[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/

Thu, 02 Dec 2021 20:26:36 -0800 

commit:     f448b05c0c596479972d0fed25847fabd277f26b
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Dec  3 04:06:43 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Dec  3 04:26:18 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f448b05c

net-wireless/wpa_supplicant: drop OpenSSL bindist kludge

Not needed anymore now that (stable) OpenSSL now lacks USE=bindist;
see news item for more information.

Originally added in fed37693d6442a4ec65e121c80ad2f52b6d93335, the
changes were/are just to allow building wpa_supplicant against
openssl[bindist] rather than anything shipped within wpa_supplicant
that might have patent issues, etc.

Bug: https://bugs.gentoo.org/762850
Signed-off-by: Sam James <sam <AT> gentoo.org>

 ...-2.9-r6.ebuild => wpa_supplicant-2.9-r7.ebuild} | 40 ++++++++----------
 .../wpa_supplicant/wpa_supplicant-9999.ebuild      | 49 ++++++++++++----------
 2 files changed, 43 insertions(+), 46 deletions(-)

diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r6.ebuild 
b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r7.ebuild
similarity index 94%
rename from net-wireless/wpa_supplicant/wpa_supplicant-2.9-r6.ebuild
rename to net-wireless/wpa_supplicant/wpa_supplicant-2.9-r7.ebuild
index 5e770398c338..2935a7227ab1 100644
--- a/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r6.ebuild
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r7.ebuild
@@ -19,7 +19,7 @@ else
 fi
 
 SLOT="0"
-IUSE="ap bindist +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils 
+hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls 
uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
+IUSE="ap +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 
macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls 
uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
 
 # CONFIG_PRIVSEP=y does not have sufficient support for the new driver
 # interface functions used for MACsec, so this combination cannot be used
@@ -264,24 +264,23 @@ src_configure() {
 
        Kconfig_style_config TLS openssl
        Kconfig_style_config FST
-       if ! use bindist ; then
-               Kconfig_style_config EAP_PWD
-               if use fils; then
-                       Kconfig_style_config FILS
-                       Kconfig_style_config FILS_SK_PFS
-               fi
-               if use mesh; then
-                       Kconfig_style_config MESH
-               else
-                       Kconfig_style_config MESH n
-               fi
-               #WPA3
-               Kconfig_style_config OWE
-               Kconfig_style_config SAE
-               Kconfig_style_config DPP
-               Kconfig_style_config SUITEB192
-               Kconfig_style_config SUITEB
+
+       Kconfig_style_config EAP_PWD
+       if use fils; then
+               Kconfig_style_config FILS
+               Kconfig_style_config FILS_SK_PFS
        fi
+       if use mesh; then
+               Kconfig_style_config MESH
+       else
+               Kconfig_style_config MESH n
+       fi
+       # WPA3
+       Kconfig_style_config OWE
+       Kconfig_style_config SAE
+       Kconfig_style_config DPP
+       Kconfig_style_config SUITEB192
+       Kconfig_style_config SUITEB
 
        if use smartcard ; then
                Kconfig_style_config SMARTCARD
@@ -478,11 +477,6 @@ pkg_postinst() {
                ewarn "needs to be moved to 
${EROOT}/etc/wpa_supplicant/wpa_supplicant.conf"
        fi
 
-       if use bindist; then
-               ewarn "Using bindist use flag presently breaks WPA3 
(specifically SAE, OWE, DPP, and FILS)."
-               ewarn "This is incredibly undesirable"
-       fi
-
        # Mea culpa, feel free to remove that after some time --mgorny.
        local fn
        for fn in wpa_supplicant{,@wlan0}.service; do

diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild 
b/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
index 0420a22e8dc9..2935a7227ab1 100644
--- a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
@@ -15,10 +15,11 @@ if [ "${PV}" = "9999" ]; then
 else
        KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~riscv 
~sparc ~x86"
        SRC_URI="https://w1.fi/releases/${P}.tar.gz";
+       SRC_URI+=" 
https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${PN}-2.9-r3-patches.tar.bz2";
 fi
 
 SLOT="0"
-IUSE="ap bindist +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils 
+hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls 
uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
+IUSE="ap +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 
macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls 
uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
 
 # CONFIG_PRIVSEP=y does not have sufficient support for the new driver
 # interface functions used for MACsec, so this combination cannot be used
@@ -150,6 +151,14 @@ src_prepare() {
 
        # bug (640492)
        sed -i 's#-Werror ##' wpa_supplicant/Makefile || die
+
+       ## Security patches
+       # CVE-2019-16275 (bug #696030)
+       eapply 
"${FILESDIR}/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch"
+       # 2020-2, 2021-1 security advisories (bug #768759)
+       eapply 
"${WORKDIR}"/wpa_supplicant-2.9-r3-patches/security-{2020-2,2021-1}/*.patch
+       # CVE-2021-30004 (bug #780138)
+       eapply 
"${WORKDIR}"/wpa_supplicant-2.9-r3-patches/misc/CVE-2021-30004.patch
 }
 
 src_configure() {
@@ -255,24 +264,23 @@ src_configure() {
 
        Kconfig_style_config TLS openssl
        Kconfig_style_config FST
-       if ! use bindist ; then
-               Kconfig_style_config EAP_PWD
-               if use fils; then
-                       Kconfig_style_config FILS
-                       Kconfig_style_config FILS_SK_PFS
-               fi
-               if use mesh; then
-                       Kconfig_style_config MESH
-               else
-                       Kconfig_style_config MESH n
-               fi
-               #WPA3
-               Kconfig_style_config OWE
-               Kconfig_style_config SAE
-               Kconfig_style_config DPP
-               Kconfig_style_config SUITEB192
-               Kconfig_style_config SUITEB
+
+       Kconfig_style_config EAP_PWD
+       if use fils; then
+               Kconfig_style_config FILS
+               Kconfig_style_config FILS_SK_PFS
        fi
+       if use mesh; then
+               Kconfig_style_config MESH
+       else
+               Kconfig_style_config MESH n
+       fi
+       # WPA3
+       Kconfig_style_config OWE
+       Kconfig_style_config SAE
+       Kconfig_style_config DPP
+       Kconfig_style_config SUITEB192
+       Kconfig_style_config SUITEB
 
        if use smartcard ; then
                Kconfig_style_config SMARTCARD
@@ -469,11 +477,6 @@ pkg_postinst() {
                ewarn "needs to be moved to 
${EROOT}/etc/wpa_supplicant/wpa_supplicant.conf"
        fi
 
-       if use bindist; then
-               ewarn "Using bindist use flag presently breaks WPA3 
(specifically SAE, OWE, DPP, and FILS)."
-               ewarn "This is incredibly undesirable"
-       fi
-
        # Mea culpa, feel free to remove that after some time --mgorny.
        local fn
        for fn in wpa_supplicant{,@wlan0}.service; do

Reply via email to