[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/, net-wireless/wpa_supplicant/ - gentoo-commits

From:	Rick Farina <zerochaos@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/, net-wireless/wpa_supplicant/
Date:	Mon, 14 Jan 2019 01:42:29
Message-Id:	`1547430136.ad158c5c451d3fe5878fba086e38e064654c1087.zerochaos@gentoo`

1

commit:     ad158c5c451d3fe5878fba086e38e064654c1087

2

Author:     Stefan Strogin <stefan.strogin <AT> gmail <DOT> com>

3

AuthorDate: Sun Jan 13 19:24:24 2019 +0000

4

Commit:     Rick Farina <zerochaos <AT> gentoo <DOT> org>

5

CommitDate: Mon Jan 14 01:42:16 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad158c5c

7

8

net-wireless/wpa_supplicant: add LibreSSL fix from upstream

9

10

Close: https://bugs.gentoo.org/672632

11

Package-Manager: Portage-2.3.55, Repoman-2.3.12

12

Signed-off-by: Stefan Strogin <stefan.strogin <AT> gmail.com>

13

Signed-off-by: Rick Farina <zerochaos <AT> gentoo.org>

14

15

 .../files/wpa_supplicant-2.7-libressl.patch        |  46 +++

16

 .../wpa_supplicant/wpa_supplicant-2.7-r1.ebuild    | 459 +++++++++++++++++++++

17

 2 files changed, 505 insertions(+)

18

19

diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch

20

new file mode 100644

21

index 00000000000..45a1cf3701f

22

--- /dev/null

23

+++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch

24

@@ -0,0 +1,46 @@

25

+From 2643a056bb7d0737f63f42a11c308b2804d9ebe5 Mon Sep 17 00:00:00 2001

26

+From: Andrey Utkin <andrey_utkin@g.o>

27

+Date: Tue, 11 Dec 2018 17:41:10 +0000

28

+Subject: [PATCH] Fix build with LibreSSL

29

+

30

+When using LibreSSL instead of OpenSSL, linkage of hostapd executable

31

+fails with the following error when using some LibreSSL versions

32

+

33

+    ../src/crypto/tls_openssl.o: In function `tls_verify_cb':

34

+    tls_openssl.c:(.text+0x1273): undefined reference to `ASN1_STRING_get0_data'

35

+    ../src/crypto/tls_openssl.o: In function `tls_connection_peer_serial_num':

36

+    tls_openssl.c:(.text+0x3023): undefined reference to `ASN1_STRING_get0_data'

37

+    collect2: error: ld returned 1 exit status

38

+    make: *** [Makefile:1278: hostapd] Error 1

39

+

40

+ASN1_STRING_get0_data is present in recent OpenSSL, but absent in some

41

+versions of LibreSSL (confirmed for version 2.6.5), so fallback needs to

42

+be defined in this case, just like for old OpenSSL.

43

+

44

+This patch was inspired by similar patches to other projects, such as

45

+spice-gtk, pjsip.

46

+

47

+Link: https://bugs.gentoo.org/672834

48

+Signed-off-by: Andrey Utkin <andrey_utkin@g.o>

49

+---

50

+ src/crypto/tls_openssl.c | 4 +++-

51

+ 1 file changed, 3 insertions(+), 1 deletion(-)

52

+

53

+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c

54

+index 608818310..cb70e2c47 100644

55

+--- a/src/crypto/tls_openssl.c

56

++++ b/src/crypto/tls_openssl.c

57

+@@ -104,7 +104,9 @@ static size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,

58

+

59

+ #endif

60

+

61

+-#if OPENSSL_VERSION_NUMBER < 0x10100000L

62

++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \

63

++	(defined(LIBRESSL_VERSION_NUMBER) && \

64

++	 LIBRESSL_VERSION_NUMBER < 0x20700000L)

65

+ #ifdef CONFIG_SUITEB

66

+ static int RSA_bits(const RSA *r)

67

+ {

68

+--

69

+2.20.1

70

+

71

72

diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.7-r1.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.7-r1.ebuild

73

new file mode 100644

74

index 00000000000..16e14e933dd

75

--- /dev/null

76

+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.7-r1.ebuild

77

@@ -0,0 +1,459 @@

78

+# Copyright 1999-2019 Gentoo Authors

79

+# Distributed under the terms of the GNU General Public License v2

80

+

81

+EAPI=6

82

+

83

+inherit eutils qmake-utils systemd toolchain-funcs readme.gentoo-r1

84

+

85

+DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers"

86

+HOMEPAGE="https://w1.fi/wpa_supplicant/"

87

+LICENSE="|| ( GPL-2 BSD )"

88

+

89

+if [ "${PV}" = "9999" ]; then

90

+	inherit git-r3

91

+	EGIT_REPO_URI="https://w1.fi/hostap.git"

92

+	KEYWORDS=""

93

+else

94

+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"

95

+	SRC_URI="https://w1.fi/releases/${P}.tar.gz"

96

+fi

97

+

98

+SLOT="0"

99

+IUSE="ap bindist dbus eap-sim eapol_test fasteap gnutls +hs2-0 libressl p2p privsep ps3 qt5 readline selinux smartcard ssl suiteb tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"

100

+REQUIRED_USE="smartcard? ( ssl )"

101

+

102

+CDEPEND="dbus? ( sys-apps/dbus )

103

+	kernel_linux? (

104

+		dev-libs/libnl:3

105

+		net-wireless/crda

106

+		eap-sim? ( sys-apps/pcsc-lite )

107

+	)

108

+	!kernel_linux? ( net-libs/libpcap )

