From df5772c777a7695022d628e2125a5315cb2d7183 Mon Sep 17 00:00:00 2001 From: Henrik Grimler Date: Tue, 10 Mar 2020 22:06:55 +0100 Subject: [PATCH] wpa-supplicant: add package --- .../wpa-supplicant/CVE-2019-16275.patch | 73 ++++ root-packages/wpa-supplicant/Makefile.patch | 40 +++ root-packages/wpa-supplicant/browser.c.patch | 11 + root-packages/wpa-supplicant/build.sh | 20 ++ root-packages/wpa-supplicant/defconfig.patch | 33 ++ root-packages/wpa-supplicant/doc-paths.patch | 335 ++++++++++++++++++ root-packages/wpa-supplicant/main.c.patch | 11 + root-packages/wpa-supplicant/tncs.c.patch | 11 + 8 files changed, 534 insertions(+) create mode 100644 root-packages/wpa-supplicant/CVE-2019-16275.patch create mode 100644 root-packages/wpa-supplicant/Makefile.patch create mode 100644 root-packages/wpa-supplicant/browser.c.patch create mode 100644 root-packages/wpa-supplicant/build.sh create mode 100644 root-packages/wpa-supplicant/defconfig.patch create mode 100644 root-packages/wpa-supplicant/doc-paths.patch create mode 100644 root-packages/wpa-supplicant/main.c.patch create mode 100644 root-packages/wpa-supplicant/tncs.c.patch diff --git a/root-packages/wpa-supplicant/CVE-2019-16275.patch b/root-packages/wpa-supplicant/CVE-2019-16275.patch new file mode 100644 index 000000000..d764a9db0 --- /dev/null +++ b/root-packages/wpa-supplicant/CVE-2019-16275.patch @@ -0,0 +1,73 @@ +From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Thu, 29 Aug 2019 11:52:04 +0300 +Subject: [PATCH] AP: Silently ignore management frame from unexpected source + address + +Do not process any received Management frames with unexpected/invalid SA +so that we do not add any state for unexpected STA addresses or end up +sending out frames to unexpected destination. This prevents unexpected +sequences where an unprotected frame might end up causing the AP to send +out a response to another device and that other device processing the +unexpected response. + +In particular, this prevents some potential denial of service cases +where the unexpected response frame from the AP might result in a +connected station dropping its association. + +Signed-off-by: Jouni Malinen +--- + src/ap/drv_callbacks.c | 13 +++++++++++++ + src/ap/ieee802_11.c | 12 ++++++++++++ + 2 files changed, 25 insertions(+) + +diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c +index 31587685fe3b..34ca379edc3d 100644 +--- a/src/ap/drv_callbacks.c ++++ b/src/ap/drv_callbacks.c +@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, + "hostapd_notif_assoc: Skip event with no address"); + return -1; + } ++ ++ if (is_multicast_ether_addr(addr) || ++ is_zero_ether_addr(addr) || ++ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) { ++ /* Do not process any frames with unexpected/invalid SA so that ++ * we do not add any state for unexpected STA addresses or end ++ * up sending out frames to unexpected destination. */ ++ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR ++ " in received indication - ignore this indication silently", ++ __func__, MAC2STR(addr)); ++ return 0; ++ } ++ + random_add_randomness(addr, ETH_ALEN); + + hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index c85a28db44b7..e7065372e158 100644 +--- a/src/ap/ieee802_11.c ++++ b/src/ap/ieee802_11.c +@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, + fc = le_to_host16(mgmt->frame_control); + stype = WLAN_FC_GET_STYPE(fc); + ++ if (is_multicast_ether_addr(mgmt->sa) || ++ is_zero_ether_addr(mgmt->sa) || ++ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { ++ /* Do not process any frames with unexpected/invalid SA so that ++ * we do not add any state for unexpected STA addresses or end ++ * up sending out frames to unexpected destination. */ ++ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR ++ " in received frame - ignore this frame silently", ++ MAC2STR(mgmt->sa)); ++ return 0; ++ } ++ + if (stype == WLAN_FC_STYPE_BEACON) { + handle_beacon(hapd, mgmt, len, fi); + return 1; +-- +2.20.1 + diff --git a/root-packages/wpa-supplicant/Makefile.patch b/root-packages/wpa-supplicant/Makefile.patch new file mode 100644 index 000000000..41f0fcc67 --- /dev/null +++ b/root-packages/wpa-supplicant/Makefile.patch @@ -0,0 +1,40 @@ +--- ../Makefile.orig 2020-03-10 20:58:52.384359092 +0100 ++++ ./wpa_supplicant/Makefile 2020-03-10 21:19:03.627147971 +0100 +@@ -17,9 +17,9 @@ + endif + endif + +-export LIBDIR ?= /usr/local/lib/ +-export INCDIR ?= /usr/local/include/ +-export BINDIR ?= /usr/local/sbin/ ++export LIBDIR ?= $(PREFIX)/lib/ ++export INCDIR ?= $(PREFIX)/include/ ++export BINDIR ?= $(PREFIX)/bin/ + PKG_CONFIG ?= pkg-config + + CFLAGS += $(EXTRA_CFLAGS) +@@ -60,7 +60,6 @@ + ALL += libwpa_client.so + endif + +- + all: verify_config $(ALL) dynamic_eap_methods + + verify_config: +@@ -155,16 +154,6 @@ + OBJS += ../src/utils/$(CONFIG_ELOOP).o + OBJS_c += ../src/utils/$(CONFIG_ELOOP).o + +-ifndef CONFIG_OSX +-ifeq ($(CONFIG_ELOOP), eloop) +-# Using glibc < 2.17 requires -lrt for clock_gettime() +-# OS X has an alternate implementation +-LIBS += -lrt +-LIBS_c += -lrt +-LIBS_p += -lrt +-endif +-endif +- + ifdef CONFIG_ELOOP_POLL + CFLAGS += -DCONFIG_ELOOP_POLL + endif diff --git a/root-packages/wpa-supplicant/browser.c.patch b/root-packages/wpa-supplicant/browser.c.patch new file mode 100644 index 000000000..80874643b --- /dev/null +++ b/root-packages/wpa-supplicant/browser.c.patch @@ -0,0 +1,11 @@ +--- ../browser.c.orig 2020-03-10 21:44:47.457547015 +0100 ++++ ./src/utils/browser.c 2020-03-10 21:45:08.297271869 +0100 +@@ -162,7 +162,7 @@ + + s = webkit_get_default_session(); + g_object_set(G_OBJECT(s), "ssl-ca-file", +- "/etc/ssl/certs/ca-certificates.crt", NULL); ++ "@TERMUX_PREFIX@/etc/tls/cert.pem", NULL); + g_object_set(G_OBJECT(s), "ssl-strict", FALSE, NULL); + + ctx.win = gtk_window_new(GTK_WINDOW_TOPLEVEL); diff --git a/root-packages/wpa-supplicant/build.sh b/root-packages/wpa-supplicant/build.sh new file mode 100644 index 000000000..16e7f8083 --- /dev/null +++ b/root-packages/wpa-supplicant/build.sh @@ -0,0 +1,20 @@ +TERMUX_PKG_HOMEPAGE=http://hostap.epitest.fi/wpa_supplicant +TERMUX_PKG_DESCRIPTION="Utility providing key negotiation for WPA wireless networks" +TERMUX_PKG_LICENSE="BSD 3-Clause" +TERMUX_PKG_VERSION=2.9 +TERMUX_PKG_SRCURL=https://w1.fi/releases/wpa_supplicant-${TERMUX_PKG_VERSION}.tar.gz +TERMUX_PKG_DEPENDS="openssl, readline, libnl" +TERMUX_PKG_SHA256=fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17 +TERMUX_PKG_EXTRA_MAKE_ARGS="-C wpa_supplicant" +TERMUX_PKG_BUILD_IN_SRC=true + +termux_step_post_configure() { + cp wpa_supplicant/defconfig wpa_supplicant/.config + export EXTRA_CFLAGS=$CPPFLAGS +} + +termux_step_post_make_install() { + mkdir -p $TERMUX_PREFIX/share/man/{man5,man8} + install -m600 wpa_supplicant/doc/docbook/wpa_supplicant.conf.5 $TERMUX_PREFIX/share/man/man5/ + install -m600 wpa_supplicant/doc/docbook/{wpa_cli,wpa_supplicant}.8 $TERMUX_PREFIX/share/man/man8/ +} diff --git a/root-packages/wpa-supplicant/defconfig.patch b/root-packages/wpa-supplicant/defconfig.patch new file mode 100644 index 000000000..78021ed2e --- /dev/null +++ b/root-packages/wpa-supplicant/defconfig.patch @@ -0,0 +1,33 @@ +--- ../defconfig.orig 2020-03-10 21:02:00.508270039 +0100 ++++ ./wpa_supplicant/defconfig 2020-03-10 21:03:10.607040726 +0100 +@@ -26,7 +26,7 @@ + # replacement for WEXT and its use allows wpa_supplicant to properly control + # the driver to improve existing functionality like roaming and to support new + # functionality. +-CONFIG_DRIVER_WEXT=y ++# CONFIG_DRIVER_WEXT=y + + # Driver interface for Linux drivers using the nl80211 kernel interface + CONFIG_DRIVER_NL80211=y +@@ -367,7 +367,7 @@ + + # Add support for new DBus control interface + # (fi.w1.hostap.wpa_supplicant1) +-CONFIG_CTRL_IFACE_DBUS_NEW=y ++# CONFIG_CTRL_IFACE_DBUS_NEW=y + + # Add introspection support for new DBus control interface + CONFIG_CTRL_IFACE_DBUS_INTRO=y +@@ -397,10 +397,10 @@ + CONFIG_IEEE80211R=y + + # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) +-CONFIG_DEBUG_FILE=y ++# CONFIG_DEBUG_FILE=y + + # Send debug messages to syslog instead of stdout +-CONFIG_DEBUG_SYSLOG=y ++# CONFIG_DEBUG_SYSLOG=y + # Set syslog facility for debug messages + #CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON + diff --git a/root-packages/wpa-supplicant/doc-paths.patch b/root-packages/wpa-supplicant/doc-paths.patch new file mode 100644 index 000000000..655dedddc --- /dev/null +++ b/root-packages/wpa-supplicant/doc-paths.patch @@ -0,0 +1,335 @@ +diff -u -r ../wpa_supplicant-doc.orig/docbook/wpa_supplicant.8 ./wpa_supplicant/doc/docbook/wpa_supplicant.8 +--- ../wpa_supplicant-doc.orig/docbook/wpa_supplicant.8 2020-03-10 21:49:08.458858646 +0100 ++++ ./wpa_supplicant/doc/docbook/wpa_supplicant.8 2020-03-10 21:52:22.866338065 +0100 +@@ -348,7 +348,7 @@ + .RS + + .nf +-wpa_supplicant -B -c/etc/wpa_supplicant.conf -iwlan0 ++wpa_supplicant -B -c@TERMUX_PREFIX@/etc/wpa_supplicant.conf -iwlan0 + .fi + .RE + .PP +@@ -361,7 +361,7 @@ + .RS + + .nf +-wpa_supplicant -c/etc/wpa_supplicant.conf -iwlan0 -d ++wpa_supplicant -c@TERMUX_PREFIX@/etc/wpa_supplicant.conf -iwlan0 -d + .fi + .RE + .PP +@@ -373,7 +373,7 @@ + .RS + + .nf +-wpa_supplicant -Dnl80211,wext -c/etc/wpa_supplicant.conf -iwlan0 ++wpa_supplicant -Dnl80211,wext -c@TERMUX_PREFIX@/etc/wpa_supplicant.conf -iwlan0 + .fi + .RE + .PP +@@ -465,7 +465,7 @@ + .SH "QUICK START" + .PP + First, make a configuration file, e.g. +-\fI/etc/wpa_supplicant.conf\fR, that describes the networks ++\fI@TERMUX_PREFIX@/etc/wpa_supplicant.conf\fR, that describes the networks + you are interested in. See \fBwpa_supplicant.conf\fR(5) + for details. + .PP +@@ -477,7 +477,7 @@ + .RS + + .nf +-wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -d ++wpa_supplicant -iwlan0 -c@TERMUX_PREFIX@/etc/wpa_supplicant.conf -d + + .fi + .RE +@@ -489,7 +489,7 @@ + .RS + + .nf +-wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B ++wpa_supplicant -iwlan0 -c@TERMUX_PREFIX@/etc/wpa_supplicant.conf -B + + .fi + .RE +@@ -504,16 +504,16 @@ + can be used to enable WPA support: + .PP + Add MODE="Managed" and WPA="y" to the network scheme in +-\fI/etc/pcmcia/wireless.opts\fR\&. ++\fI@TERMUX_PREFIX@/etc/pcmcia/wireless.opts\fR\&. + .PP + Add the following block to the end of \fBstart\fR +-action handler in \fI/etc/pcmcia/wireless\fR: ++action handler in \fI@TERMUX_PREFIX@/etc/pcmcia/wireless\fR: + .sp + .RS + + .nf +-if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then +- /usr/local/bin/wpa_supplicant -B -c/etc/wpa_supplicant.conf -i$DEVICE ++if [ "$WPA" = "y" -a -x @TERMUX_PREFIX@/bin/wpa_supplicant ]; then ++ @TERMUX_PREFIX@/bin/wpa_supplicant -B -c@TERMUX_PREFIX@/etc/wpa_supplicant.conf -i$DEVICE + fi + + .fi +@@ -521,12 +521,12 @@ + .PP + Add the following block to the end of \fBstop\fR + action handler (may need to be separated from other actions) in +-\fI/etc/pcmcia/wireless\fR: ++\fI@TERMUX_PREFIX@/etc/pcmcia/wireless\fR: + .sp + .RS + + .nf +-if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then ++if [ "$WPA" = "y" -a -x @TERMUX_PREFIX@/bin/wpa_supplicant ]; then + killall wpa_supplicant + fi + +diff -u -r ../wpa_supplicant-doc.orig/docbook/wpa_supplicant.conf.5 ./wpa_supplicant/doc/docbook/wpa_supplicant.conf.5 +--- ../wpa_supplicant-doc.orig/docbook/wpa_supplicant.conf.5 2020-03-10 21:49:08.458858646 +0100 ++++ ./wpa_supplicant/doc/docbook/wpa_supplicant.conf.5 2020-03-10 21:52:22.882996517 +0100 +@@ -12,7 +12,7 @@ + \fBwpa_supplicant\fR is configured using a text + file that lists all accepted networks and security policies, + including pre-shared keys. See the example configuration file, +-probably in \fB/usr/share/doc/wpa_supplicant/\fR, for ++probably in \fB@TERMUX_PREFIX@/share/doc/wpa_supplicant/\fR, for + detailed information about the configuration format and supported + fields. + .PP +@@ -60,9 +60,9 @@ + group=CCMP TKIP + eap=TLS + identity="user@example.com" +- ca_cert="/etc/cert/ca.pem" +- client_cert="/etc/cert/user.pem" +- private_key="/etc/cert/user.prv" ++ ca_cert="@TERMUX_PREFIX@/etc/cert/ca.pem" ++ client_cert="@TERMUX_PREFIX@/etc/cert/user.pem" ++ private_key="@TERMUX_PREFIX@/etc/cert/user.prv" + private_key_passwd="password" + } + .fi +@@ -84,7 +84,7 @@ + eap=PEAP + identity="user@example.com" + password="foobar" +- ca_cert="/etc/cert/ca.pem" ++ ca_cert="@TERMUX_PREFIX@/etc/cert/ca.pem" + phase1="peaplabel=0" + phase2="auth=MSCHAPV2" + } +@@ -108,7 +108,7 @@ + identity="user@example.com" + anonymous_identity="anonymous@example.com" + password="foobar" +- ca_cert="/etc/cert/ca.pem" ++ ca_cert="@TERMUX_PREFIX@/etc/cert/ca.pem" + phase2="auth=MD5" + } + .fi +@@ -129,9 +129,9 @@ + key_mgmt=IEEE8021X + eap=TLS + identity="user@example.com" +- ca_cert="/etc/cert/ca.pem" +- client_cert="/etc/cert/user.pem" +- private_key="/etc/cert/user.prv" ++ ca_cert="@TERMUX_PREFIX@/etc/cert/ca.pem" ++ client_cert="@TERMUX_PREFIX@/etc/cert/user.pem" ++ private_key="@TERMUX_PREFIX@/etc/cert/user.prv" + private_key_passwd="password" + eapol_flags=3 + } +@@ -159,14 +159,14 @@ + eap=TTLS PEAP TLS + identity="user@example.com" + password="foobar" +- ca_cert="/etc/cert/ca.pem" +- client_cert="/etc/cert/user.pem" +- private_key="/etc/cert/user.prv" ++ ca_cert="@TERMUX_PREFIX@/etc/cert/ca.pem" ++ client_cert="@TERMUX_PREFIX@/etc/cert/user.pem" ++ private_key="@TERMUX_PREFIX@/etc/cert/user.prv" + private_key_passwd="password" + phase1="peaplabel=0" +- ca_cert2="/etc/cert/ca2.pem" +- client_cert2="/etc/cer/user.pem" +- private_key2="/etc/cer/user.prv" ++ ca_cert2="@TERMUX_PREFIX@/etc/cert/ca2.pem" ++ client_cert2="@TERMUX_PREFIX@/etc/cer/user.pem" ++ private_key2="@TERMUX_PREFIX@/etc/cer/user.prv" + private_key2_passwd="password" + } + .fi +diff -u -r ../wpa_supplicant-doc.orig/docbook/wpa_supplicant.conf.sgml ./wpa_supplicant/doc/docbook/wpa_supplicant.conf.sgml +--- ../wpa_supplicant-doc.orig/docbook/wpa_supplicant.conf.sgml 2020-03-10 21:49:08.458858646 +0100 ++++ ./wpa_supplicant/doc/docbook/wpa_supplicant.conf.sgml 2020-03-10 21:52:22.876333136 +0100 +@@ -14,7 +14,7 @@ + wpa_supplicant is configured using a text + file that lists all accepted networks and security policies, + including pre-shared keys. See the example configuration file, +- probably in /usr/share/doc/wpa_supplicant/, for ++ probably in @TERMUX_PREFIX@/share/doc/wpa_supplicant/, for + detailed information about the configuration format and supported + fields. + +@@ -65,9 +65,9 @@ + group=CCMP TKIP + eap=TLS + identity="user@example.com" +- ca_cert="/etc/cert/ca.pem" +- client_cert="/etc/cert/user.pem" +- private_key="/etc/cert/user.prv" ++ ca_cert="@TERMUX_PREFIX@/etc/cert/ca.pem" ++ client_cert="@TERMUX_PREFIX@/etc/cert/user.pem" ++ private_key="@TERMUX_PREFIX@/etc/cert/user.prv" + private_key_passwd="password" + } + +@@ -87,7 +87,7 @@ + eap=PEAP + identity="user@example.com" + password="foobar" +- ca_cert="/etc/cert/ca.pem" ++ ca_cert="@TERMUX_PREFIX@/etc/cert/ca.pem" + phase1="peaplabel=0" + phase2="auth=MSCHAPV2" + } +@@ -110,7 +110,7 @@ + identity="user@example.com" + anonymous_identity="anonymous@example.com" + password="foobar" +- ca_cert="/etc/cert/ca.pem" ++ ca_cert="@TERMUX_PREFIX@/etc/cert/ca.pem" + phase2="auth=MD5" + } + +@@ -130,9 +130,9 @@ + key_mgmt=IEEE8021X + eap=TLS + identity="user@example.com" +- ca_cert="/etc/cert/ca.pem" +- client_cert="/etc/cert/user.pem" +- private_key="/etc/cert/user.prv" ++ ca_cert="@TERMUX_PREFIX@/etc/cert/ca.pem" ++ client_cert="@TERMUX_PREFIX@/etc/cert/user.pem" ++ private_key="@TERMUX_PREFIX@/etc/cert/user.prv" + private_key_passwd="password" + eapol_flags=3 + } +@@ -159,14 +159,14 @@ + eap=TTLS PEAP TLS + identity="user@example.com" + password="foobar" +- ca_cert="/etc/cert/ca.pem" +- client_cert="/etc/cert/user.pem" +- private_key="/etc/cert/user.prv" ++ ca_cert="@TERMUX_PREFIX@/etc/cert/ca.pem" ++ client_cert="@TERMUX_PREFIX@/etc/cert/user.pem" ++ private_key="@TERMUX_PREFIX@/etc/cert/user.prv" + private_key_passwd="password" + phase1="peaplabel=0" +- ca_cert2="/etc/cert/ca2.pem" +- client_cert2="/etc/cer/user.pem" +- private_key2="/etc/cer/user.prv" ++ ca_cert2="@TERMUX_PREFIX@/etc/cert/ca2.pem" ++ client_cert2="@TERMUX_PREFIX@/etc/cer/user.pem" ++ private_key2="@TERMUX_PREFIX@/etc/cer/user.prv" + private_key2_passwd="password" + } + +diff -u -r ../wpa_supplicant-doc.orig/docbook/wpa_supplicant.sgml ./wpa_supplicant/doc/docbook/wpa_supplicant.sgml +--- ../wpa_supplicant-doc.orig/docbook/wpa_supplicant.sgml 2020-03-10 21:49:08.458858646 +0100 ++++ ./wpa_supplicant/doc/docbook/wpa_supplicant.sgml 2020-03-10 21:52:22.873001446 +0100 +@@ -505,7 +505,7 @@ + started with: + +
+-wpa_supplicant -B -c/etc/wpa_supplicant.conf -iwlan0 ++wpa_supplicant -B -c@TERMUX_PREFIX@/etc/wpa_supplicant.conf -iwlan0 +
+ + This makes the process fork into background. +@@ -515,7 +515,7 @@ + foreground with debugging enabled: + +
+-wpa_supplicant -c/etc/wpa_supplicant.conf -iwlan0 -d ++wpa_supplicant -c@TERMUX_PREFIX@/etc/wpa_supplicant.conf -iwlan0 -d +
+ + If the specific driver wrapper is not known beforehand, it is +@@ -524,7 +524,7 @@ + wrapper that is able to initialize the interface. + +
+-wpa_supplicant -Dnl80211,wext -c/etc/wpa_supplicant.conf -iwlan0 ++wpa_supplicant -Dnl80211,wext -c@TERMUX_PREFIX@/etc/wpa_supplicant.conf -iwlan0 +
+ + wpa_supplicant can control multiple +@@ -657,7 +657,7 @@ + Quick Start + + First, make a configuration file, e.g. +- /etc/wpa_supplicant.conf, that describes the networks ++ @TERMUX_PREFIX@/etc/wpa_supplicant.conf, that describes the networks + you are interested in. See + wpa_supplicant.conf + 5 +@@ -670,7 +670,7 @@ + enabled: + +
+-wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -d ++wpa_supplicant -iwlan0 -c@TERMUX_PREFIX@/etc/wpa_supplicant.conf -d +
+ + Assuming everything goes fine, you can start using following +@@ -678,7 +678,7 @@ + without debugging: + +
+-wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B ++wpa_supplicant -iwlan0 -c@TERMUX_PREFIX@/etc/wpa_supplicant.conf -B +
+ + Please note that if you included more than one driver +@@ -699,24 +699,24 @@ + can be used to enable WPA support: + + Add MODE="Managed" and WPA="y" to the network scheme in +- /etc/pcmcia/wireless.opts. ++ @TERMUX_PREFIX@/etc/pcmcia/wireless.opts.
+ + Add the following block to the end of start +- action handler in /etc/pcmcia/wireless: ++ action handler in @TERMUX_PREFIX@/etc/pcmcia/wireless: + +
+-if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then +- /usr/local/bin/wpa_supplicant -B -c/etc/wpa_supplicant.conf -i$DEVICE ++if [ "$WPA" = "y" -a -x @TERMUX_PREFIX@/bin/wpa_supplicant ]; then ++ @TERMUX_PREFIX@/bin/wpa_supplicant -B -c@TERMUX_PREFIX@/etc/wpa_supplicant.conf -i$DEVICE + fi +
+ + + Add the following block to the end of stop + action handler (may need to be separated from other actions) in +- /etc/pcmcia/wireless: ++ @TERMUX_PREFIX@/etc/pcmcia/wireless: + +
+-if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then ++if [ "$WPA" = "y" -a -x @TERMUX_PREFIX@/bin/wpa_supplicant ]; then + killall wpa_supplicant + fi +
diff --git a/root-packages/wpa-supplicant/main.c.patch b/root-packages/wpa-supplicant/main.c.patch new file mode 100644 index 000000000..4a1f907b4 --- /dev/null +++ b/root-packages/wpa-supplicant/main.c.patch @@ -0,0 +1,11 @@ +--- ../main.c.orig 2020-03-10 21:37:55.340743885 +0100 ++++ ./wpa_supplicant/main.c 2020-03-10 21:38:08.970690217 +0100 +@@ -105,7 +105,7 @@ + " -W = wait for a control interface monitor before starting\n"); + + printf("example:\n" +- " wpa_supplicant -D%s -iwlan0 -c/etc/wpa_supplicant.conf\n", ++ " wpa_supplicant -D%s -iwlan0 -c@TERMUX_PREFIX@/etc/wpa_supplicant.conf\n", + wpa_drivers[0] ? wpa_drivers[0]->name : "nl80211"); + #endif /* CONFIG_NO_STDOUT_DEBUG */ + } diff --git a/root-packages/wpa-supplicant/tncs.c.patch b/root-packages/wpa-supplicant/tncs.c.patch new file mode 100644 index 000000000..9703f9897 --- /dev/null +++ b/root-packages/wpa-supplicant/tncs.c.patch @@ -0,0 +1,11 @@ +--- ../tncs.c.orig 2020-03-10 21:47:04.223447029 +0100 ++++ ./src/eap_server/tncs.c 2020-03-10 21:47:25.669539583 +0100 +@@ -21,7 +21,7 @@ + * needed.. */ + + #ifndef TNC_CONFIG_FILE +-#define TNC_CONFIG_FILE "/etc/tnc_config" ++#define TNC_CONFIG_FILE "@TERMUX_PREFIX@/etc/tnc_config" + #endif /* TNC_CONFIG_FILE */ + #define IF_TNCCS_START \ + "\n" \