diff options
Diffstat (limited to 'core')
-rwxr-xr-x | core/efibootmgr/PKGBUILD | 30 | ||||
-rw-r--r-- | core/efivar/PKGBUILD | 36 | ||||
-rw-r--r-- | core/grep/PKGBUILD | 6 | ||||
-rw-r--r-- | core/wpa_supplicant/0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch | 74 | ||||
-rw-r--r-- | core/wpa_supplicant/PKGBUILD | 35 | ||||
-rw-r--r-- | core/wpa_supplicant/config | 120 | ||||
-rw-r--r-- | core/wpa_supplicant/hostap_allow-linking-with-libnl-3.2.patch | 12 |
7 files changed, 178 insertions, 135 deletions
diff --git a/core/efibootmgr/PKGBUILD b/core/efibootmgr/PKGBUILD index 2a6515a72..d1552f30e 100755 --- a/core/efibootmgr/PKGBUILD +++ b/core/efibootmgr/PKGBUILD @@ -1,15 +1,18 @@ -# $Id: PKGBUILD 197808 2013-10-30 11:03:08Z allan $ +# $Id: PKGBUILD 206469 2014-02-27 10:35:34Z tpowa $ # Maintainer: Tobias Powalowski <tpowa@archlinux.org> # Contributor: Murtuza Akhtari <inxsible at gmail dot com> -# Contributor: Keshav Padram Amburay <(the.ridikulus.rat) (aatt) (gemmaeiil) (ddoott) (ccoomm)> +# Contributor: Keshav Amburay <(the ddoott ridikulus ddoott rat) (aatt) (gemmaeiil) (ddoott) (ccoomm)> -pkgname="efibootmgr" +_pkgname="efibootmgr" +pkgname="${_pkgname}" -_gitroot="git://github.com/vathpela/efibootmgr.git" -_gitname="${pkgname}-pjones" -_gitbranch="libefivars" +_gitroot="https://github.com/vathpela/efibootmgr.git" +_gitname="${_pkgname}" +_gitbranch="master" -pkgver=0.6.0.138.1132342 +_GIT_COMMIT="f4e29e4200ed1e866c9cf98d2ebdcb8ac2e9826c" + +pkgver=0.6.1.29.gf4e29e4 pkgrel=1 pkgdesc="Tool to modify UEFI Firmware Boot Manager Variables" arch=('x86_64' 'i686') @@ -17,21 +20,16 @@ url="https://github.com/vathpela/efibootmgr" license=('GPL2') makedepends=('git') depends=('pciutils' 'efivar' 'zlib') +conflicts=("${_pkgname}-pjones") +provides=("${_pkgname}-pjones=${pkgver}") options=('strip' 'zipman' '!emptydirs') -source=("${_gitname}::git+${_gitroot}#branch=${_gitbranch}") +source=("${_gitname}::git+${_gitroot}#commit=${_GIT_COMMIT}") sha1sums=('SKIP') pkgver() { cd "${srcdir}/${_gitname}/" - - _RELEASE_MAJOR="$(grep 'RELEASE_MAJOR' "${srcdir}/${_gitname}/Makefile" | head -1 | sed -e 's|RELEASE_MAJOR := ||g')" - _RELEASE_MINOR="$(grep 'RELEASE_MINOR' "${srcdir}/${_gitname}/Makefile" | head -1 | sed -e 's|RELEASE_MINOR := ||g')" - _RELEASE_SUBLEVEL="$(grep 'RELEASE_SUBLEVEL' "${srcdir}/${_gitname}/Makefile" | head -1 | sed -e 's|RELEASE_SUBLEVEL := ||g')" - - _ACTUAL_VER="$(echo ${_RELEASE_MAJOR}.${_RELEASE_MINOR}.${_RELEASE_SUBLEVEL} | sed 's| ||g')" - - echo "${_ACTUAL_VER}.$(git rev-list --count HEAD).$(git rev-parse --short HEAD)" + echo "$(git describe --tags)" | sed -e 's|-|\.