summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2018-12-29 23:13:15 +0000
committer Eric Hameleers <alien@slackware.com>2018-12-30 08:59:46 +0100
commit527328c5da0d2375ca5dfc2a053c9fe328839918 (patch)
treed2773d407aba234712f864db90e15c99a9e08da5
parent1e1c447e2ef274f8b3733ba21570e74c3bc757b7 (diff)
downloadcurrent-527328c5da0d2375ca5dfc2a053c9fe328839918.tar.gz
current-527328c5da0d2375ca5dfc2a053c9fe328839918.tar.xz
Sat Dec 29 23:13:15 UTC 201820181229231315
a/kernel-generic-4.19.13-x86_64-1.txz: Upgraded. a/kernel-huge-4.19.13-x86_64-1.txz: Upgraded. a/kernel-modules-4.19.13-x86_64-1.txz: Upgraded. d/doxygen-1.8.15-x86_64-1.txz: Upgraded. d/kernel-headers-4.19.13-x86-1.txz: Upgraded. k/kernel-source-4.19.13-noarch-1.txz: Upgraded. FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER y -> n l/libsecret-0.18.7-x86_64-1.txz: Upgraded. n/wpa_supplicant-2.6-x86_64-6.txz: Upgraded. It seems we're not the only ones with broken WPA2-Enterprise support with wpa_supplicant-2.7, so we'll fix it the same way as everyone else - by reverting to wpa_supplicant-2.6 for now. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. testing/packages/wpa_supplicant-2.7-x86_64-2.txz: Upgraded. Applied a patch from Gentoo to allow building CONFIG_IEEE80211X=y without the experimental CONFIG_FILS=y option. usb-and-pxe-installers/usbboot.img: Rebuilt.
-rw-r--r--ChangeLog.rss34
-rw-r--r--ChangeLog.txt22
-rw-r--r--FILELIST.TXT295
-rw-r--r--README.initrd14
-rw-r--r--isolinux/message.txt2
-rw-r--r--kernels/VERSIONS.TXT2
-rwxr-xr-xrecompress.sh19
-rw-r--r--slackware64/a/maketag6
-rw-r--r--slackware64/a/maketag.ez6
-rw-r--r--slackware64/k/maketag2
-rw-r--r--slackware64/k/maketag.ez2
-rw-r--r--source/d/doxygen/doxygen.9468ede.diff52
-rwxr-xr-xsource/d/doxygen/doxygen.SlackBuild9
-rw-r--r--source/d/doxygen/doxygen.url1
-rw-r--r--source/d/doxygen/slack-desc2
-rw-r--r--source/k/kernel-configs/config-generic-4.19.13 (renamed from source/k/kernel-configs/config-generic-4.19.12)4
-rw-r--r--source/k/kernel-configs/config-generic-4.19.13.x64 (renamed from source/k/kernel-configs/config-generic-4.19.12.x64)4
-rw-r--r--source/k/kernel-configs/config-generic-smp-4.19.13-smp (renamed from source/k/kernel-configs/config-generic-smp-4.19.12-smp)4
-rw-r--r--source/k/kernel-configs/config-huge-4.19.13 (renamed from source/k/kernel-configs/config-huge-4.19.12)4
-rw-r--r--source/k/kernel-configs/config-huge-4.19.13.x64 (renamed from source/k/kernel-configs/config-huge-4.19.12.x64)4
-rw-r--r--source/k/kernel-configs/config-huge-smp-4.19.13-smp (renamed from source/k/kernel-configs/config-huge-smp-4.19.12-smp)4
-rwxr-xr-xsource/l/libsecret/libsecret.SlackBuild2
-rw-r--r--source/n/wpa_supplicant/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch174
-rw-r--r--source/n/wpa_supplicant/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch250
-rw-r--r--source/n/wpa_supplicant/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch184
-rw-r--r--source/n/wpa_supplicant/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch79
-rw-r--r--source/n/wpa_supplicant/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch64
-rw-r--r--source/n/wpa_supplicant/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch132
-rw-r--r--source/n/wpa_supplicant/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch43
-rw-r--r--source/n/wpa_supplicant/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch82
-rw-r--r--source/n/wpa_supplicant/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt226
-rw-r--r--source/n/wpa_supplicant/config/dot.config615
-rw-r--r--source/n/wpa_supplicant/patches/Fix-openssl-1-1-private-key-callback.patch127
-rw-r--r--source/n/wpa_supplicant/patches/rh1451834-nl80211-Fix-race-condition-in-detecting-MAC-change.patch99
-rw-r--r--source/n/wpa_supplicant/patches/rh1497640-pae-validate-input-before-pointer.patch78
-rw-r--r--source/n/wpa_supplicant/slack-desc2
-rwxr-xr-xsource/n/wpa_supplicant/wpa_supplicant.SlackBuild16
-rw-r--r--testing/source/wpa_supplicant/README.slackware55
-rw-r--r--testing/source/wpa_supplicant/config/dot.config598
-rw-r--r--testing/source/wpa_supplicant/config/wpa_gui.desktop7
-rw-r--r--testing/source/wpa_supplicant/config/wpa_gui.pngbin0 -> 5124 bytes
-rw-r--r--testing/source/wpa_supplicant/config/wpa_supplicant.conf2
-rw-r--r--testing/source/wpa_supplicant/config/wpa_supplicant.logrotate6
-rw-r--r--testing/source/wpa_supplicant/doinst.sh15
-rw-r--r--testing/source/wpa_supplicant/patches/wpa_supplicant-2.7-fix-undefined-remove-ie.patch38
-rw-r--r--testing/source/wpa_supplicant/patches/wpa_supplicant-assoc-timeout.patch16
-rw-r--r--testing/source/wpa_supplicant/patches/wpa_supplicant-dbus-service-file-args.patch20
-rw-r--r--testing/source/wpa_supplicant/patches/wpa_supplicant-flush-debug-output.patch49
-rw-r--r--testing/source/wpa_supplicant/patches/wpa_supplicant-gui-qt4.patch41
-rw-r--r--testing/source/wpa_supplicant/patches/wpa_supplicant-quiet-scan-results-message.patch30
-rw-r--r--testing/source/wpa_supplicant/slack-desc18
-rwxr-xr-xtesting/source/wpa_supplicant/wpa_supplicant.SlackBuild177
52 files changed, 2928 insertions, 809 deletions
diff --git a/ChangeLog.rss b/ChangeLog.rss
index db00d5aa..efb99ef6 100644
--- a/ChangeLog.rss
+++ b/ChangeLog.rss
@@ -11,10 +11,38 @@
<description>Tracking Slackware development in git.</description>
<language>en-us</language>
<id xmlns="http://www.w3.org/2005/Atom">urn:uuid:c964f45e-6732-11e8-bbe5-107b4450212f</id>
- <pubDate>Fri, 28 Dec 2018 00:23:43 GMT</pubDate>
- <lastBuildDate>Fri, 28 Dec 2018 07:59:42 GMT</lastBuildDate>
+ <pubDate>Sat, 29 Dec 2018 23:13:15 GMT</pubDate>
+ <lastBuildDate>Sun, 30 Dec 2018 07:59:43 GMT</lastBuildDate>
<generator>maintain_current_git.sh v 1.10</generator>
<item>
+ <title>Sat, 29 Dec 2018 23:13:15 GMT</title>
+ <pubDate>Sat, 29 Dec 2018 23:13:15 GMT</pubDate>
+ <link>https://git.slackware.nl/current/tag/?h=20181229231315</link>
+ <guid isPermaLink="false">20181229231315</guid>
+ <description>
+ <![CDATA[<pre>
+a/kernel-generic-4.19.13-x86_64-1.txz: Upgraded.
+a/kernel-huge-4.19.13-x86_64-1.txz: Upgraded.
+a/kernel-modules-4.19.13-x86_64-1.txz: Upgraded.
+d/doxygen-1.8.15-x86_64-1.txz: Upgraded.
+d/kernel-headers-4.19.13-x86-1.txz: Upgraded.
+k/kernel-source-4.19.13-noarch-1.txz: Upgraded.
+ FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER y -> n
+l/libsecret-0.18.7-x86_64-1.txz: Upgraded.
+n/wpa_supplicant-2.6-x86_64-6.txz: Upgraded.
+ It seems we're not the only ones with broken WPA2-Enterprise support
+ with wpa_supplicant-2.7, so we'll fix it the same way as everyone else -
+ by reverting to wpa_supplicant-2.6 for now.
+isolinux/initrd.img: Rebuilt.
+kernels/*: Upgraded.
+testing/packages/wpa_supplicant-2.7-x86_64-2.txz: Upgraded.
+ Applied a patch from Gentoo to allow building CONFIG_IEEE80211X=y without
+ the experimental CONFIG_FILS=y option.
+usb-and-pxe-installers/usbboot.img: Rebuilt.
+ </pre>]]>
+ </description>
+ </item>
+ <item>
<title>Fri, 28 Dec 2018 00:23:43 GMT</title>
<pubDate>Fri, 28 Dec 2018 00:23:43 GMT</pubDate>
<link>https://git.slackware.nl/current/tag/?h=20181228002343</link>
@@ -39,7 +67,7 @@ l/libsigsegv-2.12-x86_64-3.txz: Rebuilt.
always a bad idea prone to corner-case bugs), and with basically everyone
else moving everything into /usr, no upstream is developing with this
scenario in mind these days. Some of the problems caused by separate /usr
- are simply not possibly to fix in a straightforward fashion. Consider it a
+ are simply not possible to fix in a straightforward fashion. Consider it a
completely unsupported configuration choice. While it's not my style to
make the installer refuse to allow it, I won't be bending over backwards
to try to fix bugs related to this in the future. If I recall properly,
diff --git a/ChangeLog.txt b/ChangeLog.txt
index dd94c210..71c73a77 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,23 @@
+Sat Dec 29 23:13:15 UTC 2018
+a/kernel-generic-4.19.13-x86_64-1.txz: Upgraded.
+a/kernel-huge-4.19.13-x86_64-1.txz: Upgraded.
+a/kernel-modules-4.19.13-x86_64-1.txz: Upgraded.
+d/doxygen-1.8.15-x86_64-1.txz: Upgraded.
+d/kernel-headers-4.19.13-x86-1.txz: Upgraded.
+k/kernel-source-4.19.13-noarch-1.txz: Upgraded.
+ FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER y -> n
+l/libsecret-0.18.7-x86_64-1.txz: Upgraded.
+n/wpa_supplicant-2.6-x86_64-6.txz: Upgraded.
+ It seems we're not the only ones with broken WPA2-Enterprise support
+ with wpa_supplicant-2.7, so we'll fix it the same way as everyone else -
+ by reverting to wpa_supplicant-2.6 for now.
+isolinux/initrd.img: Rebuilt.
+kernels/*: Upgraded.
+testing/packages/wpa_supplicant-2.7-x86_64-2.txz: Upgraded.
+ Applied a patch from Gentoo to allow building CONFIG_IEEE80211X=y without
+ the experimental CONFIG_FILS=y option.
+usb-and-pxe-installers/usbboot.img: Rebuilt.
++--------------------------+
Fri Dec 28 00:23:43 UTC 2018
a/aaa_elflibs-15.0-x86_64-3.txz: Rebuilt.
Moved libsigsegv.so.2 from /usr/lib{,64} to /lib{,64}.
@@ -17,7 +37,7 @@ l/libsigsegv-2.12-x86_64-3.txz: Rebuilt.
always a bad idea prone to corner-case bugs), and with basically everyone
else moving everything into /usr, no upstream is developing with this
scenario in mind these days. Some of the problems caused by separate /usr
- are simply not possibly to fix in a straightforward fashion. Consider it a
+ are simply not possible to fix in a straightforward fashion. Consider it a
completely unsupported configuration choice. While it's not my style to
make the installer refuse to allow it, I won't be bending over backwards
to try to fix bugs related to this in the future. If I recall properly,
diff --git a/FILELIST.TXT b/FILELIST.TXT
index d15326cd..6d9e0ff8 100644
--- a/FILELIST.TXT
+++ b/FILELIST.TXT
@@ -1,35 +1,35 @@
-Fri Dec 28 00:35:17 UTC 2018
+Sat Dec 29 23:26:20 UTC 2018
Here is the file list for this directory. If you are using a
mirror site and find missing or extra files in the disk
subdirectories, please have the archive administrator refresh
the mirror.
-drwxr-xr-x 12 root root 4096 2018-12-28 00:23 .
+drwxr-xr-x 12 root root 4096 2018-12-29 23:13 .
-rw-r--r-- 1 root root 10064 2016-06-30 18:39 ./ANNOUNCE.14_2
-rw-r--r-- 1 root root 14341 2018-11-29 05:40 ./CHANGES_AND_HINTS.TXT
--rw-r--r-- 1 root root 911462 2018-12-25 03:27 ./CHECKSUMS.md5
--rw-r--r-- 1 root root 163 2018-12-25 03:27 ./CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 911500 2018-12-28 00:36 ./CHECKSUMS.md5
+-rw-r--r-- 1 root root 163 2018-12-28 00:36 ./CHECKSUMS.md5.asc
-rw-r--r-- 1 root root 17976 1994-06-10 02:28 ./COPYING
-rw-r--r-- 1 root root 35147 2007-06-30 04:21 ./COPYING3
-rw-r--r-- 1 root root 19573 2016-06-23 20:08 ./COPYRIGHT.TXT
-rw-r--r-- 1 root root 616 2006-10-02 04:37 ./CRYPTO_NOTICE.TXT
--rw-r--r-- 1 root root 535995 2018-12-28 00:23 ./ChangeLog.txt
+-rw-r--r-- 1 root root 536944 2018-12-29 23:13 ./ChangeLog.txt
drwxr-xr-x 3 root root 4096 2013-03-20 22:17 ./EFI
-drwxr-xr-x 2 root root 4096 2018-12-22 04:37 ./EFI/BOOT
+drwxr-xr-x 2 root root 4096 2018-12-29 23:12 ./EFI/BOOT
-rw-r--r-- 1 root root 1253376 2018-02-24 20:49 ./EFI/BOOT/bootx64.efi
-rw-r--r-- 1 root root 78 2013-09-23 20:35 ./EFI/BOOT/grub-embedded.cfg
-rw-r--r-- 1 root root 893 2018-04-17 21:17 ./EFI/BOOT/grub.cfg
--rw-r--r-- 2 root root 9508736 2018-12-22 03:27 ./EFI/BOOT/huge.s
--rw-r--r-- 2 root root 37036664 2018-12-22 04:29 ./EFI/BOOT/initrd.img
+-rw-r--r-- 2 root root 9508736 2018-12-29 22:09 ./EFI/BOOT/huge.s
+-rw-r--r-- 2 root root 37037948 2018-12-29 23:12 ./EFI/BOOT/initrd.img
-rwxr-xr-x 1 root root 2494 2018-02-24 20:49 ./EFI/BOOT/make-grub.sh
-rw-r--r-- 1 root root 10722 2013-09-21 19:02 ./EFI/BOOT/osdetect.cfg
-rw-r--r-- 1 root root 1273 2013-08-12 21:08 ./EFI/BOOT/tools.cfg
--rw-r--r-- 1 root root 1199838 2018-12-25 03:26 ./FILELIST.TXT
+-rw-r--r-- 1 root root 1199876 2018-12-28 00:35 ./FILELIST.TXT
-rw-r--r-- 1 root root 1572 2012-08-29 18:27 ./GPG-KEY
--rw-r--r-- 1 root root 730970 2018-12-28 00:33 ./PACKAGES.TXT
+-rw-r--r-- 1 root root 731021 2018-12-29 23:23 ./PACKAGES.TXT
-rw-r--r-- 1 root root 8564 2016-06-28 21:33 ./README.TXT
--rw-r--r-- 1 root root 3634 2018-12-22 04:03 ./README.initrd
+-rw-r--r-- 1 root root 3634 2018-12-29 22:37 ./README.initrd
-rw-r--r-- 1 root root 34412 2017-12-01 17:44 ./README_CRYPT.TXT
-rw-r--r-- 1 root root 8751 2016-06-28 21:44 ./README_LVM.TXT
-rw-r--r-- 1 root root 19658 2013-06-18 04:34 ./README_RAID.TXT
@@ -728,16 +728,16 @@ drwxr-xr-x 2 root root 4096 2011-01-31 03:46 ./extra/xf86-video-nouveau-bl
-rw-r--r-- 1 root root 645 2010-04-27 21:47 ./extra/xf86-video-nouveau-blacklist/xf86-video-nouveau-blacklist-noarch-1.txt
-rw-r--r-- 1 root root 880 2010-04-27 21:47 ./extra/xf86-video-nouveau-blacklist/xf86-video-nouveau-blacklist-noarch-1.txz
-rw-r--r-- 1 root root 198 2010-04-27 21:47 ./extra/xf86-video-nouveau-blacklist/xf86-video-nouveau-blacklist-noarch-1.txz.asc
-drwxr-xr-x 3 root root 4096 2018-12-22 04:37 ./isolinux
+drwxr-xr-x 3 root root 4096 2018-12-29 23:12 ./isolinux
-rw-r--r-- 1 root root 6183 2017-11-18 18:47 ./isolinux/README.TXT
-rw-r--r-- 1 root root 788 2007-03-17 19:50 ./isolinux/README_SPLIT.TXT
-rw-r--r-- 1 root root 1474560 2018-02-24 20:49 ./isolinux/efiboot.img
-rw-r--r-- 1 root root 574 2013-10-24 00:19 ./isolinux/f2.txt
--rw-r--r-- 2 root root 37036664 2018-12-22 04:29 ./isolinux/initrd.img
+-rw-r--r-- 2 root root 37037948 2018-12-29 23:12 ./isolinux/initrd.img
-rw-r--r-- 1 root root 50 2003-01-18 00:02 ./isolinux/iso.sort
-rw-r--r-- 1 root root 24576 2016-05-27 20:36 ./isolinux/isolinux.bin
-rw-r--r-- 1 root root 578 2013-03-27 03:29 ./isolinux/isolinux.cfg
--rw-r--r-- 1 root root 683 2018-12-22 04:03 ./isolinux/message.txt
+-rw-r--r-- 1 root root 683 2018-12-29 22:37 ./isolinux/message.txt
drwxr-xr-x 2 root root 4096 2003-03-17 07:31 ./isolinux/sbootmgr
-rwxr-xr-x 1 root root 36064 1995-05-12 01:23 ./isolinux/sbootmgr/RAWRITE.EXE
-rw-r--r-- 1 root root 2138 1997-12-01 01:21 ./isolinux/sbootmgr/RAWRITE12.DOC
@@ -748,12 +748,12 @@ lrwxrwxrwx 1 root root 11 2009-08-23 23:37 ./isolinux/sbootmgr/RAWRITE13
-rw-r--r-- 1 root root 1291 2003-03-17 07:31 ./isolinux/sbootmgr/README.TXT
-rw-r--r-- 1 root root 110592 2003-03-16 08:38 ./isolinux/sbootmgr/sbootmgr.dsk
-rw-r--r-- 1 root root 3024 2018-03-03 01:37 ./isolinux/setpkg
-drwxr-xr-x 5 root root 4096 2018-12-22 04:03 ./kernels
--rw-r--r-- 1 root root 37 2018-12-22 04:03 ./kernels/VERSIONS.TXT
-drwxr-xr-x 2 root root 4096 2018-12-22 03:27 ./kernels/huge.s
--rw-r--r-- 1 root root 1010850 2018-12-22 03:27 ./kernels/huge.s/System.map.gz
--rw-r--r-- 2 root root 9508736 2018-12-22 03:27 ./kernels/huge.s/bzImage
--rw-r--r-- 1 root root 185191 2018-12-22 03:21 ./kernels/huge.s/config
+drwxr-xr-x 5 root root 4096 2018-12-29 22:37 ./kernels
+-rw-r--r-- 1 root root 37 2018-12-29 22:37 ./kernels/VERSIONS.TXT
+drwxr-xr-x 2 root root 4096 2018-12-29 22:09 ./kernels/huge.s
+-rw-r--r-- 1 root root 1010746 2018-12-29 22:09 ./kernels/huge.s/System.map.gz
+-rw-r--r-- 2 root root 9508736 2018-12-29 22:09 ./kernels/huge.s/bzImage
+-rw-r--r-- 1 root root 185202 2018-12-29 22:06 ./kernels/huge.s/config
drwxr-xr-x 2 root root 4096 2011-03-25 03:15 ./kernels/memtest
-rw-r--r-- 1 root root 60 2011-03-24 00:19 ./kernels/memtest/README
-rw-r--r-- 1 root root 150024 2013-10-17 04:15 ./kernels/memtest/memtest
@@ -798,13 +798,13 @@ drwxr-xr-x 2 root root 4096 2012-09-20 18:06 ./patches
-rw-r--r-- 1 root root 575 2012-09-20 18:06 ./patches/FILE_LIST
-rw-r--r-- 1 root root 14 2012-09-20 18:06 ./patches/MANIFEST.bz2
-rw-r--r-- 1 root root 224 2012-09-20 18:06 ./patches/PACKAGES.TXT
-drwxr-xr-x 18 root root 4096 2018-12-28 00:33 ./slackware64
--rw-r--r-- 1 root root 289894 2018-12-28 00:33 ./slackware64/CHECKSUMS.md5
--rw-r--r-- 1 root root 163 2018-12-28 00:33 ./slackware64/CHECKSUMS.md5.asc
--rw-r--r-- 1 root root 361134 2018-12-28 00:30 ./slackware64/FILE_LIST
--rw-r--r-- 1 root root 3623297 2018-12-28 00:31 ./slackware64/MANIFEST.bz2
+drwxr-xr-x 18 root root 4096 2018-12-29 23:24 ./slackware64
+-rw-r--r-- 1 root root 289894 2018-12-29 23:24 ./slackware64/CHECKSUMS.md5
+-rw-r--r-- 1 root root 163 2018-12-29 23:24 ./slackware64/CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 361134 2018-12-29 23:21 ./slackware64/FILE_LIST
+-rw-r--r-- 1 root root 3623405 2018-12-29 23:22 ./slackware64/MANIFEST.bz2
lrwxrwxrwx 1 root root 15 2009-08-23 23:34 ./slackware64/PACKAGES.TXT -> ../PACKAGES.TXT
-drwxr-xr-x 2 root root 28672 2018-12-28 00:30 ./slackware64/a
+drwxr-xr-x 2 root root 28672 2018-12-29 23:21 ./slackware64/a
-rw-r--r-- 1 root root 327 2018-06-24 18:44 ./slackware64/a/aaa_base-14.2-x86_64-5.txt
-rw-r--r-- 1 root root 10820 2018-06-24 18:44 ./slackware64/a/aaa_base-14.2-x86_64-5.txz
-rw-r--r-- 1 root root 163 2018-06-24 18:44 ./slackware64/a/aaa_base-14.2-x86_64-5.txz.asc
@@ -960,15 +960,15 @@ drwxr-xr-x 2 root root 28672 2018-12-28 00:30 ./slackware64/a
-rw-r--r-- 1 root root 422 2018-12-19 23:48 ./slackware64/a/kernel-firmware-20181218_0f22c85-noarch-1.txt
-rw-r--r-- 1 root root 77108332 2018-12-19 23:48 ./slackware64/a/kernel-firmware-20181218_0f22c85-noarch-1.txz
-rw-r--r-- 1 root root 163 2018-12-19 23:48 ./slackware64/a/kernel-firmware-20181218_0f22c85-noarch-1.txz.asc
--rw-r--r-- 1 root root 624 2018-12-22 03:28 ./slackware64/a/kernel-generic-4.19.12-x86_64-1.txt
--rw-r--r-- 1 root root 6455756 2018-12-22 03:28 ./slackware64/a/kernel-generic-4.19.12-x86_64-1.txz
--rw-r--r-- 1 root root 163 2018-12-22 03:28 ./slackware64/a/kernel-generic-4.19.12-x86_64-1.txz.asc
--rw-r--r-- 1 root root 636 2018-12-22 03:27 ./slackware64/a/kernel-huge-4.19.12-x86_64-1.txt
--rw-r--r-- 1 root root 10078768 2018-12-22 03:27 ./slackware64/a/kernel-huge-4.19.12-x86_64-1.txz
--rw-r--r-- 1 root root 163 2018-12-22 03:27 ./slackware64/a/kernel-huge-4.19.12-x86_64-1.txz.asc
--rw-r--r-- 1 root root 567 2018-12-22 03:51 ./slackware64/a/kernel-modules-4.19.12-x86_64-1.txt
--rw-r--r-- 1 root root 38052636 2018-12-22 03:51 ./slackware64/a/kernel-modules-4.19.12-x86_64-1.txz
--rw-r--r-- 1 root root 163 2018-12-22 03:51 ./slackware64/a/kernel-modules-4.19.12-x86_64-1.txz.asc
+-rw-r--r-- 1 root root 624 2018-12-29 22:10 ./slackware64/a/kernel-generic-4.19.13-x86_64-1.txt
+-rw-r--r-- 1 root root 6452824 2018-12-29 22:10 ./slackware64/a/kernel-generic-4.19.13-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2018-12-29 22:10 ./slackware64/a/kernel-generic-4.19.13-x86_64-1.txz.asc
+-rw-r--r-- 1 root root 636 2018-12-29 22:10 ./slackware64/a/kernel-huge-4.19.13-x86_64-1.txt
+-rw-r--r-- 1 root root 10076444 2018-12-29 22:10 ./slackware64/a/kernel-huge-4.19.13-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2018-12-29 22:10 ./slackware64/a/kernel-huge-4.19.13-x86_64-1.txz.asc
+-rw-r--r-- 1 root root 567 2018-12-29 22:31 ./slackware64/a/kernel-modules-4.19.13-x86_64-1.txt
+-rw-r--r-- 1 root root 38045648 2018-12-29 22:31 ./slackware64/a/kernel-modules-4.19.13-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2018-12-29 22:31 ./slackware64/a/kernel-modules-4.19.13-x86_64-1.txz.asc
-rw-r--r-- 1 root root 512 2018-04-13 13:07 ./slackware64/a/kmod-25-x86_64-2.txt
-rw-r--r-- 1 root root 201376 2018-04-13 13:07 ./slackware64/a/kmod-25-x86_64-2.txz
-rw-r--r-- 1 root root 163 2018-04-13 13:07 ./slackware64/a/kmod-25-x86_64-2.txz.asc
@@ -1005,8 +1005,8 @@ drwxr-xr-x 2 root root 28672 2018-12-28 00:30 ./slackware64/a
-rw-r--r-- 1 root root 405 2018-04-13 13:08 ./slackware64/a/lzlib-1.10-x86_64-3.txt
-rw-r--r-- 1 root root 55468 2018-04-13 13:08 ./slackware64/a/lzlib-1.10-x86_64-3.txz
-rw-r--r-- 1 root root 163 2018-04-13 13:08 ./slackware64/a/lzlib-1.10-x86_64-3.txz.asc
--rw-r--r-- 1 root root 9109 2018-12-22 04:03 ./slackware64/a/maketag
--rw-r--r-- 1 root root 9109 2018-12-22 04:03 ./slackware64/a/maketag.ez
+-rw-r--r-- 1 root root 9109 2018-12-29 22:37 ./slackware64/a/maketag
+-rw-r--r-- 1 root root 9109 2018-12-29 22:37 ./slackware64/a/maketag.ez
-rw-r--r-- 1 root root 591 2018-11-02 19:29 ./slackware64/a/mcelog-161-x86_64-1.txt
-rw-r--r-- 1 root root 339460 2018-11-02 19:29 ./slackware64/a/mcelog-161-x86_64-1.txz
-rw-r--r-- 1 root root 163 2018-11-02 19:29 ./slackware64/a/mcelog-161-x86_64-1.txz.asc
@@ -1106,7 +1106,7 @@ drwxr-xr-x 2 root root 28672 2018-12-28 00:30 ./slackware64/a
-rw-r--r-- 1 root root 378 2018-11-28 19:44 ./slackware64/a/sysvinit-scripts-2.1-noarch-23.txt
-rw-r--r-- 1 root root 22352 2018-11-28 19:44 ./slackware64/a/sysvinit-scripts-2.1-noarch-23.txz
-rw-r--r-- 1 root root 163 2018-11-28 19:44 ./slackware64/a/sysvinit-scripts-2.1-noarch-23.txz.asc
--rw-r--r-- 1 root root 1408 2018-12-22 04:03 ./slackware64/a/tagfile
+-rw-r--r-- 1 root root 1408 2018-12-29 22:37 ./slackware64/a/tagfile
-rw-r--r-- 1 root root 395 2018-09-06 22:02 ./slackware64/a/tar-1.30-x86_64-3.txt
-rw-r--r-- 1 root root 795556 2018-09-06 22:02 ./slackware64/a/tar-1.30-x86_64-3.txz
-rw-r--r-- 1 root root 163 2018-09-06 22:02 ./slackware64/a/tar-1.30-x86_64-3.txz.asc
@@ -1401,7 +1401,7 @@ drwxr-xr-x 2 root root 20480 2018-12-28 00:30 ./slackware64/ap
-rw-r--r-- 1 root root 506 2018-09-14 17:54 ./slackware64/ap/zsh-5.6.2-x86_64-1.txt
-rw-r--r-- 1 root root 2973268 2018-09-14 17:54 ./slackware64/ap/zsh-5.6.2-x86_64-1.txz
-rw-r--r-- 1 root root 163 2018-09-14 17:54 ./slackware64/ap/zsh-5.6.2-x86_64-1.txz.asc
-drwxr-xr-x 2 root root 16384 2018-12-28 00:30 ./slackware64/d
+drwxr-xr-x 2 root root 16384 2018-12-29 23:21 ./slackware64/d
-rw-r--r-- 1 root root 360 2018-12-14 23:51 ./slackware64/d/Cython-0.29.2-x86_64-1.txt
-rw-r--r-- 1 root root 3073660 2018-12-14 23:51 ./slackware64/d/Cython-0.29.2-x86_64-1.txz
-rw-r--r-- 1 root root 163 2018-12-14 23:51 ./slackware64/d/Cython-0.29.2-x86_64-1.txz.asc
@@ -1438,9 +1438,9 @@ drwxr-xr-x 2 root root 16384 2018-12-28 00:30 ./slackware64/d
-rw-r--r-- 1 root root 481 2018-11-08 23:00 ./slackware64/d/distcc-3.3.2-x86_64-1.txt
-rw-r--r-- 1 root root 307460 2018-11-08 23:00 ./slackware64/d/distcc-3.3.2-x86_64-1.txz
-rw-r--r-- 1 root root 163 2018-11-08 23:00 ./slackware64/d/distcc-3.3.2-x86_64-1.txz.asc
--rw-r--r-- 1 root root 509 2018-04-28 23:37 ./slackware64/d/doxygen-1.8.14-x86_64-3.txt
--rw-r--r-- 1 root root 7220528 2018-04-28 23:37 ./slackware64/d/doxygen-1.8.14-x86_64-3.txz
--rw-r--r-- 1 root root 163 2018-04-28 23:37 ./slackware64/d/doxygen-1.8.14-x86_64-3.txz.asc
+-rw-r--r-- 1 root root 541 2018-12-29 19:06 ./slackware64/d/doxygen-1.8.15-x86_64-1.txt
+-rw-r--r-- 1 root root 7727740 2018-12-29 19:06 ./slackware64/d/doxygen-1.8.15-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2018-12-29 19:06 ./slackware64/d/doxygen-1.8.15-x86_64-1.txz.asc
-rw-r--r-- 1 root root 371 2018-04-13 13:42 ./slackware64/d/flex-2.6.4-x86_64-3.txt
-rw-r--r-- 1 root root 281556 2018-04-13 13:42 ./slackware64/d/flex-2.6.4-x86_64-3.txz
-rw-r--r-- 1 root root 163 2018-04-13 13:42 ./slackware64/d/flex-2.6.4-x86_64-3.txz.asc
@@ -1497,9 +1497,9 @@ drwxr-xr-x 2 root root 16384 2018-12-28 00:30 ./slackware64/d
-rw-r--r-- 1 root root 279 2018-04-13 13:53 ./slackware64/d/intltool-0.51.0-x86_64-4.txt
-rw-r--r-- 1 root root 48112 2018-04-13 13:53 ./slackware64/d/intltool-0.51.0-x86_64-4.txz
-rw-r--r-- 1 root root 163 2018-04-13 13:53 ./slackware64/d/intltool-0.51.0-x86_64-4.txz.asc
--rw-r--r-- 1 root root 332 2018-12-22 03:51 ./slackware64/d/kernel-headers-4.19.12-x86-1.txt
--rw-r--r-- 1 root root 914932 2018-12-22 03:51 ./slackware64/d/kernel-headers-4.19.12-x86-1.txz
--rw-r--r-- 1 root root 163 2018-12-22 03:51 ./slackware64/d/kernel-headers-4.19.12-x86-1.txz.asc
+-rw-r--r-- 1 root root 332 2018-12-29 22:32 ./slackware64/d/kernel-headers-4.19.13-x86-1.txt
+-rw-r--r-- 1 root root 914908 2018-12-29 22:32 ./slackware64/d/kernel-headers-4.19.13-x86-1.txz
+-rw-r--r-- 1 root root 163 2018-12-29 22:32 ./slackware64/d/kernel-headers-4.19.13-x86-1.txz.asc
-rw-r--r-- 1 root root 498 2018-07-26 20:28 ./slackware64/d/libtool-2.4.6-x86_64-9.txt
-rw-r--r-- 1 root root 428672 2018-07-26 20:28 ./slackware64/d/libtool-2.4.6-x86_64-9.txz
-rw-r--r-- 1 root root 163 2018-07-26 20:28 ./slackware64/d/libtool-2.4.6-x86_64-9.txz.asc
@@ -1617,15 +1617,15 @@ drwxr-xr-x 2 root root 4096 2016-04-01 21:41 ./slackware64/f
-rw-r--r-- 1 root root 1075 2018-03-01 07:54 ./slackware64/f/maketag
-rw-r--r-- 1 root root 1075 2018-03-01 07:54 ./slackware64/f/maketag.ez
-rw-r--r-- 1 root root 32 2018-03-01 07:54 ./slackware64/f/tagfile
-drwxr-xr-x 2 root root 4096 2018-12-22 04:57 ./slackware64/k
+drwxr-xr-x 2 root root 4096 2018-12-29 23:21 ./slackware64/k
-rwxr-xr-x 1 root root 2897 2009-06-24 22:06 ./slackware64/k/install-packages
-rw-r--r-- 1 root root 446 2006-09-18 10:41 ./slackware64/k/install.end
--rw-r--r-- 1 root root 317 2018-12-22 03:19 ./slackware64/k/kernel-source-4.19.12-noarch-1.txt
--rw-r--r-- 1 root root 103565000 2018-12-22 03:19 ./slackware64/k/kernel-source-4.19.12-noarch-1.txz
--rw-r--r-- 1 root root 163 2018-12-22 03:19 ./slackware64/k/kernel-source-4.19.12-noarch-1.txz.asc
--rw-r--r-- 1 root root 1171 2018-12-22 04:03 ./slackware64/k/maketag
--rw-r--r-- 1 root root 1171 2018-12-22 04:03 ./slackware64/k/maketag.ez
--rw-r--r-- 1 root root 18 2018-12-22 04:03 ./slackware64/k/tagfile
+-rw-r--r-- 1 root root 317 2018-12-29 22:04 ./slackware64/k/kernel-source-4.19.13-noarch-1.txt
+-rw-r--r-- 1 root root 103574568 2018-12-29 22:04 ./slackware64/k/kernel-source-4.19.13-noarch-1.txz
+-rw-r--r-- 1 root root 163 2018-12-29 22:04 ./slackware64/k/kernel-source-4.19.13-noarch-1.txz.asc
+-rw-r--r-- 1 root root 1171 2018-12-29 22:38 ./slackware64/k/maketag
+-rw-r--r-- 1 root root 1171 2018-12-29 22:38 ./slackware64/k/maketag.ez
+-rw-r--r-- 1 root root 18 2018-12-29 22:38 ./slackware64/k/tagfile
drwxr-xr-x 2 root root 45056 2018-12-14 19:06 ./slackware64/kde
-rw-r--r-- 1 root root 319 2018-06-02 22:05 ./slackware64/kde/amarok-2.9.0-x86_64-3.txt
-rw-r--r-- 1 root root 47003780 2018-06-02 22:05 ./slackware64/kde/amarok-2.9.0-x86_64-3.txz
@@ -2466,7 +2466,7 @@ drwxr-xr-x 2 root root 20480 2016-03-10 03:11 ./slackware64/kdei
-rw-r--r-- 1 root root 7544 2018-03-01 07:54 ./slackware64/kdei/maketag
-rw-r--r-- 1 root root 7544 2018-03-01 07:54 ./slackware64/kdei/maketag.ez
-rw-r--r-- 1 root root 1500 2018-03-01 07:54 ./slackware64/kdei/tagfile
-drwxr-xr-x 2 root root 69632 2018-12-28 00:30 ./slackware64/l
+drwxr-xr-x 2 root root 69632 2018-12-29 23:20 ./slackware64/l
-rw-r--r-- 1 root root 338 2018-04-13 14:13 ./slackware64/l/ConsoleKit2-1.0.0-x86_64-4.txt
-rw-r--r-- 1 root root 149752 2018-04-13 14:13 ./slackware64/l/ConsoleKit2-1.0.0-x86_64-4.txz
-rw-r--r-- 1 root root 163 2018-04-13 14:13 ./slackware64/l/ConsoleKit2-1.0.0-x86_64-4.txz.asc
@@ -3033,9 +3033,9 @@ drwxr-xr-x 2 root root 69632 2018-12-28 00:30 ./slackware64/l
-rw-r--r-- 1 root root 650 2018-04-13 15:02 ./slackware64/l/libsamplerate-0.1.9-x86_64-2.txt
-rw-r--r-- 1 root root 976748 2018-04-13 15:02 ./slackware64/l/libsamplerate-0.1.9-x86_64-2.txz
-rw-r--r-- 1 root root 163 2018-04-13 15:02 ./slackware64/l/libsamplerate-0.1.9-x86_64-2.txz.asc
--rw-r--r-- 1 root root 250 2018-11-24 18:15 ./slackware64/l/libsecret-0.18.6-x86_64-3.txt
--rw-r--r-- 1 root root 201640 2018-11-24 18:15 ./slackware64/l/libsecret-0.18.6-x86_64-3.txz
--rw-r--r-- 1 root root 163 2018-11-24 18:15 ./slackware64/l/libsecret-0.18.6-x86_64-3.txz.asc
+-rw-r--r-- 1 root root 250 2018-12-29 19:00 ./slackware64/l/libsecret-0.18.7-x86_64-1.txt
+-rw-r--r-- 1 root root 201768 2018-12-29 19:00 ./slackware64/l/libsecret-0.18.7-x86_64-1.txz
+-rw-r--r-- 1 root root 163 2018-12-29 19:00 ./slackware64/l/libsecret-0.18.7-x86_64-1.txz.asc
-rw-r--r-- 1 root root 545 2018-10-30 21:20 ./slackware64/l/libsigc++-2.10.1-x86_64-1.txt
-rw-r--r-- 1 root root 128416 2018-10-30 21:20 ./slackware64/l/libsigc++-2.10.1-x86_64-1.txz
-rw-r--r-- 1 root root 163 2018-10-30 21:20 ./slackware64/l/libsigc++-2.10.1-x86_64-1.txz.asc
@@ -3426,7 +3426,7 @@ drwxr-xr-x 2 root root 69632 2018-12-28 00:30 ./slackware64/l
-rw-r--r-- 1 root root 463 2018-11-08 01:07 ./slackware64/l/zstd-1.3.7-x86_64-1.txt
-rw-r--r-- 1 root root 380944 2018-11-08 01:07 ./slackware64/l/zstd-1.3.7-x86_64-1.txz
-rw-r--r-- 1 root root 163 2018-11-08 01:07 ./slackware64/l/zstd-1.3.7-x86_64-1.txz.asc
-drwxr-xr-x 2 root root 32768 2018-12-28 00:30 ./slackware64/n
+drwxr-xr-x 2 root root 36864 2018-12-29 19:37 ./slackware64/n
-rw-r--r-- 1 root root 357 2018-09-24 19:22 ./slackware64/n/ModemManager-1.8.2-x86_64-1.txt
-rw-r--r-- 1 root root 1519620 2018-09-24 19:22 ./slackware64/n/ModemManager-1.8.2-x86_64-1.txz
-rw-r--r-- 1 root root 163 2018-09-24 19:22 ./slackware64/n/ModemManager-1.8.2-x86_64-1.txz.asc
@@ -3855,9 +3855,9 @@ drwxr-xr-x 2 root root 32768 2018-12-28 00:30 ./slackware64/n
-rw-r--r-- 1 root root 677 2018-04-13 15:56 ./slackware64/n/wireless_tools-29-x86_64-12.txt
-rw-r--r-- 1 root root 128284 2018-04-13 15:56 ./slackware64/n/wireless_tools-29-x86_64-12.txz
-rw-r--r-- 1 root root 163 2018-04-13 15:56 ./slackware64/n/wireless_tools-29-x86_64-12.txz.asc
--rw-r--r-- 1 root root 600 2018-12-06 20:47 ./slackware64/n/wpa_supplicant-2.7-x86_64-1.txt
--rw-r--r-- 1 root root 1098604 2018-12-06 20:47 ./slackware64/n/wpa_supplicant-2.7-x86_64-1.txz
--rw-r--r-- 1 root root 163 2018-12-06 20:47 ./slackware64/n/wpa_supplicant-2.7-x86_64-1.txz.asc
+-rw-r--r-- 1 root root 601 2018-05-10 13:06 ./slackware64/n/wpa_supplicant-2.6-x86_64-6.txt
+-rw-r--r-- 1 root root 1089212 2018-05-10 13:06 ./slackware64/n/wpa_supplicant-2.6-x86_64-6.txz
+-rw-r--r-- 1 root root 163 2018-05-10 13:06 ./slackware64/n/wpa_supplicant-2.6-x86_64-6.txz.asc
-rw-r--r-- 1 root root 406 2018-06-18 04:09 ./slackware64/n/yptools-2.14-x86_64-11.txt
-rw-r--r-- 1 root root 189104 2018-06-18 04:09 ./slackware64/n/yptools-2.14-x86_64-11.txz
-rw-r--r-- 1 root root 163 2018-06-18 04:09 ./slackware64/n/yptools-2.14-x86_64-11.txz.asc
@@ -5004,11 +5004,11 @@ drwxr-xr-x 2 root root 4096 2018-04-18 08:35 ./slackware64/y
-rw-r--r-- 1 root root 1147 2018-03-01 07:55 ./slackware64/y/maketag
-rw-r--r-- 1 root root 1147 2018-03-01 07:55 ./slackware64/y/maketag.ez
-rw-r--r-- 1 root root 14 2018-03-01 07:55 ./slackware64/y/tagfile
-drwxr-xr-x 19 root root 4096 2018-12-28 00:35 ./source
--rw-r--r-- 1 root root 460927 2018-12-28 00:35 ./source/CHECKSUMS.md5
--rw-r--r-- 1 root root 163 2018-12-28 00:35 ./source/CHECKSUMS.md5.asc
--rw-r--r-- 1 root root 652307 2018-12-28 00:34 ./source/FILE_LIST
--rw-r--r-- 1 root root 16629285 2018-12-28 00:34 ./source/MANIFEST.bz2
+drwxr-xr-x 19 root root 4096 2018-12-29 23:26 ./source
+-rw-r--r-- 1 root root 462447 2018-12-29 23:26 ./source/CHECKSUMS.md5
+-rw-r--r-- 1 root root 163 2018-12-29 23:26 ./source/CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 654121 2018-12-29 23:25 ./source/FILE_LIST
+-rw-r--r-- 1 root root 16633274 2018-12-29 23:25 ./source/MANIFEST.bz2
-rw-r--r-- 1 root root 1314 2006-10-02 04:40 ./source/README.TXT
drwxr-xr-x 111 root root 4096 2018-11-27 19:01 ./source/a
-rw-r--r-- 1 root root 877 2018-11-21 18:49 ./source/a/FTBFSlog
@@ -6552,11 +6552,11 @@ drwxr-xr-x 2 root root 4096 2018-11-08 22:58 ./source/d/distcc
-rw-r--r-- 1 root root 33 2018-03-10 19:45 ./source/d/distcc/distcc.url
-rw-r--r-- 1 root root 295 2013-03-31 22:26 ./source/d/distcc/doinst.sh.gz
-rw-r--r-- 1 root root 935 2018-02-27 06:13 ./source/d/distcc/slack-desc
-drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/d/doxygen
--rw-r--r-- 1 root root 3044372 2017-12-25 18:06 ./source/d/doxygen/doxygen-1.8.14.src.tar.lz
--rw-r--r-- 1 root root 1068 2018-04-28 23:31 ./source/d/doxygen/doxygen.9468ede.diff.gz
--rwxr-xr-x 1 root root 4549 2018-09-18 22:04 ./source/d/doxygen/doxygen.SlackBuild
--rw-r--r-- 1 root root 964 2018-02-27 06:13 ./source/d/doxygen/slack-desc
+drwxr-xr-x 2 root root 4096 2018-12-29 19:03 ./source/d/doxygen
+-rw-r--r-- 1 root root 3138244 2018-12-29 19:02 ./source/d/doxygen/doxygen-1.8.15.tar.lz
+-rwxr-xr-x 1 root root 4418 2018-12-29 19:04 ./source/d/doxygen/doxygen.SlackBuild
+-rw-r--r-- 1 root root 35 2018-12-29 19:01 ./source/d/doxygen/doxygen.url
+-rw-r--r-- 1 root root 996 2018-12-29 19:00 ./source/d/doxygen/slack-desc
drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/d/flex
-rw-r--r-- 1 root root 843138 2017-05-06 20:50 ./source/d/flex/flex-2.6.4.tar.lz
-rw-r--r-- 1 root root 473 2017-05-06 20:49 ./source/d/flex/flex-2.6.4.tar.lz.sig
@@ -6918,21 +6918,21 @@ drwxr-xr-x 2 root root 4096 2018-03-11 02:36 ./source/installer/sources/e
drwxr-xr-x 2 root root 4096 2018-11-28 05:29 ./source/installer/sources/initrd
-rw-r--r-- 1 root root 139758 2018-11-28 05:29 ./source/installer/sources/initrd/skeleton_initrd.tar.gz
-rw-r--r-- 1 root root 16894 2012-09-03 20:53 ./source/installer/usbimg2disk.sh
-drwxr-xr-x 4 root root 4096 2018-12-22 01:26 ./source/k
+drwxr-xr-x 4 root root 4096 2018-12-29 19:07 ./source/k
-rwxr-xr-x 1 root root 7342 2018-03-15 18:04 ./source/k/build-all-kernels.sh
-drwxr-xr-x 2 root root 4096 2018-12-22 01:31 ./source/k/kernel-configs
--rw-r--r-- 1 root root 184206 2018-12-22 01:28 ./source/k/kernel-configs/config-generic-4.19.12
--rw-r--r-- 1 root root 185191 2018-12-22 01:31 ./source/k/kernel-configs/config-generic-4.19.12.x64
--rw-r--r-- 1 root root 185760 2018-12-22 01:27 ./source/k/kernel-configs/config-generic-smp-4.19.12-smp
--rw-r--r-- 1 root root 184206 2018-12-22 01:28 ./source/k/kernel-configs/config-huge-4.19.12
--rw-r--r-- 1 root root 185191 2018-12-22 01:31 ./source/k/kernel-configs/config-huge-4.19.12.x64
--rw-r--r-- 1 root root 185760 2018-12-22 01:28 ./source/k/kernel-configs/config-huge-smp-4.19.12-smp
+drwxr-xr-x 2 root root 4096 2018-12-29 19:44 ./source/k/kernel-configs
+-rw-r--r-- 1 root root 184217 2018-12-29 19:26 ./source/k/kernel-configs/config-generic-4.19.13
+-rw-r--r-- 1 root root 185202 2018-12-29 19:44 ./source/k/kernel-configs/config-generic-4.19.13.x64
+-rw-r--r-- 1 root root 185771 2018-12-29 19:26 ./source/k/kernel-configs/config-generic-smp-4.19.13-smp
+-rw-r--r-- 1 root root 184217 2018-12-29 19:27 ./source/k/kernel-configs/config-huge-4.19.13
+-rw-r--r-- 1 root root 185202 2018-12-29 19:43 ./source/k/kernel-configs/config-huge-4.19.13.x64
+-rw-r--r-- 1 root root 185771 2018-12-29 19:26 ./source/k/kernel-configs/config-huge-smp-4.19.13-smp
-rwxr-xr-x 1 root root 7149 2018-03-26 04:29 ./source/k/kernel-generic.SlackBuild
-rwxr-xr-x 1 root root 3779 2018-03-15 06:02 ./source/k/kernel-headers.SlackBuild
-rwxr-xr-x 1 root root 5604 2018-03-15 06:02 ./source/k/kernel-modules.SlackBuild
-rwxr-xr-x 1 root root 7878 2018-08-16 20:59 ./source/k/kernel-source.SlackBuild
--rw-r--r-- 1 root root 991 2018-12-21 13:26 ./source/k/linux-4.19.12.tar.sign
--rw-r--r-- 1 root root 103133204 2018-12-21 13:26 ./source/k/linux-4.19.12.tar.xz
+-rw-r--r-- 1 root root 991 2018-12-29 12:42 ./source/k/linux-4.19.13.tar.sign
+-rw-r--r-- 1 root root 103132532 2018-12-29 12:42 ./source/k/linux-4.19.13.tar.xz
drwxr-xr-x 2 root root 4096 2018-03-05 18:29 ./source/k/slack-desc
-rw-r--r-- 1 root root 1138 2018-02-27 06:16 ./source/k/slack-desc/slack-desc.kernel-generic-smp.i686
-rw-r--r-- 1 root root 1041 2018-02-27 06:16 ./source/k/slack-desc/slack-desc.kernel-generic.i586
@@ -9065,9 +9065,9 @@ drwxr-xr-x 2 root root 4096 2018-04-23 17:20 ./source/l/libsamplerate
-rw-r--r-- 1 root root 3317728 2016-10-09 08:48 ./source/l/libsamplerate/libsamplerate-0.1.9.tar.xz
-rwxr-xr-x 1 root root 2332 2018-04-23 17:20 ./source/l/libsamplerate/libsamplerate.SlackBuild
-rw-r--r-- 1 root root 1111 2018-02-27 06:12 ./source/l/libsamplerate/slack-desc
-drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/l/libsecret
--rw-r--r-- 1 root root 487836 2018-03-29 15:59 ./source/l/libsecret/libsecret-0.18.6.tar.xz
--rwxr-xr-x 1 root root 3716 2018-11-24 18:15 ./source/l/libsecret/libsecret.SlackBuild
+drwxr-xr-x 2 root root 4096 2018-12-29 18:59 ./source/l/libsecret
+-rw-r--r-- 1 root root 508392 2018-12-29 08:08 ./source/l/libsecret/libsecret-0.18.7.tar.xz
+-rwxr-xr-x 1 root root 3716 2018-12-29 19:00 ./source/l/libsecret/libsecret.SlackBuild
-rw-r--r-- 1 root root 707 2018-02-27 06:12 ./source/l/libsecret/slack-desc
drwxr-xr-x 2 root root 4096 2018-10-30 21:20 ./source/l/libsigc++
-rw-r--r-- 1 root root 4062388 2018-10-30 15:31 ./source/l/libsigc++/libsigc++-2.10.1.tar.xz
@@ -9808,7 +9808,7 @@ drwxr-xr-x 2 root root 4096 2018-11-08 01:06 ./source/l/zstd
-rw-r--r-- 1 root root 319 2018-02-12 22:25 ./source/l/zstd/zstd.dont.link.pzstd.to.static.libzstd.a.diff.gz
-rw-r--r-- 1 root root 33 2018-11-08 01:06 ./source/l/zstd/zstd.url
-rwxr-xr-x 1 root root 14025 2018-11-20 03:08 ./source/make_world.sh
-drwxr-xr-x 147 root root 4096 2018-12-11 02:59 ./source/n
+drwxr-xr-x 147 root root 4096 2018-12-29 19:36 ./source/n
-rw-r--r-- 1 root root 534 2018-03-24 17:45 ./source/n/FTBFSlog
drwxr-xr-x 2 root root 4096 2018-09-24 19:21 ./source/n/ModemManager
-rw-r--r-- 1 root root 2088248 2018-09-22 09:10 ./source/n/ModemManager/ModemManager-1.8.2.tar.xz
@@ -10797,23 +10797,36 @@ drwxr-xr-x 2 root root 4096 2017-11-14 23:02 ./source/n/wireless_tools/sc
-rwxr-xr-x 1 root root 4093 2018-04-23 17:20 ./source/n/wireless_tools/wireless_tools.SlackBuild
-rw-r--r-- 1 root root 227 2005-07-14 05:20 ./source/n/wireless_tools/wireless_tools.nowhine.diff.gz
-rw-r--r-- 1 root root 287 2005-07-25 07:19 ./source/n/wireless_tools/wireless_tools.static.diff.gz
-drwxr-xr-x 4 root root 4096 2018-12-06 20:45 ./source/n/wpa_supplicant
+drwxr-xr-x 5 root root 4096 2018-09-18 22:04 ./source/n/wpa_supplicant
+drwxr-xr-x 2 root root 4096 2017-10-17 00:41 ./source/n/wpa_supplicant/2017-1
+-rw-r--r-- 1 root root 2472 2017-10-02 16:19 ./source/n/wpa_supplicant/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch.gz
+-rw-r--r-- 1 root root 2568 2017-10-02 16:19 ./source/n/wpa_supplicant/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch.gz
+-rw-r--r-- 1 root root 2079 2017-10-02 16:19 ./source/n/wpa_supplicant/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch.gz
+-rw-r--r-- 1 root root 1301 2017-10-02 16:19 ./source/n/wpa_supplicant/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch.gz
+-rw-r--r-- 1 root root 1069 2017-10-02 16:19 ./source/n/wpa_supplicant/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch.gz
+-rw-r--r-- 1 root root 1977 2017-10-02 16:19 ./source/n/wpa_supplicant/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch.gz
+-rw-r--r-- 1 root root 880 2017-10-02 16:19 ./source/n/wpa_supplicant/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch.gz
+-rw-r--r-- 1 root root 1374 2017-10-02 16:19 ./source/n/wpa_supplicant/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch.gz
+-rw-r--r-- 1 root root 11037 2017-10-16 09:17 ./source/n/wpa_supplicant/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
-rw-r--r-- 1 root root 2080 2005-08-06 20:17 ./source/n/wpa_supplicant/README.slackware
drwxr-xr-x 2 root root 4096 2017-12-13 07:32 ./source/n/wpa_supplicant/config
--rw-r--r-- 1 root root 21621 2018-12-06 20:44 ./source/n/wpa_supplicant/config/dot.config
+-rw-r--r-- 1 root root 896 2017-12-13 07:32 ./source/n/wpa_supplicant/config/dot.config
-rw-r--r-- 1 root root 139 2012-05-06 07:11 ./source/n/wpa_supplicant/config/wpa_gui.desktop
-rw-r--r-- 1 root root 5124 2009-04-20 18:10 ./source/n/wpa_supplicant/config/wpa_gui.png
-rw-r--r-- 1 root root 65 2012-05-06 07:08 ./source/n/wpa_supplicant/config/wpa_supplicant.conf
-rw-r--r-- 1 root root 100 2012-05-06 07:05 ./source/n/wpa_supplicant/config/wpa_supplicant.logrotate
-rw-r--r-- 1 root root 284 2012-05-06 07:31 ./source/n/wpa_supplicant/doinst.sh.gz
-drwxr-xr-x 2 root root 4096 2018-12-06 20:16 ./source/n/wpa_supplicant/patches
+drwxr-xr-x 2 root root 4096 2018-05-10 13:04 ./source/n/wpa_supplicant/patches
+-rw-r--r-- 1 root root 1543 2018-02-10 04:09 ./source/n/wpa_supplicant/patches/Fix-openssl-1-1-private-key-callback.patch.gz
-rw-r--r-- 1 root root 333 2014-12-04 19:03 ./source/n/wpa_supplicant/patches/assoc-timeout.diff.gz
-rw-r--r-- 1 root root 350 2012-05-31 00:15 ./source/n/wpa_supplicant/patches/dbus-service-file-args.diff.gz
-rw-r--r-- 1 root root 537 2014-12-04 19:03 ./source/n/wpa_supplicant/patches/flush-debug-output.diff.gz
-rw-r--r-- 1 root root 388 2017-01-05 17:31 ./source/n/wpa_supplicant/patches/quiet-scan-results-message.diff.gz
--rw-r--r-- 1 root root 1061 2018-12-06 20:13 ./source/n/wpa_supplicant/slack-desc
--rw-r--r-- 1 root root 2102704 2018-12-02 20:45 ./source/n/wpa_supplicant/wpa_supplicant-2.7.tar.xz
--rwxr-xr-x 1 root root 6049 2018-12-06 20:17 ./source/n/wpa_supplicant/wpa_supplicant.SlackBuild
+-rw-r--r-- 1 root root 1453 2017-11-01 12:20 ./source/n/wpa_supplicant/patches/rh1451834-nl80211-Fix-race-condition-in-detecting-MAC-change.patch.gz
+-rw-r--r-- 1 root root 1121 2017-11-01 12:20 ./source/n/wpa_supplicant/patches/rh1497640-pae-validate-input-before-pointer.patch.gz
+-rw-r--r-- 1 root root 1062 2018-02-27 06:13 ./source/n/wpa_supplicant/slack-desc
+-rw-r--r-- 1 root root 1883252 2016-10-02 19:29 ./source/n/wpa_supplicant/wpa_supplicant-2.6.tar.xz
+-rwxr-xr-x 1 root root 7300 2018-09-18 22:04 ./source/n/wpa_supplicant/wpa_supplicant.SlackBuild
drwxr-xr-x 2 root root 4096 2018-04-23 17:20 ./source/n/yptools
-rw-r--r-- 1 root root 616 2000-11-24 23:39 ./source/n/yptools/nsswitch.conf-nis.gz
-rw-r--r-- 1 root root 1355 2017-11-19 02:09 ./source/n/yptools/rc.yp.gz
@@ -12425,36 +12438,36 @@ drwxr-xr-x 2 root root 4096 2018-10-24 20:33 ./source/xap/pan
drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/xap/pavucontrol
-rw-r--r-- 1 root root 120 2013-11-05 03:45 ./source/xap/pavucontrol/doinst.sh.gz
-rw-r--r-- 1 root root 145092 2015-03-24 14:57 ./source/xap/pavucontrol/pavucontrol-3.0.tar.xz
--rwxr-xr-x 1 root root 3423 2018-09-18 22:04 ./source/xap/pavucontrol/pavucontrol.SlackBuild
--rw-r--r-- 1 root root 344 2016-01-05 04:40 ./source/xap/pavucontrol/replace-gtk-stock-lock-icon.diff.gz
--rw-r--r-- 1 root root 961 2018-02-27 06:13 ./source/xap/pavucontrol/slack-desc
-drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/xap/pidgin
--rw-r--r-- 1 root root 172 2016-01-04 03:06 ./source/xap/pidgin/doinst.sh.gz
--rw-r--r-- 1 root root 355 2012-05-02 03:59 ./source/xap/pidgin/fix-gmain_h-compile-error.diff.gz
--rw-r--r-- 1 root root 6641203 2018-03-09 02:25 ./source/xap/pidgin/pidgin-2.13.0.tar.lz
--rw-r--r-- 1 root root 604129 2010-05-18 16:51 ./source/xap/pidgin/pidgin-encryption-3.1.tar.gz
--rwxr-xr-x 1 root root 7550 2018-09-18 22:04 ./source/xap/pidgin/pidgin.SlackBuild
--rw-r--r-- 1 root root 920 2018-02-27 06:13 ./source/xap/pidgin/slack-desc
-drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/xap/rdesktop
--rw-r--r-- 1 root root 1616 2016-09-23 17:24 ./source/xap/rdesktop/02-Fix-OpenSSL-1.1-compability-issues.patch.gz
--rw-r--r-- 1 root root 249436 2014-10-31 12:28 ./source/xap/rdesktop/rdesktop-1.8.3.tar.xz
--rwxr-xr-x 1 root root 3899 2018-09-18 22:04 ./source/xap/rdesktop/rdesktop.SlackBuild
--rw-r--r-- 1 root root 850 2018-02-27 06:13 ./source/xap/rdesktop/slack-desc
-drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/xap/rxvt-unicode
--rw-r--r-- 1 root root 222 2018-03-31 17:18 ./source/xap/rxvt-unicode/rxvt-unicode-256color.desktop
--rw-r--r-- 1 root root 712702 2016-01-23 20:09 ./source/xap/rxvt-unicode/rxvt-unicode-9.22.tar.lz
--rwxr-xr-x 1 root root 5651 2018-11-30 21:13 ./source/xap/rxvt-unicode/rxvt-unicode.SlackBuild
--rw-r--r-- 1 root root 207 2018-03-31 17:17 ./source/xap/rxvt-unicode/rxvt-unicode.desktop
--rw-r--r-- 1 root root 7758 2018-03-31 16:26 ./source/xap/rxvt-unicode/rxvt-unicode.utempter.diff.gz
--rw-r--r-- 1 root root 940 2018-03-31 16:58 ./source/xap/rxvt-unicode/slack-desc
-drwxr-xr-x 2 root root 4096 2018-11-09 20:41 ./source/xap/sane
--rw-r--r-- 1 root root 133 2006-09-23 08:33 ./source/xap/sane/dll.conf.additions.gz
--rw-r--r-- 1 root root 285 2008-02-12 16:23 ./source/xap/sane/doinst.sh.gz
--rw-r--r-- 1 root root 3581624 2017-05-23 13:08 ./source/xap/sane/sane-backends-1.0.27.tar.xz
--rw-r--r-- 1 root root 341 2010-01-20 01:54 ./source/xap/sane/sane-frontends-1.0.14-sane_cap_always_settable.diff.gz
--rw-r--r-- 1 root root 172596 2005-09-18 07:21 ./source/xap/sane/sane-frontends-1.0.14.tar.xz
--rwxr-xr-x 1 root root 5737 2018-11-09 20:41 ./source/xap/sane/sane.SlackBuild
--rw-r--r-- 1 root root 773 2018-02-27 06:13 ./source/xap/sane/slack-desc
+-rwxr-xr-x 1 root root 3423 2018-09-18 22:04 ./source/xap/pavucontrol/pavucontrol.SlackBuild
+-rw-r--r-- 1 root root 344 2016-01-05 04:40 ./source/xap/pavucontrol/replace-gtk-stock-lock-icon.diff.gz
+-rw-r--r-- 1 root root 961 2018-02-27 06:13 ./source/xap/pavucontrol/slack-desc
+drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/xap/pidgin
+-rw-r--r-- 1 root root 172 2016-01-04 03:06 ./source/xap/pidgin/doinst.sh.gz
+-rw-r--r-- 1 root root 355 2012-05-02 03:59 ./source/xap/pidgin/fix-gmain_h-compile-error.diff.gz
+-rw-r--r-- 1 root root 6641203 2018-03-09 02:25 ./source/xap/pidgin/pidgin-2.13.0.tar.lz
+-rw-r--r-- 1 root root 604129 2010-05-18 16:51 ./source/xap/pidgin/pidgin-encryption-3.1.tar.gz
+-rwxr-xr-x 1 root root 7550 2018-09-18 22:04 ./source/xap/pidgin/pidgin.SlackBuild
+-rw-r--r-- 1 root root 920 2018-02-27 06:13 ./source/xap/pidgin/slack-desc
+drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/xap/rdesktop
+-rw-r--r-- 1 root root 1616 2016-09-23 17:24 ./source/xap/rdesktop/02-Fix-OpenSSL-1.1-compability-issues.patch.gz
+-rw-r--r-- 1 root root 249436 2014-10-31 12:28 ./source/xap/rdesktop/rdesktop-1.8.3.tar.xz
+-rwxr-xr-x 1 root root 3899 2018-09-18 22:04 ./source/xap/rdesktop/rdesktop.SlackBuild
+-rw-r--r-- 1 root root 850 2018-02-27 06:13 ./source/xap/rdesktop/slack-desc
+drwxr-xr-x 2 root root 4096 2018-09-18 22:04 ./source/xap/rxvt-unicode
+-rw-r--r-- 1 root root 222 2018-03-31 17:18 ./source/xap/rxvt-unicode/rxvt-unicode-256color.desktop
+-rw-r--r-- 1 root root 712702 2016-01-23 20:09 ./source/xap/rxvt-unicode/rxvt-unicode-9.22.tar.lz
+-rwxr-xr-x 1 root root 5651 2018-11-30 21:13 ./source/xap/rxvt-unicode/rxvt-unicode.SlackBuild
+-rw-r--r-- 1 root root 207 2018-03-31 17:17 ./source/xap/rxvt-unicode/rxvt-unicode.desktop
+-rw-r--r-- 1 root root 7758 2018-03-31 16:26 ./source/xap/rxvt-unicode/rxvt-unicode.utempter.diff.gz
+-rw-r--r-- 1 root root 940 2018-03-31 16:58 ./source/xap/rxvt-unicode/slack-desc
+drwxr-xr-x 2 root root 4096 2018-11-09 20:41 ./source/xap/sane
+-rw-r--r-- 1 root root 133 2006-09-23 08:33 ./source/xap/sane/dll.conf.additions.gz
+-rw-r--r-- 1 root root 285 2008-02-12 16:23 ./source/xap/sane/doinst.sh.gz
+-rw-r--r-- 1 root root 3581624 2017-05-23 13:08 ./source/xap/sane/sane-backends-1.0.27.tar.xz
+-rw-r--r-- 1 root root 341 2010-01-20 01:54 ./source/xap/sane/sane-frontends-1.0.14-sane_cap_always_settable.diff.gz
+-rw-r--r-- 1 root root 172596 2005-09-18 07:21 ./source/xap/sane/sane-frontends-1.0.14.tar.xz
+-rwxr-xr-x 1 root root 5737 2018-11-09 20:41 ./source/xap/sane/sane.SlackBuild
+-rw-r--r-- 1 root root 773 2018-02-27 06:13 ./source/xap/sane/slack-desc
drwxr-xr-x 5 root root 4096 2018-09-18 22:04 ./source/xap/seamonkey
drwxr-xr-x 2 root root 4096 2016-07-03 18:05 ./source/xap/seamonkey/autoconf
-rw-r--r-- 1 root root 5869 2016-07-03 18:04 ./source/xap/seamonkey/autoconf/autoconf-2.13-consolidated_fixes-1.patch.gz
@@ -12801,17 +12814,39 @@ drwxr-xr-x 2 root root 4096 2012-03-02 16:01 ./source/y/bsd-games/fortune-
-rw-r--r-- 1 root root 364407 2002-03-10 05:09 ./source/y/bsd-games/fortunes-o.tar.gz
-rw-r--r-- 1 root root 104848 1993-10-25 00:02 ./source/y/bsd-games/hangman-words.gz
-rw-r--r-- 1 root root 1048 2018-02-27 06:13 ./source/y/bsd-games/slack-desc
-drwxr-xr-x 4 root root 4096 2018-09-21 19:09 ./testing
--rw-r--r-- 1 root root 552 2018-09-21 19:09 ./testing/CHECKSUMS.md5
--rw-r--r-- 1 root root 163 2018-09-21 19:09 ./testing/CHECKSUMS.md5.asc
--rw-r--r-- 1 root root 701 2018-09-21 19:09 ./testing/FILE_LIST
--rw-r--r-- 1 root root 14 2018-09-21 19:09 ./testing/MANIFEST.bz2
--rw-r--r-- 1 root root 224 2018-09-21 19:09 ./testing/PACKAGES.TXT
-drwxr-xr-x 2 root root 4096 2018-09-19 20:04 ./testing/packages
-drwxr-xr-x 2 root root 4096 2018-09-19 20:04 ./testing/source
-drwxr-xr-x 2 root root 4096 2018-12-22 04:37 ./usb-and-pxe-installers
+drwxr-xr-x 4 root root 4096 2018-12-29 23:26 ./testing
+-rw-r--r-- 1 root root 2238 2018-12-29 23:26 ./testing/CHECKSUMS.md5
+-rw-r--r-- 1 root root 163 2018-12-29 23:26 ./testing/CHECKSUMS.md5.asc
+-rw-r--r-- 1 root root 2892 2018-12-29 23:26 ./testing/FILE_LIST
+-rw-r--r-- 1 root root 7439 2018-12-29 23:26 ./testing/MANIFEST.bz2
+-rw-r--r-- 1 root root 997 2018-12-29 23:26 ./testing/PACKAGES.TXT
+drwxr-xr-x 2 root root 4096 2018-12-29 23:26 ./testing/packages
+-rw-r--r-- 1 root root 600 2018-12-29 19:43 ./testing/packages/wpa_supplicant-2.7-x86_64-2.txt
+-rw-r--r-- 1 root root 1142268 2018-12-29 19:43 ./testing/packages/wpa_supplicant-2.7-x86_64-2.txz
+-rw-r--r-- 1 root root 163 2018-12-29 19:43 ./testing/packages/wpa_supplicant-2.7-x86_64-2.txz.asc
+drwxr-xr-x 3 root root 4096 2018-12-29 19:43 ./testing/source
+drwxr-xr-x 4 root root 4096 2018-12-06 20:45 ./testing/source/wpa_supplicant
+-rw-r--r-- 1 root root 2080 2005-08-06 20:17 ./testing/source/wpa_supplicant/README.slackware
+drwxr-xr-x 2 root root 4096 2018-12-29 19:33 ./testing/source/wpa_supplicant/config
+-rw-r--r-- 1 root root 21654 2018-12-29 19:33 ./testing/source/wpa_supplicant/config/dot.config
+-rw-r--r-- 1 root root 139 2012-05-06 07:11 ./testing/source/wpa_supplicant/config/wpa_gui.desktop
+-rw-r--r-- 1 root root 5124 2009-04-20 18:10 ./testing/source/wpa_supplicant/config/wpa_gui.png
+-rw-r--r-- 1 root root 65 2012-05-06 07:08 ./testing/source/wpa_supplicant/config/wpa_supplicant.conf
+-rw-r--r-- 1 root root 100 2012-05-06 07:05 ./testing/source/wpa_supplicant/config/wpa_supplicant.logrotate
+-rw-r--r-- 1 root root 284 2012-05-06 07:31 ./testing/source/wpa_supplicant/doinst.sh.gz
+drwxr-xr-x 2 root root 4096 2018-12-28 20:02 ./testing/source/wpa_supplicant/patches
+-rw-r--r-- 1 root root 648 2018-12-28 20:02 ./testing/source/wpa_supplicant/patches/wpa_supplicant-2.7-fix-undefined-remove-ie.patch.gz
+-rw-r--r-- 1 root root 362 2018-12-18 16:36 ./testing/source/wpa_supplicant/patches/wpa_supplicant-assoc-timeout.patch.gz
+-rw-r--r-- 1 root root 348 2018-12-18 16:36 ./testing/source/wpa_supplicant/patches/wpa_supplicant-dbus-service-file-args.patch.gz
+-rw-r--r-- 1 root root 589 2018-12-18 16:36 ./testing/source/wpa_supplicant/patches/wpa_supplicant-flush-debug-output.patch.gz
+-rw-r--r-- 1 root root 687 2018-12-18 16:36 ./testing/source/wpa_supplicant/patches/wpa_supplicant-gui-qt4.patch.gz
+-rw-r--r-- 1 root root 625 2018-12-18 16:36 ./testing/source/wpa_supplicant/patches/wpa_supplicant-quiet-scan-results-message.patch.gz
+-rw-r--r-- 1 root root 1061 2018-12-06 20:13 ./testing/source/wpa_supplicant/slack-desc
+-rw-r--r-- 1 root root 2102704 2018-12-02 20:45 ./testing/source/wpa_supplicant/wpa_supplicant-2.7.tar.xz
+-rwxr-xr-x 1 root root 6183 2018-12-28 20:03 ./testing/source/wpa_supplicant/wpa_supplicant.SlackBuild
+drwxr-xr-x 2 root root 4096 2018-12-29 23:12 ./usb-and-pxe-installers
-rw-r--r-- 1 root root 31203 2011-03-21 21:21 ./usb-and-pxe-installers/README_PXE.TXT
-rw-r--r-- 1 root root 9197 2013-09-25 04:33 ./usb-and-pxe-installers/README_USB.TXT
-rw-r--r-- 1 root root 574 2013-03-27 04:59 ./usb-and-pxe-installers/pxelinux.cfg_default
--rw-r--r-- 1 root root 47608832 2018-12-22 04:29 ./usb-and-pxe-installers/usbboot.img
+-rw-r--r-- 1 root root 47608832 2018-12-29 23:12 ./usb-and-pxe-installers/usbboot.img
-rw-r--r-- 1 root root 16045 2016-03-29 07:41 ./usb-and-pxe-installers/usbimg2disk.sh
diff --git a/README.initrd b/README.initrd
index def3a105..724e6295 100644
--- a/README.initrd
+++ b/README.initrd
@@ -1,7 +1,7 @@
Slackware initrd mini HOWTO
by Patrick Volkerding, volkerdi@slackware.com
-Sat Dec 22 04:03:09 UTC 2018
+Sat Dec 29 22:37:42 UTC 2018
This document describes how to create and install an initrd, which may be
required to use the 4.x kernel. Also see "man mkinitrd".
@@ -33,15 +33,15 @@ flexible to ship a generic kernel and a set of kernel modules for it.
The easiest way to make the initrd is to use the mkinitrd script included
in Slackware's mkinitrd package. We'll walk through the process of
-upgrading to the generic 4.19.12 Linux kernel using the packages
+upgrading to the generic 4.19.13 Linux kernel using the packages
found in Slackware's slackware/a/ directory.
First, make sure the kernel, kernel modules, and mkinitrd package are
installed (the current version numbers might be a little different, so
this is just an example):
- installpkg kernel-generic-4.19.12-x86_64-1.txz
- installpkg kernel-modules-4.19.12-x86_64-1.txz
+ installpkg kernel-generic-4.19.13-x86_64-1.txz
+ installpkg kernel-modules-4.19.13-x86_64-1.txz
installpkg mkinitrd-1.4.11-x86_64-8.txz
Change into the /boot directory:
@@ -52,7 +52,7 @@ Now you'll want to run "mkinitrd". I'm using ext4 for my root filesystem,
and since the disk controller requires no special support the ext4 module
will be the only one I need to load:
- mkinitrd -c -k 4.19.12 -m ext4
+ mkinitrd -c -k 4.19.13 -m ext4
This should do two things. First, it will create a directory
/boot/initrd-tree containing the initrd's filesystem. Then it will
@@ -61,10 +61,10 @@ you could make some additional changes in /boot/initrd-tree/ and
then run mkinitrd again without options to rebuild the image. That's
optional, though, and only advanced users will need to think about that.
-Here's another example: Build an initrd image using Linux 4.19.12
+Here's another example: Build an initrd image using Linux 4.19.13
kernel modules for a system with an ext4 root partition on /dev/sdb3:
- mkinitrd -c -k 4.19.12 -m ext4 -f ext4 -r /dev/sdb3
+ mkinitrd -c -k 4.19.13 -m ext4 -f ext4 -r /dev/sdb3
4. Now that I've built an initrd, how do I use it?
diff --git a/isolinux/message.txt b/isolinux/message.txt
index f9f9db2e..c8c555df 100644
--- a/isolinux/message.txt
+++ b/isolinux/message.txt
@@ -1,5 +1,5 @@
-Welcome to 09Slackware6407 version 15.0 (Linux kernel 4.19.12)!
+Welcome to 09Slackware6407 version 15.0 (Linux kernel 4.19.13)!
If you need to pass extra parameters to the kernel, enter them at the prompt
below after the name of the kernel to boot (e.g., huge.s).
diff --git a/kernels/VERSIONS.TXT b/kernels/VERSIONS.TXT
index 997a58a4..509883a2 100644
--- a/kernels/VERSIONS.TXT
+++ b/kernels/VERSIONS.TXT
@@ -1,3 +1,3 @@
-These kernels are version 4.19.12.
+These kernels are version 4.19.13.
diff --git a/recompress.sh b/recompress.sh
index 9e3c0145..e8e47c35 100755
--- a/recompress.sh
+++ b/recompress.sh
@@ -51,7 +51,6 @@ gzip ./source/d/vala/disable-graphviz.patch
gzip ./source/d/vala/no.gvc-compat.c.diff
gzip ./source/d/mercurial/doinst.sh
gzip ./source/d/gcc/gcc-no_fixincludes.diff
-gzip ./source/d/doxygen/doxygen.9468ede.diff
gzip ./source/d/binutils/patches/binutils-2.20.51.0.10-sec-merge-emit.patch
gzip ./source/d/binutils/patches/binutils-2.24-ldforcele.patch
gzip ./source/d/binutils/patches/binutils-2.20.51.0.2-libtool-lib64.patch
@@ -483,10 +482,21 @@ gzip ./source/n/vsftpd/vsftpd.builddefs.diff
gzip ./source/n/net-tools/net-tools.config.h
gzip ./source/n/nc/nc-110-21.diff
gzip ./source/n/nc/nc.diff
+gzip ./source/n/wpa_supplicant/patches/rh1451834-nl80211-Fix-race-condition-in-detecting-MAC-change.patch
gzip ./source/n/wpa_supplicant/patches/dbus-service-file-args.diff
gzip ./source/n/wpa_supplicant/patches/assoc-timeout.diff
gzip ./source/n/wpa_supplicant/patches/quiet-scan-results-message.diff
+gzip ./source/n/wpa_supplicant/patches/Fix-openssl-1-1-private-key-callback.patch
+gzip ./source/n/wpa_supplicant/patches/rh1497640-pae-validate-input-before-pointer.patch
gzip ./source/n/wpa_supplicant/patches/flush-debug-output.diff
+gzip ./source/n/wpa_supplicant/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
+gzip ./source/n/wpa_supplicant/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
+gzip ./source/n/wpa_supplicant/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+gzip ./source/n/wpa_supplicant/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
+gzip ./source/n/wpa_supplicant/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
+gzip ./source/n/wpa_supplicant/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
+gzip ./source/n/wpa_supplicant/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
+gzip ./source/n/wpa_supplicant/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
gzip ./source/n/wpa_supplicant/doinst.sh
gzip ./source/n/php/php-fpm.conf.diff
gzip ./source/n/php/doinst.sh
@@ -1113,6 +1123,13 @@ gzip ./source/x/x11/patch/xf86-video-intel/0001-Fix-build-on-i686.patch
gzip ./source/x/x11/patch/xf86-video-intel/intel-gcc-pr65873.patch
gzip ./source/x/x11/patch/xf86-video-s3virge/xf86-video-s3virge.xorg-server-1.20.x.diff
gzip ./source/x/xcm/xcm.udev.rules.diff
+gzip ./testing/source/wpa_supplicant/patches/wpa_supplicant-assoc-timeout.patch
+gzip ./testing/source/wpa_supplicant/patches/wpa_supplicant-quiet-scan-results-message.patch
+gzip ./testing/source/wpa_supplicant/patches/wpa_supplicant-gui-qt4.patch
+gzip ./testing/source/wpa_supplicant/patches/wpa_supplicant-flush-debug-output.patch
+gzip ./testing/source/wpa_supplicant/patches/wpa_supplicant-dbus-service-file-args.patch
+gzip ./testing/source/wpa_supplicant/patches/wpa_supplicant-2.7-fix-undefined-remove-ie.patch
+gzip ./testing/source/wpa_supplicant/doinst.sh
gzip ./pasture/source/php/php-fpm.conf.diff
gzip ./pasture/source/php/doinst.sh
gzip ./pasture/source/php/PHP-5.6.31-OpenSSL-1.1.0-compatibility-20170801.patch
diff --git a/slackware64/a/maketag b/slackware64/a/maketag
index e8f3fc42..c29cd609 100644
--- a/slackware64/a/maketag
+++ b/slackware64/a/maketag
@@ -62,9 +62,9 @@ system. :^) Press ENTER when you are done." 21 76 10 \
"jfsutils" "Utilities for IBM's Journaled Filesystem" "on" \
"kbd" "Change keyboard and console mappings" "on" \
"kernel-firmware" "Linux kernel firmware -- REQUIRED" "on" \
-"kernel-generic" "Generic 4.19.12 kernel (needs an initrd)" "on" \
-"kernel-huge" "Loaded 4.19.12 Linux kernel" "on" \
-"kernel-modules" "Linux 4.19.12 kernel modules -- REQUIRED" "on" \
+"kernel-generic" "Generic 4.19.13 kernel (needs an initrd)" "on" \
+"kernel-huge" "Loaded 4.19.13 Linux kernel" "on" \
+"kernel-modules" "Linux 4.19.13 kernel modules -- REQUIRED" "on" \
"kmod" "Kernel module utilities -- REQUIRED" "on" \
"lbzip2" "Parallel bzip2 compressor" "on" \
"less" "A text pager utility - REQUIRED" "on" \
diff --git a/slackware64/a/maketag.ez b/slackware64/a/maketag.ez
index e8f3fc42..c29cd609 100644
--- a/slackware64/a/maketag.ez
+++ b/slackware64/a/maketag.ez
@@ -62,9 +62,9 @@ system. :^) Press ENTER when you are done." 21 76 10 \
"jfsutils" "Utilities for IBM's Journaled Filesystem" "on" \
"kbd" "Change keyboard and console mappings" "on" \
"kernel-firmware" "Linux kernel firmware -- REQUIRED" "on" \
-"kernel-generic" "Generic 4.19.12 kernel (needs an initrd)" "on" \
-"kernel-huge" "Loaded 4.19.12 Linux kernel" "on" \
-"kernel-modules" "Linux 4.19.12 kernel modules -- REQUIRED" "on" \
+"kernel-generic" "Generic 4.19.13 kernel (needs an initrd)" "on" \
+"kernel-huge" "Loaded 4.19.13 Linux kernel" "on" \
+"kernel-modules" "Linux 4.19.13 kernel modules -- REQUIRED" "on" \
"kmod" "Kernel module utilities -- REQUIRED" "on" \
"lbzip2" "Parallel bzip2 compressor" "on" \
"less" "A text pager utility - REQUIRED" "on" \
diff --git a/slackware64/k/maketag b/slackware64/k/maketag
index 49ad83b8..4f9cba20 100644
--- a/slackware64/k/maketag
+++ b/slackware64/k/maketag
@@ -21,7 +21,7 @@ from series K. Use the UP/DOWN keys to scroll through the list, and \
the SPACE key to deselect any items you don't want to install. \
Press ENTER when you are \
done." 11 70 1 \
-"kernel-source" "Linux 4.19.12 kernel source" "on" \
+"kernel-source" "Linux 4.19.13 kernel source" "on" \
2> $TMP/SeTpkgs
if [ $? = 1 -o $? = 255 ]; then
rm -f $TMP/SeTpkgs
diff --git a/slackware64/k/maketag.ez b/slackware64/k/maketag.ez
index 49ad83b8..4f9cba20 100644
--- a/slackware64/k/maketag.ez
+++ b/slackware64/k/maketag.ez
@@ -21,7 +21,7 @@ from series K. Use the UP/DOWN keys to scroll through the list, and \
the SPACE key to deselect any items you don't want to install. \
Press ENTER when you are \
done." 11 70 1 \
-"kernel-source" "Linux 4.19.12 kernel source" "on" \
+"kernel-source" "Linux 4.19.13 kernel source" "on" \
2> $TMP/SeTpkgs
if [ $? = 1 -o $? = 255 ]; then
rm -f $TMP/SeTpkgs
diff --git a/source/d/doxygen/doxygen.9468ede.diff b/source/d/doxygen/doxygen.9468ede.diff
deleted file mode 100644
index b189a85a..00000000
--- a/source/d/doxygen/doxygen.9468ede.diff
+++ /dev/null
@@ -1,52 +0,0 @@
-From 9468ede259153cf79eb8d61635389744e9a2ee7d Mon Sep 17 00:00:00 2001
-From: Dimitri van Heesch <dimitri@stack.nl>
-Date: Sun, 29 Oct 2017 11:47:48 +0100
-Subject: [PATCH] Bug 789168 - Increasing access of inherited C++ members with
- 'using...' is not recognized by Doxygen
-
----
- src/doxygen.cpp | 9 ++++-----
- 1 file changed, 4 insertions(+), 5 deletions(-)
-
-diff --git a/src/doxygen.cpp b/src/doxygen.cpp
-index d3554cffd..ec97d4354 100644
---- a/src/doxygen.cpp
-+++ b/src/doxygen.cpp
-@@ -2112,9 +2112,8 @@ static void findUsingDeclImports(EntryNav *rootNav)
- (rootNav->parent()->section()&Entry::COMPOUND_MASK) // in a class/struct member
- )
- {
-- //printf("Found using declaration %s at line %d of %s inside section %x\n",
-- // root->name.data(),root->startLine,root->fileName.data(),
-- // root->parent->section);
-+ //printf("Found using declaration %s inside section %x\n",
-+ // rootNav->name().data(), rootNav->parent()->section());
- QCString fullName=removeRedundantWhiteSpace(rootNav->parent()->name());
- fullName=stripAnonymousNamespaceScope(fullName);
- fullName=stripTemplateSpecifiersFromScope(fullName);
-@@ -2130,7 +2129,7 @@ static void findUsingDeclImports(EntryNav *rootNav)
- ClassDef *bcd = getResolvedClass(cd,0,scope); // todo: file in fileScope parameter
- if (bcd)
- {
-- //printf("found class %s\n",bcd->name().data());
-+ //printf("found class %s memName=%s\n",bcd->name().data(),memName.data());
- MemberNameInfoSDict *mndict=bcd->memberNameInfoSDict();
- if (mndict)
- {
-@@ -11181,7 +11180,6 @@ void parseInput()
- g_s.end();
-
- g_s.begin("Searching for members imported via using declarations...\n");
-- findUsingDeclImports(rootNav);
- // this should be after buildTypedefList in order to properly import
- // used typedefs
- findUsingDeclarations(rootNav);
-@@ -11249,6 +11247,7 @@ void parseInput()
- g_s.begin("Searching for member function documentation...\n");
- findObjCMethodDefinitions(rootNav);
- findMemberDocumentation(rootNav); // may introduce new members !
-+ findUsingDeclImports(rootNav); // may introduce new members !
-
- transferRelatedFunctionDocumentation();
- transferFunctionDocumentation();
-
diff --git a/source/d/doxygen/doxygen.SlackBuild b/source/d/doxygen/doxygen.SlackBuild
index a1350334..bb003a2c 100755
--- a/source/d/doxygen/doxygen.SlackBuild
+++ b/source/d/doxygen/doxygen.SlackBuild
@@ -23,8 +23,8 @@
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=doxygen
-VERSION=${VERSION:-$(basename $(echo doxygen-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev) .src)}
-BUILD=${BUILD:-3}
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1}
NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
@@ -67,7 +67,7 @@ rm -rf $PKG
mkdir -p $TMP $PKG
cd $TMP
rm -rf doxygen-$VERSION
-tar xvf $CWD/doxygen-${VERSION}.src.tar.?z || exit 1
+tar xvf $CWD/doxygen-${VERSION}.tar.?z || exit 1
cd doxygen-$VERSION || exit 1
chown -R root:root .
find . \
@@ -76,9 +76,6 @@ find . \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \;
-# Revert patch that leads to segfaults:
-zcat $CWD/doxygen.9468ede.diff.gz | patch -p1 -R --verbose || exit 1
-
mkdir build
cd build
cmake \
diff --git a/source/d/doxygen/doxygen.url b/source/d/doxygen/doxygen.url
new file mode 100644
index 00000000..13069c75
--- /dev/null
+++ b/source/d/doxygen/doxygen.url
@@ -0,0 +1 @@
+https://github.com/doxygen/doxygen
diff --git a/source/d/doxygen/slack-desc b/source/d/doxygen/slack-desc
index 8220d232..40966467 100644
--- a/source/d/doxygen/slack-desc
+++ b/source/d/doxygen/slack-desc
@@ -15,5 +15,5 @@ doxygen: keeping docs and code in sync. Doxygen produces documentation in
doxygen: several output formats, including HTML, LaTeX, man pages, RTF, XML,
doxygen: compressed HTML, PostScript, and PDF.
doxygen:
-doxygen:
+doxygen: Homepage: http://www.doxygen.nl
doxygen:
diff --git a/source/k/kernel-configs/config-generic-4.19.12 b/source/k/kernel-configs/config-generic-4.19.13
index 8c20ad70..2e434186 100644
--- a/source/k/kernel-configs/config-generic-4.19.12
+++ b/source/k/kernel-configs/config-generic-4.19.13
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.19.12 Kernel Configuration
+# Linux/x86 4.19.13 Kernel Configuration
#
#
@@ -5635,7 +5635,7 @@ CONFIG_DUMMY_CONSOLE_ROWS=25
CONFIG_FRAMEBUFFER_CONSOLE=y
CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
-CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER=y
+# CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set
CONFIG_LOGO=y
# CONFIG_LOGO_LINUX_MONO is not set
# CONFIG_LOGO_LINUX_VGA16 is not set
diff --git a/source/k/kernel-configs/config-generic-4.19.12.x64 b/source/k/kernel-configs/config-generic-4.19.13.x64
index 0e4e79e4..fea17769 100644
--- a/source/k/kernel-configs/config-generic-4.19.12.x64
+++ b/source/k/kernel-configs/config-generic-4.19.13.x64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.19.12 Kernel Configuration
+# Linux/x86 4.19.13 Kernel Configuration
#
#
@@ -5596,7 +5596,7 @@ CONFIG_DUMMY_CONSOLE_ROWS=25
CONFIG_FRAMEBUFFER_CONSOLE=y
CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
-CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER=y
+# CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set
CONFIG_LOGO=y
# CONFIG_LOGO_LINUX_MONO is not set
# CONFIG_LOGO_LINUX_VGA16 is not set
diff --git a/source/k/kernel-configs/config-generic-smp-4.19.12-smp b/source/k/kernel-configs/config-generic-smp-4.19.13-smp
index 2474b45f..d0af4db1 100644
--- a/source/k/kernel-configs/config-generic-smp-4.19.12-smp
+++ b/source/k/kernel-configs/config-generic-smp-4.19.13-smp
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.19.12 Kernel Configuration
+# Linux/x86 4.19.13 Kernel Configuration
#
#
@@ -5682,7 +5682,7 @@ CONFIG_DUMMY_CONSOLE_ROWS=25
CONFIG_FRAMEBUFFER_CONSOLE=y
CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
-CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER=y
+# CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set
CONFIG_LOGO=y
# CONFIG_LOGO_LINUX_MONO is not set
# CONFIG_LOGO_LINUX_VGA16 is not set
diff --git a/source/k/kernel-configs/config-huge-4.19.12 b/source/k/kernel-configs/config-huge-4.19.13
index abede275..47907ede 100644
--- a/source/k/kernel-configs/config-huge-4.19.12
+++ b/source/k/kernel-configs/config-huge-4.19.13
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.19.12 Kernel Configuration
+# Linux/x86 4.19.13 Kernel Configuration
#
#
@@ -5635,7 +5635,7 @@ CONFIG_DUMMY_CONSOLE_ROWS=25
CONFIG_FRAMEBUFFER_CONSOLE=y
CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
-CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER=y
+# CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set
CONFIG_LOGO=y
# CONFIG_LOGO_LINUX_MONO is not set
# CONFIG_LOGO_LINUX_VGA16 is not set
diff --git a/source/k/kernel-configs/config-huge-4.19.12.x64 b/source/k/kernel-configs/config-huge-4.19.13.x64
index d685ddaa..3f16e99a 100644
--- a/source/k/kernel-configs/config-huge-4.19.12.x64
+++ b/source/k/kernel-configs/config-huge-4.19.13.x64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.19.12 Kernel Configuration
+# Linux/x86 4.19.13 Kernel Configuration
#
#
@@ -5596,7 +5596,7 @@ CONFIG_DUMMY_CONSOLE_ROWS=25
CONFIG_FRAMEBUFFER_CONSOLE=y
CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
-CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER=y
+# CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set
CONFIG_LOGO=y
# CONFIG_LOGO_LINUX_MONO is not set
# CONFIG_LOGO_LINUX_VGA16 is not set
diff --git a/source/k/kernel-configs/config-huge-smp-4.19.12-smp b/source/k/kernel-configs/config-huge-smp-4.19.13-smp
index 1971335f..f85f9390 100644
--- a/source/k/kernel-configs/config-huge-smp-4.19.12-smp
+++ b/source/k/kernel-configs/config-huge-smp-4.19.13-smp
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.19.12 Kernel Configuration
+# Linux/x86 4.19.13 Kernel Configuration
#
#
@@ -5682,7 +5682,7 @@ CONFIG_DUMMY_CONSOLE_ROWS=25
CONFIG_FRAMEBUFFER_CONSOLE=y
CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
-CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER=y
+# CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set
CONFIG_LOGO=y
# CONFIG_LOGO_LINUX_MONO is not set
# CONFIG_LOGO_LINUX_VGA16 is not set
diff --git a/source/l/libsecret/libsecret.SlackBuild b/source/l/libsecret/libsecret.SlackBuild
index 728d894a..c1672a0d 100755
--- a/source/l/libsecret/libsecret.SlackBuild
+++ b/source/l/libsecret/libsecret.SlackBuild
@@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=libsecret
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-3}
+BUILD=${BUILD:-1}
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
diff --git a/source/n/wpa_supplicant/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/source/n/wpa_supplicant/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
new file mode 100644
index 00000000..72768486
--- /dev/null
+++ b/source/n/wpa_supplicant/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
@@ -0,0 +1,174 @@
+From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Fri, 14 Jul 2017 15:15:35 +0200
+Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
+
+Do not reinstall TK to the driver during Reassociation Response frame
+processing if the first attempt of setting the TK succeeded. This avoids
+issues related to clearing the TX/RX PN that could result in reusing
+same PN values for transmitted frames (e.g., due to CCM nonce reuse and
+also hitting replay protection on the receiver) and accepting replayed
+frames on RX side.
+
+This issue was introduced by the commit
+0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
+authenticator') which allowed wpa_ft_install_ptk() to be called multiple
+times with the same PTK. While the second configuration attempt is
+needed with some drivers, it must be done only if the first attempt
+failed.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/ap/ieee802_11.c | 16 +++++++++++++---
+ src/ap/wpa_auth.c | 11 +++++++++++
+ src/ap/wpa_auth.h | 3 ++-
+ src/ap/wpa_auth_ft.c | 10 ++++++++++
+ src/ap/wpa_auth_i.h | 1 +
+ 5 files changed, 37 insertions(+), 4 deletions(-)
+
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index 4e04169..333035f 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ {
+ struct ieee80211_ht_capabilities ht_cap;
+ struct ieee80211_vht_capabilities vht_cap;
++ int set = 1;
+
+ /*
+ * Remove the STA entry to ensure the STA PS state gets cleared and
+@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ * FT-over-the-DS, where a station re-associates back to the same AP but
+ * skips the authentication flow, or if working with a driver that
+ * does not support full AP client state.
++ *
++ * Skip this if the STA has already completed FT reassociation and the
++ * TK has been configured since the TX/RX PN must not be reset to 0 for
++ * the same key.
+ */
+- if (!sta->added_unassoc)
++ if (!sta->added_unassoc &&
++ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
+ hostapd_drv_sta_remove(hapd, sta->addr);
++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
++ set = 0;
++ }
+
+ #ifdef CONFIG_IEEE80211N
+ if (sta->flags & WLAN_STA_HT)
+@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
+ sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
+ sta->vht_opmode, sta->p2p_ie ? 1 : 0,
+- sta->added_unassoc)) {
++ set)) {
+ hostapd_logger(hapd, sta->addr,
+ HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
+ "Could not %s STA to kernel driver",
+- sta->added_unassoc ? "set" : "add");
++ set ? "set" : "add");
+
+ if (sta->added_unassoc) {
+ hostapd_drv_sta_remove(hapd, sta->addr);
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 3587086..707971d 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
+ #else /* CONFIG_IEEE80211R */
+ break;
+ #endif /* CONFIG_IEEE80211R */
++ case WPA_DRV_STA_REMOVED:
++ sm->tk_already_set = FALSE;
++ return 0;
+ }
+
+ #ifdef CONFIG_IEEE80211R
+@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
+ }
+
+
++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
++{
++ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
++ return 0;
++ return sm->tk_already_set;
++}
++
++
+ int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+ struct rsn_pmksa_cache_entry *entry)
+ {
+diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
+index 0de8d97..97461b0 100644
+--- a/src/ap/wpa_auth.h
++++ b/src/ap/wpa_auth.h
+@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
+ u8 *data, size_t data_len);
+ enum wpa_event {
+ WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
+- WPA_REAUTH_EAPOL, WPA_ASSOC_FT
++ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
+ };
+ void wpa_remove_ptk(struct wpa_state_machine *sm);
+ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
+@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
+ int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
+ int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
+ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
+ int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+ struct rsn_pmksa_cache_entry *entry);
+ struct rsn_pmksa_cache_entry *
+diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
+index 42242a5..e63b99a 100644
+--- a/src/ap/wpa_auth_ft.c
++++ b/src/ap/wpa_auth_ft.c
+@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+ return;
+ }
+
++ if (sm->tk_already_set) {
++ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
++ * PN in the driver */
++ wpa_printf(MSG_DEBUG,
++ "FT: Do not re-install same PTK to the driver");
++ return;
++ }
++
+ /* FIX: add STA entry to kernel/driver here? The set_key will fail
+ * most likely without this.. At the moment, STA entry is added only
+ * after association has been completed. This function will be called
+@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+
+ /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
+ sm->pairwise_set = TRUE;
++ sm->tk_already_set = TRUE;
+ }
+
+
+@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
+
+ sm->pairwise = pairwise;
+ sm->PTK_valid = TRUE;
++ sm->tk_already_set = FALSE;
+ wpa_ft_install_ptk(sm);
+
+ buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
+diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
+index 72b7eb3..7fd8f05 100644
+--- a/src/ap/wpa_auth_i.h
++++ b/src/ap/wpa_auth_i.h
+@@ -65,6 +65,7 @@ struct wpa_state_machine {
+ struct wpa_ptk PTK;
+ Boolean PTK_valid;
+ Boolean pairwise_set;
++ Boolean tk_already_set;
+ int keycount;
+ Boolean Pair;
+ struct wpa_key_replay_counter {
+--
+2.7.4
+
diff --git a/source/n/wpa_supplicant/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch b/source/n/wpa_supplicant/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
new file mode 100644
index 00000000..1802d664
--- /dev/null
+++ b/source/n/wpa_supplicant/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
@@ -0,0 +1,250 @@
+From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Wed, 12 Jul 2017 16:03:24 +0200
+Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
+
+Track the current GTK and IGTK that is in use and when receiving a
+(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
+not install the given key if it is already in use. This prevents an
+attacker from trying to trick the client into resetting or lowering the
+sequence counter associated to the group key.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/common/wpa_common.h | 11 +++++
+ src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------
+ src/rsn_supp/wpa_i.h | 4 ++
+ 3 files changed, 87 insertions(+), 44 deletions(-)
+
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index af1d0f0..d200285 100644
+--- a/src/common/wpa_common.h
++++ b/src/common/wpa_common.h
+@@ -217,6 +217,17 @@ struct wpa_ptk {
+ size_t tk_len;
+ };
+
++struct wpa_gtk {
++ u8 gtk[WPA_GTK_MAX_LEN];
++ size_t gtk_len;
++};
++
++#ifdef CONFIG_IEEE80211W
++struct wpa_igtk {
++ u8 igtk[WPA_IGTK_MAX_LEN];
++ size_t igtk_len;
++};
++#endif /* CONFIG_IEEE80211W */
+
+ /* WPA IE version 1
+ * 00-50-f2:1 (OUI:OUI type)
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 3c47879..95bd7be 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ const u8 *_gtk = gd->gtk;
+ u8 gtk_buf[32];
+
++ /* Detect possible key reinstallation */
++ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
++ gd->keyidx, gd->tx, gd->gtk_len);
++ return 0;
++ }
++
+ wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
+@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ }
+ os_memset(gtk_buf, 0, sizeof(gtk_buf));
+
++ sm->gtk.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++
+ return 0;
+ }
+
+@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ }
+
+
++#ifdef CONFIG_IEEE80211W
++static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
++ const struct wpa_igtk_kde *igtk)
++{
++ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
++ u16 keyidx = WPA_GET_LE16(igtk->keyid);
++
++ /* Detect possible key reinstallation */
++ if (sm->igtk.igtk_len == len &&
++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
++ keyidx);
++ return 0;
++ }
++
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
++ keyidx, MAC2STR(igtk->pn));
++ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
++ if (keyidx > 4095) {
++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++ "WPA: Invalid IGTK KeyID %d", keyidx);
++ return -1;
++ }
++ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
++ broadcast_ether_addr,
++ keyidx, 0, igtk->pn, sizeof(igtk->pn),
++ igtk->igtk, len) < 0) {
++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++ "WPA: Failed to configure IGTK to the driver");
++ return -1;
++ }
++
++ sm->igtk.igtk_len = len;
++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++
++ return 0;
++}
++#endif /* CONFIG_IEEE80211W */
++
++
+ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ struct wpa_eapol_ie_parse *ie)
+ {
+@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ if (ie->igtk) {
+ size_t len;
+ const struct wpa_igtk_kde *igtk;
+- u16 keyidx;
++
+ len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
+ return -1;
++
+ igtk = (const struct wpa_igtk_kde *) ie->igtk;
+- keyidx = WPA_GET_LE16(igtk->keyid);
+- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
+- "pn %02x%02x%02x%02x%02x%02x",
+- keyidx, MAC2STR(igtk->pn));
+- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
+- igtk->igtk, len);
+- if (keyidx > 4095) {
+- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+- "WPA: Invalid IGTK KeyID %d", keyidx);
+- return -1;
+- }
+- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+- broadcast_ether_addr,
+- keyidx, 0, igtk->pn, sizeof(igtk->pn),
+- igtk->igtk, len) < 0) {
+- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+- "WPA: Failed to configure IGTK to the driver");
++ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ return -1;
+- }
+ }
+
+ return 0;
+@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
+ */
+ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ {
+- int clear_ptk = 1;
++ int clear_keys = 1;
+
+ if (sm == NULL)
+ return;
+@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ /* Prepare for the next transition */
+ wpa_ft_prepare_auth_request(sm, NULL);
+
+- clear_ptk = 0;
++ clear_keys = 0;
+ }
+ #endif /* CONFIG_IEEE80211R */
+
+- if (clear_ptk) {
++ if (clear_keys) {
+ /*
+ * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
+ * this is not part of a Fast BSS Transition.
+@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ sm->tptk_set = 0;
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
++ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++#ifdef CONFIG_IEEE80211W
++ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++#endif /* CONFIG_IEEE80211W */
+ }
+
+ #ifdef CONFIG_TDLS
+@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
+ os_memset(sm->pmk, 0, sizeof(sm->pmk));
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
++ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++#ifdef CONFIG_IEEE80211W
++ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++#endif /* CONFIG_IEEE80211W */
+ #ifdef CONFIG_IEEE80211R
+ os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+ os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
+@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ os_memset(&gd, 0, sizeof(gd));
+ #ifdef CONFIG_IEEE80211W
+ } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
+- struct wpa_igtk_kde igd;
+- u16 keyidx;
+-
+- os_memset(&igd, 0, sizeof(igd));
+- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
+- os_memcpy(igd.keyid, buf + 2, 2);
+- os_memcpy(igd.pn, buf + 4, 6);
+-
+- keyidx = WPA_GET_LE16(igd.keyid);
+- os_memcpy(igd.igtk, buf + 10, keylen);
+-
+- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
+- igd.igtk, keylen);
+- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+- broadcast_ether_addr,
+- keyidx, 0, igd.pn, sizeof(igd.pn),
+- igd.igtk, keylen) < 0) {
+- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
+- "WNM mode");
+- os_memset(&igd, 0, sizeof(igd));
++ const struct wpa_igtk_kde *igtk;
++
++ igtk = (const struct wpa_igtk_kde *) (buf + 2);
++ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ return -1;
+- }
+- os_memset(&igd, 0, sizeof(igd));
+ #endif /* CONFIG_IEEE80211W */
+ } else {
+ wpa_printf(MSG_DEBUG, "Unknown element id");
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index f653ba6..afc9e37 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -31,6 +31,10 @@ struct wpa_sm {
+ u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
+ int rx_replay_counter_set;
+ u8 request_counter[WPA_REPLAY_COUNTER_LEN];
++ struct wpa_gtk gtk;
++#ifdef CONFIG_IEEE80211W
++ struct wpa_igtk igtk;
++#endif /* CONFIG_IEEE80211W */
+
+ struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+
+--
+2.7.4
+
diff --git a/source/n/wpa_supplicant/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch b/source/n/wpa_supplicant/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
new file mode 100644
index 00000000..e2937b85
--- /dev/null
+++ b/source/n/wpa_supplicant/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
@@ -0,0 +1,184 @@
+From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 1 Oct 2017 12:12:24 +0300
+Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
+ Mode cases
+
+This extends the protection to track last configured GTK/IGTK value
+separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
+corner case where these two different mechanisms may get used when the
+GTK/IGTK has changed and tracking a single value is not sufficient to
+detect a possible key reconfiguration.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++---------------
+ src/rsn_supp/wpa_i.h | 2 ++
+ 2 files changed, 40 insertions(+), 15 deletions(-)
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 95bd7be..7a2c68d 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -709,14 +709,17 @@ struct wpa_gtk_data {
+
+ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ const struct wpa_gtk_data *gd,
+- const u8 *key_rsc)
++ const u8 *key_rsc, int wnm_sleep)
+ {
+ const u8 *_gtk = gd->gtk;
+ u8 gtk_buf[32];
+
+ /* Detect possible key reinstallation */
+- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
+- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
++ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
++ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
++ sm->gtk_wnm_sleep.gtk_len) == 0)) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
+ gd->keyidx, gd->tx, gd->gtk_len);
+@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ }
+ os_memset(gtk_buf, 0, sizeof(gtk_buf));
+
+- sm->gtk.gtk_len = gd->gtk_len;
+- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++ if (wnm_sleep) {
++ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
++ sm->gtk_wnm_sleep.gtk_len);
++ } else {
++ sm->gtk.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++ }
+
+ return 0;
+ }
+@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
+ gtk_len, gtk_len,
+ &gd.key_rsc_len, &gd.alg) ||
+- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
++ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "RSN: Failed to install GTK");
+ os_memset(&gd, 0, sizeof(gd));
+@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+
+ #ifdef CONFIG_IEEE80211W
+ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+- const struct wpa_igtk_kde *igtk)
++ const struct wpa_igtk_kde *igtk,
++ int wnm_sleep)
+ {
+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
+
+ /* Detect possible key reinstallation */
+- if (sm->igtk.igtk_len == len &&
+- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
++ if ((sm->igtk.igtk_len == len &&
++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
++ (sm->igtk_wnm_sleep.igtk_len == len &&
++ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
++ sm->igtk_wnm_sleep.igtk_len) == 0)) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
+ keyidx);
+@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+ return -1;
+ }
+
+- sm->igtk.igtk_len = len;
+- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++ if (wnm_sleep) {
++ sm->igtk_wnm_sleep.igtk_len = len;
++ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
++ sm->igtk_wnm_sleep.igtk_len);
++ } else {
++ sm->igtk.igtk_len = len;
++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++ }
+
+ return 0;
+ }
+@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ return -1;
+
+ igtk = (const struct wpa_igtk_kde *) ie->igtk;
+- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
++ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
+ return -1;
+ }
+
+@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
+ if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
+ key_rsc = null_rsc;
+
+- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
+ wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
+ goto failed;
+ os_memset(&gd, 0, sizeof(gd));
+@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ sm->tptk_set = 0;
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
+ #ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+ #endif /* CONFIG_IEEE80211W */
+ }
+
+@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
+ #ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+ #endif /* CONFIG_IEEE80211W */
+ #ifdef CONFIG_IEEE80211R
+ os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+
+ wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
+ gd.gtk, gd.gtk_len);
+- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
+ os_memset(&gd, 0, sizeof(gd));
+ wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
+ "WNM mode");
+@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ const struct wpa_igtk_kde *igtk;
+
+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
+- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
++ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
+ return -1;
+ #endif /* CONFIG_IEEE80211W */
+ } else {
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index afc9e37..9a54631 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -32,8 +32,10 @@ struct wpa_sm {
+ int rx_replay_counter_set;
+ u8 request_counter[WPA_REPLAY_COUNTER_LEN];
+ struct wpa_gtk gtk;
++ struct wpa_gtk gtk_wnm_sleep;
+ #ifdef CONFIG_IEEE80211W
+ struct wpa_igtk igtk;
++ struct wpa_igtk igtk_wnm_sleep;
+ #endif /* CONFIG_IEEE80211W */
+
+ struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+--
+2.7.4
+
diff --git a/source/n/wpa_supplicant/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch b/source/n/wpa_supplicant/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
new file mode 100644
index 00000000..22ee2179
--- /dev/null
+++ b/source/n/wpa_supplicant/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
@@ -0,0 +1,79 @@
+From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Fri, 29 Sep 2017 04:22:51 +0200
+Subject: [PATCH 4/8] Prevent installation of an all-zero TK
+
+Properly track whether a PTK has already been installed to the driver
+and the TK part cleared from memory. This prevents an attacker from
+trying to trick the client into installing an all-zero TK.
+
+This fixes the earlier fix in commit
+ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
+driver in EAPOL-Key 3/4 retry case') which did not take into account
+possibility of an extra message 1/4 showing up between retries of
+message 3/4.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/common/wpa_common.h | 1 +
+ src/rsn_supp/wpa.c | 5 ++---
+ src/rsn_supp/wpa_i.h | 1 -
+ 3 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index d200285..1021ccb 100644
+--- a/src/common/wpa_common.h
++++ b/src/common/wpa_common.h
+@@ -215,6 +215,7 @@ struct wpa_ptk {
+ size_t kck_len;
+ size_t kek_len;
+ size_t tk_len;
++ int installed; /* 1 if key has already been installed to driver */
+ };
+
+ struct wpa_gtk {
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 7a2c68d..0550a41 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
+ os_memset(buf, 0, sizeof(buf));
+ }
+ sm->tptk_set = 1;
+- sm->tk_to_set = 1;
+
+ kde = sm->assoc_wpa_ie;
+ kde_len = sm->assoc_wpa_ie_len;
+@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+ enum wpa_alg alg;
+ const u8 *key_rsc;
+
+- if (!sm->tk_to_set) {
++ if (sm->ptk.installed) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Do not re-install same PTK to the driver");
+ return 0;
+@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+
+ /* TK is not needed anymore in supplicant */
+ os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
+- sm->tk_to_set = 0;
++ sm->ptk.installed = 1;
+
+ if (sm->wpa_ptk_rekey) {
+ eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 9a54631..41f371f 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -24,7 +24,6 @@ struct wpa_sm {
+ struct wpa_ptk ptk, tptk;
+ int ptk_set, tptk_set;
+ unsigned int msg_3_of_4_ok:1;
+- unsigned int tk_to_set:1;
+ u8 snonce[WPA_NONCE_LEN];
+ u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
+ int renew_snonce;
+--
+2.7.4
+
diff --git a/source/n/wpa_supplicant/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch b/source/n/wpa_supplicant/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
new file mode 100644
index 00000000..c19c4c71
--- /dev/null
+++ b/source/n/wpa_supplicant/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
@@ -0,0 +1,64 @@
+From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 1 Oct 2017 12:32:57 +0300
+Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
+
+The Authenticator state machine path for PTK rekeying ended up bypassing
+the AUTHENTICATION2 state where a new ANonce is generated when going
+directly to the PTKSTART state since there is no need to try to
+determine the PMK again in such a case. This is far from ideal since the
+new PTK would depend on a new nonce only from the supplicant.
+
+Fix this by generating a new ANonce when moving to the PTKSTART state
+for the purpose of starting new 4-way handshake to rekey PTK.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
+
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 707971d..bf10cc1 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
+ }
+
+
++static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
++{
++ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
++ wpa_printf(MSG_ERROR,
++ "WPA: Failed to get random data for ANonce");
++ sm->Disconnect = TRUE;
++ return -1;
++ }
++ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
++ WPA_NONCE_LEN);
++ sm->TimeoutCtr = 0;
++ return 0;
++}
++
++
+ SM_STATE(WPA_PTK, INITPMK)
+ {
+ u8 msk[2 * PMK_LEN];
+@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
+ SM_ENTER(WPA_PTK, AUTHENTICATION);
+ else if (sm->ReAuthenticationRequest)
+ SM_ENTER(WPA_PTK, AUTHENTICATION2);
+- else if (sm->PTKRequest)
+- SM_ENTER(WPA_PTK, PTKSTART);
+- else switch (sm->wpa_ptk_state) {
++ else if (sm->PTKRequest) {
++ if (wpa_auth_sm_ptk_update(sm) < 0)
++ SM_ENTER(WPA_PTK, DISCONNECTED);
++ else
++ SM_ENTER(WPA_PTK, PTKSTART);
++ } else switch (sm->wpa_ptk_state) {
+ case WPA_PTK_INITIALIZE:
+ break;
+ case WPA_PTK_DISCONNECT:
+--
+2.7.4
+
diff --git a/source/n/wpa_supplicant/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch b/source/n/wpa_supplicant/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
new file mode 100644
index 00000000..e1bd5a57
--- /dev/null
+++ b/source/n/wpa_supplicant/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
@@ -0,0 +1,132 @@
+From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 11:03:15 +0300
+Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
+
+Do not try to reconfigure the same TPK-TK to the driver after it has
+been successfully configured. This is an explicit check to avoid issues
+related to resetting the TX/RX packet number. There was already a check
+for this for TPK M2 (retries of that message are ignored completely), so
+that behavior does not get modified.
+
+For TPK M3, the TPK-TK could have been reconfigured, but that was
+followed by immediate teardown of the link due to an issue in updating
+the STA entry. Furthermore, for TDLS with any real security (i.e.,
+ignoring open/WEP), the TPK message exchange is protected on the AP path
+and simple replay attacks are not feasible.
+
+As an additional corner case, make sure the local nonce gets updated if
+the peer uses a very unlikely "random nonce" of all zeros.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 36 insertions(+), 2 deletions(-)
+
+diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
+index e424168..9eb9738 100644
+--- a/src/rsn_supp/tdls.c
++++ b/src/rsn_supp/tdls.c
+@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
+ u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
+ } tpk;
+ int tpk_set;
++ int tk_set; /* TPK-TK configured to the driver */
+ int tpk_success;
+ int tpk_in_progress;
+
+@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ u8 rsc[6];
+ enum wpa_alg alg;
+
++ if (peer->tk_set) {
++ /*
++ * This same TPK-TK has already been configured to the driver
++ * and this new configuration attempt (likely due to an
++ * unexpected retransmitted frame) would result in clearing
++ * the TX/RX sequence number which can break security, so must
++ * not allow that to happen.
++ */
++ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
++ " has already been configured to the driver - do not reconfigure",
++ MAC2STR(peer->addr));
++ return -1;
++ }
++
+ os_memset(rsc, 0, 6);
+
+ switch (peer->cipher) {
+@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ return -1;
+ }
+
++ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
++ MAC2STR(peer->addr));
+ if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
+ rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
+ wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
+ "driver");
+ return -1;
+ }
++ peer->tk_set = 1;
+ return 0;
+ }
+
+@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ peer->cipher = 0;
+ peer->qos_info = 0;
+ peer->wmm_capable = 0;
+- peer->tpk_set = peer->tpk_success = 0;
++ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
+ peer->chan_switch_enabled = 0;
+ os_memset(&peer->tpk, 0, sizeof(peer->tpk));
+ os_memset(peer->inonce, 0, WPA_NONCE_LEN);
+@@ -1159,6 +1177,7 @@ skip_rsnie:
+ wpa_tdls_peer_free(sm, peer);
+ return -1;
+ }
++ peer->tk_set = 0; /* A new nonce results in a new TK */
+ wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
+ peer->inonce, WPA_NONCE_LEN);
+ os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
+@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
+ }
+
+
++static int tdls_nonce_set(const u8 *nonce)
++{
++ int i;
++
++ for (i = 0; i < WPA_NONCE_LEN; i++) {
++ if (nonce[i])
++ return 1;
++ }
++
++ return 0;
++}
++
++
+ static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
+ const u8 *buf, size_t len)
+ {
+@@ -2004,7 +2036,8 @@ skip_rsn:
+ peer->rsnie_i_len = kde.rsn_ie_len;
+ peer->cipher = cipher;
+
+- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
++ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
++ !tdls_nonce_set(peer->inonce)) {
+ /*
+ * There is no point in updating the RNonce for every obtained
+ * TPK M1 frame (e.g., retransmission due to timeout) with the
+@@ -2020,6 +2053,7 @@ skip_rsn:
+ "TDLS: Failed to get random data for responder nonce");
+ goto error;
+ }
++ peer->tk_set = 0; /* A new nonce results in a new TK */
+ }
+
+ #if 0
+--
+2.7.4
+
diff --git a/source/n/wpa_supplicant/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch b/source/n/wpa_supplicant/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
new file mode 100644
index 00000000..85ea1d62
--- /dev/null
+++ b/source/n/wpa_supplicant/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
@@ -0,0 +1,43 @@
+From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 11:25:02 +0300
+Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
+ request
+
+Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
+Mode Response if WNM-Sleep Mode has not been used') started ignoring the
+response when no WNM-Sleep Mode Request had been used during the
+association. This can be made tighter by clearing the used flag when
+successfully processing a response. This adds an additional layer of
+protection against unexpected retransmissions of the response frame.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ wpa_supplicant/wnm_sta.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
+index 1b3409c..67a07ff 100644
+--- a/wpa_supplicant/wnm_sta.c
++++ b/wpa_supplicant/wnm_sta.c
+@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
+
+ if (!wpa_s->wnmsleep_used) {
+ wpa_printf(MSG_DEBUG,
+- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
++ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
+ return;
+ }
+
+@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
+ return;
+ }
+
++ wpa_s->wnmsleep_used = 0;
++
+ if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
+ wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
+ wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
+--
+2.7.4
+
diff --git a/source/n/wpa_supplicant/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch b/source/n/wpa_supplicant/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
new file mode 100644
index 00000000..b9678f68
--- /dev/null
+++ b/source/n/wpa_supplicant/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
@@ -0,0 +1,82 @@
+From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 12:06:37 +0300
+Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
+
+The driver is expected to not report a second association event without
+the station having explicitly request a new association. As such, this
+case should not be reachable. However, since reconfiguring the same
+pairwise or group keys to the driver could result in nonce reuse issues,
+be extra careful here and do an additional state check to avoid this
+even if the local driver ends up somehow accepting an unexpected
+Reassociation Response frame.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/wpa.c | 3 +++
+ src/rsn_supp/wpa_ft.c | 8 ++++++++
+ src/rsn_supp/wpa_i.h | 1 +
+ 3 files changed, 12 insertions(+)
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 0550a41..2a53c6f 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
+ #ifdef CONFIG_TDLS
+ wpa_tdls_disassoc(sm);
+ #endif /* CONFIG_TDLS */
++#ifdef CONFIG_IEEE80211R
++ sm->ft_reassoc_completed = 0;
++#endif /* CONFIG_IEEE80211R */
+
+ /* Keys are not needed in the WPA state machine anymore */
+ wpa_sm_drop_sa(sm);
+diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
+index 205793e..d45bb45 100644
+--- a/src/rsn_supp/wpa_ft.c
++++ b/src/rsn_supp/wpa_ft.c
+@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
+ u16 capab;
+
+ sm->ft_completed = 0;
++ sm->ft_reassoc_completed = 0;
+
+ buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
+ 2 + sm->r0kh_id_len + ric_ies_len + 100;
+@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
+ return -1;
+ }
+
++ if (sm->ft_reassoc_completed) {
++ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
++ return 0;
++ }
++
+ if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
+ wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
+ return -1;
+@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
+ return -1;
+ }
+
++ sm->ft_reassoc_completed = 1;
++
+ if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
+ return -1;
+
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 41f371f..56f88dc 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -128,6 +128,7 @@ struct wpa_sm {
+ size_t r0kh_id_len;
+ u8 r1kh_id[FT_R1KH_ID_LEN];
+ int ft_completed;
++ int ft_reassoc_completed;
+ int over_the_ds_in_progress;
+ u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
+ int set_ptk_after_assoc;
+--
+2.7.4
+
diff --git a/source/n/wpa_supplicant/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt b/source/n/wpa_supplicant/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
new file mode 100644
index 00000000..5ccb5098
--- /dev/null
+++ b/source/n/wpa_supplicant/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
@@ -0,0 +1,226 @@
+WPA packet number reuse with replayed messages and key reinstallation
+
+Published: October 16, 2017
+Identifiers:
+- CERT case ID: VU#228519
+- CVE-2017-13077
+- CVE-2017-13078
+- CVE-2017-13079
+- CVE-2017-13080
+- CVE-2017-13081
+- CVE-2017-13082
+- CVE-2017-13084 (not applicable)
+- CVE-2017-13086
+- CVE-2017-13087
+- CVE-2017-13088
+Latest version available from: https://w1.fi/security/2017-1/
+
+
+Vulnerability
+
+A vulnerability was found in how a number of implementations can be
+triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
+replaying a specific frame that is used to manage the keys. Such
+reinstallation of the encryption key can result in two different types
+of vulnerabilities: disabling replay protection and significantly
+reducing the security of encryption to the point of allowing frames to
+be decrypted or some parts of the keys to be determined by an attacker
+depending on which cipher is used.
+
+This document focuses on the cases that apply to systems using hostapd
+(AP) or wpa_supplicant (station), but it should be noted that the
+generic vulnerability itself is applicable to other implementations and
+may have different impact in other cases.
+
+This vulnerability can in theory apply to any case where a TK (the
+pairwise/unicast encryption key used with TKIP, CCMP, GCMP), a GTK
+(group/multicast encryption key), or an IGTK (group management frame
+integrity protection key) is configured by the Authentication/Supplicant
+component to the WLAN driver/firmware taking care of the TX/RX path and
+encryption/decryption of frames.
+
+If the same key is configured multiple times, it is likely that the
+transmit and receive packet numbers (PN, IPN, RSC/TSC, etc.) are cleared
+to a smaller value (zero in case of pairwise keys, zero or at least a
+smaller value than the last used value in case of group keys). When this
+happens with the same key, this breaks replay protection on RX side and
+can result in reuse of packet numbers on TX side. The former may allow
+replaying of previously delivered packets (without the attacker being
+able to decrypt them or modify their contents) while the latter may
+result in more severe issues on the TX side due to resulting CCM nonce
+replay and related issues with GCMP and TKIP. The TX side issue may make
+it significantly easier for the attacker to decrypt frames and determine
+some parts of the keys (e.g., a Michael MIC key in case of TKIP).
+
+Impact on AP/hostapd
+
+On the AP side, this generic issue has been determined to be applicable
+in the case where hostapd is used to operate an RSN/WPA2 network with FT
+(Fast BSS Transition from IEEE 802.11r) enabled. Replaying of the
+Reassociation Request frame can be used to get the AP reinstalling the
+TK which results in the AP accepting previously delivered unicast frames
+from the station and the AP reusing previously used packet numbers
+(local TX packet number gets reset to zero). This latter issue on the TX
+side can result in CCM nonce reuse which invalidates CCMP security
+properties. In case of TKIP this can result in the attacker being able
+to determine part of the TK more easily and with GCMP, result in similar
+issues.
+
+It should be noted that the AP side issue with FT would be close to
+applying to FILS authentication (from IEEE 802.11ai) in hostapd with
+replaying of (Re)Association Request frames. However, due to a different
+handling of the repeated association processing with FILS, this would
+actually result in the station getting immediately disconnected which
+prevents this attack in practice. In addition, the FILS implementation
+in the current hostapd version is still experimental and documented as
+being discouraged in production use cases.
+
+Another area of potentially reduced security was identified when looking
+into these issues. When AP/Authenticator implementation in hostapd is
+requested to rekey the PTK without performing EAP reauthentication
+(either through local periodic rekeying or due to a request from an
+association station), the ANonce value does not get updated. This
+results in the new 4-way handshake depending on the station/supplicant
+side generating a new, unique (for the current PMK/PSK) SNonce for the
+PTK derivation to result in a new key. While a properly working
+supplicant would do so, if there is a supplicant implementation that
+does not, this combination could result in deriving the same PTK
+again. When the TK from that PTK gets configured in the driver, this
+would result in reinstalling the same key and the same issues as
+described above for the FT protocol case.
+
+Impact on station/wpa_supplicant
+
+On the station side, this generic issue has been determined to be
+applicable in the cases where wpa_supplicant processes a group key (GTK
+or IGTK) update from the AP. An attacker that is able to limit access
+to frame delivery may be able to extract two update messages and deliver
+those to the station with significant time delay between them. When
+wpa_supplicant processes the second message, it may end up reinstalling
+the same key to the driver and when doing this, clear the RX packet
+number to an old value. This would allow the attacker to replay all
+group-addressed frames that the AP sent between the time the key update
+message was originally sent and the time when the attacker forwarded the
+second frame to the station. The attacker would not be able to decrypt
+or modify the frames based on this vulnerability, though. There is an
+exception to this with older wpa_supplicant versions as noted below in
+version specific notes.
+
+For the current wpa_supplicant version (v2.6), there is also an
+additional EAPOL-Key replay sequence where an additional forged
+EAPOL-Key message can be used to bypass the existing protection for the
+pairwise key reconfiguration in a manner that ends up configuring a
+known TK that an attacker could use to decrypt any frame sent by the
+station and to inject arbitrary unicast frames. Similar issues are
+reachable in older versions as noted below.
+
+PeerKey / TDLS PeerKey
+
+As far as the related CVE-2017-13084 (reinstallation of the STK key in
+the PeerKey handshake) is concerned, it should be noted that PeerKey
+implementation in wpa_supplicant is not fully functional and the actual
+installation of the key into the driver does not work. As such, this
+item is not applicable in practice. Furthermore, the PeerKey handshake
+for IEEE 802.11e DLS is obsolete and not known to have been deployed.
+
+As far as the TDLS PeerKey handshake is concerned (CVE-2017-13086),
+wpa_supplicant implementation is already rejecting TPK M2 retries, so
+the reconfiguration issue cannot apply for it. For TPK M3, there is a
+theoretical impact. However, if that frame is replayed, the current
+wpa_supplicant implementation ends up tearing down the TDLS link
+immediately and as such, there is no real window for performing the
+attack. Furthermore, TPK M3 goes through the AP path and if RSN is used
+there, that frame has replay protection, so the attacker could not
+perform the attack. If the AP path were to use WEP, the frame could be
+replayed, though. That said, if WEP is used on the AP path, it would be
+fair to assume that there is no security in the network, so a new attack
+vector would be of small additional value.
+
+With older wpa_supplicant versions, it may be possible for an attacker
+to cause TPK M2 to be retransmitted with delay that would be able to
+trigger reinstallation of TK on the peer receiving TPK M2
+(CVE-2017-13086). This may open a short window for the attack with v2.3,
+v2.4, and v2.5; and a longer window with older versions.
+
+Vulnerable versions/configurations
+
+For the AP/Authenticator TK (unicast) reinstallation in FT protocol
+(CVE-2017-13082):
+
+hostapd v0.7.2 and newer with FT enabled (i.e., practically all versions
+that include full FT implementation). FT needs to be enabled in the
+runtime configuration to make this applicable.
+
+For the AP/Authenticator missing ANonce during PTK rekeying:
+
+All hostapd versions.
+
+For the station/Supplicant side GTK/IGTK reinstallation and TK
+configuration:
+
+All wpa_supplicant versions. The impact on older versions can be more
+severe due to earlier changes in this area: v2.3 and older can also
+reinstall the pairwise key and as such have similar impact as the AP FT
+case (CVE-2017-13077); v2.4 and v2.5 end up configuring an all-zero TK
+which breaks the normal data path, but could allow an attacker to
+decrypt all following frames from the station and to inject arbitrary
+frames to the station. In addition, a different message sequence
+involving 4-way handshake can result in configuration of an all-zero TK
+in v2.6 and the current snapshot of the development repository as of the
+publication of this advisory.
+
+
+Acknowledgments
+
+Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU
+Leuven for discovering and reporting this issue. Thanks to John A. Van
+Boxtel for finding additional issues related to this topic.
+
+
+Possible mitigation steps
+
+- For AP/hostapd and FT replay issue (CVE-2017-13082), it is possible to
+ prevent the issue temporarily by disabling FT in runtime
+ configuration, if needed before being able to update the
+ implementations.
+
+- Merge the following commits to hostapd/wpa_supplicant and rebuild them:
+
+ hostapd and replayed FT reassociation request frame (CVE-2017-13082):
+ hostapd: Avoid key reinstallation in FT handshake
+
+ hostapd PTK rekeying and ANonce update:
+ Fix PTK rekeying to generate a new ANonce
+
+ wpa_supplicant and GTK/IGTK rekeying (CVE-2017-13078, CVE-2017-13079,
+ CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088):
+ Prevent reinstallation of an already in-use group key
+ Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
+
+ wpa_supplicant (v2.6 or newer snapshot) and known TK issue:
+ Prevent installation of an all-zero TK
+
+ Additional protection steps for wpa_supplicant:
+ TDLS: Reject TPK-TK reconfiguration
+ WNM: Ignore WNM-Sleep Mode Response without pending request
+ FT: Do not allow multiple Reassociation Response frames
+
+ These patches are available from https://w1.fi/security/2017-1/
+ (both against the snapshot of hostap.git master branch and rebased on
+ top of the v2.6 release)
+
+ For the TDLS TPK M2 retransmission issue (CVE-2017-13086) with older
+ wpa_supplicant versions, consider updating to the latest version or
+ merge in a commit that is present in v2.6:
+ https://w1.fi/cgit/hostap/commit/?id=dabdef9e048b17b22b1c025ad592922eab30dda8
+ ('TDLS: Ignore incoming TDLS Setup Response retries')
+
+- Update to hostapd/wpa_supplicant v2.7 or newer, once available
+ * it should be noted that there are number of additional changes in
+ the related areas of the implementation to provide extra layer of
+ protection for potential unknown issues; these changes are not
+ included in this advisory as they have not been identified to be
+ critical for preventing any of the identified security
+ vulnerabilities; however, users of hostapd/wpa_supplicant are
+ encouraged to consider merging such changes even if not fully
+ moving to v2.7
diff --git a/source/n/wpa_supplicant/config/dot.config b/source/n/wpa_supplicant/config/dot.config
index bcc9f056..1c7f67df 100644
--- a/source/n/wpa_supplicant/config/dot.config
+++ b/source/n/wpa_supplicant/config/dot.config
@@ -1,595 +1,44 @@
-# Example wpa_supplicant build time configuration
-#
-# This file lists the configuration options that are used when building the
-# wpa_supplicant binary. All lines starting with # are ignored. Configuration
-# option lines must be commented out complete, if they are not to be included,
-# i.e., just setting VARIABLE=n is not disabling that variable.
-#
-# This file is included in Makefile, so variables like CFLAGS and LIBS can also
-# be modified from here. In most cases, these lines should use += in order not
-# to override previous values of the variables.
-
-
-# Uncomment following two lines and fix the paths if you have installed OpenSSL
-# or GnuTLS in non-default location
-#CFLAGS += -I/usr/local/openssl/include
-#LIBS += -L/usr/local/openssl/lib
-
-# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
-# the kerberos files are not in the default include path. Following line can be
-# used to fix build issues on such systems (krb5.h not found).
-#CFLAGS += -I/usr/include/kerberos
-
-# Driver interface for generic Linux wireless extensions
-# Note: WEXT is deprecated in the current Linux kernel version and no new
-# functionality is added to it. nl80211-based interface is the new
-# replacement for WEXT and its use allows wpa_supplicant to properly control
-# the driver to improve existing functionality like roaming and to support new
-# functionality.
-CONFIG_DRIVER_WEXT=y
-
-# Driver interface for Linux drivers using the nl80211 kernel interface
+CONFIG_AP=y
+CONFIG_BACKEND=file
+CONFIG_BGSCAN_SIMPLE=y
+CONFIG_CTRL_IFACE=y
+CONFIG_CTRL_IFACE_DBUS=y
+CONFIG_CTRL_IFACE_DBUS_INTRO=y
+CONFIG_CTRL_IFACE_DBUS_NEW=y
+CONFIG_DEBUG_FILE=y
+CONFIG_DEBUG_SYSLOG=y
CONFIG_DRIVER_NL80211=y
-
-# QCA vendor extensions to nl80211
-#CONFIG_DRIVER_NL80211_QCA=y
-
-# driver_nl80211.c requires libnl. If you are compiling it yourself
-# you may need to point hostapd to your version of libnl.
-#
-#CFLAGS += -I$<path to libnl include files>
-#LIBS += -L$<path to libnl library files>
-
-# Use libnl v2.0 (or 3.0) libraries.
-#CONFIG_LIBNL20=y
-
-# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
-CONFIG_LIBNL32=y
-
-
-# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
-#CONFIG_DRIVER_BSD=y
-#CFLAGS += -I/usr/local/include
-#LIBS += -L/usr/local/lib
-#LIBS_p += -L/usr/local/lib
-#LIBS_c += -L/usr/local/lib
-
-# Driver interface for Windows NDIS
-#CONFIG_DRIVER_NDIS=y
-#CFLAGS += -I/usr/include/w32api/ddk
-#LIBS += -L/usr/local/lib
-# For native build using mingw
-#CONFIG_NATIVE_WINDOWS=y
-# Additional directories for cross-compilation on Linux host for mingw target
-#CFLAGS += -I/opt/mingw/mingw32/include/ddk
-#LIBS += -L/opt/mingw/mingw32/lib
-#CC=mingw32-gcc
-# By default, driver_ndis uses WinPcap for low-level operations. This can be
-# replaced with the following option which replaces WinPcap calls with NDISUIO.
-# However, this requires that WZC is disabled (net stop wzcsvc) before starting
-# wpa_supplicant.
-# CONFIG_USE_NDISUIO=y
-
-# Driver interface for wired Ethernet drivers
+CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_WIRED=y
-
-# Driver interface for MACsec capable Qualcomm Atheros drivers
-#CONFIG_DRIVER_MACSEC_QCA=y
-
-# Driver interface for Linux MACsec drivers
-#CONFIG_DRIVER_MACSEC_LINUX=y
-
-# Driver interface for the Broadcom RoboSwitch family
-#CONFIG_DRIVER_ROBOSWITCH=y
-
-# Driver interface for no driver (e.g., WPS ER only)
-#CONFIG_DRIVER_NONE=y
-
-# Solaris libraries
-#LIBS += -lsocket -ldlpi -lnsl
-#LIBS_c += -lsocket
-
-# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
-# MACsec is included)
-CONFIG_IEEE8021X_EAPOL=y
-
-# EAP-MD5
-CONFIG_EAP_MD5=y
-
-# EAP-MSCHAPv2
-CONFIG_EAP_MSCHAPV2=y
-
-# EAP-TLS
-CONFIG_EAP_TLS=y
-
-# EAL-PEAP
-CONFIG_EAP_PEAP=y
-
-# EAP-TTLS
-CONFIG_EAP_TTLS=y
-
-# EAP-FAST
-# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
-# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
-# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
+CONFIG_EAP_AKA=y
CONFIG_EAP_FAST=y
-
-# EAP-GTC
+CONFIG_EAP_GPSK=y
+CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_GTC=y
-
-# EAP-OTP
+CONFIG_EAP_IKEV2=y
+CONFIG_EAP_LEAP=y
+CONFIG_EAP_MD5=y
+CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_OTP=y
-
-# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
-#CONFIG_EAP_SIM=y
-
-# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
-#CONFIG_EAP_PSK=y
-
-# EAP-pwd (secure authentication using only a password)
-#CONFIG_EAP_PWD=y
-
-# EAP-PAX
CONFIG_EAP_PAX=y
-
-# LEAP
-CONFIG_EAP_LEAP=y
-
-# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
-#CONFIG_EAP_AKA=y
-
-# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
-# This requires CONFIG_EAP_AKA to be enabled, too.
-#CONFIG_EAP_AKA_PRIME=y
-
-# Enable USIM simulator (Milenage) for EAP-AKA
-#CONFIG_USIM_SIMULATOR=y
-
-# EAP-SAKE
+CONFIG_EAP_PEAP=y
CONFIG_EAP_SAKE=y
-
-# EAP-GPSK
-CONFIG_EAP_GPSK=y
-# Include support for optional SHA256 cipher suite in EAP-GPSK
-CONFIG_EAP_GPSK_SHA256=y
-
-# EAP-TNC and related Trusted Network Connect support (experimental)
+CONFIG_EAP_TLS=y
CONFIG_EAP_TNC=y
-
-# Wi-Fi Protected Setup (WPS)
-CONFIG_WPS=y
-# Enable WPS external registrar functionality
-#CONFIG_WPS_ER=y
-# Disable credentials for an open network by default when acting as a WPS
-# registrar.
-#CONFIG_WPS_REG_DISABLE_OPEN=y
-# Enable WPS support with NFC config method
-#CONFIG_WPS_NFC=y
-
-# EAP-IKEv2
-CONFIG_EAP_IKEV2=y
-
-# EAP-EKE
-#CONFIG_EAP_EKE=y
-
-# MACsec
-#CONFIG_MACSEC=y
-
-# PKCS#12 (PFX) support (used to read private key and certificate file from
-# a file that usually has extension .p12 or .pfx)
+CONFIG_EAP_TTLS=y
+CONFIG_IBSS_RSN=y
+CONFIG_IEEE80211N=y
+CONFIG_IEEE80211R=y
+CONFIG_IEEE80211W=y
+CONFIG_IEEE8021X_EAPOL=y
+CONFIG_LIBNL32=y
+CONFIG_P2P=y
+CONFIG_PEERKEY=y
CONFIG_PKCS12=y
-
-# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
-# engine.
-CONFIG_SMARTCARD=y
-
-# PC/SC interface for smartcards (USIM, GSM SIM)
-# Enable this if EAP-SIM or EAP-AKA is included
-#CONFIG_PCSC=y
-
-# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
-#CONFIG_HT_OVERRIDES=y
-
-# Support VHT overrides (disable VHT, mask MCS rates, etc.)
-#CONFIG_VHT_OVERRIDES=y
-
-# Development testing
-#CONFIG_EAPOL_TEST=y
-
-# Select control interface backend for external programs, e.g, wpa_cli:
-# unix = UNIX domain sockets (default for Linux/*BSD)
-# udp = UDP sockets using localhost (127.0.0.1)
-# udp6 = UDP IPv6 sockets using localhost (::1)
-# named_pipe = Windows Named Pipe (default for Windows)
-# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
-# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
-# y = use default (backwards compatibility)
-# If this option is commented out, control interface is not included in the
-# build.
-CONFIG_CTRL_IFACE=y
-
-# Include support for GNU Readline and History Libraries in wpa_cli.
-# When building a wpa_cli binary for distribution, please note that these
-# libraries are licensed under GPL and as such, BSD license may not apply for
-# the resulting binary.
CONFIG_READLINE=y
-
-# Include internal line edit mode in wpa_cli. This can be used as a replacement
-# for GNU Readline to provide limited command line editing and history support.
-#CONFIG_WPA_CLI_EDIT=y
-
-# Remove debugging code that is printing out debug message to stdout.
-# This can be used to reduce the size of the wpa_supplicant considerably
-# if debugging code is not needed. The size reduction can be around 35%
-# (e.g., 90 kB).
-#CONFIG_NO_STDOUT_DEBUG=y
-
-# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
-# 35-50 kB in code size.
-#CONFIG_NO_WPA=y
-
-# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
-# This option can be used to reduce code size by removing support for
-# converting ASCII passphrases into PSK. If this functionality is removed, the
-# PSK can only be configured as the 64-octet hexstring (e.g., from
-# wpa_passphrase). This saves about 0.5 kB in code size.
-#CONFIG_NO_WPA_PASSPHRASE=y
-
-# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
-# This can be used if ap_scan=1 mode is never enabled.
-#CONFIG_NO_SCAN_PROCESSING=y
-
-# Select configuration backend:
-# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
-# path is given on command line, not here; this option is just used to
-# select the backend that allows configuration files to be used)
-# winreg = Windows registry (see win_example.reg for an example)
-CONFIG_BACKEND=file
-
-# Remove configuration write functionality (i.e., to allow the configuration
-# file to be updated based on runtime configuration changes). The runtime
-# configuration can still be changed, the changes are just not going to be
-# persistent over restarts. This option can be used to reduce code size by
-# about 3.5 kB.
-#CONFIG_NO_CONFIG_WRITE=y
-
-# Remove support for configuration blobs to reduce code size by about 1.5 kB.
-#CONFIG_NO_CONFIG_BLOBS=y
-
-# Select program entry point implementation:
-# main = UNIX/POSIX like main() function (default)
-# main_winsvc = Windows service (read parameters from registry)
-# main_none = Very basic example (development use only)
-#CONFIG_MAIN=main
-
-# Select wrapper for operating system and C library specific functions
-# unix = UNIX/POSIX like systems (default)
-# win32 = Windows systems
-# none = Empty template
-#CONFIG_OS=unix
-
-# Select event loop implementation
-# eloop = select() loop (default)
-# eloop_win = Windows events and WaitForMultipleObject() loop
-#CONFIG_ELOOP=eloop
-
-# Should we use poll instead of select? Select is used by default.
-#CONFIG_ELOOP_POLL=y
-
-# Should we use epoll instead of select? Select is used by default.
-#CONFIG_ELOOP_EPOLL=y
-
-# Should we use kqueue instead of select? Select is used by default.
-#CONFIG_ELOOP_KQUEUE=y
-
-# Select layer 2 packet implementation
-# linux = Linux packet socket (default)
-# pcap = libpcap/libdnet/WinPcap
-# freebsd = FreeBSD libpcap
-# winpcap = WinPcap with receive thread
-# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
-# none = Empty template
-#CONFIG_L2_PACKET=linux
-
-# Disable Linux packet socket workaround applicable for station interface
-# in a bridge for EAPOL frames. This should be uncommented only if the kernel
-# is known to not have the regression issue in packet socket behavior with
-# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
-#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
-
-# IEEE 802.11w (management frame protection), also known as PMF
-# Driver support is also needed for IEEE 802.11w.
-CONFIG_IEEE80211W=y
-
-# Select TLS implementation
-# openssl = OpenSSL (default)
-# gnutls = GnuTLS
-# internal = Internal TLSv1 implementation (experimental)
-# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
-# none = Empty template
-#CONFIG_TLS=openssl
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
-# can be enabled to get a stronger construction of messages when block ciphers
-# are used. It should be noted that some existing TLS v1.0 -based
-# implementation may not be compatible with TLS v1.1 message (ClientHello is
-# sent prior to negotiating which version will be used)
-#CONFIG_TLSV11=y
-
-# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
-# can be enabled to enable use of stronger crypto algorithms. It should be
-# noted that some existing TLS v1.0 -based implementation may not be compatible
-# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
-# will be used)
-#CONFIG_TLSV12=y
-
-# Select which ciphers to use by default with OpenSSL if the user does not
-# specify them.
+CONFIG_SMARTCARD=y
CONFIG_TLS_DEFAULT_CIPHERS="PROFILE=SYSTEM:3DES"
-
-# If CONFIG_TLS=internal is used, additional library and include paths are
-# needed for LibTomMath. Alternatively, an integrated, minimal version of
-# LibTomMath can be used. See beginning of libtommath.c for details on benefits
-# and drawbacks of this option.
-#CONFIG_INTERNAL_LIBTOMMATH=y
-#ifndef CONFIG_INTERNAL_LIBTOMMATH
-#LTM_PATH=/usr/src/libtommath-0.39
-#CFLAGS += -I$(LTM_PATH)
-#LIBS += -L$(LTM_PATH)
-#LIBS_p += -L$(LTM_PATH)
-#endif
-# At the cost of about 4 kB of additional binary size, the internal LibTomMath
-# can be configured to include faster routines for exptmod, sqr, and div to
-# speed up DH and RSA calculation considerably
-#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
-
-# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
-# This is only for Windows builds and requires WMI-related header files and
-# WbemUuid.Lib from Platform SDK even when building with MinGW.
-#CONFIG_NDIS_EVENTS_INTEGRATED=y
-#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
-
-# Add support for old DBus control interface
-# (fi.epitest.hostap.WPASupplicant)
-CONFIG_CTRL_IFACE_DBUS=y
-
-# Add support for new DBus control interface
-# (fi.w1.hostap.wpa_supplicant1)
-CONFIG_CTRL_IFACE_DBUS_NEW=y
-
-# Add introspection support for new DBus control interface
-CONFIG_CTRL_IFACE_DBUS_INTRO=y
-
-# Add support for loading EAP methods dynamically as shared libraries.
-# When this option is enabled, each EAP method can be either included
-# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
-# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
-# be loaded in the beginning of the wpa_supplicant configuration file
-# (see load_dynamic_eap parameter in the example file) before being used in
-# the network blocks.
-#
-# Note that some shared parts of EAP methods are included in the main program
-# and in order to be able to use dynamic EAP methods using these parts, the
-# main program must have been build with the EAP method enabled (=y or =dyn).
-# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
-# unless at least one of them was included in the main build to force inclusion
-# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
-# in the main build to be able to load these methods dynamically.
-#
-# Please also note that using dynamic libraries will increase the total binary
-# size. Thus, it may not be the best option for targets that have limited
-# amount of memory/flash.
-#CONFIG_DYNAMIC_EAP_METHODS=y
-
-# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
-#CONFIG_IEEE80211R=y
-
-# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
-CONFIG_DEBUG_FILE=y
-
-# Send debug messages to syslog instead of stdout
-CONFIG_DEBUG_SYSLOG=y
-# Set syslog facility for debug messages
-#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
-
-# Add support for sending all debug messages (regardless of debug verbosity)
-# to the Linux kernel tracing facility. This helps debug the entire stack by
-# making it easy to record everything happening from the driver up into the
-# same file, e.g., using trace-cmd.
-#CONFIG_DEBUG_LINUX_TRACING=y
-
-# Add support for writing debug log to Android logcat instead of standard
-# output
-#CONFIG_ANDROID_LOG=y
-
-# Enable privilege separation (see README 'Privilege separation' for details)
-#CONFIG_PRIVSEP=y
-
-# Enable mitigation against certain attacks against TKIP by delaying Michael
-# MIC error reports by a random amount of time between 0 and 60 seconds
-#CONFIG_DELAYED_MIC_ERROR_REPORT=y
-
-# Enable tracing code for developer debugging
-# This tracks use of memory allocations and other registrations and reports
-# incorrect use with a backtrace of call (or allocation) location.
-#CONFIG_WPA_TRACE=y
-# For BSD, uncomment these.
-#LIBS += -lexecinfo
-#LIBS_p += -lexecinfo
-#LIBS_c += -lexecinfo
-
-# Use libbfd to get more details for developer debugging
-# This enables use of libbfd to get more detailed symbols for the backtraces
-# generated by CONFIG_WPA_TRACE=y.
-#CONFIG_WPA_TRACE_BFD=y
-# For BSD, uncomment these.
-#LIBS += -lbfd -liberty -lz
-#LIBS_p += -lbfd -liberty -lz
-#LIBS_c += -lbfd -liberty -lz
-
-# wpa_supplicant depends on strong random number generation being available
-# from the operating system. os_get_random() function is used to fetch random
-# data when needed, e.g., for key generation. On Linux and BSD systems, this
-# works by reading /dev/urandom. It should be noted that the OS entropy pool
-# needs to be properly initialized before wpa_supplicant is started. This is
-# important especially on embedded devices that do not have a hardware random
-# number generator and may by default start up with minimal entropy available
-# for random number generation.
-#
-# As a safety net, wpa_supplicant is by default trying to internally collect
-# additional entropy for generating random data to mix in with the data fetched
-# from the OS. This by itself is not considered to be very strong, but it may
-# help in cases where the system pool is not initialized properly. However, it
-# is very strongly recommended that the system pool is initialized with enough
-# entropy either by using hardware assisted random number generator or by
-# storing state over device reboots.
-#
-# wpa_supplicant can be configured to maintain its own entropy store over
-# restarts to enhance random number generation. This is not perfect, but it is
-# much more secure than using the same sequence of random numbers after every
-# reboot. This can be enabled with -e<entropy file> command line option. The
-# specified file needs to be readable and writable by wpa_supplicant.
-#
-# If the os_get_random() is known to provide strong random data (e.g., on
-# Linux/BSD, the board in question is known to have reliable source of random
-# data from /dev/urandom), the internal wpa_supplicant random pool can be
-# disabled. This will save some in binary size and CPU use. However, this
-# should only be considered for builds that are known to be used on devices
-# that meet the requirements described above.
-#CONFIG_NO_RANDOM_POOL=y
-
-# IEEE 802.11n (High Throughput) support (mainly for AP mode)
-CONFIG_IEEE80211N=y
-
-# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
-# (depends on CONFIG_IEEE80211N)
-CONFIG_IEEE80211AC=y
-
-# Wireless Network Management (IEEE Std 802.11v-2011)
-# Note: This is experimental and not complete implementation.
-#CONFIG_WNM=y
-
-# Interworking (IEEE 802.11u)
-# This can be used to enable functionality to improve interworking with
-# external networks (GAS/ANQP to learn more about the networks and network
-# selection based on available credentials).
-#CONFIG_INTERWORKING=y
-
-# Hotspot 2.0
-#CONFIG_HS20=y
-
-# Enable interface matching in wpa_supplicant
-#CONFIG_MATCH_IFACE=y
-
-# Disable roaming in wpa_supplicant
-#CONFIG_NO_ROAMING=y
-
-# AP mode operations with wpa_supplicant
-# This can be used for controlling AP mode operations with wpa_supplicant. It
-# should be noted that this is mainly aimed at simple cases like
-# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
-# external RADIUS server can be supported with hostapd.
-CONFIG_AP=y
-
-# P2P (Wi-Fi Direct)
-# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
-# more information on P2P operations.
-CONFIG_P2P=y
-
-# Enable TDLS support
-#CONFIG_TDLS=y
-
-# Wi-Fi Direct
-# This can be used to enable Wi-Fi Direct extensions for P2P using an external
-# program to control the additional information exchanges in the messages.
CONFIG_WIFI_DISPLAY=y
-
-# Autoscan
-# This can be used to enable automatic scan support in wpa_supplicant.
-# See wpa_supplicant.conf for more information on autoscan usage.
-#
-# Enabling directly a module will enable autoscan support.
-# For exponential module:
-#CONFIG_AUTOSCAN_EXPONENTIAL=y
-# For periodic module:
-#CONFIG_AUTOSCAN_PERIODIC=y
-
-# Password (and passphrase, etc.) backend for external storage
-# These optional mechanisms can be used to add support for storing passwords
-# and other secrets in external (to wpa_supplicant) location. This allows, for
-# example, operating system specific key storage to be used
-#
-# External password backend for testing purposes (developer use)
-#CONFIG_EXT_PASSWORD_TEST=y
-
-# Enable Fast Session Transfer (FST)
-#CONFIG_FST=y
-
-# Enable CLI commands for FST testing
-#CONFIG_FST_TEST=y
-
-# OS X builds. This is only for building eapol_test.
-#CONFIG_OSX=y
-
-# Automatic Channel Selection
-# This will allow wpa_supplicant to pick the channel automatically when channel
-# is set to "0".
-#
-# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
-# to "channel=0". This would enable us to eventually add other ACS algorithms in
-# similar way.
-#
-# Automatic selection is currently only done through initialization, later on
-# we hope to do background checks to keep us moving to more ideal channels as
-# time goes by. ACS is currently only supported through the nl80211 driver and
-# your driver must have survey dump capability that is filled by the driver
-# during scanning.
-#
-# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
-# a newly to create wpa_supplicant.conf variable acs_num_scans.
-#
-# Supported ACS drivers:
-# * ath9k
-# * ath5k
-# * ath10k
-#
-# For more details refer to:
-# http://wireless.kernel.org/en/users/Documentation/acs
-#CONFIG_ACS=y
-
-# Support Multi Band Operation
-#CONFIG_MBO=y
-
-# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-# Note: This is an experimental and not yet complete implementation. This
-# should not be enabled for production use.
-#CONFIG_FILS=y
-# FILS shared key authentication with PFS
-#CONFIG_FILS_SK_PFS=y
-
-# Support RSN on IBSS networks
-# This is needed to be able to use mode=1 network profile with proto=RSN and
-# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
-CONFIG_IBSS_RSN=y
-
-# External PMKSA cache control
-# This can be used to enable control interface commands that allow the current
-# PMKSA cache entries to be fetched and new entries to be added.
-#CONFIG_PMKSA_CACHE_EXTERNAL=y
-
-# Mesh Networking (IEEE 802.11s)
-#CONFIG_MESH=y
-
-# Background scanning modules
-# These can be used to request wpa_supplicant to perform background scanning
-# operations for roaming within an ESS (same SSID). See the bgscan parameter in
-# the wpa_supplicant.conf file for more details.
-# Periodic background scans based on signal strength
-CONFIG_BGSCAN_SIMPLE=y
-# Learn channels used by the network and try to avoid bgscans on other
-# channels (experimental)
-#CONFIG_BGSCAN_LEARN=y
-
-# Opportunistic Wireless Encryption (OWE)
-# Experimental implementation of draft-harkins-owe-07.txt
-#CONFIG_OWE=y
+CONFIG_WPS=y
+#CONFIG_MACSEC=y
+#CONFIG_DRIVER_MACSEC_LINUX=y
diff --git a/source/n/wpa_supplicant/patches/Fix-openssl-1-1-private-key-callback.patch b/source/n/wpa_supplicant/patches/Fix-openssl-1-1-private-key-callback.patch
new file mode 100644
index 00000000..bee574a5
--- /dev/null
+++ b/source/n/wpa_supplicant/patches/Fix-openssl-1-1-private-key-callback.patch
@@ -0,0 +1,127 @@
+From 25b37c54a47e49d591f5752bbf0f510480402cae Mon Sep 17 00:00:00 2001
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Sun, 9 Jul 2017 11:14:10 +0200
+Subject: [PATCH 1/2] OpenSSL: Fix private key password handling with OpenSSL
+ >= 1.1.0f
+
+Since OpenSSL version 1.1.0f, SSL_use_PrivateKey_file() uses the
+callback from the SSL object instead of the one from the CTX, so let's
+set the callback on both SSL and CTX. Note that
+SSL_set_default_passwd_cb*() is available only in 1.1.0.
+
+Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
+(cherry picked from commit f665c93e1d28fbab3d9127a8c3985cc32940824f)
+---
+ src/crypto/tls_openssl.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index c4170b6..bceb8c3 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -2779,6 +2779,15 @@ static int tls_connection_private_key(struct tls_data *data,
+ } else
+ passwd = NULL;
+
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++ /*
++ * In OpenSSL >= 1.1.0f SSL_use_PrivateKey_file() uses the callback
++ * from the SSL object. See OpenSSL commit d61461a75253.
++ */
++ SSL_set_default_passwd_cb(conn->ssl, tls_passwd_cb);
++ SSL_set_default_passwd_cb_userdata(conn->ssl, passwd);
++#endif /* >= 1.1.0f && !LibreSSL */
++ /* Keep these for OpenSSL < 1.1.0f */
+ SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
+ SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
+
+@@ -2869,6 +2878,9 @@ static int tls_connection_private_key(struct tls_data *data,
+ return -1;
+ }
+ ERR_clear_error();
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++ SSL_set_default_passwd_cb(conn->ssl, NULL);
++#endif /* >= 1.1.0f && !LibreSSL */
+ SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
+ os_free(passwd);
+
+--
+2.9.3
+
+From b2887d6964a406eb5f88f4ad4e9764c468954382 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Mon, 17 Jul 2017 12:06:17 +0300
+Subject: [PATCH 2/2] OpenSSL: Clear default_passwd_cb more thoroughly
+
+Previously, the pointer to strdup passwd was left in OpenSSL library
+default_passwd_cb_userdata and even the default_passwd_cb was left set
+on an error path. To avoid unexpected behavior if something were to
+manage to use there pointers, clear them explicitly once done with
+loading of the private key.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+(cherry picked from commit 89971d8b1e328a2f79699c953625d1671fd40384)
+---
+ src/crypto/tls_openssl.c | 22 +++++++++++++++++-----
+ 1 file changed, 17 insertions(+), 5 deletions(-)
+
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index bceb8c3..770af9e 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -2758,6 +2758,19 @@ static int tls_connection_engine_private_key(struct tls_connection *conn)
+ }
+
+
++static void tls_clear_default_passwd_cb(SSL_CTX *ssl_ctx, SSL *ssl)
++{
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++ if (ssl) {
++ SSL_set_default_passwd_cb(ssl, NULL);
++ SSL_set_default_passwd_cb_userdata(ssl, NULL);
++ }
++#endif /* >= 1.1.0f && !LibreSSL */
++ SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
++ SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, NULL);
++}
++
++
+ static int tls_connection_private_key(struct tls_data *data,
+ struct tls_connection *conn,
+ const char *private_key,
+@@ -2874,14 +2887,12 @@ static int tls_connection_private_key(struct tls_data *data,
+ if (!ok) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Failed to load private key");
++ tls_clear_default_passwd_cb(ssl_ctx, conn->ssl);
+ os_free(passwd);
+ return -1;
+ }
+ ERR_clear_error();
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+- SSL_set_default_passwd_cb(conn->ssl, NULL);
+-#endif /* >= 1.1.0f && !LibreSSL */
+- SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
++ tls_clear_default_passwd_cb(ssl_ctx, conn->ssl);
+ os_free(passwd);
+
+ if (!SSL_check_private_key(conn->ssl)) {
+@@ -2924,13 +2935,14 @@ static int tls_global_private_key(struct tls_data *data,
+ tls_read_pkcs12(data, NULL, private_key, passwd)) {
+ tls_show_errors(MSG_INFO, __func__,
+ "Failed to load private key");
++ tls_clear_default_passwd_cb(ssl_ctx, NULL);
+ os_free(passwd);
+ ERR_clear_error();
+ return -1;
+ }
++ tls_clear_default_passwd_cb(ssl_ctx, NULL);
+ os_free(passwd);
+ ERR_clear_error();
+- SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
+
+ if (!SSL_CTX_check_private_key(ssl_ctx)) {
+ tls_show_errors(MSG_INFO, __func__,
+--
+2.9.3
+
diff --git a/source/n/wpa_supplicant/patches/rh1451834-nl80211-Fix-race-condition-in-detecting-MAC-change.patch b/source/n/wpa_supplicant/patches/rh1451834-nl80211-Fix-race-condition-in-detecting-MAC-change.patch
new file mode 100644
index 00000000..0c03e1dc
--- /dev/null
+++ b/source/n/wpa_supplicant/patches/rh1451834-nl80211-Fix-race-condition-in-detecting-MAC-change.patch
@@ -0,0 +1,99 @@
+From 290834df69556b903b49f2a45671cc62b44f13bb Mon Sep 17 00:00:00 2001
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Fri, 28 Apr 2017 17:59:30 +0200
+Subject: [PATCH] nl80211: Fix race condition in detecting MAC change
+
+Commit 3e0272ca00ce1df35b45e7d739dd7e935f13fd84 ('nl80211: Re-read MAC
+address on RTM_NEWLINK') added the detection of external changes to MAC
+address when the interface is brought up.
+
+If the interface state is changed quickly enough, wpa_supplicant may
+receive the netlink message for the !IFF_UP event when the interface
+has already been brought up and would ignore the next netlink IFF_UP
+message, missing the MAC change.
+
+Fix this by also reloading the MAC address when a !IFF_UP event is
+received with the interface up, because this implies that the
+interface went down and up again, possibly changing the address.
+
+Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
+---
+ src/drivers/driver_nl80211.c | 47 +++++++++++++++++++++++++-------------------
+ 1 file changed, 27 insertions(+), 20 deletions(-)
+
+diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
+index af1cb84..24fad29 100644
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -933,6 +933,30 @@ nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len)
+ }
+
+
++static void nl80211_refresh_mac(struct wpa_driver_nl80211_data *drv,
++ int ifindex)
++{
++ struct i802_bss *bss;
++ u8 addr[ETH_ALEN];
++
++ bss = get_bss_ifindex(drv, ifindex);
++ if (bss &&
++ linux_get_ifhwaddr(drv->global->ioctl_sock,
++ bss->ifname, addr) < 0) {
++ wpa_printf(MSG_DEBUG,
++ "nl80211: %s: failed to re-read MAC address",
++ bss->ifname);
++ } else if (bss && os_memcmp(addr, bss->addr, ETH_ALEN) != 0) {
++ wpa_printf(MSG_DEBUG,
++ "nl80211: Own MAC address on ifindex %d (%s) changed from "
++ MACSTR " to " MACSTR,
++ ifindex, bss->ifname,
++ MAC2STR(bss->addr), MAC2STR(addr));
++ os_memcpy(bss->addr, addr, ETH_ALEN);
++ }
++}
++
++
+ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
+ struct ifinfomsg *ifi,
+ u8 *buf, size_t len)
+@@ -997,6 +1021,8 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
+ namebuf[0] = '\0';
+ if (if_indextoname(ifi->ifi_index, namebuf) &&
+ linux_iface_up(drv->global->ioctl_sock, namebuf) > 0) {
++ /* Re-read MAC address as it may have changed */
++ nl80211_refresh_mac(drv, ifi->ifi_index);
+ wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
+ "event since interface %s is up", namebuf);
+ drv->ignore_if_down_event = 0;
+@@ -1044,27 +1070,8 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
+ "event since interface %s is marked "
+ "removed", drv->first_bss->ifname);
+ } else {
+- struct i802_bss *bss;
+- u8 addr[ETH_ALEN];
+-
+ /* Re-read MAC address as it may have changed */
+- bss = get_bss_ifindex(drv, ifi->ifi_index);
+- if (bss &&
+- linux_get_ifhwaddr(drv->global->ioctl_sock,
+- bss->ifname, addr) < 0) {
+- wpa_printf(MSG_DEBUG,
+- "nl80211: %s: failed to re-read MAC address",
+- bss->ifname);
+- } else if (bss &&
+- os_memcmp(addr, bss->addr, ETH_ALEN) != 0) {
+- wpa_printf(MSG_DEBUG,
+- "nl80211: Own MAC address on ifindex %d (%s) changed from "
+- MACSTR " to " MACSTR,
+- ifi->ifi_index, bss->ifname,
+- MAC2STR(bss->addr),
+- MAC2STR(addr));
+- os_memcpy(bss->addr, addr, ETH_ALEN);
+- }
++ nl80211_refresh_mac(drv, ifi->ifi_index);
+
+ wpa_printf(MSG_DEBUG, "nl80211: Interface up");
+ drv->if_disabled = 0;
+--
+2.9.3
+
diff --git a/source/n/wpa_supplicant/patches/rh1497640-pae-validate-input-before-pointer.patch b/source/n/wpa_supplicant/patches/rh1497640-pae-validate-input-before-pointer.patch
new file mode 100644
index 00000000..d99be04c
--- /dev/null
+++ b/source/n/wpa_supplicant/patches/rh1497640-pae-validate-input-before-pointer.patch
@@ -0,0 +1,78 @@
+From 0ad5893a2f1f521d44712cd395e067ccf0a397c3 Mon Sep 17 00:00:00 2001
+From: Michael Braun <michael-dev@fami-braun.de>
+Date: Fri, 18 Aug 2017 01:14:28 +0200
+Subject: PAE: Validate input before pointer
+
+ieee802_1x_kay_decode_mkpdu() calls ieee802_1x_mka_i_in_peerlist()
+before body_len has been checked on all segments.
+
+ieee802_1x_kay_decode_mkpdu() and ieee802_1x_mka_i_in_peerlist() might
+continue and thus underflow left_len even if it finds left_len to small
+(or before checking).
+
+Additionally, ieee802_1x_mka_dump_peer_body() might perform out of bound
+reads in this case.
+
+Fix this by checking left_len and aborting if too small early.
+
+Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
+---
+ src/pae/ieee802_1x_kay.c | 23 ++++++++++++-----------
+ 1 file changed, 12 insertions(+), 11 deletions(-)
+
+diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
+index c4bfcbc..cad0292 100644
+--- a/src/pae/ieee802_1x_kay.c
++++ b/src/pae/ieee802_1x_kay.c
+@@ -964,21 +964,19 @@ ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
+ body_len = get_mka_param_body_len(hdr);
+ body_type = get_mka_param_body_type(hdr);
+
+- if (body_type != MKA_LIVE_PEER_LIST &&
+- body_type != MKA_POTENTIAL_PEER_LIST)
+- continue;
+-
+- ieee802_1x_mka_dump_peer_body(
+- (struct ieee802_1x_mka_peer_body *)pos);
+-
+- if (left_len < (MKA_HDR_LEN + body_len + DEFAULT_ICV_LEN)) {
++ if (left_len < (MKA_HDR_LEN + MKA_ALIGN_LENGTH(body_len) + DEFAULT_ICV_LEN)) {
+ wpa_printf(MSG_ERROR,
+ "KaY: MKA Peer Packet Body Length (%zu bytes) is less than the Parameter Set Header Length (%zu bytes) + the Parameter Set Body Length (%zu bytes) + %d bytes of ICV",
+ left_len, MKA_HDR_LEN,
+- body_len, DEFAULT_ICV_LEN);
+- continue;
++ MKA_ALIGN_LENGTH(body_len),
++ DEFAULT_ICV_LEN);
++ return FALSE;
+ }
+
++ if (body_type != MKA_LIVE_PEER_LIST &&
++ body_type != MKA_POTENTIAL_PEER_LIST)
++ continue;
++
+ if ((body_len % 16) != 0) {
+ wpa_printf(MSG_ERROR,
+ "KaY: MKA Peer Packet Body Length (%zu bytes) should be a multiple of 16 octets",
+@@ -986,6 +984,9 @@ ieee802_1x_mka_i_in_peerlist(struct ieee802_1x_mka_participant *participant,
+ continue;
+ }
+
++ ieee802_1x_mka_dump_peer_body(
++ (struct ieee802_1x_mka_peer_body *)pos);
++
+ for (i = 0; i < body_len;
+ i += sizeof(struct ieee802_1x_mka_peer_id)) {
+ const struct ieee802_1x_mka_peer_id *peer_mi;
+@@ -3018,7 +3019,7 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
+ "KaY: MKA Peer Packet Body Length (%zu bytes) is less than the Parameter Set Header Length (%zu bytes) + the Parameter Set Body Length (%zu bytes) + %d bytes of ICV",
+ left_len, MKA_HDR_LEN,
+ body_len, DEFAULT_ICV_LEN);
+- continue;
++ return -1;
+ }
+
+ if (handled[body_type])
+--
+cgit v0.12
+
diff --git a/source/n/wpa_supplicant/slack-desc b/source/n/wpa_supplicant/slack-desc
index a6b63978..b891fbbd 100644
--- a/source/n/wpa_supplicant/slack-desc
+++ b/source/n/wpa_supplicant/slack-desc
@@ -13,6 +13,6 @@ wpa_supplicant: component that is used in the client stations. It implements key
wpa_supplicant: negotiation with a WPA Authenticator and it controls the roaming and
wpa_supplicant: IEEE 802.11 authentication/association of the wlan driver.
wpa_supplicant:
-wpa_supplicant: Homepage: http://hostap.epitest.fi/wpa_supplicant/
+wpa_supplicant: More info: http://hostap.epitest.fi/wpa_supplicant/
wpa_supplicant:
wpa_supplicant:
diff --git a/source/n/wpa_supplicant/wpa_supplicant.SlackBuild b/source/n/wpa_supplicant/wpa_supplicant.SlackBuild
index fa98162c..d4e56cbb 100755
--- a/source/n/wpa_supplicant/wpa_supplicant.SlackBuild
+++ b/source/n/wpa_supplicant/wpa_supplicant.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=wpa_supplicant
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-6}
SRCVERSION=$(printf $VERSION | tr _ -)
@@ -85,6 +85,15 @@ find . \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \;
+zcat $CWD/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch.gz | patch -p1 || exit 1
+zcat $CWD/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch.gz | patch -p1 || exit 1
+zcat $CWD/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch.gz | patch -p1 || exit 1
+zcat $CWD/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch.gz | patch -p1 || exit 1
+zcat $CWD/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch.gz | patch -p1 || exit 1
+zcat $CWD/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch.gz | patch -p1 || exit 1
+zcat $CWD/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch.gz | patch -p1 || exit 1
+zcat $CWD/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch.gz | patch -p1 || exit 1
+
# Fixup various paths in the dbus service file
zcat $CWD/patches/dbus-service-file-args.diff.gz | patch -p1 --verbose || exit 1
@@ -94,6 +103,11 @@ zcat $CWD/patches/quiet-scan-results-message.diff.gz | patch -p1 --verbose || ex
# Apply a few other patches from Fedora
zcat $CWD/patches/assoc-timeout.diff.gz | patch -p1 --verbose || exit 1
zcat $CWD/patches/flush-debug-output.diff.gz | patch -p1 --verbose || exit 1
+zcat $CWD/patches/rh1451834-nl80211-Fix-race-condition-in-detecting-MAC-change.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/patches/rh1497640-pae-validate-input-before-pointer.patch.gz | patch -p1 --verbose || exit 1
+
+# Support OpenSSL-1.1.x:
+zcat $CWD/patches/Fix-openssl-1-1-private-key-callback.patch.gz | patch -p1 --verbose || exit 1
cd wpa_supplicant
diff --git a/testing/source/wpa_supplicant/README.slackware b/testing/source/wpa_supplicant/README.slackware
new file mode 100644
index 00000000..7ab40a28
--- /dev/null
+++ b/testing/source/wpa_supplicant/README.slackware
@@ -0,0 +1,55 @@
+=================================================
+How do I get my card to use WPA-PSK in Slackware?
+=================================================
+
+First off: wpa_supplicant REQUIRES the AP to broadcast the SSID. When the AP
+hides its SSID, all you will get out of wpa_supplicant is the message:
+"No suitable AP found"
+
+Also, read the MADwifi FAQ (http://madwifi.sourceforge.net/dokuwiki/doku.php)
+since it contains a wealth of information.
+
+This being said, you'll have to do the following (as root):
+Edit the file named /etc/wpa_supplicant.conf and add these lines:
+
+network={
+ scan_ssid=0
+ proto=WPA
+ key_mgmt=WPA-PSK
+ pairwise=CCMP TKIP
+ group=CCMP TKIP WEP104 WEP40
+}
+
+Then execute:
+
+/usr/sbin/wpa_passphrase YOURSSID passphrase
+
+with the SSID of your AP and the passphrase you've entered in its WPA-PSK configuration. You'll receive an output, which looks like this:
+
+network={
+ ssid="YOURSSID"
+ #psk="passphrase"
+
+psk=66a4bfb03de5656cf26cfa03a116097546046f4aea11ee044b841171207d8308
+}
+
+Copy the three lines within the network-tag into your own entry in wpa_supplicant.conf and change the permissions after you've finished editing:
+
+chmod 640 /etc/wpa_supplicant.conf
+
+To get your network device up and running, execute:
+
+### /usr/sbin/wpa_supplicant -Bw -c/etc/wpa_supplicant.conf -iath0 -Dmadwifi ###
+### you don't have to run the above command by hand, because it will ###
+### be executed by the rc.inet1 command that you run: ###
+
+/etc/rc.d/rc.inet1 ath0_start
+
+In case you want to see the wpa_supplicant in action, start it on the command line before enabling the wireless device, by running:
+/usr/sbin/wpa_supplicant -dw -c/etc/wpa_supplicant.conf -iath0 -Dmadwifi
+The terminal where you've started the wpa_supplicant should now show the communication between your wlan card and the AP. If you got everything up and running you can let Slackware's init script take over by killing wpa_supplicant and running:
+
+/etc/rc.d/rc.inet1 ath0_restart
+
+Studying the wpa_supplicant README is also highly recommended for further insight!
+
diff --git a/testing/source/wpa_supplicant/config/dot.config b/testing/source/wpa_supplicant/config/dot.config
new file mode 100644
index 00000000..94871afd
--- /dev/null
+++ b/testing/source/wpa_supplicant/config/dot.config
@@ -0,0 +1,598 @@
+# Example wpa_supplicant build time configuration
+#
+# This file lists the configuration options that are used when building the
+# wpa_supplicant binary. All lines starting with # are ignored. Configuration
+# option lines must be commented out complete, if they are not to be included,
+# i.e., just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cases, these lines should use += in order not
+# to override previous values of the variables.
+
+
+# Uncomment following two lines and fix the paths if you have installed OpenSSL
+# or GnuTLS in non-default location
+#CFLAGS += -I/usr/local/openssl/include
+#LIBS += -L/usr/local/openssl/lib
+
+# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
+# the kerberos files are not in the default include path. Following line can be
+# used to fix build issues on such systems (krb5.h not found).
+#CFLAGS += -I/usr/include/kerberos
+
+# Driver interface for generic Linux wireless extensions
+# Note: WEXT is deprecated in the current Linux kernel version and no new
+# functionality is added to it. nl80211-based interface is the new
+# replacement for WEXT and its use allows wpa_supplicant to properly control
+# the driver to improve existing functionality like roaming and to support new
+# functionality.
+CONFIG_DRIVER_WEXT=y
+
+# Driver interface for Linux drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+
+# QCA vendor extensions to nl80211
+#CONFIG_DRIVER_NL80211_QCA=y
+
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+CONFIG_LIBNL32=y
+
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+#LIBS_p += -L/usr/local/lib
+#LIBS_c += -L/usr/local/lib
+
+# Driver interface for Windows NDIS
+#CONFIG_DRIVER_NDIS=y
+#CFLAGS += -I/usr/include/w32api/ddk
+#LIBS += -L/usr/local/lib
+# For native build using mingw
+#CONFIG_NATIVE_WINDOWS=y
+# Additional directories for cross-compilation on Linux host for mingw target
+#CFLAGS += -I/opt/mingw/mingw32/include/ddk
+#LIBS += -L/opt/mingw/mingw32/lib
+#CC=mingw32-gcc
+# By default, driver_ndis uses WinPcap for low-level operations. This can be
+# replaced with the following option which replaces WinPcap calls with NDISUIO.
+# However, this requires that WZC is disabled (net stop wzcsvc) before starting
+# wpa_supplicant.
+# CONFIG_USE_NDISUIO=y
+
+# Driver interface for wired Ethernet drivers
+CONFIG_DRIVER_WIRED=y
+
+# Driver interface for MACsec capable Qualcomm Atheros drivers
+#CONFIG_DRIVER_MACSEC_QCA=y
+
+# Driver interface for Linux MACsec drivers
+CONFIG_DRIVER_MACSEC_LINUX=y
+
+# Driver interface for the Broadcom RoboSwitch family
+#CONFIG_DRIVER_ROBOSWITCH=y
+
+# Driver interface for no driver (e.g., WPS ER only)
+#CONFIG_DRIVER_NONE=y
+
+# Solaris libraries
+#LIBS += -lsocket -ldlpi -lnsl
+#LIBS_c += -lsocket
+
+# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
+# MACsec is included)
+CONFIG_IEEE8021X_EAPOL=y
+
+# EAP-MD5
+CONFIG_EAP_MD5=y
+
+# EAP-MSCHAPv2
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-TLS
+CONFIG_EAP_TLS=y
+
+# EAL-PEAP
+CONFIG_EAP_PEAP=y
+
+# EAP-TTLS
+CONFIG_EAP_TTLS=y
+
+# EAP-FAST
+# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
+# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
+# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
+CONFIG_EAP_FAST=y
+
+# EAP-GTC
+CONFIG_EAP_GTC=y
+
+# EAP-OTP
+CONFIG_EAP_OTP=y
+
+# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
+#CONFIG_EAP_SIM=y
+
+# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-pwd (secure authentication using only a password)
+#CONFIG_EAP_PWD=y
+
+# EAP-PAX
+CONFIG_EAP_PAX=y
+
+# LEAP
+CONFIG_EAP_LEAP=y
+
+# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
+CONFIG_EAP_AKA=y
+
+# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+
+# Enable USIM simulator (Milenage) for EAP-AKA
+#CONFIG_USIM_SIMULATOR=y
+
+# EAP-SAKE
+CONFIG_EAP_SAKE=y
+
+# EAP-GPSK
+CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-TNC and related Trusted Network Connect support (experimental)
+CONFIG_EAP_TNC=y
+
+# Wi-Fi Protected Setup (WPS)
+CONFIG_WPS=y
+# Enable WPS external registrar functionality
+#CONFIG_WPS_ER=y
+# Disable credentials for an open network by default when acting as a WPS
+# registrar.
+#CONFIG_WPS_REG_DISABLE_OPEN=y
+# Enable WPS support with NFC config method
+#CONFIG_WPS_NFC=y
+
+# EAP-IKEv2
+CONFIG_EAP_IKEV2=y
+
+# EAP-EKE
+#CONFIG_EAP_EKE=y
+
+# MACsec
+CONFIG_MACSEC=y
+
+# Peerkey support:
+CONFIG_PEERKEY=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
+# engine.
+CONFIG_SMARTCARD=y
+
+# PC/SC interface for smartcards (USIM, GSM SIM)
+# Enable this if EAP-SIM or EAP-AKA is included
+#CONFIG_PCSC=y
+
+# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
+#CONFIG_HT_OVERRIDES=y
+
+# Support VHT overrides (disable VHT, mask MCS rates, etc.)
+#CONFIG_VHT_OVERRIDES=y
+
+# Development testing
+#CONFIG_EAPOL_TEST=y
+
+# Select control interface backend for external programs, e.g, wpa_cli:
+# unix = UNIX domain sockets (default for Linux/*BSD)
+# udp = UDP sockets using localhost (127.0.0.1)
+# udp6 = UDP IPv6 sockets using localhost (::1)
+# named_pipe = Windows Named Pipe (default for Windows)
+# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
+# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
+# y = use default (backwards compatibility)
+# If this option is commented out, control interface is not included in the
+# build.
+CONFIG_CTRL_IFACE=y
+
+# Include support for GNU Readline and History Libraries in wpa_cli.
+# When building a wpa_cli binary for distribution, please note that these
+# libraries are licensed under GPL and as such, BSD license may not apply for
+# the resulting binary.
+CONFIG_READLINE=y
+
+# Include internal line edit mode in wpa_cli. This can be used as a replacement
+# for GNU Readline to provide limited command line editing and history support.
+#CONFIG_WPA_CLI_EDIT=y
+
+# Remove debugging code that is printing out debug message to stdout.
+# This can be used to reduce the size of the wpa_supplicant considerably
+# if debugging code is not needed. The size reduction can be around 35%
+# (e.g., 90 kB).
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
+# 35-50 kB in code size.
+#CONFIG_NO_WPA=y
+
+# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
+# This option can be used to reduce code size by removing support for
+# converting ASCII passphrases into PSK. If this functionality is removed, the
+# PSK can only be configured as the 64-octet hexstring (e.g., from
+# wpa_passphrase). This saves about 0.5 kB in code size.
+#CONFIG_NO_WPA_PASSPHRASE=y
+
+# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
+# This can be used if ap_scan=1 mode is never enabled.
+#CONFIG_NO_SCAN_PROCESSING=y
+
+# Select configuration backend:
+# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
+# path is given on command line, not here; this option is just used to
+# select the backend that allows configuration files to be used)
+# winreg = Windows registry (see win_example.reg for an example)
+CONFIG_BACKEND=file
+
+# Remove configuration write functionality (i.e., to allow the configuration
+# file to be updated based on runtime configuration changes). The runtime
+# configuration can still be changed, the changes are just not going to be
+# persistent over restarts. This option can be used to reduce code size by
+# about 3.5 kB.
+#CONFIG_NO_CONFIG_WRITE=y
+
+# Remove support for configuration blobs to reduce code size by about 1.5 kB.
+#CONFIG_NO_CONFIG_BLOBS=y
+
+# Select program entry point implementation:
+# main = UNIX/POSIX like main() function (default)
+# main_winsvc = Windows service (read parameters from registry)
+# main_none = Very basic example (development use only)
+#CONFIG_MAIN=main
+
+# Select wrapper for operating system and C library specific functions
+# unix = UNIX/POSIX like systems (default)
+# win32 = Windows systems
+# none = Empty template
+#CONFIG_OS=unix
+
+# Select event loop implementation
+# eloop = select() loop (default)
+# eloop_win = Windows events and WaitForMultipleObject() loop
+#CONFIG_ELOOP=eloop
+
+# Should we use poll instead of select? Select is used by default.
+#CONFIG_ELOOP_POLL=y
+
+# Should we use epoll instead of select? Select is used by default.
+#CONFIG_ELOOP_EPOLL=y
+
+# Should we use kqueue instead of select? Select is used by default.
+#CONFIG_ELOOP_KQUEUE=y
+
+# Select layer 2 packet implementation
+# linux = Linux packet socket (default)
+# pcap = libpcap/libdnet/WinPcap
+# freebsd = FreeBSD libpcap
+# winpcap = WinPcap with receive thread
+# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
+# none = Empty template
+#CONFIG_L2_PACKET=linux
+
+# Disable Linux packet socket workaround applicable for station interface
+# in a bridge for EAPOL frames. This should be uncommented only if the kernel
+# is known to not have the regression issue in packet socket behavior with
+# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
+#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
+
+# IEEE 802.11w (management frame protection), also known as PMF
+# Driver support is also needed for IEEE 802.11w.
+CONFIG_IEEE80211W=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
+# none = Empty template
+#CONFIG_TLS=openssl
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used. It should be noted that some existing TLS v1.0 -based
+# implementation may not be compatible with TLS v1.1 message (ClientHello is
+# sent prior to negotiating which version will be used)
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms. It should be
+# noted that some existing TLS v1.0 -based implementation may not be compatible
+# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
+# will be used)
+#CONFIG_TLSV12=y
+
+# Select which ciphers to use by default with OpenSSL if the user does not
+# specify them.
+CONFIG_TLS_DEFAULT_CIPHERS="PROFILE=SYSTEM:3DES"
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
+# This is only for Windows builds and requires WMI-related header files and
+# WbemUuid.Lib from Platform SDK even when building with MinGW.
+#CONFIG_NDIS_EVENTS_INTEGRATED=y
+#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
+
+# Add support for old DBus control interface
+# (fi.epitest.hostap.WPASupplicant)
+CONFIG_CTRL_IFACE_DBUS=y
+
+# Add support for new DBus control interface
+# (fi.w1.hostap.wpa_supplicant1)
+CONFIG_CTRL_IFACE_DBUS_NEW=y
+
+# Add introspection support for new DBus control interface
+CONFIG_CTRL_IFACE_DBUS_INTRO=y
+
+# Add support for loading EAP methods dynamically as shared libraries.
+# When this option is enabled, each EAP method can be either included
+# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
+# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
+# be loaded in the beginning of the wpa_supplicant configuration file
+# (see load_dynamic_eap parameter in the example file) before being used in
+# the network blocks.
+#
+# Note that some shared parts of EAP methods are included in the main program
+# and in order to be able to use dynamic EAP methods using these parts, the
+# main program must have been build with the EAP method enabled (=y or =dyn).
+# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
+# unless at least one of them was included in the main build to force inclusion
+# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
+# in the main build to be able to load these methods dynamically.
+#
+# Please also note that using dynamic libraries will increase the total binary
+# size. Thus, it may not be the best option for targets that have limited
+# amount of memory/flash.
+#CONFIG_DYNAMIC_EAP_METHODS=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
+CONFIG_IEEE80211R=y
+
+# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
+CONFIG_DEBUG_FILE=y
+
+# Send debug messages to syslog instead of stdout
+CONFIG_DEBUG_SYSLOG=y
+# Set syslog facility for debug messages
+#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Add support for writing debug log to Android logcat instead of standard
+# output
+#CONFIG_ANDROID_LOG=y
+
+# Enable privilege separation (see README 'Privilege separation' for details)
+#CONFIG_PRIVSEP=y
+
+# Enable mitigation against certain attacks against TKIP by delaying Michael
+# MIC error reports by a random amount of time between 0 and 60 seconds
+#CONFIG_DELAYED_MIC_ERROR_REPORT=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, uncomment these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, uncomment these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+# wpa_supplicant depends on strong random number generation being available
+# from the operating system. os_get_random() function is used to fetch random
+# data when needed, e.g., for key generation. On Linux and BSD systems, this
+# works by reading /dev/urandom. It should be noted that the OS entropy pool
+# needs to be properly initialized before wpa_supplicant is started. This is
+# important especially on embedded devices that do not have a hardware random
+# number generator and may by default start up with minimal entropy available
+# for random number generation.
+#
+# As a safety net, wpa_supplicant is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data fetched
+# from the OS. This by itself is not considered to be very strong, but it may
+# help in cases where the system pool is not initialized properly. However, it
+# is very strongly recommended that the system pool is initialized with enough
+# entropy either by using hardware assisted random number generator or by
+# storing state over device reboots.
+#
+# wpa_supplicant can be configured to maintain its own entropy store over
+# restarts to enhance random number generation. This is not perfect, but it is
+# much more secure than using the same sequence of random numbers after every
+# reboot. This can be enabled with -e<entropy file> command line option. The
+# specified file needs to be readable and writable by wpa_supplicant.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal wpa_supplicant random pool can be
+# disabled. This will save some in binary size and CPU use. However, this
+# should only be considered for builds that are known to be used on devices
+# that meet the requirements described above.
+#CONFIG_NO_RANDOM_POOL=y
+
+# IEEE 802.11n (High Throughput) support (mainly for AP mode)
+CONFIG_IEEE80211N=y
+
+# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
+# (depends on CONFIG_IEEE80211N)
+CONFIG_IEEE80211AC=y
+
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+#CONFIG_WNM=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks (GAS/ANQP to learn more about the networks and network
+# selection based on available credentials).
+#CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+#CONFIG_HS20=y
+
+# Enable interface matching in wpa_supplicant
+#CONFIG_MATCH_IFACE=y
+
+# Disable roaming in wpa_supplicant
+#CONFIG_NO_ROAMING=y
+
+# AP mode operations with wpa_supplicant
+# This can be used for controlling AP mode operations with wpa_supplicant. It
+# should be noted that this is mainly aimed at simple cases like
+# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
+# external RADIUS server can be supported with hostapd.
+CONFIG_AP=y
+
+# P2P (Wi-Fi Direct)
+# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
+# more information on P2P operations.
+CONFIG_P2P=y
+
+# Enable TDLS support
+#CONFIG_TDLS=y
+
+# Wi-Fi Direct
+# This can be used to enable Wi-Fi Direct extensions for P2P using an external
+# program to control the additional information exchanges in the messages.
+CONFIG_WIFI_DISPLAY=y
+
+# Autoscan
+# This can be used to enable automatic scan support in wpa_supplicant.
+# See wpa_supplicant.conf for more information on autoscan usage.
+#
+# Enabling directly a module will enable autoscan support.
+# For exponential module:
+#CONFIG_AUTOSCAN_EXPONENTIAL=y
+# For periodic module:
+#CONFIG_AUTOSCAN_PERIODIC=y
+
+# Password (and passphrase, etc.) backend for external storage
+# These optional mechanisms can be used to add support for storing passwords
+# and other secrets in external (to wpa_supplicant) location. This allows, for
+# example, operating system specific key storage to be used
+#
+# External password backend for testing purposes (developer use)
+#CONFIG_EXT_PASSWORD_TEST=y
+
+# Enable Fast Session Transfer (FST)
+#CONFIG_FST=y
+
+# Enable CLI commands for FST testing
+#CONFIG_FST_TEST=y
+
+# OS X builds. This is only for building eapol_test.
+#CONFIG_OSX=y
+
+# Automatic Channel Selection
+# This will allow wpa_supplicant to pick the channel automatically when channel
+# is set to "0".
+#
+# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
+# to "channel=0". This would enable us to eventually add other ACS algorithms in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
+# a newly to create wpa_supplicant.conf variable acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# http://wireless.kernel.org/en/users/Documentation/acs
+#CONFIG_ACS=y
+
+# Support Multi Band Operation
+#CONFIG_MBO=y
+
+# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
+# Note: This is an experimental and not yet complete implementation. This
+# should not be enabled for production use.
+#CONFIG_FILS=y
+# FILS shared key authentication with PFS
+#CONFIG_FILS_SK_PFS=y
+
+# Support RSN on IBSS networks
+# This is needed to be able to use mode=1 network profile with proto=RSN and
+# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
+CONFIG_IBSS_RSN=y
+
+# External PMKSA cache control
+# This can be used to enable control interface commands that allow the current
+# PMKSA cache entries to be fetched and new entries to be added.
+#CONFIG_PMKSA_CACHE_EXTERNAL=y
+
+# Mesh Networking (IEEE 802.11s)
+#CONFIG_MESH=y
+
+# Background scanning modules
+# These can be used to request wpa_supplicant to perform background scanning
+# operations for roaming within an ESS (same SSID). See the bgscan parameter in
+# the wpa_supplicant.conf file for more details.
+# Periodic background scans based on signal strength
+CONFIG_BGSCAN_SIMPLE=y
+# Learn channels used by the network and try to avoid bgscans on other
+# channels (experimental)
+#CONFIG_BGSCAN_LEARN=y
+
+# Opportunistic Wireless Encryption (OWE)
+# Experimental implementation of draft-harkins-owe-07.txt
+#CONFIG_OWE=y
diff --git a/testing/source/wpa_supplicant/config/wpa_gui.desktop b/testing/source/wpa_supplicant/config/wpa_gui.desktop
new file mode 100644
index 00000000..31b8b6b0
--- /dev/null
+++ b/testing/source/wpa_supplicant/config/wpa_gui.desktop
@@ -0,0 +1,7 @@
+[Desktop Entry]
+Name=wpa_gui
+Comment[en]=Wpa_supplicant management
+Exec=kdesu wpa_gui
+Icon=wpa_gui
+Type=Application
+Categories=Qt;Network;
diff --git a/testing/source/wpa_supplicant/config/wpa_gui.png b/testing/source/wpa_supplicant/config/wpa_gui.png
new file mode 100644
index 00000000..a72f3569
--- /dev/null
+++ b/testing/source/wpa_supplicant/config/wpa_gui.png
Binary files differ
diff --git a/testing/source/wpa_supplicant/config/wpa_supplicant.conf b/testing/source/wpa_supplicant/config/wpa_supplicant.conf
new file mode 100644
index 00000000..4dbbf96a
--- /dev/null
+++ b/testing/source/wpa_supplicant/config/wpa_supplicant.conf
@@ -0,0 +1,2 @@
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=root
diff --git a/testing/source/wpa_supplicant/config/wpa_supplicant.logrotate b/testing/source/wpa_supplicant/config/wpa_supplicant.logrotate
new file mode 100644
index 00000000..bd7ef91c
--- /dev/null
+++ b/testing/source/wpa_supplicant/config/wpa_supplicant.logrotate
@@ -0,0 +1,6 @@
+/var/log/wpa_supplicant.log {
+ missingok
+ notifempty
+ size 30k
+ create 0600 root root
+}
diff --git a/testing/source/wpa_supplicant/doinst.sh b/testing/source/wpa_supplicant/doinst.sh
new file mode 100644
index 00000000..6052fca4
--- /dev/null
+++ b/testing/source/wpa_supplicant/doinst.sh
@@ -0,0 +1,15 @@
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+ # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+config etc/wpa_supplicant.conf.new
+config etc/logrotate.d/wpa_supplicant.new
diff --git a/testing/source/wpa_supplicant/patches/wpa_supplicant-2.7-fix-undefined-remove-ie.patch b/testing/source/wpa_supplicant/patches/wpa_supplicant-2.7-fix-undefined-remove-ie.patch
new file mode 100644
index 00000000..97a8cc7f
--- /dev/null
+++ b/testing/source/wpa_supplicant/patches/wpa_supplicant-2.7-fix-undefined-remove-ie.patch
@@ -0,0 +1,38 @@
+From f2973fa39d6109f0f34969e91551a98dc340d537 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Mon, 3 Dec 2018 12:00:26 +0200
+Subject: FT: Fix CONFIG_IEEE80211X=y build without CONFIG_FILS=y
+
+remove_ie() was defined within an ifdef CONFIG_FILS block while it is
+now needed even without CONFIG_FILS=y. Remove the CONFIG_FILS condition
+there.
+
+Fixes 8c41734e5de1 ("FT: Fix Reassociation Request IEs during FT protocol")
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ wpa_supplicant/sme.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
+index 39c8069..f77f751 100644
+--- a/wpa_supplicant/sme.c
++++ b/wpa_supplicant/sme.c
+@@ -1386,7 +1386,6 @@ void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
+ }
+
+
+-#ifdef CONFIG_FILS
+ #ifdef CONFIG_IEEE80211R
+ static void remove_ie(u8 *buf, size_t *len, u8 eid)
+ {
+@@ -1401,7 +1400,6 @@ static void remove_ie(u8 *buf, size_t *len, u8 eid)
+ }
+ }
+ #endif /* CONFIG_IEEE80211R */
+-#endif /* CONFIG_FILS */
+
+
+ void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode,
+--
+cgit v0.12
+
diff --git a/testing/source/wpa_supplicant/patches/wpa_supplicant-assoc-timeout.patch b/testing/source/wpa_supplicant/patches/wpa_supplicant-assoc-timeout.patch
new file mode 100644
index 00000000..c3b3568c
--- /dev/null
+++ b/testing/source/wpa_supplicant/patches/wpa_supplicant-assoc-timeout.patch
@@ -0,0 +1,16 @@
+diff -up wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c.assoc-timeout wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c
+--- wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c.assoc-timeout 2010-09-07 10:43:39.000000000 -0500
++++ wpa_supplicant-0.7.3/wpa_supplicant/wpa_supplicant.c 2010-12-07 18:57:45.163457000 -0600
+@@ -1262,10 +1262,10 @@ void wpa_supplicant_associate(struct wpa
+
+ if (assoc_failed) {
+ /* give IBSS a bit more time */
+- timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
++ timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
+ } else if (wpa_s->conf->ap_scan == 1) {
+ /* give IBSS a bit more time */
+- timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
++ timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 20;
+ }
+ wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
+ }
diff --git a/testing/source/wpa_supplicant/patches/wpa_supplicant-dbus-service-file-args.patch b/testing/source/wpa_supplicant/patches/wpa_supplicant-dbus-service-file-args.patch
new file mode 100644
index 00000000..b7478dad
--- /dev/null
+++ b/testing/source/wpa_supplicant/patches/wpa_supplicant-dbus-service-file-args.patch
@@ -0,0 +1,20 @@
+diff -up wpa_supplicant-0.7.3/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in.fedora wpa_supplicant-0.7.3/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
+--- wpa_supplicant-0.7.3/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in.fedora 2008-03-02 20:58:35.000000000 -0500
++++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in 2008-03-02 20:58:41.000000000 -0500
+@@ -1,5 +1,5 @@
+ [D-BUS Service]
+ Name=fi.w1.wpa_supplicant1
+-Exec=@BINDIR@/wpa_supplicant -u
++Exec=@BINDIR@/wpa_supplicant -B -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -P /var/run/wpa_supplicant.pid
+ User=root
+ SystemdService=wpa_supplicant.service
+diff -up wpa_supplicant-0.7.3/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in.fedora wpa_supplicant-0.7.3/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in
+--- wpa_supplicant-0.7.3/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in.fedora 2008-03-02 20:58:35.000000000 -0500
++++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in 2008-03-02 20:58:41.000000000 -0500
+@@ -1,5 +1,5 @@
+ [D-BUS Service]
+ Name=fi.epitest.hostap.WPASupplicant
+-Exec=@BINDIR@/wpa_supplicant -u
++Exec=@BINDIR@/wpa_supplicant -B -u -f /var/log/wpa_supplicant.log -c /etc/wpa_supplicant/wpa_supplicant.conf -P /var/run/wpa_supplicant.pid
+ User=root
+ SystemdService=wpa_supplicant.service
diff --git a/testing/source/wpa_supplicant/patches/wpa_supplicant-flush-debug-output.patch b/testing/source/wpa_supplicant/patches/wpa_supplicant-flush-debug-output.patch
new file mode 100644
index 00000000..a6868518
--- /dev/null
+++ b/testing/source/wpa_supplicant/patches/wpa_supplicant-flush-debug-output.patch
@@ -0,0 +1,49 @@
+--- wpa_supplicant-0.6.3/src/utils/wpa_debug.c.flush-debug 2007-07-30 23:15:34.000000000 -0400
++++ wpa_supplicant-0.6.3/src/utils/wpa_debug.c 2007-07-30 23:17:06.000000000 -0400
+@@ -157,6 +157,7 @@ void wpa_debug_print_timestamp(void)
+ if (out_file) {
+ fprintf(out_file, "%ld.%06u: ", (long) tv.sec,
+ (unsigned int) tv.usec);
++ fflush(out_file);
+ } else
+ #endif /* CONFIG_DEBUG_FILE */
+ printf("%ld.%06u: ", (long) tv.sec, (unsigned int) tv.usec);
+@@ -185,6 +186,7 @@ void wpa_printf(int level, char *fmt, ..
+ if (out_file) {
+ vfprintf(out_file, fmt, ap);
+ fprintf(out_file, "\n");
++ fflush(out_file);
+ } else {
+ #endif /* CONFIG_DEBUG_FILE */
+ vprintf(fmt, ap);
+@@ -217,6 +219,7 @@ static void _wpa_hexdump(int level, cons
+ fprintf(out_file, " [REMOVED]");
+ }
+ fprintf(out_file, "\n");
++ fflush(out_file);
+ } else {
+ #endif /* CONFIG_DEBUG_FILE */
+ printf("%s - hexdump(len=%lu):", title, (unsigned long) len);
+@@ -262,12 +265,14 @@ static void _wpa_hexdump_ascii(int level
+ fprintf(out_file,
+ "%s - hexdump_ascii(len=%lu): [REMOVED]\n",
+ title, (unsigned long) len);
++ fflush(out_file);
+ return;
+ }
+ if (buf == NULL) {
+ fprintf(out_file,
+ "%s - hexdump_ascii(len=%lu): [NULL]\n",
+ title, (unsigned long) len);
++ fflush(out_file);
+ return;
+ }
+ fprintf(out_file, "%s - hexdump_ascii(len=%lu):\n",
+@@ -292,6 +297,7 @@ static void _wpa_hexdump_ascii(int level
+ pos += llen;
+ len -= llen;
+ }
++ fflush(out_file);
+ } else {
+ #endif /* CONFIG_DEBUG_FILE */
+ if (!show) {
diff --git a/testing/source/wpa_supplicant/patches/wpa_supplicant-gui-qt4.patch b/testing/source/wpa_supplicant/patches/wpa_supplicant-gui-qt4.patch
new file mode 100644
index 00000000..c54cd9a2
--- /dev/null
+++ b/testing/source/wpa_supplicant/patches/wpa_supplicant-gui-qt4.patch
@@ -0,0 +1,41 @@
+From 9404f356e394604d1d3d6dbffc52abd54260e4d4 Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Tue, 27 Oct 2015 08:56:35 +0100
+Subject: [PATCH] wpa_supplicant: allow overriding the names of the Qt4 tools
+
+This is useful for distributions that ship different versions of Qt in
+different locations.
+---
+ wpa_supplicant/Makefile | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
+index ad9ead9..b19676d 100644
+--- a/wpa_supplicant/Makefile
++++ b/wpa_supplicant/Makefile
+@@ -11,6 +11,9 @@ export INCDIR ?= /usr/local/include/
+ export BINDIR ?= /usr/local/sbin/
+ PKG_CONFIG ?= pkg-config
+
++QMAKE ?= qmake
++LRELEASE ?= lrelease
++
+ CFLAGS += $(EXTRA_CFLAGS)
+ CFLAGS += -I$(abspath ../src)
+ CFLAGS += -I$(abspath ../src/utils)
+@@ -1787,10 +1790,10 @@ wpa_gui:
+ @echo "wpa_gui has been removed - see wpa_gui-qt4 for replacement"
+
+ wpa_gui-qt4/Makefile:
+- qmake -o wpa_gui-qt4/Makefile wpa_gui-qt4/wpa_gui.pro
++ $(QMAKE) -o wpa_gui-qt4/Makefile wpa_gui-qt4/wpa_gui.pro
+
+ wpa_gui-qt4/lang/wpa_gui_de.qm: wpa_gui-qt4/lang/wpa_gui_de.ts
+- lrelease wpa_gui-qt4/wpa_gui.pro
++ $(LRELEASE) wpa_gui-qt4/wpa_gui.pro
+
+ wpa_gui-qt4: wpa_gui-qt4/Makefile wpa_gui-qt4/lang/wpa_gui_de.qm
+ $(MAKE) -C wpa_gui-qt4
+--
+2.6.2
+
diff --git a/testing/source/wpa_supplicant/patches/wpa_supplicant-quiet-scan-results-message.patch b/testing/source/wpa_supplicant/patches/wpa_supplicant-quiet-scan-results-message.patch
new file mode 100644
index 00000000..c646a304
--- /dev/null
+++ b/testing/source/wpa_supplicant/patches/wpa_supplicant-quiet-scan-results-message.patch
@@ -0,0 +1,30 @@
+From 763a4ef660e2bd81f6cdc71a2f29a0a3e71b2ebc Mon Sep 17 00:00:00 2001
+From: Dan Williams <dcbw@redhat.com>
+Date: Tue, 22 Nov 2016 15:48:17 +0100
+Subject: [PATCH 1/2] quiet an annoying and frequent syslog message
+
+---
+ wpa_supplicant/events.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
+index abe3b47..72a0412 100644
+--- a/wpa_supplicant/events.c
++++ b/wpa_supplicant/events.c
+@@ -1555,11 +1555,11 @@ static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
+ if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
+ wpa_s->manual_scan_use_id && wpa_s->own_scan_running &&
+ own_request && !(data && data->scan_info.external_scan)) {
+- wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u",
++ wpa_msg_ctrl(wpa_s, MSG_DEBUG, WPA_EVENT_SCAN_RESULTS "id=%u",
+ wpa_s->manual_scan_id);
+ wpa_s->manual_scan_use_id = 0;
+ } else {
+- wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS);
++ wpa_msg_ctrl(wpa_s, MSG_DEBUG, WPA_EVENT_SCAN_RESULTS);
+ }
+ wpas_notify_scan_results(wpa_s);
+
+--
+2.9.3
+
diff --git a/testing/source/wpa_supplicant/slack-desc b/testing/source/wpa_supplicant/slack-desc
new file mode 100644
index 00000000..a6b63978
--- /dev/null
+++ b/testing/source/wpa_supplicant/slack-desc
@@ -0,0 +1,18 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+ |-----handy-ruler------------------------------------------------------|
+wpa_supplicant: wpa_supplicant (WPA/WPA2/IEEE 802.1X Supplicant)
+wpa_supplicant:
+wpa_supplicant: wpa_supplicant is a WPA Supplicant for Linux with support for WPA and
+wpa_supplicant: WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA
+wpa_supplicant: component that is used in the client stations. It implements key
+wpa_supplicant: negotiation with a WPA Authenticator and it controls the roaming and
+wpa_supplicant: IEEE 802.11 authentication/association of the wlan driver.
+wpa_supplicant:
+wpa_supplicant: Homepage: http://hostap.epitest.fi/wpa_supplicant/
+wpa_supplicant:
+wpa_supplicant:
diff --git a/testing/source/wpa_supplicant/wpa_supplicant.SlackBuild b/testing/source/wpa_supplicant/wpa_supplicant.SlackBuild
new file mode 100755
index 00000000..c248c130
--- /dev/null
+++ b/testing/source/wpa_supplicant/wpa_supplicant.SlackBuild
@@ -0,0 +1,177 @@
+#!/bin/bash
+
+# Copyright 2004-2008 Eric Hameleers, Eindhoven, NL
+# Copyright 2008-2018 Patrick J. Volkerding, Sebeka, MN, USA
+# Permission to use, copy, modify, and distribute this software for
+# any purpose with or without fee is hereby granted, provided that
+# the above copyright notice and this permission notice appear in all
+# copies.
+#
+# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+# -----------------------------------------------------------------------------
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+PKGNAM=wpa_supplicant
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-2}
+
+SRCVERSION=$(printf $VERSION | tr _ -)
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) export ARCH=i586 ;;
+ arm*) export ARCH=arm ;;
+ # Unless $ARCH is already set, use uname -m for all other archs:
+ *) export ARCH=$( uname -m ) ;;
+ esac
+fi
+
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+ echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+ exit 0
+fi
+
+NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
+
+if [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "s390" ]; then
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+elif [ "$ARCH" = "arm" ]; then
+ SLKCFLAGS="-O2 -march=armv4 -mtune=xscale"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "armel" ]; then
+ SLKCFLAGS="-O2 -march=armv4t"
+ LIBDIRSUFFIX=""
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+TMP=${TMP:-/tmp}
+PKG=$TMP/package-$PKGNAM
+
+rm -rf $PKG
+mkdir -p $TMP $PKG
+cd $TMP
+rm -rf ${PKGNAM}-${SRCVERSION}
+tar xvf $CWD/${PKGNAM}-${SRCVERSION}.tar.?z* || exit 1
+cd ${PKGNAM}-${SRCVERSION}
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \;
+
+zcat $CWD/patches/wpa_supplicant-assoc-timeout.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/patches/wpa_supplicant-dbus-service-file-args.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/patches/wpa_supplicant-flush-debug-output.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/patches/wpa_supplicant-gui-qt4.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/patches/wpa_supplicant-quiet-scan-results-message.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/patches/wpa_supplicant-2.7-fix-undefined-remove-ie.patch.gz | patch -p1 --verbose || exit 1
+
+cd wpa_supplicant
+
+# Create the configuration file for building wpa_supplicant:
+cat $CWD/config/dot.config > .config
+
+# Build the usual binaries
+CFLAGS="$SLKCFLAGS" \
+make $NUMJOBS \
+ BINDIR=/usr/sbin \
+ LIBDIR=/usr/lib${LIBDIRSUFFIX} || exit 1
+
+# Build the Qt4 GUI client
+CFLAGS="$SLKCFLAGS" \
+make $NUMJOBS \
+ wpa_gui-qt4 \
+ BINDIR=/usr/sbin \
+ LIBDIR=/usr/lib${LIBDIRSUFFIX} || exit 1
+
+# Make sure man pages are built
+make -C doc/docbook man
+
+# This goes into the doc directory later on:
+mv wpa_supplicant.conf wpa_supplicant.conf.sample
+
+# Install binaries:
+mkdir -p $PKG/usr/sbin $PKG/usr/bin
+cp wpa_supplicant wpa_passphrase wpa_cli $PKG/usr/sbin/
+cp wpa_gui-qt4/wpa_gui $PKG/usr/bin/
+
+find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
+ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+
+# Install dbus configuration file:
+mkdir -p $PKG/etc/dbus-1/system.d/
+cp dbus/dbus-wpa_supplicant.conf \
+ $PKG/etc/dbus-1/system.d/dbus-wpa_supplicant.conf
+
+mkdir -p $PKG/usr/share/dbus-1/system-services
+install -m644 dbus/*.service $PKG/usr/share/dbus-1/system-services/
+
+# Install a .desktop file and icon for wpa_gui:
+# (converted from the wpa_gui.svg in the source)
+mkdir -p $PKG/usr/share/{applications,pixmaps}
+cat $CWD/config/wpa_gui.desktop > $PKG/usr/share/applications/wpa_gui.desktop
+cat $CWD/config/wpa_gui.png > $PKG/usr/share/pixmaps/wpa_gui.png
+
+# Install a logrotate config
+mkdir -p $PKG/etc/logrotate.d
+cat $CWD/config/wpa_supplicant.logrotate > $PKG/etc/logrotate.d/wpa_supplicant.new
+
+# Install man pages:
+for m in 5 8; do
+ mkdir -p $PKG/usr/man/man${m}
+ cp doc/docbook/*.${m} $PKG/usr/man/man${m}/
+done
+find $PKG/usr/man -type f -name "*.?" -exec gzip -9f {} \;
+
+# Install a default configuration file (only readable by root):
+mkdir -p $PKG/etc
+cat $CWD/config/wpa_supplicant.conf > $PKG/etc/wpa_supplicant.conf.new
+chmod 600 $PKG/etc/wpa_supplicant.conf.new
+
+mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
+cp -a \
+ ChangeLog ../COPYING README README-{P2P,WPS} examples *.txt *.sample $CWD/README.slackware \
+ $PKG/usr/doc/$PKGNAM-$VERSION
+chown -R root:root $PKG/usr/doc/$PKGNAM-$VERSION/*
+chmod -R a-w $PKG/usr/doc/$PKGNAM-$VERSION/*
+
+# If there's a ChangeLog, installing at least part of the recent history
+# is useful, but don't let it get totally out of control:
+if [ -r ChangeLog ]; then
+ DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION)
+ cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
+ touch -r ChangeLog $DOCSDIR/ChangeLog
+fi
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+zcat $CWD/doinst.sh.gz >> $PKG/install/doinst.sh
+
+cd $PKG
+/sbin/makepkg -l y -c n $TMP/${PKGNAM}-${VERSION}-${ARCH}-${BUILD}.txz