2021-01-31 21:35:23 +00:00
|
|
|
{ lib, stdenv, fetchurl, fetchpatch, openssl, pkg-config, libnl
|
2018-07-17 21:11:16 +01:00
|
|
|
, dbus, readline ? null, pcsclite ? null
|
2021-04-15 17:13:18 +01:00
|
|
|
|
|
|
|
, readOnlyModeSSIDs ? false
|
2013-01-29 16:37:06 +00:00
|
|
|
}:
|
2013-01-30 14:16:08 +00:00
|
|
|
|
2021-01-15 14:45:37 +00:00
|
|
|
with lib;
|
2012-02-20 14:26:01 +00:00
|
|
|
stdenv.mkDerivation rec {
|
2019-08-21 07:30:06 +01:00
|
|
|
version = "2.9";
|
2012-09-07 12:54:20 +01:00
|
|
|
|
2019-08-15 13:41:18 +01:00
|
|
|
pname = "wpa_supplicant";
|
2012-02-20 14:26:01 +00:00
|
|
|
|
2007-04-08 21:20:21 +01:00
|
|
|
src = fetchurl {
|
2019-08-15 13:41:18 +01:00
|
|
|
url = "https://w1.fi/releases/${pname}-${version}.tar.gz";
|
2019-08-21 07:30:06 +01:00
|
|
|
sha256 = "05qzak1mssnxcgdrafifxh9w86a4ha69qabkg4bsigk499xyxggw";
|
2007-04-08 21:20:21 +01:00
|
|
|
};
|
2012-09-07 12:54:20 +01:00
|
|
|
|
2019-10-02 20:16:56 +01:00
|
|
|
patches = [
|
|
|
|
(fetchurl {
|
|
|
|
name = "CVE-2019-16275.patch";
|
|
|
|
url = "https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch";
|
|
|
|
sha256 = "15xjyy7crb557wxpx898b5lnyblxghlij0xby5lmj9hpwwss34dz";
|
|
|
|
})
|
2021-01-31 21:35:23 +00:00
|
|
|
(fetchpatch {
|
|
|
|
# Expose OWE key management capability over DBus, remove >= 2.10
|
|
|
|
name = "dbus-Export-OWE-capability-and-OWE-BSS-key_mgmt.patch";
|
|
|
|
url = "https://w1.fi/cgit/hostap/patch/?id=7800725afb27397f7d6033d4969e2aeb61af4737";
|
|
|
|
sha256 = "0c1la7inf4m5y9gzdjjdnhpkx32pm8vi6m5knih8p77q4mbrdgg8";
|
|
|
|
})
|
2021-02-03 23:20:07 +00:00
|
|
|
# P2P: Fix copying of secondary device types for P2P group client (https://w1.fi/security/2020-2/)
|
|
|
|
(fetchurl {
|
|
|
|
name = "CVE-2021-0326.patch";
|
|
|
|
url = "https://w1.fi/security/2020-2/0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch";
|
|
|
|
sha256 = "19f4hx0p547mdx8y8arb3vclwyy4w9c8a6a40ryj7q33730mrmn4";
|
|
|
|
})
|
2021-02-25 19:57:49 +00:00
|
|
|
# P2P: Fix a corner case in peer addition based on PD Request (https://w1.fi/security/2021-1/)
|
|
|
|
(fetchurl {
|
2021-02-27 12:11:35 +00:00
|
|
|
name = "CVE-2021-27803.patch";
|
2021-02-25 19:57:49 +00:00
|
|
|
url = "https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch";
|
|
|
|
sha256 = "04cnds7hmbqc44jasabjvrdnh66i5hwvk2h2m5z94pmgbzncyh3z";
|
|
|
|
})
