From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1341878-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 02FF3158086
	for <garchives@archives.gentoo.org>; Sun, 21 Nov 2021 12:31:20 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 3AEAFE0843;
	Sun, 21 Nov 2021 12:31:19 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id B245BE0843
	for <gentoo-commits@lists.gentoo.org>; Sun, 21 Nov 2021 12:31:18 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 896D134301F
	for <gentoo-commits@lists.gentoo.org>; Sun, 21 Nov 2021 12:31:17 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 04EF51C8
	for <gentoo-commits@lists.gentoo.org>; Sun, 21 Nov 2021 12:31:16 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1637497825.86f2873941b8049bfd376569e7871c74782257f4.sam@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-wireless/wpa_supplicant/wpa_supplicant-2.9-r6.ebuild net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
X-VCS-Directories: net-wireless/wpa_supplicant/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: 86f2873941b8049bfd376569e7871c74782257f4
X-VCS-Branch: master
Date: Sun, 21 Nov 2021 12:31:16 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 0aae1944-d898-447f-9d3f-d323f8f85e09
X-Archives-Hash: 6a83cb78c34affed830a57f273cf631b

commit:     86f2873941b8049bfd376569e7871c74782257f4
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 21 12:25:43 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Nov 21 12:30:25 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=86f28739

net-wireless/wpa_supplicant: make crda optional

Since the bug was originally filed, the situation
has changed and upstream now _discourage_ CRDA usage.

Let's make it optional to avoid pulling in m2crypto
on smaller devices.

Keeping it on by default (for now?) to avoid
breaking existing setups.

Closes: https://bugs.gentoo.org/462032
Thanks-to: Michael Weiser <michael <AT> weiser.dinsnail.net>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 ...nt-9999.ebuild => wpa_supplicant-2.9-r6.ebuild} | 41 ++++++++++++++++++++--
 .../wpa_supplicant/wpa_supplicant-9999.ebuild      | 32 +++++++++++++++--
 2 files changed, 67 insertions(+), 6 deletions(-)

diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r6.ebuild
similarity index 87%
copy from net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
copy to net-wireless/wpa_supplicant/wpa_supplicant-2.9-r6.ebuild
index 97cde554f0db..d2ef0b6caa03 100644
--- a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r6.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=7
 
-inherit desktop qmake-utils readme.gentoo-r1 systemd toolchain-funcs
+inherit desktop linux-info qmake-utils readme.gentoo-r1 systemd toolchain-funcs
 
 DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers"
 HOMEPAGE="https://w1.fi/wpa_supplicant/"
@@ -13,12 +13,13 @@ if [ "${PV}" = "9999" ]; then
 	inherit git-r3
 	EGIT_REPO_URI="https://w1.fi/hostap.git"
 else
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
 	SRC_URI="https://w1.fi/releases/${P}.tar.gz"
+	SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${PN}-2.9-r3-patches.tar.bz2"
 fi
 
 SLOT="0"
-IUSE="ap bindist broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
+IUSE="ap bindist +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
 
 # CONFIG_PRIVSEP=y does not have sufficient support for the new driver
 # interface functions used for MACsec, so this combination cannot be used
@@ -51,6 +52,10 @@ DEPEND="
 "
 RDEPEND="${DEPEND}
 	selinux? ( sec-policy/selinux-networkmanager )
+	kernel_linux? (
+		net-wireless/wireless-regdb
+		crda? ( net-wireless/crda )
+	)
 "
 BDEPEND="virtual/pkgconfig"
 
@@ -84,6 +89,28 @@ Kconfig_style_config() {
 		fi
 }
 
+pkg_pretend() {
+	CONFIG_CHECK=""
+
+	if use crda ; then
+		CONFIG_CHECK="${CONFIG_CHECK} ~CFG80211_CRDA_SUPPORT"
+		WARNING_CFG80211_CRDA_SUPPORT="REGULATORY DOMAIN PROBLEM: please enable CFG80211_CRDA_SUPPORT for proper regulatory domain support"
+	fi
+
+	check_extra_config
+
+	if ! use crda ; then
+		if linux_config_exists && linux_chkconfig_builtin CFG80211 &&
+			[[ $(linux_chkconfig_string EXTRA_FIRMWARE) != *regulatory.db* ]]
+		then
+			ewarn "REGULATORY DOMAIN PROBLEM:"
+			ewarn "With CONFIG_CFG80211=y (built-in), the driver won't be able to load regulatory.db from"
+			ewarn " /lib/firmware, resulting in broken regulatory domain support.  Please set CONFIG_CFG80211=m"
+			ewarn " or add regulatory.db and regulatory.db.p7s to CONFIG_EXTRA_FIRMWARE."
+		fi
+	fi
+}
+
 src_prepare() {
 	default
 
@@ -125,6 +152,14 @@ src_prepare() {
 
 	# bug (640492)
 	sed -i 's#-Werror ##' wpa_supplicant/Makefile || die
+
+	## Security patches
+	# CVE-2019-16275 (bug #696030)
+	eapply "${FILESDIR}/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch"
+	# 2020-2, 2021-1 security advisories (bug #768759)
+	eapply "${WORKDIR}"/wpa_supplicant-2.9-r3-patches/security-{2020-2,2021-1}/*.patch
+	# CVE-2021-30004 (bug #780138)
+	eapply "${WORKDIR}"/wpa_supplicant-2.9-r3-patches/misc/CVE-2021-30004.patch
 }
 
 src_configure() {

diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
index 97cde554f0db..92aa484c96d9 100644
--- a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=7
 
-inherit desktop qmake-utils readme.gentoo-r1 systemd toolchain-funcs
+inherit desktop linux-info qmake-utils readme.gentoo-r1 systemd toolchain-funcs
 
 DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers"
 HOMEPAGE="https://w1.fi/wpa_supplicant/"
@@ -13,12 +13,12 @@ if [ "${PV}" = "9999" ]; then
 	inherit git-r3
 	EGIT_REPO_URI="https://w1.fi/hostap.git"
 else
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
 	SRC_URI="https://w1.fi/releases/${P}.tar.gz"
 fi
 
 SLOT="0"
-IUSE="ap bindist broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
+IUSE="ap bindist +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
 
 # CONFIG_PRIVSEP=y does not have sufficient support for the new driver
 # interface functions used for MACsec, so this combination cannot be used
@@ -51,6 +51,10 @@ DEPEND="
 "
 RDEPEND="${DEPEND}
 	selinux? ( sec-policy/selinux-networkmanager )
+	kernel_linux? (
+		net-wireless/wireless-regdb
+		crda? ( net-wireless/crda )
+	)
 "
 BDEPEND="virtual/pkgconfig"
 
@@ -84,6 +88,28 @@ Kconfig_style_config() {
 		fi
 }
 
+pkg_pretend() {
+	CONFIG_CHECK=""
+
+	if use crda ; then
+		CONFIG_CHECK="${CONFIG_CHECK} ~CFG80211_CRDA_SUPPORT"
+		WARNING_CFG80211_CRDA_SUPPORT="REGULATORY DOMAIN PROBLEM: please enable CFG80211_CRDA_SUPPORT for proper regulatory domain support"
+	fi
+
+	check_extra_config
+
+	if ! use crda ; then
+		if linux_config_exists && linux_chkconfig_builtin CFG80211 &&
+			[[ $(linux_chkconfig_string EXTRA_FIRMWARE) != *regulatory.db* ]]
+		then
+			ewarn "REGULATORY DOMAIN PROBLEM:"
+			ewarn "With CONFIG_CFG80211=y (built-in), the driver won't be able to load regulatory.db from"
+			ewarn " /lib/firmware, resulting in broken regulatory domain support.  Please set CONFIG_CFG80211=m"
+			ewarn " or add regulatory.db and regulatory.db.p7s to CONFIG_EXTRA_FIRMWARE."
+		fi
+	fi
+}
+
 src_prepare() {
 	default