From ae491f828709c90bb841a8a7a23db13ed28baa83 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Nov 03 2016 06:00:20 +0000
Subject: import wpa_supplicant-2.0-20.el7


---

diff --git a/SOURCES/0017-rh1085473-nl-event-resubscribe.patch b/SOURCES/0017-rh1085473-nl-event-resubscribe.patch
new file mode 100644
index 0000000..24ae9ec
--- /dev/null
+++ b/SOURCES/0017-rh1085473-nl-event-resubscribe.patch
@@ -0,0 +1,86 @@
+From 3a5179e49fbbd5eb3df00e476e380915dd84eb05 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 22 Feb 2015 18:03:42 +0200
+Subject: [PATCH] nl80211: Resubscribe to nl80211 events on global nl_event
+ socket
+
+This allows wpa_supplicant to recover from some of the cases where
+cfg80211 is unloaded and reloaded without restarting wpa_supplicant. The
+netlink socket used for nl80211 events (global->nl_event) seemed to end
+up in otherwise functionality state, but with all the event memberships
+lost when cfg80211 gets reloaded.
+
+There does not seem to be any clear way of determining when this has
+happened, so it looks simplest to just try to re-subscribe to all the
+events whenever an interface is re-enabled or added.
+
+[lkundrak@v3.sk: 2.0 backport]
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+(cherry picked from commit f51f54a007e0de1d413dee3523472d3bbeed2ecc)
+---
+ src/drivers/driver_nl80211.c | 27 +++++++++++++++++++++++++++
+ 1 file changed, 27 insertions(+)
+
+diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
+index 37b6be9..097265c 100644
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -184,6 +184,7 @@ struct nl80211_wiphy_data {
+ };
+ 
+ static void nl80211_global_deinit(void *priv);
++static void nl80211_check_global(struct nl80211_global *global);
+ static void wpa_driver_nl80211_deinit(void *priv);
+ 
+ struct i802_bss {
+@@ -852,6 +853,7 @@ static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
+ 		return 1;
+ 
+ 	if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) {
++		nl80211_check_global(drv->global);
+ 		drv->first_bss.ifindex = if_nametoindex(drv->first_bss.ifname);
+ 		wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
+ 			   "interface");
+@@ -2918,6 +2920,30 @@ static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv)
+ }
+ 
+ 
++static void nl80211_check_global(struct nl80211_global *global)
++{
++	const char *groups[] = { "scan", "mlme", "regulatory", "vendor", NULL };
++	int ret;
++	unsigned int i;
++
++	/*
++	 * Try to re-add memberships to handle case of cfg80211 getting reloaded
++	 * and all registration having been cleared.
++	 */
++
++	for (i = 0; groups[i]; i++) {
++		ret = nl_get_multicast_id(global, "nl80211", groups[i]);
++		if (ret >= 0)
++			ret = nl_socket_add_membership(global->nl_event, ret);
++		if (ret < 0) {
++			wpa_printf(MSG_INFO,
++				   "nl80211: Could not re-add multicast membership for %s events: %d (%s)",
++				   groups[i], ret, strerror(-ret));
++		}
++	}
++}
++
++
+ static void wpa_driver_nl80211_rfkill_blocked(void *ctx)
+ {
+ 	wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked");
+@@ -3137,6 +3163,7 @@ static void * wpa_driver_nl80211_init(void *ctx, const char *ifname,
+ 	}
+ 
+ 	if (drv->global) {
++		nl80211_check_global(drv->global);
+ 		dl_list_add(&drv->global->interfaces, &drv->list);
+ 		drv->in_interface_list = 1;
+ 	}
+-- 
+2.5.0
+
diff --git a/SOURCES/0018-rh1319796-dbus-deny-interface.patch b/SOURCES/0018-rh1319796-dbus-deny-interface.patch
new file mode 100644
index 0000000..bee4e76
--- /dev/null
+++ b/SOURCES/0018-rh1319796-dbus-deny-interface.patch
@@ -0,0 +1,48 @@
+From df9e2c2a55eec199ba2c624897df22bfa48fa318 Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Wed, 27 Jan 2016 17:02:07 +0100
+Subject: D-Bus: Don't do <deny send_interface="..." /> in dbus service file
+
+It does more than intended; apart from denying messages to that
+particular interface it also denies all messages non-qualified with an
+interface globally. This blocks messages completely unrelated to
+wpa_supplicant, such as NetworkManager communication with the VPN
+plugins.
+
+From the dbus-daemon manual:
+
+  Be careful with send_interface/receive_interface, because the
+  interface field in messages is optional. In particular, do NOT
+  specify <deny send_interface="org.foo.Bar"/>! This will cause
+  no-interface messages to be blocked for all services, which is almost
+  certainly not what you intended. Always use rules of the form: <deny
+  send_interface="org.foo.Bar" send_destination="org.foo.Service"/>
+
+We can just safely remove those rules, since we're sufficiently
+protected by the send_destination matches and method calls are
+disallowed by default anyway.
+
+Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
+---
+ wpa_supplicant/dbus/dbus-wpa_supplicant.conf | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
+index c091234..382dcb3 100644
+--- a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
++++ b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
+@@ -17,11 +17,9 @@
+         <policy context="default">
+                 <deny own="fi.epitest.hostap.WPASupplicant"/>
+                 <deny send_destination="fi.epitest.hostap.WPASupplicant"/>
+-                <deny send_interface="fi.epitest.hostap.WPASupplicant"/>
+ 
+                 <deny own="fi.w1.wpa_supplicant1"/>
+                 <deny send_destination="fi.w1.wpa_supplicant1"/>
+-                <deny send_interface="fi.w1.wpa_supplicant1"/>
+                 <deny receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
+         </policy>
+ </busconfig>
+-- 
+cgit v0.12
+
diff --git a/SPECS/wpa_supplicant.spec b/SPECS/wpa_supplicant.spec
index 9562599..99e383a 100644
--- a/SPECS/wpa_supplicant.spec
+++ b/SPECS/wpa_supplicant.spec
@@ -7,7 +7,7 @@ Summary: WPA/WPA2/IEEE 802.1X Supplicant
 Name: wpa_supplicant
 Epoch: 1
 Version: 2.0
-Release: 17%{?dist}
+Release: 20%{?dist}
 License: BSD
 Group: System Environment/Base
 Source0: http://w1.fi/releases/%{name}-%{version}%{rcver}%{snapshot}.tar.gz
@@ -52,6 +52,9 @@ Patch14: 0014-rh1178263-cert_in_cb.patch
 Patch15: 0015-CVE-2015-1863-p2p-ssid.patch
 # Fix integer underflow in WMM Action frame parser: rh #1221178
 Patch16: 0016-rh1221178-fix-int-unferflow-AP-WMM.patch
+# Resubscribe to netlink events when cfg80211 module gets removed and added
+Patch17: 0017-rh1085473-nl-event-resubscribe.patch
+Patch18: 0018-rh1319796-dbus-deny-interface.patch
 
 URL: http://w1.fi/wpa_supplicant/
 
@@ -105,6 +108,8 @@ Graphical User Interface for wpa_supplicant written using QT
 %patch14 -p1 -b .cert-in-cb
 %patch15 -p1 -b .CVE-2015-1863
 %patch16 -p1 -b .rh1221178-WMM-fix
+%patch17 -p1 -b .rh1085473-nl-event-resubscribe
+%patch18 -p1 -b .rh1319796-dbus-deny-interface
 
 %build
 pushd wpa_supplicant
@@ -128,7 +133,7 @@ popd
 
 %install
 # init scripts
-install -D -m 0755 %{SOURCE3} %{buildroot}/%{_unitdir}/%{name}.service
+install -D -m 0644 %{SOURCE3} %{buildroot}/%{_unitdir}/%{name}.service
 install -D -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/sysconfig/%{name}
 install -D -m 0644 %{SOURCE6} %{buildroot}/%{_sysconfdir}/logrotate.d/%{name}
 
@@ -219,8 +224,17 @@ fi
 %endif
 
 %changelog
+* Mon Mar 21 2016 Lubomir Rintel <lrintel@redhat.com> - 1:2.0-20
+- D-Bus: Don't do <deny send_interface="..." /> in dbus service file (rh #1319796)
+
+* Mon Jan 11 2016 Lubomir Rintel <lrintel@redhat.com> - 1:2.0-19
+- nl80211: resubscribe to netlink events when cfg80211 gets re-added (rh #1085473)
+
+* Tue Dec  1 2015 Jiří Klimeš <jklimes@redhat.com> - 1:2.0-18
+- spec: do not install wpa_supplicant.service as executable (rh #1286965)
+
 * Wed May 20 2015 Jiří Klimeš <jklimes@redhat.com> - 1:2.0-17
-- AP WMM: Fix integer underflow in WMM Action frame parser (rh #1221178) (rh #1222015)
+- AP WMM: Fix integer underflow in WMM Action frame parser (rh #1221178) (rh #1222016)
 
 * Tue Apr 28 2015 Dan Winship <danw@redhat.com> - 1:2.0-16
 - P2P: Validate SSID element length before copying it (CVE-2015-1863)