|
2021-04-13 17:44:35 +01:00
|
|
|
# In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.
|
|
|
|
(fetchpatch {
|
|
|
|
name = "CVE-2021-30004.patch";
|
|
|
|
url = "https://w1.fi/cgit/hostap/patch/?id=a0541334a6394f8237a4393b7372693cd7e96f15";
|
|
|
|
sha256 = "1gbhlz41x1ar1hppnb76pqxj6vimiypy7c4kq6h658637s4am3xg";
|
|
|
|
})
|
2021-04-15 17:13:18 +01:00
|
|
|
] ++ lib.optionals readOnlyModeSSIDs [
|
2021-02-19 18:56:19 +00:00
|
|
|
# Allow read-only networks
|
|
|
|
./0001-Implement-read-only-mode-for-ssids.patch
|
2019-10-02 20:16:56 +01:00
|
|
|
];
|
|
|
|
|
2015-04-24 21:27:40 +01:00
|
|
|
# TODO: Patch epoll so that the dbus actually responds
|
|
|
|
# TODO: Figure out how to get privsep working, currently getting SIGBUS
|
|
|
|
extraConfig = ''
|
2015-08-26 22:35:49 +01:00
|
|
|
CONFIG_AP=y
|
2015-04-24 21:27:40 +01:00
|
|
|
CONFIG_LIBNL32=y
|
|
|
|
CONFIG_EAP_FAST=y
|
|
|
|
CONFIG_EAP_PWD=y
|
|
|
|
CONFIG_EAP_PAX=y
|
|
|
|
CONFIG_EAP_SAKE=y
|
|
|
|
CONFIG_EAP_GPSK=y
|
|
|
|
CONFIG_EAP_GPSK_SHA256=y
|
2021-01-31 21:35:23 +00:00
|
|
|
CONFIG_OWE=y
|
2015-04-24 21:27:40 +01:00
|
|
|
CONFIG_WPS=y
|
|
|
|
CONFIG_WPS_ER=y
|
|
|
|
CONFIG_WPS_NFS=y
|
|
|
|
CONFIG_EAP_IKEV2=y
|
|
|
|
CONFIG_EAP_EKE=y
|
|
|
|
CONFIG_HT_OVERRIDES=y
|
|
|
|
CONFIG_VHT_OVERRIDES=y
|
|
|
|
CONFIG_ELOOP=eloop
|
|
|
|
#CONFIG_ELOOP_EPOLL=y
|
|
|
|
CONFIG_L2_PACKET=linux
|
|
|
|
CONFIG_IEEE80211W=y
|
|
|
|
CONFIG_TLS=openssl
|
|
|
|
CONFIG_TLSV11=y
|
2015-06-22 16:33:06 +01:00
|
|
|
#CONFIG_TLSV12=y see #8332
|
2015-04-24 21:27:40 +01:00
|
|
|
CONFIG_IEEE80211R=y
|
|
|
|
CONFIG_DEBUG_SYSLOG=y
|
|
|
|
#CONFIG_PRIVSEP=y
|
|
|
|
CONFIG_IEEE80211N=y
|
|
|
|
CONFIG_IEEE80211AC=y
|
|
|
|
CONFIG_INTERNETWORKING=y
|
|
|
|
CONFIG_HS20=y
|
|
|
|
CONFIG_P2P=y
|
|
|
|
CONFIG_TDLS=y
|
2016-12-13 19:39:14 +00:00
|
|
|
CONFIG_BGSCAN_SIMPLE=y
|
2021-04-04 17:41:14 +01:00
|
|
|
CONFIG_BGSCAN_LEARN=y
|
2015-04-24 21:27:40 +01:00
|
|
|
'' + optionalString (pcsclite != null) ''
|
|
|
|
CONFIG_EAP_SIM=y
|
|
|
|
CONFIG_EAP_AKA=y
|
|
|
|
CONFIG_EAP_AKA_PRIME=y
|
|
|
|
CONFIG_PCSC=y
|
2018-07-17 21:11:16 +01:00
|
|
|
'' + optionalString (dbus != null) ''
|
2015-04-24 21:27:40 +01:00
|
|
|
CONFIG_CTRL_IFACE_DBUS=y
|
|
|
|
CONFIG_CTRL_IFACE_DBUS_NEW=y
|
|
|
|
CONFIG_CTRL_IFACE_DBUS_INTRO=y
|
|
|
|
'' + (if readline != null then ''
|
|
|
|
CONFIG_READLINE=y
|
|
|
|
'' else ''
|
|
|
|
CONFIG_WPA_CLI_EDIT=y
|
|
|
|
'');
|
2012-09-07 12:54:20 +01:00
|
|
|
|
2009-04-04 01:21:21 +01:00
|
|
|
preBuild = ''
|
2018-11-23 11:29:26 +00:00
|
|
|
for manpage in wpa_supplicant/doc/docbook/wpa_supplicant.conf* ; do
|
|
|
|
substituteInPlace "$manpage" --replace /usr/share/doc $out/share/doc
|
|
|
|
done
|
2008-04-21 09:32:30 +01:00
|
|
|
cd wpa_supplicant
|
2011-06-07 22:48:41 +01:00
|
|
|
cp -v defconfig .config
|
2013-01-30 14:16:08 +00:00
|
|
|
echo "$extraConfig" >> .config
|
2015-04-24 21:27:40 +01:00
|
|
|
cat -n .config
|
2007-04-08 21:20:21 +01:00
|
|
|
substituteInPlace Makefile --replace /usr/local $out
|
2015-04-24 21:27:40 +01:00
|
|
|
export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE \
|
2021-01-15 14:45:37 +00:00
|
|
|
-I$(echo "${lib.getDev libnl}"/include/libnl*/) \
|
|
|
|
-I${lib.getDev pcsclite}/include/PCSC/"
|
2009-04-04 01:21:21 +01:00
|
|
|
'';
|
2007-04-08 21:20:21 +01:00
|
|
|
|
2018-07-17 21:11:16 +01:00
|
|
|
buildInputs = [ openssl libnl dbus readline pcsclite ];
|
2011-09-11 08:27:01 +01:00
|
|
|
|
2021-01-19 06:50:56 +00:00
|
|
|
nativeBuildInputs = [ pkg-config ];
|
2011-09-11 08:27:01 +01:00
|
|
|
|
2009-04-04 01:21:21 +01:00
|
|
|
postInstall = ''
|
2012-01-18 20:16:00 +00:00
|
|
|
mkdir -p $out/share/man/man5 $out/share/man/man8
|
2014-03-11 11:34:48 +00:00
|
|
|
cp -v "doc/docbook/"*.5 $out/share/man/man5/
|
|
|
|
cp -v "doc/docbook/"*.8 $out/share/man/man8/
|
2019-10-14 17:57:44 +01:00
|
|
|
|
|
|
|
mkdir -p $out/share/dbus-1/system.d $out/share/dbus-1/system-services $out/etc/systemd/system
|
2014-03-11 11:34:48 +00:00
|
|
|
cp -v "dbus/"*service $out/share/dbus-1/system-services
|
|
|
|
sed -e "s@/sbin/wpa_supplicant@$out&@" -i "$out/share/dbus-1/system-services/"*
|
2019-09-16 17:03:15 +01:00
|
|
|
cp -v dbus/dbus-wpa_supplicant.conf $out/share/dbus-1/system.d
|
2014-03-11 11:34:48 +00:00
|
|
|
cp -v "systemd/"*.service $out/etc/systemd/system
|
2019-10-14 17:57:44 +01:00
|
|
|
|
2015-05-15 10:08:22 +01:00
|
|
|
rm $out/share/man/man8/wpa_priv.8
|
2018-11-09 17:02:45 +00:00
|
|
|
install -Dm444 wpa_supplicant.conf $out/share/doc/wpa_supplicant/wpa_supplicant.conf.example
|
2014-03-11 11:34:48 +00:00
|
|
|
'';
|
2009-04-04 01:21:21 +01:00
|
|
|
|
2021-01-11 07:54:33 +00:00
|
|
|
meta = with lib; {
|
2021-02-25 20:26:56 +00:00
|
|
|
homepage = "https://w1.fi/wpa_supplicant/";
|
2009-04-04 01:21:21 +01:00
|
|
|
description = "A tool for connecting to WPA and WPA2-protected wireless networks";
|
2015-04-24 21:27:40 +01:00
|
|
|
license = licenses.bsd3;
|
2021-04-15 17:13:18 +01:00
|
|
|
maintainers = with maintainers; [ marcweber ma27 ];
|
2015-04-24 21:27:40 +01:00
|
|
|
platforms = platforms.linux;
|
2009-04-04 01:21:21 +01:00
|
|
|
};
|
2007-04-08 21:20:21 +01:00
|
|
|
}
|