--- PKGBUILD-arch 2022-12-17 10:11:19.377531206 +0200 +++ PKGBUILD-arch.new 2024-01-08 01:38:42.411395128 +0200 @@ -12,60 +12,83 @@ arch=(x86_64) license=(GPL) depends=(openssl libdbus readline libnl pcsclite) -options=(debug) install=wpa_supplicant.install source=( https://w1.fi/releases/${pkgname}-${pkgver}.tar.gz{,.asc} wpa_supplicant_config - wpa_supplicant_tls.patch - wpa_supplicant_dbus_service_syslog.patch - wpa_supplicant_service_ignore-on-isolate.patch - wpa_supplicant-legacy-server-connect.patch - lower_security_level_for_tls_1.patch - disable-eapol-werror.patch - 0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch - 0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch -) -validpgpkeys=('EC4AA0A991A5F2464582D52D2B6EF432EFC895FA') # Jouni Malinen -sha256sums=('20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f' - 'SKIP' - '1e32af4a1a147ee75358fd0b5636fb41332a7b91ec7a904292178256f735e9d2' - '08915b040d03a3e07cdc8ea6c76b497e00059e01ce85b67413dfe41d4fc68992' - '60f6a1cf2e124813dfce1da78ee1818e2ff5236aafa4113c7ae3b3f2a0b84006' - 'd42bdbf3d4980b9f0a819612df0c39843c7e96c8afcb103aa656c824f93790b0' - '8fba11e4a5056d9e710707ded93341f61fdfef6c64ced992e3936cbd2d41a011' - 'c3c0fb363f734c1512d24fd749b3ff7515f961b27bfadd04c128434b5c9f4a93' - '9aca193cc26682765467cf9131240e5de71f9b49a765a934284da5e308ea904e' - '7901d42eda48f82106901cbeb5e7be39025c878d5085a0a0d54ccbe36c3ecef4' - '24e844b0a08fe3fede1676cedfe29643375ae56ab1a5fe4f5783765a7b759c15') - -prepare() { - cd $pkgname-$pkgver # More permissive TLS fallback - patch -Np1 -i ../wpa_supplicant_tls.patch + 0001-Enable-TLSv1.0-by-default.patch # Unit improvements from Ubuntu - patch -Np1 -i ../wpa_supplicant_dbus_service_syslog.patch - - # More unit improvements from Ubuntu - patch -Np1 -i ../wpa_supplicant_service_ignore-on-isolate.patch + 0002-Tweak-D-Bus-systemd-service-activation-configuration.patch + 0003-Add-IgnoreOnIsolate-yes-to-keep-wpa-supplicant-runni.patch - # https://bugzilla.redhat.com/show_bug.cgi?id=2072070#c24 - patch -Np1 -i ../wpa_supplicant-legacy-server-connect.patch + # http://lists.infradead.org/pipermail/hostap/2022-May/040511.html + # https://bugs.archlinux.org/task/76474 + 0004-Allow-legacy-renegotiation-to-fix-PEAP-issues-with-s.patch # http://lists.infradead.org/pipermail/hostap/2022-May/040571.html # https://bugs.archlinux.org/task/76474 - patch -Np1 -i ../lower_security_level_for_tls_1.patch + 0005-OpenSSL-Drop-security-level-to-0-with-OpenSSL-3.0-wh.patch # https://salsa.debian.org/debian/wpa/-/commit/13e1d28e4f987a220c546df94df86bb9b2371874 - patch -Np1 -i ../disable-eapol-werror.patch + 0006-Disable-Werror-for-eapol_test.patch # http://lists.infradead.org/pipermail/hostap/2022-January/040178.html - patch -Np1 -i ../0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch + 0007-nl80211-add-extra-ies-only-if-allowed-by-driver.patch # https://lists.infradead.org/pipermail/hostap/2022-April/040352.html - patch -Np1 -i ../0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch + 0008-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch + + # https://w1.fi/cgit/hostap/commit/?id=e9b4ad2364c68130c7618a88a171e29e0e15007e + 0009-OpenSSL-Apply-connection-flags-before-reading-certif.patch + + # https://bugs.archlinux.org/task/78770 + 0010-Don-t-upgrade-SSL-security-level-to-1-when-setting-c.patch + + # More unit improvements from Debian + 0011-Add-reload-support-to-the-systemd-unit-files.patch + + # https://salsa.debian.org/debian/wpa/-/commit/5e9486d9de777c9145bcc8bf8048a08abf539cac + 0012-WNM-Choose-the-best-available-BSS-not-just-the-first.patch + 0013-wpa_supplicant-Fix-wpa_supplicant-configuration-pars.patch + + # https://salsa.debian.org/debian/wpa/-/commit/f0d078409df01fa466523c2ab015274c351a83c0 + 0014-Abort-ongoing-scan.patch + + # https://salsa.debian.org/debian/wpa/-/commit/fdcff9f7b4c699f94e38e519e34220e528bee2f9 + 0015-Override-ieee80211w-from-pmf-for-AP-mode-in-wpa_supp.patch +) +validpgpkeys=('EC4AA0A991A5F2464582D52D2B6EF432EFC895FA') # Jouni Malinen +sha256sums=('20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f' + 'SKIP' + '1e32af4a1a147ee75358fd0b5636fb41332a7b91ec7a904292178256f735e9d2' + 'cec1f952a47a5688fe3d23bc998f266a0a5a6214047590a19410f6521ed68811' + '7aecdb7ce85a399eee75dae4595645b34260739725b5922726a51a8db76148f9' + 'fb82577605c960a53b9376ae3928ab0c052c6f371096e0d692fbf95ef9117475' + '03630ca4c54a28bd1fe4f87d5afe49caaa67d6d6937534de25bbfbd306d1f4c1' + 'cf25c805c9f65f529d7bbfbeabba4317fe7ae1529aca146fc3e8f0c777118d0e' + 'fa285fdbde33a345d1d5c91344c7a393d40e8cb4d16ac9c9297982fe16bfad77' + 'b15f14529bdcc1f81c60dec5f6ecab7a99d707e4f2803cc3b2bdb12b6cb5d609' + '19083e95a4e2d55d49c1a17ba69b0f4a672f7ec9a0a0a068c2aa59b57d781895' + '3091f0628935452938a4a5be4eef47a2dfe69d7e81afdd4275f0a01ec7e6b9c5' + 'ce900a58e015fc7bbcbf13a9f5c56122d69882f66c38d35c1e44bc25c133285a' + '0a76943fdc64e80015bc21c873a350ac82d23e662541712a4f92f51f6fe10c72' + 'cf1f5de43f825305f1bf4a219aee1a521ec3a59e919e5e5ac3367139faac1b28' + '70cc90bdb9349b7dea06ebbd776c94c76b497d8ca26d328d8ab12d504c578787' + '3a98842a405df9b3e5a10734ab106744c392fd677ac652f994610420ccf039a0' + '39ee3f6dbf665f167cec8d33f0ba9f97a64aaa22f87f9cc5ac3e41f7b42ca559') + +prepare() { + cd $pkgname-$pkgver + + local src + for src in "${source[@]}"; do + [[ $src = *.patch ]] || continue + echo "Applying patch $src..." + patch -Np1 < "../$src" + done cp ../wpa_supplicant_config $pkgname/.config }