Update to version 2.6

.gitignore

@@ -17,3 +17,4 @@ wpa_supplicant-0.6.8.tar.gz
 /wpa_supplicant-2.3.tar.gz
 /wpa_supplicant-2.4.tar.gz
 /wpa_supplicant-2.5.tar.gz
+/wpa_supplicant-2.6.tar.gz

0001-wpa_supplicant-don-t-do-deny-send_interface-.-in-dbu.patch

@@ -1,45 +0,0 @@
-From 64fee7148a434e4ee89d95a7c374a36d29a6f6f3 Mon Sep 17 00:00:00 2001
-From: Lubomir Rintel <lkundrak@v3.sk>
-Date: Fri, 16 Oct 2015 19:12:15 +0200
-Subject: [PATCH] wpa_supplicant: don't do <deny send_interface="..." /> in
- dbus service file
-
-It does more than intended; apart from denying messages to that particular
-interface it also denies all messages non-qualified with an interface globally.
-From the dbus-daemon manual:
-
-  Be careful with send_interface/receive_interface, because the
-  interface field in messages is optional. In particular, do NOT
-  specify <deny send_interface="org.foo.Bar"/>! This will cause
-  no-interface messages to be blocked for all services, which is almost
-  certainly not what you intended. Always use rules of the form: <deny
-  send_interface="org.foo.Bar" send_destination="org.foo.Service"/>
-
-We can just safely remove those rules, since we're sufficiently protected
-by the send_destination matches and method calls are disallowed by default
-anyway.
-
-Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
----
- wpa_supplicant/dbus/dbus-wpa_supplicant.conf | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
-index c091234..382dcb3 100644
---- a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
-+++ b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
-@@ -17,11 +17,9 @@
-         <policy context="default">
-                 <deny own="fi.epitest.hostap.WPASupplicant"/>
-                 <deny send_destination="fi.epitest.hostap.WPASupplicant"/>
--                <deny send_interface="fi.epitest.hostap.WPASupplicant"/>
- 
-                 <deny own="fi.w1.wpa_supplicant1"/>
-                 <deny send_destination="fi.w1.wpa_supplicant1"/>
--                <deny send_interface="fi.w1.wpa_supplicant1"/>
-                 <deny receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
-         </policy>
- </busconfig>
--- 
-2.4.3
-

rh1241907-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch

@@ -1,63 +0,0 @@
-From df9079e72760ceb7ebe7fb11538200c516bdd886 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Tue, 7 Jul 2015 21:57:28 +0300
-Subject: [PATCH] NFC: Fix payload length validation in NDEF record parser
-
-It was possible for the 32-bit record->total_length value to end up
-wrapping around due to integer overflow if the longer form of payload
-length field is used and record->payload_length gets a value close to
-2^32. This could result in ndef_parse_record() accepting a too large
-payload length value and the record type filter reading up to about 20
-bytes beyond the end of the buffer and potentially killing the process.
-This could also result in an attempt to allocate close to 2^32 bytes of
-heap memory and if that were to succeed, a buffer read overflow of the
-same length which would most likely result in the process termination.
-In case of record->total_length ending up getting the value 0, there
-would be no buffer read overflow, but record parsing would result in an
-infinite loop in ndef_parse_records().
-
-Any of these error cases could potentially be used for denial of service
-attacks over NFC by using a malformed NDEF record on an NFC Tag or
-sending them during NFC connection handover if the application providing
-the NDEF message to hostapd/wpa_supplicant did no validation of the
-received records. While such validation is likely done in the NFC stack
-that needs to parse the NFC messages before further processing,
-hostapd/wpa_supplicant better be prepared for any data being included
-here.
-
-Fix this by validating record->payload_length value in a way that
-detects integer overflow. (CID 122668)
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/wps/ndef.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-(Adapted for 2.4 sources in Fedora. -- JWL)
-
-diff --git a/src/wps/ndef.c b/src/wps/ndef.c
-index 5604b0a..50d018f 100644
---- a/src/wps/ndef.c
-+++ b/src/wps/ndef.c
-@@ -48,6 +48,8 @@ static int ndef_parse_record(const u8 *data, u32 size,
- 		if (size < 6)
- 			return -1;
- 		record->payload_length = ntohl(*(u32 *)pos);
-+		if (record->payload_length > size - 6)
-+			return -1;
- 		pos += sizeof(u32);
- 	}
- 
-@@ -68,7 +70,8 @@ static int ndef_parse_record(const u8 *data, u32 size,
- 	pos += record->payload_length;
- 
- 	record->total_length = pos - data;
--	if (record->total_length > size)
-+	if (record->total_length > size ||
-+	    record->total_length < record->payload_length)
- 		return -1;
- 	return 0;
- }
--- 
-1.9.1
-

rh837402-less-aggressive-roaming.patch

@@ -1,7 +1,20 @@
-diff -up wpa_supplicant-0.7.3/wpa_supplicant/events.c.foo wpa_supplicant-0.7.3/wpa_supplicant/events.c
---- wpa_supplicant-0.7.3/wpa_supplicant/events.c.foo	2012-06-12 12:03:36.172962193 -0500
-+++ wpa_supplicant-0.7.3/wpa_supplicant/events.c	2012-06-12 12:03:51.388771973 -0500
-@@ -871,16 +871,14 @@ static int wpa_supplicant_need_to_roam(s
+From b82d45d4bbd5c160fa97a8c5355243c78a55bf14 Mon Sep 17 00:00:00 2001
+From: Dan Williams <dcbw@redhat.com>
+Date: Tue, 22 Nov 2016 15:50:01 +0100
+Subject: [PATCH 2/2] Less aggressive roaming; signal strength is wildly
+ variable
+
+dcbw states (2015-04): "upstream doesn't like that patch so it's been discussed
+and I think rejected."
+---
+ wpa_supplicant/events.c | 14 ++++++--------
+ 1 file changed, 6 insertions(+), 8 deletions(-)
+
+diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
+index 72a0412..4dc044c 100644
+--- a/wpa_supplicant/events.c
++++ b/wpa_supplicant/events.c
+@@ -1443,16 +1443,14 @@ static int wpa_supplicant_need_to_roam(struct wpa_supplicant *wpa_s,
  
  	min_diff = 2;
  	if (current_bss->level < 0) {
@@ -22,6 +35,8 @@ diff -up wpa_supplicant-0.7.3/wpa_supplicant/events.c.foo wpa_supplicant-0.7.3/w
 -			min_diff = 5;
 +			min_diff = 15;
  	}
- 	if (abs(current_bss->level - selected->level) < min_diff) {
- 		wpa_dbg(wpa_s, MSG_DEBUG, "Skip roam - too small difference "
+ 	if (to_5ghz) {
+ 		/* Make it easier to move to 5 GHz band */
+-- 
+2.9.3
 

sources

@@ -1 +1 @@
-96ff75c3a514f1f324560a2376f13110  wpa_supplicant-2.5.tar.gz
+091569eb4440b7d7f2b4276dbfc03c3c  wpa_supplicant-2.6.tar.gz

wpa_supplicant-quiet-scan-results-message.patch

@@ -1,11 +1,20 @@
+From 763a4ef660e2bd81f6cdc71a2f29a0a3e71b2ebc Mon Sep 17 00:00:00 2001
+From: Dan Williams <dcbw@redhat.com>
+Date: Tue, 22 Nov 2016 15:48:17 +0100
+Subject: [PATCH 1/2] quiet an annoying and frequent syslog message
+
+---
+ wpa_supplicant/events.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
 diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
-index d275ca4..fc335c0 100644
+index abe3b47..72a0412 100644
 --- a/wpa_supplicant/events.c
 +++ b/wpa_supplicant/events.c
-@@ -1356,11 +1356,11 @@ static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
- 		wpa_s->own_scan_running, wpa_s->radio->external_scan_running);
+@@ -1555,11 +1555,11 @@ static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
  	if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
- 	    wpa_s->manual_scan_use_id && wpa_s->own_scan_running) {
+ 	    wpa_s->manual_scan_use_id && wpa_s->own_scan_running &&
+ 	    own_request && !(data && data->scan_info.external_scan)) {
 -		wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u",
 +		wpa_msg_ctrl(wpa_s, MSG_DEBUG, WPA_EVENT_SCAN_RESULTS "id=%u",
  			     wpa_s->manual_scan_id);
@@ -16,3 +25,6 @@ index d275ca4..fc335c0 100644
  	}
  	wpas_notify_scan_results(wpa_s);
  
+-- 
+2.9.3
+

wpa_supplicant.spec

@@ -6,8 +6,8 @@
 Summary: WPA/WPA2/IEEE 802.1X Supplicant
 Name: wpa_supplicant
 Epoch: 1
-Version: 2.5
-Release: 5%{?dist}
+Version: 2.6
+Release: 1%{?dist}
 License: BSD
 Group: System Environment/Base
 Source0: http://w1.fi/releases/%{name}-%{version}%{rcver}%{snapshot}.tar.gz
@@ -35,12 +35,6 @@ Patch6: wpa_supplicant-gui-qt4.patch
 # dcbw states (2015-04):
 # "upstream doesn't like that patch so it's been discussed and I think rejected"
 Patch8: rh837402-less-aggressive-roaming.patch
-# Fix a security issue - rh #rh1241907
-# http://w1.fi/security/2015-5/0001-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch
-Patch11: rh1241907-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch
-# Don't override D-Bus policy for other daemons
-# http://lists.infradead.org/pipermail/hostap/2015-October/034036.html
-Patch12: 0001-wpa_supplicant-don-t-do-deny-send_interface-.-in-dbu.patch
 
 URL: http://w1.fi/wpa_supplicant/
 
@@ -91,7 +85,6 @@ Graphical User Interface for wpa_supplicant written using QT
 %patch3 -p1 -b .quiet-scan-results-msg
 %patch6 -p1 -b .qt4
 %patch8 -p1 -b .rh837402-less-aggressive-roaming
-%patch12 -p1 -b .dbus-policy
 
 %build
 pushd wpa_supplicant
@@ -192,6 +185,9 @@ chmod -R 0644 %{name}/examples/*.py
 %endif
 
 %changelog
+* Tue Nov 22 2016 Lubomir Rintel <lkundrak@v3.sk> - 1:2.6-1
+- Update to version 2.6
+
 * Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.5-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild