diff options
author | Sam James <sam@gentoo.org> | 2021-12-03 04:06:43 +0000 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2021-12-03 04:26:18 +0000 |
commit | f448b05c0c596479972d0fed25847fabd277f26b (patch) | |
tree | 0e2cfe0180703d7644814c0ac8987425ad3c6bca /net-wireless | |
parent | app-emulation/snapd: Bump to version 2.53.4 (diff) | |
download | gentoo-f448b05c0c596479972d0fed25847fabd277f26b.tar.gz gentoo-f448b05c0c596479972d0fed25847fabd277f26b.tar.bz2 gentoo-f448b05c0c596479972d0fed25847fabd277f26b.zip |
net-wireless/wpa_supplicant: drop OpenSSL bindist kludge
Not needed anymore now that (stable) OpenSSL now lacks USE=bindist;
see news item for more information.
Originally added in fed37693d6442a4ec65e121c80ad2f52b6d93335, the
changes were/are just to allow building wpa_supplicant against
openssl[bindist] rather than anything shipped within wpa_supplicant
that might have patent issues, etc.
Bug: https://bugs.gentoo.org/762850
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'net-wireless')
-rw-r--r-- | net-wireless/wpa_supplicant/wpa_supplicant-2.9-r7.ebuild (renamed from net-wireless/wpa_supplicant/wpa_supplicant-2.9-r6.ebuild) | 40 | ||||
-rw-r--r-- | net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild | 49 |
2 files changed, 43 insertions, 46 deletions
diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r6.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r7.ebuild index 5e770398c338..2935a7227ab1 100644 --- a/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r6.ebuild +++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r7.ebuild @@ -19,7 +19,7 @@ else fi SLOT="0" -IUSE="ap bindist +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD" +IUSE="ap +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD" # CONFIG_PRIVSEP=y does not have sufficient support for the new driver # interface functions used for MACsec, so this combination cannot be used @@ -264,24 +264,23 @@ src_configure() { Kconfig_style_config TLS openssl Kconfig_style_config FST - if ! use bindist ; then - Kconfig_style_config EAP_PWD - if use fils; then - Kconfig_style_config FILS - Kconfig_style_config FILS_SK_PFS - fi - if use mesh; then - Kconfig_style_config MESH - else - Kconfig_style_config MESH n - fi - #WPA3 - Kconfig_style_config OWE - Kconfig_style_config SAE - Kconfig_style_config DPP - Kconfig_style_config SUITEB192 - Kconfig_style_config SUITEB + + Kconfig_style_config EAP_PWD + if use fils; then + Kconfig_style_config FILS + Kconfig_style_config FILS_SK_PFS fi + if use mesh; then + Kconfig_style_config MESH + else + Kconfig_style_config MESH n + fi + # WPA3 + Kconfig_style_config OWE + Kconfig_style_config SAE + Kconfig_style_config DPP + Kconfig_style_config SUITEB192 + Kconfig_style_config SUITEB if use smartcard ; then Kconfig_style_config SMARTCARD @@ -478,11 +477,6 @@ pkg_postinst() { ewarn "needs to be moved to ${EROOT}/etc/wpa_supplicant/wpa_supplicant.conf" fi - if use bindist; then - ewarn "Using bindist use flag presently breaks WPA3 (specifically SAE, OWE, DPP, and FILS)." - ewarn "This is incredibly undesirable" - fi - # Mea culpa, feel free to remove that after some time --mgorny. local fn for fn in wpa_supplicant{,@wlan0}.service; do diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild index 0420a22e8dc9..2935a7227ab1 100644 --- a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild +++ b/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild @@ -15,10 +15,11 @@ if [ "${PV}" = "9999" ]; then else KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" SRC_URI="https://w1.fi/releases/${P}.tar.gz" + SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${PN}-2.9-r3-patches.tar.bz2" fi SLOT="0" -IUSE="ap bindist +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD" +IUSE="ap +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD" # CONFIG_PRIVSEP=y does not have sufficient support for the new driver # interface functions used for MACsec, so this combination cannot be used @@ -150,6 +151,14 @@ src_prepare() { # bug (640492) sed -i 's#-Werror ##' wpa_supplicant/Makefile || die + + ## Security patches + # CVE-2019-16275 (bug #696030) + eapply "${FILESDIR}/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch" + # 2020-2, 2021-1 security advisories (bug #768759) + eapply "${WORKDIR}"/wpa_supplicant-2.9-r3-patches/security-{2020-2,2021-1}/*.patch + # CVE-2021-30004 (bug #780138) + eapply "${WORKDIR}"/wpa_supplicant-2.9-r3-patches/misc/CVE-2021-30004.patch } src_configure() { @@ -255,24 +264,23 @@ src_configure() { Kconfig_style_config TLS openssl Kconfig_style_config FST - if ! use bindist ; then - Kconfig_style_config EAP_PWD - if use fils; then - Kconfig_style_config FILS - Kconfig_style_config FILS_SK_PFS - fi - if use mesh; then - Kconfig_style_config MESH - else - Kconfig_style_config MESH n - fi - #WPA3 - Kconfig_style_config OWE - Kconfig_style_config SAE - Kconfig_style_config DPP - Kconfig_style_config SUITEB192 - Kconfig_style_config SUITEB + + Kconfig_style_config EAP_PWD + if use fils; then + Kconfig_style_config FILS + Kconfig_style_config FILS_SK_PFS fi + if use mesh; then + Kconfig_style_config MESH + else + Kconfig_style_config MESH n + fi + # WPA3 + Kconfig_style_config OWE + Kconfig_style_config SAE + Kconfig_style_config DPP + Kconfig_style_config SUITEB192 + Kconfig_style_config SUITEB if use smartcard ; then Kconfig_style_config SMARTCARD @@ -469,11 +477,6 @@ pkg_postinst() { ewarn "needs to be moved to ${EROOT}/etc/wpa_supplicant/wpa_supplicant.conf" fi - if use bindist; then - ewarn "Using bindist use flag presently breaks WPA3 (specifically SAE, OWE, DPP, and FILS)." - ewarn "This is incredibly undesirable" - fi - # Mea culpa, feel free to remove that after some time --mgorny. local fn for fn in wpa_supplicant{,@wlan0}.service; do |