aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSören Tempel <soeren+git@soeren-tempel.net>2020-08-14 18:00:51 +0200
committerSören Tempel <soeren+git@soeren-tempel.net>2020-08-20 18:32:09 +0200
commited42a9deb2b299d884cd405857b26e697183913b (patch)
tree07ba9fbbb686b38c913c046ea2fe7aa550b352b7
parentedc109388617368f8fe35485c809c1d74f01f196 (diff)
downloadaports-ed42a9deb2b299d884cd405857b26e697183913b.tar.gz
aports-ed42a9deb2b299d884cd405857b26e697183913b.tar.bz2
aports-ed42a9deb2b299d884cd405857b26e697183913b.tar.xz
main/wpa_supplicant: sync our config with the defconfig
As found in "$builddir"/wpa_supplicant/defconfig. The following options have been removed: * CONFIG_PEERKEY (no longer part of the defconfig) The following options have been enabled as they are enabled in the default defconfig file. We can also decide to explicitly disable them: * CONFIG_BGSCAN_SIMPLE * CONFIG_IBSS_RSN * CONFIG_SAE These options are also enabled by other Linux distributions. For instance, Arch Linux [0]. [0]: https://github.com/archlinux/svntogit-packages/blob/packages/wpa_supplicant/trunk/config
-rw-r--r--main/wpa_supplicant/APKBUILD4
-rw-r--r--main/wpa_supplicant/config88
2 files changed, 82 insertions, 10 deletions
diff --git a/main/wpa_supplicant/APKBUILD b/main/wpa_supplicant/APKBUILD
index 1d37161802..4e5dd3cdd2 100644
--- a/main/wpa_supplicant/APKBUILD
+++ b/main/wpa_supplicant/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=wpa_supplicant
pkgver=2.9
-pkgrel=7
+pkgrel=8
pkgdesc="A utility providing key negotiation for WPA wireless networks"
url="https://w1.fi/wpa_supplicant/"
arch="all"
@@ -119,5 +119,5 @@ c3db077fa78dd296d90d07626cb4e684f87618a77ffd51c1ae04b47be7bc0db1e9a3e0f7442acef2
f4b9c86530a2b10cd50e6014c9bee1d143714ab9f86bf29119dcd2c86dec5239c356518a36147d6418e4eb31aa4a7df3e5c86647779d2b4626bffcfe6685f362 wpa_cli.initd
2be055dd1f7da5a3d8e79c2f2c0220ddd31df309452da18f290144d2112d6dbde0fc633bb2ad02c386a39d7785323acaf5f70e5969995a1e8303a094eb5fe232 eloop.patch
63710cfb0992f2c346a9807d8c97cbeaed032fa376a0e93a2e56f7742ce515e9c4dfadbdb1af03ba272281f639aab832f0178f67634c222a5d99e1d462aa9e38 CVE-2019-16275.patch
-d527032160287a74889587a9b5164ff8922fbb1ffe052c3a886cdbfa0453d195f6772b9ff180427da7128880ddfbbfc05de184998c9e1036cc4f661ba6b82b2c config
+0306bcfc0b03523db1360af39f071ee07d932ad81282ddd79905991f55ec7546ca7e79a57176462f99569ab8a2f49fefa14f9897d525f19f80cdc57a46d983b1 config
212c4265afce2e72b95a32cd785612d6c3e821b47101ead154136d184ac4add01434ada6c87edbb9a98496552e76e1a4d79c6b5840e3a5cfe5e6d602fceae576 wpa_cli.sh"
diff --git a/main/wpa_supplicant/config b/main/wpa_supplicant/config
index 48a8163230..da351a8944 100644
--- a/main/wpa_supplicant/config
+++ b/main/wpa_supplicant/config
@@ -73,6 +73,12 @@ CONFIG_LIBNL32=y
# Driver interface for wired Ethernet drivers
CONFIG_DRIVER_WIRED=y
+# Driver interface for MACsec capable Qualcomm Atheros drivers
+#CONFIG_DRIVER_MACSEC_QCA=y
+
+# Driver interface for Linux MACsec drivers
+#CONFIG_DRIVER_MACSEC_LINUX=y
+
# Driver interface for the Broadcom RoboSwitch family
#CONFIG_DRIVER_ROBOSWITCH=y
@@ -83,8 +89,8 @@ CONFIG_DRIVER_WIRED=y
#LIBS += -lsocket -ldlpi -lnsl
#LIBS_c += -lsocket
-# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is
-# included)
+# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
+# MACsec is included)
