Date: Saturday, February 22, 2020 @ 18:18:24
Author: heftig
Revision: 376053
archrelease: copy trunk to testing-x86_64
Added:
wpa_supplicant/repos/testing-x86_64/CVE-2019-16275.patch
(from rev 376052, wpa_supplicant/trunk/CVE-2019-16275.patch)
wpa_supplicant/repos/testing-x86_64/PKGBUILD
(from rev 376052, wpa_supplicant/trunk/PKGBUILD)
wpa_supplicant/repos/testing-x86_64/config
(from rev 376052, wpa_supplicant/trunk/config)
wpa_supplicant/repos/testing-x86_64/roam-properties.patch
(from rev 376052, wpa_supplicant/trunk/roam-properties.patch)
wpa_supplicant/repos/testing-x86_64/systemd.patch
(from rev 376052, wpa_supplicant/trunk/systemd.patch)
wpa_supplicant/repos/testing-x86_64/tls.patch
(from rev 376052, wpa_supplicant/trunk/tls.patch)
wpa_supplicant/repos/testing-x86_64/wpa_supplicant.install
(from rev 376052, wpa_supplicant/trunk/wpa_supplicant.install)
Deleted:
wpa_supplicant/repos/testing-x86_64/CVE-2019-16275.patch
wpa_supplicant/repos/testing-x86_64/PKGBUILD
wpa_supplicant/repos/testing-x86_64/config
wpa_supplicant/repos/testing-x86_64/roam-properties.patch
wpa_supplicant/repos/testing-x86_64/systemd.patch
wpa_supplicant/repos/testing-x86_64/tls.patch
wpa_supplicant/repos/testing-x86_64/wpa_supplicant.install
------------------------+
CVE-2019-16275.patch | 146 +++++++++++++++++++-------------------
PKGBUILD | 156 ++++++++++++++++++++---------------------
config | 161 +++++++++++++++++++++---------------------
roam-properties.patch | 176 +++++++++++++++++++++++------------------------
systemd.patch | 58 +++++++--------
tls.patch | 52 ++++++-------
wpa_supplicant.install | 14 +--
7 files changed, 381 insertions(+), 382 deletions(-)
Deleted: CVE-2019-16275.patch
===================================================================
--- CVE-2019-16275.patch 2020-02-22 18:18:09 UTC (rev 376052)
+++ CVE-2019-16275.patch 2020-02-22 18:18:24 UTC (rev 376053)
@@ -1,73 +0,0 @@
-From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <[email protected]>
-Date: Thu, 29 Aug 2019 11:52:04 +0300
-Subject: [PATCH] AP: Silently ignore management frame from unexpected source
- address
-
-Do not process any received Management frames with unexpected/invalid SA
-so that we do not add any state for unexpected STA addresses or end up
-sending out frames to unexpected destination. This prevents unexpected
-sequences where an unprotected frame might end up causing the AP to send
-out a response to another device and that other device processing the
-unexpected response.
-
-In particular, this prevents some potential denial of service cases
-where the unexpected response frame from the AP might result in a
-connected station dropping its association.
-
-Signed-off-by: Jouni Malinen <[email protected]>
----
- src/ap/drv_callbacks.c | 13 +++++++++++++
- src/ap/ieee802_11.c | 12 ++++++++++++
- 2 files changed, 25 insertions(+)
-
-diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
-index 31587685fe3b..34ca379edc3d 100644
---- a/src/ap/drv_callbacks.c
-+++ b/src/ap/drv_callbacks.c
-@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const
u8 *addr,
- "hostapd_notif_assoc: Skip event with no address");
- return -1;
- }
-+
-+ if (is_multicast_ether_addr(addr) ||
-+ is_zero_ether_addr(addr) ||
-+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
-+ /* Do not process any frames with unexpected/invalid SA so that
-+ * we do not add any state for unexpected STA addresses or end
-+ * up sending out frames to unexpected destination. */
-+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
-+ " in received indication - ignore this indication
silently",
-+ __func__, MAC2STR(addr));
-+ return 0;
-+ }
-+
- random_add_randomness(addr, ETH_ALEN);
-
- hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
-diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
-index c85a28db44b7..e7065372e158 100644
---- a/src/ap/ieee802_11.c
-+++ b/src/ap/ieee802_11.c
-@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8
*buf, size_t len,
- fc = le_to_host16(mgmt->frame_control);
- stype = WLAN_FC_GET_STYPE(fc);
-
-+ if (is_multicast_ether_addr(mgmt->sa) ||
-+ is_zero_ether_addr(mgmt->sa) ||
-+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
-+ /* Do not process any frames with unexpected/invalid SA so that
-+ * we do not add any state for unexpected STA addresses or end
-+ * up sending out frames to unexpected destination. */
-+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
-+ " in received frame - ignore this frame silently",
-+ MAC2STR(mgmt->sa));
-+ return 0;
-+ }
-+
- if (stype == WLAN_FC_STYPE_BEACON) {
- handle_beacon(hapd, mgmt, len, fi);
- return 1;
---
-2.20.1
-
Copied: wpa_supplicant/repos/testing-x86_64/CVE-2019-16275.patch (from rev
376052, wpa_supplicant/trunk/CVE-2019-16275.patch)
===================================================================
--- CVE-2019-16275.patch (rev 0)
+++ CVE-2019-16275.patch 2020-02-22 18:18:24 UTC (rev 376053)
@@ -0,0 +1,73 @@
+From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <[email protected]>
+Date: Thu, 29 Aug 2019 11:52:04 +0300
+Subject: [PATCH] AP: Silently ignore management frame from unexpected source
+ address
+
+Do not process any received Management frames with unexpected/invalid SA
+so that we do not add any state for unexpected STA addresses or end up
+sending out frames to unexpected destination. This prevents unexpected
+sequences where an unprotected frame might end up causing the AP to send
+out a response to another device and that other device processing the
+unexpected response.
