enable WPA3 Enterprise; Sync with Debian's config

3 files changed, 47 insertions, 18 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 2ace268db5a4..74e1ef280a18 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
 pkgbase = wpa_supplicant-wep
 	pkgdesc = A utility providing key negotiation for WPA wireless networks, with WEP enabled
 	pkgver = 2.10
-	pkgrel = 7
+	pkgrel = 8
 	url = https://w1.fi/wpa_supplicant/
 	install = wpa_supplicant.install
 	arch = x86_64
@@ -10,8 +10,10 @@ pkgbase = wpa_supplicant-wep
 	depends = libdbus
 	depends = readline
 	depends = libnl
+	depends = pcsclite
 	provides = wpa_supplicant
 	conflicts = wpa_supplicant
+	options = debug
 	source = https://w1.fi/releases/wpa_supplicant-2.10.tar.gz
 	source = https://raw.githubusercontent.com/archlinux/svntogit-packages/packages/wpa_supplicant/trunk/wpa_supplicant_tls.patch
 	source = https://raw.githubusercontent.com/archlinux/svntogit-packages/packages/wpa_supplicant/trunk/wpa_supplicant_dbus_service_syslog.patch
@@ -19,14 +21,18 @@ pkgbase = wpa_supplicant-wep
 	source = https://raw.githubusercontent.com/archlinux/svntogit-packages/packages/wpa_supplicant/trunk/wpa_supplicant-legacy-server-connect.patch
 	source = https://raw.githubusercontent.com/archlinux/svntogit-packages/packages/wpa_supplicant/trunk/lower_security_level_for_tls_1.patch
 	source = wpa_supplicant_config
-	source = https://raw.githubusercontent.com/archlinux/svntogit-packages/packages/wpa_supplicant/trunk/add_extra-ies_only_if_allowed_by_driver.patch
+	source = https://raw.githubusercontent.com/archlinux/svntogit-packages/packages/wpa_supplicant/trunk/disable-eapol-werror.patch
+	source = https://raw.githubusercontent.com/archlinux/svntogit-packages/packages/wpa_supplicant/trunk/0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
+	source = https://raw.githubusercontent.com/archlinux/svntogit-packages/packages/wpa_supplicant/trunk/0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
 	sha256sums = 20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f
 	sha256sums = 08915b040d03a3e07cdc8ea6c76b497e00059e01ce85b67413dfe41d4fc68992
 	sha256sums = 60f6a1cf2e124813dfce1da78ee1818e2ff5236aafa4113c7ae3b3f2a0b84006
 	sha256sums = d42bdbf3d4980b9f0a819612df0c39843c7e96c8afcb103aa656c824f93790b0
 	sha256sums = 8fba11e4a5056d9e710707ded93341f61fdfef6c64ced992e3936cbd2d41a011
 	sha256sums = c3c0fb363f734c1512d24fd749b3ff7515f961b27bfadd04c128434b5c9f4a93
-	sha256sums = 117f89641786d4c67f4622151fbe7be9f38c0a78cc3330f039c4c73786560879
-	sha256sums = aaedf87f1530d4e6cb00bf7981d1f868409ed892cc41b83c5613019e7b51f380
+	sha256sums = 877e28a711d2b67856a6c3fd46b7bf96850c4fbfc837ca55457d1f49bdf485dd
+	sha256sums = 9aca193cc26682765467cf9131240e5de71f9b49a765a934284da5e308ea904e
+	sha256sums = 7901d42eda48f82106901cbeb5e7be39025c878d5085a0a0d54ccbe36c3ecef4
+	sha256sums = 24e844b0a08fe3fede1676cedfe29643375ae56ab1a5fe4f5783765a7b759c15
 
 pkgname = wpa_supplicant-wep
diff --git a/PKGBUILD b/PKGBUILD
index 4a9d56c76e2b..0ed466a8d6c7 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -8,12 +8,13 @@
 
