initial buildroot for linux 5.15

This commit is contained in:
Huan.Feng
2021-12-06 14:12:13 +08:00
parent d7767d594e
commit 7b6fc358fa
12736 changed files with 508822 additions and 0 deletions
@@ -0,0 +1,77 @@
From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Thu, 29 Aug 2019 11:52:04 +0300
Subject: [PATCH] AP: Silently ignore management frame from unexpected source
address
Do not process any received Management frames with unexpected/invalid SA
so that we do not add any state for unexpected STA addresses or end up
sending out frames to unexpected destination. This prevents unexpected
sequences where an unprotected frame might end up causing the AP to send
out a response to another device and that other device processing the
unexpected response.
In particular, this prevents some potential denial of service cases
where the unexpected response frame from the AP might result in a
connected station dropping its association.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Retrieved from:
https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch]
---
src/ap/drv_callbacks.c | 13 +++++++++++++
src/ap/ieee802_11.c | 12 ++++++++++++
2 files changed, 25 insertions(+)
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 31587685fe3b..34ca379edc3d 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
"hostapd_notif_assoc: Skip event with no address");
return -1;
}
+
+ if (is_multicast_ether_addr(addr) ||
+ is_zero_ether_addr(addr) ||
+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
+ " in received indication - ignore this indication silently",
+ __func__, MAC2STR(addr));
+ return 0;
+ }
+
random_add_randomness(addr, ETH_ALEN);
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index c85a28db44b7..e7065372e158 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
fc = le_to_host16(mgmt->frame_control);
stype = WLAN_FC_GET_STYPE(fc);
+ if (is_multicast_ether_addr(mgmt->sa) ||
+ is_zero_ether_addr(mgmt->sa) ||
+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
+ " in received frame - ignore this frame silently",
+ MAC2STR(mgmt->sa));
+ return 0;
+ }
+
if (stype == WLAN_FC_STYPE_BEACON) {
handle_beacon(hapd, mgmt, len, fi);
return 1;
--
2.20.1
@@ -0,0 +1,116 @@
From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 13 Mar 2021 18:19:31 +0200
Subject: [PATCH] ASN.1: Validate DigestAlgorithmIdentifier parameters
The supported hash algorithms do not use AlgorithmIdentifier parameters.
However, there are implementations that include NULL parameters in
addition to ones that omit the parameters. Previous implementation did
not check the parameters value at all which supported both these cases,
but did not reject any other unexpected information.
Use strict validation of digest algorithm parameters and reject any
unexpected value when validating a signature. This is needed to prevent
potential forging attacks.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/tls/pkcs1.c | 21 +++++++++++++++++++++
src/tls/x509v3.c | 20 ++++++++++++++++++++
2 files changed, 41 insertions(+)
diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c
index bbdb0d72d..5761dfed0 100644
--- a/src/tls/pkcs1.c
+++ b/src/tls/pkcs1.c
@@ -244,6 +244,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
os_free(decrypted);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo",
+ hdr.payload, hdr.length);
pos = hdr.payload;
end = pos + hdr.length;
@@ -265,6 +267,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
os_free(decrypted);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier",
+ hdr.payload, hdr.length);
da_end = hdr.payload + hdr.length;
if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
@@ -273,6 +277,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
os_free(decrypted);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters",
+ next, da_end - next);
+
+ /*
+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
+ * omit the parameters, but there are implementation that encode these
+ * as a NULL element. Allow these two cases and reject anything else.
