* [gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/, net-wireless/wpa_supplicant/
@ 2015-10-05 22:48 Richard Farina
0 siblings, 0 replies; 8+ messages in thread
From: Richard Farina @ 2015-10-05 22:48 UTC (permalink / raw
To: gentoo-commits
commit: f7eb63336462f8e02254f603196cad22fdc07989
Author: Zero_Chaos <zerochaos <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 5 22:47:16 2015 +0000
Commit: Richard Farina <zerochaos <AT> gentoo <DOT> org>
CommitDate: Mon Oct 5 22:47:44 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7eb6333
net-wireless/wpa_supplicant: version bump for bug #562158
Package-Manager: portage-2.2.22
net-wireless/wpa_supplicant/Manifest | 1 +
...do-not-call-dbus-functions-with-NULL-path.patch | 12 +
.../wpa_supplicant/wpa_supplicant-2.5.ebuild | 373 +++++++++++++++++++++
3 files changed, 386 insertions(+)
diff --git a/net-wireless/wpa_supplicant/Manifest b/net-wireless/wpa_supplicant/Manifest
index 0e170b4..b8c30a4 100644
--- a/net-wireless/wpa_supplicant/Manifest
+++ b/net-wireless/wpa_supplicant/Manifest
@@ -1 +1,2 @@
DIST wpa_supplicant-2.4.tar.gz 2525648 SHA256 058dc832c096139a059e6df814080f50251a8d313c21b13364c54a1e70109122 SHA512 03d8199325b3910f77013ddb7edd803ab4444542230484e1cb465dc3df9372b39ee3307d823ce88730e8f5a5231ef3183954c54cf07297b70432f526e45aac2b WHIRLPOOL 092ae97e2c0f55d7055fd4e5d688e2ba538f785089a13c754129829854b20a98de832d9d0925dce5823a060d10a3bb5882b0bf3d6cf55f8de9bbc2b00fbb7392
+DIST wpa_supplicant-2.5.tar.gz 2607336 SHA256 cce55bae483b364eae55c35ba567c279be442ed8bab5b80a3c7fb0d057b9b316 SHA512 e3ca36ed10b4dae8f663e98ad230c8c059c952316c21a6b0638ecb1b40a5ef1b9083138ab45207cb764a17e870b4bd0625dd6efdb65856cb4dca13ccc0559e81 WHIRLPOOL 7f35ba06fc4022fe21f05a54a5b108bf2111dcb22e795e1566a514400db8348e79cc80b605dab5b586ab8f3966833ade7153e63c118794a0f06c4afd7a37781d
diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.5-do-not-call-dbus-functions-with-NULL-path.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.5-do-not-call-dbus-functions-with-NULL-path.patch
new file mode 100644
index 0000000..deb6996
--- /dev/null
+++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.5-do-not-call-dbus-functions-with-NULL-path.patch
@@ -0,0 +1,12 @@
+diff -Naur wpa_supplicant/dbus/dbus_new_helpers.c wpa_supplicant-fixed/dbus/dbus_new_helpers.c
+--- wpa_supplicant/dbus/dbus_new_helpers.c 2015-09-27 15:02:05.000000000 -0400
++++ wpa_supplicant-fixed/dbus/dbus_new_helpers.c 2015-10-05 18:38:58.489713168 -0400
+@@ -847,7 +847,7 @@
+ const struct wpa_dbus_property_desc *dsc;
+ int i = 0;
+
+- if (iface == NULL)
++ if (iface == NULL || path == NULL)
+ return;
+
+ dbus_connection_get_object_path_data(iface->con, path,
diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.5.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.5.ebuild
new file mode 100644
index 0000000..ae65c11
--- /dev/null
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.5.ebuild
@@ -0,0 +1,373 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils toolchain-funcs qt4-r2 systemd multilib
+
+DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers"
+HOMEPAGE="http://hostap.epitest.fi/wpa_supplicant/"
+SRC_URI="http://hostap.epitest.fi/releases/${P}.tar.gz"
+LICENSE="|| ( GPL-2 BSD )"
+
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="ap dbus gnutls eap-sim fasteap +hs2-0 p2p ps3 qt4 readline selinux smartcard ssl tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
+REQUIRED_USE="fasteap? ( !gnutls !ssl ) smartcard? ( ssl )"
+
+CDEPEND="dbus? ( sys-apps/dbus )
+ kernel_linux? (
+ eap-sim? ( sys-apps/pcsc-lite )
+ dev-libs/libnl:3
+ net-wireless/crda
+ )
+ !kernel_linux? ( net-libs/libpcap )
+ qt4? (
+ dev-qt/qtcore:4
+ dev-qt/qtgui:4
+ dev-qt/qtsvg:4
+ )
+ readline? (
+ sys-libs/ncurses:0=
+ sys-libs/readline:0
+ )
+ ssl? ( dev-libs/openssl:0 )
+ !ssl? ( gnutls? ( net-libs/gnutls ) )
+ !ssl? ( !gnutls? ( dev-libs/libtommath ) )
+"
+DEPEND="${CDEPEND}
+ virtual/pkgconfig
+"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-networkmanager )
+"
+
+S="${WORKDIR}/${P}/${PN}"
+
+Kconfig_style_config() {
+ #param 1 is CONFIG_* item
+ #param 2 is what to set it = to, defaulting in y
+ CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1"
+ setting="${2:-y}"
+
+ if [ ! $setting = n ]; then
+ #first remove any leading "# " if $2 is not n
+ sed -i "/^# *$CONFIG_PARAM=/s/^# *//" .config || echo "Kconfig_style_config error uncommenting $CONFIG_PARAM"
+ #set item = $setting (defaulting to y)
+ sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config || echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting"
+ else
+ #ensure item commented out
+ sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config || echo "Kconfig_style_config error commenting $CONFIG_PARAM"
+ fi
+}
+
+pkg_setup() {
+ if use gnutls && use ssl ; then
+ elog "You have both 'gnutls' and 'ssl' USE flags enabled: defaulting to USE=\"ssl\""
+ fi
+}
+
+src_prepare() {
+ # net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD
+ sed -i \
+ -e "s:\(#include <pcap\.h>\):#include <net/bpf.h>\n\1:" \
+ ../src/l2_packet/l2_packet_freebsd.c || die
+
+ # People seem to take the example configuration file too literally (bug #102361)
+ sed -i \
+ -e "s:^\(opensc_engine_path\):#\1:" \
+ -e "s:^\(pkcs11_engine_path\):#\1:" \
+ -e "s:^\(pkcs11_module_path\):#\1:" \
+ wpa_supplicant.conf || die
+
+ # Change configuration to match Gentoo locations (bug #143750)
+ sed -i \
+ -e "s:/usr/lib/opensc:/usr/$(get_libdir):" \
+ -e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \
+ wpa_supplicant.conf || die
+
+ #if use dbus; then
+ # epatch "${FILESDIR}/${P}-dbus-path-fix.patch"
+ #fi
+
+ # systemd entries to D-Bus service files (bug #372877)
+ echo 'SystemdService=wpa_supplicant.service' \
+ | tee -a dbus/*.service >/dev/null || die
+
+ cd "${WORKDIR}/${P}"
+
+ if use wimax; then
+ # generate-libeap-peer.patch comes before
+ # fix-undefined-reference-to-random_get_bytes.patch
+ epatch "${FILESDIR}/${P}-generate-libeap-peer.patch"
+
+ # multilib-strict fix (bug #373685)
+ sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile
+ fi
+
+ # bug (320097)
+ epatch "${FILESDIR}/${P}-do-not-call-dbus-functions-with-NULL-path.patch"
+
+ # TODO - NEED TESTING TO SEE IF STILL NEEDED, NOT COMPATIBLE WITH 1.0 OUT OF THE BOX,
+ # SO WOULD BE NICE TO JUST DROP IT, IF IT IS NOT NEEDED.
+ # bug (374089)
+ #epatch "${FILESDIR}/${P}-dbus-WPAIE-fix.patch"
+}
+
+src_configure() {
+ # Toolchain setup
+ tc-export CC
+
+ cp defconfig .config
+
+ # Basic setup
+ Kconfig_style_config CTRL_IFACE
+ Kconfig_style_config BACKEND file
+ Kconfig_style_config IBSS_RSN
+ Kconfig_style_config IEEE80211W
+ Kconfig_style_config IEEE80211R
+
+ # Basic authentication methods
+ # NOTE: we don't set GPSK or SAKE as they conflict
+ # with the below options
+ Kconfig_style_config EAP_GTC
+ Kconfig_style_config EAP_MD5
+ Kconfig_style_config EAP_OTP
+ Kconfig_style_config EAP_PAX
+ Kconfig_style_config EAP_PSK
+ Kconfig_style_config EAP_TLV
+ Kconfig_style_config EAP_EXE
+ Kconfig_style_config IEEE8021X_EAPOL
+ Kconfig_style_config PKCS12
+ Kconfig_style_config PEERKEY
+ Kconfig_style_config EAP_LEAP
+ Kconfig_style_config EAP_MSCHAPV2
+ Kconfig_style_config EAP_PEAP
+ Kconfig_style_config EAP_TLS
+ Kconfig_style_config EAP_TTLS
+
+ # Enabling background scanning.
+ Kconfig_style_config BGSCAN_SIMPLE
+ Kconfig_style_config BGSCAN_LEARN
+
+ if use dbus ; then
+ Kconfig_style_config CTRL_IFACE_DBUS
+ Kconfig_style_config CTRL_IFACE_DBUS_NEW
+ Kconfig_style_config CTRL_IFACE_DBUS_INTRO
+ fi
+
+ # Enable support for writing debug info to a log file and syslog.
+ Kconfig_style_config DEBUG_FILE
+ Kconfig_style_config DEBUG_SYSLOG
+
+ if use hs2-0 ; then
+ Kconfig_style_config INTERWORKING
+ Kconfig_style_config HS20
+ fi
+
+ if use uncommon-eap-types; then
+ Kconfig_style_config EAP_GPSK
+ Kconfig_style_config EAP_SAKE
+ Kconfig_style_config EAP_GPSK_SHA256
+ Kconfig_style_config EAP_IKEV2
+ Kconfig_style_config EAP_EKE
+ fi
+
+ if use eap-sim ; then
+ # Smart card authentication
+ Kconfig_style_config EAP_SIM
+ Kconfig_style_config EAP_AKA
+ Kconfig_style_config EAP_AKA_PRIME
+ Kconfig_style_config PCSC
+ fi
+
+ if use fasteap ; then
+ Kconfig_style_config EAP_FAST
+ fi
+
+ if use readline ; then
+ # readline/history support for wpa_cli
+ Kconfig_style_config READLINE
+ else
+ #internal line edit mode for wpa_cli
+ Kconfig_style_config WPA_CLI_EDIT
+ fi
+
+ # SSL authentication methods
+ if use ssl ; then
+ Kconfig_style_config TLS openssl
+ elif use gnutls ; then
+ Kconfig_style_config TLS gnutls
+ Kconfig_style_config GNUTLS_EXTRA
+ else
+ Kconfig_style_config TLS internal
+ fi
+
+ if use smartcard ; then
+ Kconfig_style_config SMARTCARD
+ fi
+
+ if use tdls ; then
+ Kconfig_style_config TDLS
+ fi
+
+ if use kernel_linux ; then
+ # Linux specific drivers
+ Kconfig_style_config DRIVER_ATMEL
+ Kconfig_style_config DRIVER_HOSTAP
+ Kconfig_style_config DRIVER_IPW
+ Kconfig_style_config DRIVER_NL80211
+ Kconfig_style_config DRIVER_RALINK
+ Kconfig_style_config DRIVER_WEXT
+ Kconfig_style_config DRIVER_WIRED
+
+ if use ps3 ; then
+ Kconfig_style_config DRIVER_PS3
+ fi
+
+ elif use kernel_FreeBSD ; then
+ # FreeBSD specific driver
+ Kconfig_style_config DRIVER_BSD
+ fi
+
+ # Wi-Fi Protected Setup (WPS)
+ if use wps ; then
+ Kconfig_style_config WPS
+ Kconfig_style_config WPS2
+ # USB Flash Drive
+ Kconfig_style_config WPS_UFD
+ # External Registrar
+ Kconfig_style_config WPS_ER
+ # Universal Plug'n'Play
+ Kconfig_style_config WPS_UPNP
+ # Near Field Communication
+ Kconfig_style_config WPS_NFC
+ fi
+
+ # Wi-Fi Direct (WiDi)
+ if use p2p ; then
+ Kconfig_style_config P2P
+ Kconfig_style_config WIFI_DISPLAY
+ fi
+
+ # Access Point Mode
+ if use ap ; then
+ Kconfig_style_config AP
+ fi
+
+ # Enable mitigation against certain attacks against TKIP
+ Kconfig_style_config DELAYED_MIC_ERROR_REPORT
+
+ # If we are using libnl 2.0 and above, enable support for it
+ # Bug 382159
+ # Removed for now, since the 3.2 version is broken, and we don't
+ # support it.
+ if has_version ">=dev-libs/libnl-3.2"; then
+ Kconfig_style_config LIBNL32
+ fi
+
+ if use qt4 ; then
+ pushd "${S}"/wpa_gui-qt4 > /dev/null
+ eqmake4 wpa_gui.pro
+ popd > /dev/null
+ fi
+}
+
+src_compile() {
+ einfo "Building wpa_supplicant"
+ emake V=1 BINDIR=/usr/sbin
+
+ if use wimax; then
+ emake -C ../src/eap_peer clean
+ emake -C ../src/eap_peer
+ fi
+
+ if use qt4 ; then
+ pushd "${S}"/wpa_gui-qt4 > /dev/null
+ einfo "Building wpa_gui"
+ emake
+ popd > /dev/null
+ fi
+}
+
+src_install() {
+ dosbin wpa_supplicant
+ dobin wpa_cli wpa_passphrase
+
+ # baselayout-1 compat
+ if has_version "<sys-apps/baselayout-2.0.0"; then
+ dodir /sbin
+ dosym /usr/sbin/wpa_supplicant /sbin/wpa_supplicant
+ dodir /bin
+ dosym /usr/bin/wpa_cli /bin/wpa_cli
+ fi
+
+ if has_version ">=sys-apps/openrc-0.5.0"; then
+ newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant
+ newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant
+ fi
+
+ exeinto /etc/wpa_supplicant/
+ newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh
+
+ dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \
+ wpa_supplicant.conf
+
+ newdoc .config build-config
+
+ doman doc/docbook/*.{5,8}
+
+ if use qt4 ; then
+ into /usr
+ dobin wpa_gui-qt4/wpa_gui
+ doicon wpa_gui-qt4/icons/wpa_gui.svg
+ make_desktop_entry wpa_gui "WPA Supplicant Administration GUI" "wpa_gui" "Qt;Network;"
+ fi
+
+ use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install
+
+ if use dbus ; then
+ pushd "${S}"/dbus > /dev/null
+ insinto /etc/dbus-1/system.d
+ newins dbus-wpa_supplicant.conf wpa_supplicant.conf
+ insinto /usr/share/dbus-1/system-services
+ doins fi.epitest.hostap.WPASupplicant.service fi.w1.wpa_supplicant1.service
+ popd > /dev/null
+
+ # This unit relies on dbus support, bug 538600.
+ systemd_dounit systemd/wpa_supplicant.service
+ fi
+
+ systemd_dounit "systemd/wpa_supplicant@.service"
+ systemd_dounit "systemd/wpa_supplicant-nl80211@.service"
+ systemd_dounit "systemd/wpa_supplicant-wired@.service"
+}
+
+pkg_postinst() {
+ elog "If this is a clean installation of wpa_supplicant, you"
+ elog "have to create a configuration file named"
+ elog "/etc/wpa_supplicant/wpa_supplicant.conf"
+ elog
+ elog "An example configuration file is available for reference in"
+ elog "/usr/share/doc/${PF}/"
+
+ if [[ -e ${ROOT}etc/wpa_supplicant.conf ]] ; then
+ echo
+ ewarn "WARNING: your old configuration file ${ROOT}etc/wpa_supplicant.conf"
+ ewarn "needs to be moved to ${ROOT}etc/wpa_supplicant/wpa_supplicant.conf"
+ fi
+
+ # Mea culpa, feel free to remove that after some time --mgorny.
+ local fn
+ for fn in wpa_supplicant{,@wlan0}.service; do
+ if [[ -e "${ROOT}"/etc/systemd/system/network.target.wants/${fn} ]]
+ then
+ ebegin "Moving ${fn} to multi-user.target"
+ mv "${ROOT}"/etc/systemd/system/network.target.wants/${fn} \
+ "${ROOT}"/etc/systemd/system/multi-user.target.wants/
+ eend ${?} \
+ "Please try to re-enable ${fn}"
+ fi
+ done
+}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/, net-wireless/wpa_supplicant/
@ 2015-11-16 11:40 Bjarke Istrup Pedersen
0 siblings, 0 replies; 8+ messages in thread
From: Bjarke Istrup Pedersen @ 2015-11-16 11:40 UTC (permalink / raw
To: gentoo-commits
commit: 5ee676005526e626e5bcdd76b59c6a7e5996b1e0
Author: Bjarke Istrup Pedersen <gurligebis <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 16 11:40:08 2015 +0000
Commit: Bjarke Istrup Pedersen <gurligebis <AT> gentoo <DOT> org>
CommitDate: Mon Nov 16 11:40:08 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ee67600
net-wireless/wpa-supplicant: Fix broken compile against LibreSSL
Package-Manager: portage-2.2.24
.../files/wpa_supplicant-2.5-libressl.patch | 71 ++++++++++++++++++++++
.../wpa_supplicant/wpa_supplicant-2.5-r1.ebuild | 3 +
2 files changed, 74 insertions(+)
diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.5-libressl.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.5-libressl.patch
new file mode 100644
index 0000000..458628c
--- /dev/null
+++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.5-libressl.patch
@@ -0,0 +1,71 @@
+From c987191de92bacbf27df5d345a9d18aea8ea8a98 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marek=20Beh=C3=BAn?= <kabel@blackhole.sk>
+Date: Mon, 16 Nov 2015 02:18:22 +0100
+Subject: [PATCH] Check for LIBRESSL_VERSION_NUMBER in tls_openssl.c
+
+LibreSSL does not yet support the new API, so do not use it
+when LIBRESSL_VERSION_NUMBER macro is defined.
+---
+ src/crypto/tls_openssl.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index c2bb8c5..3883465 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -3163,7 +3163,7 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL *ssl, PKCS12 *p12,
+ }
+
+ if (certs) {
+-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ SSL_clear_chain_certs(ssl);
+ while ((cert = sk_X509_pop(certs)) != NULL) {
+ X509_NAME_oneline(X509_get_subject_name(cert), buf,
+@@ -3746,7 +3746,7 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
+ if (conn == NULL || keys == NULL)
+ return -1;
+ ssl = conn->ssl;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
+ return -1;
+
+@@ -3775,7 +3775,7 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
+ #ifndef CONFIG_FIPS
+ static int openssl_get_keyblock_size(SSL *ssl)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ const EVP_CIPHER *c;
+ const EVP_MD *h;
+ int md_size;
+@@ -3845,7 +3845,7 @@ static int openssl_tls_prf(struct tls_connection *conn,
+ "mode");
+ return -1;
+ #else /* CONFIG_FIPS */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ SSL *ssl;
+ u8 *rnd;
+ int ret = -1;
+@@ -4328,7 +4328,7 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
+
+ wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
+ if (os_strstr(buf, ":ADH-")) {
+ /*
+@@ -4917,7 +4917,7 @@ static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
+ struct tls_connection *conn = arg;
+ int ret;
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ if (conn == NULL || conn->session_ticket_cb == NULL)
+ return 0;
+
+--
+2.4.10
diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.5-r1.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.5-r1.ebuild
index b183c36..9f041ed 100644
--- a/net-wireless/wpa_supplicant/wpa_supplicant-2.5-r1.ebuild
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.5-r1.ebuild
@@ -127,6 +127,9 @@ src_prepare() {
# SO WOULD BE NICE TO JUST DROP IT, IF IT IS NOT NEEDED.
# bug (374089)
#epatch "${FILESDIR}/${P}-dbus-WPAIE-fix.patch"
+
+ # bug (565270)
+ epatch "${FILESDIR}/${P}-libressl.patch"
}
src_configure() {
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/, net-wireless/wpa_supplicant/
@ 2018-04-19 2:10 Aaron Bauman
0 siblings, 0 replies; 8+ messages in thread
From: Aaron Bauman @ 2018-04-19 2:10 UTC (permalink / raw
To: gentoo-commits
commit: 128b2837afe310dd39d0895310116c5b40988db5
Author: Aaron Bauman <bman <AT> gentoo <DOT> org>
AuthorDate: Thu Apr 19 02:10:02 2018 +0000
Commit: Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Thu Apr 19 02:10:02 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=128b2837
net-wireless/wpa_supplicant: compatibility patch for LibreSSL
This patch fixes building with dev-libs/libressl-2.7.x. Patch was
backported from upstream commits:
ba3658cfff2278bc2ba24c32773962b37648d0b2
dee566d98e85e00b917d3eff42cd7e969de089cc
Bug: https://bugs.gentoo.org/651314
Package-Manager: Portage-2.3.29, Repoman-2.3.9
...wpa_supplicant-2.6-libressl-compatibility.patch | 106 +++++
.../wpa_supplicant/wpa_supplicant-2.6-r6.ebuild | 436 +++++++++++++++++++++
2 files changed, 542 insertions(+)
diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl-compatibility.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl-compatibility.patch
new file mode 100644
index 00000000000..025da58028d
--- /dev/null
+++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl-compatibility.patch
@@ -0,0 +1,106 @@
+diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
+index 19e0e2be8..6585c0245 100644
+--- a/src/crypto/crypto_openssl.c
++++ b/src/crypto/crypto_openssl.c
+@@ -33,7 +33,9 @@
+ #include "aes_wrap.h"
+ #include "crypto.h"
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
++ (defined(LIBRESSL_VERSION_NUMBER) && \
++ LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ /* Compatibility wrappers for older versions. */
+
+ static HMAC_CTX * HMAC_CTX_new(void)
+@@ -79,7 +81,9 @@ static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
+
+ static BIGNUM * get_group5_prime(void)
+ {
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
++ !(defined(LIBRESSL_VERSION_NUMBER) && \
++ LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ return BN_get_rfc3526_prime_1536(NULL);
+ #elif !defined(OPENSSL_IS_BORINGSSL)
+ return get_rfc3526_prime_1536(NULL);
+@@ -611,7 +615,9 @@ void crypto_cipher_deinit(struct crypto_cipher *ctx)
+
+ void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
++ (defined(LIBRESSL_VERSION_NUMBER) && \
++ LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ DH *dh;
+ struct wpabuf *pubkey = NULL, *privkey = NULL;
+ size_t publen, privlen;
+@@ -712,7 +718,9 @@ err:
+
+ void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
++ (defined(LIBRESSL_VERSION_NUMBER) && \
++ LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ DH *dh;
+
+ dh = DH_new();
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index 23ac64b48..91acc579d 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -59,7 +59,8 @@ typedef int stack_index_t;
+ #endif /* SSL_set_tlsext_status_type */
+
+ #if (OPENSSL_VERSION_NUMBER < 0x10100000L || \
+- defined(LIBRESSL_VERSION_NUMBER)) && \
++ (defined(LIBRESSL_VERSION_NUMBER) && \
++ LIBRESSL_VERSION_NUMBER < 0x20700000L)) && \
+ !defined(BORINGSSL_API_VERSION)
+ /*
+ * SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL
+@@ -919,7 +920,9 @@ void * tls_init(const struct tls_config *conf)
+ }
+ #endif /* OPENSSL_FIPS */
+ #endif /* CONFIG_FIPS */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
++ (defined(LIBRESSL_VERSION_NUMBER) && \
++ LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ SSL_load_error_strings();
+ SSL_library_init();
+ #ifndef OPENSSL_NO_SHA256
+@@ -1043,7 +1046,9 @@ void tls_deinit(void *ssl_ctx)
+
+ tls_openssl_ref_count--;
+ if (tls_openssl_ref_count == 0) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
++ (defined(LIBRESSL_VERSION_NUMBER) && \
++ LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ #ifndef OPENSSL_NO_ENGINE
+ ENGINE_cleanup();
+ #endif /* OPENSSL_NO_ENGINE */
+@@ -3105,7 +3110,9 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
+ #ifdef OPENSSL_NEED_EAP_FAST_PRF
+ static int openssl_get_keyblock_size(SSL *ssl)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
++ (defined(LIBRESSL_VERSION_NUMBER) && \
++ LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ const EVP_CIPHER *c;
+ const EVP_MD *h;
+ int md_size;
+@@ -4159,7 +4166,9 @@ static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
+ struct tls_connection *conn = arg;
+ int ret;
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
++ (defined(LIBRESSL_VERSION_NUMBER) && \
++ LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ if (conn == NULL || conn->session_ticket_cb == NULL)
+ return 0;
+
diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.6-r6.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.6-r6.ebuild
new file mode 100644
index 00000000000..ad09f128b08
--- /dev/null
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.6-r6.ebuild
@@ -0,0 +1,436 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils qmake-utils systemd toolchain-funcs readme.gentoo-r1
+
+DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers"
+HOMEPAGE="https://w1.fi/wpa_supplicant/"
+SRC_URI="https://w1.fi/releases/${P}.tar.gz"
+LICENSE="|| ( GPL-2 BSD )"
+
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="ap dbus eap-sim eapol_test fasteap gnutls +hs2-0 libressl p2p privsep ps3 qt5 readline selinux smartcard ssl tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
+REQUIRED_USE="smartcard? ( ssl )"
+
+CDEPEND="dbus? ( sys-apps/dbus )
+ kernel_linux? (
+ dev-libs/libnl:3
+ net-wireless/crda
+ eap-sim? ( sys-apps/pcsc-lite )
+ )
+ !kernel_linux? ( net-libs/libpcap )
+ qt5? (
+ dev-qt/qtcore:5
+ dev-qt/qtgui:5
+ dev-qt/qtsvg:5
+ dev-qt/qtwidgets:5
+ )
+ readline? (
+ sys-libs/ncurses:0=
+ sys-libs/readline:0=
+ )
+ ssl? (
+ gnutls? (
+ dev-libs/libgcrypt:0=
+ net-libs/gnutls:=
+ )
+ !gnutls? (
+ !libressl? ( >=dev-libs/openssl-1.0.2k:0= )
+ libressl? ( dev-libs/libressl:0= )
+ )
+ )
+ !ssl? ( dev-libs/libtommath )
+"
+DEPEND="${CDEPEND}
+ virtual/pkgconfig
+"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-networkmanager )
+"
+
+DOC_CONTENTS="
+ If this is a clean installation of wpa_supplicant, you
+ have to create a configuration file named
+ ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf
+ An example configuration file is available for reference in
+ ${EROOT%/}/usr/share/doc/${PF}/
+"
+
+S="${WORKDIR}/${P}/${PN}"
+
+Kconfig_style_config() {
+ #param 1 is CONFIG_* item
+ #param 2 is what to set it = to, defaulting in y
+ CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1"
+ setting="${2:-y}"
+
+ if [ ! $setting = n ]; then
+ #first remove any leading "# " if $2 is not n
+ sed -i "/^# *$CONFIG_PARAM=/s/^# *//" .config || echo "Kconfig_style_config error uncommenting $CONFIG_PARAM"
+ #set item = $setting (defaulting to y)
+ sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config || echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting"
+ if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then
+ echo "$CONFIG_PARAM=$setting" >>.config
+ fi
+ else
+ #ensure item commented out
+ sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config || echo "Kconfig_style_config error commenting $CONFIG_PARAM"
+ fi
+}
+
+pkg_setup() {
+ if use ssl ; then
+ if use gnutls && use libressl ; then
+ elog "You have both 'gnutls' and 'libressl' USE flags enabled: defaulting to USE=\"gnutls\""
+ fi
+ else
+ elog "You have 'ssl' USE flag disabled: defaulting to internal TLS implementation"
+ fi
+}
+
+src_prepare() {
+ default
+
+ # net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD
+ sed -i \
+ -e "s:\(#include <pcap\.h>\):#include <net/bpf.h>\n\1:" \
+ ../src/l2_packet/l2_packet_freebsd.c || die
+
+ # People seem to take the example configuration file too literally (bug #102361)
+ sed -i \
+ -e "s:^\(opensc_engine_path\):#\1:" \
+ -e "s:^\(pkcs11_engine_path\):#\1:" \
+ -e "s:^\(pkcs11_module_path\):#\1:" \
+ wpa_supplicant.conf || die
+
+ # Change configuration to match Gentoo locations (bug #143750)
+ sed -i \
+ -e "s:/usr/lib/opensc:/usr/$(get_libdir):" \
+ -e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \
+ wpa_supplicant.conf || die
+
+ # systemd entries to D-Bus service files (bug #372877)
+ echo 'SystemdService=wpa_supplicant.service' \
+ | tee -a dbus/*.service >/dev/null || die
+
+ cd "${WORKDIR}/${P}" || die
+
+ if use wimax; then
+ # generate-libeap-peer.patch comes before
+ # fix-undefined-reference-to-random_get_bytes.patch
+ eapply "${FILESDIR}/${P}-generate-libeap-peer.patch"
+
+ # multilib-strict fix (bug #373685)
+ sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile || die
+ fi
+
+ # bug (320097)
+ eapply "${FILESDIR}/${P}-do-not-call-dbus-functions-with-NULL-path.patch"
+
+ # bug (596332 & 651314)
+ eapply "${FILESDIR}/${P}-libressl-compatibility.patch"
+
+ # https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
+ eapply "${FILESDIR}/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch"
+ eapply "${FILESDIR}/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch"
+ eapply "${FILESDIR}/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch"
+ eapply "${FILESDIR}/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch"
+ eapply "${FILESDIR}/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch"
+ eapply "${FILESDIR}/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch"
+ eapply "${FILESDIR}/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch"
+ eapply "${FILESDIR}/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch"
+
+ # bug (640492)
+ sed -i 's#-Werror ##' wpa_supplicant/Makefile || die
+}
+
+src_configure() {
+ # Toolchain setup
+ tc-export CC
+
+ cp defconfig .config || die
+
+ # Basic setup
+ Kconfig_style_config CTRL_IFACE
+ Kconfig_style_config MATCH_IFACE
+ Kconfig_style_config BACKEND file
+ Kconfig_style_config IBSS_RSN
+ Kconfig_style_config IEEE80211W
+ Kconfig_style_config IEEE80211R
+
+ # Basic authentication methods
+ # NOTE: we don't set GPSK or SAKE as they conflict
+ # with the below options
+ Kconfig_style_config EAP_GTC
+ Kconfig_style_config EAP_MD5
+ Kconfig_style_config EAP_OTP
+ Kconfig_style_config EAP_PAX
+ Kconfig_style_config EAP_PSK
+ Kconfig_style_config EAP_TLV
+ Kconfig_style_config EAP_EXE
+ Kconfig_style_config IEEE8021X_EAPOL
+ Kconfig_style_config PKCS12
+ Kconfig_style_config PEERKEY
+ Kconfig_style_config EAP_LEAP
+ Kconfig_style_config EAP_MSCHAPV2
+ Kconfig_style_config EAP_PEAP
+ Kconfig_style_config EAP_TLS
+ Kconfig_style_config EAP_TTLS
+
+ # Enabling background scanning.
+ Kconfig_style_config BGSCAN_SIMPLE
+ Kconfig_style_config BGSCAN_LEARN
+
+ if use dbus ; then
+ Kconfig_style_config CTRL_IFACE_DBUS
+ Kconfig_style_config CTRL_IFACE_DBUS_NEW
+ Kconfig_style_config CTRL_IFACE_DBUS_INTRO
+ fi
+
+ if use eapol_test ; then
+ Kconfig_style_config EAPOL_TEST
+ fi
+
+ # Enable support for writing debug info to a log file and syslog.
+ Kconfig_style_config DEBUG_FILE
+ Kconfig_style_config DEBUG_SYSLOG
+
+ if use hs2-0 ; then
+ Kconfig_style_config INTERWORKING
+ Kconfig_style_config HS20
+ fi
+
+ if use uncommon-eap-types; then
+ Kconfig_style_config EAP_GPSK
+ Kconfig_style_config EAP_SAKE
+ Kconfig_style_config EAP_GPSK_SHA256
+ Kconfig_style_config EAP_IKEV2
+ Kconfig_style_config EAP_EKE
+ fi
+
+ if use eap-sim ; then
+ # Smart card authentication
+ Kconfig_style_config EAP_SIM
+ Kconfig_style_config EAP_AKA
+ Kconfig_style_config EAP_AKA_PRIME
+ Kconfig_style_config PCSC
+ fi
+
+ if use fasteap ; then
+ Kconfig_style_config EAP_FAST
+ fi
+
+ if use readline ; then
+ # readline/history support for wpa_cli
+ Kconfig_style_config READLINE
+ else
+ #internal line edit mode for wpa_cli
+ Kconfig_style_config WPA_CLI_EDIT
+ fi
+
+ # SSL authentication methods
+ if use ssl ; then
+ if use gnutls ; then
+ Kconfig_style_config TLS gnutls
+ Kconfig_style_config GNUTLS_EXTRA
+ else
+ Kconfig_style_config TLS openssl
+ Kconfig_style_config EAP_PWD
+
+ # Enabling mesh networks.
+ Kconfig_style_config MESH
+ fi
+ else
+ Kconfig_style_config TLS internal
+ fi
+
+ if use smartcard ; then
+ Kconfig_style_config SMARTCARD
+ fi
+
+ if use tdls ; then
+ Kconfig_style_config TDLS
+ fi
+
+ if use kernel_linux ; then
+ # Linux specific drivers
+ Kconfig_style_config DRIVER_ATMEL
+ Kconfig_style_config DRIVER_HOSTAP
+ Kconfig_style_config DRIVER_IPW
+ Kconfig_style_config DRIVER_NL80211
+ Kconfig_style_config DRIVER_RALINK
+ Kconfig_style_config DRIVER_WEXT
+ Kconfig_style_config DRIVER_WIRED
+
+ if use ps3 ; then
+ Kconfig_style_config DRIVER_PS3
+ fi
+
+ elif use kernel_FreeBSD ; then
+ # FreeBSD specific driver
+ Kconfig_style_config DRIVER_BSD
+ fi
+
+ # Wi-Fi Protected Setup (WPS)
+ if use wps ; then
+ Kconfig_style_config WPS
+ Kconfig_style_config WPS2
+ # USB Flash Drive
+ Kconfig_style_config WPS_UFD
+ # External Registrar
+ Kconfig_style_config WPS_ER
+ # Universal Plug'n'Play
+ Kconfig_style_config WPS_UPNP
+ # Near Field Communication
+ Kconfig_style_config WPS_NFC
+ fi
+
+ # Wi-Fi Direct (WiDi)
+ if use p2p ; then
+ Kconfig_style_config P2P
+ Kconfig_style_config WIFI_DISPLAY
+ fi
+
+ # Access Point Mode
+ if use ap ; then
+ Kconfig_style_config AP
+ fi
+
+ # Enable essentials for AP/P2P
+ if use ap || use p2p ; then
+ # Enabling HT support (802.11n)
+ Kconfig_style_config IEEE80211N
+
+ # Enabling VHT support (802.11ac)
+ Kconfig_style_config IEEE80211AC
+ fi
+
+ # Enable mitigation against certain attacks against TKIP
+ Kconfig_style_config DELAYED_MIC_ERROR_REPORT
+
+ if use privsep ; then
+ Kconfig_style_config PRIVSEP
+ fi
+
+ # If we are using libnl 2.0 and above, enable support for it
+ # Bug 382159
+ # Removed for now, since the 3.2 version is broken, and we don't
+ # support it.
+ if has_version ">=dev-libs/libnl-3.2"; then
+ Kconfig_style_config LIBNL32
+ fi
+
+ if use qt5 ; then
+ pushd "${S}"/wpa_gui-qt4 > /dev/null || die
+ eqmake5 wpa_gui.pro
+ popd > /dev/null || die
+ fi
+}
+
+src_compile() {
+ einfo "Building wpa_supplicant"
+ emake V=1 BINDIR=/usr/sbin
+
+ if use wimax; then
+ emake -C ../src/eap_peer clean
+ emake -C ../src/eap_peer
+ fi
+
+ if use qt5; then
+ einfo "Building wpa_gui"
+ emake -C "${S}"/wpa_gui-qt4
+ fi
+
+ if use eapol_test ; then
+ emake eapol_test
+ fi
+}
+
+src_install() {
+ dosbin wpa_supplicant
+ use privsep && dosbin wpa_priv
+ dobin wpa_cli wpa_passphrase
+
+ # baselayout-1 compat
+ if has_version "<sys-apps/baselayout-2.0.0"; then
+ dodir /sbin
+ dosym ../usr/sbin/wpa_supplicant /sbin/wpa_supplicant
+ dodir /bin
+ dosym ../usr/bin/wpa_cli /bin/wpa_cli
+ fi
+
+ if has_version ">=sys-apps/openrc-0.5.0"; then
+ newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant
+ newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant
+ fi
+
+ exeinto /etc/wpa_supplicant/
+ newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh
+
+ readme.gentoo_create_doc
+ dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \
+ wpa_supplicant.conf
+
+ newdoc .config build-config
+
+ doman doc/docbook/*.{5,8}
+
+ if use qt5 ; then
+ into /usr
+ dobin wpa_gui-qt4/wpa_gui
+ doicon wpa_gui-qt4/icons/wpa_gui.svg
+ make_desktop_entry wpa_gui "WPA Supplicant Administration GUI" "wpa_gui" "Qt;Network;"
+ else
+ rm "${ED}"/usr/share/man/man8/wpa_gui.8
+ fi
+
+ use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install
+
+ if use dbus ; then
+ pushd "${S}"/dbus > /dev/null || die
+ insinto /etc/dbus-1/system.d
+ newins dbus-wpa_supplicant.conf wpa_supplicant.conf
+ insinto /usr/share/dbus-1/system-services
+ doins fi.epitest.hostap.WPASupplicant.service fi.w1.wpa_supplicant1.service
+ popd > /dev/null || die
+
+ # This unit relies on dbus support, bug 538600.
+ systemd_dounit systemd/wpa_supplicant.service
+ fi
+
+ if use eapol_test ; then
+ dobin eapol_test
+ fi
+
+ systemd_dounit "systemd/wpa_supplicant@.service"
+ systemd_dounit "systemd/wpa_supplicant-nl80211@.service"
+ systemd_dounit "systemd/wpa_supplicant-wired@.service"
+}
+
+pkg_postinst() {
+ readme.gentoo_print_elog
+
+ if [[ -e "${EROOT%/}"/etc/wpa_supplicant.conf ]] ; then
+ echo
+ ewarn "WARNING: your old configuration file ${EROOT%/}/etc/wpa_supplicant.conf"
+ ewarn "needs to be moved to ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf"
+ fi
+
+ # Mea culpa, feel free to remove that after some time --mgorny.
