Iain Lane has proposed merging ~till-kamppeter/network-manager:master into network-manager:master.
Requested reviews: Network-manager (network-manager) For more details, see: https://code.launchpad.net/~till-kamppeter/network-manager/+git/network-manager/+merge/372157 -- Your team Network-manager is requested to review the proposed merge of ~till-kamppeter/network-manager:master into network-manager:master.
diff --git a/debian/changelog b/debian/changelog index f626c1f..5893434 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +network-manager (1.20.0-1ubuntu2) eoan; urgency=medium + + * Backported upstream patch to detect Wi-Fi FT support per interface + and avoid enabling it if there is no support by the interface/driver. + + -- Till Kamppeter <till.kamppe...@gmail.com> Fri, 30 Aug 2019 21:23:42 +0200 + network-manager (1.20.0-1ubuntu1) eoan; urgency=medium * New upstream version, merged from Debian diff --git a/debian/patches/WiFi-detect-FT-support-per-interface-and-avoid-enabling-it.patch b/debian/patches/WiFi-detect-FT-support-per-interface-and-avoid-enabling-it.patch new file mode 100644 index 0000000..10eebe5 --- /dev/null +++ b/debian/patches/WiFi-detect-FT-support-per-interface-and-avoid-enabling-it.patch @@ -0,0 +1,116 @@ +From: Thomas Haller +Date: Aug 20, 2019 +Subject: wifi: detect FT support per interface and avoid enabling it + +Previously we only cared whether supplicant is build with support for +FT. In that case we would pass FT-PSK to supplicant, like + + Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256 FT-PSK' + +Supplicant would then always try FT with preference, regardless whether +the interface/driver support it. That results in a failure to associate, if +the driver does not support it. + + NetworkManager[1356]: <info> [1566296144.9940] Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256 FT-PSK' + ... + wpa_supplicant[1348]: wlan0: WPA: AP key_mgmt 0x42 network profile key_mgmt 0x142; available key_mgmt 0x42 + wpa_supplicant[1348]: wlan0: WPA: using KEY_MGMT FT/PSK + ... + wpa_supplicant[1348]: * akm=0xfac04 + ... + kernel: ERROR @wl_set_key_mgmt : + kernel: invalid cipher group (1027076) + +Since we pass a list of acceptable "key_mgmt" options to supplicant, +FT-PSK should not be used when supplicant knows it's not supported. +That is a supplicant bug. + +Regardless, work around it by checking the per-interface capability, and +avoid it if support is apparently not present. + +See: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/commit/2f8a4e90f0f + +--- a/src/supplicant/nm-supplicant-interface.c ++++ b/src/supplicant/nm-supplicant-interface.c +@@ -135,7 +135,8 @@ + NMSupplicantFeature p2p_support; + NMSupplicantFeature mesh_support; + NMSupplicantFeature wfd_support; +- NMSupplicantFeature ft_support; ++ NMSupplicantFeature ft_support_global; ++ NMSupplicantFeature ft_support_per_iface; + NMSupplicantFeature sha384_support; + guint32 max_scan_ssids; + guint32 ready_count; +@@ -609,14 +610,25 @@ + parse_capabilities (NMSupplicantInterface *self, GVariant *capabilities) + { + NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self); +- gboolean have_active = FALSE, have_p2p = FALSE, have_ssid = FALSE; ++ gboolean have_active = FALSE; ++ gboolean have_ssid = FALSE; ++ gboolean have_p2p = FALSE; ++ gboolean have_ft = FALSE; + gint32 max_scan_ssids = -1; + const char **array; + + g_return_if_fail (capabilities && g_variant_is_of_type (capabilities, G_VARIANT_TYPE_VARDICT)); + +- if ( g_variant_lookup (capabilities, "Modes", "^a&s", &array) +- && array) { ++ if (g_variant_lookup (capabilities, "KeyMgmt", "^a&s", &array)) { ++ have_ft = g_strv_contains (array, "wpa-ft-psk"); ++ g_free (array); ++ } ++ ++ priv->ft_support_per_iface = have_ft ++ ? NM_SUPPLICANT_FEATURE_YES ++ : NM_SUPPLICANT_FEATURE_NO; ++ ++ if (g_variant_lookup (capabilities, "Modes", "^a&s", &array)) { + if (g_strv_contains (array, "p2p")) + have_p2p = TRUE; + g_free (array); +@@ -627,8 +639,7 @@ + _notify (self, PROP_P2P_AVAILABLE); + } + +- if ( g_variant_lookup (capabilities, "Scan", "^a&s", &array) +- && array) { ++ if (g_variant_lookup (capabilities, "Scan", "^a&s", &array)) { + if (g_strv_contains (array, "active")) + have_active = TRUE; + if (g_strv_contains (array, "ssid")) +@@ -807,7 +818,13 @@ + NMSupplicantFeature + nm_supplicant_interface_get_ft_support (NMSupplicantInterface *self) + { +- return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->ft_support; ++ NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self); ++ ++ if (priv->ft_support_global == NM_SUPPLICANT_FEATURE_NO) ++ return NM_SUPPLICANT_FEATURE_NO; ++ if (priv->ft_support_per_iface != NM_SUPPLICANT_FEATURE_UNKNOWN) ++ return priv->ft_support_per_iface; ++ return priv->ft_support_global; + } + + NMSupplicantFeature +@@ -889,7 +906,7 @@ + { + NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self); + +- priv->ft_support = ft_support; ++ priv->ft_support_global = ft_support; + } + + void +@@ -2801,7 +2818,7 @@ + break; + case PROP_FT_SUPPORT: + /* construct-only */ +- priv->ft_support = g_value_get_int (value); ++ priv->ft_support_global = g_value_get_int (value); + break; + case PROP_SHA384_SUPPORT: + /* construct-only */ diff --git a/debian/patches/series b/debian/patches/series index 0a74930..292b5a3 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -7,3 +7,4 @@ Update-dnsmasq-parameters.patch Disable-core-with-expect.patch libnm-Check-self-still-NMManager-or-not.patch +WiFi-detect-FT-support-per-interface-and-avoid-enabling-it.patch
-- ubuntu-desktop mailing list ubuntu-desktop@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop