RHEL 9.0.0 Alpha bootstrap

The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/wpa_supplicant#1ffda691c823c9a62d17671dbea9182bd2ebdc5a

.gitignore

@@ -0,0 +1,23 @@
+madwifi-headers.tar.bz2
+wpa_supplicant-0.4.7.tar.gz
+wpa_supplicant-0.5.1.tar.gz
+wpa_supplicant-0.4.8.tar.gz
+madwifi-headers-r1475.tar.bz2
+wpa_supplicant-0.4.9.tar.gz
+wpa_supplicant-0.5.7.tar.gz
+wpa_supplicant-0.6.3.tar.gz
+wpa_supplicant-0.6.4.tar.gz
+wpa_supplicant-0.6.7.tar.gz
+wpa_supplicant-0.6.8.tar.gz
+/wpa_supplicant-0.7.3.tar.gz
+/wpa_supplicant-1.0-rc1.tar.gz
+/wpa_supplicant-1.0-rc2.tar.gz
+/wpa_supplicant-1.1.tar.gz
+/wpa_supplicant-2.0.tar.gz
+/wpa_supplicant-2.3.tar.gz
+/wpa_supplicant-2.4.tar.gz
+/wpa_supplicant-2.5.tar.gz
+/wpa_supplicant-2.6.tar.gz
+/wpa_supplicant-2.7.tar.gz
+/wpa_supplicant-2.8.tar.gz
+/wpa_supplicant-2.9.tar.gz

0001-AP-Silently-ignore-management-frame-from-unexpected-.patch

@@ -0,0 +1,73 @@
+From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Thu, 29 Aug 2019 11:52:04 +0300
+Subject: [PATCH] AP: Silently ignore management frame from unexpected source
+ address
+
+Do not process any received Management frames with unexpected/invalid SA
+so that we do not add any state for unexpected STA addresses or end up
+sending out frames to unexpected destination. This prevents unexpected
+sequences where an unprotected frame might end up causing the AP to send
+out a response to another device and that other device processing the
+unexpected response.
+
+In particular, this prevents some potential denial of service cases
+where the unexpected response frame from the AP might result in a
+connected station dropping its association.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/drv_callbacks.c | 13 +++++++++++++
+ src/ap/ieee802_11.c    | 12 ++++++++++++
+ 2 files changed, 25 insertions(+)
+
+diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
+index 31587685fe3b..34ca379edc3d 100644
+--- a/src/ap/drv_callbacks.c
++++ b/src/ap/drv_callbacks.c
+@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
+ 			   "hostapd_notif_assoc: Skip event with no address");
+ 		return -1;
+ 	}
++
++	if (is_multicast_ether_addr(addr) ||
++	    is_zero_ether_addr(addr) ||
++	    os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
++		/* Do not process any frames with unexpected/invalid SA so that
++		 * we do not add any state for unexpected STA addresses or end
++		 * up sending out frames to unexpected destination. */
++		wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
++			   " in received indication - ignore this indication silently",
++			   __func__, MAC2STR(addr));
++		return 0;
++	}
++
+ 	random_add_randomness(addr, ETH_ALEN);
+ 
+ 	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index c85a28db44b7..e7065372e158 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
+ 	fc = le_to_host16(mgmt->frame_control);
+ 	stype = WLAN_FC_GET_STYPE(fc);
+ 
++	if (is_multicast_ether_addr(mgmt->sa) ||
++	    is_zero_ether_addr(mgmt->sa) ||
++	    os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
++		/* Do not process any frames with unexpected/invalid SA so that
++		 * we do not add any state for unexpected STA addresses or end
++		 * up sending out frames to unexpected destination. */
++		wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
++			   " in received frame - ignore this frame silently",
++			   MAC2STR(mgmt->sa));
++		return 0;
++	}
++
+ 	if (stype == WLAN_FC_STYPE_BEACON) {
+ 		handle_beacon(hapd, mgmt, len, fi);
+ 		return 1;
+-- 
+2.20.1
+

0001-D-Bus-Fix-P2P-NULL-dereference-after-interface-remov.patch

@@ -0,0 +1,209 @@
+From b2ad4e6b24ed0271ca76cb27856def0a701fb778 Mon Sep 17 00:00:00 2001
+From: Davide Caratti <davide.caratti@gmail.com>
+Date: Wed, 2 Oct 2019 14:08:41 +0200
+Subject: [PATCH] D-Bus: Fix P2P NULL dereference after interface removal
+
+When the P2P management interface is deleted, P2P is then disabled and
+global->p2p_init_wpa_s is set to NULL. After that, other interfaces can
+still trigger P2P functions (like wpas_p2p_find()) using D-Bus. This
+makes wpa_supplicant terminate with SIGSEGV, because it dereferences a
+NULL pointer. Fix this by adding proper checks, like it's done with
+wpa_cli.
+
+CC: Beniamino Galvani <bgalvani@redhat.com>
+CC: Benjamin Berg <benjamin@sipsolutions.net>
+Reported-by: Vladimir Benes <vbenes@redhat.com>
+Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
+---
+ wpa_supplicant/dbus/dbus_new_handlers_p2p.c | 69 ++++++++++++++++++++-
+ 1 file changed, 67 insertions(+), 2 deletions(-)
+
+diff --git a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
+index 8cdd88564..19715eb4c 100644
+--- a/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
++++ b/wpa_supplicant/dbus/dbus_new_handlers_p2p.c
+@@ -40,6 +40,14 @@ static int wpas_dbus_validate_dbus_ipaddr(struct wpa_dbus_dict_entry entry)
+ }
+ 
+ 
++static dbus_bool_t no_p2p_mgmt_interface(DBusError *error)
++{
++	dbus_set_error_const(error, WPAS_DBUS_ERROR_IFACE_UNKNOWN,
++			     "Could not find P2P mgmt interface");
++	return FALSE;
++}
++
++
+ /**
+  * Parses out the mac address from the peer object path.
+  * @peer_path - object path of the form
+@@ -78,6 +86,22 @@ wpas_dbus_error_persistent_group_unknown(DBusMessage *message)
+ }
+ 
+ 
++/**
++ * wpas_dbus_error_no_p2p_mgmt_iface - Return a new InterfaceUnknown error
++ * message
++ * @message: Pointer to incoming dbus message this error refers to
++ * Returns: a dbus error message
++ *
++ * Convenience function to create and return an unknown interface error.
++ */
++static DBusMessage * wpas_dbus_error_no_p2p_mgmt_iface(DBusMessage *message)
++{
++	wpa_printf(MSG_DEBUG, "dbus: Could not find P2P mgmt interface");
++	return dbus_message_new_error(message, WPAS_DBUS_ERROR_IFACE_UNKNOWN,
++				      "Could not find P2P mgmt interface");
++}
++
++
+ DBusMessage * wpas_dbus_handler_p2p_find(DBusMessage *message,
+ 					 struct wpa_supplicant *wpa_s)
+ {
+@@ -145,6 +169,10 @@ DBusMessage * wpas_dbus_handler_p2p_find(DBusMessage *message,
+ 	}
+ 
+ 	wpa_s = wpa_s->global->p2p_init_wpa_s;
++	if (!wpa_s) {
++		reply = wpas_dbus_error_no_p2p_mgmt_iface(message);
++		goto error_nop2p;
++	}
+ 
+ 	if (wpas_p2p_find(wpa_s, timeout, type, num_req_dev_types,
+ 			  req_dev_types, NULL, 0, 0, NULL, freq))
+@@ -157,8 +185,9 @@ DBusMessage * wpas_dbus_handler_p2p_find(DBusMessage *message,
+ error_clear:
+ 	wpa_dbus_dict_entry_clear(&entry);
+ error:
+-	os_free(req_dev_types);
+ 	reply = wpas_dbus_error_invalid_args(message, entry.key);
++error_nop2p:
++	os_free(req_dev_types);
+ 	return reply;
+ }
+ 
+@@ -166,7 +195,9 @@ error:
+ DBusMessage * wpas_dbus_handler_p2p_stop_find(DBusMessage *message,
+ 					      struct wpa_supplicant *wpa_s)
+ {
+-	wpas_p2p_stop_find(wpa_s->global->p2p_init_wpa_s);
++	wpa_s = wpa_s->global->p2p_init_wpa_s;
++	if (wpa_s)
++		wpas_p2p_stop_find(wpa_s);
+ 	return NULL;
+ }
+ 
+@@ -185,6 +216,8 @@ DBusMessage * wpas_dbus_handler_p2p_rejectpeer(DBusMessage *message,
+ 		return wpas_dbus_error_invalid_args(message, NULL);
+ 
+ 	wpa_s = wpa_s->global->p2p_init_wpa_s;
++	if (!wpa_s)
++		return wpas_dbus_error_no_p2p_mgmt_iface(message);
+ 
+ 	if (wpas_p2p_reject(wpa_s, peer_addr) < 0)
+ 		return wpas_dbus_error_unknown_error(message,
+@@ -204,6 +237,8 @@ DBusMessage * wpas_dbus_handler_p2p_listen(DBusMessage *message,
+ 		return wpas_dbus_error_no_memory(message);
+ 
+ 	wpa_s = wpa_s->global->p2p_init_wpa_s;
++	if (!wpa_s)
++		return wpas_dbus_error_no_p2p_mgmt_iface(message);
+ 
+ 	if (wpas_p2p_listen(wpa_s, (unsigned int) timeout)) {
+ 		return dbus_message_new_error(message,
+@@ -245,6 +280,8 @@ DBusMessage * wpas_dbus_handler_p2p_extendedlisten(
+ 	}
+ 
+ 	wpa_s = wpa_s->global->p2p_init_wpa_s;
++	if (!wpa_s)
++		return wpas_dbus_error_no_p2p_mgmt_iface(message);
+ 
+ 	if (wpas_p2p_ext_listen(wpa_s, period, interval))
+ 		return wpas_dbus_error_unknown_error(
+@@ -350,6 +387,10 @@ DBusMessage * wpas_dbus_handler_p2p_group_add(DBusMessage *message,
+ 	}
+ 
+ 	wpa_s = wpa_s->global->p2p_init_wpa_s;
++	if (!wpa_s) {
++		reply = wpas_dbus_error_no_p2p_mgmt_iface(message);
++		goto out;
++	}
+ 
+ 	if (pg_object_path != NULL) {
+ 		char *net_id_str;
+@@ -433,6 +474,12 @@ static dbus_bool_t wpa_dbus_p2p_check_enabled(struct wpa_supplicant *wpa_s,
+ 				     "P2P is not available for this interface");
+ 		return FALSE;
+ 	}
++	if (!wpa_s->global->p2p_init_wpa_s) {
++		if (out_reply)
++			*out_reply = wpas_dbus_error_no_p2p_mgmt_iface(
++				message);
++		return no_p2p_mgmt_interface(error);
++	}
+ 	return TRUE;
+ }
+ 
+@@ -822,6 +869,8 @@ DBusMessage * wpas_dbus_handler_p2p_prov_disc_req(DBusMessage *message,
+ 		return wpas_dbus_error_invalid_args(message, NULL);
+ 
+ 	wpa_s = wpa_s->global->p2p_init_wpa_s;
++	if (!wpa_s)
++		return wpas_dbus_error_no_p2p_mgmt_iface(message);
+ 
+ 	if (wpas_p2p_prov_disc(wpa_s, peer_addr, config_method,
+ 			       WPAS_P2P_PD_FOR_GO_NEG, NULL) < 0)
+@@ -1882,6 +1931,8 @@ dbus_bool_t wpas_dbus_getter_p2p_peer_groups(
+ 
+ 	wpa_s = peer_args->wpa_s;
+ 	wpa_s = wpa_s->global->p2p_init_wpa_s;
++	if (!wpa_s)
++		return no_p2p_mgmt_interface(error);
+ 
+ 	wpa_s_go = wpas_get_p2p_client_iface(wpa_s, info->p2p_device_addr);
+ 	if (wpa_s_go) {
+@@ -1963,6 +2014,9 @@ dbus_bool_t wpas_dbus_getter_persistent_groups(
+ 	dbus_bool_t success = FALSE;
+ 
+ 	wpa_s = wpa_s->global->p2p_init_wpa_s;
++	if (!wpa_s)
++		return no_p2p_mgmt_interface(error);
++
+ 	if (!wpa_s->parent->dbus_new_path)
+ 		return FALSE;
+ 
+@@ -2077,6 +2131,11 @@ DBusMessage * wpas_dbus_handler_add_persistent_group(
+ 	dbus_message_iter_init(message, &iter);
+ 
+ 	wpa_s = wpa_s->global->p2p_init_wpa_s;
++	if (!wpa_s) {
++		reply = wpas_dbus_error_no_p2p_mgmt_iface(message);
++		goto err;
++	}
++
+ 	if (wpa_s->parent->dbus_new_path)
+ 		ssid = wpa_config_add_network(wpa_s->conf);
+ 	if (ssid == NULL) {
+@@ -2159,6 +2218,10 @@ DBusMessage * wpas_dbus_handler_remove_persistent_group(
+ 			      DBUS_TYPE_INVALID);
+ 
+ 	wpa_s = wpa_s->global->p2p_init_wpa_s;
++	if (!wpa_s) {
++		reply = wpas_dbus_error_no_p2p_mgmt_iface(message);
++		goto out;
++	}
+ 
+ 	/*
+ 	 * Extract the network ID and ensure the network is actually a child of
+@@ -2235,6 +2298,8 @@ DBusMessage * wpas_dbus_handler_remove_all_persistent_groups(
+ 	struct wpa_config *config;
+ 
+ 	wpa_s = wpa_s->global->p2p_init_wpa_s;
++	if (!wpa_s)
++		return wpas_dbus_error_no_p2p_mgmt_iface(message);
+ 
+ 	config = wpa_s->conf;
+ 	ssid = config->ssid;
+-- 
+2.26.2
+

0001-P2P-Always-use-global-p2p_long_listen.patch

@@ -0,0 +1,111 @@
+From 9ad3c12dd1bf56824ef8b3425e057e8d1e84e69d Mon Sep 17 00:00:00 2001
+From: Benjamin Berg <bberg@redhat.com>
+Date: Fri, 3 Jan 2020 22:18:51 +0100
+Subject: [PATCH] P2P: Always use global p2p_long_listen
+
+The p2p_long_listen value was set on the control wpa_s struct while in a
+lot of cases it operated on the p2p struct. Explicitly use the global
+p2p_init_wpa_s struct in cases where we might not be operating on it
+already.
+
+Without this, simply starting a p2p_listen operation (e.g., using
+wpa_cli) will not work properly. As the p2p_long_listen is set on the
+controlling interface and wpas_p2p_cancel_remain_on_channel_cb() uses
+p2p_init_wpa_s, it would not actually work. This results in
+wpa_supplicant stopping listening after the maximum remain-on-channel
+time passes when using a separate P2P Device interface.
+
+Signed-off-by: Benjamin Berg <bberg@redhat.com>
+---
+ wpa_supplicant/p2p_supplicant.c | 19 ++++++++++---------
+ 1 file changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
+index 95bacec19..a7d3b7f1d 100644
+--- a/wpa_supplicant/p2p_supplicant.c
++++ b/wpa_supplicant/p2p_supplicant.c
+@@ -2422,7 +2422,7 @@ static void wpas_go_neg_completed(void *ctx, struct p2p_go_neg_results *res)
+ 		wpas_start_wps_enrollee(group_wpa_s, res);
+ 	}
+ 
+-	wpa_s->p2p_long_listen = 0;
++	wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 	eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
+ 
+ 	eloop_cancel_timeout(wpas_p2p_group_formation_timeout, wpa_s, NULL);
+@@ -4750,7 +4750,8 @@ void wpas_p2p_deinit(struct wpa_supplicant *wpa_s)
+ 	eloop_cancel_timeout(wpas_p2p_psk_failure_removal, wpa_s, NULL);
+ 	eloop_cancel_timeout(wpas_p2p_group_formation_timeout, wpa_s, NULL);
+ 	eloop_cancel_timeout(wpas_p2p_join_scan, wpa_s, NULL);
+-	wpa_s->p2p_long_listen = 0;
++	if (wpa_s->global->p2p_init_wpa_s)
++		wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 	eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
+ 	eloop_cancel_timeout(wpas_p2p_group_idle_timeout, wpa_s, NULL);
+ 	wpas_p2p_remove_pending_group_interface(wpa_s);
+@@ -5635,7 +5636,7 @@ int wpas_p2p_connect(struct wpa_supplicant *wpa_s, const u8 *peer_addr,
+ 		go_intent = wpa_s->conf->p2p_go_intent;
+ 
+ 	if (!auth)
+-		wpa_s->p2p_long_listen = 0;
++		wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 
+ 	wpa_s->p2p_wps_method = wps_method;
+ 	wpa_s->p2p_persistent_group = !!persistent_group;
+@@ -6952,7 +6953,7 @@ int wpas_p2p_find(struct wpa_supplicant *wpa_s, unsigned int timeout,
+ 		  u8 seek_cnt, const char **seek_string, int freq)
+ {
+ 	wpas_p2p_clear_pending_action_tx(wpa_s);
+-	wpa_s->p2p_long_listen = 0;
++	wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 
+ 	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL ||
+ 	    wpa_s->p2p_in_provisioning) {
+@@ -6997,7 +6998,7 @@ static void wpas_p2p_scan_res_ignore_search(struct wpa_supplicant *wpa_s,
+ static void wpas_p2p_stop_find_oper(struct wpa_supplicant *wpa_s)
+ {
+ 	wpas_p2p_clear_pending_action_tx(wpa_s);
+-	wpa_s->p2p_long_listen = 0;
++	wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 	eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
+ 	eloop_cancel_timeout(wpas_p2p_join_scan, wpa_s, NULL);
+ 
+@@ -7023,7 +7024,7 @@ void wpas_p2p_stop_find(struct wpa_supplicant *wpa_s)
+ static void wpas_p2p_long_listen_timeout(void *eloop_ctx, void *timeout_ctx)
+ {
+ 	struct wpa_supplicant *wpa_s = eloop_ctx;
+-	wpa_s->p2p_long_listen = 0;
++	wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ }
+ 
+ 
+@@ -7052,7 +7053,7 @@ int wpas_p2p_listen(struct wpa_supplicant *wpa_s, unsigned int timeout)
+ 		timeout = 3600;
+ 	}
+ 	eloop_cancel_timeout(wpas_p2p_long_listen_timeout, wpa_s, NULL);
+-	wpa_s->p2p_long_listen = 0;
++	wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 
+ 	/*
+ 	 * Stop previous find/listen operation to avoid trying to request a new
+@@ -7064,7 +7065,7 @@ int wpas_p2p_listen(struct wpa_supplicant *wpa_s, unsigned int timeout)
+ 
+ 	res = wpas_p2p_listen_start(wpa_s, timeout * 1000);
+ 	if (res == 0 && timeout * 1000 > wpa_s->max_remain_on_chan) {
+-		wpa_s->p2p_long_listen = timeout * 1000;
++		wpa_s->global->p2p_init_wpa_s->p2p_long_listen = timeout * 1000;
+ 		eloop_register_timeout(timeout, 0,
+ 				       wpas_p2p_long_listen_timeout,
+ 				       wpa_s, NULL);
+@@ -7171,7 +7172,7 @@ static void wpas_p2p_group_deinit(struct wpa_supplicant *wpa_s)
+ 
+ int wpas_p2p_reject(struct wpa_supplicant *wpa_s, const u8 *addr)
+ {
+-	wpa_s->p2p_long_listen = 0;
++	wpa_s->global->p2p_init_wpa_s->p2p_long_listen = 0;
+ 
+ 	if (wpa_s->global->p2p_disabled || wpa_s->global->p2p == NULL)
+ 		return -1;
+-- 
+2.26.2
+

0001-add-sanity-tests-for-standalone-wpa_supplicant.patch

@@ -0,0 +1,343 @@
+From c7e62303fb92f4608599a77ade315b9b5c9e161d Mon Sep 17 00:00:00 2001
+Message-Id: <c7e62303fb92f4608599a77ade315b9b5c9e161d.1553704253.git.dcaratti@redhat.com>
+From: Davide Caratti <dcaratti@redhat.com>
+Date: Tue, 29 Jan 2019 19:01:59 +0100
+Subject: [PATCH] add sanity tests for standalone wpa_supplicant
+
+Signed-off-by: Davide Caratti <dcaratti@redhat.com>
+---
+ tests/tests.yml                            |  13 ++
+ tests/wpa_supplicant_standalone/Makefile   |  63 ++++++
+ tests/wpa_supplicant_standalone/PURPOSE    |   3 +
+ tests/wpa_supplicant_standalone/runtest.sh | 219 +++++++++++++++++++++
+ 4 files changed, 298 insertions(+)
+ create mode 100644 tests/tests.yml
+ create mode 100644 tests/wpa_supplicant_standalone/Makefile
+ create mode 100644 tests/wpa_supplicant_standalone/PURPOSE
+ create mode 100755 tests/wpa_supplicant_standalone/runtest.sh
+
+diff --git a/tests/tests.yml b/tests/tests.yml
+new file mode 100644
+index 0000000..bab9514
+--- /dev/null
++++ b/tests/tests.yml
+@@ -0,0 +1,13 @@
++---
++- hosts: localhost
++  roles:
++  - role: standard-test-beakerlib
++    tags:
++    - classic
++    tests:
++    - wpa_supplicant_standalone
++    required_packages:
++    - wpa_supplicant
++    - iproute
++    - iw
++    - util-linux
+diff --git a/tests/wpa_supplicant_standalone/Makefile b/tests/wpa_supplicant_standalone/Makefile
+new file mode 100644
+index 0000000..c4bfe53
+--- /dev/null
++++ b/tests/wpa_supplicant_standalone/Makefile
+@@ -0,0 +1,63 @@
++# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
++#
++#   Makefile of /CoreOS/wpa_supplicant/Sanity/wpa_supplicant_standalone
++#   Description: sanity test for wpa_supplicant
++#   Author: Davide Caratti <dcaratti@redhat.com>
++#
++# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
++#
++#   Copyright (c) 2019 Red Hat, Inc.
++#
++#   This program is free software: you can redistribute it and/or
++#   modify it under the terms of the GNU General Public License as
++#   published by the Free Software Foundation, either version 2 of
++#   the License, or (at your option) any later version.
++#
++#   This program is distributed in the hope that it will be
++#   useful, but WITHOUT ANY WARRANTY; without even the implied
++#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
++#   PURPOSE.  See the GNU General Public License for more details.
++#
++#   You should have received a copy of the GNU General Public License
++#   along with this program. If not, see http://www.gnu.org/licenses/.
++#
++# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
++
++export TEST=/CoreOS/wpa_supplicant/Sanity/wpa_supplicant_standalone
++export TESTVERSION=1.0
++
++BUILT_FILES=
++
++FILES=$(METADATA) runtest.sh Makefile PURPOSE
++
++.PHONY: all install download clean
++
++run: $(FILES) build
++	./runtest.sh
++
++build: $(BUILT_FILES)
++	test -x runtest.sh || chmod a+x runtest.sh
++
++clean:
++	rm -f *~ $(BUILT_FILES)
++
++
++include /usr/share/rhts/lib/rhts-make.include
++
++$(METADATA): Makefile
++	@echo "Owner:           Davide Caratti <dcaratti@redhat.com>" > $(METADATA)
++	@echo "Name:            $(TEST)" >> $(METADATA)
++	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
++	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
++	@echo "Description:     sanity test for wpa_supplicant" >> $(METADATA)
++	@echo "Type:            Sanity" >> $(METADATA)
++	@echo "TestTime:        10m" >> $(METADATA)
++	@echo "RunFor:          wpa_supplicant" >> $(METADATA)
++	@echo "Requires:        util-linux iproute iw wpa_supplicant" >> $(METADATA)
++	@echo "Priority:        Normal" >> $(METADATA)
++	@echo "License:         GPLv2+" >> $(METADATA)
++	@echo "Confidential:    no" >> $(METADATA)
++	@echo "Destructive:     no" >> $(METADATA)
++	@echo "Releases:        -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
++
++	rhts-lint $(METADATA)
+diff --git a/tests/wpa_supplicant_standalone/PURPOSE b/tests/wpa_supplicant_standalone/PURPOSE
+new file mode 100644
+index 0000000..a183dc3
+--- /dev/null
++++ b/tests/wpa_supplicant_standalone/PURPOSE
+@@ -0,0 +1,3 @@
++PURPOSE of /CoreOS/wpa_supplicant/Sanity/wpa_supplicant_standalone
++Description: sanity test for wpa_supplicant
++Author: Davide Caratti <dcaratti@redhat.com>
+diff --git a/tests/wpa_supplicant_standalone/runtest.sh b/tests/wpa_supplicant_standalone/runtest.sh
+new file mode 100755
+index 0000000..16390d8
+--- /dev/null
++++ b/tests/wpa_supplicant_standalone/runtest.sh
+@@ -0,0 +1,219 @@
++#!/bin/bash
++# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
++# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
++#
++#   runtest.sh of /CoreOS/wpa_supplicant/Sanity/wpa_supplicant_standalone
++#   Description: sanity test for wpa_supplicant
++#   Author: Davide Caratti <dcaratti@redhat.com>
++#
++# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
++#
++#   Copyright (c) 2019 Red Hat, Inc.
++#
++#   This program is free software: you can redistribute it and/or
++#   modify it under the terms of the GNU General Public License as
++#   published by the Free Software Foundation, either version 2 of
++#   the License, or (at your option) any later version.
++#
++#   This program is distributed in the hope that it will be
++#   useful, but WITHOUT ANY WARRANTY; without even the implied
++#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
++#   PURPOSE.  See the GNU General Public License for more details.
++#
++#   You should have received a copy of the GNU General Public License
++#   along with this program. If not, see http://www.gnu.org/licenses/.
++#
++# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
++
++# Include Beaker environment
++. /usr/bin/rhts-environment.sh || exit 1
++. /usr/share/beakerlib/beakerlib.sh || exit 1
++
++PACKAGE="wpa_supplicant"
++
++MACSTA="00:00:0a:bb:e1:1a"
++IFACEAP="wlan0"
++IFACESTA="wlan1"
++
++open_ap() {
++	local SSID=${1:-notreallyassid}
++
++	cat >openap.conf <<-EOF
++	network={
++		frequency=2412
++		ssid="$SSID"
++		mode=2
++		key_mgmt=NONE
++	}
++	EOF
++	wpa_supplicant -ddd -Dnl80211 -i$IFACEAP -copenap.conf -B -fopenap.log -Pw1ap.pid
++}
++
++open_sta() {
++	local SSID=${1:-notreallyassid}
++
++	cat >opensta.conf <<-EOF
++	network={
++		ssid="$SSID"
++		key_mgmt=NONE
++	}
++	EOF
++	wpa_supplicant -ddd -Dnl80211 -i$IFACESTA -copensta.conf -B -fopensta.log -Pw1sta.pid
++}
++
++wpa2psk_ap() {
++	local SSID=${1:-notreallyassid}
++
++	cat >wpapskap.conf <<-EOF
++	network={
++		frequency=2437
++		ssid="$SSID"
++		mode=2
++		key_mgmt=WPA-PSK
++		pairwise=CCMP
++		group=CCMP
++		psk="hunter2?"
++	}
++	EOF
++	wpa_supplicant -ddd -Dnl80211 -i$IFACEAP -cwpapskap.conf -B -fwpapskap.log -Pw2ap.pid
++}
++
++wpa2psk_sta() {
++	local SSID=${1:-notreallyassid}
++
++	cat >wpapsksta.conf <<-EOF
++	network={
++		frequency=2437
++		ssid="$SSID"
++		proto=WPA
++		key_mgmt=WPA-PSK
++		pairwise=CCMP
++		group=CCMP
++		psk="hunter2?"
++	}
++	EOF
++	wpa_supplicant -ddd -Dnl80211 -i$IFACESTA -cwpapsksta.conf -B -fwpapsksta.log -Pw2sta.pid
++}
++
++kill_supplicants() {
++	local a=`cat w*.pid`
++	local iter=0
++
++	while [ ${#a} -gt 0 -a $iter -lt 10 ]; do
++		for a in $a; do
++			kill $a 1>/dev/null 2>&1
++			sleep 1
++		done
++		a=`cat w*.pid`
++		iter=$((iter+1))
++	done
++
++	ip link set dev $IFACEAP down
++	ip link set dev $IFACESTA down
++
++	if [ $iter -ge 10 -a ${#a} -gt 0 ]; then
++		return 1
++	else
++		return 0
++	fi
++}
++
++check_for_associated_sta()
++{
++
++	local assoc_found=0 assoc_missed=0
++
++	ip link set dev $IFACEAP up
++	while sleep 2; do
++		if iw dev $IFACEAP station dump | grep -i $MACSTA ; then
++			assoc_found=$((assoc_found+1))
++			rlLog "found $MACSTA in $IFACEAP associations ($assoc_found)"
++		else
++			if [ $assoc_found -gt 0 ]; then
++				rlLog "association disappeared after $assoc_found cycles"
++				return 1
++			fi
++			rlLog "didn't find association ($assoc_missed)"
++			assoc_missed=$((assoc_missed+1))
++		fi
++		if [ $assoc_missed -gt 5 ]; then
++			rlLog "timeout waiting for $MACSTA in $IFACEAP station dump"
++			return 1
++		fi
++		if [ $assoc_found -gt 5 ]; then
++			return 0
++		fi
++	done
++	rlLog "sleep failed!"
++	return 1
++}
++
++check_for_running_aps()
++{
++	local probe_ok=0 probe_missed=0
++
++	ip link set dev $IFACESTA up
++	while sleep 1; do
++		if iw dev $IFACESTA scan | grep "${1:-notreallyassid}"; then
++			probe_ok=$((probe_ok+1))
++			rlLog "$probe_ok probe received"
++		else
++			if [ $probe_ok -gt 0 ]; then
++				rlLog "probe failure after $probe_ok attempts"
++				return 1
++			fi
++			rlLog "missed probe response"
++			probe_missed=$((probe_missed+1))
++		fi
++		if [ $probe_missed -gt 5 ]; then
++			rlLog "timeout waiting for beacons"
++			return 1
++		fi
++		if [ $probe_ok -gt 5 ]; then
++			return 0
++		fi
++	done
++	rlLog "sleep failed!"
++	return 1
++}
++
++rlJournalStart
++	rlPhaseStartSetup
++		rlAssertRpm $PACKAGE
++		# avoid randomizing MAC for wlan0 and wlan1
++		rlRun "systemctl stop NetworkManager"
++		# allow scans
++		rlRun "systemctl stop wpa_supplicant"
++		rlRun "rfkill unblock wifi"
++		rlRun "modprobe mac80211_hwsim radio=2"
++		rlRun "ip link set dev $IFACESTA address $MACSTA"
++		rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
++		rlRun "pushd $TmpDir"
++	rlPhaseEnd
++
++	rlPhaseStartTest
++		# cleartext wifi
++		rlRun "kill_supplicants"
++		rlRun "open_ap test_OPEN"
++		rlRun "check_for_running_aps test_OPEN"
++		rlRun "open_sta test_OPEN"
++		rlRun "check_for_associated_sta test_OPEN"
++
++		# WPA2 personal
++		rlRun "kill_supplicants"
++		rlRun "wpa2psk_ap test_WPAPSK"
++		rlRun "check_for_running_aps test_WPAPSK"
++		rlRun "wpa2psk_sta test_WPAPSK"
++		rlRun "check_for_associated_sta test_WPAPSK"
++	rlPhaseEnd
++
++	rlPhaseStartCleanup
++		rlRun kill_supplicants
++		rlRun "popd"
++		rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
++		rlRun "modprobe -r mac80211_hwsim"
++		rlRun "systemctl restart wpa_supplicant"
++		rlRun "systemctl restart NetworkManager"
++		rlPhaseEnd
++	rlJournalPrintText
++rlJournalEnd
+-- 
+2.20.1
+

0001-p2p-Limit-P2P_DEVICE-name-to-appropriate-ifname-size.patch

@@ -0,0 +1,30 @@
+From d4348cbbdbdba5d045b5b389ba6ce97b74936f30 Mon Sep 17 00:00:00 2001
+From: Benjamin Berg <bberg@redhat.com>
+Date: Mon, 15 Jun 2020 16:17:43 +0200
+Subject: [PATCH] p2p: Limit P2P_DEVICE name to appropriate ifname size
+
+Otherwise the WPA_IF_P2P_DEVICE cannot be created. As this is not a
+netdev device, it is acceptable if the name is not completely unique. As
+such, simply insert a NUL byte at the appropriate place.
+---
+ wpa_supplicant/p2p_supplicant.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
+index e94bffe52..17c25889c 100644
+--- a/wpa_supplicant/p2p_supplicant.c
++++ b/wpa_supplicant/p2p_supplicant.c
+@@ -3929,6 +3929,10 @@ int wpas_p2p_add_p2pdev_interface(struct wpa_supplicant *wpa_s,
+ 			  wpa_s->ifname);
+ 	if (os_snprintf_error(sizeof(ifname), ret))
+ 		return -1;
++	/* Cut length at the maximum size. Note that we don't need to ensure
++	 * collision free names here as the created interface is not a netdev.
++	 */
++	ifname[IFNAMSIZ-1] = '\0';
+ 	force_name[0] = '\0';
+ 	wpa_s->pending_interface_type = WPA_IF_P2P_DEVICE;
+ 	ret = wpa_drv_if_add(wpa_s, WPA_IF_P2P_DEVICE, ifname, NULL, NULL,
+-- 
+2.26.2
+

sources

@@ -0,0 +1 @@
+SHA512 (wpa_supplicant-2.9.tar.gz) = 37a33f22cab9d27084fbef29856eaea0f692ff339c5b38bd32402dccf293cb849afd4a870cd3b5ca78179f0102f4011ce2f3444a53dc41dc75a5863b0a2226c8

tests/tests.yml

@@ -0,0 +1,14 @@
+# Tests for wpa_supplicant using NM's wifi and 802.1x tests
+- hosts: localhost
+  roles:
+  - role: standard-test-basic
+    tags:
+    - classic
+    repositories:
+    - repo: "https://gitlab.freedesktop.org/NetworkManager/NetworkManager-ci"
+      dest: "NetworkManager-ci"
+    tests:
+    - sanity-tests:
+        dir: NetworkManager-ci
+        run: run/osci/run-tests wpa_supplicant
+

wpa_supplicant-assoc-timeout.patch

@@ -0,0 +1,16 @@
+diff -up wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c.assoc-timeout wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c
+--- wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c.assoc-timeout	2010-09-07 10:43:39.000000000 -0500
++++ wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c	2010-12-07 18:57:45.163457000 -0600
+@@ -1262,10 +1262,10 @@ void wpa_supplicant_associate(struct wpa
+ 
+ 		if (assoc_failed) {
+ 			/* give IBSS a bit more time */
+-			timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
++			timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
+ 		} else if (wpa_s->conf->ap_scan == 1) {
+ 			/* give IBSS a bit more time */
+-			timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
++			timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 20;
+ 		}
+ 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
+ 	}

wpa_supplicant-config.patch

@@ -0,0 +1,87 @@
+From 72ee1e934e98ea87e4de292958817e724114703e Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Fri, 6 Sep 2019 09:46:00 +0200
+Subject: [PATCH] defconfig: Fedora configuration
+
+---
+ wpa_supplicant/defconfig | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig
+index cdfb197..83c992a 100644
+--- a/wpa_supplicant/defconfig
++++ b/wpa_supplicant/defconfig
+@@ -77,7 +77,7 @@ CONFIG_DRIVER_WIRED=y
+ #CONFIG_DRIVER_MACSEC_QCA=y
+ 
+ # Driver interface for Linux MACsec drivers
+-#CONFIG_DRIVER_MACSEC_LINUX=y
++CONFIG_DRIVER_MACSEC_LINUX=y
+ 
+ # Driver interface for the Broadcom RoboSwitch family
+ #CONFIG_DRIVER_ROBOSWITCH=y
+@@ -146,7 +146,7 @@ CONFIG_EAP_PAX=y
+ CONFIG_EAP_LEAP=y
+ 
+ # EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
+-#CONFIG_EAP_AKA=y
++CONFIG_EAP_AKA=y
+ 
+ # EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
+ # This requires CONFIG_EAP_AKA to be enabled, too.
+@@ -183,7 +183,7 @@ CONFIG_EAP_IKEV2=y
+ #CONFIG_EAP_EKE=y
+ 
+ # MACsec
+-#CONFIG_MACSEC=y
++CONFIG_MACSEC=y
+ 
+ # PKCS#12 (PFX) support (used to read private key and certificate file from
+ # a file that usually has extension .p12 or .pfx)
+@@ -342,6 +342,7 @@ CONFIG_IEEE80211W=y
+ # Select which ciphers to use by default with OpenSSL if the user does not
+ # specify them.
+ #CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
++CONFIG_TLS_DEFAULT_CIPHERS="PROFILE=SYSTEM:3DES"
+ 
+ # If CONFIG_TLS=internal is used, additional library and include paths are
+ # needed for LibTomMath. Alternatively, an integrated, minimal version of
+@@ -473,7 +474,7 @@ CONFIG_DEBUG_SYSLOG=y
+ # Should we attempt to use the getrandom(2) call that provides more reliable
+ # yet secure randomness source than /dev/random on Linux 3.17 and newer.
+ # Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+-#CONFIG_GETRANDOM=y
++CONFIG_GETRANDOM=y
+ 
+ # IEEE 802.11n (High Throughput) support (mainly for AP mode)
+ CONFIG_IEEE80211N=y
+@@ -514,7 +515,7 @@ CONFIG_AP=y
+ CONFIG_P2P=y
+ 
+ # Enable TDLS support
+-#CONFIG_TDLS=y
++CONFIG_TDLS=y
+ 
+ # Wi-Fi Display
+ # This can be used to enable Wi-Fi Display extensions for P2P using an external
+@@ -593,7 +594,7 @@ CONFIG_IBSS_RSN=y
+ #CONFIG_PMKSA_CACHE_EXTERNAL=y
+ 
+ # Mesh Networking (IEEE 802.11s)
+-#CONFIG_MESH=y
++CONFIG_MESH=y
+ 
+ # Background scanning modules
+ # These can be used to request wpa_supplicant to perform background scanning
+@@ -607,7 +608,7 @@ CONFIG_BGSCAN_SIMPLE=y
+ 
+ # Opportunistic Wireless Encryption (OWE)
+ # Experimental implementation of draft-harkins-owe-07.txt
+-#CONFIG_OWE=y
++CONFIG_OWE=y
+ 
+ # Device Provisioning Protocol (DPP)
+ # This requires CONFIG_IEEE80211W=y to be enabled, too. (see
+-- 
+2.21.0
+

wpa_supplicant-flush-debug-output.patch

@@ -0,0 +1,49 @@
+--- wpa_supplicant-0.6.3/src/utils/wpa_debug.c.flush-debug	2007-07-30 23:15:34.000000000 -0400
++++ wpa_supplicant-0.6.3/src/utils/wpa_debug.c	2007-07-30 23:17:06.000000000 -0400
+@@ -157,6 +157,7 @@ void wpa_debug_print_timestamp(void)
+ 	if (out_file) {
+ 		fprintf(out_file, "%ld.%06u: ", (long) tv.sec,
+ 			(unsigned int) tv.usec);
++		fflush(out_file);
+ 	} else
+ #endif /* CONFIG_DEBUG_FILE */
+ 	printf("%ld.%06u: ", (long) tv.sec, (unsigned int) tv.usec);
+@@ -185,6 +186,7 @@ void wpa_printf(int level, char *fmt, ..
+ 		if (out_file) {
+ 			vfprintf(out_file, fmt, ap);
+ 			fprintf(out_file, "\n");
++			fflush(out_file);
+ 		} else {
+ #endif /* CONFIG_DEBUG_FILE */
+ 		vprintf(fmt, ap);
+@@ -217,6 +219,7 @@ static void _wpa_hexdump(int level, cons
+ 			fprintf(out_file, " [REMOVED]");
+ 		}
+ 		fprintf(out_file, "\n");
++		fflush(out_file);
+ 	} else {
+ #endif /* CONFIG_DEBUG_FILE */
+ 	printf("%s - hexdump(len=%lu):", title, (unsigned long) len);
+@@ -262,12 +265,14 @@ static void _wpa_hexdump_ascii(int level
+ 			fprintf(out_file,
+ 				"%s - hexdump_ascii(len=%lu): [REMOVED]\n",
+ 				title, (unsigned long) len);
++			fflush(out_file);
+ 			return;
+ 		}
+ 		if (buf == NULL) {
+ 			fprintf(out_file,
+ 				"%s - hexdump_ascii(len=%lu): [NULL]\n",
+ 				title, (unsigned long) len);
++			fflush(out_file);
+ 			return;
+ 		}
+ 		fprintf(out_file, "%s - hexdump_ascii(len=%lu):\n",
+@@ -292,6 +297,7 @@ static void _wpa_hexdump_ascii(int level
+ 			pos += llen;
+ 			len -= llen;
+ 		}
++		fflush(out_file);
+ 	} else {
+ #endif /* CONFIG_DEBUG_FILE */
+ 	if (!show) {

wpa_supplicant-gui-qt4.patch

@@ -0,0 +1,41 @@
+From 9404f356e394604d1d3d6dbffc52abd54260e4d4 Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Tue, 27 Oct 2015 08:56:35 +0100
+Subject: [PATCH] wpa_supplicant: allow overriding the names of the Qt4 tools
+
+This is useful for distributions that ship different versions of Qt in
+different locations.
+---
+ wpa_supplicant/Makefile | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
+index ad9ead9..b19676d 100644
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -11,6 +11,9 @@ export INCDIR ?= /usr/local/include/
+ export BINDIR ?= /usr/local/sbin/
+ PKG_CONFIG ?= pkg-config
+ 
++QMAKE ?= qmake
++LRELEASE ?= lrelease
++
+ CFLAGS += $(EXTRA_CFLAGS)
+ CFLAGS += -I$(abspath ../src)
+ CFLAGS += -I$(abspath ../src/utils)
+@@ -1787,10 +1790,10 @@ wpa_gui:
+ 	@echo "wpa_gui has been removed - see wpa_gui-qt4 for replacement"
+ 
+ wpa_gui-qt4/Makefile:
+-	qmake -o wpa_gui-qt4/Makefile wpa_gui-qt4/wpa_gui.pro
++	$(QMAKE) -o wpa_gui-qt4/Makefile wpa_gui-qt4/wpa_gui.pro
+ 
+ wpa_gui-qt4/lang/wpa_gui_de.qm: wpa_gui-qt4/lang/wpa_gui_de.ts
+-	lrelease wpa_gui-qt4/wpa_gui.pro
++	$(LRELEASE) wpa_gui-qt4/wpa_gui.pro
+ 
+ wpa_gui-qt4: wpa_gui-qt4/Makefile wpa_gui-qt4/lang/wpa_gui_de.qm
+ 	$(MAKE) -C wpa_gui-qt4
+-- 
+2.6.2
+

wpa_supplicant-quiet-scan-results-message.patch

@@ -0,0 +1,30 @@
+From 763a4ef660e2bd81f6cdc71a2f29a0a3e71b2ebc Mon Sep 17 00:00:00 2001
+From: Dan Williams <dcbw@redhat.com>
+Date: Tue, 22 Nov 2016 15:48:17 +0100
+Subject: [PATCH 1/2] quiet an annoying and frequent syslog message
+
+---
+ wpa_supplicant/events.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
+index abe3b47..72a0412 100644
+--- a/wpa_supplicant/events.c
++++ b/wpa_supplicant/events.c
+@@ -1555,11 +1555,11 @@ static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
+ 	if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
+ 	    wpa_s->manual_scan_use_id && wpa_s->own_scan_running &&
+ 	    own_request && !(data && data->scan_info.external_scan)) {
+-		wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u",
++		wpa_msg_ctrl(wpa_s, MSG_DEBUG, WPA_EVENT_SCAN_RESULTS "id=%u",
+ 			     wpa_s->manual_scan_id);
+ 		wpa_s->manual_scan_use_id = 0;
+ 	} else {
+-		wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS);
++		wpa_msg_ctrl(wpa_s, MSG_DEBUG, WPA_EVENT_SCAN_RESULTS);
+ 	}
+ 	wpas_notify_scan_results(wpa_s);
+ 
+-- 
+2.9.3
+

wpa_supplicant.conf

@@ -0,0 +1,3 @@
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=wheel
+

wpa_supplicant.logrotate

@@ -0,0 +1,6 @@
+/var/log/wpa_supplicant.log {
+    missingok
+    notifempty
+    size 30k
+    create 0600 root root
+}

wpa_supplicant.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=WPA supplicant
+Before=network.target
+Wants=network.target
+After=dbus.service
+
+[Service]
+Type=dbus
+BusName=fi.w1.wpa_supplicant1
+EnvironmentFile=-/etc/sysconfig/wpa_supplicant
+ExecStart=/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u $INTERFACES $DRIVERS $OTHER_ARGS
+
+[Install]
+WantedBy=multi-user.target
+

wpa_supplicant.spec

@@ -0,0 +1,765 @@
+%global _hardened_build 1
+%bcond_without gui
+
+Summary: WPA/WPA2/IEEE 802.1X Supplicant
+Name: wpa_supplicant
+Epoch: 1
+Version: 2.9
+Release: 6%{?dist}
+License: BSD
+Source0: http://w1.fi/releases/%{name}-%{version}.tar.gz
+Source1: wpa_supplicant.conf
+Source2: wpa_supplicant.service
+Source3: wpa_supplicant.sysconfig
+Source4: wpa_supplicant.logrotate
+
+# distro specific customization and not suitable for upstream,
+# Fedora-specific updates to defconfig
+Patch0: wpa_supplicant-config.patch
+# works around busted drivers
+Patch1: wpa_supplicant-assoc-timeout.patch
+# ensures that debug output gets flushed immediately to help diagnose driver
+# bugs, not suitable for upstream
+Patch2: wpa_supplicant-flush-debug-output.patch
+# quiet an annoying and frequent syslog message
+Patch3: wpa_supplicant-quiet-scan-results-message.patch
+# distro specific customization for Qt4 build tools, not suitable for upstream
+Patch4: wpa_supplicant-gui-qt4.patch
+# fix AP mode PMF disconnection protection bypass
+Patch5: 0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
+
+# fix some issues with P2P operation
+Patch6: 0001-P2P-Always-use-global-p2p_long_listen.patch
+Patch7: 0001-D-Bus-Fix-P2P-NULL-dereference-after-interface-remov.patch
+Patch8: 0001-p2p-Limit-P2P_DEVICE-name-to-appropriate-ifname-size.patch
+
+URL: http://w1.fi/wpa_supplicant/
+
+%if %with gui
+BuildRequires: qt-devel >= 4.0
+%endif
+BuildRequires: openssl-devel
+BuildRequires: readline-devel
+BuildRequires: dbus-devel
+BuildRequires: libnl3-devel
+BuildRequires: systemd-units
+BuildRequires: docbook-utils
+Requires(post): systemd-sysv
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+# libeap used to be built from wpa_supplicant with some fairly horrible
+# hackery, solely for use by WiMAX. We dropped all WiMAX support around
+# F21. This is here so people don't wind up with obsolete libeap packages
+# lying around. If it's ever resurrected for any reason, this needs
+# dropping.
+Obsoletes: libeap < %{epoch}:%{version}-%{release}
+Obsoletes: libeap-devel < %{epoch}:%{version}-%{release}
+
+%description
+wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support
+for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA
+component that is used in the client stations. It implements key negotiation
+with a WPA Authenticator and it controls the roaming and IEEE 802.11
+authentication/association of the wlan driver.
+
+
+%if %with gui
+%package gui
+Summary: Graphical User Interface for %{name}
+
+%description gui
+Graphical User Interface for wpa_supplicant written using QT
+%endif
+
+
+%prep
+%autosetup -p1
+
+
+%build
+pushd wpa_supplicant
+  cp defconfig .config
+  export CFLAGS="${CFLAGS:-%optflags} -fPIE -DPIE"
+  export CXXFLAGS="${CXXFLAGS:-%optflags} -fPIE -DPIE"
+  export LDFLAGS="${LDFLAGS:-%optflags} -pie -Wl,-z,now"
+  # yes, BINDIR=_sbindir
+  export BINDIR="%{_sbindir}"
+  export LIBDIR="%{_libdir}"
+  make %{_smp_mflags} V=1
+%if %with gui
+  make wpa_gui-qt4 %{_smp_mflags} V=1 QTDIR=%{_libdir}/qt4 \
+    QMAKE='%{qmake_qt4}' LRELEASE='%{_qt4_bindir}/lrelease'
+%endif
+  make eapol_test V=1
+  make -C doc/docbook man V=1
+popd
+
+
+%install
+# config
+install -D -m 0600 %{SOURCE1} %{buildroot}/%{_sysconfdir}/wpa_supplicant/wpa_supplicant.conf
+
+# init scripts
+install -D -m 0644 %{SOURCE2} %{buildroot}/%{_unitdir}/wpa_supplicant.service
+install -D -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/sysconfig/wpa_supplicant
+install -D -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/logrotate.d/wpa_supplicant
+
+# binary
+install -d %{buildroot}/%{_sbindir}
+install -m 0755 wpa_supplicant/wpa_passphrase %{buildroot}/%{_sbindir}
+install -m 0755 wpa_supplicant/wpa_cli %{buildroot}/%{_sbindir}
+install -m 0755 wpa_supplicant/wpa_supplicant %{buildroot}/%{_sbindir}
+install -m 0755 wpa_supplicant/eapol_test %{buildroot}/%{_sbindir}
+install -D -m 0644 wpa_supplicant/dbus/dbus-wpa_supplicant.conf \
+  %{buildroot}/%{_sysconfdir}/dbus-1/system.d/wpa_supplicant.conf
+install -D -m 0644 wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service \
+  %{buildroot}/%{_datadir}/dbus-1/system-services/fi.w1.wpa_supplicant1.service
+
+%if %with gui
+# gui
+install -d %{buildroot}/%{_bindir}
+install -m 0755 wpa_supplicant/wpa_gui-qt4/wpa_gui %{buildroot}/%{_bindir}
+%endif
+
+# man pages
+install -d %{buildroot}%{_mandir}/man{5,8}
+install -m 0644 wpa_supplicant/doc/docbook/*.8 %{buildroot}%{_mandir}/man8
+install -m 0644 wpa_supplicant/doc/docbook/*.5 %{buildroot}%{_mandir}/man5
+
+# some cleanup in docs and examples
+rm -f  wpa_supplicant/doc/.cvsignore
+rm -rf wpa_supplicant/doc/docbook
+chmod -R 0644 wpa_supplicant/examples/*.py
+
+
+%post
+%systemd_post wpa_supplicant.service
+
+
+%preun
+%systemd_preun wpa_supplicant.service
+
+%triggerun -- wpa_supplicant < 0.7.3-10
+# Save the current service runlevel info
+# User must manually run systemd-sysv-convert --apply wpa_supplicant
+# to migrate them to systemd targets
+/usr/bin/systemd-sysv-convert --save wpa_supplicant >/dev/null 2>&1 ||:
+
+# Run these because the SysV package being removed won't do them
+/sbin/chkconfig --del wpa_supplicant >/dev/null 2>&1 || :
+/bin/systemctl try-restart wpa_supplicant.service >/dev/null 2>&1 || :
+
+
+%files
+%config(noreplace) %{_sysconfdir}/wpa_supplicant/wpa_supplicant.conf
+%config(noreplace) %{_sysconfdir}/sysconfig/wpa_supplicant
+%dir %{_sysconfdir}/logrotate.d
+%config(noreplace) %{_sysconfdir}/logrotate.d/wpa_supplicant
+%{_unitdir}/wpa_supplicant.service
+%{_sysconfdir}/dbus-1/system.d/wpa_supplicant.conf
+%{_datadir}/dbus-1/system-services/fi.w1.wpa_supplicant1.service
+%{_sbindir}/wpa_passphrase
+%{_sbindir}/wpa_supplicant
+%{_sbindir}/wpa_cli
+%{_sbindir}/eapol_test
+%dir %{_sysconfdir}/wpa_supplicant
+%{_mandir}/man8/wpa_supplicant.8.gz
+%{_mandir}/man8/wpa_priv.8.gz
+%{_mandir}/man8/wpa_passphrase.8.gz
+%{_mandir}/man8/wpa_cli.8.gz
+%{_mandir}/man8/wpa_background.8.gz
+%{_mandir}/man8/eapol_test.8.gz
+%{_mandir}/man5/*
+%doc README
+%doc wpa_supplicant/ChangeLog
+%doc wpa_supplicant/eap_testing.txt
+%doc wpa_supplicant/todo.txt
+%doc wpa_supplicant/wpa_supplicant.conf
+%doc wpa_supplicant/examples
+%license COPYING
+
+
+%if %with gui
+%files gui
+%{_bindir}/wpa_gui
+%{_mandir}/man8/wpa_gui.8.gz
+%endif
+
+
+%changelog
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.9-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Jun 15 2020 Benjamin Berg <bberg@redhat.com> - 1:2.9-5
+- fix some issues with P2P operation
+
+* Thu Apr 23 2020 Davide Caratti <dcaratti@redhat.com> - 1:2.9-4
+- Enable Tunneled Direct Link Setup (TDLS)
+
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.9-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Wed Oct 30 2019 Davide Caratti <dcaratti@redhat.com> - 1:2.9-2
+- fix AP mode PMF disconnection protection bypass (CVE-2019-16275, rh #1767026)
+
+* Fri Aug 16 2019 Lubomir Rintel <lkundrak@v3.sk> - 1:2.9-1
+- Update to version 2.9
+
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.8-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri May 10 2019 Davide Caratti <dcaratti@redhat.com> - 1:2.8-2
+- fix changelog for version 2.8-1
+
+* Thu May 02 2019 Davide Caratti <dcaratti@redhat.com> - 1:2.8-1
+- Update to 2.8 upstream release, to include latest fix for NULL
+  pointer dereference when EAP-PWD peer receives unexpected EAP
+  fragments (CVE-2019-11555, rh #1701759)
+
+* Fri Apr 12 2019 Davide Caratti <dcaratti@redhat.com> - 1:2.7-5
+- fix SAE and EAP_PWD vulnerabilities:
+  CVE-2019-9494 (cache attack against SAE)
+  CVE-2019-9495 (cache attack against EAP-pwd)
+  CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
+  CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
+  CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element)
+  CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element)
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.7-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Jan 21 2019 Lubomir Rintel <lkundrak@v3.sk> - 1:2.7-3
+- Enable OWE and DPP
+- Expose SAE support on D-Bus
+
+* Mon Jan 21 2019 Lubomir Rintel <lkundrak@v3.sk> - 1:2.7-2
+- Enable MESH & SAE
+
+* Tue Dec 18 2018 Lubomir Rintel <lkundrak@v3.sk> - 1:2.7-1
+- Update to 2.7 upstream release
+
+* Wed Aug 15 2018 Lubomir Rintel <lkundrak@v3.sk> - 1:2.6-20
+- Expose availability of SHA384 and FT on D-Bus
+
+* Wed Aug 15 2018 Lubomir Rintel <lkundrak@v3.sk> - 1:2.6-19
+- Drop the broken Pmf D-Bus property patch
+
+* Wed Aug  8 2018 Davide Caratti <dcaratti@redhat.com> - 1:2.6-18
+- Ignore unauthenticated encrypted EAPOL-Key data (CVE-2018-14526)
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.6-17
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Fri Jun 22 2018 Davide Caratti <dcaratti@redhat.com> - 1:2.6-16
+- Fix endoding of NL80211_ATTR_SMPS_MODE (rh#1570903)
+
+* Fri May 11 2018 Davide Caratti <dcaratti@redhat.com> - 1:2.6-15
+- Make PMF configurable using D-Bus (rh#1567474)
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.6-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Tue Jan 16 2018 Davide Caratti <dcaratti@redhat.com> - 1:2.6-13
+- Don't restart wpa_supplicant.service on package upgrade (rh#1535233)
+
+* Wed Nov  1 2017 Jiří Klimeš <blueowl@centrum.cz> - 1:2.6-12
+- Fix crash when using MACsec without loaded macsec.ko (rh #1497640)
+- Enable Fast BSS Transition for station mode (rh #1372928)
+
+* Mon Oct 16 2017 Lubomir Rintel <lkundrak@v3.sk> - 1:2.6-11
+- hostapd: Avoid key reinstallation in FT handshake (CVE-2017-13082)
+- Fix PTK rekeying to generate a new ANonce
+- Prevent reinstallation of an already in-use group key and extend
+  protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
+  (CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081,
+  CVE-2017-13087, CVE-2017-13088)
+- Prevent installation of an all-zero TK
+- TDLS: Reject TPK-TK reconfiguration
+- WNM: Ignore WNM-Sleep Mode Response without pending request
+- FT: Do not allow multiple Reassociation Response frames
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.6-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.6-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Mon Jul 17 2017 Beniamino Galvani <bgalvani@redhat.com> - 1:2.6-8
+- OpenSSL: use system ciphers by default (rh #1462262)
+- OpenSSL: fix private key password callback (rh #1465138)
+
+* Wed May 17 2017 Beniamino Galvani <bgalvani@redhat.com> - 1:2.6-7
+- nl80211: Fix race condition in detecting MAC change (rh #1451834)
+
+* Tue Apr 11 2017 Davide Caratti <dcaratti@redhat.com> - 1:2.6-6
+- Fix use-after-free when macsec secure channels are deleted
+- Fix segmentation fault in case macsec module is not loaded (rh#1428937)
+
+* Mon Mar 13 2017 Thomas Haller <thaller@redhat.com> - 1:2.6-5
+- Enable IEEE 802.11w (management frame protection, PMF) (rh#909499)
+
+* Thu Mar  2 2017 Davide Caratti <dcaratti@redhat.com> - 1:2.6-4
+- Backport support for IEEE 802.1AE (macsec)
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Fri Jan 27 2017 Jiří Klimeš <blueowl@centrum.cz> - 1:2.6-2
+- Enable Wi-Fi Display support for Miracast (rh #1395682)
+
+* Tue Nov 22 2016 Lubomir Rintel <lkundrak@v3.sk> - 1:2.6-1
+- Update to version 2.6
+
+* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.5-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Mon Nov 16 2015 Lubomir Rintel <lkundrak@v3.sk> - 1:2.5-4
+- Really synchronize the service file with upstream
+
+* Tue Nov 03 2015 Lukáš Nykrýn <lnykryn@redhat.com> - 1:2.5-3
+- Scriptlets replaced with new systemd macros (rh #850369)
+
+* Sat Oct 31 2015 Lubomir Rintel <lkundrak@v3.sk> - 1:2.5-2
+- Enable syslog by default
+- Drop writing a pid and log file
+
+* Tue Oct 27 2015 Lubomir Rintel <lkundrak@v3.sk> - 1:2.5-1
+- Update to version 2.5
+
+* Fri Oct 23 2015 Lubomir Rintel <lkundrak@v3.sk> - 1:2.4-6
+- Fix the D-Bus policy
+
+* Sat Oct  3 2015 Ville Skyttä <ville.skytta@iki.fi> - 1:2.4-5
+- Don't order service after syslog.target (rh #1055197)
+- Mark COPYING as %%license
+
+* Wed Jul 15 2015 Jiří Klimeš <jklimes@redhat.com> - 1:2.4-4
+- Fix for NDEF record payload length checking (rh #1241907)
+
+* Tue Jun 16 2015 Jiří Klimeš <jklimes@redhat.com> - 1:2.4-3
+- Fix a crash if P2P management interface is used (rh #1231973)
+
+* Thu Apr 23 2015 Dan Williams <dcbw@redhat.com> - 1:2.4-2
+- Remove obsolete wpa_supplicant-openssl-more-algs.patch
+
+* Thu Apr 23 2015 Adam Williamson <awilliam@redhat.com> - 1:2.4-1
+- new release 2.4
+- add some info on a couple of patches
+- drop some patches merged or superseded upstream
+- rediff other patches
+- drop libeap hackery (we dropped the kernel drivers anyhow)
+- backport fix for CVE-2015-1863
+
+* Sat Nov 01 2014 Orion Poplawski <orion@cora.nwra.com> - 1:2.3-2
+- Do not install wpa_supplicant.service as executable (bug #803980)
+
+* Thu Oct 30 2014 Lubomir Rintel <lkundrak@v3.sk> - 1:2.3-1
+- Update to 2.3
+
+* Wed Oct 22 2014 Dan Williams <dcbw@redhat.com> - 1:2.0-12
+- Use os_exec() for action script execution (CVE-2014-3686)
+
+* Thu Aug 21 2014 Kevin Fenzi <kevin@scrye.com> - 1:2.0-11
+- Rebuild for rpm bug 1131960
+
+* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:2.0-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:2.0-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Mon Nov 18 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-8
+- Don't disconnect when PMKSA cache gets too large (rh #1016707)
+
+* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:2.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Wed Jul 10 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-6
+- Enable full RELRO/PIE/PIC for wpa_supplicant and libeap
+- Fix changelog dates
+
+* Wed Jul 10 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-5
+- Build and package eapol_test (rh #638218)
+
+* Wed Jul 10 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-4
+- Disable WiMAX libeap hack for RHEL
+
+* Wed May 15 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-3
+- Enable HT (802.11n) for AP mode
+
+* Tue May  7 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-2
+- Use hardened build macros and ensure they apply to libeap too
+
+* Mon May  6 2013 Dan Williams <dcbw@redhat.com> - 1:2.0-1
+- Update to 2.0
+- Be less aggressive when roaming due to signal strength changes (rh #837402)
+
+* Mon Apr  1 2013 Dan Williams <dcbw@redhat.com> - 1:1.1-1
+- Update to 1.1
+- Be less aggressive when roaming due to signal strength changes
+
+* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Sun Jan 20 2013 Dan Horák <dan@danny.cz> - 1:1.0-3
+- rebuilt again for fixed soname in libnl3
+
+* Sun Jan 20 2013 Kalev Lember <kalevlember@gmail.com> - 1:1.0-2
+- Rebuilt for libnl3
+
+* Wed Aug 29 2012 Dan Williams <dcbw@redhat.com> - 1:1.0-1
+- Enable lightweight AP mode support
+- Enable P2P (WiFi Direct) support
+- Enable RSN IBSS/AdHoc support
+
+* Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.0-0.5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Tue May  1 2012 Dan Williams <dcbw@redhat.com> - 1:1.0-0.4
+- Update to wpa_supplicant 1.0-rc3
+- Fix systemd target dependencies (rh #815091)
+
+* Fri Mar  2 2012 Dan Williams <dcbw@redhat.com> - 1:1.0-0.3
+- Update to latest 1.0 git snapshot
+- Rebuild against libnl3
+
+* Thu Feb  2 2012 Dan Williams <dcbw@redhat.com> - 1:1.0-0.2
+- Fix driver fallback for non nl80211-based drivers (rh #783712)
+
+* Tue Jan 10 2012 Dan Williams <dcbw@redhat.com> - 1:1.0-0.1
+- Update to 1.0-rc1 + git
+
+* Fri Sep  9 2011 Tom Callaway <spot@fedoraproject.org> - 1:0.7.3-11
+- add missing systemd scriptlets
+
+* Thu Sep  8 2011 Tom Callaway <spot@fedoraproject.org> - 1:0.7.3-10
+- convert to systemd
+
+* Wed Jul 27 2011 Dan Williams <dcbw@redhat.com> - 1:0.7.3-9
+- Fix various crashes with D-Bus interface (rh #678625) (rh #725517)
+
+* Tue May  3 2011 Dan Williams <dcbw@redhat.com> - 1:0.7.3-8
+- Don't crash when trying to access invalid properties via D-Bus (rh #678625)
+
+* Mon May  2 2011 Dan Williams <dcbw@redhat.com> - 1:0.7.3-7
+- Make examples read-only to avoid erroneous python dependency (rh #687952)
+
+* Tue Apr 19 2011 Bill Nottingham <notting@redhat.com> - 1:0.7.3-6
+- Fix EAP patch to only apply when building libeap
+
+* Fri Mar 25 2011 Bill Nottingham <notting@redhat.com> - 1:0.7.3-5
+- Add libeap/libeap-devel subpackge for WiMAX usage
+
+* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:0.7.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Tue Jan 11 2011 Dan Williams <dcbw@redhat.com> - 1:0.7.3-3
+- Enable EAP-TNC (rh #659038)
+
+* Wed Dec 15 2010 Dan Williams <dcbw@redhat.com> - 1:0.7.3-2
+- Enable the bgscan_simple plugin
+
+* Wed Dec  8 2010 Dan Williams <dcbw@redhat.com> - 1:0.7.3-1
+- Update to 0.7.3
+- Drop upstreamed and backported patches
+- Drop support for Qt3
+
+* Thu Oct  7 2010 Peter Lemenkov <lemenkov@gmail.com> - 1:0.6.8-11
+- Added comments to some patches (see rhbz #226544#c17)
+- Shortened %%install section a bit
+
+* Thu May 13 2010 Dan Williams <dcbw@redhat.com> - 1:0.6.8-10
+- Remove prereq on chkconfig
+- Build GUI with qt4 for rawhide (rh #537105)
+
+* Thu May  6 2010 Dan Williams <dcbw@redhat.com> - 1:0.6.8-9
+- Fix crash when interfaces are removed (like suspend/resume) (rh #589507)
+
+* Wed Jan  6 2010 Dan Williams <dcbw@redhat.com> - 1:0.6.8-8
+- Fix handling of newer PKCS#12 files (rh #541924)
+
+* Sun Nov 29 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.8-7
+- Fix supplicant initscript return value (rh #521807)
+- Fix race when connecting to WPA-Enterprise/802.1x-enabled access points (rh #508509)
+- Don't double-scan when attempting to associate
+
+* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 1:0.6.8-6
+- rebuilt with new openssl
+
+* Mon Jul 27 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:0.6.8-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed May 13 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.8-4
+- Let D-Bus clients know when the supplicant is scanning
+
+* Tue May 12 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.8-3
+- Ensure the supplicant starts and ends with clean driver state
+- Handle driver disconnect spammage by forcibly clearing SSID
+- Don't switch access points unless the current association is dire (rh #493745)
+
+* Tue May 12 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.8-2
+- Avoid creating bogus Ad-Hoc networks when forcing the driver to disconnect (rh #497771)
+
+* Mon Mar  9 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.8-1
+- Update to latest upstream release
+
+* Wed Feb 25 2009 Colin Walters <walters@verbum.org> - 1:0.6.7-4
+- Add patch from upstream to suppress unrequested replies, this
+  quiets a dbus warning.
+
+* Fri Feb  6 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.7-3
+- Fix scan result retrieval in very dense wifi environments
+
+* Fri Feb  6 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.7-2
+- Ensure that drivers don't retry association when they aren't supposed to
+
+* Fri Jan 30 2009 Dan Williams <dcbw@redhat.com> - 1:0.6.7-1
+- Fix PEAP connections to Windows Server 2008 authenticators (rh #465022)
+- Stop supplicant on uninstall (rh #447843)
+- Suppress scan results message in logs (rh #466601)
+
+* Sun Jan 18 2009 Tomas Mraz <tmraz@redhat.com> - 1:0.6.4-3
+- rebuild with new openssl
+
+* Wed Oct 15 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.4-2
+- Handle encryption keys correctly when switching 802.11 modes (rh #459399)
+- Better scanning behavior on resume from suspend/hibernate
+- Better interaction with newer kernels and drivers
+
+* Wed Aug 27 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.4-1
+- Update to 0.6.4
+- Remove 'hostap', 'madwifi', and 'prism54' drivers; use standard 'wext' instead
+- Drop upstreamed patches
+
+* Tue Jun 10 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.3-6
+- Fix 802.11a frequency bug
+- Always schedule specific SSID scans to help find hidden APs
+- Properly switch between modes on mac80211 drivers
+- Give adhoc connections more time to assocate
+
+* Mon Mar 10 2008 Christopher Aillon <caillon@redhat.com> - 1:0.6.3-5
+- BuildRequires qt3-devel
+
+* Sat Mar  8 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.3-4
+- Fix log file path in service config file
+
+* Thu Mar  6 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.3-3
+- Don't start the supplicant by default when installed (rh #436380)
+
+* Tue Mar  4 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.3-2
+- Fix a potential use-after-free in the D-Bus byte array demarshalling code
+
+* Mon Mar  3 2008 Dan Williams <dcbw@redhat.com> - 1:0.6.3-1
+- Update to latest development release; remove upstreamed patches
+
+* Fri Feb 22 2008 Dan Williams <dcbw@redhat.com> 1:0.5.7-23
+- Fix gcc 4.3 rebuild issues
+
+* Mon Feb 18 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1:0.5.7-22
+- Autorebuild for GCC 4.3
+
+* Tue Dec 25 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-21
+- Backport 'frequency' option for Ad-Hoc network configs
+
+* Mon Dec 24 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-20
+- Fix LSB initscript header to ensure 'messagebus' is started first (rh #244029)
+
+* Thu Dec  6 2007 Dan Williams <dcbw@redhat.com> - 1:0.5.7-19
+- Fix two leaks when signalling state and scan results (rh #408141)
+- Add logrotate config file (rh #404181)
+- Add new LSB initscript header to initscript with correct deps (rh #244029)
+- Move other runtime arguments to /etc/sysconfig/wpa_supplicant
+- Start after messagebus service (rh #385191)
+- Fix initscript 'condrestart' command (rh #217281)
+
+* Tue Dec  4 2007 Matthias Clasen <mclasen@redhat.com> - 1:0.5.7-18
+- Rebuild against new openssl
+
+* Tue Dec  4 2007 Ville Skyttä <ville.skytta at iki.fi> - 1:0.5.7-17
+- Group: Application/System -> Applications/System in -gui.
+
+* Tue Nov 13 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-16
+- Add IW_ENCODE_TEMP patch for airo driver and Dynamic WEP
+- Fix error in wpa_supplicant-0.5.7-ignore-dup-ca-cert-addition.patch that
+    caused the last error to not be printed
+- Fix wpa_supplicant-0.5.7-ignore-dup-ca-cert-addition.patch to ignore
+    duplicate cert additions for all certs and keys
+- Change license to BSD due to linkage against OpenSSL since there is no
+    OpenSSL exception in the GPLv2 license text that upstream ships
+
+* Sun Oct 28 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-15
+- Fix Dynamic WEP associations with mac80211-based drivers
+
+* Sun Oct 28 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-14
+- Don't error an association on duplicate CA cert additions
+
+* Wed Oct 24 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-13
+- Correctly set the length of blobs added via the D-Bus interface
+
+* Wed Oct 24 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-12
+- Fix conversion of byte arrays to strings by ensuring the buffer is NULL
+    terminated after conversion
+
+* Sat Oct 20 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-11
+- Add BLOB support to the D-Bus interface
+- Fix D-Bus interface permissions so that only root can use the wpa_supplicant
+    D-Bus interface
+
+* Tue Oct  9 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-10
+- Don't segfault with dbus control interface enabled and invalid network
+    interface (rh #310531)
+
+* Tue Sep 25 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-9
+- Always allow explicit wireless scans triggered from a control interface
+
+* Thu Sep 20 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-8
+- Change system bus activation file name to work around D-Bus bug that fails
+    to launch services unless their .service file is named the same as the
+    service itself
+
+* Fri Aug 24 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-7
+- Make SIGUSR1 change debug level on-the-fly; useful in combination with
+    the -f switch to log output to /var/log/wpa_supplicant.log
+- Stop stripping binaries on install so we get debuginfo packages
+- Remove service start requirement for interfaces & devices from sysconfig file,
+    since wpa_supplicant's D-Bus interface is now turned on
+
+* Fri Aug 17 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-6
+- Fix compilation with RPM_OPT_FLAGS (rh #249951)
+- Make debug output to logfile a runtime option
+
+* Fri Aug 17 2007 Christopher Aillon <caillon@redhat.com> - 0.5.7-5
+- Update the license tag
+
+* Tue Jun 19 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-4
+- Fix initscripts to use -Dwext by default, be more verbose on startup
+    (rh #244511)
+
+* Mon Jun  4 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-3
+- Fix buffer overflow by removing syslog patch (#rh242455)
+
+* Mon Apr  9 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-2
+- Add patch to send output to syslog
+
+* Thu Mar 15 2007 Dan Williams <dcbw@redhat.com> - 0.5.7-1
+- Update to 0.5.7 stable release
+
+* Fri Oct 27 2006 Dan Williams <dcbw@redhat.com> - 0.4.9-1
+- Update to 0.4.9 for WE-21 fixes, remove upstreamed patches
+- Don't package doc/ because they aren't actually wpa_supplicant user documentation,
+    and becuase it pulls in perl
+
+* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.4.8-10.1
+- rebuild
+
+* Thu Apr 27 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-10
+- Add fix for madwifi and WEP (wpa_supplicant/hostap bud #140) (#rh190075#)
+- Fix up madwifi-ng private ioctl()s for r1331 and later
+- Update madwifi headers to r1475
+
+* Tue Apr 25 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-9
+- Enable Wired driver, PKCS12, and Smartcard options (#rh189805#)
+
+* Tue Apr 11 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-8
+- Fix control interface key obfuscation a bit
+
+* Sun Apr  2 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-7
+- Work around older & incorrect drivers that return null-terminated SSIDs
+
+* Mon Mar 27 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-6
+- Add patch to make orinoco happy with WEP keys
+- Enable Prism54-specific driver
+- Disable ipw-specific driver; ipw2x00 should be using WEXT instead
+
+* Fri Mar  3 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-5
+- Increase association timeout, mainly for drivers that don't
+	fully support WPA ioctls yet
+
+* Fri Mar  3 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-4
+- Add additional BuildRequires #rh181914#
+- Add prereq on chkconfig #rh182905# #rh182906#
+- Own /var/run/wpa_supplicant and /etc/wpa_supplicant #rh183696#
+
+* Wed Mar  1 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-3
+- Install wpa_passphrase too #rh183480#
+
+* Mon Feb 27 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-2
+- Don't expose private data on the control interface unless requested
+
+* Fri Feb 24 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-1
+- Downgrade to 0.4.8 stable release rather than a dev release
+
+* Sun Feb 12 2006 Dan Williams <dcbw@redhat.com> - 0.5.1-3
+- Documentation cleanup (Terje Rosten <terje.rosten@ntnu.no>)
+
+* Sun Feb 12 2006 Dan Williams <dcbw@redhat.com> - 0.5.1-2
+- Move initscript to /etc/rc.d/init.d
+
+* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.5.1-1.2
+- bump again for double-long bug on ppc(64)
+
+* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.5.1-1.1
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Sun Feb  5 2006 Dan Williams <dcbw@redhat.com> 0.5.1-1
+- Update to 0.5.1
+- Add WE auth fallback to actually work with older drivers
+
+* Thu Jan 26 2006 Dan Williams <dcbw@redhat.com> 0.4.7-2
+- Bring package into Fedora Core
+- Add ap_scan control interface patch
+- Enable madwifi-ng driver
+
+* Sun Jan 15 2006 Douglas E. Warner <silfreed@silfreed.net> 0.4.7-1
+- upgrade to 0.4.7
+- added package w/ wpa_gui in it
+
+* Mon Nov 14 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.6-1
+- upgrade to 0.4.6
+- adding ctrl interface changes recommended 
+  by Hugo Paredes <hugo.paredes@e-know.org>
+
+* Sun Oct  9 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.5-1
+- upgrade to 0.4.5
+- updated config file wpa_supplicant is built with
+  especially, the ipw2100 driver changed to just ipw
+  and enabled a bunch more EAP
+- disabled dist tag
+
+* Thu Jun 30 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.2-3
+- fix typo in init script
+
+* Thu Jun 30 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.2-2
+- fixing init script using fedora-extras' template
+- removing chkconfig default startup
+
+* Tue Jun 21 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.2-1
+- upgrade to 0.4.2
+- new sample conf file that will use any unrestricted AP
+- make sysconfig config entry
+- new BuildRoot for Fedora Extras
+- adding dist tag to Release
+
+* Fri May 06 2005 Douglas E. Warner <silfreed@silfreed.net> 0.3.8-1
+- upgrade to 0.3.8
+
+* Thu Feb 10 2005 Douglas E. Warner <silfreed@silfreed.net> 0.3.6-2
+- compile ipw driver in
+
+* Wed Feb 09 2005 Douglas E. Warner <silfreed@silfreed.net> 0.3.6-1
+- upgrade to 0.3.6
+
+* Thu Dec 23 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-4
+- fixing init script
+
+* Mon Dec 20 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-3
+- fixing init script
+- adding post/preun items to add/remove via chkconfig
+
+* Mon Dec 20 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-2
+- adding sysV scripts
+
+* Mon Dec 20 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-1
+- Initial RPM release.
+

wpa_supplicant.sysconfig

@@ -0,0 +1,11 @@
+# Use the flag "-i" before each of your interfaces, like so:
+#  INTERFACES="-ieth1 -iwlan0"
+INTERFACES=""
+
+# Use the flag "-D" before each driver, like so:
+#  DRIVERS="-Dwext"
+DRIVERS=""
+
+# Other arguments
+#   -s   Use syslog logging backend
+OTHER_ARGS="-s"