+ */
+ if (da_end > next &&
+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
+ !asn1_is_null(&hdr) ||
+ hdr.payload + hdr.length != da_end)) {
+ wpa_printf(MSG_DEBUG,
+ "PKCS #1: Unexpected digest algorithm parameters");
+ os_free(decrypted);
+ return -1;
+ }
if (!asn1_oid_equal(&oid, hash_alg)) {
char txt[100], txt2[100];
diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index a8944dd2f..df337ec4d 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -1964,6 +1964,7 @@ int x509_check_signature(struct x509_certificate *issuer,
os_free(data);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length);
pos = hdr.payload;
end = pos + hdr.length;
@@ -1985,6 +1986,8 @@ int x509_check_signature(struct x509_certificate *issuer,
os_free(data);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier",
+ hdr.payload, hdr.length);
da_end = hdr.payload + hdr.length;
if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
@@ -1992,6 +1995,23 @@ int x509_check_signature(struct x509_certificate *issuer,
os_free(data);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters",
+ next, da_end - next);
+
+ /*
+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
+ * omit the parameters, but there are implementation that encode these
+ * as a NULL element. Allow these two cases and reject anything else.
+ */
+ if (da_end > next &&
+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
+ !asn1_is_null(&hdr) ||
+ hdr.payload + hdr.length != da_end)) {
+ wpa_printf(MSG_DEBUG,
+ "X509: Unexpected digest algorithm parameters");
+ os_free(data);
+ return -1;
+ }
if (x509_sha1_oid(&oid)) {
if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) {
--
2.20.1
@@ -0,0 +1,32 @@
From 99cf89555313056d3a8fa54b21d02dc880b363e1 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Mon, 20 Apr 2020 20:29:31 +0300
Subject: [PATCH] Include stdbool.h to allow C99 bool to be used
We have practically started requiring some C99 features, so might as
well finally go ahead and bring in the C99 bool as well.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
[geomatsi@gmail.com: backport from upstream]
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[yann.morin.1998@free.fr: keep upstream sha1 in header, drop numbering]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---
src/utils/includes.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/utils/includes.h b/src/utils/includes.h
index 75513fc8c..741fc9c14 100644
--- a/src/utils/includes.h
+++ b/src/utils/includes.h
@@ -18,6 +18,7 @@
#include <stdlib.h>
#include <stddef.h>
+#include <stdbool.h>
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
--
2.25.1
@@ -0,0 +1,37 @@
From 9a990e8c4eb92dd64e0ec483599820e45c35ac23 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 13 Mar 2021 23:14:23 +0200
Subject: [PATCH] ASN.1: Add helper functions for recognizing tag values
Signed-off-by: Jouni Malinen <j@w1.fi>
[geomatsi@gmail.com: backport asn1_is_null() from upstream 9a990e8c4eb9]
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[yann.morin.1998@free.fr:
- reformat, keep the upstream sha1 and title,
- drop numbering
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---
src/tls/asn1.h | 102 +++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 102 insertions(+)
diff --git a/src/tls/asn1.h b/src/tls/asn1.h
index de3430adb..a4d1be473 100644
--- a/src/tls/asn1.h
+++ b/src/tls/asn1.h
@@ -66,6 +66,12 @@ struct wpabuf * asn1_build_alg_id(const struct asn1_oid *oid,
unsigned long asn1_bit_string_to_long(const u8 *buf, size_t len);
int asn1_oid_equal(const struct asn1_oid *a, const struct asn1_oid *b);
+static inline bool asn1_is_null(const struct asn1_hdr *hdr)
+{
+ return hdr->class == ASN1_CLASS_UNIVERSAL &&
+ hdr->tag == ASN1_TAG_NULL;
+}
+
extern struct asn1_oid asn1_sha1_oid;
extern struct asn1_oid asn1_sha256_oid;
--
2.25.1
@@ -0,0 +1,4 @@
disable wpa_supplicant@.service
disable wpa_supplicant-nl80211@.service
disable wpa_supplicant-wired@.service
+162
View File
@@ -0,0 +1,162 @@
menuconfig BR2_PACKAGE_WPA_SUPPLICANT
bool "wpa_supplicant"
depends on BR2_USE_MMU # fork()
select BR2_PACKAGE_LIBOPENSSL_ENABLE_DES if BR2_PACKAGE_LIBOPENSSL
select BR2_PACKAGE_LIBOPENSSL_ENABLE_MD4 if BR2_PACKAGE_LIBOPENSSL
help
WPA supplicant for secure wireless networks
http://w1.fi/wpa_supplicant/
if BR2_PACKAGE_WPA_SUPPLICANT
config BR2_PACKAGE_WPA_SUPPLICANT_NL80211
bool "Enable nl80211 support"
default y
depends on BR2_TOOLCHAIN_HAS_THREADS # libnl
select BR2_PACKAGE_LIBNL
help
Enable support for nl80211. This is the current wireless
API for Linux, supported by all wireless drivers in vanilla
Linux, but may not be supported by some out-of-tree Linux
wireless drivers. wpa_supplicant will still fall back to
using the Wireless Extensions (wext) API with these drivers.
If this option is disabled, then only the deprecated wext
API will be supported, with far less features. Linux may
supports using wext with modern drivers using a
compatibility layer, but it must be enabled in the kernel
configuration.
comment "nl80211 support needs a toolchain w/ threads"
depends on !BR2_TOOLCHAIN_HAS_THREADS
config BR2_PACKAGE_WPA_SUPPLICANT_WEXT
bool "Enable wext (deprecated)"
default y if !BR2_TOOLCHAIN_HAS_THREADS
help
Enable support for wext. This is the historic wireless API
for Linux, which is now deprecated and in maintenance-only in
the kernel. It may still be required by out-of-tree drivers.
config BR2_PACKAGE_WPA_SUPPLICANT_WIRED
bool "Enable wired support"
select BR2_PACKAGE_WPA_SUPPLICANT_EAP
help
Include the "wired" driver, so the internal IEEE 802.1x
supplicant can be used with Ethernet. This also enables
support for MACSEC.
comment "wpa_supplicant will be useless without at least one driver"
depends on !BR2_PACKAGE_WPA_SUPPLICANT_NL80211 && \
!BR2_PACKAGE_WPA_SUPPLICANT_WEXT && \
!BR2_PACKAGE_WPA_SUPPLICANT_WIRED
config BR2_PACKAGE_WPA_SUPPLICANT_IBSS_RSN
bool "Enable IBSS RSN"
depends on BR2_PACKAGE_WPA_SUPPLICANT_NL80211
help
Enable support for RSN/WPA2 in Ad-Hoc mode.
config BR2_PACKAGE_WPA_SUPPLICANT_AP_SUPPORT
bool "Enable AP mode"
depends on BR2_PACKAGE_WPA_SUPPLICANT_NL80211
help
With this option enabled, wpa_supplicant can act as an
access point much like hostapd does with a limited feature
set. This links in parts of hostapd functionality into
wpa_supplicant, making it bigger but dispensing the need for
a separate hostapd binary in some applications hence being
smaller overall. It also enables support for Wi-Fi Direct.
config BR2_PACKAGE_WPA_SUPPLICANT_WIFI_DISPLAY
bool "Enable Wi-Fi Display"
depends on BR2_PACKAGE_WPA_SUPPLICANT_AP_SUPPORT
help
Enable support for Wi-Fi Display
config BR2_PACKAGE_WPA_SUPPLICANT_MESH_NETWORKING
bool "Enable mesh networking"
depends on BR2_PACKAGE_WPA_SUPPLICANT_AP_SUPPORT
select BR2_PACKAGE_OPENSSL
select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL
help
Enable support for open and secured mesh networking
(IEEE 802.11s)
config BR2_PACKAGE_WPA_SUPPLICANT_AUTOSCAN
bool "Enable autoscan"
help
Enable support for the autoscan feature (allow periodic scan)
config BR2_PACKAGE_WPA_SUPPLICANT_EAP
bool "Enable EAP"
help
Enable support for EAP, 802.1x/WPA-Enterprise and FILS.
