specs/w/wpa_supplicant/wpa_supplicant-vl.spec

%bcond_with systemd
%bcond_with gui

Summary: WPA/WPA2/IEEE 802.1X Supplicant
Name: wpa_supplicant
Version: 2.9
Release: 5%{?_dist_release}%{?with_systemd:.systemd}
Group: network,system
Vendor: Project Vine
Distribution: Vine Linux

License: BSD
URL: https://w1.fi/wpa_supplicant/
Source0: https://w1.fi/releases/%{name}-%{version}.tar.gz
Source2: %{name}.conf
Source3: %{name}.init.d
Source4: %{name}.sysconfig
Source6: %{name}.logrotate
Source100: %{name}.service
Source101: %{name}.sysconfig.systemd

# distro specific customization and not suitable for upstream,
# Fedora-specific updates to defconfig
Patch0: wpa_supplicant-config.patch
# works around busted drivers
Patch1: wpa_supplicant-assoc-timeout.patch
# ensures that debug output gets flushed immediately to help diagnose driver
# bugs, not suitable for upstream
Patch2: wpa_supplicant-flush-debug-output.patch
# quiet an annoying and frequent syslog message
Patch3: wpa_supplicant-quiet-scan-results-message.patch
# distro specific customization for Qt4 build tools, not suitable for upstream
Patch4: wpa_supplicant-gui-qt4.patch
# fix AP mode PMF disconnection protection bypass
Patch5: 0001-AP-Silently-ignore-management-frame-from-unexpected-.patch

# fix some issues with P2P operation
Patch6: 0001-P2P-Always-use-global-p2p_long_listen.patch
Patch7: 0001-D-Bus-Fix-P2P-NULL-dereference-after-interface-remov.patch
Patch8: 0001-p2p-Limit-P2P_DEVICE-name-to-appropriate-ifname-size.patch

#fix for bz1915236
Patch9: 0001-D-Bus-Allow-changing-an-interface-bridge-via-D-Bus.patch

#expose OWE capability in D-Bus
Patch10: 0001-dbus-Export-OWE-capability-and-OWE-BSS-key_mgmt.patch

# CVE-2021-0326
Patch11: 0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch

# CVE-2021-27803
Patch12: 0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch

# CVE-2021-30004
Patch13: 0001-ASN-1-Validate-DigestAlgorithmIdentifier-parameters.patch

# fix for 802.11r networks, and cards that don't support it
Patch14: 0001-Check-for-FT-support-when-selecting-FT-suites.patch

#fix nmci failures with OpenSSL-3.0.0
Patch15: 0001-OpenSSL-Allow-systemwide-secpolicy-overrides-for-TLS.patch
Patch16: 0001-EAP-TTLS-PEAP-peer-Fix-failure-when-using-session-ti.patch
Patch17: 0001-openssl-Disable-padding-after-initializing-the-ciphe.patch
Patch18: 0001-openssl-Remove-deprecated-functions-from-des_encrypt.patch

## Vine patches

BuildRoot: %{_tmppath}/%{name}-%{version}-root
%if %{with gui}
BuildRequires: qt4-devel
%endif
BuildRequires: openssl-devel
BuildRequires: readline-devel
BuildRequires: dbus-devel
BuildRequires: libnl3-devel
BuildRequires: docbook-utils
%if %{with systemd}
%{?systemd_requires}
%else
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig /sbin/service
Requires(postun): /sbin/service
%endif

%description
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support 
for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA 
component that is used in the client stations. It implements key negotiation 
with a WPA Authenticator and it controls the roaming and IEEE 802.11 
authentication/association of the wlan driver.


