revert commit breaking authorization on brcmfmac with old kernels (rpi) [release 2.11-2mamba;Fri Oct 18 2024]

2024-10-19 11:01:32 +02:00 · 2024-10-19 11:01:32 +02:00 · 9a6095bf9c
commit 9a6095bf9c
parent 31e4f1cd3d
8 changed files with 56 additions and 301 deletions
--- a/wpa_supplicant-0.7.3-dbus_service_fix_path.patch
+++ b/wpa_supplicant-0.7.3-dbus_service_fix_path.patch
@ -1,9 +0,0 @@
-diff -Nru wpa_supplicant-0.7.3.orig//wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service wpa_supplicant-0.7.3/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service
--- wpa_supplicant-0.7.3.orig//wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service	2010-09-07 17:43:39.000000000 +0200
-+++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service	2010-12-02 23:28:35.575078721 +0100
-@@ -1,4 +1,4 @@
- [D-BUS Service]
- Name=fi.epitest.hostap.WPASupplicant
-Exec=/sbin/wpa_supplicant -u
-+Exec=/usr/sbin/wpa_supplicant -u
- User=root
--- a/wpa_supplicant-0.7.3-defconfig_enable_dbus.patch
+++ b/wpa_supplicant-0.7.3-defconfig_enable_dbus.patch
@ -1,21 +0,0 @@
-diff -Nru wpa_supplicant-0.7.3.orig//wpa_supplicant/defconfig wpa_supplicant-0.7.3/wpa_supplicant/defconfig
--- wpa_supplicant-0.7.3.orig//wpa_supplicant/defconfig	2010-09-07 17:43:39.000000000 +0200
-+++ wpa_supplicant-0.7.3/wpa_supplicant/defconfig	2010-12-02 22:40:09.804211706 +0100
-@@ -342,14 +342,14 @@
- 
- # Add support for old DBus control interface
- # (fi.epitest.hostap.WPASupplicant)
-#CONFIG_CTRL_IFACE_DBUS=y
-+CONFIG_CTRL_IFACE_DBUS=y
- 
- # Add support for new DBus control interface
- # (fi.w1.hostap.wpa_supplicant1)
-#CONFIG_CTRL_IFACE_DBUS_NEW=y
-+CONFIG_CTRL_IFACE_DBUS_NEW=y
- 
- # Add introspection support for new DBus control interface
-#CONFIG_CTRL_IFACE_DBUS_INTRO=y
-+CONFIG_CTRL_IFACE_DBUS_INTRO=y
- 
- # Add support for loading EAP methods dynamically as shared libraries.
- # When this option is enabled, each EAP method can be either included
--- a/wpa_supplicant-0.7.3-emit_property_changed_events_when_BSSs_property_changed.patch
+++ b/wpa_supplicant-0.7.3-emit_property_changed_events_when_BSSs_property_changed.patch
@ -1,61 +0,0 @@
-From b80b5639935d37b95d00f86b57f2844a9c775f57 Mon Sep 17 00:00:00 2001
-From: Dan Williams <dcbw@redhat.com>
-Date: Fri, 17 Dec 2010 15:56:01 +0200
-Subject: [PATCH] dbus: Emit property changed events when adding/removing BSSes
-
-The supplicant was not emitting property changed events when the BSSs
-property changed.