config BR2_PACKAGE_WPA_SUPPLICANT_HOTSPOT
bool "Enable HS20"
select BR2_PACKAGE_WPA_SUPPLICANT_EAP
help
Enable Hotspot 2.0 and IEEE 802.11u interworking
functionality.
config BR2_PACKAGE_WPA_SUPPLICANT_DEBUG_SYSLOG
bool "Enable syslog support"
help
Enable support for sending debug messages to syslog.
config BR2_PACKAGE_WPA_SUPPLICANT_WPS
bool "Enable WPS"
help
Enable support for Wi-Fi Protected Setup (WPS).
config BR2_PACKAGE_WPA_SUPPLICANT_WPA3
bool "Enable WPA3 support"
select BR2_PACKAGE_OPENSSL
select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL
help
Enable WPA3 support including OWE, SAE, DPP
config BR2_PACKAGE_WPA_SUPPLICANT_CLI
bool "Install wpa_cli binary"
select BR2_PACKAGE_WPA_SUPPLICANT_CTRL_IFACE
help
Install wpa_cli command line utility
config BR2_PACKAGE_WPA_SUPPLICANT_WPA_CLIENT_SO
bool "Install wpa_client shared library"
depends on !BR2_STATIC_LIBS
help
Install libwpa_client.so.
comment "wpa_client library needs a toolchain w/ dynamic library"
depends on BR2_STATIC_LIBS
config BR2_PACKAGE_WPA_SUPPLICANT_PASSPHRASE
bool "Install wpa_passphrase binary"
help
Install wpa_passphrase command line utility.
config BR2_PACKAGE_WPA_SUPPLICANT_CTRL_IFACE
bool "Enable the Unix-socket control interface"
help
Enable support for the Unix-socket-based API.
config BR2_PACKAGE_WPA_SUPPLICANT_DBUS
bool "Enable support for the DBus control interface"
depends on BR2_TOOLCHAIN_HAS_THREADS # dbus
select BR2_PACKAGE_DBUS
help
Enable support for the DBus control interface.
comment "dbus support needs a toolchain w/ threads"
depends on !BR2_TOOLCHAIN_HAS_THREADS
config BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION
bool "Introspection support"
depends on BR2_PACKAGE_WPA_SUPPLICANT_DBUS
help
Add introspection support for the DBus control interface.
endif
@@ -0,0 +1,6 @@
ctrl_interface=/var/run/wpa_supplicant
ap_scan=1
network={
key_mgmt=NONE
}
@@ -0,0 +1,5 @@
# Locally calculated
sha256 fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17 wpa_supplicant-2.9.tar.gz
sha256 9da5dd0776da266b180b915e460ff75c6ff729aca1196ab396529510f24f3761 README
sha256 c4d65cc13863e0237d0644198558e2c47b4ed91e2b2be4516ff590724187c4a5 0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch
sha256 7f40cfec5faf5e927ea9028ab9392cd118685bde7229ad24210caf0a8f6e9611 0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
+263
View File
@@ -0,0 +1,263 @@
################################################################################
#
# wpa_supplicant
#
################################################################################
WPA_SUPPLICANT_VERSION = 2.9
WPA_SUPPLICANT_SITE = http://w1.fi/releases
WPA_SUPPLICANT_PATCH = \
https://w1.fi/security/2020-2/0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch \
https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
WPA_SUPPLICANT_LICENSE = BSD-3-Clause
