diff --git a/debian/patches/01_use_pkg-config_for_pcsc-lite_module.patch b/debian/patches/01_use_pkg-config_for_pcsc-lite_module.patch deleted file mode 100644 index c7df3f3..0000000 --- a/debian/patches/01_use_pkg-config_for_pcsc-lite_module.patch +++ /dev/null @@ -1,23 +0,0 @@ -From: Reinhard Tartler -Date: Sat, 14 May 2022 03:18:56 +0800 -Subject: Use pkg-config for libpcsclite linkage flags - -At least in debian, we can rely on pkg-config being available and -returning more accurate ldflags. ---- - wpa_supplicant/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile -index f1384d5..98ac987 100644 ---- a/wpa_supplicant/Makefile -+++ b/wpa_supplicant/Makefile -@@ -1017,7 +1017,7 @@ else - ifdef CONFIG_OSX - LIBS += -framework PCSC - else --LIBS += -lpcsclite -lpthread -+LIBS += $(shell $(PKG_CONFIG) --libs libpcsclite) - endif - endif - endif diff --git a/debian/patches/02_dbus_group_policy.patch b/debian/patches/02_dbus_group_policy.patch deleted file mode 100644 index 22a267b..0000000 --- a/debian/patches/02_dbus_group_policy.patch +++ /dev/null @@ -1,32 +0,0 @@ -From: Michael Biebl -Date: Sat, 14 May 2022 03:18:56 +0800 -Subject: Add D-Bus group policy - -Debian does not use pam_console but uses group membership -to control access to D-Bus. Activating both options in the conf file -makes it work on Debian and Ubuntu. - -Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=15;bug=412179 ---- - wpa_supplicant/dbus/dbus-wpa_supplicant.conf | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf -index e81b495..a333302 100644 ---- a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf -+++ b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf -@@ -9,6 +9,14 @@ - - - -+ -+ -+ -+ -+ -+ -+ -+ - - - diff --git a/debian/patches/06_wpa_gui_menu_exec_path.patch b/debian/patches/06_wpa_gui_menu_exec_path.patch deleted file mode 100644 index 50dd3db..0000000 --- a/debian/patches/06_wpa_gui_menu_exec_path.patch +++ /dev/null @@ -1,23 +0,0 @@ -From: Kel Modderman -Date: Sat, 14 May 2022 03:18:56 +0800 -Subject: Use full executable path into wpa_gui.desktop - -Debian specific patch to desktop menu entry, so that we may exec -wpa_gui which being in /usr/sbin may not be in the PATH ---- - wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop b/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop -index ccc7d87..e560f3d 100644 ---- a/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop -+++ b/wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop -@@ -2,7 +2,7 @@ - Version=1.0 - Name=wpa_gui - Comment=Graphical user interface for wpa_supplicant --Exec=wpa_gui -+Exec=/usr/sbin/wpa_gui - Icon=wpa_gui - GenericName=wpa_supplicant user interface - Terminal=false diff --git a/debian/patches/07_dbus_service_syslog.patch b/debian/patches/07_dbus_service_syslog.patch deleted file mode 100644 index 0ff205d..0000000 --- a/debian/patches/07_dbus_service_syslog.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: Kel Modderman -Date: Sat, 14 May 2022 03:18:56 +0800 -Subject: Tweak D-Bus/systemd service activation configuration files: - - * log wpa_supplicant messages to syslog - * activate control socket interface so that wpa_cli can be used by D-Bus - activated wpa_supplicant daemon ---- - wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in | 2 +- - wpa_supplicant/systemd/wpa_supplicant.service.in | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in -index d97ff39..3b0af67 100644 ---- a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in -+++ b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in -@@ -1,5 +1,5 @@ - [D-BUS Service] - Name=fi.w1.wpa_supplicant1 --Exec=@BINDIR@/wpa_supplicant -u -+Exec=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant - User=root - SystemdService=wpa_supplicant.service -diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.in b/wpa_supplicant/systemd/wpa_supplicant.service.in -index 75a37a8..32516a3 100644 ---- a/wpa_supplicant/systemd/wpa_supplicant.service.in -+++ b/wpa_supplicant/systemd/wpa_supplicant.service.in -@@ -6,7 +6,7 @@ Wants=network.target - [Service] - Type=dbus - BusName=fi.w1.wpa_supplicant1 --ExecStart=@BINDIR@/wpa_supplicant -u -+ExecStart=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant - - [Install] - WantedBy=multi-user.target diff --git a/debian/patches/12_wpa_gui_knotify_support.patch b/debian/patches/12_wpa_gui_knotify_support.patch deleted file mode 100644 index a31ad18..0000000 --- a/debian/patches/12_wpa_gui_knotify_support.patch +++ /dev/null @@ -1,52 +0,0 @@ -From: Raphael Geissert -Date: Sat, 14 May 2022 03:18:56 +0800 -Subject: Use KDE's KNotify when running under KDE - -Bug-Debian: http://bugs.debian.org/582793 ---- - wpa_supplicant/wpa_gui-qt4/wpagui.cpp | 18 ++++++++++++++++-- - 1 file changed, 16 insertions(+), 2 deletions(-) - -diff --git a/wpa_supplicant/wpa_gui-qt4/wpagui.cpp b/wpa_supplicant/wpa_gui-qt4/wpagui.cpp -index a0aa05e..396b121 100644 ---- a/wpa_supplicant/wpa_gui-qt4/wpagui.cpp -+++ b/wpa_supplicant/wpa_gui-qt4/wpagui.cpp -@@ -11,11 +11,14 @@ - #endif /* CONFIG_NATIVE_WINDOWS */ - - #include -+#include - #include - #include - #include - #include -+#include - #include -+#include - - #include "wpagui.h" - #include "dirent.h" -@@ -1415,10 +1418,21 @@ void WpaGui::createTrayIcon(bool trayOnly) - void WpaGui::showTrayMessage(QSystemTrayIcon::MessageIcon type, int sec, - const QString & msg) - { -- if (!QSystemTrayIcon::supportsMessages()) -+ if (isVisible() || !tray_icon || !tray_icon->isVisible() || quietMode) - return; - -- if (isVisible() || !tray_icon || !tray_icon->isVisible() || quietMode) -+ /* first try to use KDE's notifications system if running under -+ * a KDE session */ -+ if (getenv("KDE_FULL_SESSION") != NULL) { -+ QStringList args; -+ args << "--passivepopup" << msg << QString::number(sec); -+ args << "--title" << "wpa_gui"; -+ -+ if (QProcess::execute("/usr/bin/kdialog", args) == 0) -+ return; -+ } -+ -+ if (!QSystemTrayIcon::supportsMessages()) - return; - - tray_icon->showMessage(qAppName(), msg, type, sec * 1000); diff --git a/debian/patches/CVE-2019-16275.patch b/debian/patches/CVE-2019-16275.patch deleted file mode 100644 index cb225df..0000000 --- a/debian/patches/CVE-2019-16275.patch +++ /dev/null @@ -1,69 +0,0 @@ -From: Jouni Malinen -Date: Thu, 29 Aug 2019 11:52:04 +0300 -Subject: [PATCH] AP: Silently ignore management frame from unexpected source - address - -Do not process any received Management frames with unexpected/invalid SA -so that we do not add any state for unexpected STA addresses or end up -sending out frames to unexpected destination. This prevents unexpected -sequences where an unprotected frame might end up causing the AP to send -out a response to another device and that other device processing the -unexpected response. - -In particular, this prevents some potential denial of service cases -where the unexpected response frame from the AP might result in a -connected station dropping its association. - -Signed-off-by: Jouni Malinen ---- - src/ap/drv_callbacks.c | 13 +++++++++++++ - src/ap/ieee802_11.c | 12 ++++++++++++ - 2 files changed, 25 insertions(+) - -diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c -index 3158768..34ca379 100644 ---- a/src/ap/drv_callbacks.c -+++ b/src/ap/drv_callbacks.c -@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, - "hostapd_notif_assoc: Skip event with no address"); - return -1; - } -+ -+ if (is_multicast_ether_addr(addr) || -+ is_zero_ether_addr(addr) || -+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) { -+ /* Do not process any frames with unexpected/invalid SA so that -+ * we do not add any state for unexpected STA addresses or end -+ * up sending out frames to unexpected destination. */ -+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR -+ " in received indication - ignore this indication silently", -+ __func__, MAC2STR(addr)); -+ return 0; -+ } -+ - random_add_randomness(addr, ETH_ALEN); - - hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, -diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c -index c85a28d..e706537 100644 ---- a/src/ap/ieee802_11.c -+++ b/src/ap/ieee802_11.c -@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, - fc = le_to_host16(mgmt->frame_control); - stype = WLAN_FC_GET_STYPE(fc); - -+ if (is_multicast_ether_addr(mgmt->sa) || -+ is_zero_ether_addr(mgmt->sa) || -+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { -+ /* Do not process any frames with unexpected/invalid SA so that -+ * we do not add any state for unexpected STA addresses or end -+ * up sending out frames to unexpected destination. */ -+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR -+ " in received frame - ignore this frame silently", -+ MAC2STR(mgmt->sa)); -+ return 0; -+ } -+ - if (stype == WLAN_FC_STYPE_BEACON) { - handle_beacon(hapd, mgmt, len, fi); - return 1; diff --git a/debian/patches/allow-tlsv1.patch b/debian/patches/allow-tlsv1.patch deleted file mode 100644 index 9d42c7e..0000000 --- a/debian/patches/allow-tlsv1.patch +++ /dev/null @@ -1,28 +0,0 @@ -From: Andrej Shadura -Date: Sat, 14 May 2022 03:18:56 +0800 -Subject: Enable TLSv1.0 by default - -OpenSSL 1.1.1 disables TLSv1.0 by default and sets the security level to 2. -Some older networks may support for TLSv1.0 and less secure cyphers. ---- - src/crypto/tls_openssl.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c -index 07d38e4..97a7fd6 100644 ---- a/src/crypto/tls_openssl.c -+++ b/src/crypto/tls_openssl.c -@@ -1035,6 +1035,13 @@ void * tls_init(const struct tls_config *conf) - os_free(data); - return NULL; - } -+ -+#ifndef EAP_SERVER_TLS -+ /* Enable TLSv1.0 by default to allow connecting to legacy -+ * networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */ -+ SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION); -+#endif -+ - data->ssl = ssl; - if (conf) { - data->tls_session_lifetime = conf->tls_session_lifetime; diff --git a/debian/patches/git_realtek_macrand.patch b/debian/patches/git_realtek_macrand.patch deleted file mode 100644 index fa0584f..0000000 --- a/debian/patches/git_realtek_macrand.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: Ouden -Date: Wed, 18 Mar 2020 17:58:37 +0800 -Subject: nl80211: Fix RTM NEW/DELLINK IFLA_IFNAME copy for maximum ifname - length - -If the kernel rtm_newlink or rtm_dellink send the maximum length of -ifname (IFNAMSIZ), the event handlers in -wpa_driver_nl80211_event_rtm_addlink() and -wpa_driver_nl80211_event_rtm_dellink() did not copy the IFLA_IFNAME -value. Because the RTA_PAYLOAD (IFLA_IFNAME) length already includes the -NULL termination, that equals the IFNAMSIZ. - -Fix the condition when IFNAME reach maximum size. - -Signed-off-by: Ouden ---- - src/drivers/driver_nl80211.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c -index 0a356ee..47df47f 100644 ---- a/src/drivers/driver_nl80211.c -+++ b/src/drivers/driver_nl80211.c -@@ -1065,7 +1065,7 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx, - while (RTA_OK(attr, attrlen)) { - switch (attr->rta_type) { - case IFLA_IFNAME: -- if (RTA_PAYLOAD(attr) >= IFNAMSIZ) -+ if (RTA_PAYLOAD(attr) > IFNAMSIZ) - break; - os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); - ifname[RTA_PAYLOAD(attr)] = '\0'; -@@ -1240,7 +1240,7 @@ static void wpa_driver_nl80211_event_rtm_dellink(void *ctx, - while (RTA_OK(attr, attrlen)) { - switch (attr->rta_type) { - case IFLA_IFNAME: -- if (RTA_PAYLOAD(attr) >= IFNAMSIZ) -+ if (RTA_PAYLOAD(attr) > IFNAMSIZ) - break; - os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr)); - ifname[RTA_PAYLOAD(attr)] = '\0'; diff --git a/debian/patches/networkd-driver-fallback.patch b/debian/patches/networkd-driver-fallback.patch deleted file mode 100644 index 747b0b7..0000000 --- a/debian/patches/networkd-driver-fallback.patch +++ /dev/null @@ -1,22 +0,0 @@ -From: Stefan Lippers-Hollmann -Date: Sat, 14 May 2022 03:18:56 +0800 -Subject: wpasupplicant: configure driver fallback for networkd - -Signed-off-by: Stefan Lippers-Hollmann ---- - wpa_supplicant/systemd/wpa_supplicant.service.arg.