109

+	qt5? (

110

+		dev-qt/qtcore:5

111

+		dev-qt/qtgui:5

112

+		dev-qt/qtsvg:5

113

+		dev-qt/qtwidgets:5

114

+	)

115

+	readline? (

116

+		sys-libs/ncurses:0=

117

+		sys-libs/readline:0=

118

+	)

119

+	ssl? (

120

+		gnutls? (

121

+			dev-libs/libgcrypt:0=

122

+			net-libs/gnutls:=

123

+		)

124

+		!gnutls? (

125

+			!libressl? ( >=dev-libs/openssl-1.0.2k:0=[bindist=] )

126

+			libressl? ( dev-libs/libressl:0= )

127

+		)

128

+	)

129

+	!ssl? ( dev-libs/libtommath )

130

+"

131

+DEPEND="${CDEPEND}

132

+	virtual/pkgconfig

133

+"

134

+RDEPEND="${CDEPEND}

135

+	selinux? ( sec-policy/selinux-networkmanager )

136

+"

137

+

138

+DOC_CONTENTS="

139

+	If this is a clean installation of wpa_supplicant, you

140

+	have to create a configuration file named

141

+	${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf

142

+	An example configuration file is available for reference in

143

+	${EROOT%/}/usr/share/doc/${PF}/

144

+"

145

+

146

+S="${WORKDIR}/${P}/${PN}"

147

+

148

+Kconfig_style_config() {

149

+		#param 1 is CONFIG_* item

150

+		#param 2 is what to set it = to, defaulting in y

151

+		CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1"

152

+		setting="${2:-y}"

153

+

154

+		if [ ! $setting = n ]; then

155

+			#first remove any leading "# " if $2 is not n

156

+			sed -i "/^# *$CONFIG_PARAM=/s/^# *//" .config || echo "Kconfig_style_config error uncommenting $CONFIG_PARAM"

157

+			#set item = $setting (defaulting to y)

158

+			sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config || echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting"

159

+			if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then

160

+				echo "$CONFIG_PARAM=$setting" >>.config

161

+			fi

162

+		else

163

+			#ensure item commented out

164

+			sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config || echo "Kconfig_style_config error commenting $CONFIG_PARAM"

165

+		fi

166

+}

167

+

168

+pkg_setup() {

169

+	if use ssl ; then

170

+		if use gnutls && use libressl ; then

171

+			elog "You have both 'gnutls' and 'libressl' USE flags enabled: defaulting to USE=\"gnutls\""

172

+		fi

173

+	else

174

+		elog "You have 'ssl' USE flag disabled: defaulting to internal TLS implementation"

175

+	fi

176

+}

177

+

178

+src_prepare() {

179

+	default

180

+

181

+	# net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD

182

+	sed -i \

183

+		-e "s:\(#include <pcap\.h>\):#include <net/bpf.h>\n\1:" \

184

+		../src/l2_packet/l2_packet_freebsd.c || die

185

+

186

+	# People seem to take the example configuration file too literally (bug #102361)

187

+	sed -i \

188

+		-e "s:^\(opensc_engine_path\):#\1:" \

189

+		-e "s:^\(pkcs11_engine_path\):#\1:" \

190

+		-e "s:^\(pkcs11_module_path\):#\1:" \

191

+		wpa_supplicant.conf || die

192

+

193

+	# Change configuration to match Gentoo locations (bug #143750)

194

+	sed -i \

195

+		-e "s:/usr/lib/opensc:/usr/$(get_libdir):" \

196

+		-e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \

197

+		wpa_supplicant.conf || die

198

+

199

+	# systemd entries to D-Bus service files (bug #372877)

200

+	echo 'SystemdService=wpa_supplicant.service' \

201

+		| tee -a dbus/*.service >/dev/null || die

202

+

203

+	cd "${WORKDIR}/${P}" || die

204

+

205

+	if use wimax; then

206

+		# generate-libeap-peer.patch comes before

207

+		# fix-undefined-reference-to-random_get_bytes.patch

208

+		eapply "${FILESDIR}/${P}-generate-libeap-peer.patch"

209

+

210

+		# multilib-strict fix (bug #373685)

211

+		sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile || die

212

+	fi

213

+

214

+	# bug (320097)

215

+	eapply "${FILESDIR}/${PN}-2.6-do-not-call-dbus-functions-with-NULL-path.patch"

216

+

217

+	# fix undefined reference to remove_ie()

218

+	eapply "${FILESDIR}/${P}-fix-undefined-remove-ie.patch"

219

+

220

+	# bug (672632)

221

+	eapply "${FILESDIR}/${P}-libressl.patch"

222

+

223

+	# bug (640492)

224

+	sed -i 's#-Werror ##' wpa_supplicant/Makefile || die

225

+}

226

+

227

+src_configure() {

228

+	# Toolchain setup

229

+	tc-export CC

230

+

231

+	cp defconfig .config || die

232

+

233

+	# Basic setup

234

+	Kconfig_style_config CTRL_IFACE

235

+	Kconfig_style_config MATCH_IFACE

236

+	Kconfig_style_config BACKEND file

237

+	Kconfig_style_config IBSS_RSN

238

+	Kconfig_style_config IEEE80211W

239

+	Kconfig_style_config IEEE80211R

240

+

241

+	# Basic authentication methods

242

+	# NOTE: we don't set GPSK or SAKE as they conflict

243

+	# with the below options

244

+	Kconfig_style_config EAP_GTC

245

+	Kconfig_style_config EAP_MD5

246

+	Kconfig_style_config EAP_OTP

247

+	Kconfig_style_config EAP_PAX

248

+	Kconfig_style_config EAP_PSK

249

+	Kconfig_style_config EAP_TLV

250

+	Kconfig_style_config EAP_EXE

251

+	Kconfig_style_config IEEE8021X_EAPOL

252

+	Kconfig_style_config PKCS12

253

+	Kconfig_style_config PEERKEY

254

+	Kconfig_style_config EAP_LEAP

255

+	Kconfig_style_config EAP_MSCHAPV2

256

+	Kconfig_style_config EAP_PEAP

257

+	Kconfig_style_config EAP_TLS

258

+	Kconfig_style_config EAP_TTLS

259

+

260

+	# Enabling background scanning.

