source: projects/specs/trunk/w/wpa_supplicant/wpa_supplicant-vl.spec @ 11574

%define build_gui 1

Summary: WPA/WPA2/IEEE 802.1X Supplicant
Name: wpa_supplicant
Version: 2.6
Release: 1%{?_dist_release}
License: BSD
Group: System Environment/Base
URL: http://w1.fi/wpa_supplicant/
Vendor: Project Vine
Distribution: Vine Linux

Source0: http://hostap.epitest.fi/releases/%{name}-%{version}.tar.gz
Source1: %{name}.build-config
Source2: %{name}.conf
Source3: %{name}.init.d
Source4: %{name}.sysconfig
Source6: %{name}.logrotate

# distro specific customization and not suitable for upstream,
# works around busted drivers
Patch0: wpa_supplicant-assoc-timeout.patch
# ensures that debug output gets flushed immediately to help diagnose driver
# bugs, not suitable for upstream
Patch1: wpa_supplicant-flush-debug-output.patch
# disto specific customization for log paths, not suitable for upstream
Patch2: wpa_supplicant-dbus-service-file-args.patch
# quiet an annoying and frequent syslog message
Patch3: wpa_supplicant-quiet-scan-results-message.patch
# distro specific customization for Qt4 build tools, not suitable for upstream
Patch6: wpa_supplicant-gui-qt4.patch
# Less aggressive roaming; signal strength is wildly variable
# dcbw states (2015-04):
# "upstream doesn't like that patch so it's been discussed and I think rejected"

Patch8: rh837402-less-aggressive-roaming.patch

# backport of macsec series
Patch9: macsec-0001-mka-Move-structs-transmit-receive-_-sa-sc-to-a-commo.patch
Patch10: macsec-0002-mka-Pass-full-structures-down-to-macsec-drivers-pack.patch
Patch11: macsec-0003-mka-Pass-full-structures-down-to-macsec-drivers-tran.patch
Patch12: macsec-0004-mka-Pass-full-structures-down-to-macsec-drivers-rece.patch
Patch13: macsec-0005-mka-Pass-full-structures-down-to-macsec-drivers-tran.patch
Patch14: macsec-0006-mka-Pass-full-structures-down-to-macsec-drivers-rece.patch
Patch15: macsec-0007-mka-Add-driver-op-to-get-macsec-capabilities.patch
Patch16: macsec-0008-mka-Remove-channel-hacks-from-the-stack-and-the-macs.patch
Patch17: macsec-0009-mka-Sync-structs-definitions-with-IEEE-Std-802.1X-20.patch
Patch18: macsec-0010-mka-Add-support-for-removing-SAs.patch
Patch19: macsec-0011-mka-Implement-reference-counting-on-data_key.patch
Patch20: macsec-0012-mka-Fix-getting-capabilities-from-the-driver.patch
Patch21: macsec-0013-wpa_supplicant-Allow-pre-shared-CAK-CKN-pair-for-MKA.patch
Patch22: macsec-0014-mka-Disable-peer-detection-timeout-for-PSK-mode.patch
Patch23: macsec-0015-wpa_supplicant-Add-macsec_integ_only-setting-for-MKA.patch
Patch24: macsec-0016-mka-Add-enable_encrypt-op-and-call-it-from-CP-state-.patch
Patch25: macsec-0017-wpa_supplicant-Allow-configuring-the-MACsec-port-for.patch
Patch26: macsec-0018-drivers-Move-common-definitions-for-wired-drivers-ou.patch
Patch27: macsec-0019-drivers-Move-wired_multicast_membership-to-a-common-.patch
Patch28: macsec-0020-drivers-Move-driver_wired_multi-to-a-common-file.patch
Patch29: macsec-0021-drivers-Move-driver_wired_get_ifflags-to-a-common-fi.patch
Patch30: macsec-0022-drivers-Move-driver_wired_set_ifflags-to-a-common-fi.patch
Patch31: macsec-0023-drivers-Move-driver_wired_get_ifstatus-to-a-common-f.patch
Patch32: macsec-0024-drivers-Move-driver_wired_init_common-to-a-common-fi.patch
Patch33: macsec-0025-drivers-Move-driver_wired_deinit_common-to-a-common-.patch
Patch34: macsec-0026-drivers-Move-driver_wired_get_capa-to-a-common-file.patch
Patch35: macsec-0027-drivers-Move-driver_wired_get_bssid-to-a-common-file.patch
Patch36: macsec-0028-drivers-Move-driver_wired_get_ssid-to-a-common-file.patch
Patch37: macsec-0029-macsec_linux-Add-a-driver-for-macsec-on-Linux-kernel.patch
Patch38: macsec-0030-mka-Remove-references-to-macsec_qca-from-wpa_supplic.patch
Patch39: macsec-0031-PAE-Make-KaY-specific-details-available-via-control-.patch
Patch40: macsec-0032-mka-Make-MKA-actor-priority-configurable.patch
Patch41: macsec-0033-mka-Fix-an-incorrect-update-of-participant-to_use_sa.patch
Patch42: macsec-0034-mka-Some-bug-fixes-for-MACsec-in-PSK-mode.patch
Patch43: macsec-0035-mka-Send-MKPDUs-forever-if-mode-is-PSK.patch
Patch44: macsec-0036-mka-Fix-the-order-of-operations-in-secure-channel-de.patch
Patch45: macsec-0037-mka-Fix-use-after-free-when-receive-secure-channels-.patch
Patch46: macsec-0038-mka-Fix-use-after-free-when-transmit-secure-channels.patch
Patch47: macsec-0039-macsec_linux-Fix-NULL-pointer-dereference-on-error-c.patch