WPA_SUPPLICANT_LICENSE_FILES = README
WPA_SUPPLICANT_CPE_ID_VENDOR = w1.fi
WPA_SUPPLICANT_CONFIG = $(WPA_SUPPLICANT_DIR)/wpa_supplicant/.config
WPA_SUPPLICANT_SUBDIR = wpa_supplicant
WPA_SUPPLICANT_DBUS_SERVICE = fi.w1.wpa_supplicant1
WPA_SUPPLICANT_CFLAGS = $(TARGET_CFLAGS) -I$(STAGING_DIR)/usr/include/libnl3/
WPA_SUPPLICANT_LDFLAGS = $(TARGET_LDFLAGS)
WPA_SUPPLICANT_SELINUX_MODULES = networkmanager
# 0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
WPA_SUPPLICANT_IGNORE_CVES += CVE-2019-16275
# 0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
WPA_SUPPLICANT_IGNORE_CVES += CVE-2021-27803
# 0002-ASN.1-Validate-DigestAlgorithmIdentifier-parameters.patch
WPA_SUPPLICANT_IGNORE_CVES += CVE-2021-30004
# install the wpa_client library
WPA_SUPPLICANT_INSTALL_STAGING = YES
WPA_SUPPLICANT_CONFIG_EDITS =
WPA_SUPPLICANT_CONFIG_ENABLE = \
CONFIG_INTERNAL_LIBTOMMATH \
CONFIG_MATCH_IFACE
WPA_SUPPLICANT_CONFIG_DISABLE = \
CONFIG_SMARTCARD
# libnl-3 needs -lm (for rint) and -lpthread if linking statically
# And library order matters hence stick -lnl-3 first since it's appended
# in the wpa_supplicant Makefiles as in LIBS+=-lnl-3 ... thus failing
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_NL80211),y)
ifeq ($(BR2_STATIC_LIBS),y)
WPA_SUPPLICANT_LIBS += -lnl-3 -lm -lpthread
endif
WPA_SUPPLICANT_DEPENDENCIES += host-pkgconf libnl
WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_LIBNL32
else
WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_DRIVER_NL80211
endif
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_WEXT),)
WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_DRIVER_WEXT
endif
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_IBSS_RSN), )
WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_IBSS_RSN
endif
# Trailing underscore on purpose to not enable CONFIG_EAPOL_TEST
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_EAP),y)
WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_EAP_
# uses dlopen()
ifeq ($(BR2_STATIC_LIBS),y)
WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_EAP_TNC
endif
else
WPA_SUPPLICANT_CONFIG_DISABLE += \
CONFIG_EAP \
CONFIG_IEEE8021X_EAPOL \
CONFIG_FILS
endif
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_WIRED),)
WPA_SUPPLICANT_CONFIG_DISABLE += \
CONFIG_DRIVER_WIRED \
CONFIG_MACSEC \
CONFIG_DRIVER_MACSEC
endif
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_HOTSPOT),)
WPA_SUPPLICANT_CONFIG_DISABLE += \
CONFIG_HS20 \
CONFIG_INTERWORKING
endif
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_AP_SUPPORT),y)
WPA_SUPPLICANT_CONFIG_ENABLE += \
CONFIG_AP \
CONFIG_P2P
else
WPA_SUPPLICANT_CONFIG_DISABLE += \
CONFIG_AP \
CONFIG_P2P
endif
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_WIFI_DISPLAY),y)
WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_WIFI_DISPLAY
else
WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_WIFI_DISPLAY