+ local fn
+ for fn in wpa_supplicant{,@wlan0}.service; do
+ if [[ -e "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} ]]
+ then
+ ebegin "Moving ${fn} to multi-user.target"
+ mv "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} \
+ "${EROOT%/}"/etc/systemd/system/multi-user.target.wants/ || die
+ eend ${?} \
+ "Please try to re-enable ${fn}"
+ fi
+ done
+
+ systemd_reenable wpa_supplicant.service
+}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/, net-wireless/wpa_supplicant/
@ 2018-12-05 22:08 Rick Farina
0 siblings, 0 replies; 8+ messages in thread
From: Rick Farina @ 2018-12-05 22:08 UTC (permalink / raw
To: gentoo-commits
commit: e0288112138a70a8acc3ae0196772fd7ccb677ce
Author: Rick Farina <zerochaos <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 5 22:08:06 2018 +0000
Commit: Rick Farina <zerochaos <AT> gentoo <DOT> org>
CommitDate: Wed Dec 5 22:08:22 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0288112
net-wireless/wpa_supplicant: bump bug #672568
Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Rick Farina <zerochaos <AT> gentoo.org>
net-wireless/wpa_supplicant/Manifest | 1 +
...pa_supplicant-2.7-fix-undefined-remove-ie.patch | 38 ++
.../wpa_supplicant/wpa_supplicant-2.7.ebuild | 456 +++++++++++++++++++++
3 files changed, 495 insertions(+)
diff --git a/net-wireless/wpa_supplicant/Manifest b/net-wireless/wpa_supplicant/Manifest
index b73800a9506..6c70e97a288 100644
--- a/net-wireless/wpa_supplicant/Manifest
+++ b/net-wireless/wpa_supplicant/Manifest
@@ -1 +1,2 @@
DIST wpa_supplicant-2.6.tar.gz 2753524 BLAKE2B 99c61326c402f60b384fa6c9a7381e43d4d021d7e44537a6e05552909270f30997da91b690d8a30aa690f0d1ce0aed7798bd8bb8972fcf6830c282ccc91193ac SHA512 46442cddb6ca043b8b08d143908f149954c238e0f3a57a0df73ca4fab9c1acd91b078f3f26375a1d99cd1d65625986328018c735d8705882c8f91e389cad28a6
+DIST wpa_supplicant-2.7.tar.gz 3093713 BLAKE2B bbf961b6e13757e9d7bb8b9de1808382a551265cd2d54de14e24bde3567aa5298b48fdcd0df75db79189a051532c54b28eab5519c32fc8fc00459365b57039aa SHA512 8b6eb5b5f30d351c73db63d73c09f24028a18166246539b4a4f89f0d226fb42751afa2ff72296df33317f615150325d285e8e7bda30e0d88abcdc9637ab731d3
diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-fix-undefined-remove-ie.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-fix-undefined-remove-ie.patch
new file mode 100644
index 00000000000..97a8cc7f3e1
--- /dev/null
+++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-fix-undefined-remove-ie.patch
@@ -0,0 +1,38 @@
+From f2973fa39d6109f0f34969e91551a98dc340d537 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Mon, 3 Dec 2018 12:00:26 +0200
+Subject: FT: Fix CONFIG_IEEE80211X=y build without CONFIG_FILS=y
+
+remove_ie() was defined within an ifdef CONFIG_FILS block while it is
+now needed even without CONFIG_FILS=y. Remove the CONFIG_FILS condition
+there.
+
+Fixes 8c41734e5de1 ("FT: Fix Reassociation Request IEs during FT protocol")
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ wpa_supplicant/sme.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
+index 39c8069..f77f751 100644
+--- a/wpa_supplicant/sme.c
++++ b/wpa_supplicant/sme.c
+@@ -1386,7 +1386,6 @@ void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
+ }
+
+
+-#ifdef CONFIG_FILS
+ #ifdef CONFIG_IEEE80211R
+ static void remove_ie(u8 *buf, size_t *len, u8 eid)
+ {
+@@ -1401,7 +1400,6 @@ static void remove_ie(u8 *buf, size_t *len, u8 eid)
+ }
+ }
+ #endif /* CONFIG_IEEE80211R */
+-#endif /* CONFIG_FILS */
+
+
+ void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode,
+--
+cgit v0.12
+
diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.7.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.7.ebuild
new file mode 100644
index 00000000000..12a69aa090d
--- /dev/null
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.7.ebuild
@@ -0,0 +1,456 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils qmake-utils systemd toolchain-funcs readme.gentoo-r1
+
+DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers"
+HOMEPAGE="https://w1.fi/wpa_supplicant/"
+LICENSE="|| ( GPL-2 BSD )"
+
+if [ "${PV}" = "9999" ]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://w1.fi/hostap.git"
+ KEYWORDS=""
+else
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+ SRC_URI="https://w1.fi/releases/${P}.tar.gz"
+fi
+
+SLOT="0"
+IUSE="ap bindist dbus eap-sim eapol_test fasteap gnutls +hs2-0 libressl p2p privsep ps3 qt5 readline selinux smartcard ssl suiteb tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
+REQUIRED_USE="smartcard? ( ssl )"
+
+CDEPEND="dbus? ( sys-apps/dbus )
+ kernel_linux? (
+ dev-libs/libnl:3
+ net-wireless/crda
+ eap-sim? ( sys-apps/pcsc-lite )
+ )
+ !kernel_linux? ( net-libs/libpcap )
+ qt5? (
+ dev-qt/qtcore:5
+ dev-qt/qtgui:5
+ dev-qt/qtsvg:5
+ dev-qt/qtwidgets:5
+ )
+ readline? (
+ sys-libs/ncurses:0=
+ sys-libs/readline:0=
+ )
+ ssl? (
+ gnutls? (
+ dev-libs/libgcrypt:0=
+ net-libs/gnutls:=
+ )
+ !gnutls? (
+ !libressl? ( >=dev-libs/openssl-1.0.2k:0=[bindist=] )
+ libressl? ( dev-libs/libressl:0= )
+ )
+ )
+ !ssl? ( dev-libs/libtommath )
+"
+DEPEND="${CDEPEND}
+ virtual/pkgconfig
+"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-networkmanager )
+"
+
+DOC_CONTENTS="
+ If this is a clean installation of wpa_supplicant, you
+ have to create a configuration file named
+ ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf
+ An example configuration file is available for reference in
+ ${EROOT%/}/usr/share/doc/${PF}/
+"
+
+S="${WORKDIR}/${P}/${PN}"
+
+Kconfig_style_config() {
+ #param 1 is CONFIG_* item
+ #param 2 is what to set it = to, defaulting in y
+ CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1"
+ setting="${2:-y}"
+
+ if [ ! $setting = n ]; then
+ #first remove any leading "# " if $2 is not n
+ sed -i "/^# *$CONFIG_PARAM=/s/^# *//" .config || echo "Kconfig_style_config error uncommenting $CONFIG_PARAM"
+ #set item = $setting (defaulting to y)
+ sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config || echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting"
+ if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then
+ echo "$CONFIG_PARAM=$setting" >>.config
+ fi
+ else
+ #ensure item commented out
+ sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config || echo "Kconfig_style_config error commenting $CONFIG_PARAM"
+ fi
+}
+
+pkg_setup() {
+ if use ssl ; then
+ if use gnutls && use libressl ; then
+ elog "You have both 'gnutls' and 'libressl' USE flags enabled: defaulting to USE=\"gnutls\""
+ fi
+ else
+ elog "You have 'ssl' USE flag disabled: defaulting to internal TLS implementation"
+ fi
+}
+
+src_prepare() {
+ default
+
+ # net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD
+ sed -i \
+ -e "s:\(#include <pcap\.h>\):#include <net/bpf.h>\n\1:" \
+ ../src/l2_packet/l2_packet_freebsd.c || die
+
+ # People seem to take the example configuration file too literally (bug #102361)
+ sed -i \
+ -e "s:^\(opensc_engine_path\):#\1:" \
+ -e "s:^\(pkcs11_engine_path\):#\1:" \
+ -e "s:^\(pkcs11_module_path\):#\1:" \
+ wpa_supplicant.conf || die
+
+ # Change configuration to match Gentoo locations (bug #143750)
+ sed -i \
+ -e "s:/usr/lib/opensc:/usr/$(get_libdir):" \
+ -e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \
+ wpa_supplicant.conf || die
+
+ # systemd entries to D-Bus service files (bug #372877)
+ echo 'SystemdService=wpa_supplicant.service' \
+ | tee -a dbus/*.service >/dev/null || die
+
+ cd "${WORKDIR}/${P}" || die
+
+ if use wimax; then
+ # generate-libeap-peer.patch comes before
+ # fix-undefined-reference-to-random_get_bytes.patch
+ eapply "${FILESDIR}/${P}-generate-libeap-peer.patch"
+
+ # multilib-strict fix (bug #373685)
+ sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile || die
+ fi
+
+ # bug (320097)
+ eapply "${FILESDIR}/${PN}-2.6-do-not-call-dbus-functions-with-NULL-path.patch"
+
+ # fix undefined reference to remove_ie()
+ eapply "${FILESDIR}/${P}-fix-undefined-remove-ie.patch"
+
+ # bug (640492)
+ sed -i 's#-Werror ##' wpa_supplicant/Makefile || die
+}
+
+src_configure() {
+ # Toolchain setup
+ tc-export CC
+
+ cp defconfig .config || die
+
+ # Basic setup
+ Kconfig_style_config CTRL_IFACE
+ Kconfig_style_config MATCH_IFACE
+ Kconfig_style_config BACKEND file
+ Kconfig_style_config IBSS_RSN
+ Kconfig_style_config IEEE80211W
+ Kconfig_style_config IEEE80211R
+
+ # Basic authentication methods
+ # NOTE: we don't set GPSK or SAKE as they conflict
+ # with the below options
+ Kconfig_style_config EAP_GTC
+ Kconfig_style_config EAP_MD5
+ Kconfig_style_config EAP_OTP
+ Kconfig_style_config EAP_PAX
+ Kconfig_style_config EAP_PSK
+ Kconfig_style_config EAP_TLV
+ Kconfig_style_config EAP_EXE
+ Kconfig_style_config IEEE8021X_EAPOL
+ Kconfig_style_config PKCS12
+ Kconfig_style_config PEERKEY
+ Kconfig_style_config EAP_LEAP
+ Kconfig_style_config EAP_MSCHAPV2
+ Kconfig_style_config EAP_PEAP
+ Kconfig_style_config EAP_TLS
+ Kconfig_style_config EAP_TTLS
+
+ # Enabling background scanning.
+ Kconfig_style_config BGSCAN_SIMPLE
+ Kconfig_style_config BGSCAN_LEARN
+
+ if use dbus ; then
+ Kconfig_style_config CTRL_IFACE_DBUS
+ Kconfig_style_config CTRL_IFACE_DBUS_NEW
+ Kconfig_style_config CTRL_IFACE_DBUS_INTRO
+ fi
+
+ if use eapol_test ; then
+ Kconfig_style_config EAPOL_TEST
+ fi
+
+ # Enable support for writing debug info to a log file and syslog.
+ Kconfig_style_config DEBUG_FILE
+ Kconfig_style_config DEBUG_SYSLOG
+
+ if use hs2-0 ; then
+ Kconfig_style_config INTERWORKING
+ Kconfig_style_config HS20
+ fi
+
+ if use uncommon-eap-types; then
+ Kconfig_style_config EAP_GPSK
+ Kconfig_style_config EAP_SAKE
+ Kconfig_style_config EAP_GPSK_SHA256
+ Kconfig_style_config EAP_IKEV2
+ Kconfig_style_config EAP_EKE
+ fi
+
+ if use eap-sim ; then
+ # Smart card authentication
+ Kconfig_style_config EAP_SIM
+ Kconfig_style_config EAP_AKA
+ Kconfig_style_config EAP_AKA_PRIME
+ Kconfig_style_config PCSC
+ fi
+
+ if use fasteap ; then
+ Kconfig_style_config EAP_FAST
+ fi
+
+ if use readline ; then
+ # readline/history support for wpa_cli
+ Kconfig_style_config READLINE
+ else
+ #internal line edit mode for wpa_cli
+ Kconfig_style_config WPA_CLI_EDIT
+ fi
+
+ if use suiteb; then
+ Kconfig_style_config SUITEB
+ fi
+
+ # SSL authentication methods
+ if use ssl ; then
+ if use gnutls ; then
+ Kconfig_style_config TLS gnutls
+ Kconfig_style_config GNUTLS_EXTRA
+ else
+ #this fails for gnutls
+ Kconfig_style_config SUITEB192
+ Kconfig_style_config TLS openssl
+ if ! use bindist; then
+ #this fails for gnutls
+ Kconfig_style_config EAP_PWD
+ # SAE fails on gnutls and everything below here needs SAE
+ # Enabling mesh networks.
+ Kconfig_style_config MESH
+ #WPA3
+ Kconfig_style_config OWE
+ Kconfig_style_config SAE
+ #we also need to disable FILS, except that isn't enabled yet
+ fi
+
+ fi
+ else
+ Kconfig_style_config TLS internal
+ fi
+
+ if use smartcard ; then
+ Kconfig_style_config SMARTCARD
+ fi
+
+ if use tdls ; then
+ Kconfig_style_config TDLS
+ fi
+
+ if use kernel_linux ; then
+ # Linux specific drivers
+ Kconfig_style_config DRIVER_ATMEL
+ Kconfig_style_config DRIVER_HOSTAP
+ Kconfig_style_config DRIVER_IPW
+ Kconfig_style_config DRIVER_NL80211
+ Kconfig_style_config DRIVER_RALINK
+ Kconfig_style_config DRIVER_WEXT
+ Kconfig_style_config DRIVER_WIRED
+
+ if use ps3 ; then
+ Kconfig_style_config DRIVER_PS3
+ fi
+
+ elif use kernel_FreeBSD ; then
+ # FreeBSD specific driver
+ Kconfig_style_config DRIVER_BSD
+ fi
+
+ # Wi-Fi Protected Setup (WPS)
+ if use wps ; then
+ Kconfig_style_config WPS
+ Kconfig_style_config WPS2
+ # USB Flash Drive
+ Kconfig_style_config WPS_UFD
+ # External Registrar
+ Kconfig_style_config WPS_ER
+ # Universal Plug'n'Play
+ Kconfig_style_config WPS_UPNP
+ # Near Field Communication
+ Kconfig_style_config WPS_NFC
+ fi
+
+ # Wi-Fi Direct (WiDi)
+ if use p2p ; then
+ Kconfig_style_config P2P
+ Kconfig_style_config WIFI_DISPLAY
+ fi
+
+ # Access Point Mode
+ if use ap ; then
+ Kconfig_style_config AP
+ fi
+
+ # Enable essentials for AP/P2P
+ if use ap || use p2p ; then
+ # Enabling HT support (802.11n)
+ Kconfig_style_config IEEE80211N
+
+ # Enabling VHT support (802.11ac)
+ Kconfig_style_config IEEE80211AC
+ fi
+
+ # Enable mitigation against certain attacks against TKIP
+ Kconfig_style_config DELAYED_MIC_ERROR_REPORT
+
+ if use privsep ; then
+ Kconfig_style_config PRIVSEP
+ fi
+
+ # If we are using libnl 2.0 and above, enable support for it
+ # Bug 382159
+ # Removed for now, since the 3.2 version is broken, and we don't
+ # support it.