+
+In particular, this prevents some potential denial of service cases
+where the unexpected response frame from the AP might result in a
+connected station dropping its association.
+
+Signed-off-by: Jouni Malinen <[email protected]>
+---
+ src/ap/drv_callbacks.c | 13 +++++++++++++
+ src/ap/ieee802_11.c | 12 ++++++++++++
+ 2 files changed, 25 insertions(+)
+
+diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
+index 31587685fe3b..34ca379edc3d 100644
+--- a/src/ap/drv_callbacks.c
++++ b/src/ap/drv_callbacks.c
+@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const
u8 *addr,
+ "hostapd_notif_assoc: Skip event with no address");
+ return -1;
+ }
++
++ if (is_multicast_ether_addr(addr) ||
++ is_zero_ether_addr(addr) ||
++ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
++ /* Do not process any frames with unexpected/invalid SA so that
++ * we do not add any state for unexpected STA addresses or end
++ * up sending out frames to unexpected destination. */
++ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
++ " in received indication - ignore this indication
silently",
++ __func__, MAC2STR(addr));
++ return 0;
++ }
++
+ random_add_randomness(addr, ETH_ALEN);
+
+ hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index c85a28db44b7..e7065372e158 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8
*buf, size_t len,
+ fc = le_to_host16(mgmt->frame_control);
+ stype = WLAN_FC_GET_STYPE(fc);
+
++ if (is_multicast_ether_addr(mgmt->sa) ||
++ is_zero_ether_addr(mgmt->sa) ||
++ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
++ /* Do not process any frames with unexpected/invalid SA so that
++ * we do not add any state for unexpected STA addresses or end
++ * up sending out frames to unexpected destination. */
++ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
++ " in received frame - ignore this frame silently",
++ MAC2STR(mgmt->sa));
++ return 0;
++ }
++
+ if (stype == WLAN_FC_STYPE_BEACON) {
+ handle_beacon(hapd, mgmt, len, fi);
+ return 1;
+--
+2.20.1
+
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2020-02-22 18:18:09 UTC (rev 376052)
+++ PKGBUILD 2020-02-22 18:18:24 UTC (rev 376053)
@@ -1,78 +0,0 @@
-# Maintainer: Bartłomiej Piotrowski <[email protected]>
-# Contributor: Thomas Bächler <[email protected]>
-
-pkgname=wpa_supplicant
-pkgver=2.9
-pkgrel=6
-epoch=2
-pkgdesc='A utility providing key negotiation for WPA wireless networks'
-url='http://hostap.epitest.fi/wpa_supplicant'
-arch=(x86_64)
-license=(GPL)
-depends=(openssl libdbus readline libnl)
-install=wpa_supplicant.install
-source=(
- https://w1.fi/releases/${pkgname}-${pkgver}.tar.gz{,.asc}
- CVE-2019-16275.patch
- tls.patch # More permissive TLS fallback
- systemd.patch # Unit improvements from Ubuntu
- roam-properties.patch # https://bugs.archlinux.org/task/65482
- config
-)
-validpgpkeys=('EC4AA0A991A5F2464582D52D2B6EF432EFC895FA') # Jouni Malinen
-sha256sums=('fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17'
- 'SKIP'
- 'bf91a135e717265969f1ab0319297c9d2e6f695928a17e3b3fa5accc8ef7b297'
