Package: wpa / 2:2.9.0-21
Metadata
Package | Version | Patches format |
---|---|---|
wpa | 2:2.9.0-21 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
01_use_pkg config_for_pcsc lite_module.patch | (download) |
wpa_supplicant/Makefile |
2 1 + 1 - 0 ! |
use pkg-config for libpcsclite linkage flags At least in debian, we can rely on pkg-config being available and returning more accurate ldflags. |
02_dbus_group_policy.patch | (download) |
wpa_supplicant/dbus/dbus-wpa_supplicant.conf |
8 8 + 0 - 0 ! |
add d-bus group policy Debian does not use pam_console but uses group membership to control access to D-Bus. Activating both options in the conf file makes it work on Debian and Ubuntu. Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=15;bug=412179 |
06_wpa_gui_menu_exec_path.patch | (download) |
wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop |
2 1 + 1 - 0 ! |
use full executable path into wpa_gui.desktop Debian specific patch to desktop menu entry, so that we may exec wpa_gui which being in /usr/sbin may not be in the PATH |
07_dbus_service_syslog.patch | (download) |
wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in |
2 1 + 1 - 0 ! |
tweak d-bus/systemd service activation configuration files: * log wpa_supplicant messages to syslog * activate control socket interface so that wpa_cli can be used by D-Bus activated wpa_supplicant daemon |
12_wpa_gui_knotify_support.patch | (download) |
wpa_supplicant/wpa_gui-qt4/wpagui.cpp |
18 16 + 2 - 0 ! |
use kde's knotify when running under kde Bug-Debian: http://bugs.debian.org/582793 |
networkd driver fallback.patch | (download) |
wpa_supplicant/systemd/wpa_supplicant.service.arg.in |
2 1 + 1 - 0 ! |
wpasupplicant: configure driver fallback for networkd Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> |
wpa_supplicant_fix dependency odering when invoked with dbus.patch | (download) |
wpa_supplicant/systemd/wpa_supplicant.service.in |
1 1 + 0 - 0 ! |
wpa_supplicant: fix dependency odering when invoked with dbus Make sure that DBus isn't shut down before wpa_supplicant, as that would also bring down wireless links which are still holding open NFS shares. Debian bug: https://bugs.debian.org/785579 systemd upstream bug: https://bugs.freedesktop.org/show_bug.cgi?id=89847 Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> |
allow tlsv1.patch | (download) |
src/crypto/tls_openssl.c |
7 7 + 0 - 0 ! |
enable tlsv1.0 by default OpenSSL 1.1.1 disables TLSv1.0 by default and sets the security level to 2. Some older networks may support for TLSv1.0 and less secure cyphers. |
disable eapol werror.patch | (download) |
wpa_supplicant/Makefile |
2 1 + 1 - 0 ! |
disable -werror for eapol_test This may make sense for the upstream, but we just want to build the tool to be useful to our users; dealing with build errors due to issues normally manifesting themselves as warnings is burdening for Debian and its downstreams. |
wpa_service_ignore on isolate.patch | (download) |
wpa_supplicant/systemd/wpa_supplicant.service.in |
1 1 + 0 - 0 ! |
add ignoreonisolate=yes to keep wpa-supplicant running while systemctl isolate Date: Mon, 13 Mar 2017 13:46:12 -0400 > Add IgnoreOnIsolate=yes so that when switching "runlevels" in > oem-config will not kill off wpa and cause wireless to be > unavailable on first boot. (LP: #1576024) Also happens when running systemctl isolate default.target: > NM should be detecting that wpasupplicant is not running and start > it -- this should already have been working by way of wpasupplicant > being dbus-activated. [...] > It seems to me like IgnoreOnIsolate for wpasupplicant would be the > right thing to do, or to figure out why it isn't being properly > started when NM tries to use it. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1576024 |
2019 7/0001 AP Silently ignore management frame from unexpected .patch | (download) |
src/ap/drv_callbacks.c |
13 13 + 0 - 0 ! |