-
-Signed-off-by: Dan Williams <dcbw@redhat.com>
-(cherry picked from commit 1e6288df6b07a353a9246b77e0de2a840b5f2c72)
---
- wpa_supplicant/dbus/dbus_new.c |    6 ++++++
- wpa_supplicant/dbus/dbus_new.h |    1 +
- 2 files changed, 7 insertions(+), 0 deletions(-)
-
-diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c
-index bdfbbac..c66640a 100644
--- a/wpa_supplicant/dbus/dbus_new.c
-+++ b/wpa_supplicant/dbus/dbus_new.c
-@@ -691,6 +691,10 @@ void wpas_dbus_signal_prop_changed(struct wpa_supplicant *wpa_s,
- 			wpas_dbus_getter_current_network;
- 		prop = "CurrentNetwork";
- 		break;
-+	case WPAS_DBUS_PROP_BSSS:
-+		getter = (WPADBusPropertyAccessor) wpas_dbus_getter_bsss;
-+		prop = "BSSs";
-+		break;
- 	default:
- 		wpa_printf(MSG_ERROR, "dbus: %s: Unknown Property value %d",
- 			   __func__, property);
-@@ -1199,6 +1203,7 @@ int wpas_dbus_unregister_bss(struct wpa_supplicant *wpa_s,
- 	}
- 
- 	wpas_dbus_signal_bss_removed(wpa_s, bss_obj_path);
-+	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_BSSS);
- 
- 	return 0;
- }
-@@ -1263,6 +1268,7 @@ int wpas_dbus_register_bss(struct wpa_supplicant *wpa_s,
- 	}
- 
- 	wpas_dbus_signal_bss_added(wpa_s, bss_obj_path);
-+	wpas_dbus_signal_prop_changed(wpa_s, WPAS_DBUS_PROP_BSSS);
- 
- 	return 0;
- 
-diff --git a/wpa_supplicant/dbus/dbus_new.h b/wpa_supplicant/dbus/dbus_new.h
-index 80ea98c..9cdefcb 100644
--- a/wpa_supplicant/dbus/dbus_new.h
-+++ b/wpa_supplicant/dbus/dbus_new.h
-@@ -30,6 +30,7 @@ enum wpas_dbus_prop {
- 	WPAS_DBUS_PROP_STATE,
- 	WPAS_DBUS_PROP_CURRENT_BSS,
- 	WPAS_DBUS_PROP_CURRENT_NETWORK,
-+	WPAS_DBUS_PROP_BSSS,
- };
- 
- enum wpas_dbus_bss_prop {
-- 
-1.7.4-rc1
-
--- a/wpa_supplicant-0.7.3-enable_NL80211.patch
+++ b/wpa_supplicant-0.7.3-enable_NL80211.patch
@ -1,12 +0,0 @@
-diff -Nru wpa_supplicant-0.7.3.orig/wpa_supplicant/defconfig wpa_supplicant-0.7.3/wpa_supplicant/defconfig
--- wpa_supplicant-0.7.3.orig/wpa_supplicant/defconfig	2011-09-18 15:40:55.316545708 +0200
-+++ wpa_supplicant-0.7.3/wpa_supplicant/defconfig	2011-09-18 15:41:15.516570524 +0200
-@@ -81,7 +81,7 @@
- CONFIG_DRIVER_WEXT=y
- 
- # Driver interface for Linux drivers using the nl80211 kernel interface
-#CONFIG_DRIVER_NL80211=y
-+CONFIG_DRIVER_NL80211=y
- 
- # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
- #CONFIG_DRIVER_BSD=y
--- a/wpa_supplicant-1.0-wpagui-getopt.patch.patch
+++ b/wpa_supplicant-1.0-wpagui-getopt.patch.patch
@ -1,14 +0,0 @@
-diff -up wpa_supplicant-1.0-rc1/wpa_supplicant/wpa_gui-qt4/wpagui.cpp.getopt wpa_supplicant-1.0-rc1/wpa_supplicant/wpa_gui-qt4/wpagui.cpp
--- wpa_supplicant-1.0-rc1/wpa_supplicant/wpa_gui-qt4/wpagui.cpp.getopt	2012-01-10 16:28:43.451307760 -0600
-+++ wpa_supplicant-1.0-rc1/wpa_supplicant/wpa_gui-qt4/wpagui.cpp	2012-01-10 16:28:53.999175893 -0600
-@@ -12,10 +12,7 @@
-  * See README and COPYING for more details.
-  */
- 
-#ifdef __MINGW32__
-/* Need to get getopt() */
- #include <unistd.h>
-#endif
- 
- #ifdef CONFIG_NATIVE_WINDOWS
- #include <windows.h>
--- a/wpa_supplicant-2.11-revert-Mark-authorization-completed-on-driver-indica.patch
+++ b/wpa_supplicant-2.11-revert-Mark-authorization-completed-on-driver-indica.patch
@ -0,0 +1,50 @@
+From 2514856652f9a393e505d542cb8f039f8bac10f5 Mon Sep 17 00:00:00 2001
+From: Janne Grunau <janne-fdr@jannau.net>
+Date: Sun, 4 Aug 2024 13:24:42 +0200
+Subject: [PATCH 1/1] Revert "Mark authorization completed on driver indication
+ during 4-way HS offload"
+
+This reverts commit 41638606054a09867fe3f9a2b5523aa4678cbfa5.
+---
+ wpa_supplicant/events.c | 25 ++++++++-----------------
+ 1 file changed, 8 insertions(+), 17 deletions(-)
+
+diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
+index 46e7cf1ab..7b3ef7205 100644
+--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
+@@ -4441,23 +4441,14 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
+ 		eapol_sm_notify_eap_success(wpa_s->eapol, true);
+ 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
+ 		   wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
+-		if (already_authorized) {
+-			/*
+-			 * We are done; the driver will take care of RSN 4-way
+-			 * handshake.
