/
|
||||
SSL_set_security_level(conn->ssl, 0);
|
||||
- } else if (SSL_get_security_level(conn->ssl) == 0) {
|
||||
+ }
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
||||
+ else if (SSL_get_security_level(conn->ssl) == 0) {
|
||||
/* Force at least security level 1 */
|
||||
SSL_set_security_level(conn->ssl, 1);
|
||||
}
|
||||
+#endif
|
||||
#endif /* EAP_FAST_OR_TEAP */
|
||||
#endif
|
||||
|
|
@ -0,0 +1,68 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Ryutaroh Matsumoto <ryutaroh.matsumoto@nagoya-u.jp>
|
||||
Date: Mon, 8 Jul 2019 00:25:48 +0900
|
||||
Subject: [PATCH] Add reload support to the systemd unit files
|
||||
|
||||
When wifi password is written in /etc/wpa_supplicant/wpa_supplicant-if.conf,
|
||||
wpa_supplicant@if.service is started by systemd.
|
||||
When one adds a new pair of SSID and its password in the above config
|
||||
file, wpa_supplicant has to reload the changed config file.
|
||||
But "systemctl reload" was not accepted because "ExecReload" was missing
|
||||
from wpa_supplicant@.service.
|
||||
|
||||
Bug-Debian: https://bugs.debian.org/931554
|
||||
---
|
||||
wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in | 1 +
|
||||
wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in | 1 +
|
||||
wpa_supplicant/systemd/wpa_supplicant.service.arg.in | 1 +
|
||||
wpa_supplicant/systemd/wpa_supplicant.service.in | 1 +
|
||||
4 files changed, 4 insertions(+)
|
||||
|
||||
diff --git a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
|
||||
index da69a8705ce8..aa1279591735 100644
|
||||
--- a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
|
||||
+++ b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
|
||||
@@ -10,6 +10,7 @@ Wants=network.target
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-nl80211-%I.conf -Dnl80211 -i%I
|
||||
+ExecReload=/bin/kill -HUP $MAINPID
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
diff --git a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
|
||||
index ca3054bc6d55..c0855babd4d1 100644
|
||||
--- a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
|
||||
+++ b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
|
||||
@@ -10,6 +10,7 @@ Wants=network.target
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-wired-%I.conf -Dwired -i%I
|
||||
+ExecReload=/bin/kill -HUP $MAINPID
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
|
||||
index 55d2b9c81712..2097be324869 100644
|
||||
--- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
|
||||
+++ b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
|
||||
@@ -10,6 +10,7 @@ Wants=network.target
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I
|
||||
+ExecReload=/bin/kill -HUP $MAINPID
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.in b/wpa_supplicant/systemd/wpa_supplicant.service.in
|
||||
index 561ae8f827ab..18cbc1108597 100644
|
||||
--- a/wpa_supplicant/systemd/wpa_supplicant.service.in
|
||||
+++ b/wpa_supplicant/systemd/wpa_supplicant.service.in
|
||||
@@ -9,6 +9,7 @@ IgnoreOnIsolate=true
|
||||
Type=dbus
|
||||
BusName=fi.w1.wpa_supplicant1
|
||||
ExecStart=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant
|
||||
+ExecReload=/bin/kill -HUP $MAINPID
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,135 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Ben Greear <greearb@candelatech.com>
|
||||
Date: Thu, 27 Jul 2023 09:02:11 -0700
|
||||
Subject: [PATCH] WNM: Choose the best available BSS, not just the first one
|
||||
|
||||
This should allow STA to make better choice about which BSS to roam to.
|
||||
|
||||
Use estimated throughput as comparison value. Can improve the estimated
|
||||
throughput calculation to improve this selection criteria if wanted in
|
||||
the future.
|
||||
|
||||
Signed-off-by: Ben Greear <greearb@candelatech.com>
|
||||
---
|
||||
wpa_supplicant/wnm_sta.c | 76 +++++++++++++++++++++++++++-------------
|
||||
1 file changed, 52 insertions(+), 24 deletions(-)
|
||||
|
||||
diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
|
||||
index 96160dccbf5b..87c1798d9b91 100644
|
||||
--- a/wpa_supplicant/wnm_sta.c
|
||||
+++ b/wpa_supplicant/wnm_sta.c
|
||||
@@ -609,22 +609,6 @@ static void wnm_clear_acceptable(struct wpa_supplicant *wpa_s)
|
||||
wpa_s->wnm_neighbor_report_elements[i].acceptable = 0;
|
||||
}
|
||||
|
||||
-
|
||||
-static struct wpa_bss * get_first_acceptable(struct wpa_supplicant *wpa_s)
|
||||
-{
|
||||
- unsigned int i;
|
||||
- struct neighbor_report *nei;
|
||||
-
|
||||
- for (i = 0; i < wpa_s->wnm_num_neighbor_report; i++) {
|
||||
- nei = &wpa_s->wnm_neighbor_report_elements[i];
|
||||
- if (nei->acceptable)
|
||||
- return wpa_bss_get_bssid(wpa_s, nei->bssid);
|
||||
- }
|
||||
-
|
||||
- return NULL;
|
||||
-}
|
||||
-
|
||||
-
|
||||
#ifdef CONFIG_MBO
|
||||
static struct wpa_bss *
|
||||
get_mbo_transition_candidate(struct wpa_supplicant *wpa_s,
|
||||
@@ -719,13 +703,38 @@ end:
|
||||
#endif /* CONFIG_MBO */
|
||||
|
||||
|
||||
+static struct wpa_bss * find_better_target(struct wpa_bss *a,
|
||||
+ struct wpa_bss *b)
|
||||
+{
|
||||
+ if (!a)
|
||||
+ return b;
|
||||
+ if (!b)
|
||||
+ return a;
|
||||
+
|
||||
+ if (a->est_throughput > b->est_throughput) {
|
||||
+ wpa_printf(MSG_DEBUG, "WNM: A is better: " MACSTR
|
||||
+ " est-tput: %d B: " MACSTR " est-tput: %d",
|
||||
+ MAC2STR(a->bssid), a->est_throughput,
|
||||
+ MAC2STR(b->bssid), b->est_throughput);
|
||||
+ return a;
|
||||
+ }
|
||||
+
|
||||
+ wpa_printf(MSG_DEBUG, "WNM: B is better, A: " MACSTR
|
||||
+ " est-tput: %d B: " MACSTR " est-tput: %d",
|
||||
+ MAC2STR(a->bssid), a->est_throughput,
|
||||
+ MAC2STR(b->bssid), b->est_throughput);
|
||||
+ return b;
|
||||
+}
|
||||
+
|
||||
static struct wpa_bss *
|
||||
compare_scan_neighbor_results(struct wpa_supplicant *wpa_s, os_time_t age_secs,
|
||||
enum mbo_transition_reject_reason *reason)
|
||||
{
|
||||
u8 i;
|
||||
struct wpa_bss *bss = wpa_s->current_bss;
|
||||
struct wpa_bss *target;
|
||||
+ struct wpa_bss *best_target = NULL;
|
||||
+ struct wpa_bss *bss_in_list = NULL;
|
||||
|
||||
if (!bss)
|
||||
return NULL;
|
||||
@@ -812,25 +821,44 @@ compare_scan_neighbor_results(struct wpa_supplicant *wpa_s, os_time_t age_secs,
|
||||
}
|
||||
|
||||
nei->acceptable = 1;
|
||||
+
|
||||
+ best_target = find_better_target(target, best_target);
|
||||
+ if (target == bss)
|
||||
+ bss_in_list = bss;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_MBO
|
||||
if (wpa_s->wnm_mbo_trans_reason_present)
|
||||
target = get_mbo_transition_candidate(wpa_s, reason);
|
||||
else
|
||||
- target = get_first_acceptable(wpa_s);
|
||||
+ target = best_target;
|
||||
#else /* CONFIG_MBO */
|
||||
- target = get_first_acceptable(wpa_s);
|
||||
+ target = best_target;
|
||||
#endif /* CONFIG_MBO */
|
||||
|
||||
- if (target) {
|
||||
- wpa_printf(MSG_DEBUG,
|
||||
- "WNM: Found an acceptable preferred transition candidate BSS "
|
||||
- MACSTR " (RSSI %d)",
|
||||
- MAC2STR(target->bssid), target->level);
|
||||
+ if (!target)
|
||||
+ return NULL;
|
||||
+
|
||||
+ wpa_printf(MSG_DEBUG,
|
||||
+ "WNM: Found an acceptable preferred transition candidate BSS "
|
||||
+ MACSTR " (RSSI %d, tput: %d bss-tput: %d)",
|
||||
+ MAC2STR(target->bssid), target->level,
|
||||
+ target->est_throughput, bss->est_throughput);
|
||||
+
|
||||
+ if (!bss_in_list)
|
||||
+ return target;
|
||||
+
|
||||
+ if ((!target->est_throughput && !bss_in_list->est_throughput) ||
|
||||
+ (target->est_throughput > bss_in_list->est_throughput &&
|
||||
+ target->est_throughput - bss_in_list->est_throughput >
|
||||
+ bss_in_list->est_throughput >> 4)) {
|
||||
+ /* It is more than 100/16 percent better, so switch. */
|
||||
+ return target;
|
||||
}
|
||||
|
||||
- return target;
|
||||
+ wpa_printf(MSG_DEBUG,
|
||||
+ "WNM: Stay with our current BSS, not enough change in estimated throughput to switch");
|
||||
+ return bss_in_list;
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Lee <michael-cy.lee@mediatek.com>
|
||||
Date: Thu, 27 Jul 2023 16:29:22 +0800
|
||||
Subject: [PATCH] wpa_supplicant: Fix wpa_supplicant configuration parsing
|
||||
error
|
||||
|
||||
In the original flow, after hostapd_config_tx_queue successfully
|
||||
parses a tx_queue variable, it would not return immediately. Then it
|
||||
would print out "unknow global field" later and set return val to -1.