%if %{with gui}
%package gui
Summary: Graphical User Interface for %{name}
Summary(ja): %{name} のグラフィカルユーザインタフェース
Group: admin-tools,network

%description gui
Graphical User Interface for wpa_supplicant written using QT4

%description -l ja gui
QT4 を用いた wpa_supplicant のグラフィカルユーザインタフェース
%endif


%debug_package


%prep
%setup -q
%autopatch -p1


%build
pushd wpa_supplicant
  cp defconfig .config

  export CFLAGS="${CFLAGS:-%optflags} -fPIE -DPIE"
  export CXXFLAGS="${CXXFLAGS:-%optflags} -fPIE -DPIE"
  export LDFLAGS="${LDFLAGS:-%optflags} -pie -Wl,-z,now"
  # yes, BINDIR=_sbindir
  export BINDIR="%{_sbindir}"
  export LIBDIR="%{_libdir}"
  make %{_smp_mflags} V=1
%if %{with gui}
  make wpa_gui-qt4 %{_smp_mflags} V=1 QTDIR=%{_libdir}/qt4
%endif
  make eapol_test
popd


%install
rm -rf %{buildroot}

%if %{with systemd}
# systemd unit
install -D -m 0644 %{SOURCE100} %{buildroot}%{_unitdir}/%{name}.service
install -D -m 0644 %{SOURCE101} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
%else
# init scripts
install -D -m 0755 %{SOURCE3} %{buildroot}%{_sysconfdir}/rc.d/init.d/%{name}
install -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
%endif

# logrotate
install -D -m 0644 %{SOURCE6} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}

# config
install -D -m 0600 %{SOURCE2} %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf

# binary
install -d %{buildroot}/%{_sbindir}
install -m 0755 %{name}/wpa_passphrase %{buildroot}/%{_sbindir}
install -m 0755 %{name}/wpa_cli %{buildroot}/%{_sbindir}
install -m 0755 %{name}/wpa_supplicant %{buildroot}/%{_sbindir}
install -m 0755 wpa_supplicant/eapol_test %{buildroot}/%{_sbindir}
install -D -m 0644 %{name}/dbus/dbus-wpa_supplicant.conf \
  %{buildroot}/%{_sysconfdir}/dbus-1/system.d/wpa_supplicant.conf
install -D -m 0644 %{name}/dbus/fi.w1.wpa_supplicant1.service \
  %{buildroot}/%{_datadir}/dbus-1/system-services/fi.w1.wpa_supplicant1.service

%if %{with gui}
# gui
install -d %{buildroot}/%{_bindir}
install -m 0755 %{name}/wpa_gui-qt4/wpa_gui %{buildroot}/%{_bindir}
%endif

# running
mkdir -p %{buildroot}/%{_localstatedir}/run/%{name}

# man pages
install -d %{buildroot}%{_mandir}/man{5,8}
install -m 0644 %{name}/doc/docbook/*.8 %{buildroot}%{_mandir}/man8
install -m 0644 %{name}/doc/docbook/*.5 %{buildroot}%{_mandir}/man5

# some cleanup in docs
rm -f  %{name}/doc/.cvsignore
rm -rf %{name}/doc/docbook
chmod -R 0644 %{name}/examples/*.py


%clean
rm -rf %{buildroot}


%post
%if %{with systemd}
%systemd_post wpa_supplicant.service
%else
if [ $1 = 1 ]; then
    /sbin/chkconfig --add %{name}
fi
%endif

%preun
%if %{with systemd}
%systemd_preun wpa_supplicant.service
%else
if [ $1 = 0 -o -x /bin/systemctl ]; then
    /sbin/service %{name} stop > /dev/null 2>&1 ||:
    killall -TERM wpa_supplicant >/dev/null 2>&1 || :
    /sbin/chkconfig --del %{name}
fi
%endif

%postun
%if %{with systemd}
%systemd_postun_with_restart wpa_supplicant.service
%else
if [ $1 -ge 1 ]; then
    /sbin/service %{name} condrestart > /dev/null 2>&1 ||:
fi
%endif


%files
%defattr(-, root, root)
%license COPYING
%doc %{name}/ChangeLog README %{name}/eap_testing.txt %{name}/todo.txt %{name}/wpa_supplicant.conf %{name}/examples
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%if %{with systemd}
%{_unitdir}/%{name}.service
%else
%{_sysconfdir}/rc.d/init.d/%{name}
%endif
%{_sysconfdir}/dbus-1/system.d/%{name}.conf
%{_datadir}/dbus-1/system-services/fi.w1.wpa_supplicant1.service
%{_sbindir}/wpa_passphrase
%{_sbindir}/wpa_supplicant
%{_sbindir}/wpa_cli
%{_sbindir}/eapol_test
%dir %{_localstatedir}/run/%{name}
%dir %{_sysconfdir}/%{name}
%{_mandir}/man8/*
%{_mandir}/man5/*

%if %{with gui}
%files gui
%defattr(-, root, root)
%{_bindir}/wpa_gui
%endif


%changelog
* Mon Oct 18 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> - 2.9-5
- built with openssl-3.0.0.
- imported Patch14-18 from rawhide.

* Sat Apr 10 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> - 2.9-4
- imported Patch13 from upstream to fox CVE-2021-30004.

* Sat Mar 06 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> - 2.9-3
- imported Patch11 from upstream to fix CVE-2021-0326.
- imported Patch12 from upstream to fix CVE-2021-27803.

* Mon Mar 01 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> - 2.9-2
- diasabled gui as default.
- added systemd support (disabled as default).
- replaced all patches to rawhide's.

* Tue Mar 24 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> - 2.9-1
- new upstream release.
- replaced all patches to rawhide's.

* Tue Nov 27 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> - 2.6-2
- rebuilt with openssl-1.1.1.
- imported Patch62-64 from rawhide.

* Sat Mar 03 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> - 2.6-1
- updated to 2.6.
- imported Patch9-60 from rawhide.

* Thu Jun 30 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> - 2.5-3
- rebuilt with new toolchain.

* Tue Mar 29 2016 Yoji TOYODA <bsyamato@sea.plala.or.jp> - 2.5-2
- rebuild with openssl-1.0.2g

* Thu Oct 08 2015 Yoji TOYODA <bsyamato@sea.plala.or.jp> - 2.5-1
- update to 2.5
- update SOURCE1
- remove Patch7 (libnl3-includes.patch)
- add Patch 9,10,11 from Fedora
- remove Patch 6, 700

* Thu Feb  5 2015 Ryoichi INAGAKI <ryo1@toki.waseda.jp> - 2.3-1
- updated to 2.3
- built with libnl3 instead of libnl
- added Patch 6, 7 and 8 from Fedora
- added Patch700

  * Mon Aug 22 2011 MATSUBAYASHI Kohji <shaolin@vinelinux.org> - 0.7.3-3
- import Patch8 from Fedora 1:0.7.3-9 to fix some crashes
  - Wed Jul 27 2011 Dan Williams <dcbw@redhat.com> - 1:0.7.3-9
  - Fix various crashes with D-Bus interface (rh #678625) (rh #725517)

* Mon Jan 10 2011 Yoji TOYODA <bsyamato@sea.plala.or.jp> 0.7.3-2
- rebuild with openssl-1.0.0c
- add BuildRequires: qt4-designer, libnl-devel

* Thu Jan 06 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 0.7.3-1
- new upstream release
- update patches
- change License to BSD due to linkage against OpsnSSL since there is no
  OpenSSL exception in upstream GPLv2 license text.
- build with qt4
- update build config

* Wed Jan 28 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 0.6.4-1
- new upstream release
- remove hostap/madwifi/prism54 drivers, use 'wext' instead.
- drop upstream patches
- import some fedora patches
  - Handle encryption keys correctly when switching 802.11 modes (rh #459399)
  - Better scanning behavior on resume from suspend/hibernate
  - Better interaction with newer kernels and drivers

* Sun Aug 03 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 0.6.3-2
- start wpa_supplicant by default.

* Sun Aug 03 2008 Daisuke SUZUKI <daisuke@linux.or.jp> 0.6.3-1
- new upstream release
- import some fedora patches

* Thu May 17 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 0.5.7-0vl2
- rebuild with new openssl

* Mon May 14 2007 Daisuke SUZUKI <daisuke@linux.or.jp> 0.5.7-0vl1
- new upstream release

* Wed Jun 21 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 0.4.8-0vl1
- initial build for Vine Linux based on FC package.

* Thu Apr 27 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-10
- Add fix for madwifi and WEP (wpa_supplicant/hostap bud #140) (#rh190075#)
- Fix up madwifi-ng private ioctl()s for r1331 and later
- Update madwifi headers to r1475

* Tue Apr 25 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-9
- Enable Wired driver, PKCS12, and Smartcard options (#rh189805#)

* Tue Apr 11 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-8
- Fix control interface key obfuscation a bit

* Sun Apr  2 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-7
- Work around older & incorrect drivers that return null-terminated SSIDs

* Mon Mar 27 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-6
- Add patch to make orinoco happy with WEP keys
- Enable Prism54-specific driver
- Disable ipw-specific driver; ipw2x00 should be using WEXT instead

* Fri Mar  3 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-5
- Increase association timeout, mainly for drivers that don't
	fully support WPA ioctls yet

* Fri Mar  3 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-4
- Add additional BuildRequires #rh181914#
- Add prereq on chkconfig #rh182905# #rh182906#
- Own /var/run/wpa_supplicant and /etc/wpa_supplicant #rh183696#

* Wed Mar  1 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-3
- Install wpa_passphrase too #rh183480#

* Mon Feb 27 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-2
- Don't expose private data on the control interface unless requested

* Fri Feb 24 2006 Dan Williams <dcbw@redhat.com> - 0.4.8-1
- Downgrade to 0.4.8 stable release rather than a dev release

* Sun Feb 12 2006 Dan Williams <dcbw@redhat.com> - 0.5.1-3
- Documentation cleanup (Terje Rosten <terje.rosten@ntnu.no>)

* Sun Feb 12 2006 Dan Williams <dcbw@redhat.com> - 0.5.1-2
- Move initscript to /etc/rc.d/init.d

* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.5.1-1.2
- bump again for double-long bug on ppc(64)

* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.5.1-1.1
- rebuilt for new gcc4.1 snapshot and glibc changes

* Sun Feb  5 2006 Dan Williams <dcbw@redhat.com> 0.5.1-1
- Update to 0.5.1
- Add WE auth fallback to actually work with older drivers

* Thu Jan 26 2006 Dan Williams <dcbw@redhat.com> 0.4.7-2
- Bring package into Fedora Core
- Add ap_scan control interface patch
- Enable madwifi-ng driver

* Sun Jan 15 2006 Douglas E. Warner <silfreed@silfreed.net> 0.4.7-1
- upgrade to 0.4.7
- added package w/ wpa_gui in it

* Mon Nov 14 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.6-1
- upgrade to 0.4.6
- adding ctrl interface changes recommended 
  by Hugo Paredes <hugo.paredes@e-know.org>

* Sun Oct  9 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.5-1
- upgrade to 0.4.5
- updated config file wpa_supplicant is built with
  especially, the ipw2100 driver changed to just ipw
  and enabled a bunch more EAP
- disabled dist tag

* Thu Jun 30 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.2-3
- fix typo in init script

* Thu Jun 30 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.2-2
- fixing init script using fedora-extras' template
- removing chkconfig default startup

* Tue Jun 21 2005 Douglas E. Warner <silfreed@silfreed.net> 0.4.2-1
- upgrade to 0.4.2
- new sample conf file that will use any unrestricted AP
- make sysconfig config entry
- new BuildRoot for Fedora Extras
- adding dist tag to Release

* Fri May 06 2005 Douglas E. Warner <silfreed@silfreed.net> 0.3.8-1
- upgrade to 0.3.8

* Thu Feb 10 2005 Douglas E. Warner <silfreed@silfreed.net> 0.3.6-2
- compile ipw driver in

* Wed Feb 09 2005 Douglas E. Warner <silfreed@silfreed.net> 0.3.6-1
- upgrade to 0.3.6

* Thu Dec 23 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-4
- fixing init script

* Mon Dec 20 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-3
- fixing init script
- adding post/preun items to add/remove via chkconfig

* Mon Dec 20 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-2
- adding sysV scripts

* Mon Dec 20 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-1
- Initial RPM release.