- '449c7dad67b246b5b93e796f57c2f90c5c32cfc5b16f7aa4f17802dc260d3414'
- 'dd14f99618bb4db40eadfaf4ced29d6139ccf319429a1eef54c2c08c80924742'
- '1ad3b61397c4a1dbafbf89059bccdda07cfe7eaff9f23ee25bed7bdd82c2bd87'
- '176a863a8f9c784b109b69db14cb0eeb1fbe4a62e6583cd65e6855067803f443')
-
-prepare() {
- cd "$srcdir/$pkgname-$pkgver"
- local i; for i in "${source[@]}"; do
- case $i in
- *.patch)
- echo "Applying patch $i"
- patch -p1 -i "$srcdir/$i"
- ;;
- esac
- done
-
- cd "$srcdir/$pkgname-$pkgver/$pkgname"
- cp "$srcdir/config" ./.config
-}
-
-build() {
- cd "$srcdir/$pkgname-$pkgver/$pkgname"
-
- make LIBDIR=/usr/lib BINDIR=/usr/bin
- make LIBDIR=/usr/lib BINDIR=/usr/bin eapol_test
-}
-
-package() {
- cd "$srcdir/$pkgname-$pkgver/$pkgname"
- make LIBDIR=/usr/lib BINDIR=/usr/bin DESTDIR="$pkgdir" install
- install -Dm755 eapol_test "$pkgdir/usr/bin/eapol_test"
-
- install -d -m755 "$pkgdir/etc/wpa_supplicant"
- install -Dm644 wpa_supplicant.conf \
- "$pkgdir/usr/share/doc/wpa_supplicant/wpa_supplicant.conf"
-
-
-install -d -m755 "$pkgdir"/usr/share/dbus-1/{system.d,system-services}
-install -m644 \
-dbus/fi.w1.wpa_supplicant1.service \
-"$pkgdir/usr/share/dbus-1/system-services/"
-
- install -Dm644 dbus/dbus-wpa_supplicant.conf \
-"$pkgdir/usr/share/dbus-1/system.d/wpa_supplicant.conf"
-
- install -d -m755 "$pkgdir/usr/share/man/man"{5,8}
- install -m644 doc/docbook/*.5 "$pkgdir/usr/share/man/man5/"
- install -m644 doc/docbook/*.8 "$pkgdir/usr/share/man/man8/"
- rm -f "$pkgdir/usr/share/man/man8/wpa_"{priv,gui}.8
-
- install -d -m755 "$pkgdir/usr/lib/systemd/system"
- install -m644 systemd/*.service "$pkgdir/usr/lib/systemd/system/"
-}
Copied: wpa_supplicant/repos/testing-x86_64/PKGBUILD (from rev 376052,
wpa_supplicant/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2020-02-22 18:18:24 UTC (rev 376053)
@@ -0,0 +1,78 @@
+# Maintainer: Bartłomiej Piotrowski <[email protected]>
+# Contributor: Thomas Bächler <[email protected]>
+
+pkgname=wpa_supplicant
+pkgver=2.9
+pkgrel=7
+epoch=2
+pkgdesc='A utility providing key negotiation for WPA wireless networks'
+url='http://hostap.epitest.fi/wpa_supplicant'
+arch=(x86_64)
+license=(GPL)
+depends=(openssl libdbus readline libnl)
+install=wpa_supplicant.install
+source=(
+ https://w1.fi/releases/${pkgname}-${pkgver}.tar.gz{,.asc}
+ CVE-2019-16275.patch
+ tls.patch # More permissive TLS fallback
+ systemd.patch # Unit improvements from Ubuntu
+ roam-properties.patch # https://bugs.archlinux.org/task/65482
+ config
+)
+validpgpkeys=('EC4AA0A991A5F2464582D52D2B6EF432EFC895FA') # Jouni Malinen
+sha256sums=('fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17'
+ 'SKIP'
+ 'bf91a135e717265969f1ab0319297c9d2e6f695928a17e3b3fa5accc8ef7b297'
+ '449c7dad67b246b5b93e796f57c2f90c5c32cfc5b16f7aa4f17802dc260d3414'
+ 'dd14f99618bb4db40eadfaf4ced29d6139ccf319429a1eef54c2c08c80924742'
+ '1ad3b61397c4a1dbafbf89059bccdda07cfe7eaff9f23ee25bed7bdd82c2bd87'
+ '6f71a04875465178992e78216603d3c4735ee717a31738a6e30702c7a81c6c4e')
+
+prepare() {
+ cd "$srcdir/$pkgname-$pkgver"
+ local i; for i in "${source[@]}"; do
