Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Please unblock package wpa.
wpa-supplicant 2.6 brought some regressions making it unfit for stretch,
so I decided to keep 2.4 in testing. However, two minor fixes didn't
make it into 2.4 package, and later a grave bug was found in 2.4
compared to 2.3 jessie ships. Because of this I'm asking to unblock a
version that fixes these bugs:
* Build with libssl1.0-dev (Closes: #828601).
Without this fix, it wouldn't be possible to build the following
fix.
* Add an upstream patch to fix hostapd in SMPS mode (Closes: #854719).
This is a grave bug which breaks hostapd presumably for many users.
* Don't install debian/system-sleep/wpasupplicant (originally introduced
to fix LP: #1422143), it doesn't improve the state of the things,
introduces regressions in some cases, and at all isn't supposed to
work with how wpa-supplicant is started these days (Closes: #835648).
This bug slows down shutdown for many users, and as the fix is just
not installing a single file, I don't see a reason to not ship it.
This fix has to go through testing-proposed-updates.
Thanks for considering.
unblock wpa/2.5-2+v2.4-4stretch1
- --
Cheers,
Andrew
-----BEGIN PGP SIGNATURE-----
iQExBAEBCAAbBQJYoy+GFBxhbmRyZXdzaEBkZWJpYW4ub3JnAAoJEJ1bI/kYT6UU
1tYH/3h8eaMFB386jUQtIXvAZbruzSm29FlDlXslMgaSX1SaBqbIYS2frxJ6RfvT
lU5A5gtaNMqA+TjFeump0sHPjLiwDhNnyDJFgZx9XNqDdedBpaEDRQf6ffv02j1P
WyY7AZFT+Kw7gijwujx4Bb35oeFUgDUWQ7MvDB10gbhPmRVM2kT2YryVNIwkyGhR
mflwqXw7AsK3dcVo0BCGPrxIMy9Jl4oKxTUVLeQwtOQr5jy2HlOSyt6Vz396bkFq
aerMYFkk0m2SEITddDbwMybYD+Xv0tiLyAfOeL4HFswmCiMW26BEk2HzI5OREOdK
vtDHQ7P1mSS5BTUKbn8LNwqn2lc=
=CZE0
-----END PGP SIGNATURE-----
diff -Nru wpa-2.5-2+v2.4/debian/changelog wpa-2.5-2+v2.4/debian/changelog
--- wpa-2.5-2+v2.4/debian/changelog 2016-09-14 11:08:29.000000000 +0200
+++ wpa-2.5-2+v2.4/debian/changelog 2017-02-14 17:10:53.000000000 +0100
@@ -1,4 +1,18 @@
-wpa (2.5-2+v2.4-4) unstable; urgency=medium
+wpa (2.5-2+v2.4-4stretch1) testing; urgency=medium
+
+ [ Vincent Danjean ]
+ * Build with libssl1.0-dev (Closes: #828601).
+ * Add an upstream patch to fix hostapd in SMPS mode (Closes: #854719).
+
+ [ Andrew Shadura ]
+ * Don't install debian/system-sleep/wpasupplicant (originally introduced
+ to fix LP: #1422143), it doesn't improve the state of the things,
+ introduces regressions in some cases, and at all isn't supposed to
+ work with how wpa-supplicant is started these days (Closes: #835648).
+
+ -- Andrew Shadura <andre...@debian.org> Tue, 14 Feb 2017 17:10:53 +0100
+
+wpa (2.5-2+v2.4-3) unstable; urgency=medium
[ Helmut Grohne ]
* Address FTCBFS: Set PKG_CONFIG (Closes: #836074).
@@ -7,7 +21,7 @@
* Don't run wpa_cli suspend/resume if /run/wpa_supplicant isn't around
(Closes: #835648).
- -- Andrew Shadura <andre...@debian.org> Wed, 14 Sep 2016 11:08:27 +0200
+ -- Andrew Shadura <andre...@debian.org> Wed, 14 Sep 2016 11:11:01 +0200
wpa (2.5-2+v2.4-2) unstable; urgency=medium
diff -Nru wpa-2.5-2+v2.4/debian/control wpa-2.5-2+v2.4/debian/control
--- wpa-2.5-2+v2.4/debian/control 2016-08-05 20:43:38.000000000 +0200
+++ wpa-2.5-2+v2.4/debian/control 2017-02-14 17:02:28.000000000 +0100
@@ -8,7 +8,7 @@
Priority: optional
Build-Depends: debhelper (>> 9.20120115),
libdbus-1-dev,
- libssl-dev,
+ libssl1.0-dev,
libqt4-dev,
libncurses5-dev,
libpcsclite-dev,
diff -Nru wpa-2.5-2+v2.4/debian/patches/from-upstream-hostapd-fix-SMPS-mode.patch wpa-2.5-2+v2.4/debian/patches/from-upstream-hostapd-fix-SMPS-mode.patch
--- wpa-2.5-2+v2.4/debian/patches/from-upstream-hostapd-fix-SMPS-mode.patch 1970-01-01 01:00:00.000000000 +0100
+++ wpa-2.5-2+v2.4/debian/patches/from-upstream-hostapd-fix-SMPS-mode.patch 2017-02-14 17:07:16.000000000 +0100
@@ -0,0 +1,56 @@
+From: Jouni Malinen <jo...@qca.qualcomm.com>
+Date: Fri Mar 18 16:16:40 2016 +0200
+Subject: nl80211: Do not add NL80211_ATTR_SMPS_MODE attribute if HT is disabled
+
+SMPS mode is applicable only for HT and including an attribute to
+configure it when HT is disabled could result in the AP start operation
+failing. Fix this by adding the attribute only in cases where HT is
+enabled.