|
||||
|
||||
This patch returns immediately after hostapd_config_tx_queue
|
||||
successfully parses a tx_queue variable.
|
||||
|
||||
Signed-off-by: Michael Lee <michael-cy.lee@mediatek.com>
|
||||
---
|
||||
wpa_supplicant/config.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
|
||||
index bf062b0792b7..de08fff84d64 100644
|
||||
--- a/wpa_supplicant/config.c
|
||||
+++ b/wpa_supplicant/config.c
|
||||
@@ -5397,6 +5397,7 @@ int wpa_config_process_global(struct wpa_config *config, char *pos, int line)
|
||||
line);
|
||||
return -1;
|
||||
}
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
if (os_strncmp(pos, "wmm_ac_", 7) == 0) {
|
26
wpa_supplicant/0014-Abort-ongoing-scan.patch
Normal file
26
wpa_supplicant/0014-Abort-ongoing-scan.patch
Normal file
|
@ -0,0 +1,26 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Chaitanya Tata <chaitanya.mgit@gmail.com>
|
||||
Date: Tue, 18 Jul 2023 01:21:37 +0530
|
||||
Subject: [PATCH] Abort ongoing scan
|
||||
|
||||
Along with canceling queued scan, abort ongoing scan if any, this
|
||||
ensures Wi-Fi interface is in usable state after disconnect is issued,
|
||||
else subsequent scan after disconnect might fail with EBUSY.
|
||||
|
||||
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
|
||||
---
|
||||
wpa_supplicant/wpa_supplicant.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
|
||||
index d37a994f98a5..917aca49274f 100644
|
||||
--- a/wpa_supplicant/wpa_supplicant.c
|
||||
+++ b/wpa_supplicant/wpa_supplicant.c
|
||||
@@ -8181,6 +8181,7 @@ void wpas_request_disconnection(struct wpa_supplicant *wpa_s)
|
||||
wpa_s->disconnected = 1;
|
||||
wpa_supplicant_cancel_sched_scan(wpa_s);
|
||||
wpa_supplicant_cancel_scan(wpa_s);
|
||||
+ wpas_abort_ongoing_scan(wpa_s);
|
||||
wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
|
||||
eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
|
||||
radio_remove_works(wpa_s, "connect", 0);
|
|
@ -0,0 +1,33 @@
|
|||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Chaoli Zhou <quic_zchaoli@quicinc.com>
|
||||
Date: Thu, 8 Sep 2022 17:43:32 +0800
|
||||
Subject: [PATCH] Override ieee80211w from pmf for AP mode in wpa_supplicant
|
||||
|
||||
Since NetworkManager doesn't support setting ieee80211w to
|
||||
wpa_supplicant and only support pmf, so override ieee80211w from pmf for
|
||||
AP mode if ieee80211w not configurated. Do not change behavior for the
|
||||
P2P GO cases.
|
||||
|
||||
Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
|
||||
---
|
||||
wpa_supplicant/ap.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
|
||||
index 6a0a69e68ee6..9d0f70332c9c 100644
|
||||
--- a/wpa_supplicant/ap.c
|
||||
+++ b/wpa_supplicant/ap.c
|
||||
@@ -701,8 +701,12 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s,
|
||||
bss->wpa_group_rekey = 86400;
|
||||
}
|
||||
|
||||
- if (ssid->ieee80211w != MGMT_FRAME_PROTECTION_DEFAULT)
|
||||
+ if (ssid->ieee80211w != MGMT_FRAME_PROTECTION_DEFAULT) {
|
||||
bss->ieee80211w = ssid->ieee80211w;
|
||||
+ } else if (wpa_s->conf->pmf != MGMT_FRAME_PROTECTION_DEFAULT) {
|
||||
+ if (ssid->mode == WPAS_MODE_AP)
|
||||
+ bss->ieee80211w = wpa_s->conf->pmf;
|
||||
+ }
|
||||
|
||||
#ifdef CONFIG_OCV
|
||||
bss->ocv = ssid->ocv;
|
|
@ -7,50 +7,54 @@
|
|||
|
||||
pkgname=wpa_supplicant
|
||||
pkgver=2.10
|
||||
pkgrel=08
|
||||
pkgrel=09
|
||||
epoch=2
|
||||
pkgdesc='A utility providing key negotiation for WPA wireless networks w/o systemd'
|
||||
pkgdesc='A utility providing key negotiation for WPA wireless networks'
|
||||
url='https://w1.fi/wpa_supplicant/'
|
||||
depends=(openssl libdbus readline libnl pcsclite)
|
||||
#options=(debug) ## uncomment this line to have the debug pkg produced
|
||||
backup=('etc/wpa_supplicant/wpa_supplicant.conf')
|
||||
install=wpa_supplicant.install
|
||||
source=(https://w1.fi/releases/${pkgname}-${pkgver}.tar.gz{,.asc}
|
||||
wpa_supplicant_config
|
||||
wpa_supplicant_tls.patch # More permissive TLS fallback
|
||||
# wpa_supplicant_dbus_service_syslog.patch # Unit improvements from Ubuntu
|
||||
# wpa_supplicant_service_ignore-on-isolate.patch # More unit improvements from Ubuntu
|
||||
wpa_supplicant-legacy-server-connect.patch
|
||||
lower_security_level_for_tls_1.patch
|
||||
disable-eapol-werror.patch
|
||||
0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
|
||||
0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
|
||||
)
|
||||
wpa_supplicant_config
|
||||
# More permissive TLS fallback
|
||||
0001-Enable-TLSv1.0-by-default.patch
|
||||
# Unit improvements from Ubuntu
|
||||
# 0002-Tweak-D-Bus-systemd-service-activation-configuration.patch
|
||||
0003-Add-IgnoreOnIsolate-yes-to-keep-wpa-supplicant-runni.patch
|
||||
# http://lists.infradead.org/pipermail/hostap/2022-May/040511.html
|
||||
# https://bugs.archlinux.org/task/76474
|
||||
0004-Allow-legacy-renegotiation-to-fix-PEAP-issues-with-s.patch
|
||||
# http://lists.infradead.org/pipermail/hostap/2022-May/040571.html
|
||||
# https://bugs.archlinux.org/task/76474
|
||||
0005-OpenSSL-Drop-security-level-to-0-with-OpenSSL-3.0-wh.patch
|
||||
# https://salsa.debian.org/debian/wpa/-/commit/13e1d28e4f987a220c546df94df86bb9b2371874
|
||||
0006-Disable-Werror-for-eapol_test.patch
|
||||
# http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
|
||||
0007-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
|
||||
# https://lists.infradead.org/pipermail/hostap/2022-April/040352.html
|
||||
0008-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
|
||||
# https://w1.fi/cgit/hostap/commit/?id=e9b4ad2364c68130c7618a88a171e29e0e15007e
|
||||
0009-OpenSSL-Apply-connection-flags-before-reading-certif.patch
|
||||
# https://bugs.archlinux.org/task/78770
|
||||
0010-Don-t-upgrade-SSL-security-level-to-1-when-setting-c.patch
|
||||
# More unit improvements from Debian
|
||||
# 0011-Add-reload-support-to-the-systemd-unit-files.patch
|
||||
# https://salsa.debian.org/debian/wpa/-/commit/5e9486d9de777c9145bcc8bf8048a08abf539cac
|
||||
0012-WNM-Choose-the-best-available-BSS-not-just-the-first.patch
|
||||
0013-wpa_supplicant-Fix-wpa_supplicant-configuration-pars.patch
|
||||
# https://salsa.debian.org/debian/wpa/-/commit/f0d078409df01fa466523c2ab015274c351a83c0
|
||||
0014-Abort-ongoing-scan.patch
|
||||
# https://salsa.debian.org/debian/wpa/-/commit/fdcff9f7b4c699f94e38e519e34220e528bee2f9
|
||||
0015-Override-ieee80211w-from-pmf-for-AP-mode-in-wpa_supp.patch)
|
||||
|
||||
prepare() {
|
||||
cd $pkgname-$pkgver
|
||||
# More permissive TLS fallback
|
||||
patch -Np1 -i ../wpa_supplicant_tls.patch
|
||||
|
||||
# # Unit improvements from Ubuntu
|
||||
# patch -Np1 -i ../wpa_supplicant_dbus_service_syslog.patch
|
||||
|
||||
# # More unit improvements from Ubuntu
|
||||
# patch -Np1 -i ../wpa_supplicant_service_ignore-on-isolate.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2072070#c24
|
||||
patch -Np1 -i ../wpa_supplicant-legacy-server-connect.patch
|
||||
|
||||
# http://lists.infradead.org/pipermail/hostap/2022-May/040571.html
|
||||
# https://bugs.archlinux.org/task/76474
|
||||
patch -Np1 -i ../lower_security_level_for_tls_1.patch
|
||||
|
||||
# https://salsa.debian.org/debian/wpa/-/commit/13e1d28e4f987a220c546df94df86bb9b2371874
|
||||
patch -Np1 -i ../disable-eapol-werror.patch
|
||||
|
||||
# http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
|
||||
patch -Np1 -i ../0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
|
||||
|
||||
# https://lists.infradead.org/pipermail/hostap/2022-April/040352.html
|
||||
patch -Np1 -i ../0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
|
||||
local src
|
||||
for src in "${source[@]}"; do
|
||||
[[ $src = *.patch ]] || continue
|
||||
echo "Applying patch $src..."
|
||||
patch -Np1 < "../$src"
|
||||
done
|
||||
|
||||
cp ../wpa_supplicant_config $pkgname/.config
|
||||
}
|
||||
|
@ -72,16 +76,17 @@ package() {
|
|||
install -dm755 "$pkgdir/etc/wpa_supplicant"
|
||||
install -Dm644 wpa_supplicant.conf -t "$pkgdir/usr/share/doc/wpa_supplicant"
|
||||
|
||||
# install -Dm644 dbus/fi.w1.wpa_supplicant1.service \
|
||||
# -t "$pkgdir/usr/share/dbus-1/system-services"
|
||||
install -Dm644 dbus/fi.w1.wpa_supplicant1.service \
|
||||
-t "$pkgdir/usr/share/dbus-1/system-services"
|
||||
|
||||
# install -Dm644 dbus/dbus-wpa_supplicant.conf \
|
||||
# "$pkgdir/usr/share/dbus-1/system.d/wpa_supplicant.conf"
|
||||
install -Dm644 dbus/dbus-wpa_supplicant.conf \
|
||||
"$pkgdir/usr/share/dbus-1/system.d/wpa_supplicant.conf"
|
||||
|
||||
# install -d -m755 "$pkgdir/usr/share/man/man"{5,8}
|
||||
install -Dm644 doc/docbook/*.5 -t "$pkgdir/usr/share/man/man5"
|
||||
install -Dm644 doc/docbook/*.8 -t "$pkgdir/usr/share/man/man8"
|
||||
# rm "$pkgdir"/usr/share/man/man8/wpa_{priv,gui}.8
|
||||
rm "$pkgdir"/usr/share/man/man8/wpa_{priv,gui}.8
|
||||
|
||||
# install -Dm644 systemd/*.service -t "$pkgdir/usr/lib/systemd/system"
|
||||
}
|
||||
|
||||
#---- arch license gpg-key & sha256sums ----
|
||||
|
@ -90,21 +95,25 @@ arch=(x86_64)
|
|||
|
||||
license=(GPL)
|
||||
|
||||
validpgpkeys=(EC4AA0A991A5F2464582D52D2B6EF432EFC895FA) # Jouni Malinen
|
||||
validpgpkeys=('EC4AA0A991A5F2464582D52D2B6EF432EFC895FA') # Jouni Malinen
|
||||
|
||||
sha256sums=(20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f # wpa_supplicant-2.10.tar.gz
|
||||
5512ef486877b231fe4eef3240c2aec9bfb671c1fe2ceb4e5d9ac1f17caddfac # wpa_supplicant-2.10.tar.gz.asc
|
||||
1e32af4a1a147ee75358fd0b5636fb41332a7b91ec7a904292178256f735e9d2 # wpa_supplicant_config
|
||||
08915b040d03a3e07cdc8ea6c76b497e00059e01ce85b67413dfe41d4fc68992 # wpa_supplicant_tls.patch
|
||||
8fba11e4a5056d9e710707ded93341f61fdfef6c64ced992e3936cbd2d41a011 # wpa_supplicant-legacy-server-connect.patch
|
||||
c3c0fb363f734c1512d24fd749b3ff7515f961b27bfadd04c128434b5c9f4a93 # lower_security_level_for_tls_1.patch
|
||||
9aca193cc26682765467cf9131240e5de71f9b49a765a934284da5e308ea904e # disable-eapol-werror.patch
|
||||
7901d42eda48f82106901cbeb5e7be39025c878d5085a0a0d54ccbe36c3ecef4 # 0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
|
||||
24e844b0a08fe3fede1676cedfe29643375ae56ab1a5fe4f5783765a7b759c15) # 0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
|
||||
|
||||
|
||||
# Note to packager:
|
||||
ls -l *pkg.tar.lz
|
||||
echo "you must rename this package to meet SF naming before you move to the repo"
|
||||
mv $(ls -l $pkgname*pkg.tar.lz) $pkgname-$epoch_$pkgver-$pkgrel-$arch.pkg.tar.lz >pkg-mv.log
|
||||
1e32af4a1a147ee75358fd0b5636fb41332a7b91ec7a904292178256f735e9d2 # wpa_supplicant.config
|
||||
cec1f952a47a5688fe3d23bc998f266a0a5a6214047590a19410f6521ed68811 # 0001-Enable-TLSv1.0-by-default.patch
|
||||
# 0c5677bdc9d154caa7567d7ae08dc0fe415e7be09152cec5290881fd04fba599 # 0002-Tweak-D-Bus-systemd-service-activation-configuration.patch
|
||||
fb82577605c960a53b9376ae3928ab0c052c6f371096e0d692fbf95ef9117475 # 0003-Add-IgnoreOnIsolate-yes-to-keep-wpa-supplicant-runni.patch
|
||||
03630ca4c54a28bd1fe4f87d5afe49caaa67d6d6937534de25bbfbd306d1f4c1 # 0004-Allow-legacy-renegotiation-to-fix-PEAP-issues-with-s.patch
|
||||
cf25c805c9f65f529d7bbfbeabba4317fe7ae1529aca146fc3e8f0c777118d0e # 0005-OpenSSL-Drop-security-level-to-0-with-OpenSSL-3.0-wh.patch
|
||||
fa285fdbde33a345d1d5c91344c7a393d40e8cb4d16ac9c9297982fe16bfad77 # 0006-Disable-Werror-for-eapol_test.patch
|
||||
b15f14529bdcc1f81c60dec5f6ecab7a99d707e4f2803cc3b2bdb12b6cb5d609 # 0007-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
|
||||
19083e95a4e2d55d49c1a17ba69b0f4a672f7ec9a0a0a068c2aa59b57d781895 # 0008-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
|
||||
3091f0628935452938a4a5be4eef47a2dfe69d7e81afdd4275f0a01ec7e6b9c5 # 0009-OpenSSL-Apply-connection-flags-before-reading-certif.patch
|
||||
ce900a58e015fc7bbcbf13a9f5c56122d69882f66c38d35c1e44bc25c133285a # 0010-Don-t-upgrade-SSL-security-level-to-1-when-setting-c.patch
|
||||
# 0a76943fdc64e80015bc21c873a350ac82d23e662541712a4f92f51f6fe10c72 # 0011-Add-reload-support-to-the-systemd-unit-files.patch
|
||||
cf1f5de43f825305f1bf4a219aee1a521ec3a59e919e5e5ac3367139faac1b28 # 0012-WNM-Choose-the-best-available-BSS-not-just-the-first.patch
|
||||
70cc90bdb9349b7dea06ebbd776c94c76b497d8ca26d328d8ab12d504c578787 # 0013-wpa_supplicant-Fix-wpa_supplicant-configuration-pars.patch
|
||||
3a98842a405df9b3e5a10734ab106744c392fd677ac652f994610420ccf039a0 # 0014-Abort-ongoing-scan.patch
|
||||
39ee3f6dbf665f167cec8d33f0ba9f97a64aaa22f87f9cc5ac3e41f7b42ca559) # 0015-Override-ieee80211w-from-pmf-for-AP-mode-in-wpa_supp.patch
|
||||
|
||||
## dce6ec24e682be00eb9093c9b2a2b93b92a0846a56796b7d5caa29fb3f4684ce wpa_supplicant-2_2.10-09-x86_64.pkg.tar.lz
|
||||
|
|
|
@ -12,60 +12,83 @@ url='https://w1.fi/wpa_supplicant/'
|
|||
arch=(x86_64)
|
||||
license=(GPL)
|
||||
depends=(openssl libdbus readline libnl pcsclite)
|
||||
options=(debug)
|
||||
install=wpa_supplicant.install
|
||||
source=(
|
||||
https://w1.fi/releases/${pkgname}-${pkgver}.tar.gz{,.asc}
|
||||
wpa_supplicant_config
|
||||
wpa_supplicant_tls.patch
|
||||
wpa_supplicant_dbus_service_syslog.patch
|
||||
wpa_supplicant_service_ignore-on-isolate.patch
|
||||
wpa_supplicant-legacy-server-connect.patch
|
||||
lower_security_level_for_tls_1.patch
|
||||
disable-eapol-werror.patch
|
||||
0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
|
||||
0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
|
||||
|
||||
# More permissive TLS fallback
|
||||
0001-Enable-TLSv1.0-by-default.patch
|
||||
|
||||
# Unit improvements from Ubuntu
|
||||
0002-Tweak-D-Bus-systemd-service-activation-configuration.patch
|
||||
0003-Add-IgnoreOnIsolate-yes-to-keep-wpa-supplicant-runni.patch
|
||||
|
||||
# http://lists.infradead.org/pipermail/hostap/2022-May/040511.html
|
||||
# https://bugs.archlinux.org/task/76474
|
||||
0004-Allow-legacy-renegotiation-to-fix-PEAP-issues-with-s.patch
|
||||
|
||||
# http://lists.infradead.org/pipermail/hostap/2022-May/040571.html
|
||||
# https://bugs.archlinux.org/task/76474
|
||||
0005-OpenSSL-Drop-security-level-to-0-with-OpenSSL-3.0-wh.patch
|
||||
|
||||
# https://salsa.debian.org/debian/wpa/-/commit/13e1d28e4f987a220c546df94df86bb9b2371874
|
||||
0006-Disable-Werror-for-eapol_test.patch
|
||||
|
||||
# http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
|
||||
0007-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
|
||||
|
||||
# https://lists.infradead.org/pipermail/hostap/2022-April/040352.html
|
||||
0008-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
|
||||
|
||||
# https://w1.fi/cgit/hostap/commit/?id=e9b4ad2364c68130c7618a88a171e29e0e15007e
|
||||
0009-OpenSSL-Apply-connection-flags-before-reading-certif.patch
|
||||
|
||||
# https://bugs.archlinux.org/task/78770
|
||||
0010-Don-t-upgrade-SSL-security-level-to-1-when-setting-c.patch
|
||||
|
||||
# More unit improvements from Debian
|
||||
0011-Add-reload-support-to-the-systemd-unit-files.patch
|
||||
|
||||
# https://salsa.debian.org/debian/wpa/-/commit/5e9486d9de777c9145bcc8bf8048a08abf539cac
|
||||
0012-WNM-Choose-the-best-available-BSS-not-just-the-first.patch
|
||||
0013-wpa_supplicant-Fix-wpa_supplicant-configuration-pars.patch
|
||||
|
||||
# https://salsa.debian.org/debian/wpa/-/commit/f0d078409df01fa466523c2ab015274c351a83c0
|
||||
0014-Abort-ongoing-scan.patch
|
||||
|
||||
# https://salsa.debian.org/debian/wpa/-/commit/fdcff9f7b4c699f94e38e519e34220e528bee2f9
|
||||
0015-Override-ieee80211w-from-pmf-for-AP-mode-in-wpa_supp.patch
|
||||
)
|
||||
validpgpkeys=('EC4AA0A991A5F2464582D52D2B6EF432EFC895FA') # Jouni Malinen
|
||||
sha256sums=('20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f'
|
||||
'SKIP'
|
||||
'1e32af4a1a147ee75358fd0b5636fb41332a7b91ec7a904292178256f735e9d2'
|
||||
'08915b040d03a3e07cdc8ea6c76b497e00059e01ce85b67413dfe41d4fc68992'
|
||||
'60f6a1cf2e124813dfce1da78ee1818e2ff5236aafa4113c7ae3b3f2a0b84006'
|
||||
'd42bdbf3d4980b9f0a819612df0c39843c7e96c8afcb103aa656c824f93790b0'
|
||||
'8fba11e4a5056d9e710707ded93341f61fdfef6c64ced992e3936cbd2d41a011'
|
||||
'c3c0fb363f734c1512d24fd749b3ff7515f961b27bfadd04c128434b5c9f4a93'
|
||||
'9aca193cc26682765467cf9131240e5de71f9b49a765a934284da5e308ea904e'
|
||||
'7901d42eda48f82106901cbeb5e7be39025c878d5085a0a0d54ccbe36c3ecef4'
|
||||
'24e844b0a08fe3fede1676cedfe29643375ae56ab1a5fe4f5783765a7b759c15')
|
||||
'cec1f952a47a5688fe3d23bc998f266a0a5a6214047590a19410f6521ed68811'
|
||||
'7aecdb7ce85a399eee75dae4595645b34260739725b5922726a51a8db76148f9'
|
||||
'fb82577605c960a53b9376ae3928ab0c052c6f371096e0d692fbf95ef9117475'
|
||||
'03630ca4c54a28bd1fe4f87d5afe49caaa67d6d6937534de25bbfbd306d1f4c1'
|
||||
'cf25c805c9f65f529d7bbfbeabba4317fe7ae1529aca146fc3e8f0c777118d0e'
|
||||
'fa285fdbde33a345d1d5c91344c7a393d40e8cb4d16ac9c9297982fe16bfad77'
|
||||
'b15f14529bdcc1f81c60dec5f6ecab7a99d707e4f2803cc3b2bdb12b6cb5d609'
|
||||
'19083e95a4e2d55d49c1a17ba69b0f4a672f7ec9a0a0a068c2aa59b57d781895'
|
||||
'3091f0628935452938a4a5be4eef47a2dfe69d7e81afdd4275f0a01ec7e6b9c5'