 pkgname=wpa_supplicant-wep
 pkgver=2.10
-pkgrel=7
+pkgrel=8
 pkgdesc="A utility providing key negotiation for WPA wireless networks, with WEP enabled"
 url=https://w1.fi/wpa_supplicant/
 arch=(x86_64)
 license=(GPL)
-depends=(openssl libdbus readline libnl)
+depends=(openssl libdbus readline libnl pcsclite)
+options=(debug)
 provides=(wpa_supplicant)
 conflicts=(wpa_supplicant)
 install=wpa_supplicant.install
@@ -26,7 +27,9 @@ source=(
   $archbase/wpa_supplicant-legacy-server-connect.patch
   $archbase/lower_security_level_for_tls_1.patch
   wpa_supplicant_config
-  $archbase/add_extra-ies_only_if_allowed_by_driver.patch
+  $archbase/disable-eapol-werror.patch
+  $archbase/0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
+  $archbase/0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
 )
 sha256sums=(20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f
             08915b040d03a3e07cdc8ea6c76b497e00059e01ce85b67413dfe41d4fc68992
@@ -34,8 +37,10 @@ sha256sums=(20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f
             d42bdbf3d4980b9f0a819612df0c39843c7e96c8afcb103aa656c824f93790b0
             8fba11e4a5056d9e710707ded93341f61fdfef6c64ced992e3936cbd2d41a011
             c3c0fb363f734c1512d24fd749b3ff7515f961b27bfadd04c128434b5c9f4a93
-            117f89641786d4c67f4622151fbe7be9f38c0a78cc3330f039c4c73786560879
-            aaedf87f1530d4e6cb00bf7981d1f868409ed892cc41b83c5613019e7b51f380)
+            877e28a711d2b67856a6c3fd46b7bf96850c4fbfc837ca55457d1f49bdf485dd
+            9aca193cc26682765467cf9131240e5de71f9b49a765a934284da5e308ea904e
+            7901d42eda48f82106901cbeb5e7be39025c878d5085a0a0d54ccbe36c3ecef4
+            24e844b0a08fe3fede1676cedfe29643375ae56ab1a5fe4f5783765a7b759c15)
 
 prepare() {
   cd wpa_supplicant-$pkgver
@@ -56,8 +61,14 @@ prepare() {
   # https://bugs.archlinux.org/task/76474
   patch -Np1 -i ../lower_security_level_for_tls_1.patch
 
+  # https://salsa.debian.org/debian/wpa/-/commit/13e1d28e4f987a220c546df94df86bb9b2371874
+  patch -Np1 -i ../disable-eapol-werror.patch
+
   # http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
-  patch -Np1 -i ../add_extra-ies_only_if_allowed_by_driver.patch
+  patch -Np1 -i ../0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
+
+  # https://lists.infradead.org/pipermail/hostap/2022-April/040352.html
+  patch -Np1 -i ../0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
 
   cp "$srcdir/wpa_supplicant_config" wpa_supplicant/.config
 }
diff --git a/wpa_supplicant_config b/wpa_supplicant_config
index 28f7bf5752dc..2d622bae29e5 100644
--- a/wpa_supplicant_config
+++ b/wpa_supplicant_config
@@ -1,4 +1,4 @@
-# Example wpa_supplicant build time configuration
+# Arch Linux wpa_supplicant build time configuration
 #
 # This file lists the configuration options that are used when building the
 # wpa_supplicant binary. All lines starting with # are ignored. Configuration
@@ -195,7 +195,7 @@ CONFIG_SMARTCARD=y
 
 # PC/SC interface for smartcards (USIM, GSM SIM)
 # Enable this if EAP-SIM or EAP-AKA is included
-#CONFIG_PCSC=y
+CONFIG_PCSC=y
 
 # Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
 CONFIG_HT_OVERRIDES=y
@@ -204,7 +204,7 @@ CONFIG_HT_OVERRIDES=y
 CONFIG_VHT_OVERRIDES=y
 
 # Development testing
-#CONFIG_EAPOL_TEST=y
+CONFIG_EAPOL_TEST=y
 
 # Select control interface backend for external programs, e.g, wpa_cli:
 # unix = UNIX domain sockets (default for Linux/*BSD)
@@ -311,7 +311,7 @@ CONFIG_L2_PACKET=linux
 #CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
 
 # Support Operating Channel Validation
-#CONFIG_OCV=y
+CONFIG_OCV=y
 
 # Select TLS implementation
 # openssl = OpenSSL (default)
@@ -337,7 +337,6 @@ CONFIG_TLSV12=y
 
 # Select which ciphers to use by default with OpenSSL if the user does not
 # specify them.
-#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
 CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT@SECLEVEL=1"
 
 # If CONFIG_TLS=internal is used, additional library and include paths are
@@ -570,12 +569,12 @@ CONFIG_FST=y
 CONFIG_ACS=y
 
 # Support Multi Band Operation
-#CONFIG_MBO=y
+CONFIG_MBO=y
 
 # Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-#CONFIG_FILS=y
+CONFIG_FILS=y
 # FILS shared key authentication with PFS
-#CONFIG_FILS_SK_PFS=y
+CONFIG_FILS_SK_PFS=y
 
 # Support RSN on IBSS networks
 # This is needed to be able to use mode=1 network profile with proto=RSN and
@@ -634,4 +633,17 @@ CONFIG_WEP=y
 # design is still subject to change. As such, this should not yet be enabled in
 # production use.
 #CONFIG_PASN=y
+
+# WPA3-Enterprise (SuiteB-192)
+CONFIG_SUITEB=y
+
+CONFIG_SUITEB192=y
+
+# Driver support is also needed for IEEE 802.11w.
+CONFIG_IEEE80211W=y
+
+# IEEE 802.11n (High Throughput) support (mainly for AP mode)
+CONFIG_IEEE80211N=y
+
+# Used by eapol_test only, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985912
 CONFIG_IPV6=y