+ if has_version ">=dev-libs/libnl-3.2"; then
+ Kconfig_style_config LIBNL32
+ fi
+
+ if use qt5 ; then
+ pushd "${S}"/wpa_gui-qt4 > /dev/null || die
+ eqmake5 wpa_gui.pro
+ popd > /dev/null || die
+ fi
+}
+
+src_compile() {
+ einfo "Building wpa_supplicant"
+ emake V=1 BINDIR=/usr/sbin
+
+ if use wimax; then
+ emake -C ../src/eap_peer clean
+ emake -C ../src/eap_peer
+ fi
+
+ if use qt5; then
+ einfo "Building wpa_gui"
+ emake -C "${S}"/wpa_gui-qt4
+ fi
+
+ if use eapol_test ; then
+ emake eapol_test
+ fi
+}
+
+src_install() {
+ dosbin wpa_supplicant
+ use privsep && dosbin wpa_priv
+ dobin wpa_cli wpa_passphrase
+
+ # baselayout-1 compat
+ if has_version "<sys-apps/baselayout-2.0.0"; then
+ dodir /sbin
+ dosym ../usr/sbin/wpa_supplicant /sbin/wpa_supplicant
+ dodir /bin
+ dosym ../usr/bin/wpa_cli /bin/wpa_cli
+ fi
+
+ if has_version ">=sys-apps/openrc-0.5.0"; then
+ newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant
+ newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant
+ fi
+
+ exeinto /etc/wpa_supplicant/
+ newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh
+
+ readme.gentoo_create_doc
+ dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \
+ wpa_supplicant.conf
+
+ newdoc .config build-config
+
+ if [ "${PV}" != "9999" ]; then
+ doman doc/docbook/*.{5,8}
+ fi
+
+ if use qt5 ; then
+ into /usr
+ dobin wpa_gui-qt4/wpa_gui
+ doicon wpa_gui-qt4/icons/wpa_gui.svg
+ make_desktop_entry wpa_gui "WPA Supplicant Administration GUI" "wpa_gui" "Qt;Network;"
+ else
+ rm "${ED}"/usr/share/man/man8/wpa_gui.8
+ fi
+
+ use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install
+
+ if use dbus ; then
+ pushd "${S}"/dbus > /dev/null || die
+ insinto /etc/dbus-1/system.d
+ newins dbus-wpa_supplicant.conf wpa_supplicant.conf
+ insinto /usr/share/dbus-1/system-services
+ doins fi.epitest.hostap.WPASupplicant.service fi.w1.wpa_supplicant1.service
+ popd > /dev/null || die
+
+ # This unit relies on dbus support, bug 538600.
+ systemd_dounit systemd/wpa_supplicant.service
+ fi
+
+ if use eapol_test ; then
+ dobin eapol_test
+ fi
+
+ systemd_dounit "systemd/wpa_supplicant@.service"
+ systemd_dounit "systemd/wpa_supplicant-nl80211@.service"
+ systemd_dounit "systemd/wpa_supplicant-wired@.service"
+}
+
+pkg_postinst() {
+ readme.gentoo_print_elog
+
+ if [[ -e "${EROOT%/}"/etc/wpa_supplicant.conf ]] ; then
+ echo
+ ewarn "WARNING: your old configuration file ${EROOT%/}/etc/wpa_supplicant.conf"
+ ewarn "needs to be moved to ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf"
+ fi
+
+ if use bindist || use gnutls; then
+ if ! use libressl; then
+ ewarn "Using bindist or gnutls use flags presently breaks WPA3 (specifically SAE and OWE)."
+ ewarn "This is incredibly undesirable"
+ fi
+ fi
+
+ # Mea culpa, feel free to remove that after some time --mgorny.
+ local fn
+ for fn in wpa_supplicant{,@wlan0}.service; do
+ if [[ -e "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} ]]
+ then
+ ebegin "Moving ${fn} to multi-user.target"
+ mv "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} \
+ "${EROOT%/}"/etc/systemd/system/multi-user.target.wants/ || die
+ eend ${?} \
+ "Please try to re-enable ${fn}"
+ fi
+ done
+
+ systemd_reenable wpa_supplicant.service
+}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/, net-wireless/wpa_supplicant/
@ 2019-01-14 1:42 Rick Farina
0 siblings, 0 replies; 8+ messages in thread
From: Rick Farina @ 2019-01-14 1:42 UTC (permalink / raw
To: gentoo-commits
commit: ad158c5c451d3fe5878fba086e38e064654c1087
Author: Stefan Strogin <stefan.strogin <AT> gmail <DOT> com>
AuthorDate: Sun Jan 13 19:24:24 2019 +0000
Commit: Rick Farina <zerochaos <AT> gentoo <DOT> org>
CommitDate: Mon Jan 14 01:42:16 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad158c5c
net-wireless/wpa_supplicant: add LibreSSL fix from upstream
Close: https://bugs.gentoo.org/672632
Package-Manager: Portage-2.3.55, Repoman-2.3.12
Signed-off-by: Stefan Strogin <stefan.strogin <AT> gmail.com>
Signed-off-by: Rick Farina <zerochaos <AT> gentoo.org>
.../files/wpa_supplicant-2.7-libressl.patch | 46 +++
.../wpa_supplicant/wpa_supplicant-2.7-r1.ebuild | 459 +++++++++++++++++++++
2 files changed, 505 insertions(+)
diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch
new file mode 100644
index 00000000000..45a1cf3701f
--- /dev/null
+++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch
@@ -0,0 +1,46 @@
+From 2643a056bb7d0737f63f42a11c308b2804d9ebe5 Mon Sep 17 00:00:00 2001
+From: Andrey Utkin <andrey_utkin@gentoo.org>
+Date: Tue, 11 Dec 2018 17:41:10 +0000
+Subject: [PATCH] Fix build with LibreSSL
+
+When using LibreSSL instead of OpenSSL, linkage of hostapd executable
+fails with the following error when using some LibreSSL versions
+
+ ../src/crypto/tls_openssl.o: In function `tls_verify_cb':
+ tls_openssl.c:(.text+0x1273): undefined reference to `ASN1_STRING_get0_data'
+ ../src/crypto/tls_openssl.o: In function `tls_connection_peer_serial_num':
+ tls_openssl.c:(.text+0x3023): undefined reference to `ASN1_STRING_get0_data'
+ collect2: error: ld returned 1 exit status
+ make: *** [Makefile:1278: hostapd] Error 1
+
+ASN1_STRING_get0_data is present in recent OpenSSL, but absent in some
+versions of LibreSSL (confirmed for version 2.6.5), so fallback needs to
+be defined in this case, just like for old OpenSSL.
+
+This patch was inspired by similar patches to other projects, such as
+spice-gtk, pjsip.
+
+Link: https://bugs.gentoo.org/672834
+Signed-off-by: Andrey Utkin <andrey_utkin@gentoo.org>
+---
+ src/crypto/tls_openssl.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index 608818310..cb70e2c47 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -104,7 +104,9 @@ static size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
+
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
++ (defined(LIBRESSL_VERSION_NUMBER) && \
++ LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ #ifdef CONFIG_SUITEB
+ static int RSA_bits(const RSA *r)
+ {
+--
+2.20.1
+
diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.7-r1.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.7-r1.ebuild
new file mode 100644
index 00000000000..16e14e933dd
--- /dev/null
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.7-r1.ebuild
@@ -0,0 +1,459 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils qmake-utils systemd toolchain-funcs readme.gentoo-r1
+
+DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers"
+HOMEPAGE="https://w1.fi/wpa_supplicant/"
+LICENSE="|| ( GPL-2 BSD )"
+
+if [ "${PV}" = "9999" ]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://w1.fi/hostap.git"
+ KEYWORDS=""
+else
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+ SRC_URI="https://w1.fi/releases/${P}.tar.gz"
+fi
+
+SLOT="0"
+IUSE="ap bindist dbus eap-sim eapol_test fasteap gnutls +hs2-0 libressl p2p privsep ps3 qt5 readline selinux smartcard ssl suiteb tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
+REQUIRED_USE="smartcard? ( ssl )"
+
+CDEPEND="dbus? ( sys-apps/dbus )
+ kernel_linux? (
+ dev-libs/libnl:3
+ net-wireless/crda
+ eap-sim? ( sys-apps/pcsc-lite )
+ )
+ !kernel_linux? ( net-libs/libpcap )
+ qt5? (
+ dev-qt/qtcore:5
+ dev-qt/qtgui:5
+ dev-qt/qtsvg:5
+ dev-qt/qtwidgets:5
+ )
+ readline? (
+ sys-libs/ncurses:0=
+ sys-libs/readline:0=
+ )
+ ssl? (
+ gnutls? (
+ dev-libs/libgcrypt:0=
+ net-libs/gnutls:=
+ )
+ !gnutls? (
+ !libressl? ( >=dev-libs/openssl-1.0.2k:0=[bindist=] )
+ libressl? ( dev-libs/libressl:0= )
+ )
+ )
+ !ssl? ( dev-libs/libtommath )
+"
+DEPEND="${CDEPEND}
+ virtual/pkgconfig
+"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-networkmanager )
+"
+
+DOC_CONTENTS="
+ If this is a clean installation of wpa_supplicant, you
+ have to create a configuration file named
+ ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf
+ An example configuration file is available for reference in
+ ${EROOT%/}/usr/share/doc/${PF}/
+"
+
+S="${WORKDIR}/${P}/${PN}"
+
+Kconfig_style_config() {
+ #param 1 is CONFIG_* item
+ #param 2 is what to set it = to, defaulting in y
+ CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1"
+ setting="${2:-y}"
+
+ if [ ! $setting = n ]; then
+ #first remove any leading "# " if $2 is not n
+ sed -i "/^# *$CONFIG_PARAM=/s/^# *//" .config || echo "Kconfig_style_config error uncommenting $CONFIG_PARAM"
+ #set item = $setting (defaulting to y)
+ sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config || echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting"
+ if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then
+ echo "$CONFIG_PARAM=$setting" >>.config
+ fi
+ else
+ #ensure item commented out
+ sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config || echo "Kconfig_style_config error commenting $CONFIG_PARAM"
+ fi
+}
+
+pkg_setup() {
+ if use ssl ; then
+ if use gnutls && use libressl ; then
+ elog "You have both 'gnutls' and 'libressl' USE flags enabled: defaulting to USE=\"gnutls\""
+ fi
+ else
+ elog "You have 'ssl' USE flag disabled: defaulting to internal TLS implementation"
+ fi
+}
+
+src_prepare() {
+ default
+
+ # net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD
+ sed -i \
+ -e "s:\(#include <pcap\.h>\):#include <net/bpf.h>\n\1:" \
+ ../src/l2_packet/l2_packet_freebsd.c || die
+
+ # People seem to take the example configuration file too literally (bug #102361)
+ sed -i \
+ -e "s:^\(opensc_engine_path\):#\1:" \
+ -e "s:^\(pkcs11_engine_path\):#\1:" \
+ -e "s:^\(pkcs11_module_path\):#\1:" \
+ wpa_supplicant.conf || die
+
+ # Change configuration to match Gentoo locations (bug #143750)
+ sed -i \
+ -e "s:/usr/lib/opensc:/usr/$(get_libdir):" \
+ -e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \
+ wpa_supplicant.conf || die
+
+ # systemd entries to D-Bus service files (bug #372877)
+ echo 'SystemdService=wpa_supplicant.service' \
+ | tee -a dbus/*.service >/dev/null || die
+
+ cd "${WORKDIR}/${P}" || die
+
+ if use wimax; then
+ # generate-libeap-peer.patch comes before
+ # fix-undefined-reference-to-random_get_bytes.patch
+ eapply "${FILESDIR}/${P}-generate-libeap-peer.patch"
+
+ # multilib-strict fix (bug #373685)
+ sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile || die
+ fi
+
+ # bug (320097)
+ eapply "${FILESDIR}/${PN}-2.6-do-not-call-dbus-functions-with-NULL-path.patch"
+
+ # fix undefined reference to remove_ie()
+ eapply "${FILESDIR}/${P}-fix-undefined-remove-ie.patch"
+
+ # bug (672632)
+ eapply "${FILESDIR}/${P}-libressl.patch"
+
+ # bug (640492)
+ sed -i 's#-Werror ##' wpa_supplicant/Makefile || die
+}
+
+src_configure() {
+ # Toolchain setup
+ tc-export CC
+
+ cp defconfig .config || die
+
+ # Basic setup
+ Kconfig_style_config CTRL_IFACE
+ Kconfig_style_config MATCH_IFACE
+ Kconfig_style_config BACKEND file
+ Kconfig_style_config IBSS_RSN
+ Kconfig_style_config IEEE80211W
+ Kconfig_style_config IEEE80211R
+
+ # Basic authentication methods
+ # NOTE: we don't set GPSK or SAKE as they conflict
+ # with the below options
+ Kconfig_style_config EAP_GTC
+ Kconfig_style_config EAP_MD5
+ Kconfig_style_config EAP_OTP
+ Kconfig_style_config EAP_PAX
+ Kconfig_style_config EAP_PSK
+ Kconfig_style_config EAP_TLV
+ Kconfig_style_config EAP_EXE
+ Kconfig_style_config IEEE8021X_EAPOL
+ Kconfig_style_config PKCS12
+ Kconfig_style_config PEERKEY
+ Kconfig_style_config EAP_LEAP
+ Kconfig_style_config EAP_MSCHAPV2
+ Kconfig_style_config EAP_PEAP
+ Kconfig_style_config EAP_TLS
+ Kconfig_style_config EAP_TTLS
+
+ # Enabling background scanning.