|
||||
'ce900a58e015fc7bbcbf13a9f5c56122d69882f66c38d35c1e44bc25c133285a'
|
||||
'0a76943fdc64e80015bc21c873a350ac82d23e662541712a4f92f51f6fe10c72'
|
||||
'cf1f5de43f825305f1bf4a219aee1a521ec3a59e919e5e5ac3367139faac1b28'
|
||||
'70cc90bdb9349b7dea06ebbd776c94c76b497d8ca26d328d8ab12d504c578787'
|
||||
'3a98842a405df9b3e5a10734ab106744c392fd677ac652f994610420ccf039a0'
|
||||
'39ee3f6dbf665f167cec8d33f0ba9f97a64aaa22f87f9cc5ac3e41f7b42ca559')
|
||||
|
||||
prepare() {
|
||||
cd $pkgname-$pkgver
|
||||
|
||||
# More permissive TLS fallback
|
||||
patch -Np1 -i ../wpa_supplicant_tls.patch
|
||||
|
||||
# Unit improvements from Ubuntu
|
||||
patch -Np1 -i ../wpa_supplicant_dbus_service_syslog.patch
|
||||
|
||||
# More unit improvements from Ubuntu
|
||||
patch -Np1 -i ../wpa_supplicant_service_ignore-on-isolate.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2072070#c24
|
||||
patch -Np1 -i ../wpa_supplicant-legacy-server-connect.patch
|
||||
|
||||
# http://lists.infradead.org/pipermail/hostap/2022-May/040571.html
|
||||
# https://bugs.archlinux.org/task/76474
|
||||
patch -Np1 -i ../lower_security_level_for_tls_1.patch
|
||||
|
||||
# https://salsa.debian.org/debian/wpa/-/commit/13e1d28e4f987a220c546df94df86bb9b2371874
|
||||
patch -Np1 -i ../disable-eapol-werror.patch
|
||||
|
||||
# http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
|
||||
patch -Np1 -i ../0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
|
||||
|
||||
# https://lists.infradead.org/pipermail/hostap/2022-April/040352.html
|
||||
patch -Np1 -i ../0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
|
||||
local src
|
||||
for src in "${source[@]}"; do
|
||||
[[ $src = *.patch ]] || continue
|
||||
echo "Applying patch $src..."
|
||||
patch -Np1 < "../$src"
|
||||
done
|
||||
|
||||
cp ../wpa_supplicant_config $pkgname/.config
|
||||
}
|
||||
|
|
100
wpa_supplicant/PKGBUILD-arch-20230115
Normal file
100
wpa_supplicant/PKGBUILD-arch-20230115
Normal file
|
@ -0,0 +1,100 @@
|
|||
# Maintainer:
|
||||
# Contributor: Bartłomiej Piotrowski <bpiotrowski@archlinux.org>
|
||||
# Contributor: Thomas Bächler <thomas@archlinux.org>
|
||||
# Contributor: loqs
|
||||
|
||||
pkgname=wpa_supplicant
|
||||
pkgver=2.10
|
||||
pkgrel=8
|
||||
epoch=2
|
||||
pkgdesc='A utility providing key negotiation for WPA wireless networks'
|
||||
url='https://w1.fi/wpa_supplicant/'
|
||||
arch=(x86_64)
|
||||
license=(GPL)
|
||||
depends=(openssl libdbus readline libnl pcsclite)
|
||||
install=wpa_supplicant.install
|
||||
source=(
|
||||
https://w1.fi/releases/${pkgname}-${pkgver}.tar.gz{,.asc}
|
||||
wpa_supplicant_config
|
||||
wpa_supplicant_tls.patch
|
||||
wpa_supplicant_dbus_service_syslog.patch
|
||||
wpa_supplicant_service_ignore-on-isolate.patch
|
||||
wpa_supplicant-legacy-server-connect.patch
|
||||
lower_security_level_for_tls_1.patch
|
||||
disable-eapol-werror.patch
|
||||
0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
|
||||
0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
|
||||
)
|
||||
validpgpkeys=('EC4AA0A991A5F2464582D52D2B6EF432EFC895FA') # Jouni Malinen
|
||||
sha256sums=('20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f'
|
||||
'SKIP'
|
||||
'1e32af4a1a147ee75358fd0b5636fb41332a7b91ec7a904292178256f735e9d2'
|
||||
'08915b040d03a3e07cdc8ea6c76b497e00059e01ce85b67413dfe41d4fc68992'
|
||||
'60f6a1cf2e124813dfce1da78ee1818e2ff5236aafa4113c7ae3b3f2a0b84006'
|
||||
'd42bdbf3d4980b9f0a819612df0c39843c7e96c8afcb103aa656c824f93790b0'
|
||||
'8fba11e4a5056d9e710707ded93341f61fdfef6c64ced992e3936cbd2d41a011'
|
||||
'c3c0fb363f734c1512d24fd749b3ff7515f961b27bfadd04c128434b5c9f4a93'
|
||||
'9aca193cc26682765467cf9131240e5de71f9b49a765a934284da5e308ea904e'
|
||||
'7901d42eda48f82106901cbeb5e7be39025c878d5085a0a0d54ccbe36c3ecef4'
|
||||
'24e844b0a08fe3fede1676cedfe29643375ae56ab1a5fe4f5783765a7b759c15')
|
||||
|
||||
prepare() {
|
||||
cd $pkgname-$pkgver
|
||||
|
||||
# More permissive TLS fallback
|
||||
patch -Np1 -i ../wpa_supplicant_tls.patch
|
||||
|
||||
# Unit improvements from Ubuntu
|
||||
patch -Np1 -i ../wpa_supplicant_dbus_service_syslog.patch
|
||||
|
||||
# More unit improvements from Ubuntu
|
||||
patch -Np1 -i ../wpa_supplicant_service_ignore-on-isolate.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2072070#c24
|
||||
patch -Np1 -i ../wpa_supplicant-legacy-server-connect.patch
|
||||
|
||||
# http://lists.infradead.org/pipermail/hostap/2022-May/040571.html
|
||||
# https://bugs.archlinux.org/task/76474
|
||||
patch -Np1 -i ../lower_security_level_for_tls_1.patch
|
||||
|
||||
# https://salsa.debian.org/debian/wpa/-/commit/13e1d28e4f987a220c546df94df86bb9b2371874
|
||||
patch -Np1 -i ../disable-eapol-werror.patch
|
||||
|
||||
# http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
|
||||
patch -Np1 -i ../0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
|
||||
|
||||
# https://lists.infradead.org/pipermail/hostap/2022-April/040352.html
|
||||
patch -Np1 -i ../0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
|
||||
|
||||
cp ../wpa_supplicant_config $pkgname/.config
|
||||
}
|
||||
|
||||
build() {
|
||||
cd $pkgname-$pkgver/$pkgname
|
||||
|
||||
make LIBDIR=/usr/lib BINDIR=/usr/bin
|
||||
make LIBDIR=/usr/lib BINDIR=/usr/bin eapol_test
|
||||
}
|
||||
|
||||
package() {
|
||||
cd $pkgname-$pkgver/$pkgname
|
||||
|
||||
make LIBDIR=/usr/lib BINDIR=/usr/bin DESTDIR="$pkgdir" install
|
||||
|
||||
install -Dm755 eapol_test "$pkgdir/usr/bin/eapol_test"
|
||||
|
||||
install -dm755 "$pkgdir/etc/wpa_supplicant"
|
||||
install -Dm644 wpa_supplicant.conf -t "$pkgdir/usr/share/doc/wpa_supplicant"
