Bug#855143: unblock: wpa/2.5-2+v2.4-4stretch1

[Andrew Shadura <andrew@shadura.me>]

On 14/02/17 17:25, Andrew Shadura wrote:
> This fix has to go through testing-proposed-updates.
> 
> Thanks for considering.
> 
> unblock wpa/2.5-2+v2.4-4stretch1

Sorry, the debdiff I attached was made against a never released version
of the package (differing only in the version number). Attaching the
correct one.

-- 
Cheers,
  Andrew

diff -Nru wpa-2.5-2+v2.4/debian/changelog wpa-2.5-2+v2.4/debian/changelog
--- wpa-2.5-2+v2.4/debian/changelog	2016-09-14 11:11:05.000000000 +0200
+++ wpa-2.5-2+v2.4/debian/changelog	2017-02-14 17:10:53.000000000 +0100
@@ -1,3 +1,17 @@
+wpa (2.5-2+v2.4-4stretch1) testing; urgency=medium
+
+  [ Vincent Danjean ]
+  * Build with libssl1.0-dev (Closes: #828601).
+  * Add an upstream patch to fix hostapd in SMPS mode (Closes: #854719).
+
+  [ Andrew Shadura ]
+  * Don't install debian/system-sleep/wpasupplicant (originally introduced
+    to fix LP: #1422143), it doesn't improve the state of the things,
+    introduces regressions in some cases, and at all isn't supposed to
+    work with how wpa-supplicant is started these days (Closes: #835648).
+
+ -- Andrew Shadura <andrewsh@debian.org>  Tue, 14 Feb 2017 17:10:53 +0100
+
 wpa (2.5-2+v2.4-3) unstable; urgency=medium
 
   [ Helmut Grohne ]
diff -Nru wpa-2.5-2+v2.4/debian/control wpa-2.5-2+v2.4/debian/control
--- wpa-2.5-2+v2.4/debian/control	2016-08-05 20:43:38.000000000 +0200
+++ wpa-2.5-2+v2.4/debian/control	2017-02-14 17:02:28.000000000 +0100
@@ -8,7 +8,7 @@
 Priority: optional
 Build-Depends: debhelper (>> 9.20120115),
  libdbus-1-dev,
- libssl-dev,
+ libssl1.0-dev,
  libqt4-dev,
  libncurses5-dev,
  libpcsclite-dev,
diff -Nru wpa-2.5-2+v2.4/debian/patches/from-upstream-hostapd-fix-SMPS-mode.patch wpa-2.5-2+v2.4/debian/patches/from-upstream-hostapd-fix-SMPS-mode.patch
--- wpa-2.5-2+v2.4/debian/patches/from-upstream-hostapd-fix-SMPS-mode.patch	1970-01-01 01:00:00.000000000 +0100
+++ wpa-2.5-2+v2.4/debian/patches/from-upstream-hostapd-fix-SMPS-mode.patch	2017-02-14 17:07:16.000000000 +0100
@@ -0,0 +1,56 @@
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Fri Mar 18 16:16:40 2016 +0200
+Subject: nl80211: Do not add NL80211_ATTR_SMPS_MODE attribute if HT is disabled
+
+SMPS mode is applicable only for HT and including an attribute to
+configure it when HT is disabled could result in the AP start operation
+failing. Fix this by adding the attribute only in cases where HT is
+enabled.
+
+Upstream commit ee298f1b1f7efd7eb5fd510f36b25ff88208017c
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -3419,24 +3419,26 @@
+ 	    nla_put_u32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, suite))
+ 		goto fail;
+ 
+-	switch (params->smps_mode) {
+-	case HT_CAP_INFO_SMPS_DYNAMIC:
+-		wpa_printf(MSG_DEBUG, "nl80211: SMPS mode - dynamic");
+-		smps_mode = NL80211_SMPS_DYNAMIC;
+-		break;
+-	case HT_CAP_INFO_SMPS_STATIC:
+-		wpa_printf(MSG_DEBUG, "nl80211: SMPS mode - static");
+-		smps_mode = NL80211_SMPS_STATIC;
+-		break;
+-	default:
+-		/* invalid - fallback to smps off */
+-	case HT_CAP_INFO_SMPS_DISABLED:
+-		wpa_printf(MSG_DEBUG, "nl80211: SMPS mode - off");
+-		smps_mode = NL80211_SMPS_OFF;
+-		break;
++	if (params->ht_opmode != -1) {
++		switch (params->smps_mode) {
++		case HT_CAP_INFO_SMPS_DYNAMIC:
++			wpa_printf(MSG_DEBUG, "nl80211: SMPS mode - dynamic");
++			smps_mode = NL80211_SMPS_DYNAMIC;
++			break;
++		case HT_CAP_INFO_SMPS_STATIC:
++			wpa_printf(MSG_DEBUG, "nl80211: SMPS mode - static");
++			smps_mode = NL80211_SMPS_STATIC;
++			break;
++		default:
++			/* invalid - fallback to smps off */
++		case HT_CAP_INFO_SMPS_DISABLED:
++			wpa_printf(MSG_DEBUG, "nl80211: SMPS mode - off");
++			smps_mode = NL80211_SMPS_OFF;
++			break;
++		}
++		if (nla_put_u32(msg, NL80211_ATTR_SMPS_MODE, smps_mode))
++			goto fail;
+ 	}
+-	if (nla_put_u32(msg, NL80211_ATTR_SMPS_MODE, smps_mode))
+-		goto fail;
+ 
+ 	if (params->beacon_ies) {
+ 		wpa_hexdump_buf(MSG_DEBUG, "nl80211: beacon_ies",
diff -Nru wpa-2.5-2+v2.4/debian/patches/lowercase-mschapv2.patch wpa-2.5-2+v2.4/debian/patches/lowercase-mschapv2.patch
--- wpa-2.5-2+v2.4/debian/patches/lowercase-mschapv2.patch	1970-01-01 01:00:00.000000000 +0100
+++ wpa-2.5-2+v2.4/debian/patches/lowercase-mschapv2.patch	2017-01-20 21:32:38.000000000 +0100
@@ -0,0 +1,19 @@
+From: Andrew Shadura <andrewsh@debian.org>
+Subject: Temporarily accept never supported MSCHAPv2 syntax and issue a warning.
+
+--- a/src/eap_peer/eap_ttls.c
++++ b/src/eap_peer/eap_ttls.c
+@@ -99,6 +99,13 @@
+ 			    os_strncmp(token, "MSCHAPV2", 8) == 0) {
+ 				selected = "MSCHAPV2";
+ 				data->phase2_type = EAP_TTLS_PHASE2_MSCHAPV2;
++			} else if (last - token == 8 &&
++			    os_strncmp(token, "MSCHAPv2", 8) == 0) {
++				selected = "MSCHAPV2";
++				data->phase2_type = EAP_TTLS_PHASE2_MSCHAPV2;
++                wpa_printf(MSG_WARNING,
++					   "EAP-TTLS: Phase2 type '%s' is invalid, fix your config to use 'MSCHAPV2' instead!",
++					   token);
+ 			} else if (last - token == 6 &&
+ 				   os_strncmp(token, "MSCHAP", 6) == 0) {
+ 				selected = "MSCHAP";
diff -Nru wpa-2.5-2+v2.4/debian/patches/series wpa-2.5-2+v2.4/debian/patches/series
--- wpa-2.5-2+v2.4/debian/patches/series	2016-08-09 20:48:10.000000000 +0200
+++ wpa-2.5-2+v2.4/debian/patches/series	2017-02-14 17:02:28.000000000 +0100
@@ -31,3 +31,4 @@
 do_not_wait_for_monitor_to_attach_if_no_control_interface.patch
 wpa_supplicant_do_not_wait_for_monitor_on_p2p_device_interface.patch
 openssl-initialise-pkcs-11.patch
+from-upstream-hostapd-fix-SMPS-mode.patch
diff -Nru wpa-2.5-2+v2.4/debian/wpasupplicant.install wpa-2.5-2+v2.4/debian/wpasupplicant.install
--- wpa-2.5-2+v2.4/debian/wpasupplicant.install	2016-09-14 10:12:21.000000000 +0200
+++ wpa-2.5-2+v2.4/debian/wpasupplicant.install	2017-02-14 17:09:16.000000000 +0100
@@ -1,5 +1,5 @@
 debian/ifupdown/wpa_action sbin/
-debian/system-sleep /lib/systemd/
+# debian/system-sleep /lib/systemd/
 wpa_supplicant/wpa_cli sbin/
 wpa_supplicant/wpa_passphrase usr/bin/
 wpa_supplicant/wpa_supplicant sbin/

Attachment: signature.asc
Description: OpenPGP digital signature