wok-next rev 21085
Up: bison (3.2.3), cmake (3.13.2), curl (7.63.0), dbus (1.12.12), dialog (1.3-20181107), doxygen (1.8.14), e2fsprogs (1.44.5), glib (2.58.2), grep (3.3), itstool (2.0.5), jansson (2.12), jbig2dec (0.15), libfm-extra (1.3.1), libfm (1.3.1), libgpg-error (1.33), libidn (1.35), libjpeg-turbo (2.0.1), libtirpc (1.1.4), libuv (1.24.1), opus (1.3), opusfile (0.11), pango (1.42.4), pangomm (2.42.0), pcmanfm (1.3.1), rpcbind (1.2.5), rpcsvc-proto (1.4), sed (4.7), tcl (8.6.9), tslib (1.18), wget (1.20), wpa_supplicant (2.7)
| author | Aleksej Bobylev <al.bobylev@gmail.com> |
|---|---|
| date | Tue Dec 25 19:30:28 2018 +0200 (2018-12-25) |
| parents | 090eddd26452 |
| children | 7fc972e95a2e |
| files | bison/receipt cmake/receipt curl/receipt dbus/receipt dialog/receipt doxygen/receipt e2fsprogs/receipt glib/receipt glib/stuff/patches/grefcount.patch glib/stuff/patches/series grep/receipt itstool/receipt jansson/receipt jbig2dec/receipt libfm-extra/receipt libfm/receipt libgpg-error/receipt libidn/receipt libjpeg-turbo/receipt librefox/receipt libtirpc/receipt libuv/receipt libwebp/receipt libxml2/receipt libxml2/stuff/patches/libxml2-2.9.8-python3_hack-1.patch libxml2/stuff/patches/series opus/receipt opusfile/receipt pango/receipt pangomm/receipt pcmanfm/receipt pcmanfm/stuff/default/pcmanfm.conf pcmanfm/stuff/pcmanfm.conf rpcbind/receipt rpcbind/stuff/patches/rpcbind-1.2.5-vulnerability_fixes-1.patch rpcbind/stuff/patches/series rpcsvc-proto/receipt sed/receipt sed/stuff/patches/series tcl/receipt tiff/receipt tslib/receipt wget/receipt wpa_supplicant/.icon.png wpa_supplicant/receipt wpa_supplicant/stuff/.config wpa_supplicant/stuff/etc/init.d/wpa_supplicant wpa_supplicant/stuff/etc/wpa/wpa_empty.conf wpa_supplicant/stuff/etc/wpa/wpa_supplicant.conf wpa_supplicant/stuff/patches/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch wpa_supplicant/stuff/patches/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch wpa_supplicant/stuff/patches/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch wpa_supplicant/stuff/patches/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch wpa_supplicant/stuff/patches/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch wpa_supplicant/stuff/patches/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch wpa_supplicant/stuff/patches/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch wpa_supplicant/stuff/patches/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch wpa_supplicant/stuff/patches/series wpa_supplicant/stuff/wpa_empty.conf wpa_supplicant/stuff/wpa_supplicant |
line diff
1.1 --- a/bison/receipt Tue Dec 25 14:44:32 2018 +0200 1.2 +++ b/bison/receipt Tue Dec 25 19:30:28 2018 +0200 1.3 @@ -1,7 +1,7 @@ 1.4 # SliTaz package receipt v2. 1.5 1.6 PACKAGE="bison" 1.7 -VERSION="3.2.2" 1.8 +VERSION="3.2.3" 1.9 CATEGORY="development" 1.10 SHORT_DESC="GNU parser generator" 1.11 MAINTAINER="al.bobylev@gmail.com" 1.12 @@ -11,12 +11,13 @@ 1.13 1.14 TARBALL="$PACKAGE-$VERSION.tar.xz" 1.15 WGET_URL="$GNU_MIRROR/$PACKAGE/$TARBALL" 1.16 +TARBALL_SHA1="961bb05113e9b9147f4a6a7b1ec1584942a522c0" 1.17 1.18 BUILD_DEPENDS="m4 perl libxslt gettext-dev" 1.19 +DEPENDS="m4" 1.20 1.21 -COPY_std="@std @dev" 1.22 -DEPENDS_std="m4" 1.23 -TAGS_std="LFS parser language" 1.24 +COPY="@std @dev" 1.25 +TAGS="LFS parser" 1.26 1.27 compile_rules() { 1.28 ./configure $CONFIGURE_ARGS &&
2.1 --- a/cmake/receipt Tue Dec 25 14:44:32 2018 +0200 2.2 +++ b/cmake/receipt Tue Dec 25 19:30:28 2018 +0200 2.3 @@ -1,7 +1,7 @@ 2.4 # SliTaz package receipt v2. 2.5 2.6 PACKAGE="cmake" 2.7 -VERSION="3.13.1" 2.8 +VERSION="3.13.2" 2.9 CATEGORY="development" 2.10 SHORT_DESC="Cross-platform build system generator" 2.11 MAINTAINER="devel@slitaz.org" 2.12 @@ -11,6 +11,7 @@ 2.13 2.14 TARBALL="$PACKAGE-$VERSION.tar.gz" 2.15 WGET_URL="http://www.cmake.org/files/v${VERSION%.*}/$TARBALL" 2.16 +TARBALL_SHA1="101b8599b5ddd4df9127e227c3fe13ed3d8e266a" 2.17 2.18 BUILD_DEPENDS="zlib-dev curl-dev bzip2-dev xz-dev libarchive-dev expat-dev \ 2.19 ncurses-dev gfortran libuv-dev jsoncpp-dev" 2.20 @@ -27,6 +28,7 @@ 2.21 2.22 # CMake should be updated both with Boost: 2.23 # https://stackoverflow.com/questions/42123509/cmake-finds-boost-but-the-imported-targets-not-available-for-boost-version 2.24 +# > Boost 1.68, 1.69 require CMake 3.13 or newer. 2.25 2.26 compile_rules() { 2.27 sed -i '/"lib64"/s/64//' Modules/GNUInstallDirs.cmake
3.1 --- a/curl/receipt Tue Dec 25 14:44:32 2018 +0200 3.2 +++ b/curl/receipt Tue Dec 25 19:30:28 2018 +0200 3.3 @@ -1,7 +1,7 @@ 3.4 # SliTaz package receipt v2. 3.5 3.6 PACKAGE="curl" 3.7 -VERSION="7.62.0" 3.8 +VERSION="7.63.0" 3.9 CATEGORY="network" 3.10 SHORT_DESC="Transfer files with URL syntax" 3.11 MAINTAINER="al.bobylev@gmail.com" 3.12 @@ -11,6 +11,7 @@ 3.13 3.14 TARBALL="$PACKAGE-$VERSION.tar.xz" 3.15 WGET_URL="https://curl.haxx.se/download/$TARBALL" 3.16 +TARBALL_SHA1="b87cbac60d20998967001995f409239a74b702b4" 3.17 3.18 BUILD_DEPENDS="zlib-dev openssl-dev libidn2-dev \ 3.19 libpsl-dev brotli-dev libssh2-dev openldap-dev nghttp2-dev"
4.1 --- a/dbus/receipt Tue Dec 25 14:44:32 2018 +0200 4.2 +++ b/dbus/receipt Tue Dec 25 19:30:28 2018 +0200 4.3 @@ -1,7 +1,7 @@ 4.4 # SliTaz package receipt v2. 4.5 4.6 PACKAGE="dbus" 4.7 -VERSION="1.12.10" 4.8 +VERSION="1.12.12" 4.9 CATEGORY="x-window" 4.10 SHORT_DESC="D-Bus, a message bus system" 4.11 MAINTAINER="devel@slitaz.org" 4.12 @@ -11,11 +11,24 @@ 4.13 4.14 TARBALL="$PACKAGE-$VERSION.tar.gz" 4.15 WGET_URL="https://dbus.freedesktop.org/releases/dbus/$TARBALL" 4.16 +TARBALL_SHA1="ff61dc5bb7e3b4dd86444f4a72fb54378edc54fa" 4.17 4.18 BUILD_DEPENDS="expat-dev libx11-dev glib-dev libice-dev \ 4.19 libsm-dev libxslt xmlto libxml2-tools" # docbook-xsl 4.20 SPLIT="$PACKAGE-helper $PACKAGE-introspect $PACKAGE $PACKAGE-dev" 4.21 4.22 +COPY_helper="dbus-daemon-launch-helper" 4.23 +COPY_introspect="introspect.*" 4.24 + 4.25 +DEPENDS_helper="$PACKAGE expat" 4.26 +DEPENDS_introspect="libxml2-tools" 4.27 +DEPENDS_std="expat libx11 slitaz-base-files" 4.28 + 4.29 +CAT_helper="x-window|dbus-daemon-launch-helper" 4.30 +CAT_introspect="development|introspect DTD & XSL" 4.31 + 4.32 +CONFIG_FILES_std="/etc/dbus-1/session.conf /etc/dbus-1/system.conf /etc/dbus-1/system.d/" 4.33 + 4.34 compile_rules() { 4.35 # temporarily: --disable-xml-docs 4.36 ./configure \ 4.37 @@ -41,27 +54,6 @@ 4.38 cp doc/introspect.* $install/usr/share/xml/docbook/stylesheet/dbus 4.39 } 4.40 4.41 -genpkg_rules() { 4.42 - case $PACKAGE in 4.43 - dbus-helper) 4.44 - copy dbus-daemon-launch-helper 4.45 - CAT="x-window|dbus-daemon-launch-helper" 4.46 - DEPENDS="dbus expat" 4.47 - ;; 4.48 - dbus-introspect) 4.49 - copy introspect.* 4.50 - CAT="development|introspect DTD & XSL" 4.51 - DEPENDS="libxml2-tools" 4.52 - ;; 4.53 - dbus) 4.54 - copy @std @rm 4.55 - DEPENDS="expat libx11 slitaz-base-files" 4.56 - CONFIG_FILES="/etc/dbus-1/session.conf /etc/dbus-1/system.conf /etc/dbus-1/system.d/" 4.57 - ;; 4.58 - *-dev) copy @dev;; 4.59 - esac 4.60 -} 4.61 - 4.62 pre_install_dbus() { 4.63 # Go for echoing on configuration files if any messagebus user 4.64 # was found.
5.1 --- a/dialog/receipt Tue Dec 25 14:44:32 2018 +0200 5.2 +++ b/dialog/receipt Tue Dec 25 19:30:28 2018 +0200 5.3 @@ -1,7 +1,7 @@ 5.4 # SliTaz package receipt v2. 5.5 5.6 PACKAGE="dialog" 5.7 -VERSION="1.3-20181022" 5.8 +VERSION="1.3-20181107" 5.9 CATEGORY="base-system" 5.10 SHORT_DESC="Script-interpreter which provides a set of curses widgets" 5.11 MAINTAINER="devel@slitaz.org" 5.12 @@ -9,11 +9,14 @@ 5.13 WEB_SITE="http://invisible-island.net/dialog/" # "HTTP/1.1 403 Forbidden" for wget 5.14 5.15 TARBALL="$PACKAGE-$VERSION.tgz" 5.16 -WGET_URL="ftp://ftp.invisible-island.net/dialog/$TARBALL" 5.17 +WGET_URL="https://invisible-mirror.net/archives/dialog/$TARBALL" 5.18 +TARBALL_SHA1="9bbfba93cf8a818251c6a4e707ba5c1135cb21a8" 5.19 5.20 BUILD_DEPENDS="ncurses-dev gettext-dev" 5.21 SPLIT="$PACKAGE-dev" 5.22 5.23 +DEPENDS_std="ncurses" 5.24 + 5.25 compile_rules() { 5.26 ./configure \ 5.27 --with-ncursesw \ 5.28 @@ -28,15 +31,3 @@ 5.29 5.30 cook_pick_manpages dialog.3 5.31 } 5.32 - 5.33 -genpkg_rules() { 5.34 - case $PACKAGE in 5.35 - dialog) 5.36 - copy @std 5.37 - DEPENDS="ncurses" 5.38 - ;; 5.39 - *-dev) 5.40 - copy @dev 5.41 - ;; 5.42 - esac 5.43 -}
6.1 --- a/doxygen/receipt Tue Dec 25 14:44:32 2018 +0200 6.2 +++ b/doxygen/receipt Tue Dec 25 19:30:28 2018 +0200 6.3 @@ -1,18 +1,22 @@ 6.4 # SliTaz package receipt v2. 6.5 6.6 PACKAGE="doxygen" 6.7 -VERSION="1.8.11" 6.8 +VERSION="1.8.14" 6.9 CATEGORY="development" 6.10 SHORT_DESC="Source code documentation generator tool" 6.11 MAINTAINER="pascal.bellard@slitaz.org" 6.12 LICENSE="GPL2" 6.13 -WEB_SITE="http://www.stack.nl/~dimitri/doxygen/" 6.14 +WEB_SITE="http://doxygen.nl/" 6.15 +LFS="http://www.linuxfromscratch.org/blfs/view/svn/general/doxygen.html" 6.16 6.17 TARBALL="$PACKAGE-$VERSION.src.tar.gz" 6.18 -WGET_URL="http://ftp.stack.nl/pub/doxygen/$TARBALL" 6.19 +WGET_URL="http://doxygen.nl/files/$TARBALL" 6.20 +TARBALL_SHA1="8f999c95d1e42d725b7cd55bef0ed2a841eb0b34" 6.21 6.22 BUILD_DEPENDS="cmake python" # graphviz 6.23 6.24 +TAGS="language documentation" 6.25 + 6.26 compile_rules() { 6.27 mkdir build 6.28 cd build 6.29 @@ -20,6 +24,7 @@ 6.30 cmake -G "Unix Makefiles" \ 6.31 -DCMAKE_BUILD_TYPE=Release \ 6.32 -DCMAKE_INSTALL_PREFIX=/usr \ 6.33 + -Wno-dev \ 6.34 .. && 6.35 make && 6.36 make install || return 1 6.37 @@ -30,8 +35,3 @@ 6.38 $install/usr/share/man/man1/${i##*/} 6.39 done 6.40 } 6.41 - 6.42 -genpkg_rules() { 6.43 - copy bin/ 6.44 - TAGS="language documentation" 6.45 -}
7.1 --- a/e2fsprogs/receipt Tue Dec 25 14:44:32 2018 +0200 7.2 +++ b/e2fsprogs/receipt Tue Dec 25 19:30:28 2018 +0200 7.3 @@ -1,7 +1,7 @@ 7.4 # SliTaz package receipt v2. 7.5 7.6 PACKAGE="e2fsprogs" 7.7 -VERSION="1.44.4" 7.8 +VERSION="1.44.5" 7.9 CATEGORY="base-system" 7.10 SHORT_DESC="Filesystem utilities for use with ext2 and ext3" 7.11 MAINTAINER="devel@slitaz.org" 7.12 @@ -11,11 +11,29 @@ 7.13 7.14 TARBALL="$PACKAGE-$VERSION.tar.gz" 7.15 WGET_URL="$SF_MIRROR/$PACKAGE/$TARBALL" 7.16 +TARBALL_SHA1="c3f64d10b6ef1a268a077838a5cafb6aaebe2986" 7.17 7.18 BUILD_DEPENDS="util-linux-uuid-dev util-linux-blkid-dev gettext-dev attr-dev \ 7.19 acl-dev texinfo" 7.20 SPLIT="libcomerr-dev $PACKAGE-dev $PACKAGE-fsck libcomerr $PACKAGE" 7.21 7.22 +COPY_libcomerr_dev="libcom_err.a com_err.h com_err.pc" 7.23 +COPY_e2fsprogs_dev="@dev *.sed *.awk @rm compile_et mk_cmds" 7.24 +COPY_fsck="sbin/fsck.*" 7.25 +COPY_libcomerr="libcom_err.so*" 7.26 + 7.27 +DEPENDS_libcomerr_dev="libcomerr" 7.28 +DEPENDS_e2fsprogs_dev="$PACKAGE $PACKAGE-fsck libcomerr-dev" 7.29 +DEPENDS_fsck="$PACKAGE libcomerr util-linux-blkid util-linux-uuid" 7.30 +DEPENDS_libcomerr=" " 7.31 +DEPENDS_std="libcomerr util-linux-blkid util-linux-uuid" 7.32 + 7.33 +CAT_libcomerr_dev="development|libcomerr development files" 7.34 +CAT_fsck="system-tools|fsck tools" 7.35 +CAT_libcomerr="base-system|libcomerr library" 7.36 + 7.37 +TAGS_std="LFS" 7.38 + 7.39 compile_rules() { 7.40 # mkdir -p $install/usr/share/man/man8/ 7.41 7.42 @@ -57,35 +75,6 @@ 7.43 fix symlinks 7.44 } 7.45 7.46 -genpkg_rules() { 7.47 - case $PACKAGE in 7.48 - libcomerr-dev) 7.49 - copy libcom_err.a com_err.h com_err.pc 7.50 - CAT="development|libcomerr development files" 7.51 - DEPENDS="libcomerr" 7.52 - ;; 7.53 - e2fsprogs-dev) 7.54 - copy @dev *.sed *.awk @rm compile_et mk_cmds 7.55 - DEPENDS="e2fsprogs e2fsprogs-fsck libcomerr-dev" 7.56 - ;; 7.57 - e2fsprogs-fsck) 7.58 - copy sbin/fsck.* 7.59 - CAT="system-tools|fsck tools" 7.60 - DEPENDS="e2fsprogs libcomerr util-linux-blkid util-linux-uuid" 7.61 - ;; 7.62 - libcomerr) 7.63 - copy libcom_err.so* 7.64 - CAT="base-system|libcomerr library" 7.65 - DEPENDS=" " 7.66 - ;; 7.67 - e2fsprogs) 7.68 - copy @std @rm 7.69 - DEPENDS="libcomerr util-linux-blkid util-linux-uuid" 7.70 - TAGS="LFS" 7.71 - ;; 7.72 - esac 7.73 -} 7.74 - 7.75 # Overlap busybox 7.76 pre_install_e2fsprogs() { 7.77 rm -f $1/sbin/tune2fs
8.1 --- a/glib/receipt Tue Dec 25 14:44:32 2018 +0200 8.2 +++ b/glib/receipt Tue Dec 25 19:30:28 2018 +0200 8.3 @@ -1,7 +1,7 @@ 8.4 # SliTaz package receipt v2. 8.5 8.6 PACKAGE="glib" 8.7 -VERSION="2.58.1" 8.8 +VERSION="2.58.2" 8.9 CATEGORY="x-window" 8.10 SHORT_DESC="C routines" 8.11 MAINTAINER="devel@slitaz.org" 8.12 @@ -11,6 +11,7 @@ 8.13 8.14 TARBALL="$PACKAGE-$VERSION.tar.xz" 8.15 WGET_URL="$GNOME_MIRROR/$PACKAGE/${VERSION%.*}/$TARBALL" 8.16 +TARBALL_SHA1="9831bbdca749a42526d0afc4b31799e8be22037c" 8.17 8.18 BUILD_DEPENDS="automake libtool zlib-dev libffi-dev gettext-dev \ 8.19 util-linux-mount-dev pcre-dev libxslt docbook-xsl elfutils-dev" 8.20 @@ -21,8 +22,8 @@ 8.21 bin/glib-gettextize bin/glib-mkenums gdb/ gettext/ glib-2.0/ @dev @rm" 8.22 8.23 DEPENDS_std="libffi libpcre util-linux-mount zlib" 8.24 -DEPENDS_dev="glib elfutils libffi libpcre pcre-dev python util-linux-mount-dev \ 8.25 -zlib-dev perl" 8.26 +DEPENDS_dev="$PACKAGE elfutils libffi libpcre pcre-dev python \ 8.27 +util-linux-mount-dev zlib-dev perl" 8.28 8.29 CAT_static="development|static libraries" 8.30
9.1 --- a/glib/stuff/patches/grefcount.patch Tue Dec 25 14:44:32 2018 +0200 9.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 9.3 @@ -1,36 +0,0 @@ 9.4 -From 57efb14f0519e0b20a789c274db7777f16c98b35 Mon Sep 17 00:00:00 2001 9.5 -From: Fabrice Fontaine <fontaine.fabrice@gmail.com> 9.6 -Date: Sat, 13 Oct 2018 23:10:33 +0200 9.7 -Subject: [PATCH] grefcount: add missing gatomic.h 9.8 -MIME-Version: 1.0 9.9 -Content-Type: text/plain; charset=UTF-8 9.10 -Content-Transfer-Encoding: 8bit 9.11 - 9.12 -Without gatomic.h, build fails on: 9.13 -In file included from garcbox.c:24:0: 9.14 -garcbox.c: In function ‘g_atomic_rc_box_acquire’: 9.15 -grefcount.h:101:13: error: implicit declaration of function ‘g_atomic_int_get’; did you mean ‘__atomic_store’? [-Werror=implicit-function-declaration] 9.16 - (void) (g_atomic_int_get (rc) == G_MAXINT ? 0 : g_atomic_int_inc ((rc))); \ 9.17 - ^ 9.18 -garcbox.c:292:3: note: in expansion of macro ‘g_atomic_ref_count_inc’ 9.19 - g_atomic_ref_count_inc (&real_box->ref_count); 9.20 - 9.21 -Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> 9.22 ---- 9.23 - glib/grefcount.h | 1 + 9.24 - 1 file changed, 1 insertion(+) 9.25 - 9.26 -diff --git a/glib/grefcount.h b/glib/grefcount.h 9.27 -index dec9a5ffb..b6eced1b7 100644 9.28 ---- a/glib/grefcount.h 9.29 -+++ b/glib/grefcount.h 9.30 -@@ -23,6 +23,7 @@ 9.31 - #error "Only <glib.h> can be included directly." 9.32 - #endif 9.33 - 9.34 -+#include <glib/gatomic.h> 9.35 - #include <glib/gtypes.h> 9.36 - 9.37 - G_BEGIN_DECLS 9.38 --- 9.39 -2.18.1
10.1 --- a/glib/stuff/patches/series Tue Dec 25 14:44:32 2018 +0200 10.2 +++ b/glib/stuff/patches/series Tue Dec 25 19:30:28 2018 +0200 10.3 @@ -3,6 +3,3 @@ 10.4 10.5 # from https://www.archlinux.org/packages/core/x86_64/glib2/ 10.6 noisy-glib-compile-schemas.diff 10.7 - 10.8 -# from https://gitlab.gnome.org/GNOME/glib/commit/57efb14f0519e0b20a789c274db7777f16c98b35 10.9 -grefcount.patch
11.1 --- a/grep/receipt Tue Dec 25 14:44:32 2018 +0200 11.2 +++ b/grep/receipt Tue Dec 25 19:30:28 2018 +0200 11.3 @@ -1,7 +1,7 @@ 11.4 # SliTaz package receipt v2. 11.5 11.6 PACKAGE="grep" 11.7 -VERSION="3.1" 11.8 +VERSION="3.3" 11.9 CATEGORY="development" 11.10 SHORT_DESC="GNU Global Regular Expression Print" 11.11 MAINTAINER="paul@slitaz.org" 11.12 @@ -11,19 +11,18 @@ 11.13 11.14 TARBALL="$PACKAGE-$VERSION.tar.xz" 11.15 WGET_URL="$GNU_MIRROR/$PACKAGE/$TARBALL" 11.16 +TARBALL_SHA1="e0befe21e7d9caa8e5e98385c96355d890f83123" 11.17 11.18 BUILD_DEPENDS="pcre-dev perl gettext-dev" 11.19 +DEPENDS="libpcre" 11.20 + 11.21 +TAGS="LFS" 11.22 11.23 compile_rules() { 11.24 + # use --bindir to move from /usr/bin/ to /bin/ 11.25 ./configure \ 11.26 --bindir=/bin \ 11.27 $CONFIGURE_ARGS && 11.28 make && 11.29 make install 11.30 } 11.31 - 11.32 -genpkg_rules() { 11.33 - copy @std 11.34 - DEPENDS="libpcre" 11.35 - TAGS="LFS" 11.36 -}
12.1 --- a/itstool/receipt Tue Dec 25 14:44:32 2018 +0200 12.2 +++ b/itstool/receipt Tue Dec 25 19:30:28 2018 +0200 12.3 @@ -1,26 +1,25 @@ 12.4 # SliTaz package receipt v2. 12.5 12.6 PACKAGE="itstool" 12.7 -VERSION="2.0.4" 12.8 +VERSION="2.0.5" 12.9 CATEGORY="utilities" 12.10 SHORT_DESC="ITS-based XML translation tool" 12.11 MAINTAINER="al.bobylev@gmail.com" 12.12 LICENSE="GPL3" 12.13 WEB_SITE="http://itstool.org/" 12.14 +LFS="http://www.linuxfromscratch.org/blfs/view/svn/pst/itstool.html" 12.15 HOST_ARCH="any" 12.16 12.17 TARBALL="$PACKAGE-$VERSION.tar.bz2" 12.18 WGET_URL="http://files.itstool.org/itstool/$TARBALL" 12.19 +TARBALL_SHA1="0341f6e980c00f95c6a5652228578cb13ebf0d98" 12.20 12.21 BUILD_DEPENDS="libxml2-python" 12.22 +DEPENDS="libxml2-python" 12.23 12.24 compile_rules() { 12.25 + PYTHON=/usr/bin/python3 \ 12.26 ./configure $CONFIGURE_ARGS && 12.27 make && 12.28 make install 12.29 } 12.30 - 12.31 -genpkg_rules() { 12.32 - copy @std 12.33 - DEPENDS="libxml2-python" 12.34 -}
13.1 --- a/jansson/receipt Tue Dec 25 14:44:32 2018 +0200 13.2 +++ b/jansson/receipt Tue Dec 25 19:30:28 2018 +0200 13.3 @@ -1,28 +1,25 @@ 13.4 # SliTaz package receipt v2. 13.5 13.6 PACKAGE="jansson" 13.7 -VERSION="2.11" 13.8 +VERSION="2.12" 13.9 CATEGORY="x-window" 13.10 SHORT_DESC="C library for encoding, decoding and manipulating JSON data" 13.11 MAINTAINER="devel@slitaz.org" 13.12 LICENSE="MIT" 13.13 WEB_SITE="http://www.digip.org/jansson/" 13.14 +LFS="http://www.linuxfromscratch.org/blfs/view/svn/general/jansson.html" 13.15 13.16 TARBALL="$PACKAGE-$VERSION.tar.bz2" 13.17 WGET_URL="http://www.digip.org/jansson/releases/$TARBALL" 13.18 +TARBALL_SHA1="77ed68c3aad79bec666996cbcf2c93216123a5e9" 13.19 13.20 SPLIT="$PACKAGE-dev" 13.21 13.22 compile_rules() { 13.23 - ./configure $CONFIGURE_ARGS && 13.24 + ./configure \ 13.25 + --disable-static \ 13.26 + $CONFIGURE_ARGS && 13.27 fix libtool && 13.28 make && 13.29 make install 13.30 } 13.31 - 13.32 -genpkg_rules() { 13.33 - case $PACKAGE in 13.34 - jansson) copy @std;; 13.35 - *-dev) copy @dev;; 13.36 - esac 13.37 -}
14.1 --- a/jbig2dec/receipt Tue Dec 25 14:44:32 2018 +0200 14.2 +++ b/jbig2dec/receipt Tue Dec 25 19:30:28 2018 +0200 14.3 @@ -1,29 +1,28 @@ 14.4 # SliTaz package receipt v2. 14.5 14.6 PACKAGE="jbig2dec" 14.7 -VERSION="0.11" 14.8 +VERSION="0.15" 14.9 CATEGORY="development" 14.10 SHORT_DESC="Decoder implementation of the JBIG2 image compressiong format" 14.11 MAINTAINER="devel@slitaz.org" 14.12 LICENSE="GPL3" 14.13 -WEB_SITE="https://sourceforge.net/projects/jbig2dec/" 14.14 +WEB_SITE="https://jbig2dec.com/" 14.15 14.16 -TARBALL="$PACKAGE-$VERSION.tar.xz" 14.17 -WGET_URL="$SF_MIRROR/$PACKAGE/$TARBALL" 14.18 +TARBALL="$PACKAGE-$VERSION.tar.gz" 14.19 +WGET_URL="https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs924/$TARBALL" 14.20 +TARBALL_SHA1="54f184c07497feb9f96ed67a59715fda92f7b79d" 14.21 14.22 -BUILD_DEPENDS="libpng-dev" 14.23 +BUILD_DEPENDS="automake libtool libpng-dev" 14.24 SPLIT="$PACKAGE-dev" 14.25 14.26 +DEPENDS_std="libpng" 14.27 + 14.28 compile_rules() { 14.29 - ./configure $CONFIGURE_ARGS && 14.30 + autoreconf -vif 14.31 + ./configure \ 14.32 + --disable-static \ 14.33 + $CONFIGURE_ARGS && 14.34 fix libtool && 14.35 make && 14.36 make install 14.37 } 14.38 - 14.39 -genpkg_rules() { 14.40 - case $PACKAGE in 14.41 - jbig2dec) copy @std;; 14.42 - *-dev) copy @dev;; 14.43 - esac 14.44 -}
15.1 --- a/libfm-extra/receipt Tue Dec 25 14:44:32 2018 +0200 15.2 +++ b/libfm-extra/receipt Tue Dec 25 19:30:28 2018 +0200 15.3 @@ -1,7 +1,7 @@ 15.4 # SliTaz package receipt v2. 15.5 15.6 PACKAGE="libfm-extra" 15.7 -VERSION="1.3.0.2" 15.8 +VERSION="1.3.1" 15.9 CATEGORY="system-tools" 15.10 SHORT_DESC="Library and other files required by menu-cache-gen" 15.11 MAINTAINER="al.bobylev@gmail.com" 15.12 @@ -11,16 +11,19 @@ 15.13 REPOLOGY="libfm" 15.14 15.15 TARBALL="libfm-$VERSION.tar.xz" 15.16 -#WGET_URL="$SF_MIRROR/pcmanfm/$TARBALL" # SF download problems 15.17 WGET_URL="https://git.lxde.org/gitweb/?p=lxde/libfm.git;a=snapshot;h=$VERSION;sf=txz" 15.18 +TARBALL_SHA1="34dc0795e8a8a2dec735fdedc7b7cfc5412d8174" 15.19 15.20 BUILD_DEPENDS="automake gtk-doc libtool gettext-dev intltool glib-dev" 15.21 SPLIT="$PACKAGE-dev" 15.22 + 15.23 +DEPENDS_std="glib" 15.24 +DEPENDS_dev="$PACKAGE glib-dev" 15.25 + 15.26 SIBLINGS="libfm" 15.27 15.28 compile_rules() { 15.29 - # tarball from git.lxde.org requires this step 15.30 - [ -e "$src/configure" ] || ./autogen.sh 15.31 + ./autogen.sh 15.32 15.33 ./configure \ 15.34 --with-extra-only \ 15.35 @@ -31,16 +34,3 @@ 15.36 make && 15.37 make install 15.38 } 15.39 - 15.40 -genpkg_rules() { 15.41 - case $PACKAGE in 15.42 - libfm-extra) 15.43 - copy @std 15.44 - DEPENDS="glib" 15.45 - ;; 15.46 - *-dev) 15.47 - copy @dev 15.48 - DEPENDS="libfm-extra glib-dev" 15.49 - ;; 15.50 - esac 15.51 -}