|
||||
|
||||
install -Dm644 dbus/fi.w1.wpa_supplicant1.service \
|
||||
-t "$pkgdir/usr/share/dbus-1/system-services"
|
||||
|
||||
install -Dm644 dbus/dbus-wpa_supplicant.conf \
|
||||
"$pkgdir/usr/share/dbus-1/system.d/wpa_supplicant.conf"
|
||||
|
||||
install -Dm644 doc/docbook/*.5 -t "$pkgdir/usr/share/man/man5"
|
||||
install -Dm644 doc/docbook/*.8 -t "$pkgdir/usr/share/man/man8"
|
||||
rm "$pkgdir"/usr/share/man/man8/wpa_{priv,gui}.8
|
||||
|
||||
install -Dm644 systemd/*.service -t "$pkgdir/usr/lib/systemd/system"
|
||||
}
|
101
wpa_supplicant/PKGBUILD-arch-20231217
Normal file
101
wpa_supplicant/PKGBUILD-arch-20231217
Normal file
|
@ -0,0 +1,101 @@
|
|||
# Maintainer:
|
||||
# Contributor: Bartłomiej Piotrowski <bpiotrowski@archlinux.org>
|
||||
# Contributor: Thomas Bächler <thomas@archlinux.org>
|
||||
# Contributor: loqs
|
||||
|
||||
pkgname=wpa_supplicant
|
||||
pkgver=2.10
|
||||
pkgrel=8
|
||||
epoch=2
|
||||
pkgdesc='A utility providing key negotiation for WPA wireless networks'
|
||||
url='https://w1.fi/wpa_supplicant/'
|
||||
arch=(x86_64)
|
||||
license=(GPL)
|
||||
depends=(openssl libdbus readline libnl pcsclite)
|
||||
options=(debug)
|
||||
install=wpa_supplicant.install
|
||||
source=(
|
||||
https://w1.fi/releases/${pkgname}-${pkgver}.tar.gz{,.asc}
|
||||
wpa_supplicant_config
|
||||
wpa_supplicant_tls.patch
|
||||
wpa_supplicant_dbus_service_syslog.patch
|
||||
wpa_supplicant_service_ignore-on-isolate.patch
|
||||
wpa_supplicant-legacy-server-connect.patch
|
||||
lower_security_level_for_tls_1.patch
|
||||
disable-eapol-werror.patch
|
||||
0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
|
||||
0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
|
||||
)
|
||||
validpgpkeys=('EC4AA0A991A5F2464582D52D2B6EF432EFC895FA') # Jouni Malinen
|
||||
sha256sums=('20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f'
|
||||
'SKIP'
|
||||
'1e32af4a1a147ee75358fd0b5636fb41332a7b91ec7a904292178256f735e9d2'
|
||||
'08915b040d03a3e07cdc8ea6c76b497e00059e01ce85b67413dfe41d4fc68992'
|
||||
'60f6a1cf2e124813dfce1da78ee1818e2ff5236aafa4113c7ae3b3f2a0b84006'
|
||||
'd42bdbf3d4980b9f0a819612df0c39843c7e96c8afcb103aa656c824f93790b0'
|
||||
'8fba11e4a5056d9e710707ded93341f61fdfef6c64ced992e3936cbd2d41a011'
|
||||
'c3c0fb363f734c1512d24fd749b3ff7515f961b27bfadd04c128434b5c9f4a93'
|
||||
'9aca193cc26682765467cf9131240e5de71f9b49a765a934284da5e308ea904e'
|
||||
'7901d42eda48f82106901cbeb5e7be39025c878d5085a0a0d54ccbe36c3ecef4'
|
||||
'24e844b0a08fe3fede1676cedfe29643375ae56ab1a5fe4f5783765a7b759c15')
|
||||
|
||||
prepare() {
|
||||
cd $pkgname-$pkgver
|
||||
|
||||
# More permissive TLS fallback
|
||||
patch -Np1 -i ../wpa_supplicant_tls.patch
|
||||
|
||||
# Unit improvements from Ubuntu
|
||||
patch -Np1 -i ../wpa_supplicant_dbus_service_syslog.patch
|
||||
|
||||
# More unit improvements from Ubuntu
|
||||
patch -Np1 -i ../wpa_supplicant_service_ignore-on-isolate.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2072070#c24
|
||||
patch -Np1 -i ../wpa_supplicant-legacy-server-connect.patch
|
||||
|
||||
# http://lists.infradead.org/pipermail/hostap/2022-May/040571.html
|
||||
# https://bugs.archlinux.org/task/76474
|
||||
patch -Np1 -i ../lower_security_level_for_tls_1.patch
|
||||
|
||||
# https://salsa.debian.org/debian/wpa/-/commit/13e1d28e4f987a220c546df94df86bb9b2371874
|
||||
patch -Np1 -i ../disable-eapol-werror.patch
|
||||
|
||||
# http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
|
||||
patch -Np1 -i ../0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
|
||||
|
||||
# https://lists.infradead.org/pipermail/hostap/2022-April/040352.html
|
||||
patch -Np1 -i ../0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
|
||||
|
||||
cp ../wpa_supplicant_config $pkgname/.config
|
||||
}
|
||||
|
||||
build() {
|
||||
cd $pkgname-$pkgver/$pkgname
|
||||
|
||||
make LIBDIR=/usr/lib BINDIR=/usr/bin
|
||||
make LIBDIR=/usr/lib BINDIR=/usr/bin eapol_test
|
||||
}
|
||||
|
||||
package() {
|
||||
cd $pkgname-$pkgver/$pkgname
|
||||
|
||||
make LIBDIR=/usr/lib BINDIR=/usr/bin DESTDIR="$pkgdir" install
|
||||
|
||||
install -Dm755 eapol_test "$pkgdir/usr/bin/eapol_test"
|
||||
|
||||
install -dm755 "$pkgdir/etc/wpa_supplicant"
|
||||
install -Dm644 wpa_supplicant.conf -t "$pkgdir/usr/share/doc/wpa_supplicant"
|
||||
|
||||
install -Dm644 dbus/fi.w1.wpa_supplicant1.service \
|
||||
-t "$pkgdir/usr/share/dbus-1/system-services"
|
||||
|
||||
install -Dm644 dbus/dbus-wpa_supplicant.conf \
|
||||
"$pkgdir/usr/share/dbus-1/system.d/wpa_supplicant.conf"
|
||||
|
||||
install -Dm644 doc/docbook/*.5 -t "$pkgdir/usr/share/man/man5"
|
||||
install -Dm644 doc/docbook/*.8 -t "$pkgdir/usr/share/man/man8"
|
||||
rm "$pkgdir"/usr/share/man/man8/wpa_{priv,gui}.8
|
||||
|
||||
install -Dm644 systemd/*.service -t "$pkgdir/usr/lib/systemd/system"
|
||||
}
|
110
wpa_supplicant/PKGBUILD-old
Normal file
110
wpa_supplicant/PKGBUILD-old
Normal file
|
@ -0,0 +1,110 @@
|
|||
#!/usr/bin/bash
|
||||
# JOBoRun : Jwm OpenBox Obarun RUNit
|
||||
# Maintainer : Joe Bo Run <joborun@disroot.org>
|
||||
# PkgSource : url="https://gittea.disroot.org/joborun-pkg/jobcore/$pkgname"
|
||||
# Website : https://pozol.eu
|
||||
#-----------------------------------------| DESCRIPTION |---------------------------------------
|
||||
|
||||
pkgname=wpa_supplicant
|
||||
pkgver=2.10
|
||||
pkgrel=08
|
||||
epoch=2
|
||||
pkgdesc='A utility providing key negotiation for WPA wireless networks w/o systemd'
|
||||
url='https://w1.fi/wpa_supplicant/'
|
||||
depends=(openssl libdbus readline libnl pcsclite)
|
||||
#options=(debug) ## uncomment this line to have the debug pkg produced