261

+	Kconfig_style_config BGSCAN_SIMPLE

262

+	Kconfig_style_config BGSCAN_LEARN

263

+

264

+	if use dbus ; then

265

+		Kconfig_style_config CTRL_IFACE_DBUS

266

+		Kconfig_style_config CTRL_IFACE_DBUS_NEW

267

+		Kconfig_style_config CTRL_IFACE_DBUS_INTRO

268

+	fi

269

+

270

+	if use eapol_test ; then

271

+		Kconfig_style_config EAPOL_TEST

272

+	fi

273

+

274

+	# Enable support for writing debug info to a log file and syslog.

275

+	Kconfig_style_config DEBUG_FILE

276

+	Kconfig_style_config DEBUG_SYSLOG

277

+

278

+	if use hs2-0 ; then

279

+		Kconfig_style_config INTERWORKING

280

+		Kconfig_style_config HS20

281

+	fi

282

+

283

+	if use uncommon-eap-types; then

284

+		Kconfig_style_config EAP_GPSK

285

+		Kconfig_style_config EAP_SAKE

286

+		Kconfig_style_config EAP_GPSK_SHA256

287

+		Kconfig_style_config EAP_IKEV2

288

+		Kconfig_style_config EAP_EKE

289

+	fi

290

+

291

+	if use eap-sim ; then

292

+		# Smart card authentication

293

+		Kconfig_style_config EAP_SIM

294

+		Kconfig_style_config EAP_AKA

295

+		Kconfig_style_config EAP_AKA_PRIME

296

+		Kconfig_style_config PCSC

297

+	fi

298

+

299

+	if use fasteap ; then

300

+		Kconfig_style_config EAP_FAST

301

+	fi

302

+

303

+	if use readline ; then

304

+		# readline/history support for wpa_cli

305

+		Kconfig_style_config READLINE

306

+	else

307

+		#internal line edit mode for wpa_cli

308

+		Kconfig_style_config WPA_CLI_EDIT

309

+	fi

310

+

311

+	if use suiteb; then

312

+		Kconfig_style_config SUITEB

313

+	fi

314

+

315

+	# SSL authentication methods

316

+	if use ssl ; then

317

+		if use gnutls ; then

318

+			Kconfig_style_config TLS gnutls

319

+			Kconfig_style_config GNUTLS_EXTRA

320

+		else

321

+			#this fails for gnutls

322

+			Kconfig_style_config SUITEB192

323

+			Kconfig_style_config TLS openssl

324

+			if ! use bindist; then

325

+			  #this fails for gnutls

326

+			  Kconfig_style_config EAP_PWD

327

+			  # SAE fails on gnutls and everything below here needs SAE

328

+			  # Enabling mesh networks.

329

+			  Kconfig_style_config MESH

330

+			  #WPA3

331

+			  Kconfig_style_config OWE

332

+			  Kconfig_style_config SAE

333

+			  #we also need to disable FILS, except that isn't enabled yet

334

+			fi

335

+

336

+		fi

337

+	else

338

+		Kconfig_style_config TLS internal

339

+	fi

340

+

341

+	if use smartcard ; then

342

+		Kconfig_style_config SMARTCARD

343

+	fi

344

+

345

+	if use tdls ; then

346

+		Kconfig_style_config TDLS

347

+	fi

348

+

349

+	if use kernel_linux ; then

350

+		# Linux specific drivers

351

+		Kconfig_style_config DRIVER_ATMEL

352

+		Kconfig_style_config DRIVER_HOSTAP

353

+		Kconfig_style_config DRIVER_IPW

354

+		Kconfig_style_config DRIVER_NL80211

355

+		Kconfig_style_config DRIVER_RALINK

356

+		Kconfig_style_config DRIVER_WEXT

357

+		Kconfig_style_config DRIVER_WIRED

358

+

359

+		if use ps3 ; then

360

+			Kconfig_style_config DRIVER_PS3

361

+		fi

362

+

363

+	elif use kernel_FreeBSD ; then

364

+		# FreeBSD specific driver

365

+		Kconfig_style_config DRIVER_BSD

366

+	fi

367

+

368

+	# Wi-Fi Protected Setup (WPS)

369

+	if use wps ; then

370

+		Kconfig_style_config WPS

371

+		Kconfig_style_config WPS2

372

+		# USB Flash Drive

373

+		Kconfig_style_config WPS_UFD

374

+		# External Registrar

375

+		Kconfig_style_config WPS_ER

376

+		# Universal Plug'n'Play

377

+		Kconfig_style_config WPS_UPNP

378

+		# Near Field Communication

379

+		Kconfig_style_config WPS_NFC

380

+	fi

381

+

382

+	# Wi-Fi Direct (WiDi)