CONFIG_IEEE8021X_EAPOL=y
# EAP-MD5
@@ -108,6 +114,16 @@ CONFIG_EAP_TTLS=y
# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
CONFIG_EAP_FAST=y
+# EAP-TEAP
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
# EAP-GTC
CONFIG_EAP_GTC=y
@@ -117,6 +133,9 @@ CONFIG_EAP_OTP=y
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
CONFIG_EAP_SIM=y
+# Enable SIM simulator (Milenage) for EAP-SIM
+#CONFIG_SIM_SIMULATOR=y
+
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
CONFIG_EAP_PSK=y
@@ -166,6 +185,9 @@ CONFIG_WPS=y
# EAP-EKE
#CONFIG_EAP_EKE=y
+# MACsec
+#CONFIG_MACSEC=y
+
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
@@ -226,6 +248,9 @@ CONFIG_WPA_CLI_EDIT=y
# wpa_passphrase). This saves about 0.5 kB in code size.
#CONFIG_NO_WPA_PASSPHRASE=y
+# Simultaneous Authentication of Equals (SAE), WPA3-Personal
+CONFIG_SAE=y
+
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
# This can be used if ap_scan=1 mode is never enabled.
#CONFIG_NO_SCAN_PROCESSING=y
@@ -288,17 +313,18 @@ CONFIG_BACKEND=file
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
-# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
-CONFIG_PEERKEY=y
-
# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
#CONFIG_IEEE80211W=y
+#
+# Support Operating Channel Validation
+#CONFIG_OCV=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
+# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=openssl
@@ -316,6 +342,10 @@ CONFIG_TLSV11=y
# will be used)
CONFIG_TLSV12=y
+# Select which ciphers to use by default with OpenSSL if the user does not
+# specify them.
+#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
+
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
@@ -370,7 +400,7 @@ CONFIG_CTRL_IFACE_DBUS_INTRO=y
# amount of memory/flash.
#CONFIG_DYNAMIC_EAP_METHODS=y
-# IEEE Std 802.11r-2008 (Fast BSS Transition)
+# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
#CONFIG_IEEE80211R=y
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
@@ -447,6 +477,11 @@ CONFIG_DELAYED_MIC_ERROR_REPORT=y
# that meet the requirements described above.
#CONFIG_NO_RANDOM_POOL=y
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+#CONFIG_GETRANDOM=y
+
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
#CONFIG_IEEE80211N=y
@@ -488,8 +523,8 @@ CONFIG_P2P=y
# Enable TDLS support
#CONFIG_TDLS=y
-# Wi-Fi Direct
-# This can be used to enable Wi-Fi Direct extensions for P2P using an external
+# Wi-Fi Display
+# This can be used to enable Wi-Fi Display extensions for P2P using an external
# program to control the additional information exchanges in the messages.
#CONFIG_WIFI_DISPLAY=y
@@ -548,3 +583,40 @@ CONFIG_P2P=y
# Support Multi Band Operation
#CONFIG_MBO=y
+
+# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
+#CONFIG_FILS=y
+# FILS shared key authentication with PFS
+#CONFIG_FILS_SK_PFS=y
+
+# Support RSN on IBSS networks
+# This is needed to be able to use mode=1 network profile with proto=RSN and
+# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
+CONFIG_IBSS_RSN=y
+
+# External PMKSA cache control
+# This can be used to enable control interface commands that allow the current
+# PMKSA cache entries to be fetched and new entries to be added.
+#CONFIG_PMKSA_CACHE_EXTERNAL=y
+
+# Mesh Networking (IEEE 802.11s)
+#CONFIG_MESH=y
+
+# Background scanning modules
+# These can be used to request wpa_supplicant to perform background scanning
+# operations for roaming within an ESS (same SSID). See the bgscan parameter in
+# the wpa_supplicant.conf file for more details.
+# Periodic background scans based on signal strength
+CONFIG_BGSCAN_SIMPLE=y
+# Learn channels used by the network and try to avoid bgscans on other
+# channels (experimental)
+#CONFIG_BGSCAN_LEARN=y
+
+# Opportunistic Wireless Encryption (OWE)
+# Experimental implementation of draft-harkins-owe-07.txt
+#CONFIG_OWE=y
+
+# Device Provisioning Protocol (DPP)
+# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
+# wpa_supplicant/README-DPP for details)
+#CONFIG_DPP=y