openkylin
/
wpa
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

changed debian/source/format to native

This commit is contained in:
openKylinBot 2022-05-14 03:18:56 +08:00
parent 9097c2cecb
commit 067fef9dcb
14 changed files with 1 additions and 407 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
debian/patches/01_use_pkg-config_for_pcsc-lite_module.patch vendored
View File

@ -1,23 +0,0 @@
From: Reinhard Tartler <siretart@tauware.de>
Date: Sat, 14 May 2022 03:18:56 +0800
Subject: Use pkg-config for libpcsclite linkage flags
At least in debian, we can rely on pkg-config being available and
returning more accurate ldflags.
---
wpa_supplicant/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index f1384d5..98ac987 100644
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -1017,7 +1017,7 @@ else
ifdef CONFIG_OSX
LIBS += -framework PCSC
else
-LIBS += -lpcsclite -lpthread
+LIBS += $(shell $(PKG_CONFIG) --libs libpcsclite)
endif
endif
endif

32
debian/patches/02_dbus_group_policy.patch vendored
View File

@ -1,32 +0,0 @@
From: Michael Biebl <biebl@debian.org>
Date: Sat, 14 May 2022 03:18:56 +0800
Subject: Add D-Bus group policy
Debian does not use pam_console but uses group membership
to control access to D-Bus. Activating both options in the conf file
makes it work on Debian and Ubuntu.
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=15;bug=412179
---
wpa_supplicant/dbus/dbus-wpa_supplicant.conf | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
index e81b495..a333302 100644
--- a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
+++ b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
@@ -9,6 +9,14 @@
<allow send_interface="fi.w1.wpa_supplicant1"/>
<allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
</policy>
+ <policy group="netdev">
+ <allow send_destination="fi.epitest.hostap.WPASupplicant"/>
+ <allow send_interface="fi.epitest.hostap.WPASupplicant"/>
+
+ <allow send_destination="fi.w1.wpa_supplicant1"/>
+ <allow send_interface="fi.w1.wpa_supplicant1"/>
+ <allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
+ </policy>
<policy context="default">
<deny own="fi.w1.wpa_supplicant1"/>
<deny send_destination="fi.w1.wpa_supplicant1"/>

23
debian/patches/06_wpa_gui_menu_exec_path.patch vendored
View File

@ -1,23 +0,0 @@
From: Kel Modderman <kel@otaku42.de>
Date: Sat, 14 May 2022 03:18:56 +0800
Subject: Use full executable path into wpa_gui.desktop
Debian specific patch to desktop menu entry, so that we may exec
wpa_gui which being in /usr/sbin may not be in the PATH
---
wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop b/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop
index ccc7d87..e560f3d 100644
--- a/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop
+++ b/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop
@@ -2,7 +2,7 @@
Version=1.0
Name=wpa_gui
Comment=Graphical user interface for wpa_supplicant
-Exec=wpa_gui
+Exec=/usr/sbin/wpa_gui
Icon=wpa_gui
GenericName=wpa_supplicant user interface
Terminal=false

36
debian/patches/07_dbus_service_syslog.patch vendored
View File

@ -1,36 +0,0 @@
From: Kel Modderman <kel@otaku42.de>
Date: Sat, 14 May 2022 03:18:56 +0800
Subject: Tweak D-Bus/systemd service activation configuration files:
* log wpa_supplicant messages to syslog
* activate control socket interface so that wpa_cli can be used by D-Bus
activated wpa_supplicant daemon
---
wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in | 2 +-
wpa_supplicant/systemd/wpa_supplicant.service.in | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
index d97ff39..3b0af67 100644
--- a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
+++ b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
@@ -1,5 +1,5 @@
[D-BUS Service]
Name=fi.w1.wpa_supplicant1
-Exec=@BINDIR@/wpa_supplicant -u
+Exec=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant
User=root
SystemdService=wpa_supplicant.service
diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.in b/wpa_supplicant/systemd/wpa_supplicant.service.in
index 75a37a8..32516a3 100644
--- a/wpa_supplicant/systemd/wpa_supplicant.service.in
+++ b/wpa_supplicant/systemd/wpa_supplicant.service.in
@@ -6,7 +6,7 @@ Wants=network.target
[Service]
Type=dbus
BusName=fi.w1.wpa_supplicant1
-ExecStart=@BINDIR@/wpa_supplicant -u
+ExecStart=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant
[Install]
WantedBy=multi-user.target

