[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/

[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/

[Richard Farina]

commit:     a793b9a4077771098e1d461cbc19ba20804754ac
Author:     Zero_Chaos <zerochaos <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 26 23:44:12 2015 +0000
Commit:     Richard Farina <zerochaos <AT> gentoo <DOT> org>
CommitDate: Mon Oct 26 23:44:32 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a793b9a4

net-wireless/wpa_supplicant: make Coacher happy

Package-Manager: portage-2.2.23

 ...upplicant-2.5-do-not-call-dbus-functions-with-NULL-path.patch | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.5-do-not-call-dbus-functions-with-NULL-path.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.5-do-not-call-dbus-functions-with-NULL-path.patch
index deb6996..0f340c9 100644
--- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.5-do-not-call-dbus-functions-with-NULL-path.patch
+++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.5-do-not-call-dbus-functions-with-NULL-path.patch
@@ -1,7 +1,8 @@
-diff -Naur wpa_supplicant/dbus/dbus_new_helpers.c wpa_supplicant-fixed/dbus/dbus_new_helpers.c
---- wpa_supplicant/dbus/dbus_new_helpers.c	2015-09-27 15:02:05.000000000 -0400
-+++ wpa_supplicant-fixed/dbus/dbus_new_helpers.c	2015-10-05 18:38:58.489713168 -0400
-@@ -847,7 +847,7 @@
+diff --git a/wpa_supplicant/dbus/dbus_new_helpers.c b/wpa_supplicant/dbus/dbus_new_helpers.c
+index 45623f3..0fc3d08 100644
+--- a/wpa_supplicant/dbus/dbus_new_helpers.c
++++ b/wpa_supplicant/dbus/dbus_new_helpers.c
+@@ -847,7 +847,7 @@ void wpa_dbus_mark_property_changed(struct wpas_dbus_priv *iface,
  	const struct wpa_dbus_property_desc *dsc;
  	int i = 0;
  

[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/

[David Seifert]

commit:     2c7e9f78fce6e4afe9a329fd0eac1fd20080ce26
Author:     Michael Mair-Keimberger (asterix) <m.mairkeimberger <AT> gmail <DOT> com>
AuthorDate: Thu Jan 12 18:13:29 2017 +0000
Commit:     David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Sun Jan 15 10:25:09 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c7e9f78

net-wireless/wpa_supplicant: remove unused systemd service files

Closes: https://github.com/gentoo/gentoo/pull/3447

 net-wireless/wpa_supplicant/files/wpa_supplicant.service    | 11 -----------
 net-wireless/wpa_supplicant/files/wpa_supplicant_at.service | 11 -----------
 2 files changed, 22 deletions(-)

diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant.service b/net-wireless/wpa_supplicant/files/wpa_supplicant.service
deleted file mode 100644
index e1e75b1..00000000
--- a/net-wireless/wpa_supplicant/files/wpa_supplicant.service
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=WPA supplicant
-
-[Service]
-Type=dbus
-BusName=fi.epitest.hostap.WPASupplicant
-ExecStart=/usr/sbin/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant.conf -u
-
-[Install]
-WantedBy=multi-user.target
-Alias=dbus-fi.epitest.hostap.WPASupplicant.service

diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant_at.service b/net-wireless/wpa_supplicant/files/wpa_supplicant_at.service
deleted file mode 100644
index af0cebf..00000000
--- a/net-wireless/wpa_supplicant/files/wpa_supplicant_at.service
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=WPA supplicant daemon (interface-specific version)
-
-# NetworkManager users will probably want the dbus version instead.
-
-[Service]
-Type=simple
-ExecStart=/usr/sbin/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant.conf -i%I
-
-[Install]
-Alias=multi-user.target.wants/wpa_supplicant@wlan0.service