endif
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_MESH_NETWORKING),y)
WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_MESH
else
WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_MESH
endif
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_AUTOSCAN),y)
WPA_SUPPLICANT_CONFIG_ENABLE += \
CONFIG_AUTOSCAN_EXPONENTIAL \
CONFIG_AUTOSCAN_PERIODIC
endif
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_WPS),)
WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_WPS
endif
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_WPA3),y)
WPA_SUPPLICANT_CONFIG_ENABLE += \
CONFIG_DPP \
CONFIG_SAE \
CONFIG_OWE
else
WPA_SUPPLICANT_CONFIG_DISABLE += \
CONFIG_DPP \
CONFIG_SAE \
CONFIG_OWE
endif
# Try to use openssl if it's already available
ifeq ($(BR2_PACKAGE_LIBOPENSSL),y)
WPA_SUPPLICANT_DEPENDENCIES += host-pkgconf libopenssl
WPA_SUPPLICANT_LIBS += `$(PKG_CONFIG_HOST_BINARY) --libs openssl`
WPA_SUPPLICANT_CONFIG_EDITS += 's/\#\(CONFIG_TLS=openssl\)/\1/'
else
WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_EAP_PWD CONFIG_EAP_TEAP
WPA_SUPPLICANT_CONFIG_EDITS += 's/\#\(CONFIG_TLS=\).*/\1internal/'
endif
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_CTRL_IFACE),)
WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_CTRL_IFACE\>
endif
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_DBUS),y)
WPA_SUPPLICANT_DEPENDENCIES += host-pkgconf dbus
WPA_SUPPLICANT_MAKE_ENV = \
PKG_CONFIG_SYSROOT_DIR="$(STAGING_DIR)" \
PKG_CONFIG_PATH="$(STAGING_DIR)/usr/lib/pkgconfig"
WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_CTRL_IFACE_DBUS_NEW
define WPA_SUPPLICANT_INSTALL_DBUS_NEW
$(INSTALL) -m 0644 -D \
$(@D)/wpa_supplicant/dbus/$(WPA_SUPPLICANT_DBUS_SERVICE).service \
$(TARGET_DIR)/usr/share/dbus-1/system-services/$(WPA_SUPPLICANT_DBUS_SERVICE).service
endef
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_DBUS_INTROSPECTION),y)
WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_CTRL_IFACE_DBUS_INTRO
endif
else
WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_CTRL_IFACE_DBUS_NEW
endif
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_DEBUG_SYSLOG),)
WPA_SUPPLICANT_CONFIG_DISABLE += CONFIG_DEBUG_SYSLOG
endif
ifeq ($(BR2_PACKAGE_READLINE),y)
WPA_SUPPLICANT_DEPENDENCIES += readline
WPA_SUPPLICANT_CONFIG_ENABLE += CONFIG_READLINE
endif
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_WPA_CLIENT_SO),y)
WPA_SUPPLICANT_CONFIG_SET += CONFIG_BUILD_WPA_CLIENT_SO
define WPA_SUPPLICANT_INSTALL_WPA_CLIENT_SO
$(INSTALL) -m 0644 -D $(@D)/$(WPA_SUPPLICANT_SUBDIR)/libwpa_client.so \
$(TARGET_DIR)/usr/lib/libwpa_client.so
$(INSTALL) -m 0644 -D $(@D)/src/common/wpa_ctrl.h \
$(TARGET_DIR)/usr/include/wpa_ctrl.h
endef
define WPA_SUPPLICANT_INSTALL_STAGING_WPA_CLIENT_SO
$(INSTALL) -m 0644 -D $(@D)/$(WPA_SUPPLICANT_SUBDIR)/libwpa_client.so \
$(STAGING_DIR)/usr/lib/libwpa_client.so