+ case $i in
+ *.patch)
+ echo "Applying patch $i"
+ patch -p1 -i "$srcdir/$i"
+ ;;
+ esac
+ done
+
+ cd "$srcdir/$pkgname-$pkgver/$pkgname"
+ cp "$srcdir/config" ./.config
+}
+
+build() {
+ cd "$srcdir/$pkgname-$pkgver/$pkgname"
+
+ make LIBDIR=/usr/lib BINDIR=/usr/bin
+ make LIBDIR=/usr/lib BINDIR=/usr/bin eapol_test
+}
+
+package() {
+ cd "$srcdir/$pkgname-$pkgver/$pkgname"
+ make LIBDIR=/usr/lib BINDIR=/usr/bin DESTDIR="$pkgdir" install
+ install -Dm755 eapol_test "$pkgdir/usr/bin/eapol_test"
+
+ install -d -m755 "$pkgdir/etc/wpa_supplicant"
+ install -Dm644 wpa_supplicant.conf \
+ "$pkgdir/usr/share/doc/wpa_supplicant/wpa_supplicant.conf"
+
+
+install -d -m755 "$pkgdir"/usr/share/dbus-1/{system.d,system-services}
+install -m644 \
+dbus/fi.w1.wpa_supplicant1.service \
+"$pkgdir/usr/share/dbus-1/system-services/"
+
+ install -Dm644 dbus/dbus-wpa_supplicant.conf \
+"$pkgdir/usr/share/dbus-1/system.d/wpa_supplicant.conf"
+
+ install -d -m755 "$pkgdir/usr/share/man/man"{5,8}
+ install -m644 doc/docbook/*.5 "$pkgdir/usr/share/man/man5/"
+ install -m644 doc/docbook/*.8 "$pkgdir/usr/share/man/man8/"
+ rm -f "$pkgdir/usr/share/man/man8/wpa_"{priv,gui}.8
+
+ install -d -m755 "$pkgdir/usr/lib/systemd/system"
+ install -m644 systemd/*.service "$pkgdir/usr/lib/systemd/system/"
+}
Deleted: config
===================================================================
--- config 2020-02-22 18:18:09 UTC (rev 376052)
+++ config 2020-02-22 18:18:24 UTC (rev 376053)
@@ -1,81 +0,0 @@
-CONFIG_ACS=y
-CONFIG_AP=y
-CONFIG_AUTOSCAN_EXPONENTIAL=y
-CONFIG_AUTOSCAN_PERIODIC=y
-CONFIG_BACKEND=file
-CONFIG_BGSCAN_LEARN=y
-CONFIG_BGSCAN_SIMPLE=y
-CONFIG_CTRL_IFACE=y
-CONFIG_CTRL_IFACE_DBUS_INTRO=y
-CONFIG_CTRL_IFACE_DBUS_NEW=y
-CONFIG_DEBUG_FILE=y
-CONFIG_DEBUG_LINUX_TRACING=y
-CONFIG_DEBUG_SYSLOG=y
-CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
-CONFIG_DELAYED_MIC_ERROR_REPORT=y
-CONFIG_DPP=y
-CONFIG_DRIVER_MACSEC_LINUX=y
-CONFIG_DRIVER_NL80211=y
-CONFIG_DRIVER_NL80211_QCA=y
-CONFIG_DRIVER_NONE=y
-CONFIG_DRIVER_WEXT=y
-CONFIG_DRIVER_WIRED=y
-CONFIG_EAP_AKA=y
-CONFIG_EAP_AKA_PRIME=y
-CONFIG_EAP_EKE=y
-CONFIG_EAP_FAST=y
-CONFIG_EAP_GPSK=y
-CONFIG_EAP_GPSK_SHA256=y
-CONFIG_EAP_GTC=y
-CONFIG_EAP_IKEV2=y
-CONFIG_EAP_LEAP=y
-CONFIG_EAP_MD5=y
-CONFIG_EAP_MSCHAPV2=y
-CONFIG_EAP_OTP=y
-CONFIG_EAP_PAX=y
-CONFIG_EAP_PEAP=y
-CONFIG_EAP_PSK=y
-CONFIG_EAP_PWD=y
-CONFIG_EAP_SAKE=y
-CONFIG_EAP_SIM=y
-CONFIG_EAP_TLS=y
-CONFIG_EAP_TNC=y
-CONFIG_EAP_TTLS=y
-CONFIG_ELOOP=eloop
-CONFIG_FST=y
-CONFIG_GETRANDOM=y
-CONFIG_HS20=y
-CONFIG_HT_OVERRIDES=y
-CONFIG_IBSS_RSN=y
-CONFIG_IEEE80211AC=y
-CONFIG_IEEE80211N=y
-CONFIG_IEEE80211R=y
-CONFIG_IEEE80211W=y
-CONFIG_IEEE8021X_EAPOL=y
-CONFIG_INTERWORKING=y
-CONFIG_IPV6=y
-CONFIG_L2_PACKET=linux
-CONFIG_LIBNL32=y
-CONFIG_MACSEC=y
-CONFIG_MAIN=main
-CONFIG_NO_RANDOM_POOL=y
-CONFIG_OS=unix
-CONFIG_OWE=y
-CONFIG_P2P=y
-CONFIG_PKCS12=y
-CONFIG_PMKSA_CACHE_EXTERNAL=y
-CONFIG_READLINE=y
-CONFIG_SAE=y
-CONFIG_SMARTCARD=y
-CONFIG_TDLS=y
-CONFIG_TLS=openssl
-CONFIG_TLSV11=y
-CONFIG_TLSV12=y
-CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT@SECLEVEL=1"
-CONFIG_VHT_OVERRIDES=y
-CONFIG_WIFI_DISPLAY=y
-CONFIG_WNM=y
-CONFIG_WPS=y
-CONFIG_WPS_ER=y
-CONFIG_WPS_NFC=y
-CONFIG_WPS_REG_DISABLE_OPEN=y
Copied: wpa_supplicant/repos/testing-x86_64/config (from rev 376052,
wpa_supplicant/trunk/config)
===================================================================
--- config (rev 0)
+++ config 2020-02-22 18:18:24 UTC (rev 376053)
@@ -0,0 +1,80 @@
+CONFIG_ACS=y
+CONFIG_AP=y
+CONFIG_AUTOSCAN_EXPONENTIAL=y
+CONFIG_AUTOSCAN_PERIODIC=y
+CONFIG_BACKEND=file
+CONFIG_BGSCAN_LEARN=y
+CONFIG_BGSCAN_SIMPLE=y
+CONFIG_CTRL_IFACE=y
+CONFIG_CTRL_IFACE_DBUS_INTRO=y
+CONFIG_CTRL_IFACE_DBUS_NEW=y
+CONFIG_DEBUG_FILE=y
+CONFIG_DEBUG_LINUX_TRACING=y
+CONFIG_DEBUG_SYSLOG=y
+CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
+CONFIG_DELAYED_MIC_ERROR_REPORT=y
+CONFIG_DPP=y
+CONFIG_DRIVER_MACSEC_LINUX=y
+CONFIG_DRIVER_NL80211=y
+CONFIG_DRIVER_NL80211_QCA=y
+CONFIG_DRIVER_NONE=y
+CONFIG_DRIVER_WEXT=y
+CONFIG_DRIVER_WIRED=y
+CONFIG_EAP_AKA=y
+CONFIG_EAP_AKA_PRIME=y
+CONFIG_EAP_EKE=y
+CONFIG_EAP_FAST=y
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK_SHA256=y
+CONFIG_EAP_GTC=y
+CONFIG_EAP_IKEV2=y
+CONFIG_EAP_LEAP=y
+CONFIG_EAP_MD5=y
+CONFIG_EAP_MSCHAPV2=y
+CONFIG_EAP_OTP=y
+CONFIG_EAP_PAX=y
+CONFIG_EAP_PEAP=y
+CONFIG_EAP_PSK=y
+CONFIG_EAP_PWD=y
+CONFIG_EAP_SAKE=y
+CONFIG_EAP_SIM=y
+CONFIG_EAP_TLS=y
+CONFIG_EAP_TNC=y
+CONFIG_EAP_TTLS=y
+CONFIG_ELOOP=eloop
+CONFIG_FST=y
+CONFIG_GETRANDOM=y
+CONFIG_HS20=y
+CONFIG_HT_OVERRIDES=y
+CONFIG_IBSS_RSN=y
+CONFIG_IEEE80211AC=y
+CONFIG_IEEE80211N=y
+CONFIG_IEEE80211R=y
+CONFIG_IEEE80211W=y
+CONFIG_IEEE8021X_EAPOL=y
+CONFIG_INTERWORKING=y
+CONFIG_IPV6=y
+CONFIG_L2_PACKET=linux
+CONFIG_LIBNL32=y
+CONFIG_MACSEC=y
+CONFIG_MAIN=main
+CONFIG_NO_RANDOM_POOL=y
+CONFIG_OS=unix
+CONFIG_OWE=y
+CONFIG_P2P=y
+CONFIG_PKCS12=y
+CONFIG_PMKSA_CACHE_EXTERNAL=y
+CONFIG_READLINE=y
+CONFIG_SAE=y
+CONFIG_SMARTCARD=y
+CONFIG_TDLS=y
+CONFIG_TLS=openssl
+CONFIG_TLSV11=y
+CONFIG_TLSV12=y
+CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT@SECLEVEL=1"
+CONFIG_VHT_OVERRIDES=y
+CONFIG_WIFI_DISPLAY=y
+CONFIG_WPS=y
+CONFIG_WPS_ER=y
+CONFIG_WPS_NFC=y
+CONFIG_WPS_REG_DISABLE_OPEN=y
Deleted: roam-properties.patch
===================================================================
--- roam-properties.patch 2020-02-22 18:18:09 UTC (rev 376052)
+++ roam-properties.patch 2020-02-22 18:18:24 UTC (rev 376053)
@@ -1,88 +0,0 @@
-From 23d87687c2428f3b94865580b0d33e05c03e6756 Mon Sep 17 00:00:00 2001
-From: Matthew Wang <[email protected]>
-Date: Fri, 11 Oct 2019 13:49:25 -0700
-Subject: dbus: Move roam metrics to the correct interface
-
-These properties were in the wpas_dbus_bss_properties array when they
-should have been in the wpas_dbus_interface_properties array. Move them
-to the right place. This is the logical location for these properties
-and it matches both the other parts of the implementation (e.g., being
-in enum wpas_dbus_prop, not in enum wpas_dbus_bss_prop) and what
-was originally documented for the interface in dbus.doxygen.