|
||||
backup=('etc/wpa_supplicant/wpa_supplicant.conf')
|
||||
source=(https://w1.fi/releases/${pkgname}-${pkgver}.tar.gz{,.asc}
|
||||
wpa_supplicant_config
|
||||
wpa_supplicant_tls.patch # More permissive TLS fallback
|
||||
# wpa_supplicant_dbus_service_syslog.patch # Unit improvements from Ubuntu
|
||||
# wpa_supplicant_service_ignore-on-isolate.patch # More unit improvements from Ubuntu
|
||||
wpa_supplicant-legacy-server-connect.patch
|
||||
lower_security_level_for_tls_1.patch
|
||||
disable-eapol-werror.patch
|
||||
0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
|
||||
0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
|
||||
)
|
||||
|
||||
prepare() {
|
||||
cd $pkgname-$pkgver
|
||||
# More permissive TLS fallback
|
||||
patch -Np1 -i ../wpa_supplicant_tls.patch
|
||||
|
||||
# # Unit improvements from Ubuntu
|
||||
# patch -Np1 -i ../wpa_supplicant_dbus_service_syslog.patch
|
||||
|
||||
# # More unit improvements from Ubuntu
|
||||
# patch -Np1 -i ../wpa_supplicant_service_ignore-on-isolate.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2072070#c24
|
||||
patch -Np1 -i ../wpa_supplicant-legacy-server-connect.patch
|
||||
|
||||
# http://lists.infradead.org/pipermail/hostap/2022-May/040571.html
|
||||
# https://bugs.archlinux.org/task/76474
|
||||
patch -Np1 -i ../lower_security_level_for_tls_1.patch
|
||||
|
||||
# https://salsa.debian.org/debian/wpa/-/commit/13e1d28e4f987a220c546df94df86bb9b2371874
|
||||
patch -Np1 -i ../disable-eapol-werror.patch
|
||||
|
||||
# http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
|
||||
patch -Np1 -i ../0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
|
||||
|
||||
# https://lists.infradead.org/pipermail/hostap/2022-April/040352.html
|
||||
patch -Np1 -i ../0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
|
||||
|
||||
cp ../wpa_supplicant_config $pkgname/.config
|
||||
}
|
||||
|
||||
build() {
|
||||
cd $pkgname-$pkgver/$pkgname
|
||||
|
||||
make LIBDIR=/usr/lib BINDIR=/usr/bin
|
||||
make LIBDIR=/usr/lib BINDIR=/usr/bin eapol_test
|
||||
}
|
||||
|
||||
package() {
|
||||
cd $pkgname-$pkgver/$pkgname
|
||||
|
||||
make LIBDIR=/usr/lib BINDIR=/usr/bin DESTDIR="$pkgdir" install
|
||||
|
||||
install -Dm755 eapol_test "$pkgdir/usr/bin/eapol_test"
|
||||
|
||||
install -dm755 "$pkgdir/etc/wpa_supplicant"
|
||||
install -Dm644 wpa_supplicant.conf -t "$pkgdir/usr/share/doc/wpa_supplicant"
|
||||
|
||||
# install -Dm644 dbus/fi.w1.wpa_supplicant1.service \
|
||||
# -t "$pkgdir/usr/share/dbus-1/system-services"
|
||||
|
||||
# install -Dm644 dbus/dbus-wpa_supplicant.conf \
|
||||
# "$pkgdir/usr/share/dbus-1/system.d/wpa_supplicant.conf"
|
||||
|
||||
# install -d -m755 "$pkgdir/usr/share/man/man"{5,8}
|
||||
install -Dm644 doc/docbook/*.5 -t "$pkgdir/usr/share/man/man5"
|
||||
install -Dm644 doc/docbook/*.8 -t "$pkgdir/usr/share/man/man8"
|
||||
# rm "$pkgdir"/usr/share/man/man8/wpa_{priv,gui}.8
|
||||
}
|
||||
|
||||
#---- arch license gpg-key & sha256sums ----
|
||||
|
||||
arch=(x86_64)
|
||||
|
||||
license=(GPL)
|
||||
|
||||
validpgpkeys=(EC4AA0A991A5F2464582D52D2B6EF432EFC895FA) # Jouni Malinen
|
||||
|
||||
sha256sums=(20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f # wpa_supplicant-2.10.tar.gz
|
||||
5512ef486877b231fe4eef3240c2aec9bfb671c1fe2ceb4e5d9ac1f17caddfac # wpa_supplicant-2.10.tar.gz.asc
|
||||
1e32af4a1a147ee75358fd0b5636fb41332a7b91ec7a904292178256f735e9d2 # wpa_supplicant_config
|
||||
08915b040d03a3e07cdc8ea6c76b497e00059e01ce85b67413dfe41d4fc68992 # wpa_supplicant_tls.patch
|
||||
8fba11e4a5056d9e710707ded93341f61fdfef6c64ced992e3936cbd2d41a011 # wpa_supplicant-legacy-server-connect.patch
|
||||
c3c0fb363f734c1512d24fd749b3ff7515f961b27bfadd04c128434b5c9f4a93 # lower_security_level_for_tls_1.patch
|
||||
9aca193cc26682765467cf9131240e5de71f9b49a765a934284da5e308ea904e # disable-eapol-werror.patch
|
||||
7901d42eda48f82106901cbeb5e7be39025c878d5085a0a0d54ccbe36c3ecef4 # 0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
|
||||
24e844b0a08fe3fede1676cedfe29643375ae56ab1a5fe4f5783765a7b759c15) # 0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
|
||||
|
||||
|
||||
# Note to packager:
|
||||
ls -l *pkg.tar.lz
|
||||
echo "you must rename this package to meet SF naming before you move to the repo"
|
||||
mv $(ls -l $pkgname*pkg.tar.lz) $pkgname-$epoch_$pkgver-$pkgrel-$arch.pkg.tar.lz >pkg-mv.log
|
||||
|
|
@ -1,5 +1,4 @@
|
|||
pcsclite
|
||||
|
||||
|
||||
dbus
|
||||
|
||||
|
||||
|
|
122
wpa_supplicant/diff.arch
Normal file
122
wpa_supplicant/diff.arch
Normal file
|
@ -0,0 +1,122 @@
|
|||
--- PKGBUILD-arch 2022-12-17 10:11:19.377531206 +0200
|
||||
+++ PKGBUILD-arch.new 2024-01-08 01:38:42.411395128 +0200
|
||||
@@ -12,60 +12,83 @@
|
||||
arch=(x86_64)
|
||||
license=(GPL)
|
||||
depends=(openssl libdbus readline libnl pcsclite)
|
||||
-options=(debug)
|
||||
install=wpa_supplicant.install
|
||||
source=(
|
||||
https://w1.fi/releases/${pkgname}-${pkgver}.tar.gz{,.asc}
|
||||
wpa_supplicant_config
|
||||
- wpa_supplicant_tls.patch
|
||||
- wpa_supplicant_dbus_service_syslog.patch
|
||||
- wpa_supplicant_service_ignore-on-isolate.patch
|
||||
- wpa_supplicant-legacy-server-connect.patch
|
||||
- lower_security_level_for_tls_1.patch
|
||||
- disable-eapol-werror.patch
|
||||
- 0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
|
||||
- 0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
|
||||
-)
|
||||
-validpgpkeys=('EC4AA0A991A5F2464582D52D2B6EF432EFC895FA') # Jouni Malinen
|
||||
-sha256sums=('20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f'
|
||||
- 'SKIP'
|
||||