|g' } build() { diff --git a/core/efivar/PKGBUILD b/core/efivar/PKGBUILD index e8d8995d1..82913db7c 100644 --- a/core/efivar/PKGBUILD +++ b/core/efivar/PKGBUILD @@ -1,24 +1,24 @@ -# $Id: PKGBUILD 199468 2013-11-13 11:07:43Z tpowa $ +# $Id: PKGBUILD 206468 2014-02-27 10:35:33Z tpowa $ # Maintainer : Tobias Powalowski <tpowa@archlinux.org> -# Contributor : Keshav Padram <(the.ridikulus.rat) (aatt) (gemmaeiil) (ddoott) (ccoomm)> - -_gitroot="git://github.com/vathpela/efivar.git" -_gitname="efivar" -_gitbranch="master" +# Contributor : Keshav Amburay <(the ddoott ridikulus ddoott rat) (aatt) (gemmaeiil) (ddoott) (ccoomm)> _pkgname="efivar" pkgname="${_pkgname}" +_gitroot="https://github.com/vathpela/efivar.git" +_gitname="${_pkgname}" +_gitbranch="master" + pkgdesc="Library to manipulate EFI variables" pkgver=0.7 -pkgrel=1 +pkgrel=2 arch=('x86_64' 'i686') url="https://github.com/vathpela/efivar" license=('LGPL2.1') makedepends=('git') depends=('popt') conflicts=('libefivar') -provides=('libefivar') +provides=("libefivar=${pkgver}") options=('zipman' 'docs' '!makeflags') source=("${_gitname}::git+${_gitroot}#tag=${pkgver}") @@ -26,18 +26,28 @@ sha1sums=('SKIP') pkgver() { cd "${srcdir}/${_gitname}/" - echo "$(git describe --tags)" | sed 's|-|\.|g' + echo "$(git describe --tags)" | sed -e 's|-|\.|g' } -build() { +prepare() { + + cd "${srcdir}/${_gitname}/" + + git clean -x -d -f + echo rm -rf "${srcdir}/${_gitname}_build/" || true cp -r "${srcdir}/${_gitname}" "${srcdir}/${_gitname}_build" cd "${srcdir}/${_gitname}_build/" - git clean -x -d -f - echo + sed 's|-rpath=$(TOPDIR)/src/|-rpath=$(libdir)|g' -i "${srcdir}/${_gitname}_build/src/test/Makefile" || true + +} + +build() { + + cd "${srcdir}/${_gitname}_build/" unset CFLAGS unset CPPFLAGS @@ -45,8 +55,6 @@ build() { unset LDFLAGS unset MAKEFLAGS - sed 's|-rpath=$(TOPDIR)/src/|-rpath=$(libdir)|g' -i "${srcdir}/${_gitname}_build/src/test/Makefile" || true - make libdir="/usr/lib/" bindir="/usr/bin/" mandir="/usr/share/man/" includedir="/usr/include/" V=1 -j1 echo diff --git a/core/grep/PKGBUILD b/core/grep/PKGBUILD index 1823febb6..0b91dcefb 100644 --- a/core/grep/PKGBUILD +++ b/core/grep/PKGBUILD @@ -1,9 +1,9 @@ -# $Id: PKGBUILD 203054 2014-01-03 00:30:46Z allan $ +# $Id: PKGBUILD 206460 2014-02-26 23:09:38Z allan $ # Maintainer: Allan McRae <allan@archlinux.org> # Contributor: judd <jvinet@zeroflux.org> pkgname=grep -pkgver=2.16 +pkgver=2.18 pkgrel=1 pkgdesc="A string search utility" arch=('i686' 'x86_64') @@ -14,7 +14,7 @@ depends=('glibc' 'pcre' 'sh') makedepends=('texinfo') install=${pkgname}.install source=(ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz{,.sig}) -md5sums=('502350a6c8f7c2b12ee58829e760b44d' +md5sums=('7439f8266f50844b56cc3e2721606541' 'SKIP') build() { diff --git a/core/wpa_supplicant/0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch b/core/wpa_supplicant/0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch new file mode 100644 index 000000000..8b0b1b351 --- /dev/null +++ b/core/wpa_supplicant/0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch @@ -0,0 +1,74 @@ +From b62d5b5450101676a0c05691b4bcd94e11426397 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Wed, 19 Feb 2014 11:56:02 +0200 +Subject: [PATCH] Revert "OpenSSL: Do not accept SSL Client certificate for + server" + +This reverts commit 51e3eafb68e15e78e98ca955704be8a6c3a7b304. There are +too many deployed AAA servers that include both id-kp-clientAuth and +id-kp-serverAuth EKUs for this change to be acceptable as a generic rule +for AAA authentication server validation. OpenSSL enforces the policy of +not connecting if only id-kp-clientAuth is included. If a valid EKU is +listed with it, the connection needs to be accepted. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/crypto/tls.h | 3 +-- + src/crypto/tls_openssl.c | 13 ------------- + 2 files changed, 1 insertion(+), 15 deletions(-) + +diff --git a/src/crypto/tls.h b/src/crypto/tls.h +index 287fd33..feba13f 100644 +--- a/src/crypto/tls.h ++++ b/src/crypto/tls.h +@@ -41,8 +41,7 @@ enum tls_fail_reason { + TLS_FAIL_ALTSUBJECT_MISMATCH = 6, + TLS_FAIL_BAD_CERTIFICATE = 7, + TLS_FAIL_SERVER_CHAIN_PROBE = 8, +- TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9, +- TLS_FAIL_SERVER_USED_CLIENT_CERT = 10 ++ TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9 + }; + + union tls_event_data { +diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c +index a13fa38..8cf1de8 100644 +--- a/src/crypto/tls_openssl.c ++++ b/src/crypto/tls_openssl.c +@@ -105,7 +105,6 @@ struct tls_connection { + unsigned int ca_cert_verify:1; + unsigned int cert_probe:1; + unsigned int server_cert_only:1; +- unsigned int server:1; + + u8 srv_cert_hash[32]; + +@@ -1480,16 +1479,6 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) + TLS_FAIL_SERVER_CHAIN_PROBE); + } + +- if (!conn->server && err_cert && preverify_ok && depth == 0 && +- (err_cert->ex_flags & EXFLAG_XKUSAGE) && +- (err_cert->ex_xkusage & XKU_SSL_CLIENT)) { +- wpa_printf(MSG_WARNING, "TLS: Server used client certificate"); +- openssl_tls_fail_event(conn, err_cert, err, depth, buf, +- "Server used client certificate", +- TLS_FAIL_SERVER_USED_CLIENT_CERT); +- preverify_ok = 0; +- } +- + if (preverify_ok && context->event_cb != NULL) + context->event_cb(context->cb_ctx, + TLS_CERT_CHAIN_SUCCESS, NULL); +@@ -2541,8 +2530,6 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data, + int res; + struct wpabuf *out_data; + +- conn->server = !!server; +- + /* + * Give TLS handshake data from the server (if available) to OpenSSL + * for processing. +-- +1.9.0 + diff --git a/core/wpa_supplicant/PKGBUILD b/core/wpa_supplicant/PKGBUILD index e99d67561..b7fe9b38e 100644 --- a/core/wpa_supplicant/PKGBUILD +++ b/core/wpa_supplicant/PKGBUILD @@ -1,35 +1,42 @@ -# $Id: PKGBUILD 187048 2013-06-03 11:15:42Z allan $ +# $Id: PKGBUILD 206485 2014-02-27 17:25:23Z thomas $ # Maintainer: Thomas Bächler <thomas@archlinux.org> pkgname=wpa_supplicant -pkgver=2.0 -pkgrel=4 +pkgver=2.1 +pkgrel=3 pkgdesc="A utility providing key negotiation for WPA wireless networks" url="http://hostap.epitest.fi/wpa_supplicant" arch=('i686' 'x86_64') -depends=('openssl' 'dbus-core' 'readline' 'libnl') +depends=('openssl' 'libdbus' 'readline' 'libnl') optdepends=('wpa_supplicant_gui: wpa_gui program') license=('GPL') backup=('etc/wpa_supplicant/wpa_supplicant.conf') source=("http://w1.fi/releases/${pkgname}-${pkgver}.tar.gz" - config) -md5sums=('3be2ebfdcced52e00eda0afe2889839d' - '4aa1e5accd604091341b989b47fe1076') + config + 0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch) +sha256sums=('91632e7e3b49a340ce408e2f978a93546a697383abf2e5a60f146faae9e1b277' + '522b1e2b330bd3fcb9c3c964b0f05ad197a2f1160741835a47585ea45ba8e0a4' + '3c85fa2cf2465fea86383eece75fa5479507a174da6f0cd09e691fbaaca03c74') -build() { +prepare() { cd "${srcdir}/${pkgname}-${pkgver}/" - cd "${pkgname}" + patch -p1 -i "${srcdir}"/0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch + cd "${pkgname}/" cp "${srcdir}/config" ./.config +} - sed -i 's@/usr/local@$(PREFIX)@g' Makefile +build() { + cd "${srcdir}/${pkgname}-${pkgver}/${pkgname}" - make PREFIX=/usr + # The Makefile does not pick up our CPPFLAGS + export CFLAGS="$CPPFLAGS $CFLAGS" + make LIBDIR=/usr/lib BINDIR=/usr/bin } package() { cd "${srcdir}/${pkgname}-${pkgver}/${pkgname}" - make PREFIX=/usr DESTDIR="${pkgdir}" install + make LIBDIR=/usr/lib BINDIR=/usr/bin DESTDIR="${pkgdir}" install install -d -m755 "${pkgdir}/etc/wpa_supplicant" install -m644 wpa_supplicant.conf "${pkgdir}/etc/wpa_supplicant/wpa_supplicant.conf" @@ -47,8 +54,4 @@ package() { install -d -m755 "${pkgdir}/usr/lib/systemd/system" install -m644 systemd/*.service "${pkgdir}/usr/lib/systemd/system/" - - # usrmove - cd "$pkgdir"/usr - mv sbin bin } diff --git a/core/wpa_supplicant/config b/core/wpa_supplicant/config index 50426bf92..c1035b484 100644 --- a/core/wpa_supplicant/config +++ b/core/wpa_supplicant/config @@ -20,63 +20,6 @@ # used to fix build issues on such systems (krb5.h not found). #CFLAGS += -I/usr/include/kerberos -# Example configuration for various cross-compilation platforms - -#### sveasoft (e.g., for Linksys WRT54G) ###################################### -#CC=mipsel-uclibc-gcc -#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc -#CFLAGS += -Os -#CPPFLAGS += -I../src/include -I../../src/router/openssl/include -#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl -############################################################################### - -#### openwrt (e.g., for Linksys WRT54G) ####################################### -#CC=mipsel-uclibc-gcc -#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc -#CFLAGS += -Os -#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \ -# -I../WRT54GS/release/src/include -#LIBS = -lssl -############################################################################### - - -# Driver interface for Host AP driver -#CONFIG_DRIVER_HOSTAP=y - -# Driver interface for Agere driver -#CONFIG_DRIVER_HERMES=y -# Change include directories to match with the local setup -#CFLAGS += -I../../hcf -I../../include -I../../include/hcf -#CFLAGS += -I../../include/wireless - -# Driver interface for madwifi driver -# Deprecated; use CONFIG_DRIVER_WEXT=y instead. -#CONFIG_DRIVER_MADWIFI=y -# Set include directory to the madwifi source tree -#CFLAGS += -I../../madwifi - -# Driver interface for ndiswrapper -# Deprecated; use CONFIG_DRIVER_WEXT=y instead. -#CONFIG_DRIVER_NDISWRAPPER=y - -# Driver interface for Atmel driver -#CONFIG_DRIVER_ATMEL=y - -# Driver interface for old Broadcom