ap: silently ignore management frame from unexpected source address Do not process any received Management frames with unexpected/invalid SA so that we do not add any state for unexpected STA addresses or end up sending out frames to unexpected destination. This prevents unexpected sequences where an unprotected frame might end up causing the AP to send out a response to another device and that other device processing the unexpected response. In particular, this prevents some potential denial of service cases where the unexpected response frame from the AP might result in a connected station dropping its association. Signed-off-by: Jouni Malinen <j@w1.fi> |
2020 1/0001 WPS UPnP Do not allow event subscriptions with URLs .patch | (download) |
src/wps/wps_er.c |
2 1 + 1 - 0 ! |
[patch 1/3] wps upnp: do not allow event subscriptions with urls to other networks The UPnP Device Architecture 2.0 specification errata ("UDA errata 16-04-2020.docx") addresses a problem with notifications being allowed to go out to other domains by disallowing such cases. Do such filtering for the notification callback URLs to avoid undesired connections to external networks based on subscriptions that any device in the local network could request when WPS support for external registrars is enabled (the upnp_iface parameter in hostapd configuration). Signed-off-by: Jouni Malinen <jouni@codeaurora.org> |
2020 1/0002 WPS UPnP Fix event message generation using a long U.patch | (download) |
src/wps/wps_upnp.c |
9 7 + 2 - 0 ! |
[patch 2/3] wps upnp: fix event message generation using a long url path More than about 700 character URL ended up overflowing the wpabuf used for building the event notification and this resulted in the wpabuf buffer overflow checks terminating the hostapd process. Fix this by allocating the buffer to be large enough to contain the full URL path. However, since that around 700 character limit has been the practical limit for more than ten years, start explicitly enforcing that as the limit or the callback URLs since any longer ones had not worked before and there is no need to enable them now either. Signed-off-by: Jouni Malinen <jouni@codeaurora.org> |
2020 1/0003 WPS UPnP Handle HTTP initiation failures for events .patch | (download) |
src/wps/wps_upnp_event.c |
4 2 + 2 - 0 ! |
[patch 3/3] wps upnp: handle http initiation failures for events more properly While it is appropriate to try to retransmit the event to another callback URL on a failure to initiate the HTTP client connection, there is no point in trying the exact same operation multiple times in a row. Replve the event_retry() calls with event_addr_failure() for these cases to avoid busy loops trying to repeat the same failing operation. These potential busy loops would go through eloop callbacks, so the process is not completely stuck on handling them, but unnecessary CPU would be used to process the continues retries that will keep failing for the same reason. Signed-off-by: Jouni Malinen <jouni@codeaurora.org> |
upstream fixes/0001 wpa_supplicant Do not try to detect PSK mismatch dur.patch | (download) |
wpa_supplicant/events.c |
3 2 + 1 - 0 ! |
wpa_supplicant: do not try to detect psk mismatch during ptk rekeying When a PTK rekey fails it can't be caused by a PSK mismatch. Report a possible PSK mismatch only during the initial 4-way handshake to avoid incorrect reports. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de> |
upstream fixes/0002 trace handle binutils bfd.h breakage.patch | (download) |
src/utils/trace.c |
11 11 + 0 - 0 ! |
trace: handle binutils bfd.h breakage Date: Wed, 15 Jan 2020 10:10:03 +0100 Message-Id: <1579079403-Ieb75a110fccf593e92e6e0d83bf02ba2e0c86d96@changeid> Some things in bfd.h that we use were renamed, and in the case of bfd_get_section_vma() a parameter was dropped. Work around this. Signed-off-by: Johannes Berg <johannes.berg@intel.com> |
upstream fixes/0003 check for ft support.patch | (download) |
src/drivers/driver.h |
2 2 + 0 - 0 ! |
check for ft support when selecting ft suites A driver supports FT if it either supports SME or the NL80211_CMD_UPDATE_FT_IES command. When selecting AKM suites, wpa_supplicant currently doesn't take into account whether or not either of those conditions are met. This can cause association failures, e.g., when an AP supports both WPA-EAP and FT-EAP but the driver doesn't support FT (wpa_supplicant will decide to do FT-EAP since it is unaware the driver doesn't support it). This change allows an FT suite to be selected only when the driver also supports FT. Signed-off-by: Matthew Wang <matthewmwang@chromium.org> |
upstream fixes/0004 fix VERSION_STR printf calls.patch | (download) |
hostapd/main.c |
5 3 + 2 - 0 ! |
fix version_str printf() calls in case the postfix strings include % Do not use VERSION_STR directly as the format string to printf() since it is possible for that string to contain '%'. Signed-off-by: Didier Raboud <odyx@debian.org> |
upstream fixes/0005 common Provide the BIT macro locally.patch | (download) |
src/common/wpa_ctrl.h |
4 4 + 0 - 0 ! |
common: provide the bit() macro locally MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit wpa_ctrl.h can be installed separately with libwpa_client, so utils/common.h wont be available to its users. Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk> |
upstream fixes/0006 nl80211 fix RTM NEW DELLINK IFLA_IFNAME.patch | (download) |
src/drivers/driver_nl80211.c |
4 2 + 2 - 0 ! |
nl80211: fix rtm new/dellink ifla_ifname copy for maximum ifname length If the kernel rtm_newlink or rtm_dellink send the maximum length of ifname (IFNAMSIZ), the event handlers in wpa_driver_nl80211_event_rtm_addlink() and wpa_driver_nl80211_event_rtm_dellink() did not copy the IFLA_IFNAME value. Because the RTA_PAYLOAD (IFLA_IFNAME) length already includes the NULL termination, that equals the IFNAMSIZ. Fix the condition when IFNAME reach maximum size. Signed-off-by: Ouden <Ouden.Biz@gmail.com> |
upstream fixes/0007 Move deauthentication at AP start to be after beacon.patch | (download) |
src/ap/hostapd.c |
18 16 + 2 - 0 ! |
move deauthentication at ap start to be after beacon configuration This allows nl80211-based drivers to get the frame out. The old earlier location resulted in the driver operation getting rejected before the kernel was not ready to transmit the frame in the BSS context of the AP interface that has not yet been started. While getting this broadcast Deauthentication frame transmitted at the BSS start is not critical, it is one more chance of getting any previously associated station notified of their previous association not being valid anymore had they missed previous notifications in cases where the AP is stopped and restarted. Signed-off-by: Jouni Malinen <j@w1.fi> |
upstream fixes/0008 Ignore Management frames while AP interface is not f.patch | (download) |
src/ap/ieee802_11.c |
5 5 + 0 - 0 ! |
ignore management frames while ap interface is not fully enabled It is possible for drivers to report received Management frames while AP is going through initial setup (e.g., during ACS or DFS CAC). hostapd and the driver is not yet ready for actually sending out responses to such frames at this point and as such, it is better to explicitly ignore such received frames rather than try to process them and have the response (e.g., a Probe Response frame) getting dropped by the driver as an invalid or getting out with some incorrect information. Signed-off-by: Jouni Malinen <j@w1.fi> |
upstream fixes/0009 D Bus Increase introspection buffer size.patch | (download) |
wpa_supplicant/dbus/dbus_new_introspect.c |
2 1 + 1 - 0 ! |
d-bus: increase introspection buffer size It was apparently possible to hit the 20000 octet limit in some cases, so increase the limit to avoid process termination due to insufficient room for preparing a response to Introspect calls. Signed-off-by: Jouni Malinen <j@w1.fi> |
upstream fixes/0010 P2P Limit P2P_DEVICE name to appropriate ifname size.patch | (download) |
wpa_supplicant/p2p_supplicant.c |
4 4 + 0 - 0 ! |
p2p: limit p2p_device name to appropriate ifname size Otherwise the WPA_IF_P2P_DEVICE cannot be created if the base ifname is long enough. As this is not a netdev device, it is acceptable if the name is not completely unique. As such, simply insert a NUL byte at the appropriate place. Signed-off-by: Benjamin Berg <bberg@redhat.com> |
upstream fixes/0011 dbus Move roam metrics to the correct interface.patch | (download) |
wpa_supplicant/dbus/dbus_new.c |
48 24 + 24 - 0 ! |
dbus: move roam metrics to the correct interface These properties were in the wpas_dbus_bss_properties array when they should have been in the wpas_dbus_interface_properties array. Move them to the right place. This is the logical location for these properties and it matches both the other parts of the implementation (e.g., being in enum wpas_dbus_prop, not in enum wpas_dbus_bss_prop) and what was originally documented for the interface in dbus.doxygen. Fixes: 2bbad1c7c9cb ("dbus: Export roam time, roam complete, and session length") Fixes: 80d06d0ca9f3 ("dbus: Export BSS Transition Management status") Signed-off-by: Matthew Wang <matthewmwang@chromium.org> |
upstream fixes/0012 nl80211 Unbreak mode processing due to presence of S.patch | (download) |
src/drivers/driver_nl80211_capa.c |
5 4 + 1 - 0 ! |
nl80211: unbreak mode processing due to presence of s1g band If kernel advertises a band with channels < 2.4 GHz hostapd/wpa_supplicant gets confused and assumes this is an IEEE 802.11b, corrupting the real IEEE 802.11b band info. Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com> |
upstream fixes/0013 D Bus Allow changing an interface bridge via D Bus.patch | (download) |
src/rsn_supp/tdls.c |
5 5 + 0 - 0 ! |
d-bus: allow changing an interface bridge via d-bus D-Bus clients can call CreateInterface() once and use the resulting |
upstream fixes/0014 WPS Use helper variables to clean up code.patch | (download) |
src/ap/wps_hostapd.c |
21 12 + 9 - 0 ! |
wps: use helper variables to clean up code This is in preparation of larger changes in hostapd_update_wps() to keep the commits more readable. Signed-off-by: Raphal Mlotte <raphael.melotte@mind.be> |
upstream fixes/0015 WPS Reconfigure credentials on hostapd config reload.patch | (download) |
src/ap/wps_hostapd.c |
82 82 + 0 - 0 ! |
wps: reconfigure credentials on hostapd config reload When new credentials are configured and hostapd is reconfigured using SIGHUP (or RELOAD on the ctrl_iface), also update the WPS credentials. Before these changes, when WPS is triggered the Registar always serves the credentials that were configured when hostapd started. Signed-off-by: Raphal Mlotte <raphael.melotte@mind.be> |
upstream fixes/0016 hostapd Fix error message for radius_accept_attr config option.patch | (download) |
hostapd/config_file.c |
2 1 + 1 - 0 ! |
hostapd: fix error message for radius_accept_attr config option Error message contained wrong config option. Signed-off-by: Pali Rohr <pali@kernel.org> |
2020 2/0001 P2P Fix copying of secondary device types for P2P gr.patch | (download) |
src/p2p/p2p.c |
2 2 + 0 - 0 ! |
p2p: fix copying of secondary device types for p2p group client |
2021 1/0001 P2P Fix a corner case in peer addition based on PD R.patch | (download) |
src/p2p/p2p_pd.c |
12 5 + 7 - 0 ! |
[patch] p2p: fix a corner case in peer addition based on pd request p2p_add_device() may remove the oldest entry if there is no room in the peer table for a new peer. This would result in any pointer to that removed entry becoming stale. A corner case with an invalid PD Request frame could result in such a case ending up using (read+write) freed memory. This could only by triggered when the peer table has reached its maximum size and the PD Request frame is received from the P2P Device Address of the oldest remaining entry and the frame has incorrect P2P Device Address in the payload. Fix this by fetching the dev pointer again after having called p2p_add_device() so that the stale pointer cannot be used. Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request") Signed-off-by: Jouni Malinen <jouni@codeaurora.org> |