52
debian/patches/12_wpa_gui_knotify_support.patch vendored
View File

@ -1,52 +0,0 @@
From: Raphael Geissert <geissert@debian.org>
Date: Sat, 14 May 2022 03:18:56 +0800
Subject: Use KDE's KNotify when running under KDE
Bug-Debian: http://bugs.debian.org/582793
---
wpa_supplicant/wpa_gui-qt4/wpagui.cpp | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/wpa_supplicant/wpa_gui-qt4/wpagui.cpp b/wpa_supplicant/wpa_gui-qt4/wpagui.cpp
index a0aa05e..396b121 100644
--- a/wpa_supplicant/wpa_gui-qt4/wpagui.cpp
+++ b/wpa_supplicant/wpa_gui-qt4/wpagui.cpp
@@ -11,11 +11,14 @@
#endif /* CONFIG_NATIVE_WINDOWS */
#include <cstdio>
+#include <cstdlib>
#include <unistd.h>
#include <QMessageBox>
#include <QCloseEvent>
#include <QImageReader>
+#include <QProcess>
#include <QSettings>
+#include <QStringList>
#include "wpagui.h"
#include "dirent.h"
@@ -1415,10 +1418,21 @@ void WpaGui::createTrayIcon(bool trayOnly)
void WpaGui::showTrayMessage(QSystemTrayIcon::MessageIcon type, int sec,
const QString & msg)
{
- if (!QSystemTrayIcon::supportsMessages())
+ if (isVisible() || !tray_icon || !tray_icon->isVisible() || quietMode)
return;
- if (isVisible() || !tray_icon || !tray_icon->isVisible() || quietMode)
+ /* first try to use KDE's notifications system if running under
+ * a KDE session */
+ if (getenv("KDE_FULL_SESSION") != NULL) {
+ QStringList args;
+ args << "--passivepopup" << msg << QString::number(sec);
+ args << "--title" << "wpa_gui";
+
+ if (QProcess::execute("/usr/bin/kdialog", args) == 0)
+ return;
+ }
+
+ if (!QSystemTrayIcon::supportsMessages())
return;
tray_icon->showMessage(qAppName(), msg, type, sec * 1000);

69
debian/patches/CVE-2019-16275.patch vendored
View File

@ -1,69 +0,0 @@
From: Jouni Malinen <j@w1.fi>
Date: Thu, 29 Aug 2019 11:52:04 +0300
Subject: [PATCH] AP: Silently ignore management frame from unexpected source
address
Do not process any received Management frames with unexpected/invalid SA
so that we do not add any state for unexpected STA addresses or end up
sending out frames to unexpected destination. This prevents unexpected
sequences where an unprotected frame might end up causing the AP to send
out a response to another device and that other device processing the
unexpected response.
In particular, this prevents some potential denial of service cases
where the unexpected response frame from the AP might result in a
connected station dropping its association.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/ap/drv_callbacks.c | 13 +++++++++++++
src/ap/ieee802_11.c | 12 ++++++++++++
2 files changed, 25 insertions(+)
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 3158768..34ca379 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
"hostapd_notif_assoc: Skip event with no address");
return -1;
}
+
+ if (is_multicast_ether_addr(addr) ||
+ is_zero_ether_addr(addr) ||
+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
+ " in received indication - ignore this indication silently",
+ __func__, MAC2STR(addr));
+ return 0;
+ }
+
random_add_randomness(addr, ETH_ALEN);
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index c85a28d..e706537 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
fc = le_to_host16(mgmt->frame_control);
stype = WLAN_FC_GET_STYPE(fc);
+ if (is_multicast_ether_addr(mgmt->sa) ||
+ is_zero_ether_addr(mgmt->sa) ||
+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
+ " in received frame - ignore this frame silently",
+ MAC2STR(mgmt->sa));
+ return 0;
+ }
+
if (stype == WLAN_FC_STYPE_BEACON) {
handle_beacon(hapd, mgmt, len, fi);
return 1;

28
debian/patches/allow-tlsv1.patch vendored
View File

@ -1,28 +0,0 @@
From: Andrej Shadura <andrewsh@debian.org>
Date: Sat, 14 May 2022 03:18:56 +0800
Subject: Enable TLSv1.0 by default
OpenSSL 1.1.1 disables TLSv1.0 by default and sets the security level to 2.
Some older networks may support for TLSv1.0 and less secure cyphers.
---
src/crypto/tls_openssl.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 07d38e4..97a7fd6 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1035,6 +1035,13 @@ void * tls_init(const struct tls_config *conf)
os_free(data);
return NULL;
}
+
+#ifndef EAP_SERVER_TLS
+ /* Enable TLSv1.0 by default to allow connecting to legacy
+ * networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */
+ SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION);
+#endif
+
data->ssl = ssl;
if (conf) {
data->tls_session_lifetime = conf->tls_session_lifetime;