- '1e32af4a1a147ee75358fd0b5636fb41332a7b91ec7a904292178256f735e9d2'
|
||||
- '08915b040d03a3e07cdc8ea6c76b497e00059e01ce85b67413dfe41d4fc68992'
|
||||
- '60f6a1cf2e124813dfce1da78ee1818e2ff5236aafa4113c7ae3b3f2a0b84006'
|
||||
- 'd42bdbf3d4980b9f0a819612df0c39843c7e96c8afcb103aa656c824f93790b0'
|
||||
- '8fba11e4a5056d9e710707ded93341f61fdfef6c64ced992e3936cbd2d41a011'
|
||||
- 'c3c0fb363f734c1512d24fd749b3ff7515f961b27bfadd04c128434b5c9f4a93'
|
||||
- '9aca193cc26682765467cf9131240e5de71f9b49a765a934284da5e308ea904e'
|
||||
- '7901d42eda48f82106901cbeb5e7be39025c878d5085a0a0d54ccbe36c3ecef4'
|
||||
- '24e844b0a08fe3fede1676cedfe29643375ae56ab1a5fe4f5783765a7b759c15')
|
||||
-
|
||||
-prepare() {
|
||||
- cd $pkgname-$pkgver
|
||||
|
||||
# More permissive TLS fallback
|
||||
- patch -Np1 -i ../wpa_supplicant_tls.patch
|
||||
+ 0001-Enable-TLSv1.0-by-default.patch
|
||||
|
||||
# Unit improvements from Ubuntu
|
||||
- patch -Np1 -i ../wpa_supplicant_dbus_service_syslog.patch
|
||||
-
|
||||
- # More unit improvements from Ubuntu
|
||||
- patch -Np1 -i ../wpa_supplicant_service_ignore-on-isolate.patch
|
||||
+ 0002-Tweak-D-Bus-systemd-service-activation-configuration.patch
|
||||
+ 0003-Add-IgnoreOnIsolate-yes-to-keep-wpa-supplicant-runni.patch
|
||||
|
||||
- # https://bugzilla.redhat.com/show_bug.cgi?id=2072070#c24
|
||||
- patch -Np1 -i ../wpa_supplicant-legacy-server-connect.patch
|
||||
+ # http://lists.infradead.org/pipermail/hostap/2022-May/040511.html
|
||||
+ # https://bugs.archlinux.org/task/76474
|
||||
+ 0004-Allow-legacy-renegotiation-to-fix-PEAP-issues-with-s.patch
|
||||
|
||||
# http://lists.infradead.org/pipermail/hostap/2022-May/040571.html
|
||||
# https://bugs.archlinux.org/task/76474
|
||||
- patch -Np1 -i ../lower_security_level_for_tls_1.patch
|
||||
+ 0005-OpenSSL-Drop-security-level-to-0-with-OpenSSL-3.0-wh.patch
|
||||
|
||||
# https://salsa.debian.org/debian/wpa/-/commit/13e1d28e4f987a220c546df94df86bb9b2371874
|
||||
- patch -Np1 -i ../disable-eapol-werror.patch
|
||||
+ 0006-Disable-Werror-for-eapol_test.patch
|
||||
|
||||
# http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
|
||||
- patch -Np1 -i ../0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
|
||||
+ 0007-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
|
||||
|
||||
# https://lists.infradead.org/pipermail/hostap/2022-April/040352.html
|
||||
- patch -Np1 -i ../0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
|
||||
+ 0008-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
|
||||
+
|
||||
+ # https://w1.fi/cgit/hostap/commit/?id=e9b4ad2364c68130c7618a88a171e29e0e15007e
|
||||
+ 0009-OpenSSL-Apply-connection-flags-before-reading-certif.patch
|
||||
+
|
||||
+ # https://bugs.archlinux.org/task/78770
|
||||
+ 0010-Don-t-upgrade-SSL-security-level-to-1-when-setting-c.patch
|
||||
+
|
||||
+ # More unit improvements from Debian
|
||||
+ 0011-Add-reload-support-to-the-systemd-unit-files.patch
|
||||
+
|
||||
+ # https://salsa.debian.org/debian/wpa/-/commit/5e9486d9de777c9145bcc8bf8048a08abf539cac
|
||||
+ 0012-WNM-Choose-the-best-available-BSS-not-just-the-first.patch
|
||||
+ 0013-wpa_supplicant-Fix-wpa_supplicant-configuration-pars.patch
|
||||
+
|
||||
+ # https://salsa.debian.org/debian/wpa/-/commit/f0d078409df01fa466523c2ab015274c351a83c0
|
||||
+ 0014-Abort-ongoing-scan.patch
|
||||
+
|
||||
+ # https://salsa.debian.org/debian/wpa/-/commit/fdcff9f7b4c699f94e38e519e34220e528bee2f9
|
||||
+ 0015-Override-ieee80211w-from-pmf-for-AP-mode-in-wpa_supp.patch
|
||||
+)
|
||||
+validpgpkeys=('EC4AA0A991A5F2464582D52D2B6EF432EFC895FA') # Jouni Malinen
|
||||
+sha256sums=('20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f'
|
||||
+ 'SKIP'
|
||||
+ '1e32af4a1a147ee75358fd0b5636fb41332a7b91ec7a904292178256f735e9d2'
|
||||
+ 'cec1f952a47a5688fe3d23bc998f266a0a5a6214047590a19410f6521ed68811'
|
||||
+ '7aecdb7ce85a399eee75dae4595645b34260739725b5922726a51a8db76148f9'
|
||||
+ 'fb82577605c960a53b9376ae3928ab0c052c6f371096e0d692fbf95ef9117475'
|
||||
+ '03630ca4c54a28bd1fe4f87d5afe49caaa67d6d6937534de25bbfbd306d1f4c1'
|
||||
+ 'cf25c805c9f65f529d7bbfbeabba4317fe7ae1529aca146fc3e8f0c777118d0e'
|
||||
+ 'fa285fdbde33a345d1d5c91344c7a393d40e8cb4d16ac9c9297982fe16bfad77'
|
||||
+ 'b15f14529bdcc1f81c60dec5f6ecab7a99d707e4f2803cc3b2bdb12b6cb5d609'
|
||||
+ '19083e95a4e2d55d49c1a17ba69b0f4a672f7ec9a0a0a068c2aa59b57d781895'
|
||||
+ '3091f0628935452938a4a5be4eef47a2dfe69d7e81afdd4275f0a01ec7e6b9c5'
|
||||
+ 'ce900a58e015fc7bbcbf13a9f5c56122d69882f66c38d35c1e44bc25c133285a'
|
||||
+ '0a76943fdc64e80015bc21c873a350ac82d23e662541712a4f92f51f6fe10c72'
|
||||
+ 'cf1f5de43f825305f1bf4a219aee1a521ec3a59e919e5e5ac3367139faac1b28'
|
||||
+ '70cc90bdb9349b7dea06ebbd776c94c76b497d8ca26d328d8ab12d504c578787'
|
||||
+ '3a98842a405df9b3e5a10734ab106744c392fd677ac652f994610420ccf039a0'
|
||||
+ '39ee3f6dbf665f167cec8d33f0ba9f97a64aaa22f87f9cc5ac3e41f7b42ca559')
|
||||
+
|
||||
+prepare() {
|
||||
+ cd $pkgname-$pkgver
|
||||
+
|
||||
+ local src
|
||||
+ for src in "${source[@]}"; do
|
||||
+ [[ $src = *.patch ]] || continue
|
||||
+ echo "Applying patch $src..."
|
||||
+ patch -Np1 < "../$src"
|
||||
+ done
|
||||
|
||||
cp ../wpa_supplicant_config $pkgname/.config
|
||||
}
|
1
wpa_supplicant/diff.arch.note
Normal file
1
wpa_supplicant/diff.arch.note
Normal file
|
@ -0,0 +1 @@
|
|||
This is very strange, 2 different PKGBUILDs from arch, one from 12/22 one from now, 2024-01-08 same version same release number VERY different patches and conf files?
|
0
wpa_supplicant/pkg-mv.log
Normal file
0
wpa_supplicant/pkg-mv.log
Normal file
Loading…
Reference in a new issue