+ Kconfig_style_config BGSCAN_SIMPLE
+ Kconfig_style_config BGSCAN_LEARN
+
+ if use dbus ; then
+ Kconfig_style_config CTRL_IFACE_DBUS
+ Kconfig_style_config CTRL_IFACE_DBUS_NEW
+ Kconfig_style_config CTRL_IFACE_DBUS_INTRO
+ fi
+
+ if use eapol_test ; then
+ Kconfig_style_config EAPOL_TEST
+ fi
+
+ # Enable support for writing debug info to a log file and syslog.
+ Kconfig_style_config DEBUG_FILE
+ Kconfig_style_config DEBUG_SYSLOG
+
+ if use hs2-0 ; then
+ Kconfig_style_config INTERWORKING
+ Kconfig_style_config HS20
+ fi
+
+ if use uncommon-eap-types; then
+ Kconfig_style_config EAP_GPSK
+ Kconfig_style_config EAP_SAKE
+ Kconfig_style_config EAP_GPSK_SHA256
+ Kconfig_style_config EAP_IKEV2
+ Kconfig_style_config EAP_EKE
+ fi
+
+ if use eap-sim ; then
+ # Smart card authentication
+ Kconfig_style_config EAP_SIM
+ Kconfig_style_config EAP_AKA
+ Kconfig_style_config EAP_AKA_PRIME
+ Kconfig_style_config PCSC
+ fi
+
+ if use fasteap ; then
+ Kconfig_style_config EAP_FAST
+ fi
+
+ if use readline ; then
+ # readline/history support for wpa_cli
+ Kconfig_style_config READLINE
+ else
+ #internal line edit mode for wpa_cli
+ Kconfig_style_config WPA_CLI_EDIT
+ fi
+
+ if use suiteb; then
+ Kconfig_style_config SUITEB
+ fi
+
+ # SSL authentication methods
+ if use ssl ; then
+ if use gnutls ; then
+ Kconfig_style_config TLS gnutls
+ Kconfig_style_config GNUTLS_EXTRA
+ else
+ #this fails for gnutls
+ Kconfig_style_config SUITEB192
+ Kconfig_style_config TLS openssl
+ if ! use bindist; then
+ #this fails for gnutls
+ Kconfig_style_config EAP_PWD
+ # SAE fails on gnutls and everything below here needs SAE
+ # Enabling mesh networks.
+ Kconfig_style_config MESH
+ #WPA3
+ Kconfig_style_config OWE
+ Kconfig_style_config SAE
+ #we also need to disable FILS, except that isn't enabled yet
+ fi
+
+ fi
+ else
+ Kconfig_style_config TLS internal
+ fi
+
+ if use smartcard ; then
+ Kconfig_style_config SMARTCARD
+ fi
+
+ if use tdls ; then
+ Kconfig_style_config TDLS
+ fi
+
+ if use kernel_linux ; then
+ # Linux specific drivers
+ Kconfig_style_config DRIVER_ATMEL
+ Kconfig_style_config DRIVER_HOSTAP
+ Kconfig_style_config DRIVER_IPW
+ Kconfig_style_config DRIVER_NL80211
+ Kconfig_style_config DRIVER_RALINK
+ Kconfig_style_config DRIVER_WEXT
+ Kconfig_style_config DRIVER_WIRED
+
+ if use ps3 ; then
+ Kconfig_style_config DRIVER_PS3
+ fi
+
+ elif use kernel_FreeBSD ; then
+ # FreeBSD specific driver
+ Kconfig_style_config DRIVER_BSD
+ fi
+
+ # Wi-Fi Protected Setup (WPS)
+ if use wps ; then
+ Kconfig_style_config WPS
+ Kconfig_style_config WPS2
+ # USB Flash Drive
+ Kconfig_style_config WPS_UFD
+ # External Registrar
+ Kconfig_style_config WPS_ER
+ # Universal Plug'n'Play
+ Kconfig_style_config WPS_UPNP
+ # Near Field Communication
+ Kconfig_style_config WPS_NFC
+ fi
+
+ # Wi-Fi Direct (WiDi)
+ if use p2p ; then
+ Kconfig_style_config P2P
+ Kconfig_style_config WIFI_DISPLAY
+ fi
+
+ # Access Point Mode
+ if use ap ; then
+ Kconfig_style_config AP
+ fi
+
+ # Enable essentials for AP/P2P
+ if use ap || use p2p ; then
+ # Enabling HT support (802.11n)
+ Kconfig_style_config IEEE80211N
+
+ # Enabling VHT support (802.11ac)
+ Kconfig_style_config IEEE80211AC
+ fi
+
+ # Enable mitigation against certain attacks against TKIP
+ Kconfig_style_config DELAYED_MIC_ERROR_REPORT
+
+ if use privsep ; then
+ Kconfig_style_config PRIVSEP
+ fi
+
+ # If we are using libnl 2.0 and above, enable support for it
+ # Bug 382159
+ # Removed for now, since the 3.2 version is broken, and we don't
+ # support it.
+ if has_version ">=dev-libs/libnl-3.2"; then
+ Kconfig_style_config LIBNL32
+ fi
+
+ if use qt5 ; then
+ pushd "${S}"/wpa_gui-qt4 > /dev/null || die
+ eqmake5 wpa_gui.pro
+ popd > /dev/null || die
+ fi
+}
+
+src_compile() {
+ einfo "Building wpa_supplicant"
+ emake V=1 BINDIR=/usr/sbin
+
+ if use wimax; then
+ emake -C ../src/eap_peer clean
+ emake -C ../src/eap_peer
+ fi
+
+ if use qt5; then
+ einfo "Building wpa_gui"
+ emake -C "${S}"/wpa_gui-qt4
+ fi
+
+ if use eapol_test ; then
+ emake eapol_test
+ fi
+}
+
+src_install() {
+ dosbin wpa_supplicant
+ use privsep && dosbin wpa_priv
+ dobin wpa_cli wpa_passphrase
+
+ # baselayout-1 compat
+ if has_version "<sys-apps/baselayout-2.0.0"; then
+ dodir /sbin
+ dosym ../usr/sbin/wpa_supplicant /sbin/wpa_supplicant
+ dodir /bin
+ dosym ../usr/bin/wpa_cli /bin/wpa_cli
+ fi
+
+ if has_version ">=sys-apps/openrc-0.5.0"; then
+ newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant
+ newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant
+ fi
+
+ exeinto /etc/wpa_supplicant/
+ newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh
+
+ readme.gentoo_create_doc
+ dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \
+ wpa_supplicant.conf
+
+ newdoc .config build-config
+
+ if [ "${PV}" != "9999" ]; then
+ doman doc/docbook/*.{5,8}
+ fi
+
+ if use qt5 ; then
+ into /usr
+ dobin wpa_gui-qt4/wpa_gui
+ doicon wpa_gui-qt4/icons/wpa_gui.svg
+ make_desktop_entry wpa_gui "WPA Supplicant Administration GUI" "wpa_gui" "Qt;Network;"
+ else
+ rm "${ED}"/usr/share/man/man8/wpa_gui.8
+ fi
+
+ use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install
+
+ if use dbus ; then
+ pushd "${S}"/dbus > /dev/null || die
+ insinto /etc/dbus-1/system.d
+ newins dbus-wpa_supplicant.conf wpa_supplicant.conf
+ insinto /usr/share/dbus-1/system-services
+ doins fi.epitest.hostap.WPASupplicant.service fi.w1.wpa_supplicant1.service
+ popd > /dev/null || die
+
+ # This unit relies on dbus support, bug 538600.
+ systemd_dounit systemd/wpa_supplicant.service
+ fi
+
+ if use eapol_test ; then
+ dobin eapol_test
+ fi
+
+ systemd_dounit "systemd/wpa_supplicant@.service"
+ systemd_dounit "systemd/wpa_supplicant-nl80211@.service"
+ systemd_dounit "systemd/wpa_supplicant-wired@.service"
+}
+
+pkg_postinst() {
+ readme.gentoo_print_elog
+
+ if [[ -e "${EROOT%/}"/etc/wpa_supplicant.conf ]] ; then
+ echo
+ ewarn "WARNING: your old configuration file ${EROOT%/}/etc/wpa_supplicant.conf"
+ ewarn "needs to be moved to ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf"
+ fi
+
+ if use bindist || use gnutls; then
+ if ! use libressl; then
+ ewarn "Using bindist or gnutls use flags presently breaks WPA3 (specifically SAE and OWE)."
+ ewarn "This is incredibly undesirable"
+ fi
+ fi
+
+ # Mea culpa, feel free to remove that after some time --mgorny.
+ local fn
+ for fn in wpa_supplicant{,@wlan0}.service; do
+ if [[ -e "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} ]]
+ then
+ ebegin "Moving ${fn} to multi-user.target"
+ mv "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} \
+ "${EROOT%/}"/etc/systemd/system/multi-user.target.wants/ || die
+ eend ${?} \
+ "Please try to re-enable ${fn}"
+ fi
+ done
+
+ systemd_reenable wpa_supplicant.service
+}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/, net-wireless/wpa_supplicant/
@ 2019-11-04 16:35 Rick Farina
0 siblings, 0 replies; 8+ messages in thread
From: Rick Farina @ 2019-11-04 16:35 UTC (permalink / raw
To: gentoo-commits
commit: 38457d7ed121534eadb492deb0e9048f41d13a94
Author: Rick Farina <zerochaos <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 4 16:31:53 2019 +0000
Commit: Rick Farina <zerochaos <AT> gentoo <DOT> org>
CommitDate: Mon Nov 4 16:31:53 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38457d7e
net-wireless/wpa_supplicant: fix bug #696030
Package-Manager: Portage-2.3.78, Repoman-2.3.17
Signed-off-by: Rick Farina <zerochaos <AT> gentoo.org>
...y-ignore-management-frame-from-unexpected.patch | 73 ++++
.../wpa_supplicant/wpa_supplicant-2.9-r1.ebuild | 461 +++++++++++++++++++++
2 files changed, 534 insertions(+)
diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch
new file mode 100644
index 00000000000..d764a9db016
--- /dev/null
+++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch
@@ -0,0 +1,73 @@
+From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Thu, 29 Aug 2019 11:52:04 +0300
+Subject: [PATCH] AP: Silently ignore management frame from unexpected source
+ address
+
+Do not process any received Management frames with unexpected/invalid SA
+so that we do not add any state for unexpected STA addresses or end up
+sending out frames to unexpected destination. This prevents unexpected
+sequences where an unprotected frame might end up causing the AP to send
+out a response to another device and that other device processing the
+unexpected response.
+
+In particular, this prevents some potential denial of service cases
+where the unexpected response frame from the AP might result in a
+connected station dropping its association.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/drv_callbacks.c | 13 +++++++++++++
+ src/ap/ieee802_11.c | 12 ++++++++++++
+ 2 files changed, 25 insertions(+)
+
+diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
+index 31587685fe3b..34ca379edc3d 100644
+--- a/src/ap/drv_callbacks.c
++++ b/src/ap/drv_callbacks.c
+@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
+ "hostapd_notif_assoc: Skip event with no address");
+ return -1;
+ }
++
++ if (is_multicast_ether_addr(addr) ||
++ is_zero_ether_addr(addr) ||
++ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
++ /* Do not process any frames with unexpected/invalid SA so that
++ * we do not add any state for unexpected STA addresses or end
++ * up sending out frames to unexpected destination. */
++ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
++ " in received indication - ignore this indication silently",
++ __func__, MAC2STR(addr));
++ return 0;
++ }
++
+ random_add_randomness(addr, ETH_ALEN);
+
+ hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index c85a28db44b7..e7065372e158 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
+ fc = le_to_host16(mgmt->frame_control);
+ stype = WLAN_FC_GET_STYPE(fc);
+
++ if (is_multicast_ether_addr(mgmt->sa) ||
++ is_zero_ether_addr(mgmt->sa) ||
++ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
++ /* Do not process any frames with unexpected/invalid SA so that
++ * we do not add any state for unexpected STA addresses or end
++ * up sending out frames to unexpected destination. */
++ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
++ " in received frame - ignore this frame silently",
++ MAC2STR(mgmt->sa));
++ return 0;
++ }
++
+ if (stype == WLAN_FC_STYPE_BEACON) {
+ handle_beacon(hapd, mgmt, len, fi);
+ return 1;
+--
+2.20.1
+
diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r1.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r1.ebuild
new file mode 100644
index 00000000000..6b9f21781fc
--- /dev/null
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r1.ebuild
@@ -0,0 +1,461 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils qmake-utils systemd toolchain-funcs readme.gentoo-r1
+
+DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers"
+HOMEPAGE="https://w1.fi/wpa_supplicant/"
+LICENSE="|| ( GPL-2 BSD )"
+
+if [ "${PV}" = "9999" ]; then
+ inherit git-r3
+ EGIT_REPO_URI="https://w1.fi/hostap.git"
+else
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+ SRC_URI="https://w1.fi/releases/${P}.tar.gz"
+fi
+
+SLOT="0"
+IUSE="ap bindist dbus eap-sim eapol_test fasteap +fils +hs2-0 libressl macsec p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
+
+# CONFIG_PRIVSEP=y does not have sufficient support for the new driver
+# interface functions used for MACsec, so this combination cannot be used
+# at least for now.