16.1 --- a/libfm/receipt Tue Dec 25 14:44:32 2018 +0200 16.2 +++ b/libfm/receipt Tue Dec 25 19:30:28 2018 +0200 16.3 @@ -1,7 +1,7 @@ 16.4 # SliTaz package receipt v2. 16.5 16.6 PACKAGE="libfm" 16.7 -VERSION="1.3.0.2" 16.8 +VERSION="1.3.1" 16.9 CATEGORY="system-tools" 16.10 SHORT_DESC="File management support" 16.11 MAINTAINER="devel@slitaz.org" 16.12 @@ -10,17 +10,31 @@ 16.13 LFS="http://www.linuxfromscratch.org/blfs/view/svn/lxde/libfm.html" 16.14 16.15 TARBALL="$PACKAGE-$VERSION.tar.xz" 16.16 -#WGET_URL="$SF_MIRROR/pcmanfm/$TARBALL" # SF download problems 16.17 WGET_URL="https://git.lxde.org/gitweb/?p=lxde/libfm.git;a=snapshot;h=$VERSION;sf=txz" 16.18 +TARBALL_SHA1="34dc0795e8a8a2dec735fdedc7b7cfc5412d8174" 16.19 16.20 BUILD_DEPENDS="automake gtk-doc libtool gettext-dev glib-dev intltool vala \ 16.21 gtk2-dev pango-dev cairo-dev menu-cache-dev libexif-dev" 16.22 +SPLIT="$PACKAGE-gtk $PACKAGE $PACKAGE-dev" 16.23 + 16.24 +COPY_gtk="bin/ applications/ images/ ui/ libfm-gtk.so* gtk*.so" 16.25 + 16.26 +DEPENDS_std="glib libexif libfm-extra menu-cache" 16.27 +DEPENDS_gtk="$PACKAGE atk cairo gdk-pixbuf glib gtk2 menu-cache pango" 16.28 +DEPENDS_dev="$PACKAGE $PACKAGE-gtk libfm-extra-dev glib-dev gtk2-dev" 16.29 + 16.30 +CAT_std="system-tools|core library" 16.31 +CAT_gtk="system-tools|GTK+2 GUI library" 16.32 + 16.33 +SUGGESTED_std="gvfs" 16.34 +CONFIG_FILES_std="/etc/xdg/libfm/libfm.conf" 16.35 +PROVIDE_gtk="lxshortcut" 16.36 + 16.37 +COOKOPTS="!menus" 16.38 SIBLINGS="libfm-extra" 16.39 -SPLIT="$PACKAGE-gtk $PACKAGE-dev" 16.40 16.41 compile_rules() { 16.42 - # tarball from git.lxde.org requires this step 16.43 - [ -e "$src/configure" ] || ./autogen.sh 16.44 + ./autogen.sh 16.45 16.46 ./configure \ 16.47 --disable-static \ 16.48 @@ -31,37 +45,14 @@ 16.49 16.50 # remove useless file 16.51 rm -r $install/usr/share/mime/ 16.52 + 16.53 # remove libfm-extra package files 16.54 find $install \( -name 'libfm-extra*' -o -name 'fm-extra.h' -o \ 16.55 -name 'fm-version.h' -o -name 'fm-xml-file.h' \) -delete 16.56 + 16.57 + # define terminal 16.58 + sed -i 2i\ 'terminal=terminal' $install/etc/xdg/libfm/libfm.conf 16.59 + 16.60 + # set small & pane icon size to 16 16.61 + sed -i 's|\(\(small\|pane\)_icon_size=\).*|\116|' $install/etc/xdg/libfm/libfm.conf 16.62 } 16.63 - 16.64 -genpkg_rules() { 16.65 - case $PACKAGE in 16.66 - libfm) 16.67 - copy etc/ libfm.so* vfs*.so *.list 16.68 - # define terminal 16.69 - sed -i 2i\ 'terminal=terminal' $fs/etc/xdg/libfm/libfm.conf 16.70 - # set small & pane icon size to 16 16.71 - sed -i 's|\(\(small\|pane\)_icon_size=\).*|\116|' \ 16.72 - $fs/etc/xdg/libfm/libfm.conf 16.73 - 16.74 - CAT="system-tools|core library" 16.75 - DEPENDS="glib libexif libfm-extra menu-cache" 16.76 - COOKOPTS="!menus" 16.77 - SUGGESTED="gvfs" 16.78 - CONFIG_FILES="/etc/xdg/libfm/libfm.conf" 16.79 - ;; 16.80 - libfm-gtk) 16.81 - copy bin/ applications/ images/ ui/ libfm-gtk.so* gtk*.so 16.82 - CAT="system-tools|GTK+2 GUI library" 16.83 - DEPENDS="atk cairo gdk-pixbuf glib gtk2 libfm menu-cache pango" 16.84 - PROVIDE="lxshortcut" 16.85 - ;; 16.86 - libfm-dev) 16.87 - copy @dev 16.88 - DEPENDS="libfm libfm-gtk libfm-extra-dev \ 16.89 - glib-dev gtk2-dev" 16.90 - ;; 16.91 - esac 16.92 -}
17.1 --- a/libgpg-error/receipt Tue Dec 25 14:44:32 2018 +0200 17.2 +++ b/libgpg-error/receipt Tue Dec 25 19:30:28 2018 +0200 17.3 @@ -1,7 +1,7 @@ 17.4 # SliTaz package receipt v2. 17.5 17.6 PACKAGE="libgpg-error" 17.7 -VERSION="1.32" 17.8 +VERSION="1.33" 17.9 CATEGORY="security" 17.10 SHORT_DESC="Commons error messages for GnuPG" 17.11 MAINTAINER="devel@slitaz.org" 17.12 @@ -11,27 +11,19 @@ 17.13 17.14 TARBALL="$PACKAGE-$VERSION.tar.bz2" 17.15 WGET_URL="https://www.gnupg.org/ftp/gcrypt/libgpg-error/$TARBALL" 17.16 +TARBALL_SHA1="bd40bf4cb6a0b725f5ea91b68d6ae5aeb387a750" 17.17 # https://www.gnupg.org/download/integrity_check.html 17.18 -TARBALL_SHA1="e310718c7737c816cb1313a2f3baf60fd6a6d5d3" 17.19 17.20 BUILD_DEPENDS="gettext-dev" 17.21 -SPLIT="$PACKAGE-dev" 17.22 +SPLIT="$PACKAGE-dev $PACKAGE" 17.23 + 17.24 +COPY_dev="@dev common-lisp/" 17.25 17.26 compile_rules() { 17.27 ./configure $CONFIGURE_ARGS && 17.28 fix libtool && 17.29 make && 17.30 - make install 17.31 + make install || return 1 17.32 + 17.33 + cook_pick_docs README 17.34 } 17.35 - 17.36 -genpkg_rules() { 17.37 - case $PACKAGE in 17.38 - libgpg-error) 17.39 - copy @std 17.40 - rm -r $fs/usr/share/common-lisp/ 17.41 - ;; 17.42 - *-dev) 17.43 - copy @std @dev @rm 17.44 - ;; 17.45 - esac 17.46 -}
18.1 --- a/libidn/receipt Tue Dec 25 14:44:32 2018 +0200 18.2 +++ b/libidn/receipt Tue Dec 25 19:30:28 2018 +0200 18.3 @@ -1,7 +1,7 @@ 18.4 # SliTaz package receipt v2. 18.5 18.6 PACKAGE="libidn" 18.7 -VERSION="1.33" 18.8 +VERSION="1.35" 18.9 CATEGORY="system-tools" 18.10 SHORT_DESC="Encode and decode internationalized domain names" 18.11 MAINTAINER="pascal.bellard@slitaz.org" 18.12 @@ -11,6 +11,7 @@ 18.13 18.14 TARBALL="$PACKAGE-$VERSION.tar.gz" 18.15 WGET_URL="$GNU_MIRROR/$PACKAGE/$TARBALL" 18.16 +TARBALL_SHA1="d06a1e04caf5478cfb3ce525a83701a73b564fca" 18.17 18.18 BUILD_DEPENDS="gettext-dev" 18.19 SPLIT="$PACKAGE-dev" 18.20 @@ -23,10 +24,3 @@ 18.21 make $MAKEFLAGS && 18.22 make install 18.23 } 18.24 - 18.25 -genpkg_rules() { 18.26 - case $PACKAGE in 18.27 - libidn) copy @std;; 18.28 - *-dev) copy @dev;; 18.29 - esac 18.30 -}
19.1 --- a/libjpeg-turbo/receipt Tue Dec 25 14:44:32 2018 +0200 19.2 +++ b/libjpeg-turbo/receipt Tue Dec 25 19:30:28 2018 +0200 19.3 @@ -1,7 +1,7 @@ 19.4 # SliTaz package receipt v2. 19.5 19.6 PACKAGE="libjpeg-turbo" 19.7 -VERSION="2.0.0" 19.8 +VERSION="2.0.1" 19.9 CATEGORY="graphics" 19.10 SHORT_DESC="Accelerated JPEG image codec" 19.11 MAINTAINER="pascal.bellard@slitaz.org" 19.12 @@ -11,36 +11,32 @@ 19.13 19.14 TARBALL="$PACKAGE-$VERSION.tar.gz" 19.15 WGET_URL="$SF_MIRROR/$PACKAGE/$TARBALL" 19.16 +TARBALL_SHA1="7ea4a288bccbb5a2d5bfad5fb328d4a839853f4e" 19.17 19.18 BUILD_DEPENDS="cmake nasm" 19.19 SPLIT="jpeg-turbo $PACKAGE-dev" 19.20 19.21 +COPY_std="*.so*" 19.22 +COPY_jpeg_turbo="bin/" 19.23 + 19.24 +DEPENDS_jpeg_turbo="$PACKAGE" 19.25 + 19.26 +CAT_jpeg_turbo="graphics|programs" 19.27 + 19.28 +TAGS_std="JPEG" 19.29 +PROVIDE_std="libjpeg" 19.30 + 19.31 compile_rules() { 19.32 mkdir build 19.33 cd build 19.34 cmake \ 19.35 -DCMAKE_INSTALL_PREFIX=/usr \ 19.36 - -DCMAKE_INSTALL_LIBDIR=/usr/lib \ 19.37 + -DCMAKE_BUILD_TYPE=RELEASE \ 19.38 -DENABLE_STATIC=FALSE \ 19.39 + -DCMAKE_INSTALL_DOCDIR=/usr/share/doc/$PACKAGE-$VERSION \ 19.40 + -DCMAKE_INSTALL_DEFAULT_LIBDIR=lib \ 19.41 -DWITH_JPEG8=TRUE \ 19.42 .. && 19.43 make && 19.44 make install 19.45 } 19.46 - 19.47 -genpkg_rules() { 19.48 - case $PACKAGE in 19.49 - libjpeg-turbo) 19.50 - copy *.so* 19.51 - TAGS="jpeg jpg" 19.52 - PROVIDE="libjpeg" 19.53 - ;; 19.54 - jpeg-turbo) 19.55 - copy bin/ 19.56 - DEPENDS="libjpeg-turbo" 19.57 - CAT="x-window|programs" 19.58 - TAGS="jpeg jpg" 19.59 - ;; 19.60 - *-dev) copy @dev;; 19.61 - esac 19.62 -}
20.1 --- a/librefox/receipt Tue Dec 25 14:44:32 2018 +0200 20.2 +++ b/librefox/receipt Tue Dec 25 19:30:28 2018 +0200 20.3 @@ -50,8 +50,8 @@ 20.4 # Make symlinks relative 20.5 fix symlinks 20.6 20.7 - # Allow user updates (save user's and our traffic) 20.8 - chmod -R o+w $install$fx 20.9 +# # Allow user updates (save user's and our traffic) 20.10 +# chmod -R o+w $install$fx 20.11 20.12 # Desktop shortcuts 20.13 cp $stuff/*.desktop $install/usr/share/applications
21.1 --- a/libtirpc/receipt Tue Dec 25 14:44:32 2018 +0200 21.2 +++ b/libtirpc/receipt Tue Dec 25 19:30:28 2018 +0200 21.3 @@ -1,7 +1,7 @@ 21.4 # SliTaz package receipt v2. 21.5 21.6 PACKAGE="libtirpc" 21.7 -VERSION="1.0.3" 21.8 +VERSION="1.1.4" 21.9 CATEGORY="system-tools" 21.10 SHORT_DESC="Transport-Independent RPC library" 21.11 MAINTAINER="pascal.bellard@slitaz.org" 21.12 @@ -11,15 +11,16 @@ 21.13 21.14 TARBALL="$PACKAGE-$VERSION.tar.bz2" 21.15 WGET_URL="$SF_MIRROR/$PACKAGE/$TARBALL" 21.16 +TARBALL_SHA1="d85717035cb9bd6c45557a1eb1351d3af9a69ff7" 21.17 21.18 SPLIT="$PACKAGE-dev" 21.19 21.20 compile_rules() { 21.21 ./configure \ 21.22 - --sysconfdir=/etc \ 21.23 --disable-static \ 21.24 --disable-gssapi \ 21.25 $CONFIGURE_ARGS && 21.26 + fix libtool && 21.27 make && 21.28 make install || return 1 21.29 21.30 @@ -27,10 +28,3 @@ 21.31 mv -v $install/usr/lib/libtirpc.so.* $install/lib 21.32 ln -sfv ../../lib/$(readlink $install/lib/libtirpc.so.3) $install/usr/lib/libtirpc.so 21.33 } 21.34 - 21.35 -genpkg_rules() { 21.36 - case $PACKAGE in 21.37 - libtirpc) copy @std;; 21.38 - *-dev) copy @dev;; 21.39 - esac 21.40 -}
22.1 --- a/libuv/receipt Tue Dec 25 14:44:32 2018 +0200 22.2 +++ b/libuv/receipt Tue Dec 25 19:30:28 2018 +0200 22.3 @@ -1,7 +1,7 @@ 22.4 # SliTaz package receipt v2. 22.5 22.6 PACKAGE="libuv" 22.7 -VERSION="1.23.0" 22.8 +VERSION="1.24.1" 22.9 CATEGORY="libs" 22.10 SHORT_DESC="Cross-platform asychronous I/O" 22.11 MAINTAINER="al.bobylev@gmail.com" 22.12 @@ -11,27 +11,19 @@ 22.13 22.14 TARBALL="$PACKAGE-v$VERSION.tar.gz" 22.15 WGET_URL="https://dist.libuv.org/dist/v$VERSION/$TARBALL" 22.16 +TARBALL_SHA1="f229572bd589585ff4d18f964c613b06f4f1ed6f" 22.17 22.18 BUILD_DEPENDS="automake libtool libnsl-dev" 22.19 SPLIT="$PACKAGE-dev" 22.20 22.21 +DEPENDS_std="libnsl" 22.22 + 22.23 compile_rules() { 22.24 ./autogen.sh && 22.25 ./configure \ 22.26 --disable-static \ 22.27 $CONFIGURE_ARGS && 22.28 + fix libtool && 22.29 make && 22.30 make install 22.31 } 22.32 - 22.33 -genpkg_rules() { 22.34 - case $PACKAGE in 22.35 - libuv) 22.36 - copy @std 22.37 - DEPENDS="libnsl" 22.38 - ;; 22.39 - *-dev) 22.40 - copy @dev 22.41 - ;; 22.42 - esac 22.43 -}
23.1 --- a/libwebp/receipt Tue Dec 25 14:44:32 2018 +0200 23.2 +++ b/libwebp/receipt Tue Dec 25 19:30:28 2018 +0200 23.3 @@ -10,16 +10,16 @@ 23.4 LFS="http://www.linuxfromscratch.org/blfs/view/svn/general/libwebp.html" 23.5 23.6 TARBALL="$PACKAGE-$VERSION.tar.gz" 23.7 -WGET_URL="https://storage.googleapis.com/downloads.webmproject.org/releases/webp/$TARBALL" 23.8 +WGET_URL="http://downloads.webmproject.org/releases/webp/$TARBALL" 23.9 +TARBALL_SHA1="038530d5b30d724bcaac04f009999148cf66cb59" 23.10 23.11 BUILD_DEPENDS="libpng-dev libjpeg-turbo-dev tiff-dev giflib-dev" 23.12 -SPLIT="$PACKAGE-apps $PACKAGE-dev" 23.13 +SPLIT="webp $PACKAGE $PACKAGE-dev" 23.14 23.15 -COPY_std="*.so*" 23.16 -COPY_apps="bin/" 23.17 +COPY_webp="bin/" 23.18 23.19 -CAT_apps="graphics|applications" 23.20 -DEPENDS_apps="$PACKAGE giflib libjpeg-turbo libpng libtiff" 23.21 +CAT_webp="graphics|applications" 23.22 +DEPENDS_webp="$PACKAGE giflib libjpeg-turbo libpng libtiff" 23.23 23.24 compile_rules() { 23.25 ./configure \
24.1 --- a/libxml2/receipt Tue Dec 25 14:44:32 2018 +0200 24.2 +++ b/libxml2/receipt Tue Dec 25 19:30:28 2018 +0200 24.3 @@ -10,56 +10,36 @@ 24.4 LFS="http://www.linuxfromscratch.org/blfs/view/svn/general/libxml2.html" 24.5 24.6 TARBALL="$PACKAGE-$VERSION.tar.gz" 24.7 -WGET_URL="ftp://xmlsoft.org/libxml2/$TARBALL" 24.8 +WGET_URL="http://xmlsoft.org/sources/$TARBALL" 24.9 +TARBALL_SHA1="66bcefd98a6b7573427cf66f9d3841b59eb5b8c3" 24.10 24.11 -BUILD_DEPENDS="zlib-dev xz-dev python-dev ncurses-dev readline-dev" 24.12 -SPLIT="$PACKAGE-tools $PACKAGE-python $PACKAGE-dev $PACKAGE-min:min" 24.13 +BUILD_DEPENDS="zlib-dev xz-dev python3-dev ncurses-dev readline-dev" 24.14 +SPLIT="$PACKAGE-tools $PACKAGE-python $PACKAGE-dev" 24.15 24.16 -# Note: libxml2 can be build using option --with-minimum 24.17 -# and binaries are splited into libxml2-tools 24.18 +COPY_std="libxml2.so*" 24.19 +COPY_tools="xmllint xmlcatalog" 24.20 +COPY_python="site-packages/*.py libxml2mod.so" 24.21 +COPY_dev="@dev *.sh" 24.22 + 24.23 +DEPENDS_std="liblzma zlib" 24.24 +DEPENDS_tools="$PACKAGE readline" 24.25 +DEPENDS_python="$PACKAGE python3" # libxslt 24.26 +DEPENDS_dev="xz-dev zlib-dev $PACKAGE-tools" 24.27 + 24.28 +CAT_tools="system-tools|utilities" 24.29 +CAT_python="development|adapter for the Python" 24.30 + 24.31 compile_rules() { 24.32 - case $SET in 24.33 - min) SET_ARGS='--with-minimum';; 24.34 - esac 24.35 + sed -i '/_PyVerify_fd/,+1d' python/types.c 24.36 24.37 - # autoreconf -fi 24.38 ./configure \ 24.39 --disable-static \ 24.40 - --with-html-dir=/usr/share/doc \ 24.41 - --with-threads \ 24.42 --with-history \ 24.43 - $CONFIGURE_ARGS $SET_ARGS && 24.44 + --with-python=/usr/bin/python3 \ 24.45 + $CONFIGURE_ARGS && 24.46 fix libtool && 24.47 make && 24.48 - make DESTDIR=$install install || return 1 24.49 + make install || return 1 24.50 24.51 - find $install -name '*.sh' -exec chmod +x \{\} \; 24.52 + find $install -name '*.sh' -exec chmod +x '{}' \; 24.53 } 24.54 - 24.55 -genpkg_rules() { 24.56 - case $PACKAGE in 24.57 - libxml2) 24.58 - copy libxml2.so* 24.59 - DEPENDS="liblzma zlib" 24.60 - ;; 24.61 - libxml2-tools) 24.62 - copy xmllint xmlcatalog 24.63 - CAT="system-tools|xmllint tester and xmlcatalog parser utility" 24.64 - DEPENDS="libxml2 readline" 24.65 - ;; 24.66 - libxml2-python) 24.67 - copy python2.7/; find $fs -name '*.la' -delete 24.68 - CAT="development|adapter for the Python" 24.69 - DEPENDS="libxml2 python" # libxslt 24.70 - ;; 24.71 - libxml2-dev) 24.72 - copy @dev *.sh 24.73 - DEPENDS="xz-dev zlib-dev libxml2-tools" 24.74 - ;; 24.75 - libxml2-min) 24.76 - copy libxml2.so* 24.77 - CAT="system-tools|minimally sized library" 24.78 - DEPENDS="liblzma" 24.79 - ;; 24.80 - esac 24.81 -}
25.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 25.2 +++ b/libxml2/stuff/patches/libxml2-2.9.8-python3_hack-1.patch Tue Dec 25 19:30:28 2018 +0200 25.3 @@ -0,0 +1,41 @@ 25.4 +Submitted By: Pierre Labastie <pierre dot labastie at neuf dot fr> 25.5 +Date: 2017-11-23 25.6 +Initial Package Version: 2.9.7 25.7 +Upstream Status: Bug reported (https://bugzilla.gnome.org/show_bug.cgi?id=789714) 25.8 +Origin: Jan Majetek/OpenSuse (https://bugzilla.opensuse.org/show_bug.cgi?id=1065270) 25.9 +Description: Fix a segfault in the Python 3 module. It is only a hack. 25.10 + 25.11 +Index: libxml2-2.9.5/python/libxml.c 25.12 +=================================================================== 25.13 +--- libxml2-2.9.5.orig/python/libxml.c 25.14 ++++ libxml2-2.9.5/python/libxml.c 25.15 +@@ -1620,6 +1620,7 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU 25.16 + PyObject *message; 25.17 + PyObject *result; 25.18 + char str[1000]; 25.19 ++ unsigned char *ptr = (unsigned char *)str; 25.20 + 25.21 + #ifdef DEBUG_ERROR 25.22 + printf("libxml_xmlErrorFuncHandler(%p, %s, ...) called\n", ctx, msg); 25.23 +@@ -1636,12 +1637,20 @@ libxml_xmlErrorFuncHandler(ATTRIBUTE_UNU 25.24 + str[999] = 0; 25.25 + va_end(ap); 25.26 + 25.27 ++#if PY_MAJOR_VERSION >= 3 25.28 ++ /* Ensure the error string doesn't start at UTF8 continuation. */ 25.29 ++ while (*ptr && (*ptr & 0xc0) == 0x80) 25.30 ++ ptr++; 25.31 ++#endif 25.32 ++ 25.33 + list = PyTuple_New(2); 25.34 + PyTuple_SetItem(list, 0, libxml_xmlPythonErrorFuncCtxt); 25.35 + Py_XINCREF(libxml_xmlPythonErrorFuncCtxt); 25.36 +- message = libxml_charPtrConstWrap(str); 25.37 ++ message = libxml_charPtrConstWrap(ptr); 25.38 + PyTuple_SetItem(list, 1, message); 25.39 + result = PyEval_CallObject(libxml_xmlPythonErrorFuncHandler, list); 25.40 ++ /* Forget any errors caused in the error handler. */ 25.41 ++ PyErr_Clear(); 25.42 + Py_XDECREF(list); 25.43 + Py_XDECREF(result); 25.44 + }
26.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 26.2 +++ b/libxml2/stuff/patches/series Tue Dec 25 19:30:28 2018 +0200 26.3 @@ -0,0 +1,2 @@ 26.4 +# from BLFS 26.5 +libxml2-2.9.8-python3_hack-1.patch
27.1 --- a/opus/receipt Tue Dec 25 14:44:32 2018 +0200 27.2 +++ b/opus/receipt Tue Dec 25 19:30:28 2018 +0200 27.3 @@ -1,7 +1,7 @@ 27.4 # SliTaz package receipt v2. 27.5 27.6 PACKAGE="opus" 27.7 -VERSION="1.2.1" 27.8 +VERSION="1.3" 27.9 CATEGORY="multimedia" 27.10 SHORT_DESC="Totally open, royalty-free, highly versatile audio codec" 27.11 MAINTAINER="pascal.bellard@slitaz.org" 27.12 @@ -11,6 +11,7 @@ 27.13 27.14 TARBALL="$PACKAGE-$VERSION.tar.gz" 27.15 WGET_URL="https://archive.mozilla.org/pub/opus/$TARBALL" 27.16 +TARBALL_SHA1="63088df89c6d868bfb160a1eff1797cb5fe42fee" 27.17 27.18 SPLIT="$PACKAGE-dev" 27.19 27.20 @@ -22,10 +23,3 @@ 27.21 make && 27.22 make install 27.23 } 27.24 - 27.25 -genpkg_rules() { 27.26 - case $PACKAGE in 27.27 - opus) copy @std;; 27.28 - *-dev) copy @dev;; 27.29 - esac 27.30 -}
28.1 --- a/opusfile/receipt Tue Dec 25 14:44:32 2018 +0200 28.2 +++ b/opusfile/receipt Tue Dec 25 19:30:28 2018 +0200 28.3 @@ -1,7 +1,7 @@ 28.4 # SliTaz package receipt v2. 28.5 28.6 PACKAGE="opusfile" 28.7 -VERSION="0.10" 28.8 +VERSION="0.11" 28.9 CATEGORY="multimedia" 28.10 SHORT_DESC="Library for opening, seeking, and decoding .opus files" 28.11 MAINTAINER="al.bobylev@gmail.com" 28.12 @@ -10,26 +10,19 @@ 28.13 28.14 TARBALL="$PACKAGE-$VERSION.tar.gz" 28.15 WGET_URL="https://downloads.xiph.org/releases/opus/$TARBALL" 28.16 +TARBALL_SHA1="fc3bf2a73be16836a16d9e55ff1097de3835dce3" 28.17 28.18 BUILD_DEPENDS="openssl-dev libogg-dev opus-dev" 28.19 SPLIT="$PACKAGE-dev" 28.20 28.21 +DEPENDS_std="libogg openssl opus" 28.22 +DEPENDS_dev="$PACKAGE libogg-dev openssl-dev opus-dev" 28.23 + 28.24 compile_rules() { 28.25 - ./configure $CONFIGURE_ARGS && 28.26 + ./configure \ 28.27 + --disable-static \ 28.28 + $CONFIGURE_ARGS && 28.29 fix libtool && 28.30 make && 28.31 make install 28.32 } 28.33 - 28.34 -genpkg_rules() { 28.35 - case $PACKAGE in 28.36 - opusfile) 28.37 - copy @std 28.38 - DEPENDS="libogg openssl opus" 28.39 - ;; 28.40 - *-dev) 28.41 - copy @dev 28.42 - DEPENDS="opusfile libogg-dev openssl-dev opus-dev" 28.43 - ;; 28.44 - esac 28.45 -}
29.1 --- a/pango/receipt Tue Dec 25 14:44:32 2018 +0200 29.2 +++ b/pango/receipt Tue Dec 25 19:30:28 2018 +0200 29.3 @@ -1,20 +1,32 @@ 29.4 # SliTaz package receipt v2. 29.5 29.6 PACKAGE="pango" 29.7 -VERSION="1.42.2" 29.8 +VERSION="1.42.4" 29.9 CATEGORY="x-window" 29.10 SHORT_DESC="Layout and rendering of internationalized text" 29.11 MAINTAINER="devel@slitaz.org" 29.12 LICENSE="GPL2" 29.13 WEB_SITE="https://www.pango.org/" 29.14 +LFS="http://www.linuxfromscratch.org/blfs/view/svn/x/pango.html" 29.15 29.16 TARBALL="$PACKAGE-$VERSION.tar.xz" 29.17 WGET_URL="$GNOME_MIRROR/$PACKAGE/${VERSION%.*}/$TARBALL" 29.18 +TARBALL_SHA1="240942b1307eaa3819e6e534596271c57cd75457" 29.19 29.20 -BUILD_DEPENDS="harfbuzz-dev libxft-dev cairo-dev \ 29.21 -gobject-introspection-dev meson ninja fribidi-dev" 29.22 +BUILD_DEPENDS="harfbuzz-dev libxft-dev cairo-dev gobject-introspection-dev \ 29.23 +meson ninja fribidi-dev" 29.24 SPLIT="$PACKAGE-typelib $PACKAGE-dev" 29.25 29.26 +COPY_typelib="*.typelib" 29.27 + 29.28 +DEPENDS_std="cairo fontconfig freetype fribidi glib libharfbuzz libx11 libxft \ 29.29 +libxrender" 29.30 +DEPENDS_typelib="pango" 29.31 +DEPENDS_dev="$PACKAGE $PACKAGE-typelib cairo-dev fontconfig-dev freetype-dev \ 29.32 +fribidi-dev glib-dev harfbuzz-dev libxft-dev" 29.33 + 29.34 +CAT_typelib="development|typelib files" 29.35 + 29.36 compile_rules() { 29.37 mkdir build 29.38 cd build 29.39 @@ -26,26 +38,4 @@ 29.40 rm -rf \ 29.41 $install/usr/lib/installed-tests \ 29.42 $install/usr/share/installed-tests 29.43 - find $install -type f -perm 664 -exec chmod 644 '{}' \; 29.44 } 29.45 - 29.46 -genpkg_rules() { 29.47 - case $PACKAGE in 29.48 - pango) 29.49 - copy @std 29.50 - DEPENDS="cairo fontconfig freetype fribidi glib libharfbuzz \ 29.51 - libx11 libxft libxrender" 29.52 - ;; 29.53 - pango-typelib) 29.54 - copy *.typelib 29.55 - CAT="development|typelib files" 29.56 - DEPENDS="pango" 29.57 - ;; 29.58 - *-dev) 29.59 - copy @dev @rm 29.60 - DEPENDS="pango pango-typelib \ 29.61 - cairo-dev fontconfig-dev freetype-dev fribidi-dev glib-dev \ 29.62 - harfbuzz-dev libxft-dev" 29.63 - ;; 29.64 - esac 29.65 -}
30.1 --- a/pangomm/receipt Tue Dec 25 14:44:32 2018 +0200 30.2 +++ b/pangomm/receipt Tue Dec 25 19:30:28 2018 +0200 30.3 @@ -1,7 +1,7 @@ 30.4 # SliTaz package receipt v2. 30.5 30.6 PACKAGE="pangomm" 30.7 -VERSION="2.40.1" 30.8 +VERSION="2.42.0" 30.9 CATEGORY="x-window" 30.10 SHORT_DESC="Pango binding for GTKmm" 30.11 MAINTAINER="devel@slitaz.org" 30.12 @@ -11,10 +11,14 @@ 30.13 30.14 TARBALL="$PACKAGE-$VERSION.tar.xz" 30.15 WGET_URL="$GNOME_MIRROR/$PACKAGE/${VERSION%.*}/$TARBALL" 30.16 +TARBALL_SHA1="6d85e5600389c7ee04cc08b6a826832cd360e944" 30.17 30.18 BUILD_DEPENDS="glibmm-dev cairomm-dev pango-dev" 30.19 SPLIT="$PACKAGE-dev" 30.20 30.21 +DEPENDS_std="cairomm glib glibmm libsigc++ pango" 30.22 +DEPENDS_dev="$PACKAGE cairomm-dev glibmm-dev pango-dev" 30.23 + 30.24 compile_rules() { 30.25 sed -i "/^libdocdir =/ s|\$(book_name)|pangomm-$VERSION|" docs/Makefile.in 30.26 30.27 @@ -23,17 +27,3 @@ 30.28 make && 30.29 make install 30.30 } 30.31 - 30.32 -genpkg_rules() { 30.33 - case $PACKAGE in 30.34 - pangomm) 30.35 - copy @std 30.36 - DEPENDS="cairomm glib glibmm libsigc++ pango" 30.37 - ;; 30.38 - *-dev) 30.39 - copy @dev 30.40 - DEPENDS="pangomm cairomm-dev glibmm-dev pango-dev" 30.41 - ;; 30.42 - esac 30.43 -} 30.44 -