383

+	if use p2p ; then

384

+		Kconfig_style_config P2P

385

+		Kconfig_style_config WIFI_DISPLAY

386

+	fi

387

+

388

+	# Access Point Mode

389

+	if use ap ; then

390

+		Kconfig_style_config AP

391

+	fi

392

+

393

+	# Enable essentials for AP/P2P

394

+	if use ap || use p2p ; then

395

+		# Enabling HT support (802.11n)

396

+		Kconfig_style_config IEEE80211N

397

+

398

+		# Enabling VHT support (802.11ac)

399

+		Kconfig_style_config IEEE80211AC

400

+	fi

401

+

402

+	# Enable mitigation against certain attacks against TKIP

403

+	Kconfig_style_config DELAYED_MIC_ERROR_REPORT

404

+

405

+	if use privsep ; then

406

+		Kconfig_style_config PRIVSEP

407

+	fi

408

+

409

+	# If we are using libnl 2.0 and above, enable support for it

410

+	# Bug 382159

411

+	# Removed for now, since the 3.2 version is broken, and we don't

412

+	# support it.

413

+	if has_version ">=dev-libs/libnl-3.2"; then

414

+		Kconfig_style_config LIBNL32

415

+	fi

416

+

417

+	if use qt5 ; then

418

+		pushd "${S}"/wpa_gui-qt4 > /dev/null || die

419

+		eqmake5 wpa_gui.pro

420

+		popd > /dev/null || die

421

+	fi

422

+}

423

+

424

+src_compile() {

425

+	einfo "Building wpa_supplicant"

426

+	emake V=1 BINDIR=/usr/sbin

427

+

428

+	if use wimax; then

429

+		emake -C ../src/eap_peer clean

430

+		emake -C ../src/eap_peer

431

+	fi

432

+

433

+	if use qt5; then

434

+		einfo "Building wpa_gui"

435

+		emake -C "${S}"/wpa_gui-qt4

436

+	fi

437

+

438

+	if use eapol_test ; then

439

+		emake eapol_test

440

+	fi

441

+}

442

+

443

+src_install() {

444

+	dosbin wpa_supplicant

445

+	use privsep && dosbin wpa_priv

446

+	dobin wpa_cli wpa_passphrase

447

+

448

+	# baselayout-1 compat

449

+	if has_version "<sys-apps/baselayout-2.0.0"; then

450

+		dodir /sbin

451

+		dosym ../usr/sbin/wpa_supplicant /sbin/wpa_supplicant

452

+		dodir /bin

453

+		dosym ../usr/bin/wpa_cli /bin/wpa_cli

454

+	fi

455

+

456

+	if has_version ">=sys-apps/openrc-0.5.0"; then

457

+		newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant

458

+		newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant

459

+	fi

460

+

461

+	exeinto /etc/wpa_supplicant/

462

+	newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh

463

+

464

+	readme.gentoo_create_doc

465

+	dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \

466

+		wpa_supplicant.conf

467

+

468

+	newdoc .config build-config

469

+

470

+	if [ "${PV}" != "9999" ]; then

471

+		doman doc/docbook/*.{5,8}

472

+	fi

473

+

474

+	if use qt5 ; then

475

+		into /usr

476

+		dobin wpa_gui-qt4/wpa_gui

477

+		doicon wpa_gui-qt4/icons/wpa_gui.svg

478

+		make_desktop_entry wpa_gui "WPA Supplicant Administration GUI" "wpa_gui" "Qt;Network;"

479

+	else

480

+		rm "${ED}"/usr/share/man/man8/wpa_gui.8

481

+	fi

482

+

483

+	use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install

484

+

485

+	if use dbus ; then

486

+		pushd "${S}"/dbus > /dev/null || die

487

+		insinto /etc/dbus-1/system.d

488

+		newins dbus-wpa_supplicant.conf wpa_supplicant.conf

489

+		insinto /usr/share/dbus-1/system-services

490

+		doins fi.epitest.hostap.WPASupplicant.service fi.w1.wpa_supplicant1.service

491

+		popd > /dev/null || die

492

+

493

+		# This unit relies on dbus support, bug 538600.

494

+		systemd_dounit systemd/wpa_supplicant.service

495

+	fi

496

+

497

+	if use eapol_test ; then

498

+		dobin eapol_test

499

+	fi

500

+

501

+	systemd_dounit "systemd/wpa_supplicant@.service"

502

+	systemd_dounit "systemd/wpa_supplicant-nl80211@.service"

503

+	systemd_dounit "systemd/wpa_supplicant-wired@.service"

504

+}

505

+

506

+pkg_postinst() {

507

+	readme.gentoo_print_elog

508

+

509

+	if [[ -e "${EROOT%/}"/etc/wpa_supplicant.conf ]] ; then

510

+		echo

511

+		ewarn "WARNING: your old configuration file ${EROOT%/}/etc/wpa_supplicant.conf"

512

+		ewarn "needs to be moved to ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf"

513

+	fi

514

+

515

+	if use bindist || use gnutls; then

516

+		if ! use libressl; then

517

+			ewarn "Using bindist or gnutls use flags presently breaks WPA3 (specifically SAE and OWE)."

518

+			ewarn "This is incredibly undesirable"

519

+		fi

520

+	fi

521

+

522

+	# Mea culpa, feel free to remove that after some time --mgorny.