[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/

[David Seifert]

commit:     2800f43474998dcf4d66f8797a4ccfc0c70fd464
Author:     Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com>
AuthorDate: Sat Nov 18 12:42:19 2017 +0000
Commit:     David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Sat Nov 18 18:03:37 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2800f434

net-wireless/wpa_supplicant: remove unused patches

Closes: https://github.com/gentoo/gentoo/pull/6224

 ...do-not-call-dbus-functions-with-NULL-path.patch | 13 ----
 .../files/wpa_supplicant-2.5-libressl.patch        | 71 ----------------------
 2 files changed, 84 deletions(-)

diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.5-do-not-call-dbus-functions-with-NULL-path.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.5-do-not-call-dbus-functions-with-NULL-path.patch
deleted file mode 100644
index 0f340c9566d..00000000000
--- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.5-do-not-call-dbus-functions-with-NULL-path.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/wpa_supplicant/dbus/dbus_new_helpers.c b/wpa_supplicant/dbus/dbus_new_helpers.c
-index 45623f3..0fc3d08 100644
---- a/wpa_supplicant/dbus/dbus_new_helpers.c
-+++ b/wpa_supplicant/dbus/dbus_new_helpers.c
-@@ -847,7 +847,7 @@ void wpa_dbus_mark_property_changed(struct wpas_dbus_priv *iface,
- 	const struct wpa_dbus_property_desc *dsc;
- 	int i = 0;
- 
--	if (iface == NULL)
-+	if (iface == NULL || path == NULL)
- 		return;
- 
- 	dbus_connection_get_object_path_data(iface->con, path,

diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.5-libressl.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.5-libressl.patch
deleted file mode 100644
index 458628c577d..00000000000
--- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.5-libressl.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From c987191de92bacbf27df5d345a9d18aea8ea8a98 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marek=20Beh=C3=BAn?= <kabel@blackhole.sk>
-Date: Mon, 16 Nov 2015 02:18:22 +0100
-Subject: [PATCH] Check for LIBRESSL_VERSION_NUMBER in tls_openssl.c
-
-LibreSSL does not yet support the new API, so do not use it
-when LIBRESSL_VERSION_NUMBER macro is defined.
----
- src/crypto/tls_openssl.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
-index c2bb8c5..3883465 100644
---- a/src/crypto/tls_openssl.c
-+++ b/src/crypto/tls_openssl.c
-@@ -3163,7 +3163,7 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL *ssl, PKCS12 *p12,
- 	}
- 
- 	if (certs) {
--#if OPENSSL_VERSION_NUMBER >= 0x10002000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
- 		SSL_clear_chain_certs(ssl);
- 		while ((cert = sk_X509_pop(certs)) != NULL) {
- 			X509_NAME_oneline(X509_get_subject_name(cert), buf,
-@@ -3746,7 +3746,7 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
- 	if (conn == NULL || keys == NULL)
- 		return -1;
- 	ssl = conn->ssl;
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
- 		return -1;
- 
-@@ -3775,7 +3775,7 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
- #ifndef CONFIG_FIPS
- static int openssl_get_keyblock_size(SSL *ssl)
- {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	const EVP_CIPHER *c;
- 	const EVP_MD *h;
- 	int md_size;
-@@ -3845,7 +3845,7 @@ static int openssl_tls_prf(struct tls_connection *conn,
- 		   "mode");
- 	return -1;
- #else /* CONFIG_FIPS */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	SSL *ssl;
- 	u8 *rnd;
- 	int ret = -1;
-@@ -4328,7 +4328,7 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
- 
- 	wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
- 
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
- 	if (os_strstr(buf, ":ADH-")) {
- 		/*
-@@ -4917,7 +4917,7 @@ static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
- 	struct tls_connection *conn = arg;
- 	int ret;
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	if (conn == NULL || conn->session_ticket_cb == NULL)
- 		return 0;
- 
--- 
-2.4.10

[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/

[Richard Farina]

commit:     0ce04470541c6757326c433afb798876face366c
Author:     Zero_Chaos <zerochaos <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 19 02:24:22 2018 +0000
Commit:     Richard Farina <zerochaos <AT> gentoo <DOT> org>
CommitDate: Thu Apr 19 02:24:22 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ce04470

net-wireless/wpa_supplicant: bug #625458

intentionally committed without bump, users get this on rebuild/update.
adding a comment simply doesn't need a bump

Package-Manager: Portage-2.3.29, Repoman-2.3.9

 net-wireless/wpa_supplicant/files/wpa_supplicant-conf.d | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-conf.d b/net-wireless/wpa_supplicant/files/wpa_supplicant-conf.d
index 104b9dc5d8c..5381c8c748e 100644
--- a/net-wireless/wpa_supplicant/files/wpa_supplicant-conf.d
+++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-conf.d
@@ -1,5 +1,9 @@
 # conf.d file for wpa_supplicant
-#
+
+# uncomment this if wpa_supplicant starts up before your network interface
+# is ready and it causes issues
+# rc_want="dev-settle"
+
 # Please check man 8 wpa_supplicant for more information about the options
 # wpa_supplicant accepts.
 #

[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/

[Rick Farina]

commit:     60c211a01666babeebbbee2eea595da93173ec4c
Author:     Stefan Strogin <stefan.strogin <AT> gmail <DOT> com>
AuthorDate: Sun Jan 13 19:28:13 2019 +0000
Commit:     Rick Farina <zerochaos <AT> gentoo <DOT> org>
CommitDate: Mon Jan 14 01:42:16 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=60c211a0

net-wireless/wpa_supplicant: remove unused patch

Package-Manager: Portage-2.3.55, Repoman-2.3.12
Signed-off-by: Stefan Strogin <stefan.strogin <AT> gmail.com>
Signed-off-by: Rick Farina <zerochaos <AT> gentoo.org>

 .../files/wpa_supplicant-2.6-libressl.patch        | 81 ----------------------
 1 file changed, 81 deletions(-)

diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl.patch
deleted file mode 100644
index 0394ab545b1..00000000000
--- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From d53b107120af86a0c711bac950bfc2fa728cb4e6 Mon Sep 17 00:00:00 2001
-From: Julian Ospald <hasufell@hasufell.de>
-Date: Fri, 7 Oct 2016 17:45:46 +0200
-Subject: [PATCH] Fix LibreSSL compatibility
-Upstream: pending, http://lists.infradead.org/pipermail/hostap/2016-October/036458.html
-
-This basically just follows
-587b0457e0238b7b1800d46f5cdd5e1d2b06732f
-with the same pattern, which was missed here.
-
-Signed-off-by: Julian Ospald <hasufell@hasufell.de>
----
- src/crypto/crypto_openssl.c | 4 ++--
- src/crypto/tls_openssl.c    | 8 ++++----
- 2 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
-index 19e0e2b..b3d1b07 100644
---- a/src/crypto/crypto_openssl.c
-+++ b/src/crypto/crypto_openssl.c
-@@ -611,7 +611,7 @@ void crypto_cipher_deinit(struct crypto_cipher *ctx)
- 
- void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
- {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	DH *dh;
- 	struct wpabuf *pubkey = NULL, *privkey = NULL;
- 	size_t publen, privlen;
-@@ -712,7 +712,7 @@ err:
- 
- void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ)
- {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	DH *dh;
- 
- 	dh = DH_new();
-diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
-index 23ac64b..a7d4880 100644
---- a/src/crypto/tls_openssl.c
-+++ b/src/crypto/tls_openssl.c
-@@ -919,7 +919,7 @@ void * tls_init(const struct tls_config *conf)
- 		}
- #endif /* OPENSSL_FIPS */
- #endif /* CONFIG_FIPS */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 		SSL_load_error_strings();
- 		SSL_library_init();
- #ifndef OPENSSL_NO_SHA256
-@@ -1043,7 +1043,7 @@ void tls_deinit(void *ssl_ctx)
- 
- 	tls_openssl_ref_count--;
- 	if (tls_openssl_ref_count == 0) {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- #ifndef OPENSSL_NO_ENGINE
- 		ENGINE_cleanup();
- #endif /* OPENSSL_NO_ENGINE */
-@@ -2334,7 +2334,7 @@ static int tls_connection_client_cert(struct tls_connection *conn,
- 		return 0;
- 
- #ifdef PKCS12_FUNCS
--#if OPENSSL_VERSION_NUMBER < 0x10002000L
-+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
- 	/*
- 	 * Clear previously set extra chain certificates, if any, from PKCS#12
- 	 * processing in tls_parse_pkcs12() to allow OpenSSL to build a new
-@@ -3976,7 +3976,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
- 		engine_id = "pkcs11";
- 
- #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	if (params->flags & TLS_CONN_EAP_FAST) {
- 		wpa_printf(MSG_DEBUG,
- 			   "OpenSSL: Use TLSv1_method() for EAP-FAST");
--- 
-2.10.1
-