31.1 --- a/pcmanfm/receipt Tue Dec 25 14:44:32 2018 +0200 31.2 +++ b/pcmanfm/receipt Tue Dec 25 19:30:28 2018 +0200 31.3 @@ -1,7 +1,7 @@ 31.4 # SliTaz package receipt v2. 31.5 31.6 PACKAGE="pcmanfm" 31.7 -VERSION="1.3.0" 31.8 +VERSION="1.3.1" 31.9 CATEGORY="system-tools" 31.10 SHORT_DESC="Light and easy to use file manager" 31.11 MAINTAINER="devel@slitaz.org" 31.12 @@ -10,22 +10,26 @@ 31.13 LFS="http://www.linuxfromscratch.org/blfs/view/svn/lxde/pcmanfm.html" 31.14 31.15 TARBALL="$PACKAGE-$VERSION.tar.xz" 31.16 -#WGET_URL="$SF_MIRROR/$PACKAGE/$TARBALL" # SF download problems 31.17 WGET_URL="http://git.lxde.org/gitweb/?p=lxde/pcmanfm.git;a=snapshot;h=$VERSION;sf=txz" 31.18 +TARBALL_SHA1="09d70c8297f373e49f94494136b73f9c0bce8fbb" 31.19 31.20 BUILD_DEPENDS="intltool libx11-dev pango-dev libfm-dev gtk2-dev automake" 31.21 +DEPENDS="atk cairo gdk-pixbuf glib gtk2 libfm libfm-gtk libx11 pango" 31.22 + 31.23 +SUGGESTED="gvfs" 31.24 +TAGS="file-manager" 31.25 31.26 compile_rules() { 31.27 # tarball from git.lxde.org requires this step 31.28 - [ -e "$src/configure" ] || ./autogen.sh 31.29 + ./autogen.sh 31.30 31.31 ./configure $CONFIGURE_ARGS && 31.32 make && 31.33 make install || return 1 31.34 31.35 - mkdir -p $install/etc/xdg/pcmanfm/ 31.36 # default settings 31.37 - cp -r $stuff/default/ $install/etc/xdg/pcmanfm/ 31.38 + install -Dm644 $stuff/pcmanfm.conf $install/etc/xdg/pcmanfm/default/pcmanfm.conf 31.39 + 31.40 # XDG autostart desktop file (lxsession will use it automatically) 31.41 cp -r $stuff/autostart/ $install/etc/xdg/ 31.42 # add custom actions 31.43 @@ -36,10 +40,3 @@ 31.44 # avoid warning about missed modules dir 31.45 mkdir -p $install/usr/lib/pcmanfm 31.46 } 31.47 - 31.48 -genpkg_rules() { 31.49 - copy @std 31.50 - DEPENDS="atk cairo gdk-pixbuf glib gtk2 libfm libfm-gtk pango libx11" 31.51 - SUGGESTED="gvfs" 31.52 - TAGS="file-manager" 31.53 -}
32.1 --- a/pcmanfm/stuff/default/pcmanfm.conf Tue Dec 25 14:44:32 2018 +0200 32.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 32.3 @@ -1,34 +0,0 @@ 32.4 -[config] 32.5 -bm_open_method=0 32.6 -su_cmd=subox %s 32.7 - 32.8 -[volume] 32.9 -mount_on_startup=0 32.10 -mount_removable=1 32.11 -autorun=1 32.12 - 32.13 -[desktop] 32.14 -wallpaper_mode=crop 32.15 -wallpaper=/usr/share/images/slitaz-background.jpg 32.16 -desktop_bg=#000000 32.17 -desktop_fg=#ffffff 32.18 -desktop_shadow=#000000 32.19 -desktop_font=Sans 10 32.20 -show_wm_menu=1 32.21 -show_documents=1 32.22 -show_trash=1 32.23 -show_mounts=1 32.24 - 32.25 -[ui] 32.26 -close_on_unmount=0 32.27 -focus_previous=1 32.28 -always_show_tabs=0 32.29 -max_tab_chars=32 32.30 -win_width=640 32.31 -win_height=480 32.32 -splitter_pos=150 32.33 -side_pane_mode=1 32.34 -view_mode=0 32.35 -show_hidden=0 32.36 -sort_type=0 32.37 -sort_by=2
33.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 33.2 +++ b/pcmanfm/stuff/pcmanfm.conf Tue Dec 25 19:30:28 2018 +0200 33.3 @@ -0,0 +1,34 @@ 33.4 +[config] 33.5 +bm_open_method=0 33.6 +su_cmd=subox %s 33.7 + 33.8 +[volume] 33.9 +mount_on_startup=0 33.10 +mount_removable=1 33.11 +autorun=1 33.12 + 33.13 +[desktop] 33.14 +wallpaper_mode=crop 33.15 +wallpaper=/usr/share/images/slitaz-background.jpg 33.16 +desktop_bg=#000000 33.17 +desktop_fg=#ffffff 33.18 +desktop_shadow=#000000 33.19 +desktop_font=Sans 10 33.20 +show_wm_menu=1 33.21 +show_documents=1 33.22 +show_trash=1 33.23 +show_mounts=1 33.24 + 33.25 +[ui] 33.26 +close_on_unmount=0 33.27 +focus_previous=1 33.28 +always_show_tabs=0 33.29 +max_tab_chars=32 33.30 +win_width=640 33.31 +win_height=480 33.32 +splitter_pos=150 33.33 +side_pane_mode=1 33.34 +view_mode=0 33.35 +show_hidden=0 33.36 +sort_type=0 33.37 +sort_by=2
34.1 --- a/rpcbind/receipt Tue Dec 25 14:44:32 2018 +0200 34.2 +++ b/rpcbind/receipt Tue Dec 25 19:30:28 2018 +0200 34.3 @@ -1,7 +1,7 @@ 34.4 # SliTaz package receipt v2. 34.5 34.6 PACKAGE="rpcbind" 34.7 -VERSION="0.2.4" 34.8 +VERSION="1.2.5" 34.9 CATEGORY="network" 34.10 SHORT_DESC="RPC program numbers to universal addresses converter" 34.11 MAINTAINER="pascal.bellard@slitaz.org" 34.12 @@ -10,18 +10,20 @@ 34.13 34.14 TARBALL="$PACKAGE-$VERSION.tar.bz2" 34.15 WGET_URL="$SF_MIRROR/$PACKAGE/$TARBALL" 34.16 +TARBALL_SHA1="e9f8046b69b45efe2396a8cca1c1f090644c6d31" 34.17 34.18 BUILD_DEPENDS="libtirpc-dev" 34.19 +DEPENDS="libtirpc" 34.20 34.21 compile_rules() { 34.22 + # use correct service name 34.23 + sed -i "/servname/s:rpcbind:sunrpc:" src/rpcbind.c 34.24 + 34.25 ./configure \ 34.26 - --with-systemdsystemunitdir=no \ 34.27 + --with-rpcuser=root \ 34.28 + --enable-warmstarts \ 34.29 + --without-systemdsystemunitdir \ 34.30 $CONFIGURE_ARGS && 34.31 make && 34.32 make install 34.33 } 34.34 - 34.35 -genpkg_rules() { 34.36 - copy @std 34.37 - DEPENDS="libtirpc" 34.38 -}
35.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 35.2 +++ b/rpcbind/stuff/patches/rpcbind-1.2.5-vulnerability_fixes-1.patch Tue Dec 25 19:30:28 2018 +0200 35.3 @@ -0,0 +1,29 @@ 35.4 +Submitted By: Ken Moffat <ken at linuxfromscratch dot org> 35.5 +Date: 2017-05-29 35.6 +Initial Package Version: 0.2.4 (also affects earlier versions) 35.7 +Upstream Status: Unknown 35.8 +Origin: Guido Vranken 35.9 +Description: Fixes CVE-2017-8779 (DOS by remote attackers - memory consumption 35.10 +without subsequent free). 35.11 + 35.12 +diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c 35.13 +index 5862c26..e11f61b 100644 35.14 +--- a/src/rpcb_svc_com.c 35.15 ++++ b/src/rpcb_svc_com.c 35.16 +@@ -48,6 +48,7 @@ 35.17 + #include <rpc/rpc.h> 35.18 + #include <rpc/rpcb_prot.h> 35.19 + #include <rpc/svc_dg.h> 35.20 ++#include <rpc/rpc_com.h> 35.21 + #include <netconfig.h> 35.22 + #include <errno.h> 35.23 + #include <syslog.h> 35.24 +@@ -432,7 +433,7 @@ rpcbproc_taddr2uaddr_com(void *arg, struct svc_req *rqstp /*__unused*/, 35.25 + static bool_t 35.26 + xdr_encap_parms(XDR *xdrs, struct encap_parms *epp) 35.27 + { 35.28 +- return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), ~0)); 35.29 ++ return (xdr_bytes(xdrs, &(epp->args), (u_int *) &(epp->arglen), RPC_MAXDATASIZE)); 35.30 + } 35.31 + 35.32 + /*
36.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 36.2 +++ b/rpcbind/stuff/patches/series Tue Dec 25 19:30:28 2018 +0200 36.3 @@ -0,0 +1,2 @@ 36.4 +# from BLFS 36.5 +rpcbind-1.2.5-vulnerability_fixes-1.patch
37.1 --- a/rpcsvc-proto/receipt Tue Dec 25 14:44:32 2018 +0200 37.2 +++ b/rpcsvc-proto/receipt Tue Dec 25 19:30:28 2018 +0200 37.3 @@ -1,7 +1,7 @@ 37.4 # SliTaz package receipt v2. 37.5 37.6 PACKAGE="rpcsvc-proto" 37.7 -VERSION="1.3.1" 37.8 +VERSION="1.4" 37.9 CATEGORY="development" 37.10 SHORT_DESC="rpcsvc protocol definitions from glibc" 37.11 MAINTAINER="al.bobylev@gmail.com" 37.12 @@ -11,16 +11,15 @@ 37.13 37.14 TARBALL="$PACKAGE-$VERSION.tar.gz" 37.15 WGET_URL="https://github.com/thkukuk/rpcsvc-proto/archive/v$VERSION/$TARBALL" 37.16 +TARBALL_SHA1="6eb7e338f913a26832524033ec518e1cd06b80c4" 37.17 37.18 BUILD_DEPENDS="automake" 37.19 37.20 +COPY_std="@std @dev" 37.21 + 37.22 compile_rules() { 37.23 autoreconf -fi && 37.24 ./configure $CONFIGURE_ARGS && 37.25 make && 37.26 make install 37.27 } 37.28 - 37.29 -genpkg_rules() { 37.30 - copy @std @dev 37.31 -}
38.1 --- a/sed/receipt Tue Dec 25 14:44:32 2018 +0200 38.2 +++ b/sed/receipt Tue Dec 25 19:30:28 2018 +0200 38.3 @@ -1,7 +1,7 @@ 38.4 # SliTaz package receipt v2. 38.5 38.6 PACKAGE="sed" 38.7 -VERSION="4.5" 38.8 +VERSION="4.7" 38.9 CATEGORY="development" 38.10 SHORT_DESC="GNU stream editor" 38.11 MAINTAINER="paul@slitaz.org" 38.12 @@ -11,25 +11,23 @@ 38.13 38.14 TARBALL="$PACKAGE-$VERSION.tar.xz" 38.15 WGET_URL="$GNU_MIRROR/$PACKAGE/$TARBALL" 38.16 +TARBALL_SHA1="dbc842f6fdf538f366d97e7c4b4f241eaefd14a5" 38.17 38.18 BUILD_DEPENDS="acl-dev gettext-dev texinfo" 38.19 +DEPENDS="acl" 38.20 + 38.21 +TAGS="LFS" 38.22 38.23 compile_rules() { 38.24 - # Rebuild after patching 38.25 - msgfmt po/ru.po -o po/ru.gmo 38.26 +# # Rebuild after patching 38.27 +# msgfmt po/ru.po -o po/ru.gmo 38.28 38.29 ./configure \ 38.30 --bindir=/bin \ 38.31 $CONFIGURE_ARGS && 38.32 - make $MAKEFLAGS && 38.33 + make && 38.34 make html && 38.35 make install || return 1 38.36 38.37 cook_pick_docs doc/sed.html 38.38 } 38.39 - 38.40 -genpkg_rules() { 38.41 - copy @std 38.42 - DEPENDS="acl" 38.43 - TAGS="LFS" 38.44 -}
39.1 --- a/sed/stuff/patches/series Tue Dec 25 14:44:32 2018 +0200 39.2 +++ b/sed/stuff/patches/series Tue Dec 25 19:30:28 2018 +0200 39.3 @@ -1,1 +1,1 @@ 39.4 -ru.po.patch 39.5 +#ru.po.patch
40.1 --- a/tcl/receipt Tue Dec 25 14:44:32 2018 +0200 40.2 +++ b/tcl/receipt Tue Dec 25 19:30:28 2018 +0200 40.3 @@ -1,7 +1,7 @@ 40.4 # SliTaz package receipt v2. 40.5 40.6 PACKAGE="tcl" 40.7 -VERSION="8.6.8" 40.8 +VERSION="8.6.9" 40.9 CATEGORY="development" 40.10 SHORT_DESC="The Tool Command Language" 40.11 MAINTAINER="devel@slitaz.org" 40.12 @@ -11,9 +11,17 @@ 40.13 40.14 TARBALL="$PACKAGE$VERSION-src.tar.gz" 40.15 WGET_URL="$SF_MIRROR/$PACKAGE/$TARBALL" 40.16 +TARBALL_SHA1="861c5c8bbce9eda892c5e63b6035e09fad90a25f" 40.17 40.18 BUILD_DEPENDS="zlib-dev" 40.19 -SPLIT="$PACKAGE-dev" 40.20 +SPLIT="$PACKAGE-dev $PACKAGE" 40.21 + 40.22 +COPY_dev="@dev *Config.sh" 40.23 + 40.24 +DEPENDS_std="zlib" 40.25 +DEPENDS_dev="$PACKAGE zlib-dev" 40.26 + 40.27 +TAGS_std="language programming" 40.28 40.29 compile_rules() { 40.30 case "$ARCH" in 40.31 @@ -53,18 +61,3 @@ 40.32 find $install -name '*.so' -exec chmod 755 '{}' \; 40.33 find $install -name '*.sh' -exec chmod 755 '{}' \; 40.34 } 40.35 - 40.36 -genpkg_rules() { 40.37 - case $PACKAGE in 40.38 - tcl) 40.39 - copy @std 40.40 - find $fs -name '*Config.sh' -delete 40.41 - DEPENDS="zlib" 40.42 - TAGS="language programming" 40.43 - ;; 40.44 - *-dev) 40.45 - copy @dev *Config.sh 40.46 - DEPENDS="tcl zlib-dev" 40.47 - ;; 40.48 - esac 40.49 -}
41.1 --- a/tiff/receipt Tue Dec 25 14:44:32 2018 +0200 41.2 +++ b/tiff/receipt Tue Dec 25 19:30:28 2018 +0200 41.3 @@ -11,6 +11,7 @@ 41.4 41.5 TARBALL="$PACKAGE-$VERSION.tar.gz" 41.6 WGET_URL="http://download.osgeo.org/libtiff/$TARBALL" 41.7 +TARBALL_SHA1="c783b80f05cdacf282aa022dc5f5b0ede5e021ae" 41.8 41.9 BUILD_DEPENDS="cmake ninja zlib-dev libjpeg-turbo-dev xz-dev" 41.10 SPLIT="lib$PACKAGE $PACKAGE $PACKAGE-dev"
42.1 --- a/tslib/receipt Tue Dec 25 14:44:32 2018 +0200 42.2 +++ b/tslib/receipt Tue Dec 25 19:30:28 2018 +0200 42.3 @@ -1,35 +1,24 @@ 42.4 # SliTaz package receipt v2. 42.5 42.6 PACKAGE="tslib" 42.7 -VERSION="1.0" 42.8 +VERSION="1.18" 42.9 CATEGORY="x-window" 42.10 SHORT_DESC="Abstraction layer for touchscreen panel events" 42.11 MAINTAINER="pascal.bellard@slitaz.org" 42.12 LICENSE="LGPL2" 42.13 -WEB_SITE="https://sourceforge.net/projects/tslib.berlios/" 42.14 +WEB_SITE="https://github.com/kergoth/tslib" 42.15 42.16 -TARBALL="$PACKAGE-$VERSION.tar.bz2" 42.17 -WGET_URL="$SF_MIRROR/tslib.berlios/$TARBALL" 42.18 +TARBALL="$PACKAGE-$VERSION.tar.xz" 42.19 +WGET_URL="https://github.com/kergoth/tslib/releases/download/$VERSION/$TARBALL" 42.20 +TARBALL_SHA1="42e4a2355ada54d662a82abcd7f347bf546f1def" 42.21 42.22 -BUILD_DEPENDS="libtool automake autoconf" 42.23 SPLIT="$PACKAGE-dev" 42.24 42.25 +CONFIG_FILES_std="/etc/ts.conf" 42.26 + 42.27 compile_rules() { 42.28 - ./autogen.sh && 42.29 ./configure $CONFIGURE_ARGS && 42.30 fix libtool && 42.31 make && 42.32 make install 42.33 } 42.34 - 42.35 -genpkg_rules() { 42.36 - case $PACKAGE in 42.37 - tslib) 42.38 - copy @std 42.39 - CONFIG_FILES="/etc/ts.conf" 42.40 - ;; 42.41 - *-dev) 42.42 - copy @dev 42.43 - ;; 42.44 - esac 42.45 -}
43.1 --- a/wget/receipt Tue Dec 25 14:44:32 2018 +0200 43.2 +++ b/wget/receipt Tue Dec 25 19:30:28 2018 +0200 43.3 @@ -1,7 +1,7 @@ 43.4 # SliTaz package receipt v2. 43.5 43.6 PACKAGE="wget" 43.7 -VERSION="1.19.5" 43.8 +VERSION="1.20" 43.9 CATEGORY="network" 43.10 SHORT_DESC="GNU Wget - the non-interactive network downloader" 43.11 MAINTAINER="devel@slitaz.org" 43.12 @@ -10,11 +10,23 @@ 43.13 43.14 TARBALL="$PACKAGE-$VERSION.tar.lz" 43.15 WGET_URL="$GNU_MIRROR/$PACKAGE/$TARBALL" 43.16 +TARBALL_SHA1="c8d3e646e6c3ed7f004107e36094414f36cf52d9" 43.17 43.18 BUILD_DEPENDS="lzip openssl-dev libidn2-dev util-linux-uuid-dev gettext-dev \ 43.19 zlib-dev perl pcre-dev libpsl-dev gnutls-dev" 43.20 SPLIT="wget+gnutls:gnutls" 43.21 43.22 +DEPENDS="libidn2 libpcre libpsl openssl util-linux-uuid zlib" 43.23 +DEPENDS_wget_gnutls="libgnutls libidn2 libpcre libpsl nettle util-linux-uuid \ 43.24 +zlib" 43.25 + 43.26 +CONFIG_FILES="/etc/wgetrc" 43.27 +CONFIG_FILES_wget_gnutls="/etc/wgetrc" 43.28 + 43.29 +COPY_wget_gnutls="@std" 43.30 +CAT_wget_gnutls="network|using GNUTLS instead of OpenSSL" 43.31 +PROVIDE_wget_gnutls="wget" 43.32 + 43.33 compile_rules() { 43.34 case $SET in 43.35 '') SET_ARGS='--with-ssl=openssl';; 43.36 @@ -24,21 +36,5 @@ 43.37 ./configure \ 43.38 $SET_ARGS \ 43.39 $CONFIGURE_ARGS && 43.40 - make DESTDIR=$install install 43.41 + make install 43.42 } 43.43 - 43.44 -genpkg_rules() { 43.45 - copy @std 43.46 - case $PACKAGE in 43.47 - wget) 43.48 - DEPENDS="libidn2 libpcre libpsl openssl util-linux-uuid zlib" 43.49 - ;; 43.50 - wget+gnutls) 43.51 - DEPENDS="libgnutls libidn2 libpcre libpsl nettle util-linux-uuid \ 43.52 - zlib" 43.53 - CAT="network|using GNUTLS instead of OpenSSL" 43.54 - PROVIDE="wget" 43.55 - ;; 43.56 - esac 43.57 - CONFIG_FILES="/etc/wgetrc" 43.58 -}
44.1 Binary file wpa_supplicant/.icon.png has changed
45.1 --- a/wpa_supplicant/receipt Tue Dec 25 14:44:32 2018 +0200 45.2 +++ b/wpa_supplicant/receipt Tue Dec 25 19:30:28 2018 +0200 45.3 @@ -1,9 +1,9 @@ 45.4 # SliTaz package receipt v2. 45.5 45.6 PACKAGE="wpa_supplicant" 45.7 -VERSION="2.6" 45.8 +VERSION="2.7" 45.9 CATEGORY="utilities" 45.10 -SHORT_DESC="WPA Supplicant with support for WPA and WPA2" 45.11 +SHORT_DESC="WPA/WPA2/IEEE 802.1X Supplicant" 45.12 MAINTAINER="devel@slitaz.org" 45.13 LICENSE="GPL2" 45.14 WEB_SITE="http://w1.fi/wpa_supplicant/" 45.15 @@ -12,37 +12,22 @@ 45.16 45.17 TARBALL="$PACKAGE-$VERSION.tar.gz" 45.18 WGET_URL="http://w1.fi/releases/$TARBALL" 45.19 +TARBALL_SHA1="3c3c2c6bc493fb32b919d9b410768324f3729e25" 45.20 45.21 BUILD_DEPENDS="libnl-dev dbus-dev openssl-dev readline-dev" 45.22 +DEPENDS="dbus libnl openssl readline ncurses" 45.23 + 45.24 +CONFIG_FILES="/etc/wpa/wpa_supplicant.conf" 45.25 +TAGS="wireless Wi-Fi network" 45.26 45.27 compile_rules() { 45.28 cd $src/wpa_supplicant 45.29 - cp -a defconfig .config 45.30 45.31 - # Main build configs 45.32 - cat >> .config <<EOT 45.33 -CONFIG_DEBUG_FILE=y 45.34 -CONFIG_DEBUG_SYSLOG=y 45.35 -CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON 45.36 -CONFIG_IPV6=y 45.37 -CONFIG_LIBNL32=y 45.38 -CONFIG_READLINE=y 45.39 -CONFIG_WPS=y 45.40 -CONFIG_AP=y 45.41 -CONFIG_BGSCAN_SIMPLE=y 45.42 -CFLAGS += -I/usr/include/libnl3 45.43 -CONFIG_CTRL_IFACE_DBUS=y 45.44 -CONFIG_CTRL_IFACE_DBUS_NEW=y 45.45 -CONFIG_CTRL_IFACE_DBUS_INTRO=y 45.46 -EOT 45.47 + cp $stuff/.config . 45.48 make BINDIR=/sbin LIBDIR=/lib || return 1 45.49 45.50 - # commands 45.51 - bindir="$install/sbin" 45.52 - mkdir -p $bindir 45.53 - install -vm755 wpa_cli $bindir 45.54 - install -vm755 wpa_passphrase $bindir 45.55 - install -vm755 wpa_supplicant $bindir 45.56 + mkdir -p $install/sbin/ 45.57 + install -m755 wpa_cli wpa_passphrase wpa_supplicant $install/sbin/ 45.58 45.59 cook_pick_manpages \ 45.60 doc/docbook/wpa_supplicant.conf.5 \ 45.61 @@ -50,24 +35,15 @@ 45.62 doc/docbook/wpa_passphrase.8 \ 45.63 doc/docbook/wpa_supplicant.8 45.64 45.65 - mkdir -p $install/usr/share/dbus-1/system-services 45.66 - install -vm644 dbus/*.service $install/usr/share/dbus-1/system-services/ 45.67 + mkdir -p $install/usr/share/dbus-1/system-services/ 45.68 + install -m644 dbus/*.service $install/usr/share/dbus-1/system-services/ 45.69 45.70 - mkdir -p $install/etc/dbus-1/system.d 45.71 - install -vm644 dbus/dbus-wpa_supplicant.conf \ 45.72 + install -Dm644 dbus/dbus-wpa_supplicant.conf \ 45.73 $install/etc/dbus-1/system.d/wpa_supplicant.conf 45.74 45.75 - # Startup script and cleaned up wpa_empty.conf 45.76 - cp -a $stuff/etc $install 45.77 - install -vm644 $src/wpa_supplicant/wpa_supplicant.conf $install/etc/wpa 45.78 - chown -R root:root $install/etc 45.79 -} 45.80 - 45.81 -genpkg_rules() { 45.82 - copy @std 45.83 - DEPENDS="dbus openssl libnl ncurses readline" 45.84 - CONFIG_FILES="/etc/wpa/wpa_supplicant.conf" 45.85 - TAGS="wireless wifi network" 45.86 + install -Dm755 $stuff/wpa_supplicant $install/etc/init.d/wpa_supplicant 45.87 + install -Dm644 $stuff/wpa_empty.conf $install/etc/wpa/wpa_empty.conf 45.88 + install -m644 wpa_supplicant.conf $install/etc/wpa/wpa_supplicant.conf 45.89 } 45.90 45.91 post_install() {
46.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 46.2 +++ b/wpa_supplicant/stuff/.config Tue Dec 25 19:30:28 2018 +0200 46.3 @@ -0,0 +1,35 @@ 46.4 +# common configs from BLFS 46.5 +CONFIG_BACKEND=file 46.6 +CONFIG_CTRL_IFACE=y 46.7 +CONFIG_DEBUG_FILE=y 46.8 +CONFIG_DEBUG_SYSLOG=y 46.9 +CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON 46.10 +CONFIG_DRIVER_NL80211=y 46.11 +CONFIG_DRIVER_WEXT=y 46.12 +CONFIG_DRIVER_WIRED=y 46.13 +CONFIG_EAP_GTC=y 46.14 +CONFIG_EAP_LEAP=y 46.15 +CONFIG_EAP_MD5=y 46.16 +CONFIG_EAP_MSCHAPV2=y 46.17 +CONFIG_EAP_OTP=y 46.18 +CONFIG_EAP_PEAP=y 46.19 +CONFIG_EAP_TLS=y 46.20 +CONFIG_EAP_TTLS=y 46.21 +CONFIG_IEEE8021X_EAPOL=y 46.22 +CONFIG_IPV6=y 46.23 +CONFIG_LIBNL32=y 46.24 +CONFIG_PEERKEY=y 46.25 +CONFIG_PKCS12=y 46.26 +CONFIG_READLINE=y 46.27 +CONFIG_SMARTCARD=y 46.28 +CONFIG_WPS=y 46.29 +CFLAGS += -I/usr/include/libnl3 46.30 + 46.31 +# additional configs from BLFS 46.32 +CONFIG_CTRL_IFACE_DBUS=y 46.33 +CONFIG_CTRL_IFACE_DBUS_NEW=y 46.34 +CONFIG_CTRL_IFACE_DBUS_INTRO=y 46.35 + 46.36 +# SliTaz own additional configs 46.37 +CONFIG_AP=y 46.38 +CONFIG_BGSCAN_SIMPLE=y
47.1 --- a/wpa_supplicant/stuff/etc/init.d/wpa_supplicant Tue Dec 25 14:44:32 2018 +0200 47.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 47.3 @@ -1,54 +0,0 @@ 47.4 -#!/bin/sh 47.5 -# /etc/init.d/wpa_supplicant: Start, stop and restart wpa_supplicant daemon 47.6 -# on SliTaz, at boot time or with the command line. 47.7 -# 47.8 -# To start daemon at boot time, just put the right name in the $RUN_DAEMONS 47.9 -# variable of /etc/rcS.conf and configure options with /etc/daemons.conf. 47.10 -# 47.11 -. /etc/init.d/rc.functions 47.12 -. /etc/daemons.conf 47.13 - 47.14 -NAME=wpa_supplicant 47.15 -DESC="$(_ '%s daemon' wpa_supplicant)" 47.16 -DAEMON=/usr/bin/wpa_supplicant 47.17 -OPTIONS=$WPA_OPTIONS 47.18 -PIDFILE=/var/run/wpa_supplicant.pid 47.19 - 47.20 -case "$1" in 47.21 - start) 47.22 - if active_pidfile $PIDFILE $NAME ; then 47.23 - _ '%s is already running.' $NAME 47.24 - exit 1 47.25 - fi 47.26 - action 'Starting %s: %s...' "$DESC" $NAME 47.27 - $DAEMON $OPTIONS 47.28 - status 47.29 - ;; 47.30 - stop) 47.31 - if ! active_pidfile $PIDFILE $NAME ; then 47.32 - _ '%s is not running.' $NAME 47.33 - exit 1 47.34 - fi 47.35 - action 'Stopping %s: %s...' "$DESC" $NAME 47.36 - kill $(cat $PIDFILE) 47.37 - status 47.38 - ;; 47.39 - restart) 47.40 - if ! active_pidfile $PIDFILE $NAME ; then 47.41 - _ '%s is not running.' $NAME 47.42 - exit 1 47.43 - fi 47.44 - action 'Restarting %s: %s...' "$DESC" $NAME 47.45 - kill $(cat $PIDFILE) 47.46 - sleep 2 47.47 - $DAEMON $OPTIONS 47.48 - status 47.49 - ;; 47.50 - *) 47.51 - emsg "<n><b>$(_ 'Usage:')</b> $0 [start|stop|restart]" 47.52 - newline 47.53 - exit 1 47.54 - ;; 47.55 -esac 47.56 - 47.57 -exit 0
48.1 --- a/wpa_supplicant/stuff/etc/wpa/wpa_empty.conf Tue Dec 25 14:44:32 2018 +0200 48.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 48.3 @@ -1,37 +0,0 @@ 48.4 -# /etc/wpa/wpa.conf: wpa_supplicant configuration file. 48.5 -# 48.6 - 48.7 -# Whether to allow wpa_supplicant to update (overwrite) configuration 48.8 -#update_config=1 48.9 - 48.10 -# 48.11 -# global configuration (shared by all network blocks) 48.12 -# 48.13 - 48.14 -# Parameters for the control interface 48.15 -ctrl_interface=/var/run/wpa_supplicant 48.16 - 48.17 -# Ensure that only root can read the WPA configuration 48.18 -ctrl_interface_group=0 48.19 - 48.20 -# IEEE 802.1X/EAPOL version: 1 or 2 48.21 -eapol_version=2 48.22 - 48.23 -# AP scanning/selection 48.24 -ap_scan=1 48.25 - 48.26 -# EAP fast re-authentication 48.27 -fast_reauth=1 48.28 - 48.29 -# Network configuration example. 48.30 -#network={ 48.31 - #ssid="" 48.32 - #psk="" 48.33 - #scan_ssid=1 48.34 - #proto=WPA RSN 48.35 - #key_mgmt=WPA-PSK WPA-EAP 48.36 -#} 48.37 - 48.38 -# Network configuration added by /etc/init.d/network.sh using 48.39 -# setting from /etc/network.conf 48.40 -