# hostapd and replayed FT reassociation request frame (CVE-2017-13082)
Patch48: https://w1.fi/security/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch

# wpa_supplicant and GTK/IGTK rekeying (CVE-2017-13078, CVE-2017-13079,
# CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088):
Patch49: https://w1.fi/security/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
Patch50: https://w1.fi/security/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch

Patch51: https://w1.fi/security/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
Patch52: https://w1.fi/security/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
Patch53: https://w1.fi/security/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
Patch54: https://w1.fi/security/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
Patch55: https://w1.fi/security/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch

# upstream patches not in 2.6
Patch56: rh1451834-nl80211-Fix-race-condition-in-detecting-MAC-change.patch
Patch57: rh1462262-use-system-openssl-ciphers.patch
Patch58: rh1465138-openssl-Fix-openssl-1-1-private-key-callback.patch

# fixes for crash when using MACsec without loaded macsec.ko (rh #1497640)
Patch59: rh1497640-mka-add-error-handling-for-secy_init_macsec.patch
Patch60: rh1497640-pae-validate-input-before-pointer.patch

## Vine patches

BuildRoot: %{_tmppath}/%{name}-%{version}-root
%if %{build_gui}
BuildRequires: qt4-devel
%endif
BuildRequires: openssl-devel
BuildRequires: readline-devel
BuildRequires: dbus-devel
BuildRequires: libnl3-devel
BuildRequires: docbook-utils

Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig /sbin/service
Requires(postun): /sbin/service

%description
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support 
for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA 
component that is used in the client stations. It implements key negotiation 
with a WPA Authenticator and it controls the roaming and IEEE 802.11 
authentication/association of the wlan driver.

%if %{build_gui}
%package gui
Summary: Graphical User Interface for %{name}
Summary(ja): %{name} のグラフィカルユーザインタフェース
Group: Applications/System

%description gui
Graphical User Interface for wpa_supplicant written using QT4

%description -l ja gui
QT4 を用いた wpa_supplicant のグラフィカルユーザインタフェース
%endif

%prep
%setup -q
%patch0 -p1 -b .assoc-timeout
%patch1 -p1 -b .flush-debug-output
%patch2 -p1 -b .dbus-service-file
%patch3 -p1 -b .quiet-scan-results-msg
%patch6 -p1 -b .qt4
%patch8 -p1 -b .rh837402-less-aggressive-roaming
%patch9 -p1 -b .macsec-0001
%patch10 -p1 -b .macsec-0002
%patch11 -p1 -b .macsec-0003
%patch12 -p1 -b .macsec-0004
%patch13 -p1 -b .macsec-0005
%patch14 -p1 -b .macsec-0006
%patch15 -p1 -b .macsec-0007
%patch16 -p1 -b .macsec-0008
%patch17 -p1 -b .macsec-0009
%patch18 -p1 -b .macsec-0010
%patch19 -p1 -b .macsec-0011
%patch20 -p1 -b .macsec-0012
%patch21 -p1 -b .macsec-0013
%patch22 -p1 -b .macsec-0014
%patch23 -p1 -b .macsec-0015
%patch24 -p1 -b .macsec-0016
%patch25 -p1 -b .macsec-0017
%patch26 -p1 -b .macsec-0018
%patch27 -p1 -b .macsec-0019
%patch28 -p1 -b .macsec-0020
%patch29 -p1 -b .macsec-0021
%patch30 -p1 -b .macsec-0022
%patch31 -p1 -b .macsec-0023
%patch32 -p1 -b .macsec-0024
%patch33 -p1 -b .macsec-0025
%patch34 -p1 -b .macsec-0026
%patch35 -p1 -b .macsec-0027
%patch36 -p1 -b .macsec-0028
%patch37 -p1 -b .macsec-0029
%patch38 -p1 -b .macsec-0030
%patch39 -p1 -b .macsec-0031
%patch40 -p1 -b .macsec-0032
%patch41 -p1 -b .macsec-0033
%patch42 -p1 -b .macsec-0034
%patch43 -p1 -b .macsec-0035
%patch44 -p1 -b .macsec-0036
%patch45 -p1 -b .macsec-0037
%patch46 -p1 -b .macsec-0038
%patch47 -p1 -b .macsec-0039
%patch48 -p1 -b .2017-1
%patch49 -p1 -b .2017-1
%patch50 -p1 -b .2017-1
%patch51 -p1 -b .2017-1
%patch52 -p1 -b .2017-1
%patch53 -p1 -b .2017-1
%patch54 -p1 -b .2017-1
%patch55 -p1 -b .2017-1
%patch56 -p1 -b .rh1447073-detect-mac-change
%patch57 -p1 -b .rh1462262-system-ciphers
%patch58 -p1 -b .rh1465138-openssl-cb
%patch59 -p1 -b .rh1487640-mka
%patch60 -p1 -b .rh1487640-pae

%build
pushd wpa_supplicant
  cp %{SOURCE1} .config

  CFLAGS="${CFLAGS:-%optflags} -fPIE -DPIE" ; export CFLAGS ;
  CXXFLAGS="${CXXFLAGS:-%optflags} -fPIE -DPIE" ; export CXXFLAGS ;
  LDFLAGS="${LDFLAGS:-%optflags} -pie -Wl,-z,now" ; export LDFLAGS ;
  # yes, BINDIR=_sbindir
  BINDIR="%{_sbindir}" ; export BINDIR ;
  LIBDIR="%{_libdir}" ; export LIBDIR ;
  make %{?_smp_mflags}
%if %{build_gui}
  QTDIR=%{_libdir}/qt4 make wpa_gui-qt4 %{?_smp_mflags}
%endif
  make eapol_test
popd

%install
rm -rf %{buildroot}

# init scripts
install -D -m 0755 %{SOURCE3} %{buildroot}/%{_sysconfdir}/rc.d/init.d/%{name}
install -D -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/sysconfig/%{name}
install -D -m 0644 %{SOURCE6} %{buildroot}/%{_sysconfdir}/logrotate.d/%{name}

# config
install -D -m 0600 %{SOURCE2} %{buildroot}/%{_sysconfdir}/%{name}/%{name}.conf

# binary
install -d %{buildroot}/%{_sbindir}
install -m 0755 %{name}/wpa_passphrase %{buildroot}/%{_sbindir}
install -m 0755 %{name}/wpa_cli %{buildroot}/%{_sbindir}
install -m 0755 %{name}/wpa_supplicant %{buildroot}/%{_sbindir}
install -D -m 0644 %{name}/dbus/dbus-wpa_supplicant.conf %{buildroot}/%{_sysconfdir}/dbus-1/system.d/wpa_supplicant.conf
install -D -m 0644 %{name}/dbus/fi.w1.wpa_supplicant1.service %{buildroot}/%{_datadir}/dbus-1/system-services/fi.w1.wpa_supplicant1.service
install -D -m 0644 %{name}/dbus/fi.epitest.hostap.WPASupplicant.service %{buildroot}/%{_datadir}/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service

%if %{build_gui}
# gui
install -d %{buildroot}/%{_bindir}
install -m 0755 %{name}/wpa_gui-qt4/wpa_gui %{buildroot}/%{_bindir}
%endif

# running
mkdir -p %{buildroot}/%{_localstatedir}/run/%{name}

# man pages
install -d %{buildroot}%{_mandir}/man{5,8}
install -m 0644 %{name}/doc/docbook/*.8 %{buildroot}%{_mandir}/man8
install -m 0644 %{name}/doc/docbook/*.5 %{buildroot}%{_mandir}/man5

# some cleanup in docs
rm -f  %{name}/doc/.cvsignore
rm -rf %{name}/doc/docbook
chmod -R 0644 %{name}/examples/*.py

%clean
rm -rf %{buildroot}

%post
if [ $1 = 1 ]; then
    /sbin/chkconfig --add %{name}
fi

%preun
if [ $1 = 0 ]; then
    /sbin/service %{name} stop > /dev/null 2>&1
    killall -TERM wpa_supplicant >/dev/null 2>&1
    /sbin/chkconfig --del %{name}
fi

%postun
if [ $1 -ge 1 ]; then
    /sbin/service %{name} condrestart > /dev/null 2>&1
fi

%files
%defattr(-, root, root)
%doc COPYING %{name}/ChangeLog README %{name}/eap_testing.txt %{name}/todo.txt %{name}/wpa_supplicant.conf %{name}/examples
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%{_sysconfdir}/rc.d/init.d/%{name}
%{_sysconfdir}/dbus-1/system.d/%{name}.conf
%{_datadir}/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service
%{_datadir}/dbus-1/system-services/fi.w1.wpa_supplicant1.service
%{_sbindir}/wpa_passphrase
%{_sbindir}/wpa_supplicant
%{_sbindir}/wpa_cli
%dir %{_localstatedir}/run/%{name}
%dir %{_sysconfdir}/%{name}
%{_mandir}/man8/*
%{_mandir}/man5/*

%if %{build_gui}
%files gui
%defattr(-, root, root)
%{_bindir}/wpa_gui
%endif

%changelog
* Sat Mar 03 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> - 2.6-1
- updated to 2.6.
- imported Patch9-60 from rawhide.

* Thu Jun 30 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> - 2.5-3
- rebuilt with new toolchain.

* Tue Mar 29 2016 Yoji TOYODA <bsyamato@sea.plala.or.jp> - 2.5-2
- rebuild with openssl-1.0.2g

* Thu Oct 08 2015 Yoji TOYODA <bsyamato@sea.plala.or.jp> - 2.5-1
- update to 2.5
- update SOURCE1
- remove Patch7 (libnl3-includes.patch)
- add Patch 9,10,11 from Fedora
- remove Patch 6, 700

* Thu Feb  5 2015 Ryoichi INAGAKI <ryo1@toki.waseda.jp> - 2.3-1
- updated to 2.3
- built with libnl3 instead of libnl
- added Patch 6, 7 and 8 from Fedora
- added Patch700

  * Mon Aug 22 2011 MATSUBAYASHI Kohji <shaolin@vinelinux.org> - 0.7.3-3
- import Patch8 from Fedora 1:0.7.3-9 to fix some crashes
  - Wed Jul 27 2011 Dan Williams <dcbw@redhat.com> - 1:0.7.3-9
  - Fix various crashes with D-Bus interface (rh #678625) (rh #725517)

* Mon Jan 10 2011 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.7.3-2
- rebuild with openssl-1.0.0c
- add BuildRequires: qt4-designer, libnl-devel

* Thu Jan 06 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 0.7.3-1
- new upstream release
- update patches
- change License to BSD due to linkage against OpsnSSL since there is no
  OpenSSL exception in upstream GPLv2 license text.
- build with qt4
- update build config

* Wed Jan 28 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 0.6.4-1
- new upstream release
- remove hostap/madwifi/prism54 drivers, use 'wext' instead.
- drop upstream patches
- import some fedora patches
  - Handle encryption keys correctly when switching 802.11 modes (rh #459399)
  - Better scanning behavior on resume from suspend/hibernate
  - Better interaction with newer kernels and drivers

* Sun Aug 03 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 0.6.3-2
- start wpa_supplicant by default.

* Sun Aug 03 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 0.6.3-1
- new upstream release
- import some fedora patches

* Thu May 17 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 0.5.7-0vl2
- rebuild with new openssl

* Mon May 14 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 0.5.7-0vl1
- new upstream release

* Wed Jun 21 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 0.4.8-0vl1
- initial build for Vine Linux based on FC package.

* Thu Apr 27 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-10
- Add fix for madwifi and WEP (wpa_supplicant/hostap bud #140) (#rh190075#)
- Fix up madwifi-ng private ioctl()s for r1331 and later
- Update madwifi headers to r1475

* Tue Apr 25 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-9
- Enable Wired driver, PKCS12, and Smartcard options (#rh189805#)

* Tue Apr 11 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-8
- Fix control interface key obfuscation a bit

* Sun Apr  2 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-7
- Work around older & incorrect drivers that return null-terminated SSIDs

* Mon Mar 27 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-6
- Add patch to make orinoco happy with WEP keys
- Enable Prism54-specific driver
- Disable ipw-specific driver; ipw2x00 should be using WEXT instead

* Fri Mar  3 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-5
- Increase association timeout, mainly for drivers that don't
        fully support WPA ioctls yet

* Fri Mar  3 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-4
- Add additional BuildRequires #rh181914#
- Add prereq on chkconfig #rh182905# #rh182906#
- Own /var/run/wpa_supplicant and /etc/wpa_supplicant #rh183696#

* Wed Mar  1 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-3
- Install wpa_passphrase too #rh183480#

* Mon Feb 27 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-2
- Don't expose private data on the control interface unless requested

* Fri Feb 24 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-1
- Downgrade to 0.4.8 stable release rather than a dev release

* Sun Feb 12 2006 Dan Williams <dcbw@redhat.com> - 0.5.1-3
- Documentation cleanup (Terje Rosten <terje.rosten@ntnu.no>)

* Sun Feb 12 2006 Dan Williams <dcbw@redhat.com> - 0.5.1-2
- Move initscript to /etc/rc.d/init.d

* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.5.1-1.2
- bump again for double-long bug on ppc(64)

* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.5.1-1.1
- rebuilt for new gcc4.1 snapshot and glibc changes

* Sun Feb  5 2006 Dan Williams <dcbw@redhat.com> 0.5.1-1
- Update to 0.5.1
- Add WE auth fallback to actually work with older drivers

* Thu Jan 26 2006 Dan Williams <dcbw@redhat.com> 0.4.7-2
- Bring package into Fedora Core
- Add ap_scan control interface patch
- Enable madwifi-ng driver

* Sun Jan 15 2006 Douglas E. Warner <silfreed@silfreed.net> 0.4.7-1
- upgrade to 0.4.7
- added package w/ wpa_gui in it

* Mon Nov 14 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.6-1
- upgrade to 0.4.6
- adding ctrl interface changes recommended 
  by Hugo Paredes <hugo.paredes@e-know.org>

* Sun Oct  9 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.5-1
- upgrade to 0.4.5
- updated config file wpa_supplicant is built with
  especially, the ipw2100 driver changed to just ipw
  and enabled a bunch more EAP
- disabled dist tag

* Thu Jun 30 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.2-3
- fix typo in init script

* Thu Jun 30 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.2-2
- fixing init script using fedora-extras' template
- removing chkconfig default startup

* Tue Jun 21 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.2-1
- upgrade to 0.4.2
- new sample conf file that will use any unrestricted AP
- make sysconfig config entry
- new BuildRoot for Fedora Extras
- adding dist tag to Release

* Fri May 06 2005 Douglas E. Warner <silfreed@silfreed.net> 0.3.8-1
- upgrade to 0.3.8

* Thu Feb 10 2005 Douglas E. Warner <silfreed@silfreed.net> 0.3.6-2
- compile ipw driver in

* Wed Feb 09 2005 Douglas E. Warner <silfreed@silfreed.net> 0.3.6-1
- upgrade to 0.3.6

* Thu Dec 23 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-4
- fixing init script

* Mon Dec 20 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-3
- fixing init script
- adding post/preun items to add/remove via chkconfig

* Mon Dec 20 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-2
- adding sysV scripts

* Mon Dec 20 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-1
- Initial RPM release.