-
-Fixes: 2bbad1c7c9cb ("dbus: Export roam time, roam complete, and session
length")
-Fixes: 80d06d0ca9f3 ("dbus: Export BSS Transition Management status")
-Signed-off-by: Matthew Wang <[email protected]>
----
- wpa_supplicant/dbus/dbus_new.c | 48 +++++++++++++++++++++---------------------
- 1 file changed, 24 insertions(+), 24 deletions(-)
-
-diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c
-index 5e6b522..e9e77bd 100644
---- a/wpa_supplicant/dbus/dbus_new.c
-+++ b/wpa_supplicant/dbus/dbus_new.c
-@@ -2855,30 +2855,6 @@ static const struct wpa_dbus_property_desc
wpas_dbus_bss_properties[] = {
- NULL,
- NULL
- },
-- {
-- "RoamTime", WPAS_DBUS_NEW_IFACE_INTERFACE, "u",
-- wpas_dbus_getter_roam_time,
-- NULL,
-- NULL
-- },
-- {
-- "RoamComplete", WPAS_DBUS_NEW_IFACE_INTERFACE, "b",
-- wpas_dbus_getter_roam_complete,
-- NULL,
-- NULL
-- },
-- {
-- "SessionLength", WPAS_DBUS_NEW_IFACE_INTERFACE, "u",
-- wpas_dbus_getter_session_length,
-- NULL,
-- NULL
-- },
-- {
-- "BSSTMStatus", WPAS_DBUS_NEW_IFACE_INTERFACE, "u",
-- wpas_dbus_getter_bss_tm_status,
-- NULL,
-- NULL
-- },
- { NULL, NULL, NULL, NULL, NULL, NULL }
- };
-
-@@ -3786,6 +3762,30 @@ static const struct wpa_dbus_property_desc
wpas_dbus_interface_properties[] = {
- NULL,
- NULL
- },
-+ {
-+ "RoamTime", WPAS_DBUS_NEW_IFACE_INTERFACE, "u",
-+ wpas_dbus_getter_roam_time,
-+ NULL,
-+ NULL
-+ },
-+ {
-+ "RoamComplete", WPAS_DBUS_NEW_IFACE_INTERFACE, "b",
-+ wpas_dbus_getter_roam_complete,
-+ NULL,
-+ NULL
-+ },
-+ {
-+ "SessionLength", WPAS_DBUS_NEW_IFACE_INTERFACE, "u",
-+ wpas_dbus_getter_session_length,
-+ NULL,
-+ NULL
-+ },
-+ {
-+ "BSSTMStatus", WPAS_DBUS_NEW_IFACE_INTERFACE, "u",
-+ wpas_dbus_getter_bss_tm_status,
-+ NULL,
-+ NULL
-+ },
- #ifdef CONFIG_MESH
- { "MeshPeers", WPAS_DBUS_NEW_IFACE_MESH, "aay",
- wpas_dbus_getter_mesh_peers,
---
-cgit v0.12
-
Copied: wpa_supplicant/repos/testing-x86_64/roam-properties.patch (from rev
376052, wpa_supplicant/trunk/roam-properties.patch)
===================================================================
--- roam-properties.patch (rev 0)
+++ roam-properties.patch 2020-02-22 18:18:24 UTC (rev 376053)
@@ -0,0 +1,88 @@
+From 23d87687c2428f3b94865580b0d33e05c03e6756 Mon Sep 17 00:00:00 2001
+From: Matthew Wang <[email protected]>
+Date: Fri, 11 Oct 2019 13:49:25 -0700
+Subject: dbus: Move roam metrics to the correct interface
+
+These properties were in the wpas_dbus_bss_properties array when they
+should have been in the wpas_dbus_interface_properties array. Move them
+to the right place. This is the logical location for these properties
+and it matches both the other parts of the implementation (e.g., being
+in enum wpas_dbus_prop, not in enum wpas_dbus_bss_prop) and what
+was originally documented for the interface in dbus.doxygen.
+
+Fixes: 2bbad1c7c9cb ("dbus: Export roam time, roam complete, and session
length")
+Fixes: 80d06d0ca9f3 ("dbus: Export BSS Transition Management status")
+Signed-off-by: Matthew Wang <[email protected]>
+---
+ wpa_supplicant/dbus/dbus_new.c | 48 +++++++++++++++++++++---------------------
+ 1 file changed, 24 insertions(+), 24 deletions(-)
+
+diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c
+index 5e6b522..e9e77bd 100644
+--- a/wpa_supplicant/dbus/dbus_new.c
++++ b/wpa_supplicant/dbus/dbus_new.c
+@@ -2855,30 +2855,6 @@ static const struct wpa_dbus_property_desc
wpas_dbus_bss_properties[] = {
+ NULL,
+ NULL
+ },
+- {
+- "RoamTime", WPAS_DBUS_NEW_IFACE_INTERFACE, "u",
+- wpas_dbus_getter_roam_time,
+- NULL,
+- NULL
+- },
+- {
+- "RoamComplete", WPAS_DBUS_NEW_IFACE_INTERFACE, "b",
+- wpas_dbus_getter_roam_complete,
+- NULL,
+- NULL
+- },
+- {
+- "SessionLength", WPAS_DBUS_NEW_IFACE_INTERFACE, "u",
+- wpas_dbus_getter_session_length,
+- NULL,
+- NULL
+- },
+- {
+- "BSSTMStatus", WPAS_DBUS_NEW_IFACE_INTERFACE, "u",
+- wpas_dbus_getter_bss_tm_status,
+- NULL,
+- NULL
+- },
+ { NULL, NULL, NULL, NULL, NULL, NULL }
+ };
+
+@@ -3786,6 +3762,30 @@ static const struct wpa_dbus_property_desc
wpas_dbus_interface_properties[] = {
+ NULL,
+ NULL
+ },
++ {
++ "RoamTime", WPAS_DBUS_NEW_IFACE_INTERFACE, "u",
++ wpas_dbus_getter_roam_time,
++ NULL,
++ NULL
++ },
++ {
++ "RoamComplete", WPAS_DBUS_NEW_IFACE_INTERFACE, "b",
++ wpas_dbus_getter_roam_complete,
++ NULL,
++ NULL
++ },
++ {
++ "SessionLength", WPAS_DBUS_NEW_IFACE_INTERFACE, "u",
++ wpas_dbus_getter_session_length,
++ NULL,
++ NULL
++ },
++ {
++ "BSSTMStatus", WPAS_DBUS_NEW_IFACE_INTERFACE, "u",
++ wpas_dbus_getter_bss_tm_status,
++ NULL,
++ NULL
++ },
+ #ifdef CONFIG_MESH
+ { "MeshPeers", WPAS_DBUS_NEW_IFACE_MESH, "aay",
+ wpas_dbus_getter_mesh_peers,
+--
+cgit v0.12
+
Deleted: systemd.patch
===================================================================
--- systemd.patch 2020-02-22 18:18:09 UTC (rev 376052)
+++ systemd.patch 2020-02-22 18:18:24 UTC (rev 376053)
@@ -1,29 +0,0 @@
-diff -u -r
wpa_supplicant-2.9/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
wpa_supplicant-2.9-systemd/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
---- wpa_supplicant-2.9/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
2019-08-07 13:25:25.000000000 +0000
-+++
wpa_supplicant-2.9-systemd/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
2020-01-22 22:46:14.676497087 +0000
-@@ -1,5 +1,5 @@
- [D-BUS Service]
- Name=fi.w1.wpa_supplicant1
--Exec=@BINDIR@/wpa_supplicant -u
-+Exec=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant
- User=root
- SystemdService=wpa_supplicant.service
-diff -u -r wpa_supplicant-2.9/wpa_supplicant/systemd/wpa_supplicant.service.in
wpa_supplicant-2.9-systemd/wpa_supplicant/systemd/wpa_supplicant.service.in
---- wpa_supplicant-2.9/wpa_supplicant/systemd/wpa_supplicant.service.in
2019-08-07 13:25:25.000000000 +0000
-+++
wpa_supplicant-2.9-systemd/wpa_supplicant/systemd/wpa_supplicant.service.in
2020-01-22 22:47:53.561183663 +0000
-@@ -1,12 +1,14 @@
- [Unit]
- Description=WPA supplicant
- Before=network.target
-+After=dbus.service
- Wants=network.target
-+IgnoreOnIsolate=true
-
- [Service]
- Type=dbus
- BusName=fi.w1.wpa_supplicant1
--ExecStart=@BINDIR@/wpa_supplicant -u
-+ExecStart=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant
-
- [Install]
- WantedBy=multi-user.target
Copied: wpa_supplicant/repos/testing-x86_64/systemd.patch (from rev 376052,
wpa_supplicant/trunk/systemd.patch)
===================================================================
--- systemd.patch (rev 0)
+++ systemd.patch 2020-02-22 18:18:24 UTC (rev 376053)
@@ -0,0 +1,29 @@
+diff -u -r
wpa_supplicant-2.9/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
wpa_supplicant-2.9-systemd/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
+--- wpa_supplicant-2.9/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
2019-08-07 13:25:25.000000000 +0000
++++
wpa_supplicant-2.9-systemd/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
2020-01-22 22:46:14.676497087 +0000
+@@ -1,5 +1,5 @@
+ [D-BUS Service]
+ Name=fi.w1.wpa_supplicant1
+-Exec=@BINDIR@/wpa_supplicant -u
++Exec=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant
+ User=root
+ SystemdService=wpa_supplicant.service
+diff -u -r wpa_supplicant-2.9/wpa_supplicant/systemd/wpa_supplicant.service.in
wpa_supplicant-2.9-systemd/wpa_supplicant/systemd/wpa_supplicant.service.in
+--- wpa_supplicant-2.9/wpa_supplicant/systemd/wpa_supplicant.service.in
2019-08-07 13:25:25.000000000 +0000
++++
wpa_supplicant-2.9-systemd/wpa_supplicant/systemd/wpa_supplicant.service.in
2020-01-22 22:47:53.561183663 +0000
+@@ -1,12 +1,14 @@
+ [Unit]
+ Description=WPA supplicant
+ Before=network.target
++After=dbus.service
+ Wants=network.target
++IgnoreOnIsolate=true
+
+ [Service]
+ Type=dbus
+ BusName=fi.w1.wpa_supplicant1
+-ExecStart=@BINDIR@/wpa_supplicant -u