49.1 --- a/wpa_supplicant/stuff/etc/wpa/wpa_supplicant.conf Tue Dec 25 14:44:32 2018 +0200 49.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 49.3 @@ -1,1273 +0,0 @@ 49.4 -##### Example wpa_supplicant configuration file ############################### 49.5 -# 49.6 -# This file describes configuration file format and lists all available option. 49.7 -# Please also take a look at simpler configuration examples in 'examples' 49.8 -# subdirectory. 49.9 -# 49.10 -# Empty lines and lines starting with # are ignored 49.11 - 49.12 -# NOTE! This file may contain password information and should probably be made 49.13 -# readable only by root user on multiuser systems. 49.14 - 49.15 -# Note: All file paths in this configuration file should use full (absolute, 49.16 -# not relative to working directory) path in order to allow working directory 49.17 -# to be changed. This can happen if wpa_supplicant is run in the background. 49.18 - 49.19 -# Whether to allow wpa_supplicant to update (overwrite) configuration 49.20 -# 49.21 -# This option can be used to allow wpa_supplicant to overwrite configuration 49.22 -# file whenever configuration is changed (e.g., new network block is added with 49.23 -# wpa_cli or wpa_gui, or a password is changed). This is required for 49.24 -# wpa_cli/wpa_gui to be able to store the configuration changes permanently. 49.25 -# Please note that overwriting configuration file will remove the comments from 49.26 -# it. 49.27 -#update_config=1 49.28 - 49.29 -# global configuration (shared by all network blocks) 49.30 -# 49.31 -# Parameters for the control interface. If this is specified, wpa_supplicant 49.32 -# will open a control interface that is available for external programs to 49.33 -# manage wpa_supplicant. The meaning of this string depends on which control 49.34 -# interface mechanism is used. For all cases, the existence of this parameter 49.35 -# in configuration is used to determine whether the control interface is 49.36 -# enabled. 49.37 -# 49.38 -# For UNIX domain sockets (default on Linux and BSD): This is a directory that 49.39 -# will be created for UNIX domain sockets for listening to requests from 49.40 -# external programs (CLI/GUI, etc.) for status information and configuration. 49.41 -# The socket file will be named based on the interface name, so multiple 49.42 -# wpa_supplicant processes can be run at the same time if more than one 49.43 -# interface is used. 49.44 -# /var/run/wpa_supplicant is the recommended directory for sockets and by 49.45 -# default, wpa_cli will use it when trying to connect with wpa_supplicant. 49.46 -# 49.47 -# Access control for the control interface can be configured by setting the 49.48 -# directory to allow only members of a group to use sockets. This way, it is 49.49 -# possible to run wpa_supplicant as root (since it needs to change network 49.50 -# configuration and open raw sockets) and still allow GUI/CLI components to be 49.51 -# run as non-root users. However, since the control interface can be used to 49.52 -# change the network configuration, this access needs to be protected in many 49.53 -# cases. By default, wpa_supplicant is configured to use gid 0 (root). If you 49.54 -# want to allow non-root users to use the control interface, add a new group 49.55 -# and change this value to match with that group. Add users that should have 49.56 -# control interface access to this group. If this variable is commented out or 49.57 -# not included in the configuration file, group will not be changed from the 49.58 -# value it got by default when the directory or socket was created. 49.59 -# 49.60 -# When configuring both the directory and group, use following format: 49.61 -# DIR=/var/run/wpa_supplicant GROUP=wheel 49.62 -# DIR=/var/run/wpa_supplicant GROUP=0 49.63 -# (group can be either group name or gid) 49.64 -# 49.65 -# For UDP connections (default on Windows): The value will be ignored. This 49.66 -# variable is just used to select that the control interface is to be created. 49.67 -# The value can be set to, e.g., udp (ctrl_interface=udp) 49.68 -# 49.69 -# For Windows Named Pipe: This value can be used to set the security descriptor 49.70 -# for controlling access to the control interface. Security descriptor can be 49.71 -# set using Security Descriptor String Format (see http://msdn.microsoft.com/ 49.72 -# library/default.asp?url=/library/en-us/secauthz/security/ 49.73 -# security_descriptor_string_format.asp). The descriptor string needs to be 49.74 -# prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty 49.75 -# DACL (which will reject all connections). See README-Windows.txt for more 49.76 -# information about SDDL string format. 49.77 -# 49.78 -ctrl_interface=/var/run/wpa_supplicant 49.79 - 49.80 -# IEEE 802.1X/EAPOL version 49.81 -# wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines 49.82 -# EAPOL version 2. However, there are many APs that do not handle the new 49.83 -# version number correctly (they seem to drop the frames completely). In order 49.84 -# to make wpa_supplicant interoperate with these APs, the version number is set 49.85 -# to 1 by default. This configuration value can be used to set it to the new 49.86 -# version (2). 49.87 -eapol_version=1 49.88 - 49.89 -# AP scanning/selection 49.90 -# By default, wpa_supplicant requests driver to perform AP scanning and then 49.91 -# uses the scan results to select a suitable AP. Another alternative is to 49.92 -# allow the driver to take care of AP scanning and selection and use 49.93 -# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association 49.94 -# information from the driver. 49.95 -# 1: wpa_supplicant initiates scanning and AP selection; if no APs matching to 49.96 -# the currently enabled networks are found, a new network (IBSS or AP mode 49.97 -# operation) may be initialized (if configured) (default) 49.98 -# 0: driver takes care of scanning, AP selection, and IEEE 802.11 association 49.99 -# parameters (e.g., WPA IE generation); this mode can also be used with 49.100 -# non-WPA drivers when using IEEE 802.1X mode; do not try to associate with 49.101 -# APs (i.e., external program needs to control association). This mode must 49.102 -# also be used when using wired Ethernet drivers. 49.103 -# 2: like 0, but associate with APs using security policy and SSID (but not 49.104 -# BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to 49.105 -# enable operation with hidden SSIDs and optimized roaming; in this mode, 49.106 -# the network blocks in the configuration file are tried one by one until 49.107 -# the driver reports successful association; each network block should have 49.108 -# explicit security policy (i.e., only one option in the lists) for 49.109 -# key_mgmt, pairwise, group, proto variables 49.110 -# When using IBSS or AP mode, ap_scan=2 mode can force the new network to be 49.111 -# created immediately regardless of scan results. ap_scan=1 mode will first try 49.112 -# to scan for existing networks and only if no matches with the enabled 49.113 -# networks are found, a new IBSS or AP mode network is created. 49.114 -ap_scan=1 49.115 - 49.116 -# EAP fast re-authentication 49.117 -# By default, fast re-authentication is enabled for all EAP methods that 49.118 -# support it. This variable can be used to disable fast re-authentication. 49.119 -# Normally, there is no need to disable this. 49.120 -fast_reauth=1 49.121 - 49.122 -# OpenSSL Engine support 49.123 -# These options can be used to load OpenSSL engines. 49.124 -# The two engines that are supported currently are shown below: 49.125 -# They are both from the opensc project (http://www.opensc.org/) 49.126 -# By default no engines are loaded. 49.127 -# make the opensc engine available 49.128 -#opensc_engine_path=/usr/lib/opensc/engine_opensc.so 49.129 -# make the pkcs11 engine available 49.130 -#pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so 49.131 -# configure the path to the pkcs11 module required by the pkcs11 engine 49.132 -#pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so 49.133 - 49.134 -# Dynamic EAP methods 49.135 -# If EAP methods were built dynamically as shared object files, they need to be 49.136 -# loaded here before being used in the network blocks. By default, EAP methods 49.137 -# are included statically in the build, so these lines are not needed 49.138 -#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_tls.so 49.139 -#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_md5.so 49.140 - 49.141 -# Driver interface parameters 49.142 -# This field can be used to configure arbitrary driver interace parameters. The 49.143 -# format is specific to the selected driver interface. This field is not used 49.144 -# in most cases. 49.145 -#driver_param="field=value" 49.146 - 49.147 -# Country code 49.148 -# The ISO/IEC alpha2 country code for the country in which this device is 49.149 -# currently operating. 49.150 -#country=US 49.151 - 49.152 -# Maximum lifetime for PMKSA in seconds; default 43200 49.153 -#dot11RSNAConfigPMKLifetime=43200 49.154 -# Threshold for reauthentication (percentage of PMK lifetime); default 70 49.155 -#dot11RSNAConfigPMKReauthThreshold=70 49.156 -# Timeout for security association negotiation in seconds; default 60 49.157 -#dot11RSNAConfigSATimeout=60 49.158 - 49.159 -# Wi-Fi Protected Setup (WPS) parameters 49.160 - 49.161 -# Universally Unique IDentifier (UUID; see RFC 4122) of the device 49.162 -# If not configured, UUID will be generated based on the local MAC address. 49.163 -#uuid=12345678-9abc-def0-1234-56789abcdef0 49.164 - 49.165 -# Device Name 49.166 -# User-friendly description of device; up to 32 octets encoded in UTF-8 49.167 -#device_name=Wireless Client 49.168 - 49.169 -# Manufacturer 49.170 -# The manufacturer of the device (up to 64 ASCII characters) 49.171 -#manufacturer=Company 49.172 - 49.173 -# Model Name 49.174 -# Model of the device (up to 32 ASCII characters) 49.175 -#model_name=cmodel 49.176 - 49.177 -# Model Number 49.178 -# Additional device description (up to 32 ASCII characters) 49.179 -#model_number=123 49.180 - 49.181 -# Serial Number 49.182 -# Serial number of the device (up to 32 characters) 49.183 -#serial_number=12345 49.184 - 49.185 -# Primary Device Type 49.186 -# Used format: <categ>-<OUI>-<subcateg> 49.187 -# categ = Category as an integer value 49.188 -# OUI = OUI and type octet as a 4-octet hex-encoded value; 0050F204 for 49.189 -# default WPS OUI 49.190 -# subcateg = OUI-specific Sub Category as an integer value 49.191 -# Examples: 49.192 -# 1-0050F204-1 (Computer / PC) 49.193 -# 1-0050F204-2 (Computer / Server) 49.194 -# 5-0050F204-1 (Storage / NAS) 49.195 -# 6-0050F204-1 (Network Infrastructure / AP) 49.196 -#device_type=1-0050F204-1 49.197 - 49.198 -# OS Version 49.199 -# 4-octet operating system version number (hex string) 49.200 -#os_version=01020300 49.201 - 49.202 -# Config Methods 49.203 -# List of the supported configuration methods 49.204 -# Available methods: usba ethernet label display ext_nfc_token int_nfc_token 49.205 -# nfc_interface push_button keypad virtual_display physical_display 49.206 -# virtual_push_button physical_push_button 49.207 -# For WSC 1.0: 49.208 -#config_methods=label display push_button keypad 49.209 -# For WSC 2.0: 49.210 -#config_methods=label virtual_display virtual_push_button keypad 49.211 - 49.212 -# Credential processing 49.213 -# 0 = process received credentials internally (default) 49.214 -# 1 = do not process received credentials; just pass them over ctrl_iface to 49.215 -# external program(s) 49.216 -# 2 = process received credentials internally and pass them over ctrl_iface 49.217 -# to external program(s) 49.218 -#wps_cred_processing=0 49.219 - 49.220 -# Vendor attribute in WPS M1, e.g., Windows 7 Vertical Pairing 49.221 -# The vendor attribute contents to be added in M1 (hex string) 49.222 -#wps_vendor_ext_m1=000137100100020001 49.223 - 49.224 -# NFC password token for WPS 49.225 -# These parameters can be used to configure a fixed NFC password token for the 49.226 -# station. This can be generated, e.g., with nfc_pw_token. When these 49.227 -# parameters are used, the station is assumed to be deployed with a NFC tag 49.228 -# that includes the matching NFC password token (e.g., written based on the 49.229 -# NDEF record from nfc_pw_token). 49.230 -# 49.231 -#wps_nfc_dev_pw_id: Device Password ID (16..65535) 49.232 -#wps_nfc_dh_pubkey: Hexdump of DH Public Key 49.233 -#wps_nfc_dh_privkey: Hexdump of DH Private Key 49.234 -#wps_nfc_dev_pw: Hexdump of Device Password 49.235 - 49.236 -# Maximum number of BSS entries to keep in memory 49.237 -# Default: 200 49.238 -# This can be used to limit memory use on the BSS entries (cached scan 49.239 -# results). A larger value may be needed in environments that have huge number 49.240 -# of APs when using ap_scan=1 mode. 49.241 -#bss_max_count=200 49.242 - 49.243 -# Automatic scan 49.244 -# This is an optional set of parameters for automatic scanning 49.245 -# within an interface in following format: 49.246 -#autoscan=<autoscan module name>:<module parameters> 49.247 -# autoscan is like bgscan but on disconnected or inactive state. 49.248 -# For instance, on exponential module parameters would be <base>:<limit> 49.249 -#autoscan=exponential:3:300 49.250 -# Which means a delay between scans on a base exponential of 3, 49.251 -# up to the limit of 300 seconds (3, 9, 27 ... 300) 49.252 -# For periodic module, parameters would be <fixed interval> 49.253 -#autoscan=periodic:30 49.254 -# So a delay of 30 seconds will be applied between each scan 49.255 - 49.256 -# filter_ssids - SSID-based scan result filtering 49.257 -# 0 = do not filter scan results (default) 49.258 -# 1 = only include configured SSIDs in scan results/BSS table 49.259 -#filter_ssids=0 49.260 - 49.261 -# Password (and passphrase, etc.) backend for external storage 49.262 -# format: <backend name>[:<optional backend parameters>] 49.263 -#ext_password_backend=test:pw1=password|pw2=testing 49.264 - 49.265 -# Timeout in seconds to detect STA inactivity (default: 300 seconds) 49.266 -# 49.267 -# This timeout value is used in P2P GO mode to clean up 49.268 -# inactive stations. 49.269 -#p2p_go_max_inactivity=300 49.270 - 49.271 -# Opportunistic Key Caching (also known as Proactive Key Caching) default 49.272 -# This parameter can be used to set the default behavior for the 49.273 -# proactive_key_caching parameter. By default, OKC is disabled unless enabled 49.274 -# with the global okc=1 parameter or with the per-network 49.275 -# proactive_key_caching=1 parameter. With okc=1, OKC is enabled by default, but 49.276 -# can be disabled with per-network proactive_key_caching=0 parameter. 49.277 -#okc=0 49.278 - 49.279 -# Protected Management Frames default 49.280 -# This parameter can be used to set the default behavior for the ieee80211w 49.281 -# parameter. By default, PMF is disabled unless enabled with the global pmf=1/2 49.282 -# parameter or with the per-network ieee80211w=1/2 parameter. With pmf=1/2, PMF 49.283 -# is enabled/required by default, but can be disabled with the per-network 49.284 -# ieee80211w parameter. 49.285 -#pmf=0 49.286 - 49.287 -# Enabled SAE finite cyclic groups in preference order 49.288 -# By default (if this parameter is not set), the mandatory group 19 (ECC group 49.289 -# defined over a 256-bit prime order field) is preferred, but other groups are 49.290 -# also enabled. If this parameter is set, the groups will be tried in the 49.291 -# indicated order. The group values are listed in the IANA registry: 49.292 -# http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xml#ipsec-registry-9 49.293 -#sae_groups=21 20 19 26 25 49.294 - 49.295 -# Default value for DTIM period (if not overridden in network block) 49.296 -#dtim_period=2 49.297 - 49.298 -# Default value for Beacon interval (if not overridden in network block) 49.299 -#beacon_int=100 49.300 - 49.301 -# Additional vendor specific elements for Beacon and Probe Response frames 49.302 -# This parameter can be used to add additional vendor specific element(s) into 49.303 -# the end of the Beacon and Probe Response frames. The format for these 49.304 -# element(s) is a hexdump of the raw information elements (id+len+payload for 49.305 -# one or more elements). This is used in AP and P2P GO modes. 49.306 -#ap_vendor_elements=dd0411223301 49.307 - 49.308 -# Ignore scan results older than request 49.309 -# 49.310 -# The driver may have a cache of scan results that makes it return 49.311 -# information that is older than our scan trigger. This parameter can 49.312 -# be used to configure such old information to be ignored instead of 49.313 -# allowing it to update the internal BSS table. 49.314 -#ignore_old_scan_res=0 49.315 - 49.316 -# scan_cur_freq: Whether to scan only the current frequency 49.317 -# 0: Scan all available frequencies. (Default) 49.318 -# 1: Scan current operating frequency if another VIF on the same radio 49.319 -# is already associated. 49.320 - 49.321 -# Interworking (IEEE 802.11u) 49.322 - 49.323 -# Enable Interworking 49.324 -# interworking=1 49.325 - 49.326 -# Homogenous ESS identifier 49.327 -# If this is set, scans will be used to request response only from BSSes 49.328 -# belonging to the specified Homogeneous ESS. This is used only if interworking 49.329 -# is enabled. 49.330 -# hessid=00:11:22:33:44:55 49.331 - 49.332 -# Automatic network selection behavior 49.333 -# 0 = do not automatically go through Interworking network selection 49.334 -# (i.e., require explicit interworking_select command for this; default) 49.335 -# 1 = perform Interworking network selection if one or more 49.336 -# credentials have been configured and scan did not find a 49.337 -# matching network block 49.338 -#auto_interworking=0 49.339 - 49.340 -# credential block 49.341 -# 49.342 -# Each credential used for automatic network selection is configured as a set 49.343 -# of parameters that are compared to the information advertised by the APs when 49.344 -# interworking_select and interworking_connect commands are used. 49.345 -# 49.346 -# credential fields: 49.347 -# 49.348 -# temporary: Whether this credential is temporary and not to be saved 49.349 -# 49.350 -# priority: Priority group 49.351 -# By default, all networks and credentials get the same priority group 49.352 -# (0). This field can be used to give higher priority for credentials 49.353 -# (and similarly in struct wpa_ssid for network blocks) to change the 49.354 -# Interworking automatic networking selection behavior. The matching 49.355 -# network (based on either an enabled network block or a credential) 49.356 -# with the highest priority value will be selected. 49.357 -# 49.358 -# pcsc: Use PC/SC and SIM/USIM card 49.359 -# 49.360 -# realm: Home Realm for Interworking 49.361 -# 49.362 -# username: Username for Interworking network selection 49.363 -# 49.364 -# password: Password for Interworking network selection 49.365 -# 49.366 -# ca_cert: CA certificate for Interworking network selection 49.367 -# 49.368 -# client_cert: File path to client certificate file (PEM/DER) 49.369 -# This field is used with Interworking networking selection for a case 49.370 -# where client certificate/private key is used for authentication 49.371 -# (EAP-TLS). Full path to the file should be used since working 49.372 -# directory may change when wpa_supplicant is run in the background. 49.373 -# 49.374 -# Alternatively, a named configuration blob can be used by setting 49.375 -# this to blob://blob_name. 49.376 -# 49.377 -# private_key: File path to client private key file (PEM/DER/PFX) 49.378 -# When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be 49.379 -# commented out. Both the private key and certificate will be read 49.380 -# from the PKCS#12 file in this case. Full path to the file should be 49.381 -# used since working directory may change when wpa_supplicant is run 49.382 -# in the background. 49.383 -# 49.384 -# Windows certificate store can be used by leaving client_cert out and 49.385 -# configuring private_key in one of the following formats: 49.386 -# 49.387 -# cert://substring_to_match 49.388 -# 49.389 -# hash://certificate_thumbprint_in_hex 49.390 -# 49.391 -# For example: private_key="hash://63093aa9c47f56ae88334c7b65a4" 49.392 -# 49.393 -# Note that when running wpa_supplicant as an application, the user 49.394 -# certificate store (My user account) is used, whereas computer store 49.395 -# (Computer account) is used when running wpasvc as a service. 49.396 -# 49.397 -# Alternatively, a named configuration blob can be used by setting 49.398 -# this to blob://blob_name. 49.399 -# 49.400 -# private_key_passwd: Password for private key file 49.401 -# 49.402 -# imsi: IMSI in <MCC> | <MNC> | '-' | <MSIN> format 49.403 -# 49.404 -# milenage: Milenage parameters for SIM/USIM simulator in <Ki>:<OPc>:<SQN> 49.405 -# format 49.406 -# 49.407 -# domain: Home service provider FQDN(s) 49.408 -# This is used to compare against the Domain Name List to figure out 49.409 -# whether the AP is operated by the Home SP. Multiple domain entries can 49.410 -# be used to configure alternative FQDNs that will be considered home 49.411 -# networks. 