driver -# Please note that the newer Broadcom driver ("hybrid Linux driver") supports -# Linux wireless extensions and does not need (or even work) with the old -# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver. -#CONFIG_DRIVER_BROADCOM=y -# Example path for wlioctl.h; change to match your configuration -#CFLAGS += -I/opt/WRT54GS/release/src/include - -# Driver interface for Intel ipw2100/2200 driver -# Deprecated; use CONFIG_DRIVER_WEXT=y instead. -#CONFIG_DRIVER_IPW=y - -# Driver interface for Ralink driver -#CONFIG_DRIVER_RALINK=y - # Driver interface for generic Linux wireless extensions # Note: WEXT is deprecated in the current Linux kernel version and no new # functionality is added to it. nl80211-based interface is the new @@ -88,6 +31,19 @@ CONFIG_DRIVER_WEXT=y # Driver interface for Linux drivers using the nl80211 kernel interface CONFIG_DRIVER_NL80211=y +# driver_nl80211.c requires libnl. If you are compiling it yourself +# you may need to point hostapd to your version of libnl. +# +#CFLAGS += -I$<path to libnl include files> +#LIBS += -L$<path to libnl library files> + +# Use libnl v2.0 (or 3.0) libraries. +#CONFIG_LIBNL20=y + +# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) +CONFIG_LIBNL32=y + + # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) #CONFIG_DRIVER_BSD=y #CFLAGS += -I/usr/local/include @@ -147,11 +103,10 @@ CONFIG_EAP_PEAP=y CONFIG_EAP_TTLS=y # EAP-FAST -# Note: Default OpenSSL package does not include support for all the -# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, -# the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch) -# to add the needed functions. -#CONFIG_EAP_FAST=y +# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed +# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., +# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. +CONFIG_EAP_FAST=y # EAP-GTC CONFIG_EAP_GTC=y @@ -210,6 +165,9 @@ CONFIG_WPS_NFC=y # EAP-IKEv2 #CONFIG_EAP_IKEV2=y +# EAP-EKE +#CONFIG_EAP_EKE=y + # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y @@ -225,6 +183,9 @@ CONFIG_SMARTCARD=y # Support HT overrides (disable HT/HT40, mask MCS rates, etc.) CONFIG_HT_OVERRIDES=y +# Support VHT overrides (disable VHT, mask MCS rates, etc.) +CONFIG_VHT_OVERRIDES=y + # Development testing #CONFIG_EAPOL_TEST=y @@ -258,11 +219,6 @@ CONFIG_READLINE=y # 35-50 kB in code size. #CONFIG_NO_WPA=y -# Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to -# save about 1 kB in code size when building only WPA-Personal (no EAP support) -# or 6 kB if building for WPA-Enterprise. -#CONFIG_NO_WPA2=y - # Remove IEEE 802.11i/WPA-Personal ASCII passphrase support # This option can be used to reduce code size by removing support for # converting ASCII passphrases into PSK. If this functionality is removed, the @@ -306,7 +262,6 @@ CONFIG_BACKEND=file # Select event loop implementation # eloop = select() loop (default) # eloop_win = Windows events and WaitForMultipleObject() loop -# eloop_none = Empty template #CONFIG_ELOOP=eloop # Should we use poll instead of select? Select is used