41
debian/patches/git_realtek_macrand.patch vendored
View File

@ -1,41 +0,0 @@
From: Ouden <Ouden.Biz@gmail.com>
Date: Wed, 18 Mar 2020 17:58:37 +0800
Subject: nl80211: Fix RTM NEW/DELLINK IFLA_IFNAME copy for maximum ifname
length
If the kernel rtm_newlink or rtm_dellink send the maximum length of
ifname (IFNAMSIZ), the event handlers in
wpa_driver_nl80211_event_rtm_addlink() and
wpa_driver_nl80211_event_rtm_dellink() did not copy the IFLA_IFNAME
value. Because the RTA_PAYLOAD (IFLA_IFNAME) length already includes the
NULL termination, that equals the IFNAMSIZ.
Fix the condition when IFNAME reach maximum size.
Signed-off-by: Ouden <Ouden.Biz@gmail.com>
---
src/drivers/driver_nl80211.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 0a356ee..47df47f 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -1065,7 +1065,7 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
while (RTA_OK(attr, attrlen)) {
switch (attr->rta_type) {
case IFLA_IFNAME:
- if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
+ if (RTA_PAYLOAD(attr) > IFNAMSIZ)
break;
os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
ifname[RTA_PAYLOAD(attr)] = '\0';
@@ -1240,7 +1240,7 @@ static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
while (RTA_OK(attr, attrlen)) {
switch (attr->rta_type) {
case IFLA_IFNAME:
- if (RTA_PAYLOAD(attr) >= IFNAMSIZ)
+ if (RTA_PAYLOAD(attr) > IFNAMSIZ)
break;
os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
ifname[RTA_PAYLOAD(attr)] = '\0';

22
debian/patches/networkd-driver-fallback.patch vendored
View File

@ -1,22 +0,0 @@
From: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Date: Sat, 14 May 2022 03:18:56 +0800
Subject: wpasupplicant: configure driver fallback for networkd
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
---
wpa_supplicant/systemd/wpa_supplicant.service.arg.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
index 7788b38..cff0b6d 100644
--- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
+++ b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
@@ -9,7 +9,7 @@ Wants=network.target
[Service]
Type=simple
-ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I
+ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -Dnl80211,wext -i%I
[Install]
Alias=multi-user.target.wants/wpa_supplicant@%i.service

12
debian/patches/series vendored
View File

@ -1,12 +0,0 @@
01_use_pkg-config_for_pcsc-lite_module.patch
02_dbus_group_policy.patch
06_wpa_gui_menu_exec_path.patch
07_dbus_service_syslog.patch
12_wpa_gui_knotify_support.patch
networkd-driver-fallback.patch
wpa_supplicant_fix-dependency-odering-when-invoked-with-dbus.patch
allow-tlsv1.patch
session-ticket.patch
wpa_service_ignore-on-isolate.patch
CVE-2019-16275.patch
git_realtek_macrand.patch

20
debian/patches/session-ticket.patch vendored
View File

@ -1,20 +0,0 @@
From: Jeremy Nickurak <jeremy@nickurak.ca>
Date: Sat, 14 May 2022 03:18:56 +0800
Subject: Disable the session ticket TLS extension.
---
src/crypto/tls_openssl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 97a7fd6..0e0567f 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1584,6 +1584,7 @@ struct tls_connection * tls_connection_init(void *ssl_ctx)
#ifdef SSL_OP_NO_COMPRESSION
options |= SSL_OP_NO_COMPRESSION;
#endif /* SSL_OP_NO_COMPRESSION */
+ options |= SSL_OP_NO_TICKET;
SSL_set_options(conn->ssl, options);
#ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
/* Hopefully there is no need for middlebox compatibility mechanisms

21
debian/patches/wpa_service_ignore-on-isolate.patch vendored
View File

@ -1,21 +0,0 @@
From: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Date: Sat, 14 May 2022 03:18:56 +0800
Subject: wpa_service_ignore-on-isolate
Updated: 2017-11-10
---
wpa_supplicant/systemd/wpa_supplicant.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.in b/wpa_supplicant/systemd/wpa_supplicant.service.in
index bc0688a..561ae8f 100644
--- a/wpa_supplicant/systemd/wpa_supplicant.service.in
+++ b/wpa_supplicant/systemd/wpa_supplicant.service.in
@@ -3,6 +3,7 @@ Description=WPA supplicant
Before=network.target
After=dbus.service
Wants=network.target
+IgnoreOnIsolate=true
[Service]
Type=dbus

27
debian/patches/wpa_supplicant_fix-dependency-odering-when-invoked-with-dbus.patch vendored
View File

@ -1,27 +0,0 @@
From: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Date: Sat, 14 May 2022 03:18:56 +0800
Subject: wpa_supplicant: Fix dependency odering when invoked with DBus
Make sure that DBus isn't shut down before wpa_supplicant, as that would
also bring down wireless links which are still holding open NFS shares.
Debian bug: https://bugs.debian.org/785579
systemd upstream bug: https://bugs.freedesktop.org/show_bug.cgi?id=89847
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
---
wpa_supplicant/systemd/wpa_supplicant.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.in b/wpa_supplicant/systemd/wpa_supplicant.service.in
index 32516a3..bc0688a 100644
--- a/wpa_supplicant/systemd/wpa_supplicant.service.in
+++ b/wpa_supplicant/systemd/wpa_supplicant.service.in
@@ -1,6 +1,7 @@
[Unit]
Description=WPA supplicant
Before=network.target
+After=dbus.service
Wants=network.target
[Service]

2
debian/source/format vendored
View File

@ -1 +1 @@
3.0 (quilt)
3.0 (native)