diff --git a/wpa_supplicant-defconfig-enable-OCV-support.patch b/wpa_supplicant-defconfig-enable-OCV-support.patch new file mode 100644 index 0000000..ce4c46d --- /dev/null +++ b/wpa_supplicant-defconfig-enable-OCV-support.patch @@ -0,0 +1,29 @@ +From 6da60b83423a882c376374d83d01cca3591a6000 Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Sun, 13 Mar 2022 18:31:11 +0100 +Subject: [PATCH 4/5] defconfig: enable OCV support + +This was enabled in rpms/wpa_supplicant.git in commit b0ac7025d794 +('defconfig: enable OCV support'), without further explanation. + +FIXME: It needs to be either upstreamed or dropped. +--- + wpa_supplicant/defconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig +index 3f73282..efdfa81 100644 +--- a/wpa_supplicant/defconfig ++++ b/wpa_supplicant/defconfig +@@ -311,7 +311,7 @@ CONFIG_BACKEND=file + #CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y + + # Support Operating Channel Validation +-#CONFIG_OCV=y ++CONFIG_OCV=y + + # Select TLS implementation + # openssl = OpenSSL (default) +-- +2.35.1 + diff --git a/wpa_supplicant-defconfig-enable-WPA-EAP-SUITE-B-192-ciphers.patch b/wpa_supplicant-defconfig-enable-WPA-EAP-SUITE-B-192-ciphers.patch new file mode 100644 index 0000000..5955120 --- /dev/null +++ b/wpa_supplicant-defconfig-enable-WPA-EAP-SUITE-B-192-ciphers.patch @@ -0,0 +1,27 @@ +From 3bdbf450e736ca831733fbb899e046769942c6df Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Sun, 13 Mar 2022 18:32:20 +0100 +Subject: [PATCH 3/5] defconfig: enable WPA-EAP-SUITE-B-192 ciphers + +This was enabled in wpa_supplicant.git in commit 6cc245db1770 +('Enable WPA-EAP-SUITE-B-192 ciphers'), without further explanation. + +FIXME: It needs to be either upstreamed or dropped. +--- + wpa_supplicant/defconfig | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig +index 07d9752..3f73282 100644 +--- a/wpa_supplicant/defconfig ++++ b/wpa_supplicant/defconfig +@@ -634,3 +634,6 @@ CONFIG_WEP=y + # design is still subject to change. As such, this should not yet be enabled in + # production use. + #CONFIG_PASN=y ++# ++CONFIG_SUITEB192=y ++ +-- +2.35.1 + diff --git a/wpa_supplicant-defconfig-keep-CONFIG_WEP-enabled.patch b/wpa_supplicant-defconfig-keep-CONFIG_WEP-enabled.patch new file mode 100644 index 0000000..31b2d8b --- /dev/null +++ b/wpa_supplicant-defconfig-keep-CONFIG_WEP-enabled.patch @@ -0,0 +1,31 @@ +From bcf14fa3f3075bb212a77b3e874438588314fa98 Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Sun, 13 Mar 2022 18:31:56 +0100 +Subject: [PATCH 2/5] defconfig: keep CONFIG_WEP enabled + +We intentionally deviate from upstream here. If we disabled WEP at this +point, we'd likely break a lot of user installations. + +We'd likely end up eventually phasing WEP out, but before that we need +to adjust the rest of userspace to communicate that we're doing that and +why we're doing that. +--- + wpa_supplicant/defconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig +index 85a50e9..07d9752 100644 +--- a/wpa_supplicant/defconfig ++++ b/wpa_supplicant/defconfig +@@ -618,7 +618,7 @@ CONFIG_DPP2=y + # functionality needed to use WEP is available in the current wpa_supplicant + # release under this optional build parameter. This functionality is subject to + # be completely removed in a future release. +-#CONFIG_WEP=y ++CONFIG_WEP=y + + # Remove all TKIP functionality + # TKIP is an old cryptographic data confidentiality algorithm that is not +-- +2.35.1 + diff --git a/wpa_supplicant-config.patch b/wpa_supplicant-defconfig-keep-options-we-ve-traditionally-used-enab.patch similarity index 62% rename from wpa_supplicant-config.patch rename to wpa_supplicant-defconfig-keep-options-we-ve-traditionally-used-enab.patch index f5fdab2..ad5ce2f 100644 --- a/wpa_supplicant-config.patch +++ b/wpa_supplicant-defconfig-keep-options-we-ve-traditionally-used-enab.patch @@ -1,12 +1,16 @@ -rom 72ee1e934e98ea87e4de292958817e724114703e Mon Sep 17 00:00:00 2001 +From 060c09b4704ac84502df5321ec4073c062923128 Mon Sep 17 00:00:00 2001 From: Lubomir Rintel -Date: Fri, 6 Sep 2019 09:46:00 +0200 -Subject: [PATCH] defconfig: Fedora configuration +Date: Sun, 13 Mar 2022 18:33:15 +0100 +Subject: [PATCH 1/5] defconfig: keep options we've traditionally used enabled +These are deviations from the upstream defconfig we've inherited when we +switched to basing our configuration on upstream defconfig. --- - wpa_supplicant/defconfig | 16 +++++++++------- - 1 file changed, 9 insertions(+), 7 deletions(-) + wpa_supplicant/defconfig | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) +diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig +index a4719db..85a50e9 100644 --- a/wpa_supplicant/defconfig +++ b/wpa_supplicant/defconfig @@ -146,7 +146,7 @@ CONFIG_EAP_PAX=y @@ -18,15 +22,6 @@ Subject: [PATCH] defconfig: Fedora configuration # EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). # This requires CONFIG_EAP_AKA to be enabled, too. -@@ -311,7 +311,7 @@ CONFIG_BACKEND=file - #CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y - - # Support Operating Channel Validation --#CONFIG_OCV=y -+CONFIG_OCV=y - - # Select TLS implementation - # openssl = OpenSSL (default) @@ -338,6 +338,7 @@ CONFIG_BACKEND=file # Select which ciphers to use by default with OpenSSL if the user does not # specify them. @@ -62,19 +57,6 @@ Subject: [PATCH] defconfig: Fedora configuration # Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect) CONFIG_DPP=y -@@ -617,7 +618,7 @@ CONFIG_DPP2=y - # functionality needed to use WEP is available in the current wpa_supplicant - # release under this optional build parameter. This functionality is subject to - # be completely removed in a future release. --#CONFIG_WEP=y -+CONFIG_WEP=y - - # Remove all TKIP functionality - # TKIP is an old cryptographic data confidentiality algorithm that is not -@@ -633,3 +634,6 @@ CONFIG_DPP2=y - # design is still subject to change. As such, this should not yet be enabled in - # production use. - #CONFIG_PASN=y -+# -+CONFIG_SUITEB192=y -+ +-- +2.35.1 + diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec index 53b8c63..b5d5e03 100644 --- a/wpa_supplicant.spec +++ b/wpa_supplicant.spec @@ -17,18 +17,23 @@ Source2: wpa_supplicant.service Source3: wpa_supplicant.sysconfig Source4: wpa_supplicant.logrotate -# distro specific customization and not suitable for upstream, +# Distro specific customization and not suitable for upstream, # Fedora-specific updates to defconfig -Patch0: wpa_supplicant-config.patch -# works around busted drivers +Patch0: wpa_supplicant-defconfig-keep-options-we-ve-traditionally-used-enab.patch +# Works around busted drivers Patch1: wpa_supplicant-assoc-timeout.patch -# ensures that debug output gets flushed immediately to help diagnose driver +# Ensures that debug output gets flushed immediately to help diagnose driver # bugs, not suitable for upstream Patch2: wpa_supplicant-flush-debug-output.patch -# quiet an annoying and frequent syslog message +# Quiet an annoying and frequent syslog message Patch3: wpa_supplicant-quiet-scan-results-message.patch -# distro specific customization for Qt4 build tools, not suitable for upstream +# Distro specific customization for Qt4 build tools, not suitable for upstream Patch4: wpa_supplicant-gui-qt4.patch +# We keep WEP enabled for now to avoid breaking user setups +Patch6: wpa_supplicant-defconfig-keep-CONFIG_WEP-enabled.patch +# FIXME: Explain why are these two here +Patch7: wpa_supplicant-defconfig-enable-WPA-EAP-SUITE-B-192-ciphers.patch +Patch8: wpa_supplicant-defconfig-enable-OCV-support.patch URL: http://w1.fi/wpa_supplicant/