+
+Upstream commit ee298f1b1f7efd7eb5fd510f36b25ff88208017c
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -3419,24 +3419,26 @@
+ nla_put_u32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, suite))
+ goto fail;
+
+- switch (params->smps_mode) {
+- case HT_CAP_INFO_SMPS_DYNAMIC:
+- wpa_printf(MSG_DEBUG, "nl80211: SMPS mode - dynamic");
+- smps_mode = NL80211_SMPS_DYNAMIC;
+- break;
+- case HT_CAP_INFO_SMPS_STATIC:
+- wpa_printf(MSG_DEBUG, "nl80211: SMPS mode - static");
+- smps_mode = NL80211_SMPS_STATIC;
+- break;
+- default:
+- /* invalid - fallback to smps off */
+- case HT_CAP_INFO_SMPS_DISABLED:
+- wpa_printf(MSG_DEBUG, "nl80211: SMPS mode - off");
+- smps_mode = NL80211_SMPS_OFF;
+- break;
++ if (params->ht_opmode != -1) {
++ switch (params->smps_mode) {
++ case HT_CAP_INFO_SMPS_DYNAMIC:
++ wpa_printf(MSG_DEBUG, "nl80211: SMPS mode - dynamic");
++ smps_mode = NL80211_SMPS_DYNAMIC;
++ break;
++ case HT_CAP_INFO_SMPS_STATIC:
++ wpa_printf(MSG_DEBUG, "nl80211: SMPS mode - static");
++ smps_mode = NL80211_SMPS_STATIC;
++ break;
++ default:
++ /* invalid - fallback to smps off */
++ case HT_CAP_INFO_SMPS_DISABLED:
++ wpa_printf(MSG_DEBUG, "nl80211: SMPS mode - off");
++ smps_mode = NL80211_SMPS_OFF;
++ break;
++ }
++ if (nla_put_u32(msg, NL80211_ATTR_SMPS_MODE, smps_mode))
++ goto fail;
+ }
+- if (nla_put_u32(msg, NL80211_ATTR_SMPS_MODE, smps_mode))
+- goto fail;
+
+ if (params->beacon_ies) {
+ wpa_hexdump_buf(MSG_DEBUG, "nl80211: beacon_ies",
diff -Nru wpa-2.5-2+v2.4/debian/patches/lowercase-mschapv2.patch wpa-2.5-2+v2.4/debian/patches/lowercase-mschapv2.patch
--- wpa-2.5-2+v2.4/debian/patches/lowercase-mschapv2.patch 1970-01-01 01:00:00.000000000 +0100
+++ wpa-2.5-2+v2.4/debian/patches/lowercase-mschapv2.patch 2017-01-20 21:32:38.000000000 +0100
@@ -0,0 +1,19 @@
+From: Andrew Shadura <andre...@debian.org>
+Subject: Temporarily accept never supported MSCHAPv2 syntax and issue a warning.
+
+--- a/src/eap_peer/eap_ttls.c
++++ b/src/eap_peer/eap_ttls.c
+@@ -99,6 +99,13 @@
+ os_strncmp(token, "MSCHAPV2", 8) == 0) {
+ selected = "MSCHAPV2";
+ data->phase2_type = EAP_TTLS_PHASE2_MSCHAPV2;
++ } else if (last - token == 8 &&
++ os_strncmp(token, "MSCHAPv2", 8) == 0) {
++ selected = "MSCHAPV2";
++ data->phase2_type = EAP_TTLS_PHASE2_MSCHAPV2;
++ wpa_printf(MSG_WARNING,
++ "EAP-TTLS: Phase2 type '%s' is invalid, fix your config to use 'MSCHAPV2' instead!",
++ token);
+ } else if (last - token == 6 &&
+ os_strncmp(token, "MSCHAP", 6) == 0) {
+ selected = "MSCHAP";
diff -Nru wpa-2.5-2+v2.4/debian/patches/series wpa-2.5-2+v2.4/debian/patches/series
--- wpa-2.5-2+v2.4/debian/patches/series 2016-08-09 20:48:10.000000000 +0200
+++ wpa-2.5-2+v2.4/debian/patches/series 2017-02-14 17:02:28.000000000 +0100
@@ -31,3 +31,4 @@
do_not_wait_for_monitor_to_attach_if_no_control_interface.patch
wpa_supplicant_do_not_wait_for_monitor_on_p2p_device_interface.patch
openssl-initialise-pkcs-11.patch
+from-upstream-hostapd-fix-SMPS-mode.patch
diff -Nru wpa-2.5-2+v2.4/debian/wpasupplicant.install wpa-2.5-2+v2.4/debian/wpasupplicant.install
--- wpa-2.5-2+v2.4/debian/wpasupplicant.install 2016-09-14 10:12:21.000000000 +0200
+++ wpa-2.5-2+v2.4/debian/wpasupplicant.install 2017-02-14 17:09:16.000000000 +0100
@@ -1,5 +1,5 @@
debian/ifupdown/wpa_action sbin/
-debian/system-sleep /lib/systemd/
+# debian/system-sleep /lib/systemd/
wpa_supplicant/wpa_cli sbin/
wpa_supplicant/wpa_passphrase usr/bin/
wpa_supplicant/wpa_supplicant sbin/