+-			 */
+-			wpa_supplicant_cancel_auth_timeout(wpa_s);
+-			wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
+-			eapol_sm_notify_portValid(wpa_s->eapol, true);
+-			eapol_sm_notify_eap_success(wpa_s->eapol, true);
+-		} else {
+-			/* Update port, WPA_COMPLETED state from the
+-			 * EVENT_PORT_AUTHORIZED handler when the driver is done
+-			 * with the 4-way handshake.
+-			 */
+-			wpa_msg(wpa_s, MSG_DEBUG,
+-				"ASSOC INFO: wait for driver port authorized indication");
+-		}
+		/*
+		 * We are done; the driver will take care of RSN 4-way
+		 * handshake.
+		 */
+		wpa_supplicant_cancel_auth_timeout(wpa_s);
+		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
+		eapol_sm_notify_portValid(wpa_s->eapol, true);
+		eapol_sm_notify_eap_success(wpa_s->eapol, true);
+ 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
+ 		   wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
+ 		/*
+-- 
+2.45.2
+
--- a/wpa_supplicant-2.6-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
+++ b/wpa_supplicant-2.6-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
@ -1,174 +0,0 @@
-From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Fri, 14 Jul 2017 15:15:35 +0200
-Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
-
-Do not reinstall TK to the driver during Reassociation Response frame
-processing if the first attempt of setting the TK succeeded. This avoids
-issues related to clearing the TX/RX PN that could result in reusing
-same PN values for transmitted frames (e.g., due to CCM nonce reuse and
-also hitting replay protection on the receiver) and accepting replayed
-frames on RX side.
-
-This issue was introduced by the commit
-0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
-authenticator') which allowed wpa_ft_install_ptk() to be called multiple
-times with the same PTK. While the second configuration attempt is
-needed with some drivers, it must be done only if the first attempt
-failed.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
---
- src/ap/ieee802_11.c  | 16 +++++++++++++---
- src/ap/wpa_auth.c    | 11 +++++++++++
- src/ap/wpa_auth.h    |  3 ++-
- src/ap/wpa_auth_ft.c | 10 ++++++++++
- src/ap/wpa_auth_i.h  |  1 +
- 5 files changed, 37 insertions(+), 4 deletions(-)
-
-diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
-index 4e04169..333035f 100644
--- a/src/ap/ieee802_11.c
-+++ b/src/ap/ieee802_11.c
-@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
- {
- 	struct ieee80211_ht_capabilities ht_cap;
- 	struct ieee80211_vht_capabilities vht_cap;
-+	int set = 1;
- 
- 	/*
- 	 * Remove the STA entry to ensure the STA PS state gets cleared and
-@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
- 	 * FT-over-the-DS, where a station re-associates back to the same AP but
- 	 * skips the authentication flow, or if working with a driver that
- 	 * does not support full AP client state.
-+	 *
-+	 * Skip this if the STA has already completed FT reassociation and the
-+	 * TK has been configured since the TX/RX PN must not be reset to 0 for
-+	 * the same key.