523

+	local fn

524

+	for fn in wpa_supplicant{,@wlan0}.service; do

525

+		if [[ -e "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} ]]

526

+		then

527

+			ebegin "Moving ${fn} to multi-user.target"

528

+			mv "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} \

529

+				"${EROOT%/}"/etc/systemd/system/multi-user.target.wants/ || die

530

+			eend ${?} \

531

+				"Please try to re-enable ${fn}"

532

+		fi

533

+	done

534

+

535

+	systemd_reenable wpa_supplicant.service

536

+}

1	commit: ad158c5c451d3fe5878fba086e38e064654c1087
2	Author: Stefan Strogin <stefan.strogin <AT> gmail <DOT> com>
3	AuthorDate: Sun Jan 13 19:24:24 2019 +0000
4	Commit: Rick Farina <zerochaos <AT> gentoo <DOT> org>
5	CommitDate: Mon Jan 14 01:42:16 2019 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad158c5c
7
8	net-wireless/wpa_supplicant: add LibreSSL fix from upstream
9
10	Close: https://bugs.gentoo.org/672632
11	Package-Manager: Portage-2.3.55, Repoman-2.3.12
12	Signed-off-by: Stefan Strogin <stefan.strogin <AT> gmail.com>
13	Signed-off-by: Rick Farina <zerochaos <AT> gentoo.org>
14
15	.../files/wpa_supplicant-2.7-libressl.patch \| 46 +++
16	.../wpa_supplicant/wpa_supplicant-2.7-r1.ebuild \| 459 +++++++++++++++++++++
17	2 files changed, 505 insertions(+)
18
19	diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch
20	new file mode 100644
21	index 00000000000..45a1cf3701f
22	--- /dev/null
23	+++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch
24	@@ -0,0 +1,46 @@
25	+From 2643a056bb7d0737f63f42a11c308b2804d9ebe5 Mon Sep 17 00:00:00 2001
26	+From: Andrey Utkin <andrey_utkin@g.o>
27	+Date: Tue, 11 Dec 2018 17:41:10 +0000
28	+Subject: [PATCH] Fix build with LibreSSL
29	+
30	+When using LibreSSL instead of OpenSSL, linkage of hostapd executable
31	+fails with the following error when using some LibreSSL versions
32	+
33	+ ../src/crypto/tls_openssl.o: In function `tls_verify_cb':
34	+ tls_openssl.c:(.text+0x1273): undefined reference to `ASN1_STRING_get0_data'
35	+ ../src/crypto/tls_openssl.o: In function `tls_connection_peer_serial_num':
36	+ tls_openssl.c:(.text+0x3023): undefined reference to `ASN1_STRING_get0_data'
37	+ collect2: error: ld returned 1 exit status
38	+ make: *** [Makefile:1278: hostapd] Error 1
39	+
40	+ASN1_STRING_get0_data is present in recent OpenSSL, but absent in some
41	+versions of LibreSSL (confirmed for version 2.6.5), so fallback needs to
42	+be defined in this case, just like for old OpenSSL.
43	+
44	+This patch was inspired by similar patches to other projects, such as
45	+spice-gtk, pjsip.
46	+
47	+Link: https://bugs.gentoo.org/672834
48	+Signed-off-by: Andrey Utkin <andrey_utkin@g.o>
49	+---
50	+ src/crypto/tls_openssl.c \| 4 +++-
51	+ 1 file changed, 3 insertions(+), 1 deletion(-)
52	+
53	+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
54	+index 608818310..cb70e2c47 100644
55	+--- a/src/crypto/tls_openssl.c
56	++++ b/src/crypto/tls_openssl.c
57	+@@ -104,7 +104,9 @@ static size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
58	+
59	+ #endif
60	+
61	+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
62	++#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| \
63	++ (defined(LIBRESSL_VERSION_NUMBER) && \
64	++ LIBRESSL_VERSION_NUMBER < 0x20700000L)
65	+ #ifdef CONFIG_SUITEB
66	+ static int RSA_bits(const RSA *r)
67	+ {
68	+--
69	+2.20.1
70	+
71
72	diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.7-r1.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.7-r1.ebuild
73	new file mode 100644
74	index 00000000000..16e14e933dd
75	--- /dev/null
76	+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.7-r1.ebuild
77	@@ -0,0 +1,459 @@
78	+# Copyright 1999-2019 Gentoo Authors
79	+# Distributed under the terms of the GNU General Public License v2
80	+
81	+EAPI=6
82	+
83	+inherit eutils qmake-utils systemd toolchain-funcs readme.gentoo-r1
84	+
85	+DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers"
86	+HOMEPAGE="https://w1.fi/wpa_supplicant/"
87	+LICENSE="\|\| ( GPL-2 BSD )"
88	+
89	+if [ "${PV}" = "9999" ]; then
90	+ inherit git-r3
91	+ EGIT_REPO_URI="https://w1.fi/hostap.git"
92	+ KEYWORDS=""
93	+else
94	+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
95	+ SRC_URI="https://w1.fi/releases/${P}.tar.gz"
96	+fi
97	+
98	+SLOT="0"
99	+IUSE="ap bindist dbus eap-sim eapol_test fasteap gnutls +hs2-0 libressl p2p privsep ps3 qt5 readline selinux smartcard ssl suiteb tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