[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/

[Aaron Bauman]

commit:     2b82a229fbd08184cfd3595e7c39b5f0c79a740d
Author:     Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com>
AuthorDate: Thu Nov 28 17:19:13 2019 +0000
Commit:     Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Fri Nov 29 22:07:38 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b82a229

net-wireless/wpa_supplicant: remove unused patches

Signed-off-by: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/13784
Signed-off-by: Aaron Bauman <bman <AT> gentoo.org>

 ...-unauthenticated-encrypted-EAPOL-Key-data.patch |  44 ---------
 ...wpa_supplicant-2.6-libressl-compatibility.patch | 106 ---------------------
 .../files/wpa_supplicant-2.6-openssl-1.1.patch     |  48 ----------
 ...pa_supplicant-2.7-fix-undefined-remove-ie.patch |  38 --------
 .../files/wpa_supplicant-2.7-libressl.patch        |  46 ---------
 5 files changed, 282 deletions(-)

diff --git a/net-wireless/wpa_supplicant/files/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch b/net-wireless/wpa_supplicant/files/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
deleted file mode 100644
index a62b52c6b9a..00000000000
--- a/net-wireless/wpa_supplicant/files/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 3e34cfdff6b192fe337c6fb3f487f73e96582961 Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Sun, 15 Jul 2018 01:25:53 +0200
-Subject: [PATCH] WPA: Ignore unauthenticated encrypted EAPOL-Key data
-
-Ignore unauthenticated encrypted EAPOL-Key data in supplicant
-processing. When using WPA2, these are frames that have the Encrypted
-flag set, but not the MIC flag.
-
-When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
-not the MIC flag, had their data field decrypted without first verifying
-the MIC. In case the data field was encrypted using RC4 (i.e., when
-negotiating TKIP as the pairwise cipher), this meant that
-unauthenticated but decrypted data would then be processed. An adversary
-could abuse this as a decryption oracle to recover sensitive information
-in the data field of EAPOL-Key messages (e.g., the group key).
-(CVE-2018-14526)
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/rsn_supp/wpa.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff -upr wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c wpa_supplicant-2.6/src/rsn_supp/wpa.c
---- wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c	2016-10-02 21:51:11.000000000 +0300
-+++ wpa_supplicant-2.6/src/rsn_supp/wpa.c	2018-08-08 16:55:11.506831029 +0300
-@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, c
- 
- 	if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
- 	    (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
-+		/*
-+		 * Only decrypt the Key Data field if the frame's authenticity
-+		 * was verified. When using AES-SIV (FILS), the MIC flag is not
-+		 * set, so this check should only be performed if mic_len != 0
-+		 * which is the case in this code branch.
-+		 */
-+		if (!(key_info & WPA_KEY_INFO_MIC)) {
-+			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+				"WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
-+			goto out;
-+		}
- 		if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
- 						    &key_data_len))
- 			goto out;

diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl-compatibility.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl-compatibility.patch
deleted file mode 100644
index 025da58028d..00000000000
--- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl-compatibility.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
-index 19e0e2be8..6585c0245 100644
---- a/src/crypto/crypto_openssl.c
-+++ b/src/crypto/crypto_openssl.c
-@@ -33,7 +33,9 @@
- #include "aes_wrap.h"
- #include "crypto.h"
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-+	(defined(LIBRESSL_VERSION_NUMBER) && \
-+	 LIBRESSL_VERSION_NUMBER < 0x20700000L)
- /* Compatibility wrappers for older versions. */
- 
- static HMAC_CTX * HMAC_CTX_new(void)
-@@ -79,7 +81,9 @@ static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
- 
- static BIGNUM * get_group5_prime(void)
- {
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-+	!(defined(LIBRESSL_VERSION_NUMBER) && \
-+	LIBRESSL_VERSION_NUMBER < 0x20700000L)
- 	return BN_get_rfc3526_prime_1536(NULL);
- #elif !defined(OPENSSL_IS_BORINGSSL)
- 	return get_rfc3526_prime_1536(NULL);
-@@ -611,7 +615,9 @@ void crypto_cipher_deinit(struct crypto_cipher *ctx)
- 
- void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
- {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-+	(defined(LIBRESSL_VERSION_NUMBER) && \
-+	LIBRESSL_VERSION_NUMBER < 0x20700000L)
- 	DH *dh;
- 	struct wpabuf *pubkey = NULL, *privkey = NULL;
- 	size_t publen, privlen;
-@@ -712,7 +718,9 @@ err:
- 
- void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ)
- {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-+	(defined(LIBRESSL_VERSION_NUMBER) && \
-+	LIBRESSL_VERSION_NUMBER < 0x20700000L)
- 	DH *dh;
- 
- 	dh = DH_new();
-diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
-index 23ac64b48..91acc579d 100644
---- a/src/crypto/tls_openssl.c
-+++ b/src/crypto/tls_openssl.c
-@@ -59,7 +59,8 @@ typedef int stack_index_t;
- #endif /* SSL_set_tlsext_status_type */
- 
- #if (OPENSSL_VERSION_NUMBER < 0x10100000L || \
--     defined(LIBRESSL_VERSION_NUMBER)) &&    \
-+	(defined(LIBRESSL_VERSION_NUMBER) && \
-+	LIBRESSL_VERSION_NUMBER < 0x20700000L)) && \
-     !defined(BORINGSSL_API_VERSION)
- /*
-  * SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL
-@@ -919,7 +920,9 @@ void * tls_init(const struct tls_config *conf)
- 		}
- #endif /* OPENSSL_FIPS */
- #endif /* CONFIG_FIPS */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-+        (defined(LIBRESSL_VERSION_NUMBER) && \
-+        LIBRESSL_VERSION_NUMBER < 0x20700000L)
- 		SSL_load_error_strings();
- 		SSL_library_init();
- #ifndef OPENSSL_NO_SHA256
-@@ -1043,7 +1046,9 @@ void tls_deinit(void *ssl_ctx)
- 
- 	tls_openssl_ref_count--;
- 	if (tls_openssl_ref_count == 0) {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-+	(defined(LIBRESSL_VERSION_NUMBER) && \
-+	LIBRESSL_VERSION_NUMBER < 0x20700000L)
- #ifndef OPENSSL_NO_ENGINE
- 		ENGINE_cleanup();
- #endif /* OPENSSL_NO_ENGINE */
-@@ -3105,7 +3110,9 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
- #ifdef OPENSSL_NEED_EAP_FAST_PRF
- static int openssl_get_keyblock_size(SSL *ssl)
- {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-+        (defined(LIBRESSL_VERSION_NUMBER) && \
-+        LIBRESSL_VERSION_NUMBER < 0x20700000L)
- 	const EVP_CIPHER *c;
- 	const EVP_MD *h;
- 	int md_size;
-@@ -4159,7 +4166,9 @@ static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
- 	struct tls_connection *conn = arg;
- 	int ret;
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-+        (defined(LIBRESSL_VERSION_NUMBER) && \
-+        LIBRESSL_VERSION_NUMBER < 0x20700000L)
- 	if (conn == NULL || conn->session_ticket_cb == NULL)
- 		return 0;
- 

diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch
deleted file mode 100644
index 1e2335f34c0..00000000000
--- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From f665c93e1d28fbab3d9127a8c3985cc32940824f Mon Sep 17 00:00:00 2001
-From: Beniamino Galvani <bgalvani@redhat.com>
-Date: Sun, 9 Jul 2017 11:14:10 +0200
-Subject: OpenSSL: Fix private key password handling with OpenSSL >= 1.1.0f
-
-Since OpenSSL version 1.1.0f, SSL_use_PrivateKey_file() uses the
-callback from the SSL object instead of the one from the CTX, so let's
-set the callback on both SSL and CTX. Note that
-SSL_set_default_passwd_cb*() is available only in 1.1.0.
-
-Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
----
- src/crypto/tls_openssl.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
-index fd94eaf..c790b53 100644
---- a/src/crypto/tls_openssl.c
-+++ b/src/crypto/tls_openssl.c
-@@ -2796,6 +2796,15 @@ static int tls_connection_private_key(struct tls_data *data,
- 	} else
- 		passwd = NULL;
- 
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+	/*
-+	 * In OpenSSL >= 1.1.0f SSL_use_PrivateKey_file() uses the callback
-+	 * from the SSL object. See OpenSSL commit d61461a75253.
-+	 */
-+	SSL_set_default_passwd_cb(conn->ssl, tls_passwd_cb);
-+	SSL_set_default_passwd_cb_userdata(conn->ssl, passwd);
-+#endif /* >= 1.1.0f && !LibreSSL */
-+	/* Keep these for OpenSSL < 1.1.0f */
- 	SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
- 	SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
- 
-@@ -2886,6 +2895,9 @@ static int tls_connection_private_key(struct tls_data *data,
- 		return -1;
- 	}
- 	ERR_clear_error();
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+	SSL_set_default_passwd_cb(conn->ssl, NULL);
-+#endif /* >= 1.1.0f && !LibreSSL */
- 	SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
- 	os_free(passwd);
- 
--- 
-cgit v0.12
-

diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-fix-undefined-remove-ie.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-fix-undefined-remove-ie.patch
deleted file mode 100644
index 97a8cc7f3e1..00000000000
--- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-fix-undefined-remove-ie.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From f2973fa39d6109f0f34969e91551a98dc340d537 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Mon, 3 Dec 2018 12:00:26 +0200
-Subject: FT: Fix CONFIG_IEEE80211X=y build without CONFIG_FILS=y
-
-remove_ie() was defined within an ifdef CONFIG_FILS block while it is
-now needed even without CONFIG_FILS=y. Remove the CONFIG_FILS condition
-there.
-
-Fixes 8c41734e5de1 ("FT: Fix Reassociation Request IEs during FT protocol")
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- wpa_supplicant/sme.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
-index 39c8069..f77f751 100644
---- a/wpa_supplicant/sme.c
-+++ b/wpa_supplicant/sme.c
-@@ -1386,7 +1386,6 @@ void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
- }
- 
- 
--#ifdef CONFIG_FILS
- #ifdef CONFIG_IEEE80211R
- static void remove_ie(u8 *buf, size_t *len, u8 eid)
- {
-@@ -1401,7 +1400,6 @@ static void remove_ie(u8 *buf, size_t *len, u8 eid)
- 	}
- }
- #endif /* CONFIG_IEEE80211R */
--#endif /* CONFIG_FILS */
- 
- 
- void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode,
--- 
-cgit v0.12
-

diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch
deleted file mode 100644
index 45a1cf3701f..00000000000
--- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 2643a056bb7d0737f63f42a11c308b2804d9ebe5 Mon Sep 17 00:00:00 2001
-From: Andrey Utkin <andrey_utkin@gentoo.org>
-Date: Tue, 11 Dec 2018 17:41:10 +0000
-Subject: [PATCH] Fix build with LibreSSL
-
-When using LibreSSL instead of OpenSSL, linkage of hostapd executable
-fails with the following error when using some LibreSSL versions
-
-    ../src/crypto/tls_openssl.o: In function `tls_verify_cb':
-    tls_openssl.c:(.text+0x1273): undefined reference to `ASN1_STRING_get0_data'
-    ../src/crypto/tls_openssl.o: In function `tls_connection_peer_serial_num':
-    tls_openssl.c:(.text+0x3023): undefined reference to `ASN1_STRING_get0_data'
-    collect2: error: ld returned 1 exit status
-    make: *** [Makefile:1278: hostapd] Error 1
-
-ASN1_STRING_get0_data is present in recent OpenSSL, but absent in some
-versions of LibreSSL (confirmed for version 2.6.5), so fallback needs to
-be defined in this case, just like for old OpenSSL.
-
-This patch was inspired by similar patches to other projects, such as
-spice-gtk, pjsip.
-
-Link: https://bugs.gentoo.org/672834
-Signed-off-by: Andrey Utkin <andrey_utkin@gentoo.org>
----
- src/crypto/tls_openssl.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
-index 608818310..cb70e2c47 100644
---- a/src/crypto/tls_openssl.c
-+++ b/src/crypto/tls_openssl.c
-@@ -104,7 +104,9 @@ static size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
- 
- #endif
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-+	(defined(LIBRESSL_VERSION_NUMBER) && \
-+	 LIBRESSL_VERSION_NUMBER < 0x20700000L)
- #ifdef CONFIG_SUITEB
- static int RSA_bits(const RSA *r)
- {
--- 
-2.20.1
-