%define build_gui 1 Summary: WPA/WPA2/IEEE 802.1X Supplicant Name: wpa_supplicant Version: 2.6 Release: 2%{?_dist_release} License: BSD Group: System Environment/Base URL: http://w1.fi/wpa_supplicant/ Vendor: Project Vine Distribution: Vine Linux Source0: http://hostap.epitest.fi/releases/%{name}-%{version}.tar.gz Source1: %{name}.build-config Source2: %{name}.conf Source3: %{name}.init.d Source4: %{name}.sysconfig Source6: %{name}.logrotate # distro specific customization and not suitable for upstream, # works around busted drivers Patch0: wpa_supplicant-assoc-timeout.patch # ensures that debug output gets flushed immediately to help diagnose driver # bugs, not suitable for upstream Patch1: wpa_supplicant-flush-debug-output.patch # disto specific customization for log paths, not suitable for upstream Patch2: wpa_supplicant-dbus-service-file-args.patch # quiet an annoying and frequent syslog message Patch3: wpa_supplicant-quiet-scan-results-message.patch # distro specific customization for Qt4 build tools, not suitable for upstream Patch6: wpa_supplicant-gui-qt4.patch # Less aggressive roaming; signal strength is wildly variable # dcbw states (2015-04): # "upstream doesn't like that patch so it's been discussed and I think rejected" Patch8: rh837402-less-aggressive-roaming.patch # backport of macsec series Patch9: macsec-0001-mka-Move-structs-transmit-receive-_-sa-sc-to-a-commo.patch Patch10: macsec-0002-mka-Pass-full-structures-down-to-macsec-drivers-pack.patch Patch11: macsec-0003-mka-Pass-full-structures-down-to-macsec-drivers-tran.patch Patch12: macsec-0004-mka-Pass-full-structures-down-to-macsec-drivers-rece.patch Patch13: macsec-0005-mka-Pass-full-structures-down-to-macsec-drivers-tran.patch Patch14: macsec-0006-mka-Pass-full-structures-down-to-macsec-drivers-rece.patch Patch15: macsec-0007-mka-Add-driver-op-to-get-macsec-capabilities.patch Patch16: macsec-0008-mka-Remove-channel-hacks-from-the-stack-and-the-macs.patch Patch17: macsec-0009-mka-Sync-structs-definitions-with-IEEE-Std-802.1X-20.patch Patch18: macsec-0010-mka-Add-support-for-removing-SAs.patch Patch19: macsec-0011-mka-Implement-reference-counting-on-data_key.patch Patch20: macsec-0012-mka-Fix-getting-capabilities-from-the-driver.patch Patch21: macsec-0013-wpa_supplicant-Allow-pre-shared-CAK-CKN-pair-for-MKA.patch Patch22: macsec-0014-mka-Disable-peer-detection-timeout-for-PSK-mode.patch Patch23: macsec-0015-wpa_supplicant-Add-macsec_integ_only-setting-for-MKA.patch Patch24: macsec-0016-mka-Add-enable_encrypt-op-and-call-it-from-CP-state-.patch Patch25: macsec-0017-wpa_supplicant-Allow-configuring-the-MACsec-port-for.patch Patch26: macsec-0018-drivers-Move-common-definitions-for-wired-drivers-ou.patch Patch27: macsec-0019-drivers-Move-wired_multicast_membership-to-a-common-.patch Patch28: macsec-0020-drivers-Move-driver_wired_multi-to-a-common-file.patch Patch29: macsec-0021-drivers-Move-driver_wired_get_ifflags-to-a-common-fi.patch Patch30: macsec-0022-drivers-Move-driver_wired_set_ifflags-to-a-common-fi.patch Patch31: macsec-0023-drivers-Move-driver_wired_get_ifstatus-to-a-common-f.patch Patch32: macsec-0024-drivers-Move-driver_wired_init_common-to-a-common-fi.patch Patch33: macsec-0025-drivers-Move-driver_wired_deinit_common-to-a-common-.patch Patch34: macsec-0026-drivers-Move-driver_wired_get_capa-to-a-common-file.patch Patch35: macsec-0027-drivers-Move-driver_wired_get_bssid-to-a-common-file.patch