++ExecStart=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant
+
+ [Install]
+ WantedBy=multi-user.target
Deleted: tls.patch
===================================================================
--- tls.patch 2020-02-22 18:18:09 UTC (rev 376052)
+++ tls.patch 2020-02-22 18:18:24 UTC (rev 376053)
@@ -1,26 +0,0 @@
-diff -u -r wpa_supplicant-2.9/src/crypto/tls_openssl.c
wpa_supplicant-2.9-tls/src/crypto/tls_openssl.c
---- wpa_supplicant-2.9/src/crypto/tls_openssl.c 2019-08-07
13:25:25.000000000 +0000
-+++ wpa_supplicant-2.9-tls/src/crypto/tls_openssl.c 2020-01-22
22:49:12.575598357 +0000
-@@ -1035,6 +1035,13 @@
- os_free(data);
- return NULL;
- }
-+
-+#ifndef EAP_SERVER_TLS
-+ /* Enable TLSv1.0 by default to allow connecting to legacy
-+ * networks since Debian OpenSSL is set to minimum TLSv1.2 and
SECLEVEL=2. */
-+ SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION);
-+#endif
-+
- data->ssl = ssl;
- if (conf) {
- data->tls_session_lifetime = conf->tls_session_lifetime;
-@@ -1577,6 +1584,7 @@
- #ifdef SSL_OP_NO_COMPRESSION
- options |= SSL_OP_NO_COMPRESSION;
- #endif /* SSL_OP_NO_COMPRESSION */
-+ options |= SSL_OP_NO_TICKET;
- SSL_set_options(conn->ssl, options);
- #ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
- /* Hopefully there is no need for middlebox compatibility mechanisms
-Only in wpa_supplicant-2.9-tls/src/crypto: tls_openssl.c.orig
Copied: wpa_supplicant/repos/testing-x86_64/tls.patch (from rev 376052,
wpa_supplicant/trunk/tls.patch)
===================================================================
--- tls.patch (rev 0)
+++ tls.patch 2020-02-22 18:18:24 UTC (rev 376053)
@@ -0,0 +1,26 @@
+diff -u -r wpa_supplicant-2.9/src/crypto/tls_openssl.c
wpa_supplicant-2.9-tls/src/crypto/tls_openssl.c
+--- wpa_supplicant-2.9/src/crypto/tls_openssl.c 2019-08-07
13:25:25.000000000 +0000
++++ wpa_supplicant-2.9-tls/src/crypto/tls_openssl.c 2020-01-22
22:49:12.575598357 +0000
+@@ -1035,6 +1035,13 @@
+ os_free(data);
+ return NULL;
+ }
++
++#ifndef EAP_SERVER_TLS
++ /* Enable TLSv1.0 by default to allow connecting to legacy
++ * networks since Debian OpenSSL is set to minimum TLSv1.2 and
SECLEVEL=2. */
++ SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION);
++#endif
++
+ data->ssl = ssl;
+ if (conf) {
+ data->tls_session_lifetime = conf->tls_session_lifetime;
+@@ -1577,6 +1584,7 @@
+ #ifdef SSL_OP_NO_COMPRESSION
+ options |= SSL_OP_NO_COMPRESSION;
+ #endif /* SSL_OP_NO_COMPRESSION */
++ options |= SSL_OP_NO_TICKET;
+ SSL_set_options(conn->ssl, options);
+ #ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
+ /* Hopefully there is no need for middlebox compatibility mechanisms
+Only in wpa_supplicant-2.9-tls/src/crypto: tls_openssl.c.orig
Deleted: wpa_supplicant.install
===================================================================
--- wpa_supplicant.install 2020-02-22 18:18:09 UTC (rev 376052)
+++ wpa_supplicant.install 2020-02-22 18:18:24 UTC (rev 376053)
@@ -1,7 +0,0 @@
-post_upgrade() {
- if [[ $(vercmp "$2" '1:2.6-3') -lt 0 ]]; then
- echo ':: The /etc/wpa_supplicant/wpa_supplicant.conf is file no longer
managed by pacman'
- echo ' and if it was modified, it has been renamed to
wpa_supplicant.conf.pacsave.'
- echo ' Move it to the original location if needed.'
- fi
-}
Copied: wpa_supplicant/repos/testing-x86_64/wpa_supplicant.install (from rev
376052, wpa_supplicant/trunk/wpa_supplicant.install)
===================================================================
--- wpa_supplicant.install (rev 0)
+++ wpa_supplicant.install 2020-02-22 18:18:24 UTC (rev 376053)
@@ -0,0 +1,7 @@
+post_upgrade() {
+ if [[ $(vercmp "$2" '1:2.6-3') -lt 0 ]]; then
+ echo ':: The /etc/wpa_supplicant/wpa_supplicant.conf is file no longer
managed by pacman'
+ echo ' and if it was modified, it has been renamed to
wpa_supplicant.conf.pacsave.'
+ echo ' Move it to the original location if needed.'
+ fi
+}