49.412 -# 49.413 -# roaming_consortium: Roaming Consortium OI 49.414 -# If roaming_consortium_len is non-zero, this field contains the 49.415 -# Roaming Consortium OI that can be used to determine which access 49.416 -# points support authentication with this credential. This is an 49.417 -# alternative to the use of the realm parameter. When using Roaming 49.418 -# Consortium to match the network, the EAP parameters need to be 49.419 -# pre-configured with the credential since the NAI Realm information 49.420 -# may not be available or fetched. 49.421 -# 49.422 -# eap: Pre-configured EAP method 49.423 -# This optional field can be used to specify which EAP method will be 49.424 -# used with this credential. If not set, the EAP method is selected 49.425 -# automatically based on ANQP information (e.g., NAI Realm). 49.426 -# 49.427 -# phase1: Pre-configure Phase 1 (outer authentication) parameters 49.428 -# This optional field is used with like the 'eap' parameter. 49.429 -# 49.430 -# phase2: Pre-configure Phase 2 (inner authentication) parameters 49.431 -# This optional field is used with like the 'eap' parameter. 49.432 -# 49.433 -# excluded_ssid: Excluded SSID 49.434 -# This optional field can be used to excluded specific SSID(s) from 49.435 -# matching with the network. Multiple entries can be used to specify more 49.436 -# than one SSID. 49.437 -# 49.438 -# for example: 49.439 -# 49.440 -#cred={ 49.441 -# realm="example.com" 49.442 -# username="user@example.com" 49.443 -# password="password" 49.444 -# ca_cert="/etc/wpa_supplicant/ca.pem" 49.445 -# domain="example.com" 49.446 -#} 49.447 -# 49.448 -#cred={ 49.449 -# imsi="310026-000000000" 49.450 -# milenage="90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82" 49.451 -#} 49.452 -# 49.453 -#cred={ 49.454 -# realm="example.com" 49.455 -# username="user" 49.456 -# password="password" 49.457 -# ca_cert="/etc/wpa_supplicant/ca.pem" 49.458 -# domain="example.com" 49.459 -# roaming_consortium=223344 49.460 -# eap=TTLS 49.461 -# phase2="auth=MSCHAPV2" 49.462 -#} 49.463 - 49.464 -# Hotspot 2.0 49.465 -# hs20=1 49.466 - 49.467 -# network block 49.468 -# 49.469 -# Each network (usually AP's sharing the same SSID) is configured as a separate 49.470 -# block in this configuration file. The network blocks are in preference order 49.471 -# (the first match is used). 49.472 -# 49.473 -# network block fields: 49.474 -# 49.475 -# disabled: 49.476 -# 0 = this network can be used (default) 49.477 -# 1 = this network block is disabled (can be enabled through ctrl_iface, 49.478 -# e.g., with wpa_cli or wpa_gui) 49.479 -# 49.480 -# id_str: Network identifier string for external scripts. This value is passed 49.481 -# to external action script through wpa_cli as WPA_ID_STR environment 49.482 -# variable to make it easier to do network specific configuration. 49.483 -# 49.484 -# ssid: SSID (mandatory); network name in one of the optional formats: 49.485 -# - an ASCII string with double quotation 49.486 -# - a hex string (two characters per octet of SSID) 49.487 -# - a printf-escaped ASCII string P"<escaped string>" 49.488 -# 49.489 -# scan_ssid: 49.490 -# 0 = do not scan this SSID with specific Probe Request frames (default) 49.491 -# 1 = scan with SSID-specific Probe Request frames (this can be used to 49.492 -# find APs that do not accept broadcast SSID or use multiple SSIDs; 49.493 -# this will add latency to scanning, so enable this only when needed) 49.494 -# 49.495 -# bssid: BSSID (optional); if set, this network block is used only when 49.496 -# associating with the AP using the configured BSSID 49.497 -# 49.498 -# priority: priority group (integer) 49.499 -# By default, all networks will get same priority group (0). If some of the 49.500 -# networks are more desirable, this field can be used to change the order in 49.501 -# which wpa_supplicant goes through the networks when selecting a BSS. The 49.502 -# priority groups will be iterated in decreasing priority (i.e., the larger the 49.503 -# priority value, the sooner the network is matched against the scan results). 49.504 -# Within each priority group, networks will be selected based on security 49.505 -# policy, signal strength, etc. 49.506 -# Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not 49.507 -# using this priority to select the order for scanning. Instead, they try the 49.508 -# networks in the order that used in the configuration file. 49.509 -# 49.510 -# mode: IEEE 802.11 operation mode 49.511 -# 0 = infrastructure (Managed) mode, i.e., associate with an AP (default) 49.512 -# 1 = IBSS (ad-hoc, peer-to-peer) 49.513 -# 2 = AP (access point) 49.514 -# Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP) and 49.515 -# WPA-PSK (with proto=RSN). In addition, key_mgmt=WPA-NONE (fixed group key 49.516 -# TKIP/CCMP) is available for backwards compatibility, but its use is 49.517 -# deprecated. WPA-None requires following network block options: 49.518 -# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not 49.519 -# both), and psk must also be set. 49.520 -# 49.521 -# frequency: Channel frequency in megahertz (MHz) for IBSS, e.g., 49.522 -# 2412 = IEEE 802.11b/g channel 1. This value is used to configure the initial 49.523 -# channel for IBSS (adhoc) networks. It is ignored in the infrastructure mode. 49.524 -# In addition, this value is only used by the station that creates the IBSS. If 49.525 -# an IBSS network with the configured SSID is already present, the frequency of 49.526 -# the network will be used instead of this configured value. 49.527 -# 49.528 -# scan_freq: List of frequencies to scan 49.529 -# Space-separated list of frequencies in MHz to scan when searching for this 49.530 -# BSS. If the subset of channels used by the network is known, this option can 49.531 -# be used to optimize scanning to not occur on channels that the network does 49.532 -# not use. Example: scan_freq=2412 2437 2462 49.533 -# 49.534 -# freq_list: Array of allowed frequencies 49.535 -# Space-separated list of frequencies in MHz to allow for selecting the BSS. If 49.536 -# set, scan results that do not match any of the specified frequencies are not 49.537 -# considered when selecting a BSS. 49.538 -# 49.539 -# This can also be set on the outside of the network block. In this case, 49.540 -# it limits the frequencies that will be scanned. 49.541 -# 49.542 -# bgscan: Background scanning 49.543 -# wpa_supplicant behavior for background scanning can be specified by 49.544 -# configuring a bgscan module. These modules are responsible for requesting 49.545 -# background scans for the purpose of roaming within an ESS (i.e., within a 49.546 -# single network block with all the APs using the same SSID). The bgscan 49.547 -# parameter uses following format: "<bgscan module name>:<module parameters>" 49.548 -# Following bgscan modules are available: 49.549 -# simple - Periodic background scans based on signal strength 49.550 -# bgscan="simple:<short bgscan interval in seconds>:<signal strength threshold>: 49.551 -# <long interval>" 49.552 -# bgscan="simple:30:-45:300" 49.553 -# learn - Learn channels used by the network and try to avoid bgscans on other 49.554 -# channels (experimental) 49.555 -# bgscan="learn:<short bgscan interval in seconds>:<signal strength threshold>: 49.556 -# <long interval>[:<database file name>]" 49.557 -# bgscan="learn:30:-45:300:/etc/wpa_supplicant/network1.bgscan" 49.558 -# 49.559 -# This option can also be set outside of all network blocks for the bgscan 49.560 -# parameter to apply for all the networks that have no specific bgscan 49.561 -# parameter. 49.562 -# 49.563 -# proto: list of accepted protocols 49.564 -# WPA = WPA/IEEE 802.11i/D3.0 49.565 -# RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN) 49.566 -# If not set, this defaults to: WPA RSN 49.567 -# 49.568 -# key_mgmt: list of accepted authenticated key management protocols 49.569 -# WPA-PSK = WPA pre-shared key (this requires 'psk' field) 49.570 -# WPA-EAP = WPA using EAP authentication 49.571 -# IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically 49.572 -# generated WEP keys 49.573 -# NONE = WPA is not used; plaintext or static WEP could be used 49.574 -# WPA-PSK-SHA256 = Like WPA-PSK but using stronger SHA256-based algorithms 49.575 -# WPA-EAP-SHA256 = Like WPA-EAP but using stronger SHA256-based algorithms 49.576 -# If not set, this defaults to: WPA-PSK WPA-EAP 49.577 -# 49.578 -# ieee80211w: whether management frame protection is enabled 49.579 -# 0 = disabled (default unless changed with the global pmf parameter) 49.580 -# 1 = optional 49.581 -# 2 = required 49.582 -# The most common configuration options for this based on the PMF (protected 49.583 -# management frames) certification program are: 49.584 -# PMF enabled: ieee80211w=1 and key_mgmt=WPA-EAP WPA-EAP-SHA256 49.585 -# PMF required: ieee80211w=2 and key_mgmt=WPA-EAP-SHA256 49.586 -# (and similarly for WPA-PSK and WPA-WPSK-SHA256 if WPA2-Personal is used) 49.587 -# 49.588 -# auth_alg: list of allowed IEEE 802.11 authentication algorithms 49.589 -# OPEN = Open System authentication (required for WPA/WPA2) 49.590 -# SHARED = Shared Key authentication (requires static WEP keys) 49.591 -# LEAP = LEAP/Network EAP (only used with LEAP) 49.592 -# If not set, automatic selection is used (Open System with LEAP enabled if 49.593 -# LEAP is allowed as one of the EAP methods). 49.594 -# 49.595 -# pairwise: list of accepted pairwise (unicast) ciphers for WPA 49.596 -# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] 49.597 -# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] 49.598 -# NONE = Use only Group Keys (deprecated, should not be included if APs support 49.599 -# pairwise keys) 49.600 -# If not set, this defaults to: CCMP TKIP 49.601 -# 49.602 -# group: list of accepted group (broadcast/multicast) ciphers for WPA 49.603 -# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] 49.604 -# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] 49.605 -# WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key 49.606 -# WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE 802.11] 49.607 -# If not set, this defaults to: CCMP TKIP WEP104 WEP40 49.608 -# 49.609 -# psk: WPA preshared key; 256-bit pre-shared key 49.610 -# The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e., 49.611 -# 32 bytes or as an ASCII passphrase (in which case, the real PSK will be 49.612 -# generated using the passphrase and SSID). ASCII passphrase must be between 49.613 -# 8 and 63 characters (inclusive). ext:<name of external PSK field> format can 49.614 -# be used to indicate that the PSK/passphrase is stored in external storage. 49.615 -# This field is not needed, if WPA-EAP is used. 49.616 -# Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys 49.617 -# from ASCII passphrase. This process uses lot of CPU and wpa_supplicant 49.618 -# startup and reconfiguration time can be optimized by generating the PSK only 49.619 -# only when the passphrase or SSID has actually changed. 49.620 -# 49.621 -# eapol_flags: IEEE 802.1X/EAPOL options (bit field) 49.622 -# Dynamic WEP key required for non-WPA mode 49.623 -# bit0 (1): require dynamically generated unicast WEP key 49.624 -# bit1 (2): require dynamically generated broadcast WEP key 49.625 -# (3 = require both keys; default) 49.626 -# Note: When using wired authentication, eapol_flags must be set to 0 for the 49.627 -# authentication to be completed successfully. 49.628 -# 49.629 -# mixed_cell: This option can be used to configure whether so called mixed 49.630 -# cells, i.e., networks that use both plaintext and encryption in the same 49.631 -# SSID, are allowed when selecting a BSS from scan results. 49.632 -# 0 = disabled (default) 49.633 -# 1 = enabled 49.634 -# 49.635 -# proactive_key_caching: 49.636 -# Enable/disable opportunistic PMKSA caching for WPA2. 49.637 -# 0 = disabled (default unless changed with the global okc parameter) 49.638 -# 1 = enabled 49.639 -# 49.640 -# wep_key0..3: Static WEP key (ASCII in double quotation, e.g. "abcde" or 49.641 -# hex without quotation, e.g., 0102030405) 49.642 -# wep_tx_keyidx: Default WEP key index (TX) (0..3) 49.643 -# 49.644 -# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e DLS) is 49.645 -# allowed. This is only used with RSN/WPA2. 49.646 -# 0 = disabled (default) 49.647 -# 1 = enabled 49.648 -#peerkey=1 49.649 -# 49.650 -# wpa_ptk_rekey: Maximum lifetime for PTK in seconds. This can be used to 49.651 -# enforce rekeying of PTK to mitigate some attacks against TKIP deficiencies. 49.652 -# 49.653 -# Following fields are only used with internal EAP implementation. 49.654 -# eap: space-separated list of accepted EAP methods 49.655 -# MD5 = EAP-MD5 (unsecure and does not generate keying material -> 49.656 -# cannot be used with WPA; to be used as a Phase 2 method 49.657 -# with EAP-PEAP or EAP-TTLS) 49.658 -# MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to be used 49.659 -# as a Phase 2 method with EAP-PEAP or EAP-TTLS) 49.660 -# OTP = EAP-OTP (cannot be used separately with WPA; to be used 49.661 -# as a Phase 2 method with EAP-PEAP or EAP-TTLS) 49.662 -# GTC = EAP-GTC (cannot be used separately with WPA; to be used 49.663 -# as a Phase 2 method with EAP-PEAP or EAP-TTLS) 49.664 -# TLS = EAP-TLS (client and server certificate) 49.665 -# PEAP = EAP-PEAP (with tunnelled EAP authentication) 49.666 -# TTLS = EAP-TTLS (with tunnelled EAP or PAP/CHAP/MSCHAP/MSCHAPV2 49.667 -# authentication) 49.668 -# If not set, all compiled in methods are allowed. 49.669 -# 49.670 -# identity: Identity string for EAP 49.671 -# This field is also used to configure user NAI for 49.672 -# EAP-PSK/PAX/SAKE/GPSK. 49.673 -# anonymous_identity: Anonymous identity string for EAP (to be used as the 49.674 -# unencrypted identity with EAP types that support different tunnelled 49.675 -# identity, e.g., EAP-TTLS). This field can also be used with 49.676 -# EAP-SIM/AKA/AKA' to store the pseudonym identity. 49.677 -# password: Password string for EAP. This field can include either the 49.678 -# plaintext password (using ASCII or hex string) or a NtPasswordHash 49.679 -# (16-byte MD4 hash of password) in hash:<32 hex digits> format. 49.680 -# NtPasswordHash can only be used when the password is for MSCHAPv2 or 49.681 -# MSCHAP (EAP-MSCHAPv2, EAP-TTLS/MSCHAPv2, EAP-TTLS/MSCHAP, LEAP). 49.682 -# EAP-PSK (128-bit PSK), EAP-PAX (128-bit PSK), and EAP-SAKE (256-bit 49.683 -# PSK) is also configured using this field. For EAP-GPSK, this is a 49.684 -# variable length PSK. ext:<name of external password field> format can 49.685 -# be used to indicate that the password is stored in external storage. 49.686 -# ca_cert: File path to CA certificate file (PEM/DER). This file can have one 49.687 -# or more trusted CA certificates. If ca_cert and ca_path are not 49.688 -# included, server certificate will not be verified. This is insecure and 49.689 -# a trusted CA certificate should always be configured when using 49.690 -# EAP-TLS/TTLS/PEAP. Full path should be used since working directory may 49.691 -# change when wpa_supplicant is run in the background. 49.692 -# 49.693 -# Alternatively, this can be used to only perform matching of the server 49.694 -# certificate (SHA-256 hash of the DER encoded X.509 certificate). In 49.695 -# this case, the possible CA certificates in the server certificate chain 49.696 -# are ignored and only the server certificate is verified. This is 49.697 -# configured with the following format: 49.698 -# hash:://server/sha256/cert_hash_in_hex 49.699 -# For example: "hash://server/sha256/ 49.700 -# 5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a" 49.701 -# 49.702 -# On Windows, trusted CA certificates can be loaded from the system 49.703 -# certificate store by setting this to cert_store://<name>, e.g., 49.704 -# ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT". 49.705 -# Note that when running wpa_supplicant as an application, the user 49.706 -# certificate store (My user account) is used, whereas computer store 49.707 -# (Computer account) is used when running wpasvc as a service. 49.708 -# ca_path: Directory path for CA certificate files (PEM). This path may 49.709 -# contain multiple CA certificates in OpenSSL format. Common use for this 49.710 -# is to point to system trusted CA list which is often installed into 49.711 -# directory like /etc/ssl/certs. If configured, these certificates are 49.712 -# added to the list of trusted CAs. ca_cert may also be included in that 49.713 -# case, but it is not required. 49.714 -# client_cert: File path to client certificate file (PEM/DER) 49.715 -# Full path should be used since working directory may change when 49.716 -# wpa_supplicant is run in the background. 49.717 -# Alternatively, a named configuration blob can be used by setting this 49.718 -# to blob://<blob name>. 49.719 -# private_key: File path to client private key file (PEM/DER/PFX) 49.720 -# When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be 49.721 -# commented out. Both the private key and certificate will be read from 49.722 -# the PKCS#12 file in this case. Full path should be used since working 49.723 -# directory may change when wpa_supplicant is run in the background. 49.724 -# Windows certificate store can be used by leaving client_cert out and 49.725 -# configuring private_key in one of the following formats: 49.726 -# cert://substring_to_match 49.727 -# hash://certificate_thumbprint_in_hex 49.728 -# for example: private_key="hash://63093aa9c47f56ae88334c7b65a4" 49.729 -# Note that when running wpa_supplicant as an application, the user 49.730 -# certificate store (My user account) is used, whereas computer store 49.731 -# (Computer account) is used when running wpasvc as a service. 49.732 -# Alternatively, a named configuration blob can be used by setting this 49.733 -# to blob://<blob name>. 49.734 -# private_key_passwd: Password for private key file (if left out, this will be 49.735 -# asked through control interface) 49.736 -# dh_file: File path to DH/DSA parameters file (in PEM format) 49.737 -# This is an optional configuration file for setting parameters for an 49.738 -# ephemeral DH key exchange. In most cases, the default RSA 49.739 -# authentication does not use this configuration. However, it is possible 49.740 -# setup RSA to use ephemeral DH key exchange. In addition, ciphers with 49.741 -# DSA keys always use ephemeral DH keys. This can be used to achieve 49.742 -# forward secrecy. If the file is in DSA parameters format, it will be 49.743 -# automatically converted into DH params. 49.744 -# subject_match: Substring to be matched against the subject of the 49.745 -# authentication server certificate. If this string is set, the server 49.746 -# sertificate is only accepted if it contains this string in the subject. 49.747 -# The subject string is in following format: 49.748 -# /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@example.com 49.749 -# altsubject_match: Semicolon separated string of entries to be matched against 49.750 -# the alternative subject name of the authentication server certificate. 49.751 -# If this string is set, the server sertificate is only accepted if it 49.752 -# contains one of the entries in an alternative subject name extension. 49.753 -# altSubjectName string is in following format: TYPE:VALUE 49.754 -# Example: EMAIL:server@example.com 49.755 -# Example: DNS:server.example.com;DNS:server2.example.com 49.756 -# Following types are supported: EMAIL, DNS, URI 49.757 -# phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters 49.758 -# (string with field-value pairs, e.g., "peapver=0" or 49.759 -# "peapver=1 peaplabel=1") 49.760 -# 'peapver' can be used to force which PEAP version (0 or 1) is used. 49.761 -# 'peaplabel=1' can be used to force new label, "client PEAP encryption", 49.762 -# to be used during key derivation when PEAPv1 or newer. Most existing 49.763 -# PEAPv1 implementation seem to be using the old label, "client EAP 49.764 -# encryption", and wpa_supplicant is now using that as the default value. 49.765 -# Some servers, e.g., Radiator, may require peaplabel=1 configuration to 49.766 -# interoperate with PEAPv1; see eap_testing.txt for more details. 49.767 -# 'peap_outer_success=0' can be used to terminate PEAP authentication on 49.768 -# tunneled EAP-Success. This is required with some RADIUS servers that 49.769 -# implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g., 49.770 -# Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode) 49.771 -# include_tls_length=1 can be used to force wpa_supplicant to include 49.772 -# TLS Message Length field in all TLS messages even if they are not 49.773 -# fragmented. 49.774 -# sim_min_num_chal=3 can be used to configure EAP-SIM to require three 49.775 -# challenges (by default, it accepts 2 or 3) 49.776 -# result_ind=1 can be used to enable EAP-SIM and EAP-AKA to use 49.777 -# protected result indication. 49.778 -# 'crypto_binding' option can be used to control PEAPv0 cryptobinding 49.779 -# behavior: 49.780 -# * 0 = do not use cryptobinding (default) 49.781 -# * 1 = use cryptobinding if server supports it 49.782 -# * 2 = require cryptobinding 49.783 -# EAP-WSC (WPS) uses following options: pin=<Device Password> or 49.784 -# pbc=1. 49.785 -# phase2: Phase2 (inner authentication with TLS tunnel) parameters 49.786 -# (string with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or 49.787 -# "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS) 49.788 -# 49.789 -# TLS-based methods can use the following parameters to control TLS behavior 49.790 -# (these are normally in the phase1 parameter, but can be used also in the 49.791 -# phase2 parameter when EAP-TLS is used within the inner tunnel): 49.792 -# tls_allow_md5=1 - allow MD5-based certificate signatures (depending on the 49.793 -# TLS library, these may be disabled by default to enforce stronger 49.794 -# security) 49.795 -# tls_disable_time_checks=1 - ignore certificate validity time (this requests 49.796 -# the TLS library to accept certificates even if they are not currently 49.797 -# valid, i.e., have expired or have not yet become valid; this should be 49.798 -# used only for testing purposes) 49.799 -# tls_disable_session_ticket=1 - disable TLS Session Ticket extension 49.800 -# tls_disable_session_ticket=0 - allow TLS Session Ticket extension to be used 49.801 -# Note: If not set, this is automatically set to 1 for EAP-TLS/PEAP/TTLS 49.802 -# as a workaround for broken authentication server implementations unless 49.803 -# EAP workarounds are disabled with eap_workarounds=0. 49.804 -# For EAP-FAST, this must be set to 0 (or left unconfigured for the 49.805 -# default value to be used automatically). 49.806 -# 49.807 -# Following certificate/private key fields are used in inner Phase2 49.808 -# authentication when using EAP-TTLS or EAP-PEAP. 49.809 -# ca_cert2: File path to CA certificate file. This file can have one or more 49.810 -# trusted CA certificates. If ca_cert2 and ca_path2 are not included, 49.811 -# server certificate will not be verified. This is insecure and a trusted 49.812 -# CA certificate should always be configured. 49.813 -# ca_path2: Directory path for CA certificate files (PEM) 49.814 -# client_cert2: File path to client certificate file 49.815 -# private_key2: File path to client private key file 49.816 -# private_key2_passwd: Password for private key file 49.817 -# dh_file2: File path to DH/DSA parameters file (in PEM format) 49.818 -# subject_match2: Substring to be matched against the subject of the 49.819 -# authentication server certificate. 49.820 -# altsubject_match2: Substring to be matched against the alternative subject 49.821 -# name of the authentication server certificate. 49.822 -# 49.823 -# fragment_size: Maximum EAP fragment size in bytes (default 1398). 49.824 -# This value limits the fragment size for EAP methods that support 49.825 -# fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set 49.826 -# small enough to make the EAP messages fit in MTU of the network 49.827 -# interface used for EAPOL. The default value is suitable for most 49.828 -# cases. 49.829 -# 49.830 -# ocsp: Whether to use/require OCSP to check server certificate 49.831 -# 0 = do not use OCSP stapling (TLS certificate status extension) 49.832 -# 1 = try to use OCSP stapling, but not require response 49.833 -# 2 = require valid OCSP stapling response 49.834 -# 49.835 -# EAP-FAST variables: 49.836 -# pac_file: File path for the PAC entries. wpa_supplicant will need to be able 49.837 -# to create this file and write updates to it when PAC is being 49.838 -# provisioned or refreshed. Full path to the file should be used since 49.839 -# working directory may change when wpa_supplicant is run in the 49.840 -# background. Alternatively, a named configuration blob can be used by 49.841 -# setting this to blob://<blob name> 49.842 -# phase1: fast_provisioning option can be used to enable in-line provisioning 49.843 -# of EAP-FAST credentials (PAC): 49.844 -# 0 = disabled, 49.845 -# 1 = allow unauthenticated provisioning, 49.846 -# 2 = allow authenticated provisioning, 49.847 -# 3 = allow both unauthenticated and authenticated provisioning 49.848 -# fast_max_pac_list_len=<num> option can be used to set the maximum 49.849 -# number of PAC entries to store in a PAC list (default: 10) 49.850 -# fast_pac_format=binary option can be used to select binary format for 49.851 -# storing PAC entries in order to save some space (the default 49.852 -# text format uses about 2.5 times the size of minimal binary 49.853 -# format) 49.854 -# 49.855 -# wpa_supplicant supports number of "EAP workarounds" to work around 49.856 -# interoperability issues with incorrectly behaving authentication servers. 49.857 -# These are enabled by default because some of the issues are present in large 49.858 -# number of authentication servers. Strict EAP conformance mode can be 49.859 -# configured by disabling workarounds with eap_workaround=0. 49.860 - 49.861 -# Station inactivity limit 49.862 -# 49.863 -# If a station does not send anything in ap_max_inactivity seconds, an 49.864 -# empty data frame is sent to it in order to verify whether it is 49.865 -# still in range. If this frame is not ACKed, the station will be 49.866 -# disassociated and then deauthenticated. This feature is used to 49.867 -# clear station table of old entries when the STAs move out of the 49.868 -# range. 49.869 -# 49.870 -# The station can associate again with the AP if it is still in range; 49.871 -# this inactivity poll is just used as a nicer way of verifying 49.872 -# inactivity; i.e., client will not report broken connection because 49.873 -# disassociation frame is not sent immediately without first polling 49.874 -# the STA with a data frame. 49.875 -# default: 300 (i.e., 5 minutes) 49.876 -#ap_max_inactivity=300 49.877 - 49.878 -# DTIM period in Beacon intervals for AP mode (default: 2) 49.879 -#dtim_period=2 49.880 - 49.881 -# Beacon interval (default: 100 TU) 49.882 -#beacon_int=100 49.883 - 49.884 -# disable_ht: Whether HT (802.11n) should be disabled. 49.885 -# 0 = HT enabled (if AP supports it) 49.886 -# 1 = HT disabled 49.887 -# 49.888 -# disable_ht40: Whether HT-40 (802.11n) should be disabled. 49.889 -# 0 = HT-40 enabled (if AP supports it) 49.890 -# 1 = HT-40 disabled 49.891 -# 49.892 -# disable_sgi: Whether SGI (short guard interval) should be disabled. 49.893 -# 0 = SGI enabled (if AP supports it) 49.894 -# 1 = SGI disabled 49.895 -# 49.896 -# ht_mcs: Configure allowed MCS rates. 49.897 -# Parsed as an array of bytes, in base-16 (ascii-hex) 49.898 -# ht_mcs="" // Use all available (default) 49.899 -# ht_mcs="0xff 00 00 00 00 00 00 00 00 00 " // Use MCS 0-7 only 49.900 -# ht_mcs="0xff ff 00 00 00 00 00 00 00 00 " // Use MCS 0-15 only 49.901 -# 49.902 -# disable_max_amsdu: Whether MAX_AMSDU should be disabled. 49.903 -# -1 = Do not make any changes. 49.904 -# 0 = Enable MAX-AMSDU if hardware supports it. 49.905 -# 1 = Disable AMSDU 49.906 -# 49.907 -# ampdu_density: Allow overriding AMPDU density configuration. 49.908 -# Treated as hint by the kernel. 49.909 -# -1 = Do not make any changes. 49.910 -# 0-3 = Set AMPDU density (aka factor) to specified value. 49.911 - 49.912 -# disable_vht: Whether VHT should be disabled. 49.913 -# 0 = VHT enabled (if AP supports it) 49.914 -# 1 = VHT disabled 49.915 -# 49.916 -# vht_capa: VHT capabilities to set in the override 49.917 -# vht_capa_mask: mask of VHT capabilities 49.918 -# 49.919 -# vht_rx_mcs_nss_1/2/3/4/5/6/7/8: override the MCS set for RX NSS 1-8 49.920 -# vht_tx_mcs_nss_1/2/3/4/5/6/7/8: override the MCS set for TX NSS 1-8 49.921 -# 0: MCS 0-7 49.922 -# 1: MCS 0-8 49.923 -# 2: MCS 0-9 49.924 -# 3: not supported 49.925 - 49.926 -# Example blocks: 49.927 - 49.928 -# Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers 49.929 -network={ 49.930 - ssid="simple" 49.931 - psk="very secret passphrase" 49.932 - priority=5 49.933 -} 49.934 - 49.935 -# Same as previous, but request SSID-specific scanning (for APs that reject 49.936 -# broadcast SSID) 49.937 -network={ 49.938 - ssid="second ssid" 49.939 - scan_ssid=1 49.940 - psk="very secret passphrase" 49.941 - priority=2 49.942 -} 49.943 - 49.944 -# Only WPA-PSK is used. Any valid cipher combination is accepted. 49.945 -network={ 49.946 - ssid="example" 49.947 - proto=WPA 49.948 - key_mgmt=WPA-PSK 49.949 - pairwise=CCMP TKIP 49.950 - group=CCMP TKIP WEP104 WEP40 49.951 - psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb 49.952 - priority=2 49.953 -} 49.954 - 49.955 -# WPA-Personal(PSK) with TKIP and enforcement for frequent PTK rekeying 49.956 -network={ 49.957 - ssid="example" 49.958 - proto=WPA 49.959 - key_mgmt=WPA-PSK 49.960 - pairwise=TKIP 49.961 - group=TKIP 49.962 - psk="not so secure passphrase" 49.963 - wpa_ptk_rekey=600 49.964 -} 49.965 - 49.966 -# Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used WEP104 49.967 -# or WEP40 as the group cipher will not be accepted. 49.968 -network={ 49.969 - ssid="example" 49.970 - proto=RSN 49.971 - key_mgmt=WPA-EAP 49.972 - pairwise=CCMP TKIP 49.973 - group=CCMP TKIP 49.974 - eap=TLS 49.975 - identity="user@example.com" 49.976 - ca_cert="/etc/cert/ca.pem" 49.977 - client_cert="/etc/cert/user.pem" 49.978 - private_key="/etc/cert/user.prv" 49.979 - private_key_passwd="password" 49.980 - priority=1 49.981 -} 49.982 - 49.983 -# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new peaplabel 49.984 -# (e.g., Radiator) 49.985 -network={ 49.986 - ssid="example" 49.987 - key_mgmt=WPA-EAP 49.988 - eap=PEAP 49.989 - identity="user@example.com" 49.990 - password="foobar" 49.991 - ca_cert="/etc/cert/ca.pem" 49.992 - phase1="peaplabel=1" 49.993 - phase2="auth=MSCHAPV2" 49.994 - priority=10 49.995 -} 49.996 - 49.997 -# EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the 49.998 -# unencrypted use. Real identity is sent only within an encrypted TLS tunnel. 49.999 -network={ 49.1000 - ssid="example" 49.1001 - key_mgmt=WPA-EAP 49.1002 - eap=TTLS 49.1003 - identity="user@example.com" 49.1004 - anonymous_identity="anonymous@example.com" 49.1005 - password="foobar" 49.1006 - ca_cert="/etc/cert/ca.pem" 49.1007 - priority=2 49.1008 -} 49.1009 - 49.1010 -# EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the unencrypted 49.1011 -# use. Real identity is sent only within an encrypted TLS tunnel. 49.1012 -network={ 49.1013 - ssid="example" 49.1014 - key_mgmt=WPA-EAP 49.1015 - eap=TTLS 49.1016 - identity="user@example.com" 49.1017 - anonymous_identity="anonymous@example.com" 49.1018 - password="foobar" 49.1019 - ca_cert="/etc/cert/ca.pem" 49.1020 - phase2="auth=MSCHAPV2" 49.1021 -} 49.1022 - 49.1023 -# WPA-EAP, EAP-TTLS with different CA certificate used for outer and inner 49.1024 -# authentication. 49.1025 -network={ 49.1026 - ssid="example" 49.1027 - key_mgmt=WPA-EAP 49.1028 - eap=TTLS 49.1029 - # Phase1 / outer authentication 49.1030 - anonymous_identity="anonymous@example.com" 49.1031 - ca_cert="/etc/cert/ca.pem" 49.1032 - # Phase 2 / inner authentication 49.1033 - phase2="autheap=TLS" 49.1034 - ca_cert2="/etc/cert/ca2.pem" 49.1035 - client_cert2="/etc/cer/user.pem" 49.1036 - private_key2="/etc/cer/user.prv" 49.1037 - private_key2_passwd="password" 49.1038 - priority=2 49.1039 -} 49.1040 - 49.1041 -# Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as pairwise and 49.1042 -# group cipher. 49.1043 -network={ 49.1044 - ssid="example" 49.1045 - bssid=00:11:22:33:44:55 49.1046 - proto=WPA RSN 49.1047 - key_mgmt=WPA-PSK WPA-EAP 49.1048 - pairwise=CCMP 49.1049 - group=CCMP 49.1050 - psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb 49.1051 -} 49.1052 - 49.1053 -# Special characters in SSID, so use hex string. Default to WPA-PSK, WPA-EAP 49.1054 -# and all valid ciphers. 49.1055 -network={ 49.1056 - ssid=00010203 49.1057 - psk=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f 49.1058 -} 49.1059 - 49.1060 - 49.1061 -# EAP-SIM with a GSM SIM or USIM 49.1062 -network={ 49.1063 - ssid="eap-sim-test" 49.1064 - key_mgmt=WPA-EAP 49.1065 - eap=SIM 49.1066 - pin="1234" 49.1067 - pcsc="" 49.1068 -} 49.1069 - 49.1070 - 49.1071 -# EAP-PSK 49.1072 -network={ 49.1073 - ssid="eap-psk-test" 49.1074 - key_mgmt=WPA-EAP 49.1075 - eap=PSK 49.1076 - anonymous_identity="eap_psk_user" 49.1077 - password=06b4be19da289f475aa46a33cb793029 49.1078 - identity="eap_psk_user@example.com" 49.1079 -} 49.1080 - 49.1081 - 49.1082 -# IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA) using 49.1083 -# EAP-TLS for authentication and key generation; require both unicast and 49.1084 -# broadcast WEP keys. 49.1085 -network={ 49.1086 - ssid="1x-test" 49.1087 - key_mgmt=IEEE8021X 49.1088 - eap=TLS 49.1089 - identity="user@example.com" 49.1090 - ca_cert="/etc/cert/ca.pem" 49.1091 - client_cert="/etc/cert/user.pem" 49.1092 - private_key="/etc/cert/user.prv" 49.1093 - private_key_passwd="password" 49.1094 - eapol_flags=3 49.1095 -} 49.1096 - 49.1097 - 49.1098 -# LEAP with dynamic WEP keys 49.1099 -network={ 49.1100 - ssid="leap-example" 49.1101 - key_mgmt=IEEE8021X 49.1102 - eap=LEAP 49.1103 - identity="user" 49.1104 - password="foobar" 49.1105 -} 49.1106 - 49.1107 -# EAP-IKEv2 using shared secrets for both server and peer authentication 49.1108 -network={ 49.1109 - ssid="ikev2-example" 49.1110 - key_mgmt=WPA-EAP 49.1111 - eap=IKEV2 49.1112 - identity="user" 49.1113 - password="foobar" 49.1114 -} 49.1115 - 49.1116 -# EAP-FAST with WPA (WPA or WPA2) 49.1117 -network={ 49.1118 - ssid="eap-fast-test" 49.1119 - key_mgmt=WPA-EAP 49.1120 - eap=FAST 49.1121 - anonymous_identity="FAST-000102030405" 49.1122 - identity="username" 49.1123 - password="password" 49.1124 - phase1="fast_provisioning=1" 49.1125 - pac_file="/etc/wpa_supplicant.eap-fast-pac" 49.1126 -} 49.1127 - 49.1128 -network={ 49.1129 - ssid="eap-fast-test" 49.1130 - key_mgmt=WPA-EAP 49.1131 - eap=FAST 49.1132 - anonymous_identity="FAST-000102030405" 49.1133 - identity="username" 49.1134 - password="password" 49.1135 - phase1="fast_provisioning=1" 49.1136 - pac_file="blob://eap-fast-pac" 49.1137 -} 49.1138 - 49.1139 -# Plaintext connection (no WPA, no IEEE 802.1X) 49.1140 -network={ 49.1141 - ssid="plaintext-test" 49.1142 - key_mgmt=NONE 49.1143 -} 49.1144 - 49.1145 - 49.1146 -# Shared WEP key connection (no WPA, no IEEE 802.1X) 49.1147 -network={ 49.1148 - ssid="static-wep-test" 49.1149 - key_mgmt=NONE 49.1150 - wep_key0="abcde" 49.1151 - wep_key1=0102030405 49.1152 - wep_key2="1234567890123" 49.1153 - wep_tx_keyidx=0 49.1154 - priority=5 49.1155 -} 49.1156 - 49.1157 - 49.1158 -# Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key 49.1159 -# IEEE 802.11 authentication 49.1160 -network={ 49.1161 - ssid="static-wep-test2" 49.1162 - key_mgmt=NONE 49.1163 - wep_key0="abcde" 49.1164 - wep_key1=0102030405 49.1165 - wep_key2="1234567890123" 49.1166 - wep_tx_keyidx=0 49.1167 - priority=5 49.1168 - auth_alg=SHARED 49.1169 -} 49.1170 - 49.1171 - 49.1172 -# IBSS/ad-hoc network with RSN 49.1173 -network={ 49.1174 - ssid="ibss-rsn" 49.1175 - key_mgmt=WPA-PSK 49.1176 - proto=RSN 49.1177 - psk="12345678" 49.1178 - mode=1 49.1179 - frequency=2412 49.1180 - pairwise=CCMP 49.1181 - group=CCMP 49.1182 -} 49.1183 - 49.1184 -# IBSS/ad-hoc network with WPA-None/TKIP (deprecated) 49.1185 -network={ 49.1186 - ssid="test adhoc" 49.1187 - mode=1 49.1188 - frequency=2412 49.1189 - proto=WPA 49.1190 - key_mgmt=WPA-NONE 49.1191 - pairwise=NONE 49.1192 - group=TKIP 49.1193 - psk="secret passphrase" 49.1194 -} 49.1195 - 49.1196 - 49.1197 -# Catch all example that allows more or less all configuration modes 49.1198 -network={ 49.1199 - ssid="example" 49.1200 - scan_ssid=1 49.1201 - key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE 49.1202 - pairwise=CCMP TKIP 49.1203 - group=CCMP TKIP WEP104 WEP40 49.1204 - psk="very secret passphrase" 49.1205 - eap=TTLS PEAP TLS 49.1206 - identity="user@example.com" 49.1207 - password="foobar" 49.1208 - ca_cert="/etc/cert/ca.pem" 49.1209 - client_cert="/etc/cert/user.pem" 49.1210 - private_key="/etc/cert/user.prv" 49.1211 - private_key_passwd="password" 49.1212 - phase1="peaplabel=0" 49.1213 -} 49.1214 - 49.1215 -# Example of EAP-TLS with smartcard (openssl engine) 49.1216 -network={ 49.1217 - ssid="example" 49.1218 - key_mgmt=WPA-EAP 49.1219 - eap=TLS 49.1220 - proto=RSN 49.1221 - pairwise=CCMP TKIP 49.1222 - group=CCMP TKIP 49.1223 - identity="user@example.com" 49.1224 - ca_cert="/etc/cert/ca.pem" 49.1225 - client_cert="/etc/cert/user.pem" 49.1226 - 49.1227 - engine=1 49.1228 - 49.1229 - # The engine configured here must be available. Look at 49.1230 - # OpenSSL engine support in the global section. 49.1231 - # The key available through the engine must be the private key 49.1232 - # matching the client certificate configured above. 49.1233 - 49.1234 - # use the opensc engine 49.1235 - #engine_id="opensc" 49.1236 - #key_id="45" 49.1237 - 49.1238 - # use the pkcs11 engine 49.1239 - engine_id="pkcs11" 49.1240 - key_id="id_45" 49.1241 - 49.1242 - # Optional PIN configuration; this can be left out and PIN will be 49.1243 - # asked through the control interface 49.1244 - pin="1234" 49.1245 -} 49.1246 - 49.1247 -# Example configuration showing how to use an inlined blob as a CA certificate 49.1248 -# data instead of using external file 49.1249 -network={ 49.1250 - ssid="example" 49.1251 - key_mgmt=WPA-EAP 49.1252 - eap=TTLS 49.1253 - identity="user@example.com" 49.1254 - anonymous_identity="anonymous@example.com" 49.1255 - password="foobar" 49.1256 - ca_cert="blob://exampleblob" 49.1257 - priority=20 49.1258 -} 49.1259 - 49.1260 -blob-base64-exampleblob={ 49.1261 -SGVsbG8gV29ybGQhCg== 49.1262 -} 49.1263 - 49.1264 - 49.1265 -# Wildcard match for SSID (plaintext APs only). This example select any 49.1266 -# open AP regardless of its SSID. 49.1267 -network={ 49.1268 - key_mgmt=NONE 49.1269 -} 49.1270 - 49.1271 - 49.1272 -# Example config file that will only scan on channel 36. 49.1273 -freq_list=5180 49.1274 -network={ 49.1275 - key_mgmt=NONE 49.1276 -}
50.1 --- a/wpa_supplicant/stuff/patches/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch Tue Dec 25 14:44:32 2018 +0200 50.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 50.3 @@ -1,174 +0,0 @@ 50.4 -From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 50.5 -From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> 50.6 -Date: Fri, 14 Jul 2017 15:15:35 +0200 50.7 -Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake 50.8 - 50.9 -Do not reinstall TK to the driver during Reassociation Response frame 50.10 -processing if the first attempt of setting the TK succeeded. This avoids 50.11 -issues related to clearing the TX/RX PN that could result in reusing 50.12 -same PN values for transmitted frames (e.g., due to CCM nonce reuse and 50.13 -also hitting replay protection on the receiver) and accepting replayed 50.14 -frames on RX side. 50.15 - 50.16 -This issue was introduced by the commit 50.17 -0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in 50.18 -authenticator') which allowed wpa_ft_install_ptk() to be called multiple 50.19 -times with the same PTK. While the second configuration attempt is 50.20 -needed with some drivers, it must be done only if the first attempt 50.21 -failed. 50.22 - 50.23 -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> 50.24 ---- 50.25 - src/ap/ieee802_11.c | 16 +++++++++++++--- 50.26 - src/ap/wpa_auth.c | 11 +++++++++++ 50.27 - src/ap/wpa_auth.h | 3 ++- 50.28 - src/ap/wpa_auth_ft.c | 10 ++++++++++ 50.29 - src/ap/wpa_auth_i.h | 1 + 50.30 - 5 files changed, 37 insertions(+), 4 deletions(-) 50.31 - 50.32 -diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c 50.33 -index 4e04169..333035f 100644 50.34 ---- a/src/ap/ieee802_11.c 50.35 -+++ b/src/ap/ieee802_11.c 50.36 -@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, 50.37 - { 50.38 - struct ieee80211_ht_capabilities ht_cap; 50.39 - struct ieee80211_vht_capabilities vht_cap; 50.40 -+ int set = 1; 50.41 - 50.42 - /* 50.43 - * Remove the STA entry to ensure the STA PS state gets cleared and 50.44 -@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, 50.45 - * FT-over-the-DS, where a station re-associates back to the same AP but 50.46 - * skips the authentication flow, or if working with a driver that 50.47 - * does not support full AP client state. 50.48 -+ * 50.49 -+ * Skip this if the STA has already completed FT reassociation and the 50.50 -+ * TK has been configured since the TX/RX PN must not be reset to 0 for 50.51 -+ * the same key. 50.52 - */ 50.53 -- if (!sta->added_unassoc) 50.54 -+ if (!sta->added_unassoc && 50.55 -+ (!(sta->flags & WLAN_STA_AUTHORIZED) || 50.56 -+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { 50.57 - hostapd_drv_sta_remove(hapd, sta->addr); 50.58 -+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); 50.59 -+ set = 0; 50.60 -+ } 50.61 - 50.62 - #ifdef CONFIG_IEEE80211N 50.63 - if (sta->flags & WLAN_STA_HT) 50.64 -@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, 50.65 - sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, 50.66 - sta->flags | WLAN_STA_ASSOC, sta->qosinfo, 50.67 - sta->vht_opmode, sta->p2p_ie ? 1 : 0, 50.68 -- sta->added_unassoc)) { 50.69 -+ set)) { 50.70 - hostapd_logger(hapd, sta->addr, 50.71 - HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, 50.72 - "Could not %s STA to kernel driver", 50.73 -- sta->added_unassoc ? "set" : "add"); 50.74 -+ set ? "set" : "add"); 50.75 - 50.76 - if (sta->added_unassoc) { 50.77 - hostapd_drv_sta_remove(hapd, sta->addr); 50.78 -diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c 50.79 -index 3587086..707971d 100644 50.80 ---- a/src/ap/wpa_auth.c 50.81 -+++ b/src/ap/wpa_auth.c 50.82 -@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) 50.83 - #else /* CONFIG_IEEE80211R */ 50.84 - break; 50.85 - #endif /* CONFIG_IEEE80211R */ 50.86 -+ case WPA_DRV_STA_REMOVED: 50.87 -+ sm->tk_already_set = FALSE; 50.88 -+ return 0; 50.89 - } 50.90 - 50.91 - #ifdef CONFIG_IEEE80211R 50.92 -@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) 50.93 - } 50.94 - 50.95 - 50.96 -+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm) 50.97 -+{ 50.98 -+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt)) 50.99 -+ return 0; 50.100 -+ return sm->tk_already_set; 50.101 -+} 50.102 -+ 50.103 -+ 50.104 - int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, 50.105 - struct rsn_pmksa_cache_entry *entry) 50.106 - { 50.107 -diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h 50.108 -index 0de8d97..97461b0 100644 50.109 ---- a/src/ap/wpa_auth.h 50.110 -+++ b/src/ap/wpa_auth.h 50.111 -@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, 50.112 - u8 *data, size_t data_len); 50.113 - enum wpa_event { 50.114 - WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, 50.115 -- WPA_REAUTH_EAPOL, WPA_ASSOC_FT 50.116 -+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED 50.117 - }; 50.118 - void wpa_remove_ptk(struct wpa_state_machine *sm); 50.119 - int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event); 50.120 -@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm); 50.121 - int wpa_auth_get_pairwise(struct wpa_state_machine *sm); 50.122 - int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); 50.123 - int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); 50.124 -+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); 50.125 - int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, 50.126 - struct rsn_pmksa_cache_entry *entry); 50.127 - struct rsn_pmksa_cache_entry * 50.128 -diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c 50.129 -index 42242a5..e63b99a 100644 50.130 ---- a/src/ap/wpa_auth_ft.c 50.131 -+++ b/src/ap/wpa_auth_ft.c 50.132 -@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) 50.133 - return; 50.134 - } 50.135 - 50.136 -+ if (sm->tk_already_set) { 50.137 -+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX 50.138 -+ * PN in the driver */ 50.139 -+ wpa_printf(MSG_DEBUG, 50.140 -+ "FT: Do not re-install same PTK to the driver"); 50.141 -+ return; 50.142 -+ } 50.143 -+ 50.144 - /* FIX: add STA entry to kernel/driver here? The set_key will fail 50.145 - * most likely without this.. At the moment, STA entry is added only 50.146 - * after association has been completed. This function will be called 50.147 -@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) 50.148 - 50.149 - /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ 50.150 - sm->pairwise_set = TRUE; 50.151 -+ sm->tk_already_set = TRUE; 50.152 - } 50.153 - 50.154 - 50.155 -@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, 50.156 - 50.157 - sm->pairwise = pairwise; 50.158 - sm->PTK_valid = TRUE; 50.159 -+ sm->tk_already_set = FALSE; 50.160 - wpa_ft_install_ptk(sm); 50.161 - 50.162 - buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + 50.163 -diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h 50.164 -index 72b7eb3..7fd8f05 100644 50.165 ---- a/src/ap/wpa_auth_i.h 50.166 -+++ b/src/ap/wpa_auth_i.h 50.167 -@@ -65,6 +65,7 @@ struct wpa_state_machine { 50.168 - struct wpa_ptk PTK; 50.169 - Boolean PTK_valid; 50.170 - Boolean pairwise_set; 50.171 -+ Boolean tk_already_set; 50.172 - int keycount; 50.173 - Boolean Pair; 50.174 - struct wpa_key_replay_counter { 50.175 --- 50.176 -2.7.4 50.177 -
51.1 --- a/wpa_supplicant/stuff/patches/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch Tue Dec 25 14:44:32 2018 +0200 51.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 51.3 @@ -1,250 +0,0 @@ 51.4 -From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001 51.5 -From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> 51.6 -Date: Wed, 12 Jul 2017 16:03:24 +0200 51.7 -Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key 51.8 - 51.9 -Track the current GTK and IGTK that is in use and when receiving a 51.10 -(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do 51.11 -not install the given key if it is already in use. This prevents an 51.12 -attacker from trying to trick the client into resetting or lowering the 51.13 -sequence counter associated to the group key. 51.14 - 51.15 -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> 51.16 ---- 51.17 - src/common/wpa_common.h | 11 +++++ 51.18 - src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------ 51.19 - src/rsn_supp/wpa_i.h | 4 ++ 51.20 - 3 files changed, 87 insertions(+), 44 deletions(-) 51.21 - 51.22 -diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h 51.23 -index af1d0f0..d200285 100644 51.24 ---- a/src/common/wpa_common.h 51.25 -+++ b/src/common/wpa_common.h 51.26 -@@ -217,6 +217,17 @@ struct wpa_ptk { 51.27 - size_t tk_len; 51.28 - }; 51.29 - 51.30 -+struct wpa_gtk { 51.31 -+ u8 gtk[WPA_GTK_MAX_LEN]; 51.32 -+ size_t gtk_len; 51.33 -+}; 51.34 -+ 51.35 -+#ifdef CONFIG_IEEE80211W 51.36 -+struct wpa_igtk { 51.37 -+ u8 igtk[WPA_IGTK_MAX_LEN]; 51.38 -+ size_t igtk_len; 51.39 -+}; 51.40 -+#endif /* CONFIG_IEEE80211W */ 51.41 - 51.42 - /* WPA IE version 1 51.43 - * 00-50-f2:1 (OUI:OUI type) 51.44 -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c 51.45 -index 3c47879..95bd7be 100644 51.46 ---- a/src/rsn_supp/wpa.c 51.47 -+++ b/src/rsn_supp/wpa.c 51.48 -@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, 51.49 - const u8 *_gtk = gd->gtk; 51.50 - u8 gtk_buf[32]; 51.51 - 51.52 -+ /* Detect possible key reinstallation */ 51.53 -+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len && 51.54 -+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { 51.55 -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 51.56 -+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", 51.57 -+ gd->keyidx, gd->tx, gd->gtk_len); 51.58 -+ return 0; 51.59 -+ } 51.60 -+ 51.61 - wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); 51.62 - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 51.63 - "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", 51.64 -@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, 51.65 - } 51.66 - os_memset(gtk_buf, 0, sizeof(gtk_buf)); 51.67 - 51.68 -+ sm->gtk.gtk_len = gd->gtk_len; 51.69 -+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); 51.70 -+ 51.71 - return 0; 51.72 - } 51.73 - 51.74 -@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, 51.75 - } 51.76 - 51.77 - 51.78 -+#ifdef CONFIG_IEEE80211W 51.79 -+static int wpa_supplicant_install_igtk(struct wpa_sm *sm, 51.80 -+ const struct wpa_igtk_kde *igtk) 51.81 -+{ 51.82 -+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); 51.83 -+ u16 keyidx = WPA_GET_LE16(igtk->keyid); 51.84 -+ 51.85 -+ /* Detect possible key reinstallation */ 51.86 -+ if (sm->igtk.igtk_len == len && 51.87 -+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { 51.88 -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 51.89 -+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", 51.90 -+ keyidx); 51.91 -+ return 0; 51.92 -+ } 51.93 -+ 51.94 -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 51.95 -+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", 51.96 -+ keyidx, MAC2STR(igtk->pn)); 51.97 -+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); 51.98 -+ if (keyidx > 4095) { 51.99 -+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 51.100 -+ "WPA: Invalid IGTK KeyID %d", keyidx); 51.101 -+ return -1; 51.102 -+ } 51.103 -+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), 51.104 -+ broadcast_ether_addr, 51.105 -+ keyidx, 0, igtk->pn, sizeof(igtk->pn), 51.106 -+ igtk->igtk, len) < 0) { 51.107 -+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 51.108 -+ "WPA: Failed to configure IGTK to the driver"); 51.109 -+ return -1; 51.110 -+ } 51.111 -+ 51.112 -+ sm->igtk.igtk_len = len; 51.113 -+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); 51.114 -+ 51.115 -+ return 0; 51.116 -+} 51.117 -+#endif /* CONFIG_IEEE80211W */ 51.118 -+ 51.119 -+ 51.120 - static int ieee80211w_set_keys(struct wpa_sm *sm, 51.121 - struct wpa_eapol_ie_parse *ie) 51.122 - { 51.123 -@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, 51.124 - if (ie->igtk) { 51.125 - size_t len; 51.126 - const struct wpa_igtk_kde *igtk; 51.127 -- u16 keyidx; 51.128 -+ 51.129 - len = wpa_cipher_key_len(sm->mgmt_group_cipher); 51.130 - if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) 51.131 - return -1; 51.132 -+ 51.133 - igtk = (const struct wpa_igtk_kde *) ie->igtk; 51.134 -- keyidx = WPA_GET_LE16(igtk->keyid); 51.135 -- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " 51.136 -- "pn %02x%02x%02x%02x%02x%02x", 51.137 -- keyidx, MAC2STR(igtk->pn)); 51.138 -- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", 51.139 -- igtk->igtk, len); 51.140 -- if (keyidx > 4095) { 51.141 -- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 51.142 -- "WPA: Invalid IGTK KeyID %d", keyidx); 51.143 -- return -1; 51.144 -- } 51.145 -- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), 51.146 -- broadcast_ether_addr, 51.147 -- keyidx, 0, igtk->pn, sizeof(igtk->pn), 51.148 -- igtk->igtk, len) < 0) { 51.149 -- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, 51.150 -- "WPA: Failed to configure IGTK to the driver"); 51.151 -+ if (wpa_supplicant_install_igtk(sm, igtk) < 0) 51.152 - return -1; 51.153 -- } 51.154 - } 51.155 - 51.156 - return 0; 51.157 -@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm) 51.158 - */ 51.159 - void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) 51.160 - { 51.161 -- int clear_ptk = 1; 51.162 -+ int clear_keys = 1; 51.163 - 51.164 - if (sm == NULL) 51.165 - return; 51.166 -@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) 51.167 - /* Prepare for the next transition */ 51.168 - wpa_ft_prepare_auth_request(sm, NULL); 51.169 - 51.170 -- clear_ptk = 0; 51.171 -+ clear_keys = 0; 51.172 - } 51.173 - #endif /* CONFIG_IEEE80211R */ 51.174 - 51.175 -- if (clear_ptk) { 51.176 -+ if (clear_keys) { 51.177 - /* 51.178 - * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if 51.179 - * this is not part of a Fast BSS Transition. 51.180 -@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) 51.181 - os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 51.182 - sm->tptk_set = 0; 51.183 - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 51.184 -+ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); 51.185 -+#ifdef CONFIG_IEEE80211W 51.186 -+ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); 51.187 -+#endif /* CONFIG_IEEE80211W */ 51.188 - } 51.189 - 51.190 - #ifdef CONFIG_TDLS 51.191 -@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) 51.192 - os_memset(sm->pmk, 0, sizeof(sm->pmk)); 51.193 - os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 51.194 - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 51.195 -+ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); 51.196 -+#ifdef CONFIG_IEEE80211W 51.197 -+ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); 51.198 -+#endif /* CONFIG_IEEE80211W */ 51.199 - #ifdef CONFIG_IEEE80211R 51.200 - os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); 51.201 - os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); 51.202 -@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) 51.203 - os_memset(&gd, 0, sizeof(gd)); 51.204 - #ifdef CONFIG_IEEE80211W 51.205 - } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { 51.206 -- struct wpa_igtk_kde igd; 51.207 -- u16 keyidx; 51.208 -- 51.209 -- os_memset(&igd, 0, sizeof(igd)); 51.210 -- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); 51.211 -- os_memcpy(igd.keyid, buf + 2, 2); 51.212 -- os_memcpy(igd.pn, buf + 4, 6); 51.213 -- 51.214 -- keyidx = WPA_GET_LE16(igd.keyid); 51.215 -- os_memcpy(igd.igtk, buf + 10, keylen); 51.216 -- 51.217 -- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", 51.218 -- igd.igtk, keylen); 51.219 -- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), 51.220 -- broadcast_ether_addr, 51.221 -- keyidx, 0, igd.pn, sizeof(igd.pn), 51.222 -- igd.igtk, keylen) < 0) { 51.223 -- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " 51.224 -- "WNM mode"); 51.225 -- os_memset(&igd, 0, sizeof(igd)); 51.226 -+ const struct wpa_igtk_kde *igtk; 51.227 -+ 51.228 -+ igtk = (const struct wpa_igtk_kde *) (buf + 2); 51.229 -+ if (wpa_supplicant_install_igtk(sm, igtk) < 0) 51.230 - return -1; 51.231 -- } 51.232 -- os_memset(&igd, 0, sizeof(igd)); 51.233 - #endif /* CONFIG_IEEE80211W */ 51.234 - } else { 51.235 - wpa_printf(MSG_DEBUG, "Unknown element id"); 51.236 -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h 51.237 -index f653ba6..afc9e37 100644 51.238 ---- a/src/rsn_supp/wpa_i.h 51.239 -+++ b/src/rsn_supp/wpa_i.h 51.240 -@@ -31,6 +31,10 @@ struct wpa_sm { 51.241 - u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; 51.242 - int rx_replay_counter_set; 51.243 - u8 request_counter[WPA_REPLAY_COUNTER_LEN]; 51.244 -+ struct wpa_gtk gtk; 51.245 -+#ifdef CONFIG_IEEE80211W 51.246 -+ struct wpa_igtk igtk; 51.247 -+#endif /* CONFIG_IEEE80211W */ 51.248 - 51.249 - struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ 51.250 - 51.251 --- 51.252 -2.7.4 51.253 -
52.1 --- a/wpa_supplicant/stuff/patches/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch Tue Dec 25 14:44:32 2018 +0200 52.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 52.3 @@ -1,184 +0,0 @@ 52.4 -From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001 52.5 -From: Jouni Malinen <j@w1.fi> 52.6 -Date: Sun, 1 Oct 2017 12:12:24 +0300 52.7 -Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep 52.8 - Mode cases 52.9 - 52.10 -This extends the protection to track last configured GTK/IGTK value 52.11 -separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a 52.12 -corner case where these two different mechanisms may get used when the 52.13 -GTK/IGTK has changed and tracking a single value is not sufficient to 52.14 -detect a possible key reconfiguration. 52.15 - 52.16 -Signed-off-by: Jouni Malinen <j@w1.fi> 52.17 ---- 52.18 - src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++--------------- 52.19 - src/rsn_supp/wpa_i.h | 2 ++ 52.20 - 2 files changed, 40 insertions(+), 15 deletions(-) 52.21 - 52.22 -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c 52.23 -index 95bd7be..7a2c68d 100644 52.24 ---- a/src/rsn_supp/wpa.c 52.25 -+++ b/src/rsn_supp/wpa.c 52.26 -@@ -709,14 +709,17 @@ struct wpa_gtk_data { 52.27 - 52.28 - static int wpa_supplicant_install_gtk(struct wpa_sm *sm, 52.29 - const struct wpa_gtk_data *gd, 52.30 -- const u8 *key_rsc) 52.31 -+ const u8 *key_rsc, int wnm_sleep) 52.32 - { 52.33 - const u8 *_gtk = gd->gtk; 52.34 - u8 gtk_buf[32]; 52.35 - 52.36 - /* Detect possible key reinstallation */ 52.37 -- if (sm->gtk.gtk_len == (size_t) gd->gtk_len && 52.38 -- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { 52.39 -+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && 52.40 -+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || 52.41 -+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && 52.42 -+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, 52.43 -+ sm->gtk_wnm_sleep.gtk_len) == 0)) { 52.44 - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 52.45 - "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", 52.46 - gd->keyidx, gd->tx, gd->gtk_len); 52.47 -@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, 52.48 - } 52.49 - os_memset(gtk_buf, 0, sizeof(gtk_buf)); 52.50 - 52.51 -- sm->gtk.gtk_len = gd->gtk_len; 52.52 -- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); 52.53 -+ if (wnm_sleep) { 52.54 -+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; 52.55 -+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, 52.56 -+ sm->gtk_wnm_sleep.gtk_len); 52.57 -+ } else { 52.58 -+ sm->gtk.gtk_len = gd->gtk_len; 52.59 -+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); 52.60 -+ } 52.61 - 52.62 - return 0; 52.63 - } 52.64 -@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, 52.65 - (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, 52.66 - gtk_len, gtk_len, 52.67 - &gd.key_rsc_len, &gd.alg) || 52.68 -- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) { 52.69 -+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) { 52.70 - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 52.71 - "RSN: Failed to install GTK"); 52.72 - os_memset(&gd, 0, sizeof(gd)); 52.73 -@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, 52.74 - 52.75 - #ifdef CONFIG_IEEE80211W 52.76 - static int wpa_supplicant_install_igtk(struct wpa_sm *sm, 52.77 -- const struct wpa_igtk_kde *igtk) 52.78 -+ const struct wpa_igtk_kde *igtk, 52.79 -+ int wnm_sleep) 52.80 - { 52.81 - size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); 52.82 - u16 keyidx = WPA_GET_LE16(igtk->keyid); 52.83 - 52.84 - /* Detect possible key reinstallation */ 52.85 -- if (sm->igtk.igtk_len == len && 52.86 -- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { 52.87 -+ if ((sm->igtk.igtk_len == len && 52.88 -+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || 52.89 -+ (sm->igtk_wnm_sleep.igtk_len == len && 52.90 -+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, 52.91 -+ sm->igtk_wnm_sleep.igtk_len) == 0)) { 52.92 - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 52.93 - "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", 52.94 - keyidx); 52.95 -@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm, 52.96 - return -1; 52.97 - } 52.98 - 52.99 -- sm->igtk.igtk_len = len; 52.100 -- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); 52.101 -+ if (wnm_sleep) { 52.102 -+ sm->igtk_wnm_sleep.igtk_len = len; 52.103 -+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, 52.104 -+ sm->igtk_wnm_sleep.igtk_len); 52.105 -+ } else { 52.106 -+ sm->igtk.igtk_len = len; 52.107 -+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); 52.108 -+ } 52.109 - 52.110 - return 0; 52.111 - } 52.112 -@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, 52.113 - return -1; 52.114 - 52.115 - igtk = (const struct wpa_igtk_kde *) ie->igtk; 52.116 -- if (wpa_supplicant_install_igtk(sm, igtk) < 0) 52.117 -+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) 52.118 - return -1; 52.119 - } 52.120 - 52.121 -@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, 52.122 - if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) 52.123 - key_rsc = null_rsc; 52.124 - 52.125 -- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) || 52.126 -+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || 52.127 - wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) 52.128 - goto failed; 52.129 - os_memset(&gd, 0, sizeof(gd)); 52.130 -@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) 52.131 - sm->tptk_set = 0; 52.132 - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 52.133 - os_memset(&sm->gtk, 0, sizeof(sm->gtk)); 52.134 -+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); 52.135 - #ifdef CONFIG_IEEE80211W 52.136 - os_memset(&sm->igtk, 0, sizeof(sm->igtk)); 52.137 -+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); 52.138 - #endif /* CONFIG_IEEE80211W */ 52.139 - } 52.140 - 52.141 -@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) 52.142 - os_memset(&sm->ptk, 0, sizeof(sm->ptk)); 52.143 - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); 52.144 - os_memset(&sm->gtk, 0, sizeof(sm->gtk)); 52.145 -+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); 52.146 - #ifdef CONFIG_IEEE80211W 52.147 - os_memset(&sm->igtk, 0, sizeof(sm->igtk)); 52.148 -+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); 52.149 - #endif /* CONFIG_IEEE80211W */ 52.150 - #ifdef CONFIG_IEEE80211R 52.151 - os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); 52.152 -@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) 52.153 - 52.154 - wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", 52.155 - gd.gtk, gd.gtk_len); 52.156 -- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { 52.157 -+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { 52.158 - os_memset(&gd, 0, sizeof(gd)); 52.159 - wpa_printf(MSG_DEBUG, "Failed to install the GTK in " 52.160 - "WNM mode"); 52.161 -@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) 52.162 - const struct wpa_igtk_kde *igtk; 52.163 - 52.164 - igtk = (const struct wpa_igtk_kde *) (buf + 2); 52.165 -- if (wpa_supplicant_install_igtk(sm, igtk) < 0) 52.166 -+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) 52.167 - return -1; 52.168 - #endif /* CONFIG_IEEE80211W */ 52.169 - } else { 52.170 -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h 52.171 -index afc9e37..9a54631 100644 52.172 ---- a/src/rsn_supp/wpa_i.h 52.173 -+++ b/src/rsn_supp/wpa_i.h 52.174 -@@ -32,8 +32,10 @@ struct wpa_sm { 52.175 - int rx_replay_counter_set; 52.176 - u8 request_counter[WPA_REPLAY_COUNTER_LEN]; 52.177 - struct wpa_gtk gtk; 52.178 -+ struct wpa_gtk gtk_wnm_sleep; 52.179 - #ifdef CONFIG_IEEE80211W 52.180 - struct wpa_igtk igtk; 52.181 -+ struct wpa_igtk igtk_wnm_sleep; 52.182 - #endif /* CONFIG_IEEE80211W */ 52.183 - 52.184 - struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ 52.185 --- 52.186 -2.7.4 52.187 -
53.1 --- a/wpa_supplicant/stuff/patches/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch Tue Dec 25 14:44:32 2018 +0200 53.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 53.3 @@ -1,79 +0,0 @@ 53.4 -From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001 53.5 -From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> 53.6 -Date: Fri, 29 Sep 2017 04:22:51 +0200 53.7 -Subject: [PATCH 4/8] Prevent installation of an all-zero TK 53.8 - 53.9 -Properly track whether a PTK has already been installed to the driver 53.10 -and the TK part cleared from memory. This prevents an attacker from 53.11 -trying to trick the client into installing an all-zero TK. 53.12 - 53.13 -This fixes the earlier fix in commit 53.14 -ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the 53.15 -driver in EAPOL-Key 3/4 retry case') which did not take into account 53.16 -possibility of an extra message 1/4 showing up between retries of 53.17 -message 3/4. 53.18 - 53.19 -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> 53.20 ---- 53.21 - src/common/wpa_common.h | 1 + 53.22 - src/rsn_supp/wpa.c | 5 ++--- 53.23 - src/rsn_supp/wpa_i.h | 1 - 53.24 - 3 files changed, 3 insertions(+), 4 deletions(-) 53.25 - 53.26 -diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h 53.27 -index d200285..1021ccb 100644 53.28 ---- a/src/common/wpa_common.h 53.29 -+++ b/src/common/wpa_common.h 53.30 -@@ -215,6 +215,7 @@ struct wpa_ptk { 53.31 - size_t kck_len; 53.32 - size_t kek_len; 53.33 - size_t tk_len; 53.34 -+ int installed; /* 1 if key has already been installed to driver */ 53.35 - }; 53.36 - 53.37 - struct wpa_gtk { 53.38 -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c 53.39 -index 7a2c68d..0550a41 100644 53.40 ---- a/src/rsn_supp/wpa.c 53.41 -+++ b/src/rsn_supp/wpa.c 53.42 -@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, 53.43 - os_memset(buf, 0, sizeof(buf)); 53.44 - } 53.45 - sm->tptk_set = 1; 53.46 -- sm->tk_to_set = 1; 53.47 - 53.48 - kde = sm->assoc_wpa_ie; 53.49 - kde_len = sm->assoc_wpa_ie_len; 53.50 -@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, 53.51 - enum wpa_alg alg; 53.52 - const u8 *key_rsc; 53.53 - 53.54 -- if (!sm->tk_to_set) { 53.55 -+ if (sm->ptk.installed) { 53.56 - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, 53.57 - "WPA: Do not re-install same PTK to the driver"); 53.58 - return 0; 53.59 -@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, 53.60 - 53.61 - /* TK is not needed anymore in supplicant */ 53.62 - os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); 53.63 -- sm->tk_to_set = 0; 53.64 -+ sm->ptk.installed = 1; 53.65 - 53.66 - if (sm->wpa_ptk_rekey) { 53.67 - eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); 53.68 -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h 53.69 -index 9a54631..41f371f 100644 53.70 ---- a/src/rsn_supp/wpa_i.h 53.71 -+++ b/src/rsn_supp/wpa_i.h 53.72 -@@ -24,7 +24,6 @@ struct wpa_sm { 53.73 - struct wpa_ptk ptk, tptk; 53.74 - int ptk_set, tptk_set; 53.75 - unsigned int msg_3_of_4_ok:1; 53.76 -- unsigned int tk_to_set:1; 53.77 - u8 snonce[WPA_NONCE_LEN]; 53.78 - u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ 53.79 - int renew_snonce; 53.80 --- 53.81 -2.7.4 53.82 -
54.1 --- a/wpa_supplicant/stuff/patches/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch Tue Dec 25 14:44:32 2018 +0200 54.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 54.3 @@ -1,64 +0,0 @@ 54.4 -From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001 54.5 -From: Jouni Malinen <j@w1.fi> 54.6 -Date: Sun, 1 Oct 2017 12:32:57 +0300 54.7 -Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce 54.8 - 54.9 -The Authenticator state machine path for PTK rekeying ended up bypassing 54.10 -the AUTHENTICATION2 state where a new ANonce is generated when going 54.11 -directly to the PTKSTART state since there is no need to try to 54.12 -determine the PMK again in such a case. This is far from ideal since the 54.13 -new PTK would depend on a new nonce only from the supplicant. 54.14 - 54.15 -Fix this by generating a new ANonce when moving to the PTKSTART state 54.16 -for the purpose of starting new 4-way handshake to rekey PTK. 54.17 - 54.18 -Signed-off-by: Jouni Malinen <j@w1.fi> 54.19 ---- 54.20 - src/ap/wpa_auth.c | 24 +++++++++++++++++++++--- 54.21 - 1 file changed, 21 insertions(+), 3 deletions(-) 54.22 - 54.23 -diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c 54.24 -index 707971d..bf10cc1 100644 54.25 ---- a/src/ap/wpa_auth.c 54.26 -+++ b/src/ap/wpa_auth.c 54.27 -@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) 54.28 - } 54.29 - 54.30 - 54.31 -+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) 54.32 -+{ 54.33 -+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { 54.34 -+ wpa_printf(MSG_ERROR, 54.35 -+ "WPA: Failed to get random data for ANonce"); 54.36 -+ sm->Disconnect = TRUE; 54.37 -+ return -1; 54.38 -+ } 54.39 -+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, 54.40 -+ WPA_NONCE_LEN); 54.41 -+ sm->TimeoutCtr = 0; 54.42 -+ return 0; 54.43 -+} 54.44 -+ 54.45 -+ 54.46 - SM_STATE(WPA_PTK, INITPMK) 54.47 - { 54.48 - u8 msk[2 * PMK_LEN]; 54.49 -@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK) 54.50 - SM_ENTER(WPA_PTK, AUTHENTICATION); 54.51 - else if (sm->ReAuthenticationRequest) 54.52 - SM_ENTER(WPA_PTK, AUTHENTICATION2); 54.53 -- else if (sm->PTKRequest) 54.54 -- SM_ENTER(WPA_PTK, PTKSTART); 54.55 -- else switch (sm->wpa_ptk_state) { 54.56 -+ else if (sm->PTKRequest) { 54.57 -+ if (wpa_auth_sm_ptk_update(sm) < 0) 54.58 -+ SM_ENTER(WPA_PTK, DISCONNECTED); 54.59 -+ else 54.60 -+ SM_ENTER(WPA_PTK, PTKSTART); 54.61 -+ } else switch (sm->wpa_ptk_state) { 54.62 - case WPA_PTK_INITIALIZE: 54.63 - break; 54.64 - case WPA_PTK_DISCONNECT: 54.65 --- 54.66 -2.7.4 54.67 -
55.1 --- a/wpa_supplicant/stuff/patches/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch Tue Dec 25 14:44:32 2018 +0200 55.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 55.3 @@ -1,132 +0,0 @@ 55.4 -From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001 55.5 -From: Jouni Malinen <j@w1.fi> 55.6 -Date: Fri, 22 Sep 2017 11:03:15 +0300 55.7 -Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration 55.8 - 55.9 -Do not try to reconfigure the same TPK-TK to the driver after it has 55.10 -been successfully configured. This is an explicit check to avoid issues 55.11 -related to resetting the TX/RX packet number. There was already a check 55.12 -for this for TPK M2 (retries of that message are ignored completely), so 55.13 -that behavior does not get modified. 55.14 - 55.15 -For TPK M3, the TPK-TK could have been reconfigured, but that was 55.16 -followed by immediate teardown of the link due to an issue in updating 55.17 -the STA entry. Furthermore, for TDLS with any real security (i.e., 55.18 -ignoring open/WEP), the TPK message exchange is protected on the AP path 55.19 -and simple replay attacks are not feasible. 55.20 - 55.21 -As an additional corner case, make sure the local nonce gets updated if 55.22 -the peer uses a very unlikely "random nonce" of all zeros. 55.23 - 55.24 -Signed-off-by: Jouni Malinen <j@w1.fi> 55.25 ---- 55.26 - src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++-- 55.27 - 1 file changed, 36 insertions(+), 2 deletions(-) 55.28 - 55.29 -diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c 55.30 -index e424168..9eb9738 100644 55.31 ---- a/src/rsn_supp/tdls.c 55.32 -+++ b/src/rsn_supp/tdls.c 55.33 -@@ -112,6 +112,7 @@ struct wpa_tdls_peer { 55.34 - u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */ 55.35 - } tpk; 55.36 - int tpk_set; 55.37 -+ int tk_set; /* TPK-TK configured to the driver */ 55.38 - int tpk_success; 55.39 - int tpk_in_progress; 55.40 - 55.41 -@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) 55.42 - u8 rsc[6]; 55.43 - enum wpa_alg alg; 55.44 - 55.45 -+ if (peer->tk_set) { 55.46 -+ /* 55.47 -+ * This same TPK-TK has already been configured to the driver 55.48 -+ * and this new configuration attempt (likely due to an 55.49 -+ * unexpected retransmitted frame) would result in clearing 55.50 -+ * the TX/RX sequence number which can break security, so must 55.51 -+ * not allow that to happen. 55.52 -+ */ 55.53 -+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR 55.54 -+ " has already been configured to the driver - do not reconfigure", 55.55 -+ MAC2STR(peer->addr)); 55.56 -+ return -1; 55.57 -+ } 55.58 -+ 55.59 - os_memset(rsc, 0, 6); 55.60 - 55.61 - switch (peer->cipher) { 55.62 -@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) 55.63 - return -1; 55.64 - } 55.65 - 55.66 -+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR, 55.67 -+ MAC2STR(peer->addr)); 55.68 - if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1, 55.69 - rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) { 55.70 - wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the " 55.71 - "driver"); 55.72 - return -1; 55.73 - } 55.74 -+ peer->tk_set = 1; 55.75 - return 0; 55.76 - } 55.77 - 55.78 -@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer) 55.79 - peer->cipher = 0; 55.80 - peer->qos_info = 0; 55.81 - peer->wmm_capable = 0; 55.82 -- peer->tpk_set = peer->tpk_success = 0; 55.83 -+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0; 55.84 - peer->chan_switch_enabled = 0; 55.85 - os_memset(&peer->tpk, 0, sizeof(peer->tpk)); 55.86 - os_memset(peer->inonce, 0, WPA_NONCE_LEN); 55.87 -@@ -1159,6 +1177,7 @@ skip_rsnie: 55.88 - wpa_tdls_peer_free(sm, peer); 55.89 - return -1; 55.90 - } 55.91 -+ peer->tk_set = 0; /* A new nonce results in a new TK */ 55.92 - wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake", 55.93 - peer->inonce, WPA_NONCE_LEN); 55.94 - os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN); 55.95 -@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer, 55.96 - } 55.97 - 55.98 - 55.99 -+static int tdls_nonce_set(const u8 *nonce) 55.100 -+{ 55.101 -+ int i; 55.102 -+ 55.103 -+ for (i = 0; i < WPA_NONCE_LEN; i++) { 55.104 -+ if (nonce[i]) 55.105 -+ return 1; 55.106 -+ } 55.107 -+ 55.108 -+ return 0; 55.109 -+} 55.110 -+ 55.111 -+ 55.112 - static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr, 55.113 - const u8 *buf, size_t len) 55.114 - { 55.115 -@@ -2004,7 +2036,8 @@ skip_rsn: 55.116 - peer->rsnie_i_len = kde.rsn_ie_len; 55.117 - peer->cipher = cipher; 55.118 - 55.119 -- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) { 55.120 -+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 || 55.121 -+ !tdls_nonce_set(peer->inonce)) { 55.122 - /* 55.123 - * There is no point in updating the RNonce for every obtained 55.124 - * TPK M1 frame (e.g., retransmission due to timeout) with the 55.125 -@@ -2020,6 +2053,7 @@ skip_rsn: 55.126 - "TDLS: Failed to get random data for responder nonce"); 55.127 - goto error; 55.128 - } 55.129 -+ peer->tk_set = 0; /* A new nonce results in a new TK */ 55.130 - } 55.131 - 55.132 - #if 0 55.133 --- 55.134 -2.7.4 55.135 -
56.1 --- a/wpa_supplicant/stuff/patches/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch Tue Dec 25 14:44:32 2018 +0200 56.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 56.3 @@ -1,43 +0,0 @@ 56.4 -From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001 56.5 -From: Jouni Malinen <j@w1.fi> 56.6 -Date: Fri, 22 Sep 2017 11:25:02 +0300 56.7 -Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending 56.8 - request 56.9 - 56.10 -Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep 56.11 -Mode Response if WNM-Sleep Mode has not been used') started ignoring the 56.12 -response when no WNM-Sleep Mode Request had been used during the 56.13 -association. This can be made tighter by clearing the used flag when 56.14 -successfully processing a response. This adds an additional layer of 56.15 -protection against unexpected retransmissions of the response frame. 56.16 - 56.17 -Signed-off-by: Jouni Malinen <j@w1.fi> 56.18 ---- 56.19 - wpa_supplicant/wnm_sta.c | 4 +++- 56.20 - 1 file changed, 3 insertions(+), 1 deletion(-) 56.21 - 56.22 -diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c 56.23 -index 1b3409c..67a07ff 100644 56.24 ---- a/wpa_supplicant/wnm_sta.c 56.25 -+++ b/wpa_supplicant/wnm_sta.c 56.26 -@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, 56.27 - 56.28 - if (!wpa_s->wnmsleep_used) { 56.29 - wpa_printf(MSG_DEBUG, 56.30 -- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association"); 56.31 -+ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested"); 56.32 - return; 56.33 - } 56.34 - 56.35 -@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, 56.36 - return; 56.37 - } 56.38 - 56.39 -+ wpa_s->wnmsleep_used = 0; 56.40 -+ 56.41 - if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT || 56.42 - wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) { 56.43 - wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response " 56.44 --- 56.45 -2.7.4 56.46 -
57.1 --- a/wpa_supplicant/stuff/patches/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch Tue Dec 25 14:44:32 2018 +0200 57.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 57.3 @@ -1,82 +0,0 @@ 57.4 -From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001 57.5 -From: Jouni Malinen <j@w1.fi> 57.6 -Date: Fri, 22 Sep 2017 12:06:37 +0300 57.7 -Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames 57.8 - 57.9 -The driver is expected to not report a second association event without 57.10 -the station having explicitly request a new association. As such, this 57.11 -case should not be reachable. However, since reconfiguring the same 57.12 -pairwise or group keys to the driver could result in nonce reuse issues, 57.13 -be extra careful here and do an additional state check to avoid this 57.14 -even if the local driver ends up somehow accepting an unexpected 57.15 -Reassociation Response frame. 57.16 - 57.17 -Signed-off-by: Jouni Malinen <j@w1.fi> 57.18 ---- 57.19 - src/rsn_supp/wpa.c | 3 +++ 57.20 - src/rsn_supp/wpa_ft.c | 8 ++++++++ 57.21 - src/rsn_supp/wpa_i.h | 1 + 57.22 - 3 files changed, 12 insertions(+) 57.23 - 57.24 -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c 57.25 -index 0550a41..2a53c6f 100644 57.26 ---- a/src/rsn_supp/wpa.c 57.27 -+++ b/src/rsn_supp/wpa.c 57.28 -@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) 57.29 - #ifdef CONFIG_TDLS 57.30 - wpa_tdls_disassoc(sm); 57.31 - #endif /* CONFIG_TDLS */ 57.32 -+#ifdef CONFIG_IEEE80211R 57.33 -+ sm->ft_reassoc_completed = 0; 57.34 -+#endif /* CONFIG_IEEE80211R */ 57.35 - 57.36 - /* Keys are not needed in the WPA state machine anymore */ 57.37 - wpa_sm_drop_sa(sm); 57.38 -diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c 57.39 -index 205793e..d45bb45 100644 57.40 ---- a/src/rsn_supp/wpa_ft.c 57.41 -+++ b/src/rsn_supp/wpa_ft.c 57.42 -@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, 57.43 - u16 capab; 57.44 - 57.45 - sm->ft_completed = 0; 57.46 -+ sm->ft_reassoc_completed = 0; 57.47 - 57.48 - buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + 57.49 - 2 + sm->r0kh_id_len + ric_ies_len + 100; 57.50 -@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, 57.51 - return -1; 57.52 - } 57.53 - 57.54 -+ if (sm->ft_reassoc_completed) { 57.55 -+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); 57.56 -+ return 0; 57.57 -+ } 57.58 -+ 57.59 - if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { 57.60 - wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); 57.61 - return -1; 57.62 -@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, 57.63 - return -1; 57.64 - } 57.65 - 57.66 -+ sm->ft_reassoc_completed = 1; 57.67 -+ 57.68 - if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) 57.69 - return -1; 57.70 - 57.71 -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h 57.72 -index 41f371f..56f88dc 100644 57.73 ---- a/src/rsn_supp/wpa_i.h 57.74 -+++ b/src/rsn_supp/wpa_i.h 57.75 -@@ -128,6 +128,7 @@ struct wpa_sm { 57.76 - size_t r0kh_id_len; 57.77 - u8 r1kh_id[FT_R1KH_ID_LEN]; 57.78 - int ft_completed; 57.79 -+ int ft_reassoc_completed; 57.80 - int over_the_ds_in_progress; 57.81 - u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ 57.82 - int set_ptk_after_assoc; 57.83 --- 57.84 -2.7.4 57.85 -
58.1 --- a/wpa_supplicant/stuff/patches/series Tue Dec 25 14:44:32 2018 +0200 58.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 58.3 @@ -1,8 +0,0 @@ 58.4 -rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch 58.5 -rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch 58.6 -rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch 58.7 -rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch 58.8 -rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch 58.9 -rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch 58.10 -rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch 58.11 -rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
59.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 59.2 +++ b/wpa_supplicant/stuff/wpa_empty.conf Tue Dec 25 19:30:28 2018 +0200 59.3 @@ -0,0 +1,37 @@ 59.4 +# /etc/wpa/wpa.conf: wpa_supplicant configuration file. 59.5 +# 59.6 + 59.7 +# Whether to allow wpa_supplicant to update (overwrite) configuration 59.8 +#update_config=1 59.9 + 59.10 +# 59.11 +# global configuration (shared by all network blocks) 59.12 +# 59.13 + 59.14 +# Parameters for the control interface 59.15 +ctrl_interface=/var/run/wpa_supplicant 59.16 + 59.17 +# Ensure that only root can read the WPA configuration 59.18 +ctrl_interface_group=0 59.19 + 59.20 +# IEEE 802.1X/EAPOL version: 1 or 2 59.21 +eapol_version=2 59.22 + 59.23 +# AP scanning/selection 59.24 +ap_scan=1 59.25 + 59.26 +# EAP fast re-authentication 59.27 +fast_reauth=1 59.28 + 59.29 +# Network configuration example. 59.30 +#network={ 59.31 + #ssid="" 59.32 + #psk="" 59.33 + #scan_ssid=1 59.34 + #proto=WPA RSN 59.35 + #key_mgmt=WPA-PSK WPA-EAP 59.36 +#} 59.37 + 59.38 +# Network configuration added by /etc/init.d/network.sh using 59.39 +# setting from /etc/network.conf 59.40 +
60.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 60.2 +++ b/wpa_supplicant/stuff/wpa_supplicant Tue Dec 25 19:30:28 2018 +0200 60.3 @@ -0,0 +1,54 @@ 60.4 +#!/bin/sh 60.5 +# /etc/init.d/wpa_supplicant: Start, stop and restart wpa_supplicant daemon 60.6 +# on SliTaz, at boot time or with the command line. 60.7 +# 60.8 +# To start daemon at boot time, just put the right name in the $RUN_DAEMONS 60.9 +# variable of /etc/rcS.conf and configure options with /etc/daemons.conf. 60.10 +# 60.11 +. /etc/init.d/rc.functions 60.12 +. /etc/daemons.conf 60.13 + 60.14 +NAME=wpa_supplicant 60.15 +DESC="$(_ '%s daemon' wpa_supplicant)" 60.16 +DAEMON=/usr/bin/wpa_supplicant 60.17 +OPTIONS=$WPA_OPTIONS 60.18 +PIDFILE=/var/run/wpa_supplicant.pid 60.19 + 60.20 +case "$1" in 60.21 + start) 60.22 + if active_pidfile $PIDFILE $NAME ; then 60.23 + _ '%s is already running.' $NAME 60.24 + exit 1 60.25 + fi 60.26 + action 'Starting %s: %s...' "$DESC" $NAME 60.27 + $DAEMON $OPTIONS 60.28 + status 60.29 + ;; 60.30 + stop) 60.31 + if ! active_pidfile $PIDFILE $NAME ; then 60.32 + _ '%s is not running.' $NAME 60.33 + exit 1 60.34 + fi 60.35 + action 'Stopping %s: %s...' "$DESC" $NAME 60.36 + kill $(cat $PIDFILE) 60.37 + status 60.38 + ;; 60.39 + restart) 60.40 + if ! active_pidfile $PIDFILE $NAME ; then 60.41 + _ '%s is not running.' $NAME 60.42 + exit 1 60.43 + fi 60.44 + action 'Restarting %s: %s...' "$DESC" $NAME 60.45 + kill $(cat $PIDFILE) 60.46 + sleep 2 60.47 + $DAEMON $OPTIONS 60.48 + status 60.49 + ;; 60.50 + *) 60.51 + emsg "<n><b>$(_ 'Usage:')</b> $0 [start|stop|restart]" 60.52 + newline 60.53 + exit 1 60.54 + ;; 60.55 +esac 60.56 + 60.57 +exit 0