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in -index 7788b38..cff0b6d 100644 ---- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in -+++ b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in -@@ -9,7 +9,7 @@ Wants=network.target - - [Service] - Type=simple --ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I -+ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -Dnl80211,wext -i%I - - [Install] - Alias=multi-user.target.wants/wpa_supplicant@%i.service diff --git a/debian/patches/series b/debian/patches/series deleted file mode 100644 index 351c685..0000000 --- a/debian/patches/series +++ /dev/null @@ -1,12 +0,0 @@ -01_use_pkg-config_for_pcsc-lite_module.patch -02_dbus_group_policy.patch -06_wpa_gui_menu_exec_path.patch -07_dbus_service_syslog.patch -12_wpa_gui_knotify_support.patch -networkd-driver-fallback.patch -wpa_supplicant_fix-dependency-odering-when-invoked-with-dbus.patch -allow-tlsv1.patch -session-ticket.patch -wpa_service_ignore-on-isolate.patch -CVE-2019-16275.patch -git_realtek_macrand.patch diff --git a/debian/patches/session-ticket.patch b/debian/patches/session-ticket.patch deleted file mode 100644 index ab98471..0000000 --- a/debian/patches/session-ticket.patch +++ /dev/null @@ -1,20 +0,0 @@ -From: Jeremy Nickurak -Date: Sat, 14 May 2022 03:18:56 +0800 -Subject: Disable the session ticket TLS extension. - ---- - src/crypto/tls_openssl.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c -index 97a7fd6..0e0567f 100644 ---- a/src/crypto/tls_openssl.c -+++ b/src/crypto/tls_openssl.c -@@ -1584,6 +1584,7 @@ struct tls_connection * tls_connection_init(void *ssl_ctx) - #ifdef SSL_OP_NO_COMPRESSION - options |= SSL_OP_NO_COMPRESSION; - #endif /* SSL_OP_NO_COMPRESSION */ -+ options |= SSL_OP_NO_TICKET; - SSL_set_options(conn->ssl, options); - #ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT - /* Hopefully there is no need for middlebox compatibility mechanisms diff --git a/debian/patches/wpa_service_ignore-on-isolate.patch b/debian/patches/wpa_service_ignore-on-isolate.patch deleted file mode 100644 index 05ade0e..0000000 --- a/debian/patches/wpa_service_ignore-on-isolate.patch +++ /dev/null @@ -1,21 +0,0 @@ -From: Ubuntu Developers -Date: Sat, 14 May 2022 03:18:56 +0800 -Subject: wpa_service_ignore-on-isolate - -Updated: 2017-11-10 ---- - wpa_supplicant/systemd/wpa_supplicant.service.in | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.in b/wpa_supplicant/systemd/wpa_supplicant.service.in -index bc0688a..561ae8f 100644 ---- a/wpa_supplicant/systemd/wpa_supplicant.service.in -+++ b/wpa_supplicant/systemd/wpa_supplicant.service.in -@@ -3,6 +3,7 @@ Description=WPA supplicant - Before=network.target - After=dbus.service - Wants=network.target -+IgnoreOnIsolate=true - - [Service] - Type=dbus diff --git a/debian/patches/wpa_supplicant_fix-dependency-odering-when-invoked-with-dbus.patch b/debian/patches/wpa_supplicant_fix-dependency-odering-when-invoked-with-dbus.patch deleted file mode 100644 index e24b53f..0000000 --- a/debian/patches/wpa_supplicant_fix-dependency-odering-when-invoked-with-dbus.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Stefan Lippers-Hollmann -Date: Sat, 14 May 2022 03:18:56 +0800 -Subject: wpa_supplicant: Fix dependency odering when invoked with DBus - -Make sure that DBus isn't shut down before wpa_supplicant, as that would -also bring down wireless links which are still holding open NFS shares. - -Debian bug: https://bugs.debian.org/785579 -systemd upstream bug: https://bugs.freedesktop.org/show_bug.cgi?id=89847 - -Signed-off-by: Stefan Lippers-Hollmann ---- - wpa_supplicant/systemd/wpa_supplicant.service.in | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.in b/wpa_supplicant/systemd/wpa_supplicant.service.in -index 32516a3..bc0688a 100644 ---- a/wpa_supplicant/systemd/wpa_supplicant.service.in -+++ b/wpa_supplicant/systemd/wpa_supplicant.service.in -@@ -1,6 +1,7 @@ - [Unit] - Description=WPA supplicant - Before=network.target -+After=dbus.service - Wants=network.target - - [Service] diff --git a/debian/source/format b/debian/source/format index 163aaf8..89ae9db 100644 --- a/debian/source/format +++ b/debian/source/format @@ -1 +1 @@ -3.0 (quilt) +3.0 (native)