+REQUIRED_USE="
+ macsec? ( !privsep )
+ privsep? ( !macsec )
+"
+
+CDEPEND="dbus? ( sys-apps/dbus )
+ kernel_linux? (
+ dev-libs/libnl:3
+ net-wireless/crda
+ eap-sim? ( sys-apps/pcsc-lite )
+ )
+ !kernel_linux? ( net-libs/libpcap )
+ qt5? (
+ dev-qt/qtcore:5
+ dev-qt/qtgui:5
+ dev-qt/qtsvg:5
+ dev-qt/qtwidgets:5
+ )
+ readline? (
+ sys-libs/ncurses:0=
+ sys-libs/readline:0=
+ )
+ !libressl? ( >=dev-libs/openssl-1.0.2k:0=[bindist=] )
+ libressl? ( dev-libs/libressl:0= )
+"
+DEPEND="${CDEPEND}
+ virtual/pkgconfig
+"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-networkmanager )
+"
+
+DOC_CONTENTS="
+ If this is a clean installation of wpa_supplicant, you
+ have to create a configuration file named
+ ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf
+ An example configuration file is available for reference in
+ ${EROOT%/}/usr/share/doc/${PF}/
+"
+
+S="${WORKDIR}/${P}/${PN}"
+
+Kconfig_style_config() {
+ #param 1 is CONFIG_* item
+ #param 2 is what to set it = to, defaulting in y
+ CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1"
+ setting="${2:-y}"
+
+ if [ ! $setting = n ]; then
+ #first remove any leading "# " if $2 is not n
+ sed -i "/^# *$CONFIG_PARAM=/s/^# *//" .config || echo "Kconfig_style_config error uncommenting $CONFIG_PARAM"
+ #set item = $setting (defaulting to y)
+ sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config || echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting"
+ if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then
+ echo "$CONFIG_PARAM=$setting" >>.config
+ fi
+ else
+ #ensure item commented out
+ sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config || echo "Kconfig_style_config error commenting $CONFIG_PARAM"
+ fi
+}
+
+src_prepare() {
+ default
+
+ # net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD
+ sed -i \
+ -e "s:\(#include <pcap\.h>\):#include <net/bpf.h>\n\1:" \
+ ../src/l2_packet/l2_packet_freebsd.c || die
+
+ # People seem to take the example configuration file too literally (bug #102361)
+ sed -i \
+ -e "s:^\(opensc_engine_path\):#\1:" \
+ -e "s:^\(pkcs11_engine_path\):#\1:" \
+ -e "s:^\(pkcs11_module_path\):#\1:" \
+ wpa_supplicant.conf || die
+
+ # Change configuration to match Gentoo locations (bug #143750)
+ sed -i \
+ -e "s:/usr/lib/opensc:/usr/$(get_libdir):" \
+ -e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \
+ wpa_supplicant.conf || die
+
+ # systemd entries to D-Bus service files (bug #372877)
+ echo 'SystemdService=wpa_supplicant.service' \
+ | tee -a dbus/*.service >/dev/null || die
+
+ cd "${WORKDIR}/${P}" || die
+
+ if use wimax; then
+ # generate-libeap-peer.patch comes before
+ # fix-undefined-reference-to-random_get_bytes.patch
+ eapply "${FILESDIR}/${P}-generate-libeap-peer.patch"
+
+ # multilib-strict fix (bug #373685)
+ sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile || die
+ fi
+
+ # bug (320097)
+ eapply "${FILESDIR}/${PN}-2.6-do-not-call-dbus-functions-with-NULL-path.patch"
+
+ # bug (640492)
+ sed -i 's#-Werror ##' wpa_supplicant/Makefile || die
+
+ #CVE-2019-16275 bug #696030
+ eapply "${FILESDIR}/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch"
+}
+
+src_configure() {
+ # Toolchain setup
+ tc-export CC
+
+ cp defconfig .config || die
+
+ # Basic setup
+ Kconfig_style_config CTRL_IFACE
+ Kconfig_style_config MATCH_IFACE
+ Kconfig_style_config BACKEND file
+ Kconfig_style_config IBSS_RSN
+ Kconfig_style_config IEEE80211W
+ Kconfig_style_config IEEE80211R
+ Kconfig_style_config HT_OVERRIDES
+ Kconfig_style_config VHT_OVERRIDES
+ Kconfig_style_config OCV
+ Kconfig_style_config TLSV11
+ Kconfig_style_config TLSV12
+ Kconfig_style_config GETRANDOM
+ Kconfig_style_config MBO
+
+ # Basic authentication methods
+ # NOTE: we don't set GPSK or SAKE as they conflict
+ # with the below options
+ Kconfig_style_config EAP_GTC
+ Kconfig_style_config EAP_MD5
+ Kconfig_style_config EAP_OTP
+ Kconfig_style_config EAP_PAX
+ Kconfig_style_config EAP_PSK
+ Kconfig_style_config IEEE8021X_EAPOL
+ Kconfig_style_config PKCS12
+ Kconfig_style_config PEERKEY
+ Kconfig_style_config EAP_LEAP
+ Kconfig_style_config EAP_MSCHAPV2
+ Kconfig_style_config EAP_PEAP
+ Kconfig_style_config EAP_TEAP
+ Kconfig_style_config EAP_TLS
+ Kconfig_style_config EAP_TTLS
+
+ # Enabling background scanning.
+ Kconfig_style_config BGSCAN_SIMPLE
+ Kconfig_style_config BGSCAN_LEARN
+
+ if use dbus ; then
+ Kconfig_style_config CTRL_IFACE_DBUS
+ Kconfig_style_config CTRL_IFACE_DBUS_NEW
+ Kconfig_style_config CTRL_IFACE_DBUS_INTRO
+ else
+ Kconfig_style_config CTRL_IFACE_DBUS n
+ Kconfig_style_config CTRL_IFACE_DBUS_NEW n
+ Kconfig_style_config CTRL_IFACE_DBUS_INTRO n
+ fi
+
+ if use eapol_test ; then
+ Kconfig_style_config EAPOL_TEST
+ fi
+
+ # Enable support for writing debug info to a log file and syslog.
+ Kconfig_style_config DEBUG_FILE
+ Kconfig_style_config DEBUG_SYSLOG
+
+ if use hs2-0 ; then
+ Kconfig_style_config INTERWORKING
+ Kconfig_style_config HS20
+ fi
+
+ if use uncommon-eap-types; then
+ Kconfig_style_config EAP_GPSK
+ Kconfig_style_config EAP_SAKE
+ Kconfig_style_config EAP_GPSK_SHA256
+ Kconfig_style_config EAP_IKEV2
+ Kconfig_style_config EAP_EKE
+ fi
+
+ if use eap-sim ; then
+ # Smart card authentication
+ Kconfig_style_config EAP_SIM
+ Kconfig_style_config EAP_AKA
+ Kconfig_style_config EAP_AKA_PRIME
+ Kconfig_style_config PCSC
+ fi
+
+ if use fasteap ; then
+ Kconfig_style_config EAP_FAST
+ fi
+
+ if use readline ; then
+ # readline/history support for wpa_cli
+ Kconfig_style_config READLINE
+ else
+ #internal line edit mode for wpa_cli
+ Kconfig_style_config WPA_CLI_EDIT
+ fi
+
+ Kconfig_style_config TLS openssl
+ Kconfig_style_config FST
+ if ! use bindist || use libressl; then
+ Kconfig_style_config EAP_PWD
+ if use fils; then
+ Kconfig_style_config FILS
+ Kconfig_style_config FILS_SK_PFS
+ fi
+ # Enabling mesh networks.
+ Kconfig_style_config MESH
+ #WPA3
+ Kconfig_style_config OWE
+ Kconfig_style_config SAE
+ Kconfig_style_config DPP
+ Kconfig_style_config SUITEB192
+ fi
+ if ! use bindist && ! use libressl; then
+ Kconfig_style_config SUITEB
+ fi
+
+ if use smartcard ; then
+ Kconfig_style_config SMARTCARD
+ else
+ Kconfig_style_config SMARTCARD n
+ fi
+
+ if use tdls ; then
+ Kconfig_style_config TDLS
+ fi
+
+ if use kernel_linux ; then
+ # Linux specific drivers
+ Kconfig_style_config DRIVER_ATMEL
+ Kconfig_style_config DRIVER_HOSTAP
+ Kconfig_style_config DRIVER_IPW
+ Kconfig_style_config DRIVER_NL80211
+ Kconfig_style_config DRIVER_RALINK
+ Kconfig_style_config DRIVER_WEXT
+ Kconfig_style_config DRIVER_WIRED
+
+ if use macsec ; then
+ #requires something, no idea what
+ #Kconfig_style_config DRIVER_MACSEC_QCA
+ Kconfig_style_config DRIVER_MACSEC_LINUX
+ Kconfig_style_config MACSEC
+ fi
+
+ if use ps3 ; then
+ Kconfig_style_config DRIVER_PS3
+ fi
+
+ elif use kernel_FreeBSD ; then
+ # FreeBSD specific driver
+ Kconfig_style_config DRIVER_BSD
+ fi
+
+ # Wi-Fi Protected Setup (WPS)
+ if use wps ; then
+ Kconfig_style_config WPS
+ Kconfig_style_config WPS2
+ # USB Flash Drive
+ Kconfig_style_config WPS_UFD
+ # External Registrar
+ Kconfig_style_config WPS_ER
+ # Universal Plug'n'Play
+ Kconfig_style_config WPS_UPNP
+ # Near Field Communication
+ Kconfig_style_config WPS_NFC
+ else
+ Kconfig_style_config WPS n
+ fi
+
+ # Wi-Fi Direct (WiDi)
+ if use p2p ; then
+ Kconfig_style_config P2P
+ Kconfig_style_config WIFI_DISPLAY
+ fi
+
+ # Access Point Mode
+ if use ap ; then
+ Kconfig_style_config AP
+ else
+ Kconfig_style_config AP n
+ fi
+
+ # Enable essentials for AP/P2P
+ if use ap || use p2p ; then
+ # Enabling HT support (802.11n)
+ Kconfig_style_config IEEE80211N
+
+ # Enabling VHT support (802.11ac)
+ Kconfig_style_config IEEE80211AC
+ fi
+
+ # Enable mitigation against certain attacks against TKIP
+ Kconfig_style_config DELAYED_MIC_ERROR_REPORT
+
+ if use privsep ; then
+ Kconfig_style_config PRIVSEP
+ fi
+
+ # If we are using libnl 2.0 and above, enable support for it
+ # Bug 382159
+ # Removed for now, since the 3.2 version is broken, and we don't
+ # support it.
+ if has_version ">=dev-libs/libnl-3.2"; then
+ Kconfig_style_config LIBNL32
+ fi
+
+ if use qt5 ; then
+ pushd "${S}"/wpa_gui-qt4 > /dev/null || die
+ eqmake5 wpa_gui.pro
+ popd > /dev/null || die
+ fi
+}
+
+src_compile() {
+ einfo "Building wpa_supplicant"
+ emake V=1 BINDIR=/usr/sbin
+
+ if use wimax; then
+ emake -C ../src/eap_peer clean
+ emake -C ../src/eap_peer
+ fi
+
+ if use qt5; then
+ einfo "Building wpa_gui"
+ emake -C "${S}"/wpa_gui-qt4
+ fi
+
+ if use eapol_test ; then
+ emake eapol_test
+ fi
+}
+
+src_install() {
+ dosbin wpa_supplicant
+ use privsep && dosbin wpa_priv
+ dobin wpa_cli wpa_passphrase
+
+ # baselayout-1 compat
+ if has_version "<sys-apps/baselayout-2.0.0"; then
+ dodir /sbin
+ dosym ../usr/sbin/wpa_supplicant /sbin/wpa_supplicant
+ dodir /bin
+ dosym ../usr/bin/wpa_cli /bin/wpa_cli
+ fi
+
+ if has_version ">=sys-apps/openrc-0.5.0"; then
+ newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant
+ newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant
+ fi
+
+ exeinto /etc/wpa_supplicant/
+ newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh
+
+ readme.gentoo_create_doc
+ dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \
+ wpa_supplicant.conf
+
+ newdoc .config build-config
+
+ if [ "${PV}" != "9999" ]; then
+ doman doc/docbook/*.{5,8}
+ fi
+
+ if use qt5 ; then
+ into /usr
+ dobin wpa_gui-qt4/wpa_gui
+ doicon wpa_gui-qt4/icons/wpa_gui.svg
+ domenu wpa_gui-qt4/wpa_gui.desktop
+ else
+ rm "${ED}"/usr/share/man/man8/wpa_gui.8
+ fi
+
+ use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install
+
+ if use dbus ; then
+ pushd "${S}"/dbus > /dev/null || die
+ insinto /etc/dbus-1/system.d
+ newins dbus-wpa_supplicant.conf wpa_supplicant.conf
+ insinto /usr/share/dbus-1/system-services
+ doins fi.w1.wpa_supplicant1.service
+ popd > /dev/null || die
+
+ # This unit relies on dbus support, bug 538600.