- 	 */
-	if (!sta->added_unassoc)
-+	if (!sta->added_unassoc &&
-+	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
-+	     !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
- 		hostapd_drv_sta_remove(hapd, sta->addr);
-+		wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
-+		set = 0;
-+	}
- 
- #ifdef CONFIG_IEEE80211N
- 	if (sta->flags & WLAN_STA_HT)
-@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
- 			    sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
- 			    sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
- 			    sta->vht_opmode, sta->p2p_ie ? 1 : 0,
-			    sta->added_unassoc)) {
-+			    set)) {
- 		hostapd_logger(hapd, sta->addr,
- 			       HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
- 			       "Could not %s STA to kernel driver",
-			       sta->added_unassoc ? "set" : "add");
-+			       set ? "set" : "add");
- 
- 		if (sta->added_unassoc) {
- 			hostapd_drv_sta_remove(hapd, sta->addr);
-diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
-index 3587086..707971d 100644
--- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
- #else /* CONFIG_IEEE80211R */
- 		break;
- #endif /* CONFIG_IEEE80211R */
-+	case WPA_DRV_STA_REMOVED:
-+		sm->tk_already_set = FALSE;
-+		return 0;
- 	}
- 
- #ifdef CONFIG_IEEE80211R
-@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
- }
- 
- 
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
-+{
-+	if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
-+		return 0;
-+	return sm->tk_already_set;
-+}
-+
-+
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- 			     struct rsn_pmksa_cache_entry *entry)
- {
-diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
-index 0de8d97..97461b0 100644
--- a/src/ap/wpa_auth.h
-+++ b/src/ap/wpa_auth.h
-@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
- 		 u8 *data, size_t data_len);
- enum wpa_event {
- 	WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
-	WPA_REAUTH_EAPOL, WPA_ASSOC_FT
-+	WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
- };
- void wpa_remove_ptk(struct wpa_state_machine *sm);
- int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
-@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
- int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
- int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
- int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- 			     struct rsn_pmksa_cache_entry *entry);
- struct rsn_pmksa_cache_entry *
-diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
-index 42242a5..e63b99a 100644
--- a/src/ap/wpa_auth_ft.c
-+++ b/src/ap/wpa_auth_ft.c
-@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
- 		return;
- 	}
- 
-+	if (sm->tk_already_set) {
-+		/* Must avoid TK reconfiguration to prevent clearing of TX/RX
-+		 * PN in the driver */
-+		wpa_printf(MSG_DEBUG,
-+			   "FT: Do not re-install same PTK to the driver");
-+		return;
-+	}
-+
- 	/* FIX: add STA entry to kernel/driver here? The set_key will fail
- 	 * most likely without this.. At the moment, STA entry is added only
- 	 * after association has been completed. This function will be called
-@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
- 
- 	/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
- 	sm->pairwise_set = TRUE;
-+	sm->tk_already_set = TRUE;
- }
- 
- 
-@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
- 
- 	sm->pairwise = pairwise;
- 	sm->PTK_valid = TRUE;
-+	sm->tk_already_set = FALSE;
- 	wpa_ft_install_ptk(sm);
- 
- 	buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
-diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
-index 72b7eb3..7fd8f05 100644
--- a/src/ap/wpa_auth_i.h
-+++ b/src/ap/wpa_auth_i.h
-@@ -65,6 +65,7 @@ struct wpa_state_machine {
- 	struct wpa_ptk PTK;
- 	Boolean PTK_valid;
- 	Boolean pairwise_set;
-+	Boolean tk_already_set;
- 	int keycount;
- 	Boolean Pair;
- 	struct wpa_key_replay_counter {
-- 
-2.7.4
-
--- a/wpa_supplicant.spec
+++ b/wpa_supplicant.spec
@ -1,6 +1,6 @@
 Name:          wpa_supplicant
 Version:       2.11
-Release:       1mamba
+Release:       2mamba
 Summary:       WPA/WPA2/IEEE 802.1x Supplicant
 Group:         Network/Security
 Vendor:        openmamba
@ -9,14 +9,8 @@ Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
 URL:           https://hostap.epitest.fi/wpa_supplicant/
 Source:        https://w1.fi/releases/wpa_supplicant-%{version}.tar.gz
 Source1:       wpa_supplicant.conf
-Patch1:        %{name}-0.7.3-defconfig_enable_dbus.patch
-Patch2:        %{name}-0.7.3-dbus_service_fix_path.patch
-Patch3:        %{name}-0.7.3-emit_property_changed_events_when_BSSs_property_changed.patch
-Patch4:        %{name}-0.7.3-enable_NL80211.patch
-Patch5:        %{name}-1.0-gcc-4.7.patch
-Patch6:        wpa_supplicant-1.0-wpagui-getopt.patch.patch
 Patch7:        wpa_supplicant-1.0-gcc-4.7.patch
-Patch8:        wpa_supplicant-2.6-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
+Patch9:        wpa_supplicant-2.11-revert-Mark-authorization-completed-on-driver-indica.patch
 License:       GPL
 ## AUTOBUILDREQ-BEGIN
 BuildRequires: glibc-devel
@ -45,9 +39,8 @@ This package contains the QT4 GUI.

 %prep
 %setup -q
-#%patch1 -p1
 %patch 7 -p1
-#%patch8 -p1
+%patch 9 -p1 -b .revert-Mark-authorization-completed-on-driver-indica

 %build
 cd wpa_supplicant
@ -128,6 +121,9 @@ fi
 %endif

 %changelog
+* Fri Oct 18 2024 Automatic Build System <autodist@openmamba.org> 2.11-2mamba
+- revert commit breaking authorization on brcmfmac with old kernels (rpi)
+
 * Sun Jul 21 2024 Automatic Build System <autodist@openmamba.org> 2.11-1mamba
 - automatic version update by autodist