by default. @@ -326,7 +281,7 @@ CONFIG_PEERKEY=y # IEEE 802.11w (management frame protection), also known as PMF # Driver support is also needed for IEEE 802.11w. -#CONFIG_IEEE80211W=y +CONFIG_IEEE80211W=y # Select TLS implementation # openssl = OpenSSL (default) @@ -420,6 +375,10 @@ CONFIG_DEBUG_FILE=y # same file, e.g., using trace-cmd. #CONFIG_DEBUG_LINUX_TRACING=y +# Add support for writing debug log to Android logcat instead of standard +# output +#CONFIG_ANDROID_LOG=y + # Enable privilege separation (see README 'Privilege separation' for details) #CONFIG_PRIVSEP=y @@ -477,7 +436,11 @@ CONFIG_DEBUG_FILE=y CONFIG_NO_RANDOM_POOL=y # IEEE 802.11n (High Throughput) support (mainly for AP mode) -#CONFIG_IEEE80211N=y +CONFIG_IEEE80211N=y + +# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) +# (depends on CONFIG_IEEE80211N) +CONFIG_IEEE80211AC=y # Wireless Network Management (IEEE Std 802.11v-2011) # Note: This is experimental and not complete implementation. @@ -492,6 +455,9 @@ CONFIG_NO_RANDOM_POOL=y # Hotspot 2.0 #CONFIG_HS20=y +# Disable roaming in wpa_supplicant +#CONFIG_NO_ROAMING=y + # AP mode operations with wpa_supplicant # This can be used for controlling AP mode operations with wpa_supplicant. It # should be noted that this is mainly aimed at simple cases like @@ -504,9 +470,17 @@ CONFIG_AP=y # more information on P2P operations. CONFIG_P2P=y +# Enable TDLS support +CONFIG_TDLS=y + +# Wi-Fi Direct +# This can be used to enable Wi-Fi Direct extensions for P2P using an external +# program to control the additional information exchanges in the messages. +CONFIG_WIFI_DISPLAY=y + # Autoscan # This can be used to enable automatic scan support in wpa_supplicant. -# See wpa_supplicant.conf for more information on autoscan usage. +# See wpa_supplicant.conf for more information on autoscan usage. # # Enabling directly a module will enable autoscan support. # For exponential module: @@ -522,9 +496,7 @@ CONFIG_AUTOSCAN_PERIODIC=y # External password backend for testing purposes (developer use) #CONFIG_EXT_PASSWORD_TEST=y -CONFIG_LIBNL32=y - -# More options that are not in defconfig: +# Options that are present not in defconfig: # RSN IBSS/AdHoc support CONFIG_IBSS_RSN=y diff --git a/core/wpa_supplicant/hostap_allow-linking-with-libnl-3.2.patch b/core/wpa_supplicant/hostap_allow-linking-with-libnl-3.2.patch deleted file mode 100644 index 5d8903906..000000000 --- a/core/wpa_supplicant/hostap_allow-linking-with-libnl-3.2.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up wpa_supplicant-1.0-rc2/src/drivers/drivers.mak.foo wpa_supplicant-1.0-rc2/src/drivers/drivers.mak ---- wpa_supplicant-1.0-rc2/src/drivers/drivers.mak.foo 2012-03-02 16:11:43.176448714 -0600 -+++ wpa_supplicant-1.0-rc2/src/drivers/drivers.mak 2012-03-02 16:12:29.759866341 -0600 -@@ -48,7 +48,7 @@ NEED_RFKILL=y - ifdef CONFIG_LIBNL32 - DRV_LIBS += -lnl-3 - DRV_LIBS += -lnl-genl-3 -- DRV_CFLAGS += -DCONFIG_LIBNL20 -+ DRV_CFLAGS += -DCONFIG_LIBNL20 `pkg-config --cflags libnl-3.0` - else - ifdef CONFIG_LIBNL_TINY - DRV_LIBS += -lnl-tiny |