$(INSTALL) -m 0644 -D $(@D)/src/common/wpa_ctrl.h \
$(STAGING_DIR)/usr/include/wpa_ctrl.h
endef
endif
define WPA_SUPPLICANT_CONFIGURE_CMDS
cp $(@D)/wpa_supplicant/defconfig $(WPA_SUPPLICANT_CONFIG)
sed -i $(patsubst %,-e 's/^#\(%\)/\1/',$(WPA_SUPPLICANT_CONFIG_ENABLE)) \
$(patsubst %,-e 's/^\(%\)/#\1/',$(WPA_SUPPLICANT_CONFIG_DISABLE)) \
$(patsubst %,-e '1i%=y',$(WPA_SUPPLICANT_CONFIG_SET)) \
$(patsubst %,-e %,$(WPA_SUPPLICANT_CONFIG_EDITS)) \
$(WPA_SUPPLICANT_CONFIG)
endef
# LIBS for wpa_supplicant, LIBS_c for wpa_cli, LIBS_p for wpa_passphrase
define WPA_SUPPLICANT_BUILD_CMDS
$(TARGET_MAKE_ENV) CFLAGS="$(WPA_SUPPLICANT_CFLAGS)" \
LDFLAGS="$(TARGET_LDFLAGS)" BINDIR=/usr/sbin \
LIBS="$(WPA_SUPPLICANT_LIBS)" LIBS_c="$(WPA_SUPPLICANT_LIBS)" \
LIBS_p="$(WPA_SUPPLICANT_LIBS)" \
$(MAKE) CC="$(TARGET_CC)" -C $(@D)/$(WPA_SUPPLICANT_SUBDIR)
endef
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_CLI),y)
define WPA_SUPPLICANT_INSTALL_CLI
$(INSTALL) -m 0755 -D $(@D)/$(WPA_SUPPLICANT_SUBDIR)/wpa_cli \
$(TARGET_DIR)/usr/sbin/wpa_cli
endef
endif
ifeq ($(BR2_PACKAGE_WPA_SUPPLICANT_PASSPHRASE),y)
define WPA_SUPPLICANT_INSTALL_PASSPHRASE
$(INSTALL) -m 0755 -D $(@D)/$(WPA_SUPPLICANT_SUBDIR)/wpa_passphrase \
$(TARGET_DIR)/usr/sbin/wpa_passphrase
endef
endif
ifeq ($(BR2_PACKAGE_DBUS),y)
define WPA_SUPPLICANT_INSTALL_DBUS
$(INSTALL) -m 0644 -D \
$(@D)/wpa_supplicant/dbus/dbus-wpa_supplicant.conf \
$(TARGET_DIR)/etc/dbus-1/system.d/wpa_supplicant.conf
$(WPA_SUPPLICANT_INSTALL_DBUS_NEW)
endef
endif
define WPA_SUPPLICANT_INSTALL_STAGING_CMDS
$(WPA_SUPPLICANT_INSTALL_STAGING_WPA_CLIENT_SO)
endef
define WPA_SUPPLICANT_INSTALL_TARGET_CMDS
$(INSTALL) -m 0755 -D $(@D)/$(WPA_SUPPLICANT_SUBDIR)/wpa_supplicant \
$(TARGET_DIR)/usr/sbin/wpa_supplicant
$(INSTALL) -m 644 -D package/wpa_supplicant/wpa_supplicant.conf \
$(TARGET_DIR)/etc/wpa_supplicant.conf
$(WPA_SUPPLICANT_INSTALL_CLI)
$(WPA_SUPPLICANT_INSTALL_PASSPHRASE)
$(WPA_SUPPLICANT_INSTALL_DBUS)
$(WPA_SUPPLICANT_INSTALL_WPA_CLIENT_SO)
endef
define WPA_SUPPLICANT_INSTALL_INIT_SYSTEMD
$(INSTALL) -m 0644 -D $(@D)/$(WPA_SUPPLICANT_SUBDIR)/systemd/wpa_supplicant.service \
$(TARGET_DIR)/usr/lib/systemd/system/wpa_supplicant.service
$(INSTALL) -m 0644 -D $(@D)/$(WPA_SUPPLICANT_SUBDIR)/systemd/wpa_supplicant@.service \
$(TARGET_DIR)/usr/lib/systemd/system/wpa_supplicant@.service
$(INSTALL) -m 0644 -D $(@D)/$(WPA_SUPPLICANT_SUBDIR)/systemd/wpa_supplicant-nl80211@.service \
$(TARGET_DIR)/usr/lib/systemd/system/wpa_supplicant-nl80211@.service
$(INSTALL) -m 0644 -D $(@D)/$(WPA_SUPPLICANT_SUBDIR)/systemd/wpa_supplicant-wired@.service \
$(TARGET_DIR)/usr/lib/systemd/system/wpa_supplicant-wired@.service
$(INSTALL) -D -m 644 $(WPA_SUPPLICANT_PKGDIR)/50-wpa_supplicant.preset \
$(TARGET_DIR)/usr/lib/systemd/system-preset/50-wpa_supplicant.preset
endef
$(eval $(generic-package))