100	+REQUIRED_USE="smartcard? ( ssl )"
101	+
102	+CDEPEND="dbus? ( sys-apps/dbus )
103	+ kernel_linux? (
104	+ dev-libs/libnl:3
105	+ net-wireless/crda
106	+ eap-sim? ( sys-apps/pcsc-lite )
107	+ )
108	+ !kernel_linux? ( net-libs/libpcap )
109	+ qt5? (
110	+ dev-qt/qtcore:5
111	+ dev-qt/qtgui:5
112	+ dev-qt/qtsvg:5
113	+ dev-qt/qtwidgets:5
114	+ )
115	+ readline? (
116	+ sys-libs/ncurses:0=
117	+ sys-libs/readline:0=
118	+ )
119	+ ssl? (
120	+ gnutls? (
121	+ dev-libs/libgcrypt:0=
122	+ net-libs/gnutls:=
123	+ )
124	+ !gnutls? (
125	+ !libressl? ( >=dev-libs/openssl-1.0.2k:0=[bindist=] )
126	+ libressl? ( dev-libs/libressl:0= )
127	+ )
128	+ )
129	+ !ssl? ( dev-libs/libtommath )
130	+"
131	+DEPEND="${CDEPEND}
132	+ virtual/pkgconfig
133	+"
134	+RDEPEND="${CDEPEND}
135	+ selinux? ( sec-policy/selinux-networkmanager )
136	+"
137	+
138	+DOC_CONTENTS="
139	+ If this is a clean installation of wpa_supplicant, you
140	+ have to create a configuration file named
141	+ ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf
142	+ An example configuration file is available for reference in
143	+ ${EROOT%/}/usr/share/doc/${PF}/
144	+"
145	+
146	+S="${WORKDIR}/${P}/${PN}"
147	+
148	+Kconfig_style_config() {
149	+ #param 1 is CONFIG_* item
150	+ #param 2 is what to set it = to, defaulting in y
151	+ CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1"
152	+ setting="${2:-y}"
153	+
154	+ if [ ! $setting = n ]; then
155	+ #first remove any leading "# " if $2 is not n
156	+ sed -i "/^# $CONFIG_PARAM=/s/^# //" .config \|\| echo "Kconfig_style_config error uncommenting $CONFIG_PARAM"
157	+ #set item = $setting (defaulting to y)
158	+ sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config \|\| echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting"
159	+ if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then
160	+ echo "$CONFIG_PARAM=$setting" >>.config
161	+ fi
162	+ else
163	+ #ensure item commented out
164	+ sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config \|\| echo "Kconfig_style_config error commenting $CONFIG_PARAM"
165	+ fi
166	+}
167	+
168	+pkg_setup() {
169	+ if use ssl ; then
170	+ if use gnutls && use libressl ; then
171	+ elog "You have both 'gnutls' and 'libressl' USE flags enabled: defaulting to USE=\"gnutls\""
172	+ fi
173	+ else
174	+ elog "You have 'ssl' USE flag disabled: defaulting to internal TLS implementation"
175	+ fi
176	+}
177	+
178	+src_prepare() {
179	+ default
180	+
181	+ # net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD
182	+ sed -i \
183	+ -e "s:\(#include <pcap\.h>\):#include <net/bpf.h>\n\1:" \
184	+ ../src/l2_packet/l2_packet_freebsd.c \|\| die
185	+
186	+ # People seem to take the example configuration file too literally (bug #102361)
187	+ sed -i \
188	+ -e "s:^\(opensc_engine_path\):#\1:" \
189	+ -e "s:^\(pkcs11_engine_path\):#\1:" \
190	+ -e "s:^\(pkcs11_module_path\):#\1:" \
191	+ wpa_supplicant.conf \|\| die
192	+
193	+ # Change configuration to match Gentoo locations (bug #143750)
194	+ sed -i \
195	+ -e "s:/usr/lib/opensc:/usr/$(get_libdir):" \
196	+ -e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \
197	+ wpa_supplicant.conf \|\| die
198	+
199	+ # systemd entries to D-Bus service files (bug #372877)
200	+ echo 'SystemdService=wpa_supplicant.service' \
201	+ \| tee -a dbus/*.service >/dev/null \|\| die
202	+
203	+ cd "${WORKDIR}/${P}" \|\| die
204	+
205	+ if use wimax; then
206	+ # generate-libeap-peer.patch comes before
207	+ # fix-undefined-reference-to-random_get_bytes.patch
208	+ eapply "${FILESDIR}/${P}-generate-libeap-peer.patch"
209	+
210	+ # multilib-strict fix (bug #373685)
211	+ sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile \|\| die
212	+ fi
213	+
214	+ # bug (320097)
215	+ eapply "${FILESDIR}/${PN}-2.6-do-not-call-dbus-functions-with-NULL-path.patch"
216	+
217	+ # fix undefined reference to remove_ie()
218	+ eapply "${FILESDIR}/${P}-fix-undefined-remove-ie.patch"
219	+
220	+ # bug (672632)
221	+ eapply "${FILESDIR}/${P}-libressl.patch"
222	+
223	+ # bug (640492)
224	+ sed -i 's#-Werror ##' wpa_supplicant/Makefile \|\| die
225	+}
226	+
227	+src_configure() {
228	+ # Toolchain setup
229	+ tc-export CC
230	+
231	+ cp defconfig .config \|\| die
232	+
233	+ # Basic setup
234	+ Kconfig_style_config CTRL_IFACE
235	+ Kconfig_style_config MATCH_IFACE
236	+ Kconfig_style_config BACKEND file
237	+ Kconfig_style_config IBSS_RSN
238	+ Kconfig_style_config IEEE80211W
239	+ Kconfig_style_config IEEE80211R
240	+
241	+ # Basic authentication methods
242	+ # NOTE: we don't set GPSK or SAKE as they conflict
243	+ # with the below options
244	+ Kconfig_style_config EAP_GTC
245	+ Kconfig_style_config EAP_MD5
246	+ Kconfig_style_config EAP_OTP
247	+ Kconfig_style_config EAP_PAX
248	+ Kconfig_style_config EAP_PSK
249	+ Kconfig_style_config EAP_TLV
250	+ Kconfig_style_config EAP_EXE
251	+ Kconfig_style_config IEEE8021X_EAPOL
252	+ Kconfig_style_config PKCS12
253	+ Kconfig_style_config PEERKEY
254	+ Kconfig_style_config EAP_LEAP
255	+ Kconfig_style_config EAP_MSCHAPV2
256	+ Kconfig_style_config EAP_PEAP
257	+ Kconfig_style_config EAP_TLS
258	+ Kconfig_style_config EAP_TTLS
259	+
260	+ # Enabling background scanning.
261	+ Kconfig_style_config BGSCAN_SIMPLE
262	+ Kconfig_style_config BGSCAN_LEARN
263	+
264	+ if use dbus ; then
265	+ Kconfig_style_config CTRL_IFACE_DBUS
266	+ Kconfig_style_config CTRL_IFACE_DBUS_NEW
267	+ Kconfig_style_config CTRL_IFACE_DBUS_INTRO
268	+ fi
269	+
270	+ if use eapol_test ; then
271	+ Kconfig_style_config EAPOL_TEST
272	+ fi
273	+
274	+ # Enable support for writing debug info to a log file and syslog.
275	+ Kconfig_style_config DEBUG_FILE
276	+ Kconfig_style_config DEBUG_SYSLOG
277	+
278	+ if use hs2-0 ; then
279	+ Kconfig_style_config INTERWORKING
280	+ Kconfig_style_config HS20
281	+ fi
282	+
283	+ if use uncommon-eap-types; then
284	+ Kconfig_style_config EAP_GPSK
285	+ Kconfig_style_config EAP_SAKE
286	+ Kconfig_style_config EAP_GPSK_SHA256
287	+ Kconfig_style_config EAP_IKEV2
288	+ Kconfig_style_config EAP_EKE
289	+ fi
290	+
291	+ if use eap-sim ; then
292	+ # Smart card authentication
293	+ Kconfig_style_config EAP_SIM
294	+ Kconfig_style_config EAP_AKA
295	+ Kconfig_style_config EAP_AKA_PRIME
296	+ Kconfig_style_config PCSC
297	+ fi
298	+
299	+ if use fasteap ; then
300	+ Kconfig_style_config EAP_FAST
301	+ fi
302	+
303	+ if use readline ; then
304	+ # readline/history support for wpa_cli
305	+ Kconfig_style_config READLINE
306	+ else
307	+ #internal line edit mode for wpa_cli
308	+ Kconfig_style_config WPA_CLI_EDIT
309	+ fi
310	+
311	+ if use suiteb; then
312	+ Kconfig_style_config SUITEB
313	+ fi
314	+
315	+ # SSL authentication methods
316	+ if use ssl ; then
317	+ if use gnutls ; then
318	+ Kconfig_style_config TLS gnutls
319	+ Kconfig_style_config GNUTLS_EXTRA
320	+ else
321	+ #this fails for gnutls
322	+ Kconfig_style_config SUITEB192
323	+ Kconfig_style_config TLS openssl
324	+ if ! use bindist; then
325	+ #this fails for gnutls
326	+ Kconfig_style_config EAP_PWD
327	+ # SAE fails on gnutls and everything below here needs SAE
328	+ # Enabling mesh networks.
329	+ Kconfig_style_config MESH
330	+ #WPA3
331	+ Kconfig_style_config OWE
332	+ Kconfig_style_config SAE
333	+ #we also need to disable FILS, except that isn't enabled yet
334	+ fi
335	+
336	+ fi
337	+ else
338	+ Kconfig_style_config TLS internal
339	+ fi
340	+
341	+ if use smartcard ; then
342	+ Kconfig_style_config SMARTCARD
343	+ fi
344	+
345	+ if use tdls ; then
346	+ Kconfig_style_config TDLS
347	+ fi
348	+
349	+ if use kernel_linux ; then
350	+ # Linux specific drivers
351	+ Kconfig_style_config DRIVER_ATMEL
352	+ Kconfig_style_config DRIVER_HOSTAP
353	+ Kconfig_style_config DRIVER_IPW
354	+ Kconfig_style_config DRIVER_NL80211
355	+ Kconfig_style_config DRIVER_RALINK
356	+ Kconfig_style_config DRIVER_WEXT
357	+ Kconfig_style_config DRIVER_WIRED
358	+
359	+ if use ps3 ; then
360	+ Kconfig_style_config DRIVER_PS3
361	+ fi
362	+
363	+ elif use kernel_FreeBSD ; then
364	+ # FreeBSD specific driver
365	+ Kconfig_style_config DRIVER_BSD
366	+ fi
367	+
368	+ # Wi-Fi Protected Setup (WPS)
369	+ if use wps ; then
370	+ Kconfig_style_config WPS
371	+ Kconfig_style_config WPS2
372	+ # USB Flash Drive
373	+ Kconfig_style_config WPS_UFD
374	+ # External Registrar
375	+ Kconfig_style_config WPS_ER
376	+ # Universal Plug'n'Play
377	+ Kconfig_style_config WPS_UPNP
378	+ # Near Field Communication
379	+ Kconfig_style_config WPS_NFC
380	+ fi
381	+
382	+ # Wi-Fi Direct (WiDi)
383	+ if use p2p ; then
384	+ Kconfig_style_config P2P
385	+ Kconfig_style_config WIFI_DISPLAY
386	+ fi
387	+
388	+ # Access Point Mode
389	+ if use ap ; then
390	+ Kconfig_style_config AP
391	+ fi
392	+
393	+ # Enable essentials for AP/P2P
394	+ if use ap \|\| use p2p ; then
395	+ # Enabling HT support (802.11n)
396	+ Kconfig_style_config IEEE80211N
397	+
398	+ # Enabling VHT support (802.11ac)
399	+ Kconfig_style_config IEEE80211AC
400	+ fi
401	+
402	+ # Enable mitigation against certain attacks against TKIP
403	+ Kconfig_style_config DELAYED_MIC_ERROR_REPORT
404	+
405	+ if use privsep ; then
406	+ Kconfig_style_config PRIVSEP
407	+ fi
408	+
409	+ # If we are using libnl 2.0 and above, enable support for it
410	+ # Bug 382159
411	+ # Removed for now, since the 3.2 version is broken, and we don't
412	+ # support it.
413	+ if has_version ">=dev-libs/libnl-3.2"; then
414	+ Kconfig_style_config LIBNL32
415	+ fi
416	+
417	+ if use qt5 ; then
418	+ pushd "${S}"/wpa_gui-qt4 > /dev/null \|\| die
419	+ eqmake5 wpa_gui.pro
420	+ popd > /dev/null \|\| die
421	+ fi
422	+}
423	+
424	+src_compile() {
425	+ einfo "Building wpa_supplicant"
426	+ emake V=1 BINDIR=/usr/sbin
427	+
428	+ if use wimax; then
429	+ emake -C ../src/eap_peer clean
430	+ emake -C ../src/eap_peer
431	+ fi
432	+
433	+ if use qt5; then
434	+ einfo "Building wpa_gui"
435	+ emake -C "${S}"/wpa_gui-qt4
436	+ fi
437	+
438	+ if use eapol_test ; then
439	+ emake eapol_test
440	+ fi
441	+}
442	+
443	+src_install() {
444	+ dosbin wpa_supplicant
445	+ use privsep && dosbin wpa_priv
446	+ dobin wpa_cli wpa_passphrase
447	+
448	+ # baselayout-1 compat
449	+ if has_version "<sys-apps/baselayout-2.0.0"; then
450	+ dodir /sbin
451	+ dosym ../usr/sbin/wpa_supplicant /sbin/wpa_supplicant
452	+ dodir /bin
453	+ dosym ../usr/bin/wpa_cli /bin/wpa_cli
454	+ fi
455	+
456	+ if has_version ">=sys-apps/openrc-0.5.0"; then
457	+ newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant
458	+ newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant
459	+ fi
460	+
461	+ exeinto /etc/wpa_supplicant/
462	+ newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh
463	+
464	+ readme.gentoo_create_doc
465	+ dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \
466	+ wpa_supplicant.conf
467	+
468	+ newdoc .config build-config
469	+
470	+ if [ "${PV}" != "9999" ]; then
471	+ doman doc/docbook/*.{5,8}
472	+ fi
473	+
474	+ if use qt5 ; then
475	+ into /usr
476	+ dobin wpa_gui-qt4/wpa_gui
477	+ doicon wpa_gui-qt4/icons/wpa_gui.svg
478	+ make_desktop_entry wpa_gui "WPA Supplicant Administration GUI" "wpa_gui" "Qt;Network;"
479	+ else
480	+ rm "${ED}"/usr/share/man/man8/wpa_gui.8
481	+ fi
482	+
483	+ use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install
484	+
485	+ if use dbus ; then
486	+ pushd "${S}"/dbus > /dev/null \|\| die
487	+ insinto /etc/dbus-1/system.d
488	+ newins dbus-wpa_supplicant.conf wpa_supplicant.conf
489	+ insinto /usr/share/dbus-1/system-services
490	+ doins fi.epitest.hostap.WPASupplicant.service fi.w1.wpa_supplicant1.service
491	+ popd > /dev/null \|\| die
492	+
493	+ # This unit relies on dbus support, bug 538600.
494	+ systemd_dounit systemd/wpa_supplicant.service
495	+ fi
496	+
497	+ if use eapol_test ; then
498	+ dobin eapol_test
499	+ fi
500	+
501	+ systemd_dounit "systemd/wpa_supplicant@.service"
502	+ systemd_dounit "systemd/wpa_supplicant-nl80211@.service"
503	+ systemd_dounit "systemd/wpa_supplicant-wired@.service"
504	+}
505	+
506	+pkg_postinst() {
507	+ readme.gentoo_print_elog
508	+
509	+ if [[ -e "${EROOT%/}"/etc/wpa_supplicant.conf ]] ; then
510	+ echo
511	+ ewarn "WARNING: your old configuration file ${EROOT%/}/etc/wpa_supplicant.conf"
512	+ ewarn "needs to be moved to ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf"
513	+ fi
514	+
515	+ if use bindist \|\| use gnutls; then
516	+ if ! use libressl; then
517	+ ewarn "Using bindist or gnutls use flags presently breaks WPA3 (specifically SAE and OWE)."
518	+ ewarn "This is incredibly undesirable"
519	+ fi
520	+ fi
521	+
522	+ # Mea culpa, feel free to remove that after some time --mgorny.
523	+ local fn
524	+ for fn in wpa_supplicant{,@wlan0}.service; do
525	+ if [[ -e "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} ]]
526	+ then
527	+ ebegin "Moving ${fn} to multi-user.target"
528	+ mv "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} \
529	+ "${EROOT%/}"/etc/systemd/system/multi-user.target.wants/ \|\| die
530	+ eend ${?} \
531	+ "Please try to re-enable ${fn}"
532	+ fi
533	+ done
534	+
535	+ systemd_reenable wpa_supplicant.service
536	+}

Gentoo Archives: gentoo-commits