+ systemd_dounit systemd/wpa_supplicant.service
+ fi
+
+ if use eapol_test ; then
+ dobin eapol_test
+ fi
+
+ systemd_dounit "systemd/wpa_supplicant@.service"
+ systemd_dounit "systemd/wpa_supplicant-nl80211@.service"
+ systemd_dounit "systemd/wpa_supplicant-wired@.service"
+}
+
+pkg_postinst() {
+ readme.gentoo_print_elog
+
+ if [[ -e "${EROOT%/}"/etc/wpa_supplicant.conf ]] ; then
+ echo
+ ewarn "WARNING: your old configuration file ${EROOT%/}/etc/wpa_supplicant.conf"
+ ewarn "needs to be moved to ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf"
+ fi
+
+ if use bindist; then
+ if ! use libressl; then
+ ewarn "Using bindist use flag presently breaks WPA3 (specifically SAE, OWE, DPP, and FILS)."
+ ewarn "This is incredibly undesirable"
+ fi
+ fi
+ if use libressl; then
+ ewarn "Libressl doesn't support SUITEB (part of WPA3)"
+ ewarn "but it does support SUITEB192 (the upgraded strength version of the same)"
+ ewarn "You probably don't care. Patches welcome"
+ fi
+
+ # Mea culpa, feel free to remove that after some time --mgorny.
+ local fn
+ for fn in wpa_supplicant{,@wlan0}.service; do
+ if [[ -e "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} ]]
+ then
+ ebegin "Moving ${fn} to multi-user.target"
+ mv "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} \
+ "${EROOT%/}"/etc/systemd/system/multi-user.target.wants/ || die
+ eend ${?} \
+ "Please try to re-enable ${fn}"
+ fi
+ done
+
+ systemd_reenable wpa_supplicant.service
+}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/, net-wireless/wpa_supplicant/
@ 2023-08-26 9:30 Pacho Ramos
0 siblings, 0 replies; 8+ messages in thread
From: Pacho Ramos @ 2023-08-26 9:30 UTC (permalink / raw
To: gentoo-commits
commit: 862d4997853b3de3fb3507c997a254ae24d84576
Author: Pacho Ramos <pacho <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 26 09:29:18 2023 +0000
Commit: Pacho Ramos <pacho <AT> gentoo <DOT> org>
CommitDate: Sat Aug 26 09:29:18 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=862d4997
net-wireless/wpa_supplicant: Fix openssl3 TLS/EAP regression
Apply Debian/Fedora patches to fix regression with openssl3 causing some wifi
connections (i.e. Eduroam) to fail.
Closes: https://bugs.gentoo.org/912315
Signed-off-by: Pacho Ramos <pacho <AT> gentoo.org>
...p-security-level-to-0-with-OpenSSL-3.0-wh.patch | 57 ++++++++++++++++++++++
...upplicant-2.10-allow-legacy-renegotiation.patch | 30 ++++++++++++
...t-9999.ebuild => wpa_supplicant-2.10-r3.ebuild} | 4 ++
.../wpa_supplicant/wpa_supplicant-9999.ebuild | 3 ++
4 files changed, 94 insertions(+)
diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.10-Drop-security-level-to-0-with-OpenSSL-3.0-wh.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.10-Drop-security-level-to-0-with-OpenSSL-3.0-wh.patch
new file mode 100644
index 000000000000..18f879c9f39f
--- /dev/null
+++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.10-Drop-security-level-to-0-with-OpenSSL-3.0-wh.patch
@@ -0,0 +1,57 @@
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 22 May 2022 17:01:35 +0300
+Subject: OpenSSL: Drop security level to 0 with OpenSSL 3.0 when using TLS 1.0/1.1
+
+Commit 9afb68b03976 ("OpenSSL: Allow systemwide secpolicy overrides for
+TLS version") with commit 58bbcfa31b18 ("OpenSSL: Update security level
+drop for TLS 1.0/1.1 with OpenSSL 3.0") allow this workaround to be
+enabled with an explicit network configuration parameter. However, the
+default settings are still allowing TLS 1.0 and 1.1 to be negotiated
+just to see them fail immediately when using OpenSSL 3.0. This is not
+exactly helpful especially when the OpenSSL error message for this
+particular case is "internal error" which does not really say anything
+about the reason for the error.
+
+It is is a bit inconvenient to update the security policy for this
+particular issue based on the negotiated TLS version since that happens
+in the middle of processing for the first message from the server.
+However, this can be done by using the debug callback for printing out
+the received TLS messages during processing.
+
+Drop the OpenSSL security level to 0 if that is the only option to
+continue the TLS negotiation, i.e., when TLS 1.0/1.1 are still allowed
+in wpa_supplicant default configuration and OpenSSL 3.0 with the
+constraint on MD5-SHA1 use.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+
+Bug-Debian: https://bugs.debian.org/1011121
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1958267
+Origin: upstream, commit:bc99366f9b960150aa2e369048bbc2218c1d414e
+---
+ src/crypto/tls_openssl.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index 6602ac64f591..78621d926dab 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -1557,6 +1557,15 @@ static void tls_msg_cb(int write_p, int version, int content_type,
+ struct tls_connection *conn = arg;
+ const u8 *pos = buf;
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++ if ((SSL_version(ssl) == TLS1_VERSION ||
++ SSL_version(ssl) == TLS1_1_VERSION) &&
++ SSL_get_security_level(ssl) > 0) {
++ wpa_printf(MSG_DEBUG,
++ "OpenSSL: Drop security level to 0 to allow TLS 1.0/1.1 use of MD5-SHA1 signature algorithm");
++ SSL_set_security_level(ssl, 0);
++ }
++#endif /* OpenSSL version >= 3.0 */
+ if (write_p == 2) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: session ver=0x%x content_type=%d",
+--
+2.39.0
+
diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.10-allow-legacy-renegotiation.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.10-allow-legacy-renegotiation.patch
new file mode 100644
index 000000000000..574973fe6fe5
--- /dev/null
+++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.10-allow-legacy-renegotiation.patch
@@ -0,0 +1,30 @@
+From: James Ralston <ralston@pobox.com>
+Date: Sun, 1 May 2022 16:15:23 -0700
+Subject: Allow legacy renegotiation to fix PEAP issues with some servers
+
+Upstream: http://lists.infradead.org/pipermail/hostap/2022-May/040511.html
+---
+ src/crypto/tls_openssl.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index 273e5cb..ad3aa1a 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -1056,6 +1056,16 @@ void * tls_init(const struct tls_config *conf)
+ SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
+ SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
+
++ /* Many enterprise PEAP server implementations (e.g. used in large
++ corporations and universities) do not support RFC5746 secure
++ renegotiation, and starting with OpenSSL 3.0,
++ SSL_OP_LEGACY_SERVER_CONNECT is no longer set as part of SSL_OP_ALL.
++ So until we implement a way to request SSL_OP_LEGACY_SERVER_CONNECT
++ only in EAP peer mode, just set SSL_OP_LEGACY_SERVER_CONNECT
++ globally. */
++
++ SSL_CTX_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
++
+ SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+
+ #ifdef SSL_MODE_NO_AUTO_CHAIN
diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.10-r3.ebuild
similarity index 98%
copy from net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
copy to net-wireless/wpa_supplicant/wpa_supplicant-2.10-r3.ebuild
index 656297bfa793..d04e2429d769 100644
--- a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.10-r3.ebuild
@@ -122,6 +122,10 @@ src_prepare() {
# bug (320097)
eapply "${FILESDIR}/${PN}-2.6-do-not-call-dbus-functions-with-NULL-path.patch"
+ # bug (912315)
+ eapply "${FILESDIR}/${PN}-2.10-allow-legacy-renegotiation.patch"
+ eapply "${FILESDIR}/${P}-Drop-security-level-to-0-with-OpenSSL-3.0-wh.patch"
+
# bug (640492)
sed -i 's#-Werror ##' wpa_supplicant/Makefile || die
}
diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
index 656297bfa793..8c93c31c2554 100644
--- a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
@@ -122,6 +122,9 @@ src_prepare() {
# bug (320097)
eapply "${FILESDIR}/${PN}-2.6-do-not-call-dbus-functions-with-NULL-path.patch"
+ # bug (912315)
+ eapply "${FILESDIR}/${PN}-2.10-allow-legacy-renegotiation.patch"
+
# bug (640492)
sed -i 's#-Werror ##' wpa_supplicant/Makefile || die
}
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/, net-wireless/wpa_supplicant/
@ 2024-05-08 1:26 Mike Gilbert
0 siblings, 0 replies; 8+ messages in thread
From: Mike Gilbert @ 2024-05-08 1:26 UTC (permalink / raw
To: gentoo-commits
commit: ace10427ce3ffe912d349cd8aea32673ecd719d9
Author: Matoro Mahri <matoro_gentoo <AT> matoro <DOT> tk>
AuthorDate: Thu Feb 29 19:42:14 2024 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed May 8 01:22:38 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ace10427
net-wireless/wpa_supplicant: call service stop on AP disconnect
Lot of discussion in the primary ticket for this, but apparently
multiple users report that previously connected wifi does not come up on
resume from suspend. This is due to the original implementation
wpa_cli.sh not stopping the service, which was to avoid taking the
interface down, which would interfere with wpa_supplicant which needs
the interface to be up. However, nowadays we set IN_BACKGROUND which
takes care of preventing the interface from being taken down, so it's
safe to stop the service. If the service isn't stopped, then trying to
start the service on reconnection is a no-op (because the service is
already started).
Closes: https://bugs.gentoo.org/591752
Closes: https://bugs.gentoo.org/909574
Signed-off-by: Matoro Mahri <matoro_gentoo <AT> matoro.tk>
Closes: https://github.com/gentoo/gentoo/pull/35579
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
net-wireless/wpa_supplicant/files/wpa_cli-r1.sh | 44 ++++++++++++++++++++++
...t-9999.ebuild => wpa_supplicant-2.10-r5.ebuild} | 4 +-
.../wpa_supplicant/wpa_supplicant-9999.ebuild | 2 +-
3 files changed, 47 insertions(+), 3 deletions(-)
diff --git a/net-wireless/wpa_supplicant/files/wpa_cli-r1.sh b/net-wireless/wpa_supplicant/files/wpa_cli-r1.sh
new file mode 100644
index 000000000000..dc852f427f4c
--- /dev/null
+++ b/net-wireless/wpa_supplicant/files/wpa_cli-r1.sh
@@ -0,0 +1,44 @@
+#!/bin/sh
+# Copyright 1999-2011 Gentoo Foundation
+# Written by Roy Marples <uberlord@gentoo.org>
+# Distributed under the terms of the GNU General Public License v2
+# Alternatively, this file may be distributed under the terms of the BSD License
+
+if [ -z "$1" -o -z "$2" ]; then
+ logger -t wpa_cli "Insufficient parameters"
+ exit 1
+fi
+
+INTERFACE="$1"
+ACTION="$2"
+
+# Note, the below action must NOT mark the interface down via ifconfig, ip or
+# similar. Addresses can be removed, changed and daemons can be stopped, but
+# the interface must remain up for wpa_supplicant to work.
+
+if [ -f /etc/gentoo-release ]; then
+ EXEC="/etc/init.d/net.${INTERFACE} --quiet"
+else
+ logger -t wpa_cli "I don't know what to do with this distro!"
+ exit 1
+fi
+
+case ${ACTION} in
+ CONNECTED)
+ EXEC="${EXEC} start"
+ ;;
+ DISCONNECTED)
+ EXEC="${EXEC} --nodeps stop"
+ ;;
+ *)
+ logger -t wpa_cli "Unknown action ${ACTION}"
+ exit 1
+ ;;
+esac
+
+# ${EXEC} can use ${IN_BACKGROUND} so that it knows that the user isn't
+# stopping the interface and a background process - like wpa_cli - is.
+export IN_BACKGROUND=true
+
+logger -t wpa_cli "interface ${INTERFACE} ${ACTION}"
+${EXEC} || logger -t wpa_cli "executing '${EXEC}' failed"
diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.10-r5.ebuild
similarity index 98%
copy from net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
copy to net-wireless/wpa_supplicant/wpa_supplicant-2.10-r5.ebuild
index 5778596a4275..2a500901cf60 100644
--- a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.10-r5.ebuild
@@ -13,7 +13,7 @@ if [ "${PV}" = "9999" ]; then
inherit git-r3
EGIT_REPO_URI="https://w1.fi/hostap.git"
else
- KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~loong ~mips ppc ppc64 ~riscv ~sparc x86"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
SRC_URI="https://w1.fi/releases/${P}.tar.gz"
fi
@@ -393,7 +393,7 @@ src_install() {
newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant
exeinto /etc/wpa_supplicant/
- newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh
+ newexe "${FILESDIR}/wpa_cli-r1.sh" wpa_cli.sh
readme.gentoo_create_doc
dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \
diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
index 5778596a4275..75c7a436d746 100644
--- a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
@@ -393,7 +393,7 @@ src_install() {
newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant
exeinto /etc/wpa_supplicant/
- newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh
+ newexe "${FILESDIR}/wpa_cli-r1.sh" wpa_cli.sh
readme.gentoo_create_doc
dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \
^ permalink raw reply related [flat|nested] 8+ messages in thread
end of thread, other threads:[~2024-05-08 1:26 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-04-19 2:10 [gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/, net-wireless/wpa_supplicant/ Aaron Bauman
-- strict thread matches above, loose matches on Subject: below --
2024-05-08 1:26 Mike Gilbert
2023-08-26 9:30 Pacho Ramos
2019-11-04 16:35 Rick Farina
2019-01-14 1:42 Rick Farina
2018-12-05 22:08 Rick Farina
2015-11-16 11:40 Bjarke Istrup Pedersen
2015-10-05 22:48 Richard Farina
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox