summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSam James <sam@gentoo.org>2021-12-03 04:06:43 +0000
committerSam James <sam@gentoo.org>2021-12-03 04:26:18 +0000
commitf448b05c0c596479972d0fed25847fabd277f26b (patch)
tree0e2cfe0180703d7644814c0ac8987425ad3c6bca /net-wireless
parentapp-emulation/snapd: Bump to version 2.53.4 (diff)
downloadgentoo-f448b05c0c596479972d0fed25847fabd277f26b.tar.gz
gentoo-f448b05c0c596479972d0fed25847fabd277f26b.tar.bz2
gentoo-f448b05c0c596479972d0fed25847fabd277f26b.zip
net-wireless/wpa_supplicant: drop OpenSSL bindist kludge
Not needed anymore now that (stable) OpenSSL now lacks USE=bindist; see news item for more information. Originally added in fed37693d6442a4ec65e121c80ad2f52b6d93335, the changes were/are just to allow building wpa_supplicant against openssl[bindist] rather than anything shipped within wpa_supplicant that might have patent issues, etc. Bug: https://bugs.gentoo.org/762850 Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'net-wireless')
-rw-r--r--net-wireless/wpa_supplicant/wpa_supplicant-2.9-r7.ebuild (renamed from net-wireless/wpa_supplicant/wpa_supplicant-2.9-r6.ebuild)40
-rw-r--r--net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild49
2 files changed, 43 insertions, 46 deletions
diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r6.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r7.ebuild
index 5e770398c338..2935a7227ab1 100644
--- a/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r6.ebuild
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r7.ebuild
@@ -19,7 +19,7 @@ else
fi
SLOT="0"
-IUSE="ap bindist +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
+IUSE="ap +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
# CONFIG_PRIVSEP=y does not have sufficient support for the new driver
# interface functions used for MACsec, so this combination cannot be used
@@ -264,24 +264,23 @@ src_configure() {
Kconfig_style_config TLS openssl
Kconfig_style_config FST
- if ! use bindist ; then
- Kconfig_style_config EAP_PWD
- if use fils; then
- Kconfig_style_config FILS
- Kconfig_style_config FILS_SK_PFS
- fi
- if use mesh; then
- Kconfig_style_config MESH
- else
- Kconfig_style_config MESH n
- fi
- #WPA3
- Kconfig_style_config OWE
- Kconfig_style_config SAE
- Kconfig_style_config DPP
- Kconfig_style_config SUITEB192
- Kconfig_style_config SUITEB
+
+ Kconfig_style_config EAP_PWD
+ if use fils; then
+ Kconfig_style_config FILS
+ Kconfig_style_config FILS_SK_PFS
fi
+ if use mesh; then
+ Kconfig_style_config MESH
+ else
+ Kconfig_style_config MESH n
+ fi
+ # WPA3
+ Kconfig_style_config OWE
+ Kconfig_style_config SAE
+ Kconfig_style_config DPP
+ Kconfig_style_config SUITEB192
+ Kconfig_style_config SUITEB
if use smartcard ; then
Kconfig_style_config SMARTCARD
@@ -478,11 +477,6 @@ pkg_postinst() {
ewarn "needs to be moved to ${EROOT}/etc/wpa_supplicant/wpa_supplicant.conf"
fi
- if use bindist; then
- ewarn "Using bindist use flag presently breaks WPA3 (specifically SAE, OWE, DPP, and FILS)."
- ewarn "This is incredibly undesirable"
- fi
-
# Mea culpa, feel free to remove that after some time --mgorny.
local fn
for fn in wpa_supplicant{,@wlan0}.service; do
diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
index 0420a22e8dc9..2935a7227ab1 100644
--- a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
@@ -15,10 +15,11 @@ if [ "${PV}" = "9999" ]; then
else
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
SRC_URI="https://w1.fi/releases/${P}.tar.gz"
+ SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${PN}-2.9-r3-patches.tar.bz2"
fi
SLOT="0"
-IUSE="ap bindist +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
+IUSE="ap +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
# CONFIG_PRIVSEP=y does not have sufficient support for the new driver
# interface functions used for MACsec, so this combination cannot be used
@@ -150,6 +151,14 @@ src_prepare() {
# bug (640492)
sed -i 's#-Werror ##' wpa_supplicant/Makefile || die
+
+ ## Security patches
+ # CVE-2019-16275 (bug #696030)
+ eapply "${FILESDIR}/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch"
+ # 2020-2, 2021-1 security advisories (bug #768759)
+ eapply "${WORKDIR}"/wpa_supplicant-2.9-r3-patches/security-{2020-2,2021-1}/*.patch
+ # CVE-2021-30004 (bug #780138)
+ eapply "${WORKDIR}"/wpa_supplicant-2.9-r3-patches/misc/CVE-2021-30004.patch
}
src_configure() {
@@ -255,24 +264,23 @@ src_configure() {
Kconfig_style_config TLS openssl
Kconfig_style_config FST
- if ! use bindist ; then
- Kconfig_style_config EAP_PWD
- if use fils; then
- Kconfig_style_config FILS
- Kconfig_style_config FILS_SK_PFS
- fi
- if use mesh; then
- Kconfig_style_config MESH
- else
- Kconfig_style_config MESH n
- fi
- #WPA3
- Kconfig_style_config OWE
- Kconfig_style_config SAE
- Kconfig_style_config DPP
- Kconfig_style_config SUITEB192
- Kconfig_style_config SUITEB
+
+ Kconfig_style_config EAP_PWD
+ if use fils; then
+ Kconfig_style_config FILS
+ Kconfig_style_config FILS_SK_PFS
fi
+ if use mesh; then
+ Kconfig_style_config MESH
+ else
+ Kconfig_style_config MESH n
+ fi
+ # WPA3
+ Kconfig_style_config OWE
+ Kconfig_style_config SAE
+ Kconfig_style_config DPP
+ Kconfig_style_config SUITEB192
+ Kconfig_style_config SUITEB
if use smartcard ; then
Kconfig_style_config SMARTCARD
@@ -469,11 +477,6 @@ pkg_postinst() {
ewarn "needs to be moved to ${EROOT}/etc/wpa_supplicant/wpa_supplicant.conf"
fi
- if use bindist; then
- ewarn "Using bindist use flag presently breaks WPA3 (specifically SAE, OWE, DPP, and FILS)."
- ewarn "This is incredibly undesirable"
- fi
-
# Mea culpa, feel free to remove that after some time --mgorny.
local fn
for fn in wpa_supplicant{,@wlan0}.service; do