Patch36: macsec-0028-drivers-Move-driver_wired_get_ssid-to-a-common-file.patch Patch37: macsec-0029-macsec_linux-Add-a-driver-for-macsec-on-Linux-kernel.patch Patch38: macsec-0030-mka-Remove-references-to-macsec_qca-from-wpa_supplic.patch Patch39: macsec-0031-PAE-Make-KaY-specific-details-available-via-control-.patch Patch40: macsec-0032-mka-Make-MKA-actor-priority-configurable.patch Patch41: macsec-0033-mka-Fix-an-incorrect-update-of-participant-to_use_sa.patch Patch42: macsec-0034-mka-Some-bug-fixes-for-MACsec-in-PSK-mode.patch Patch43: macsec-0035-mka-Send-MKPDUs-forever-if-mode-is-PSK.patch Patch44: macsec-0036-mka-Fix-the-order-of-operations-in-secure-channel-de.patch Patch45: macsec-0037-mka-Fix-use-after-free-when-receive-secure-channels-.patch Patch46: macsec-0038-mka-Fix-use-after-free-when-transmit-secure-channels.patch Patch47: macsec-0039-macsec_linux-Fix-NULL-pointer-dereference-on-error-c.patch # hostapd and replayed FT reassociation request frame (CVE-2017-13082) Patch48: https://w1.fi/security/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch # wpa_supplicant and GTK/IGTK rekeying (CVE-2017-13078, CVE-2017-13079, # CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088): Patch49: https://w1.fi/security/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch Patch50: https://w1.fi/security/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch Patch51: https://w1.fi/security/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch Patch52: https://w1.fi/security/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch Patch53: https://w1.fi/security/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch Patch54: https://w1.fi/security/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch Patch55: https://w1.fi/security/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch # upstream patches not in 2.6 Patch56: rh1451834-nl80211-Fix-race-condition-in-detecting-MAC-change.patch Patch57: rh1462262-use-system-openssl-ciphers.patch Patch58: rh1465138-openssl-Fix-openssl-1-1-private-key-callback.patch # fixes for crash when using MACsec without loaded macsec.ko (rh #1497640) Patch59: rh1497640-mka-add-error-handling-for-secy_init_macsec.patch Patch60: rh1497640-pae-validate-input-before-pointer.patch # make PMF configurable using D-Bus (rh #1567474) Patch62: rh1567474-0002-D-Bus-Add-pmf-to-global-capabilities.patch # fix wrong encoding of NL80211_ATTR_SMPS_MODE (rh #1570903) Patch63: rh1570903-nl80211-Fix-NL80211_ATTR_SMPS_MODE-encoding.patch # Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526) Patch64: https://w1.fi/security/2018-1/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch ## Vine patches BuildRoot: %{_tmppath}/%{name}-%{version}-root %if %{build_gui} BuildRequires: qt4-devel %endif BuildRequires: openssl-devel BuildRequires: readline-devel BuildRequires: dbus-devel BuildRequires: libnl3-devel BuildRequires: docbook-utils Requires(post): /sbin/chkconfig Requires(preun): /sbin/chkconfig /sbin/service Requires(postun): /sbin/service %description wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. %if %{build_gui} %package gui Summary: Graphical User Interface for %{name} Summary(ja): %{name} のグラフィカルユーザインタフェース Group: Applications/System %description gui Graphical User Interface for wpa_supplicant written using QT4 %description -l ja gui QT4 を用いた wpa_supplicant のグラフィカルユーザインタフェース %endif %prep %setup -q %patch0 -p1 -b .assoc-timeout %patch1 -p1 -b .flush-debug-output %patch2 -p1 -b .dbus-service-file %patch3 -p1 -b .quiet-scan-results-msg %patch6 -p1 -b .qt4 %patch8 -p1 -b .rh837402-less-aggressive-roaming %patch9 -p1 -b .macsec-0001 %patch10 -p1 -b .macsec-0002 %patch11 -p1 -b .macsec-0003 %patch12 -p1 -b .macsec-0004 %patch13 -p1 -b .macsec-0005 %patch14 -p1 -b .macsec-0006 %patch15 -p1 -b .macsec-0007 %patch16 -p1 -b .macsec-0008 %patch17 -p1 -b .macsec-0009 %patch18 -p1 -b .macsec-0010 %patch19 -p1 -b .macsec-0011 %patch20 -p1 -b .macsec-0012 %patch21 -p1 -b .macsec-0013 %patch22 -p1 -b .macsec-0014 %patch23 -p1 -b .macsec-0015 %patch24 -p1 -b .macsec-0016 %patch25 -p1 -b .macsec-0017 %patch26 -p1 -b .macsec-0018 %patch27 -p1 -b .macsec-0019 %patch28 -p1 -b .macsec-0020 %patch29 -p1 -b .macsec-0021 %patch30 -p1 -b .macsec-0022 %patch31 -p1 -b .macsec-0023 %patch32 -p1 -b .macsec-0024 %patch33 -p1 -b .macsec-0025 %patch34 -p1 -b .macsec-0026 %patch35 -p1 -b .macsec-0027 %patch36 -p1 -b .macsec-0028 %patch37 -p1 -b .macsec-0029 %patch38 -p1 -b .macsec-0030 %patch39 -p1 -b .macsec-0031 %patch40 -p1 -b .macsec-0032 %patch41 -p1 -b .macsec-0033 %patch42 -p1 -b .macsec-0034 %patch43 -p1 -b .macsec-0035 %patch44 -p1 -b .macsec-0036 %patch45 -p1 -b .macsec-0037 %patch46 -p1 -b .macsec-0038 %patch47 -p1 -b .macsec-0039 %patch48 -p1 -b .2017-1 %patch49 -p1 -b .2017-1 %patch50 -p1 -b .2017-1 %patch51 -p1 -b .2017-1 %patch52 -p1 -b .2017-1 %patch53 -p1 -b .2017-1 %patch54 -p1 -b .2017-1 %patch55 -p1 -b .2017-1 %patch56 -p1 -b .rh1447073-detect-mac-change %patch57 -p1 -b .rh1462262-system-ciphers %patch58 -p1 -b .rh1465138-openssl-cb %patch59 -p1 -b .rh1487640-mka %patch60 -p1 -b .rh1487640-pae %patch62 -p1 -b .rh1567474-pmf-0002 %patch63 -p1 -b .rh1570903 %patch64 -p1 -b .2018-1 %build pushd wpa_supplicant cp %{SOURCE1} .config CFLAGS="${CFLAGS:-%optflags} -fPIE -DPIE" ; export CFLAGS ; CXXFLAGS="${CXXFLAGS:-%optflags} -fPIE -DPIE" ; export CXXFLAGS ; LDFLAGS="${LDFLAGS:-%optflags} -pie -Wl,-z,now" ; export LDFLAGS ; # yes, BINDIR=_sbindir BINDIR="%{_sbindir}" ; export BINDIR ; LIBDIR="%{_libdir}" ; export LIBDIR ; make %{?_smp_mflags} %if %{build_gui} QTDIR=%{_libdir}/qt4 make wpa_gui-qt4 %{?_smp_mflags} %endif make eapol_test popd %install rm -rf %{buildroot} # init scripts install -D -m 0755 %{SOURCE3} %{buildroot}/%{_sysconfdir}/rc.d/init.d/%{name} install -D -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/sysconfig/%{name} install -D -m 0644 %{SOURCE6} %{buildroot}/%{_sysconfdir}/logrotate.d/%{name} # config install -D -m 0600 %{SOURCE2} %{buildroot}/%{_sysconfdir}/%{name}/%{name}.conf # binary install -d %{buildroot}/%{_sbindir} install -m 0755 %{name}/wpa_passphrase %{buildroot}/%{_sbindir} install -m 0755 %{name}/wpa_cli %{buildroot}/%{_sbindir} install -m 0755 %{name}/wpa_supplicant %{buildroot}/%{_sbindir} install -D -m 0644 %{name}/dbus/dbus-wpa_supplicant.conf %{buildroot}/%{_sysconfdir}/dbus-1/system.d/wpa_supplicant.conf install -D -m 0644 %{name}/dbus/fi.w1.wpa_supplicant1.service %{buildroot}/%{_datadir}/dbus-1/system-services/fi.w1.wpa_supplicant1.service install -D -m 0644 %{name}/dbus/fi.epitest.hostap.WPASupplicant.service %{buildroot}/%{_datadir}/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service %if %{build_gui} # gui install -d %{buildroot}/%{_bindir} install -m 0755 %{name}/wpa_gui-qt4/wpa_gui %{buildroot}/%{_bindir} %endif # running mkdir -p %{buildroot}/%{_localstatedir}/run/%{name} # man pages install -d %{buildroot}%{_mandir}/man{5,8} install -m 0644 %{name}/doc/docbook/*.8 %{buildroot}%{_mandir}/man8 install -m 0644 %{name}/doc/docbook/*.5 %{buildroot}%{_mandir}/man5 # some cleanup in docs rm -f %{name}/doc/.cvsignore rm -rf %{name}/doc/docbook chmod -R 0644 %{name}/examples/*.py %clean rm -rf %{buildroot} %post if [ $1 = 1 ]; then /sbin/chkconfig --add %{name} fi %preun if [ $1 = 0 ]; then /sbin/service %{name} stop > /dev/null 2>&1 killall -TERM wpa_supplicant >/dev/null 2>&1 /sbin/chkconfig --del %{name} fi %postun if [ $1 -ge 1 ]; then /sbin/service %{name} condrestart > /dev/null 2>&1 fi %files %defattr(-, root, root) %doc COPYING %{name}/ChangeLog README %{name}/eap_testing.txt %{name}/todo.txt %{name}/wpa_supplicant.conf %{name}/examples %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf %config(noreplace) %{_sysconfdir}/sysconfig/%{name} %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %{_sysconfdir}/rc.d/init.d/%{name} %{_sysconfdir}/dbus-1/system.d/%{name}.conf %{_datadir}/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service %{_datadir}/dbus-1/system-services/fi.w1.wpa_supplicant1.service %{_sbindir}/wpa_passphrase %{_sbindir}/wpa_supplicant %{_sbindir}/wpa_cli %dir %{_localstatedir}/run/%{name} %dir %{_sysconfdir}/%{name} %{_mandir}/man8/* %{_mandir}/man5/* %if %{build_gui} %files gui %defattr(-, root, root) %{_bindir}/wpa_gui %endif %changelog * Tue Nov 27 2018 Tomohiro "Tomo-p" KATO - 2.6-2 - rebuilt with openssl-1.1.1. - imported Patch62-64 from rawhide. * Sat Mar 03 2018 Tomohiro "Tomo-p" KATO - 2.6-1 - updated to 2.6. - imported Patch9-60 from rawhide. * Thu Jun 30 2016 Tomohiro "Tomo-p" KATO - 2.5-3 - rebuilt with new toolchain. * Tue Mar 29 2016 Yoji TOYODA - 2.5-2 - rebuild with openssl-1.0.2g * Thu Oct 08 2015 Yoji TOYODA - 2.5-1 - update to 2.5 - update SOURCE1 - remove Patch7 (libnl3-includes.patch) - add Patch 9,10,11 from Fedora - remove Patch 6, 700 * Thu Feb 5 2015 Ryoichi INAGAKI - 2.3-1 - updated to 2.3 - built with libnl3 instead of libnl - added Patch 6, 7 and 8 from Fedora - added Patch700 * Mon Aug 22 2011 MATSUBAYASHI Kohji - 0.7.3-3 - import Patch8 from Fedora 1:0.7.3-9 to fix some crashes - Wed Jul 27 2011 Dan Williams - 1:0.7.3-9 - Fix various crashes with D-Bus interface (rh #678625) (rh #725517) * Mon Jan 10 2011 Yoji TOYODA 0.7.3-2 - rebuild with openssl-1.0.0c - add BuildRequires: qt4-designer, libnl-devel * Thu Jan 06 2011 Daisuke SUZUKI 0.7.3-1 - new upstream release - update patches - change License to BSD due to linkage against OpsnSSL since there is no OpenSSL exception in upstream GPLv2 license text. - build with qt4 - update build config * Wed Jan 28 2009 Daisuke SUZUKI 0.6.4-1 - new upstream release - remove hostap/madwifi/prism54 drivers, use 'wext' instead. - drop upstream patches - import some fedora patches - Handle encryption keys correctly when switching 802.11 modes (rh #459399) - Better scanning behavior on resume from suspend/hibernate - Better interaction with newer kernels and drivers * Sun Aug 03 2008 Daisuke SUZUKI 0.6.3-2 - start wpa_supplicant by default. * Sun Aug 03 2008 Daisuke SUZUKI 0.6.3-1 - new upstream release - import some fedora patches * Thu May 17 2007 Daisuke SUZUKI 0.5.7-0vl2 - rebuild with new openssl * Mon May 14 2007 Daisuke SUZUKI 0.5.7-0vl1 - new upstream release * Wed Jun 21 2006 Daisuke SUZUKI 0.4.8-0vl1 - initial build for Vine Linux based on FC package. * Thu Apr 27 2006 Dan Williams - 0.4.8-10 - Add fix for madwifi and WEP (wpa_supplicant/hostap bud #140) (#rh190075#) - Fix up madwifi-ng private ioctl()s for r1331 and later - Update madwifi headers to r1475 * Tue Apr 25 2006 Dan Williams - 0.4.8-9 - Enable Wired driver, PKCS12, and Smartcard options (#rh189805#) * Tue Apr 11 2006 Dan Williams - 0.4.8-8 - Fix control interface key obfuscation a bit * Sun Apr 2 2006 Dan Williams - 0.4.8-7 - Work around older & incorrect drivers that return null-terminated SSIDs * Mon Mar 27 2006 Dan Williams - 0.4.8-6 - Add patch to make orinoco happy with WEP keys - Enable Prism54-specific driver - Disable ipw-specific driver; ipw2x00 should be using WEXT instead * Fri Mar 3 2006 Dan Williams - 0.4.8-5 - Increase association timeout, mainly for drivers that don't fully support WPA ioctls yet * Fri Mar 3 2006 Dan Williams - 0.4.8-4 - Add additional BuildRequires #rh181914# - Add prereq on chkconfig #rh182905# #rh182906# - Own /var/run/wpa_supplicant and /etc/wpa_supplicant #rh183696# * Wed Mar 1 2006 Dan Williams - 0.4.8-3 - Install wpa_passphrase too #rh183480# * Mon Feb 27 2006 Dan Williams - 0.4.8-2 - Don't expose private data on the control interface unless requested * Fri Feb 24 2006 Dan Williams - 0.4.8-1 - Downgrade to 0.4.8 stable release rather than a dev release * Sun Feb 12 2006 Dan Williams - 0.5.1-3 - Documentation cleanup (Terje Rosten ) * Sun Feb 12 2006 Dan Williams - 0.5.1-2 - Move initscript to /etc/rc.d/init.d * Fri Feb 10 2006 Jesse Keating - 0.5.1-1.2 - bump again for double-long bug on ppc(64) * Tue Feb 07 2006 Jesse Keating - 0.5.1-1.1 - rebuilt for new gcc4.1 snapshot and glibc changes * Sun Feb 5 2006 Dan Williams 0.5.1-1 - Update to 0.5.1 - Add WE auth fallback to actually work with older drivers * Thu Jan 26 2006 Dan Williams 0.4.7-2 - Bring package into Fedora Core - Add ap_scan control interface patch - Enable madwifi-ng driver * Sun Jan 15 2006 Douglas E. Warner 0.4.7-1 - upgrade to 0.4.7 - added package w/ wpa_gui in it * Mon Nov 14 2005 Douglas E. Warner 0.4.6-1 - upgrade to 0.4.6 - adding ctrl interface changes recommended by Hugo Paredes * Sun Oct 9 2005 Douglas E. Warner 0.4.5-1 - upgrade to 0.4.5 - updated config file wpa_supplicant is built with especially, the ipw2100 driver changed to just ipw and enabled a bunch more EAP - disabled dist tag * Thu Jun 30 2005 Douglas E. Warner 0.4.2-3 - fix typo in init script * Thu Jun 30 2005 Douglas E. Warner 0.4.2-2 - fixing init script using fedora-extras' template - removing chkconfig default startup * Tue Jun 21 2005 Douglas E. Warner 0.4.2-1 - upgrade to 0.4.2 - new sample conf file that will use any unrestricted AP - make sysconfig config entry - new BuildRoot for Fedora Extras - adding dist tag to Release * Fri May 06 2005 Douglas E. Warner 0.3.8-1 - upgrade to 0.3.8 * Thu Feb 10 2005 Douglas E. Warner 0.3.6-2 - compile ipw driver in * Wed Feb 09 2005 Douglas E. Warner 0.3.6-1 - upgrade to 0.3.6 * Thu Dec 23 2004 Douglas E. Warner 0.2.5-4 - fixing init script * Mon Dec 20 2004 Douglas E. Warner 0.2.5-3 - fixing init script - adding post/preun items to add/remove via chkconfig * Mon Dec 20 2004 Douglas E. Warner 0.2.5-2 - adding sysV scripts * Mon Dec 20 2004 Douglas E. Warner 0.2.5-1 - Initial RPM release.