[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/, net-wireless/wpa_supplicant/ - gentoo-commits

From:	Rick Farina <zerochaos@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/files/, net-wireless/wpa_supplicant/
Date:	Mon, 04 Nov 2019 16:35:18
Message-Id:	`1572885113.38457d7ed121534eadb492deb0e9048f41d13a94.zerochaos@gentoo`

1

commit:     38457d7ed121534eadb492deb0e9048f41d13a94

2

Author:     Rick Farina <zerochaos <AT> gentoo <DOT> org>

3

AuthorDate: Mon Nov  4 16:31:53 2019 +0000

4

Commit:     Rick Farina <zerochaos <AT> gentoo <DOT> org>

5

CommitDate: Mon Nov  4 16:31:53 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38457d7e

7

8

net-wireless/wpa_supplicant: fix bug #696030

9

10

Package-Manager: Portage-2.3.78, Repoman-2.3.17

11

Signed-off-by: Rick Farina <zerochaos <AT> gentoo.org>

12

13

 ...y-ignore-management-frame-from-unexpected.patch |  73 ++++

14

 .../wpa_supplicant/wpa_supplicant-2.9-r1.ebuild    | 461 +++++++++++++++++++++

15

 2 files changed, 534 insertions(+)

16

17

diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch

18

new file mode 100644

19

index 00000000000..d764a9db016

20

--- /dev/null

21

+++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch

22

@@ -0,0 +1,73 @@

23

+From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001

24

+From: Jouni Malinen <j@××.fi>

25

+Date: Thu, 29 Aug 2019 11:52:04 +0300

26

+Subject: [PATCH] AP: Silently ignore management frame from unexpected source

27

+ address

28

+

29

+Do not process any received Management frames with unexpected/invalid SA

30

+so that we do not add any state for unexpected STA addresses or end up

31

+sending out frames to unexpected destination. This prevents unexpected

32

+sequences where an unprotected frame might end up causing the AP to send

33

+out a response to another device and that other device processing the

34

+unexpected response.

35

+

36

+In particular, this prevents some potential denial of service cases

37

+where the unexpected response frame from the AP might result in a

38

+connected station dropping its association.

39

+

40

+Signed-off-by: Jouni Malinen <j@××.fi>

41

+---

42

+ src/ap/drv_callbacks.c | 13 +++++++++++++

43

+ src/ap/ieee802_11.c    | 12 ++++++++++++

44

+ 2 files changed, 25 insertions(+)

45

+

46

+diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c

47

+index 31587685fe3b..34ca379edc3d 100644

48

+--- a/src/ap/drv_callbacks.c

49

++++ b/src/ap/drv_callbacks.c

50

+@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,

51

+ 			   "hostapd_notif_assoc: Skip event with no address");

52

+ 		return -1;

53

+ 	}

54

++

55

++	if (is_multicast_ether_addr(addr) ||

56

++	    is_zero_ether_addr(addr) ||

57

++	    os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {

58

++		/* Do not process any frames with unexpected/invalid SA so that

59

++		 * we do not add any state for unexpected STA addresses or end

60

++		 * up sending out frames to unexpected destination. */

61

++		wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR

62

++			   " in received indication - ignore this indication silently",

63

++			   __func__, MAC2STR(addr));

64

++		return 0;

65

++	}

66

++

67

+ 	random_add_randomness(addr, ETH_ALEN);

68

+

69

+ 	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,

70

+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c

71

+index c85a28db44b7..e7065372e158 100644

72

+--- a/src/ap/ieee802_11.c

73

++++ b/src/ap/ieee802_11.c

74

+@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,

75

+ 	fc = le_to_host16(mgmt->frame_control);

76

+ 	stype = WLAN_FC_GET_STYPE(fc);

77

+

78

++	if (is_multicast_ether_addr(mgmt->sa) ||

79

++	    is_zero_ether_addr(mgmt->sa) ||

80

++	    os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {

81

++		/* Do not process any frames with unexpected/invalid SA so that

82

++		 * we do not add any state for unexpected STA addresses or end

83

++		 * up sending out frames to unexpected destination. */

84

++		wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR

85

++			   " in received frame - ignore this frame silently",

86

++			   MAC2STR(mgmt->sa));

87

++		return 0;

88

++	}

89

++

90

+ 	if (stype == WLAN_FC_STYPE_BEACON) {

91

+ 		handle_beacon(hapd, mgmt, len, fi);

92

+ 		return 1;

93

+--

94

+2.20.1

95

+

96

97

diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r1.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r1.ebuild

98

new file mode 100644

99

index 00000000000..6b9f21781fc

100

--- /dev/null

101

+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r1.ebuild

102

@@ -0,0 +1,461 @@

103

+# Copyright 1999-2019 Gentoo Authors

104

+# Distributed under the terms of the GNU General Public License v2

105

+

106

+EAPI=6

107

+

108

+inherit eutils qmake-utils systemd toolchain-funcs readme.gentoo-r1

109

+

110

+DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers"

111

+HOMEPAGE="https://w1.fi/wpa_supplicant/"

112

+LICENSE="|| ( GPL-2 BSD )"

113

+

114

+if [ "${PV}" = "9999" ]; then

115

+	inherit git-r3

116

+	EGIT_REPO_URI="https://w1.fi/hostap.git"

117

+else

118

+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"

119

+	SRC_URI="https://w1.fi/releases/${P}.tar.gz"

120

+fi

121

+

122

+SLOT="0"

123

+IUSE="ap bindist dbus eap-sim eapol_test fasteap +fils +hs2-0 libressl macsec p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"

124

+

125

+# CONFIG_PRIVSEP=y does not have sufficient support for the new driver

126

+# interface functions used for MACsec, so this combination cannot be used

127

+# at least for now.

128

+REQUIRED_USE="

129

+	macsec? ( !privsep )

130

+	privsep? ( !macsec )

131

+"

132

+

133

+CDEPEND="dbus? ( sys-apps/dbus )

134

+	kernel_linux? (

135

+		dev-libs/libnl:3

136

+		net-wireless/crda

137

+		eap-sim? ( sys-apps/pcsc-lite )

138

+	)

139

+	!kernel_linux? ( net-libs/libpcap )

140

+	qt5? (

141

+		dev-qt/qtcore:5

142

+		dev-qt/qtgui:5

143

+		dev-qt/qtsvg:5

144

+		dev-qt/qtwidgets:5

145

+	)

146

+	readline? (

147

+		sys-libs/ncurses:0=

148

+		sys-libs/readline:0=

149

+	)

150

+	!libressl? ( >=dev-libs/openssl-1.0.2k:0=[bindist=] )

151

+	libressl? ( dev-libs/libressl:0= )

152

+"

153

+DEPEND="${CDEPEND}

154

+	virtual/pkgconfig

155

+"

156

+RDEPEND="${CDEPEND}

157

+	selinux? ( sec-policy/selinux-networkmanager )

158

+"

159

+

160

+DOC_CONTENTS="

161

+	If this is a clean installation of wpa_supplicant, you

162

+	have to create a configuration file named

163

+	${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf

164

+	An example configuration file is available for reference in

165

+	${EROOT%/}/usr/share/doc/${PF}/

166

+"

167

+

168

+S="${WORKDIR}/${P}/${PN}"

169

+

170

+Kconfig_style_config() {

171

+		#param 1 is CONFIG_* item

172

+		#param 2 is what to set it = to, defaulting in y

173

+		CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1"

174

+		setting="${2:-y}"

175

+

176

+		if [ ! $setting = n ]; then

177

+			#first remove any leading "# " if $2 is not n

178

+			sed -i "/^# *$CONFIG_PARAM=/s/^# *//" .config || echo "Kconfig_style_config error uncommenting $CONFIG_PARAM"

179

+			#set item = $setting (defaulting to y)

180

+			sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config || echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting"

181

+			if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then

182

+				echo "$CONFIG_PARAM=$setting" >>.config

183

+			fi

184

+		else

185

+			#ensure item commented out

186

+			sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config || echo "Kconfig_style_config error commenting $CONFIG_PARAM"

187

+		fi

188

+}

189

+

190

+src_prepare() {

191

+	default

192

+

193

+	# net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD

194

+	sed -i \

195

+		-e "s:\(#include <pcap\.h>\):#include <net/bpf.h>\n\1:" \

196

+		../src/l2_packet/l2_packet_freebsd.c || die

197

+

198

+	# People seem to take the example configuration file too literally (bug #102361)

199

+	sed -i \

200

+		-e "s:^\(opensc_engine_path\):#\1:" \

201

+		-e "s:^\(pkcs11_engine_path\):#\1:" \

202

+		-e "s:^\(pkcs11_module_path\):#\1:" \

203

+		wpa_supplicant.conf || die

204

+

205

+	# Change configuration to match Gentoo locations (bug #143750)

206

+	sed -i \

207

+		-e "s:/usr/lib/opensc:/usr/$(get_libdir):" \

208

+		-e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \

209

+		wpa_supplicant.conf || die

210

+

211

+	# systemd entries to D-Bus service files (bug #372877)

212

+	echo 'SystemdService=wpa_supplicant.service' \

213

+		| tee -a dbus/*.service >/dev/null || die

214

+

215

+	cd "${WORKDIR}/${P}" || die

216

+

217

+	if use wimax; then

218

+		# generate-libeap-peer.patch comes before

219

+		# fix-undefined-reference-to-random_get_bytes.patch

220

+		eapply "${FILESDIR}/${P}-generate-libeap-peer.patch"

221

+

222

+		# multilib-strict fix (bug #373685)

223

+		sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile || die

224

+	fi

225

+

226

+	# bug (320097)

227

+	eapply "${FILESDIR}/${PN}-2.6-do-not-call-dbus-functions-with-NULL-path.patch"

228

+

229

+	# bug (640492)

230

+	sed -i 's#-Werror ##' wpa_supplicant/Makefile || die

231

+

232

+	#CVE-2019-16275 bug #696030

233

+	eapply "${FILESDIR}/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch"

234

+}

235

+

236

+src_configure() {

237

+	# Toolchain setup

238

+	tc-export CC

239

+

240

+	cp defconfig .config || die

241

+

242

+	# Basic setup

243

+	Kconfig_style_config CTRL_IFACE

244

+	Kconfig_style_config MATCH_IFACE

245

+	Kconfig_style_config BACKEND file

246

+	Kconfig_style_config IBSS_RSN

247

+	Kconfig_style_config IEEE80211W

248

+	Kconfig_style_config IEEE80211R

249

+	Kconfig_style_config HT_OVERRIDES

250

+	Kconfig_style_config VHT_OVERRIDES

251

+	Kconfig_style_config OCV

252

+	Kconfig_style_config TLSV11

253

+	Kconfig_style_config TLSV12

254

+	Kconfig_style_config GETRANDOM

255

+	Kconfig_style_config MBO

256

+

257

+	# Basic authentication methods

258

+	# NOTE: we don't set GPSK or SAKE as they conflict

259

+	# with the below options

260

+	Kconfig_style_config EAP_GTC

261

+	Kconfig_style_config EAP_MD5

262

+	Kconfig_style_config EAP_OTP

263

+	Kconfig_style_config EAP_PAX

264

+	Kconfig_style_config EAP_PSK

265

+	Kconfig_style_config IEEE8021X_EAPOL

266

+	Kconfig_style_config PKCS12

267

+	Kconfig_style_config PEERKEY

268

+	Kconfig_style_config EAP_LEAP

269

+	Kconfig_style_config EAP_MSCHAPV2

270

+	Kconfig_style_config EAP_PEAP

271

+	Kconfig_style_config EAP_TEAP

272

+	Kconfig_style_config EAP_TLS

273

+	Kconfig_style_config EAP_TTLS

274

+

275

+	# Enabling background scanning.

276

+	Kconfig_style_config BGSCAN_SIMPLE

277

+	Kconfig_style_config BGSCAN_LEARN

278

+

279

+	if use dbus ; then

280

+		Kconfig_style_config CTRL_IFACE_DBUS

281

+		Kconfig_style_config CTRL_IFACE_DBUS_NEW

282

+		Kconfig_style_config CTRL_IFACE_DBUS_INTRO

283

+	else

284

+		Kconfig_style_config CTRL_IFACE_DBUS n

285

+		Kconfig_style_config CTRL_IFACE_DBUS_NEW n

286

+		Kconfig_style_config CTRL_IFACE_DBUS_INTRO n

287

+	fi

288

+

289

+	if use eapol_test ; then

290

+		Kconfig_style_config EAPOL_TEST

291

+	fi

292

+

293

+	# Enable support for writing debug info to a log file and syslog.

294

+	Kconfig_style_config DEBUG_FILE

295

+	Kconfig_style_config DEBUG_SYSLOG

296

+

297

+	if use hs2-0 ; then

298

+		Kconfig_style_config INTERWORKING

299

+		Kconfig_style_config HS20

300

+	fi

301

+

302

+	if use uncommon-eap-types; then

303

+		Kconfig_style_config EAP_GPSK

304

+		Kconfig_style_config EAP_SAKE

305

+		Kconfig_style_config EAP_GPSK_SHA256

306

+		Kconfig_style_config EAP_IKEV2

307

+		Kconfig_style_config EAP_EKE

308

+	fi

309

+

310

+	if use eap-sim ; then

311

+		# Smart card authentication

312

+		Kconfig_style_config EAP_SIM

313

+		Kconfig_style_config EAP_AKA

314

+		Kconfig_style_config EAP_AKA_PRIME

315

+		Kconfig_style_config PCSC

316

+	fi

317

+

318

+	if use fasteap ; then

319

+		Kconfig_style_config EAP_FAST

320

+	fi

321

+

322

+	if use readline ; then

323

+		# readline/history support for wpa_cli

324

+		Kconfig_style_config READLINE

325

+	else

326

+		#internal line edit mode for wpa_cli

327

+		Kconfig_style_config WPA_CLI_EDIT

328

+	fi

329

+

330

+	Kconfig_style_config TLS openssl

331

+	Kconfig_style_config FST

332

+	if ! use bindist || use libressl; then

333

+		Kconfig_style_config EAP_PWD

334

+		if use fils; then

335

+			Kconfig_style_config FILS

336

+			Kconfig_style_config FILS_SK_PFS

337

+		fi

338

+		# Enabling mesh networks.

339

+		Kconfig_style_config MESH

340

+		#WPA3

341

+		Kconfig_style_config OWE

342

+		Kconfig_style_config SAE

343

+		Kconfig_style_config DPP

344

+		Kconfig_style_config SUITEB192

345

+	fi

346

+	if ! use bindist && ! use libressl; then

347

+		Kconfig_style_config SUITEB

348

+	fi

349

+

350

+	if use smartcard ; then

351

+		Kconfig_style_config SMARTCARD

352

+	else

353

+		Kconfig_style_config SMARTCARD n

354

+	fi

355

+

356

+	if use tdls ; then

357

+		Kconfig_style_config TDLS

358

+	fi

359

+

360

+	if use kernel_linux ; then

361

+		# Linux specific drivers

362

+		Kconfig_style_config DRIVER_ATMEL

363

+		Kconfig_style_config DRIVER_HOSTAP

364

+		Kconfig_style_config DRIVER_IPW

365

+		Kconfig_style_config DRIVER_NL80211

366

+		Kconfig_style_config DRIVER_RALINK

367

+		Kconfig_style_config DRIVER_WEXT

368

+		Kconfig_style_config DRIVER_WIRED

369

+

370

+		if use macsec ; then

371

+			#requires something, no idea what

372

+			#Kconfig_style_config DRIVER_MACSEC_QCA

373

+			Kconfig_style_config DRIVER_MACSEC_LINUX

374

+			Kconfig_style_config MACSEC

375

+		fi

376

+

377

+		if use ps3 ; then

378

+			Kconfig_style_config DRIVER_PS3

379

+		fi

380

+

381

+	elif use kernel_FreeBSD ; then

382

+		# FreeBSD specific driver

383

+		Kconfig_style_config DRIVER_BSD

384

+	fi

385

+

386

+	# Wi-Fi Protected Setup (WPS)

387

+	if use wps ; then

388

+		Kconfig_style_config WPS

389

+		Kconfig_style_config WPS2

390

+		# USB Flash Drive

391

+		Kconfig_style_config WPS_UFD

392

+		# External Registrar

393

+		Kconfig_style_config WPS_ER

394

+		# Universal Plug'n'Play

395

+		Kconfig_style_config WPS_UPNP

396

+		# Near Field Communication

397

+		Kconfig_style_config WPS_NFC

398

+	else

399

+		Kconfig_style_config WPS n

400

+	fi

401

+

402

+	# Wi-Fi Direct (WiDi)

403

+	if use p2p ; then

404

+		Kconfig_style_config P2P

405

+		Kconfig_style_config WIFI_DISPLAY

406

+	fi

407

+

408

+	# Access Point Mode

409

+	if use ap ; then

410

+		Kconfig_style_config AP

411

+	else

412

+		Kconfig_style_config AP n

413

+	fi

414

+

415

+	# Enable essentials for AP/P2P

416

+	if use ap || use p2p ; then

417

+		# Enabling HT support (802.11n)

418

+		Kconfig_style_config IEEE80211N

419

+

420

+		# Enabling VHT support (802.11ac)

421

+		Kconfig_style_config IEEE80211AC

422

+	fi

423

+

424

+	# Enable mitigation against certain attacks against TKIP

425

+	Kconfig_style_config DELAYED_MIC_ERROR_REPORT

426

+

427

+	if use privsep ; then

428

+		Kconfig_style_config PRIVSEP

429

+	fi

430

+

431

+	# If we are using libnl 2.0 and above, enable support for it

432

+	# Bug 382159

433

+	# Removed for now, since the 3.2 version is broken, and we don't

434

+	# support it.

435

+	if has_version ">=dev-libs/libnl-3.2"; then

436

+		Kconfig_style_config LIBNL32

437

+	fi

438

+

439

+	if use qt5 ; then

440

+		pushd "${S}"/wpa_gui-qt4 > /dev/null || die

441

+		eqmake5 wpa_gui.pro

442

+		popd > /dev/null || die

443

+	fi

444

+}

445

+

446

+src_compile() {

447

+	einfo "Building wpa_supplicant"

448

+	emake V=1 BINDIR=/usr/sbin

449

+

450

+	if use wimax; then

451

+		emake -C ../src/eap_peer clean

452

+		emake -C ../src/eap_peer

453

+	fi

454

+

455

+	if use qt5; then

456

+		einfo "Building wpa_gui"

457

+		emake -C "${S}"/wpa_gui-qt4

458

+	fi

459

+

460

+	if use eapol_test ; then

461

+		emake eapol_test

462

+	fi

463

+}

464

+

465

+src_install() {

466

+	dosbin wpa_supplicant

467

+	use privsep && dosbin wpa_priv

468

+	dobin wpa_cli wpa_passphrase

469

+

470

+	# baselayout-1 compat

471

+	if has_version "<sys-apps/baselayout-2.0.0"; then

472

+		dodir /sbin

473

+		dosym ../usr/sbin/wpa_supplicant /sbin/wpa_supplicant

474

+		dodir /bin

475

+		dosym ../usr/bin/wpa_cli /bin/wpa_cli

476

+	fi

477

+

478

+	if has_version ">=sys-apps/openrc-0.5.0"; then

479

+		newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant

480

+		newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant

481

+	fi

482

+

483

+	exeinto /etc/wpa_supplicant/

484

+	newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh

485

+

486

+	readme.gentoo_create_doc

487

+	dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \

488

+		wpa_supplicant.conf

489

+

490

+	newdoc .config build-config

491

+

492

+	if [ "${PV}" != "9999" ]; then

493

+		doman doc/docbook/*.{5,8}

494

+	fi

495

+

496

+	if use qt5 ; then

497

+		into /usr

498

+		dobin wpa_gui-qt4/wpa_gui

499

+		doicon wpa_gui-qt4/icons/wpa_gui.svg

500

+		domenu wpa_gui-qt4/wpa_gui.desktop

501

+	else

502

+		rm "${ED}"/usr/share/man/man8/wpa_gui.8

503

+	fi

504

+

505

+	use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install

506

+

507

+	if use dbus ; then

508

+		pushd "${S}"/dbus > /dev/null || die

509

+		insinto /etc/dbus-1/system.d

510

+		newins dbus-wpa_supplicant.conf wpa_supplicant.conf

511

+		insinto /usr/share/dbus-1/system-services

512

+		doins fi.w1.wpa_supplicant1.service

513

+		popd > /dev/null || die

514

+

515

+		# This unit relies on dbus support, bug 538600.

516

+		systemd_dounit systemd/wpa_supplicant.service

517

+	fi

518

+

519

+	if use eapol_test ; then

520

+		dobin eapol_test

521

+	fi

522

+

523

+	systemd_dounit "systemd/wpa_supplicant@.service"

524

+	systemd_dounit "systemd/wpa_supplicant-nl80211@.service"

525

+	systemd_dounit "systemd/wpa_supplicant-wired@.service"

526

+}

527

+

528

+pkg_postinst() {

529

+	readme.gentoo_print_elog

530

+

531

+	if [[ -e "${EROOT%/}"/etc/wpa_supplicant.conf ]] ; then

532

+		echo

533

+		ewarn "WARNING: your old configuration file ${EROOT%/}/etc/wpa_supplicant.conf"

534

+		ewarn "needs to be moved to ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf"

535

+	fi

536

+

537

+	if use bindist; then

538

+		if ! use libressl; then

539

+			ewarn "Using bindist use flag presently breaks WPA3 (specifically SAE, OWE, DPP, and FILS)."

540

+			ewarn "This is incredibly undesirable"

541

+		fi

542

+	fi

543

+	if use libressl; then

544

+		ewarn "Libressl doesn't support SUITEB (part of WPA3)"

545

+		ewarn "but it does support SUITEB192 (the upgraded strength version of the same)"

546

+		ewarn "You probably don't care.  Patches welcome"

547

+	fi

548

+

549

+	# Mea culpa, feel free to remove that after some time --mgorny.

550

+	local fn

551

+	for fn in wpa_supplicant{,@wlan0}.service; do

552

+		if [[ -e "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} ]]

553

+		then

554

+			ebegin "Moving ${fn} to multi-user.target"

555

+			mv "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} \

556

+				"${EROOT%/}"/etc/systemd/system/multi-user.target.wants/ || die

557

+			eend ${?} \

558

+				"Please try to re-enable ${fn}"

559

+		fi

560

+	done

561

+

562

+	systemd_reenable wpa_supplicant.service

563

+}

1	commit: 38457d7ed121534eadb492deb0e9048f41d13a94
2	Author: Rick Farina <zerochaos <AT> gentoo <DOT> org>
3	AuthorDate: Mon Nov 4 16:31:53 2019 +0000
4	Commit: Rick Farina <zerochaos <AT> gentoo <DOT> org>
5	CommitDate: Mon Nov 4 16:31:53 2019 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38457d7e
7
8	net-wireless/wpa_supplicant: fix bug #696030
9
10	Package-Manager: Portage-2.3.78, Repoman-2.3.17
11	Signed-off-by: Rick Farina <zerochaos <AT> gentoo.org>
12
13	...y-ignore-management-frame-from-unexpected.patch \| 73 ++++
14	.../wpa_supplicant/wpa_supplicant-2.9-r1.ebuild \| 461 +++++++++++++++++++++
15	2 files changed, 534 insertions(+)
16
17	diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch
18	new file mode 100644
19	index 00000000000..d764a9db016
20	--- /dev/null
21	+++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch
22	@@ -0,0 +1,73 @@
23	+From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
24	+From: Jouni Malinen <j@××.fi>
25	+Date: Thu, 29 Aug 2019 11:52:04 +0300
26	+Subject: [PATCH] AP: Silently ignore management frame from unexpected source
27	+ address
28	+
29	+Do not process any received Management frames with unexpected/invalid SA
30	+so that we do not add any state for unexpected STA addresses or end up
31	+sending out frames to unexpected destination. This prevents unexpected
32	+sequences where an unprotected frame might end up causing the AP to send
33	+out a response to another device and that other device processing the
34	+unexpected response.
35	+
36	+In particular, this prevents some potential denial of service cases
37	+where the unexpected response frame from the AP might result in a
38	+connected station dropping its association.
39	+
40	+Signed-off-by: Jouni Malinen <j@××.fi>
41	+---
42	+ src/ap/drv_callbacks.c \| 13 +++++++++++++
43	+ src/ap/ieee802_11.c \| 12 ++++++++++++
44	+ 2 files changed, 25 insertions(+)
45	+
46	+diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
47	+index 31587685fe3b..34ca379edc3d 100644
48	+--- a/src/ap/drv_callbacks.c
49	++++ b/src/ap/drv_callbacks.c
50	+@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data hapd, const u8 addr,
51	+ "hostapd_notif_assoc: Skip event with no address");
52	+ return -1;
53	+ }
54	++
55	++ if (is_multicast_ether_addr(addr) \|\|
56	++ is_zero_ether_addr(addr) \|\|
57	++ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
58	++ /* Do not process any frames with unexpected/invalid SA so that
59	++ * we do not add any state for unexpected STA addresses or end
60	++ * up sending out frames to unexpected destination. */
61	++ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
62	++ " in received indication - ignore this indication silently",
63	++ __func__, MAC2STR(addr));
64	++ return 0;
65	++ }
66	++
67	+ random_add_randomness(addr, ETH_ALEN);
68	+
69	+ hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
70	+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
71	+index c85a28db44b7..e7065372e158 100644
72	+--- a/src/ap/ieee802_11.c
73	++++ b/src/ap/ieee802_11.c
74	+@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data hapd, const u8 buf, size_t len,
75	+ fc = le_to_host16(mgmt->frame_control);
76	+ stype = WLAN_FC_GET_STYPE(fc);
77	+
78	++ if (is_multicast_ether_addr(mgmt->sa) \|\|
79	++ is_zero_ether_addr(mgmt->sa) \|\|
80	++ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
81	++ /* Do not process any frames with unexpected/invalid SA so that
82	++ * we do not add any state for unexpected STA addresses or end
83	++ * up sending out frames to unexpected destination. */
84	++ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
85	++ " in received frame - ignore this frame silently",
86	++ MAC2STR(mgmt->sa));
87	++ return 0;
88	++ }
89	++
90	+ if (stype == WLAN_FC_STYPE_BEACON) {
91	+ handle_beacon(hapd, mgmt, len, fi);
92	+ return 1;
93	+--
94	+2.20.1
95	+
96
97	diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r1.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r1.ebuild
98	new file mode 100644
99	index 00000000000..6b9f21781fc
100	--- /dev/null
101	+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r1.ebuild
102	@@ -0,0 +1,461 @@
103	+# Copyright 1999-2019 Gentoo Authors
104	+# Distributed under the terms of the GNU General Public License v2
105	+
106	+EAPI=6
107	+
108	+inherit eutils qmake-utils systemd toolchain-funcs readme.gentoo-r1
109	+
110	+DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers"
111	+HOMEPAGE="https://w1.fi/wpa_supplicant/"
112	+LICENSE="\|\| ( GPL-2 BSD )"
113	+
114	+if [ "${PV}" = "9999" ]; then
115	+ inherit git-r3
116	+ EGIT_REPO_URI="https://w1.fi/hostap.git"
117	+else
118	+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
119	+ SRC_URI="https://w1.fi/releases/${P}.tar.gz"
120	+fi
121	+
122	+SLOT="0"
123	+IUSE="ap bindist dbus eap-sim eapol_test fasteap +fils +hs2-0 libressl macsec p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
124	+
125	+# CONFIG_PRIVSEP=y does not have sufficient support for the new driver
126	+# interface functions used for MACsec, so this combination cannot be used
127	+# at least for now.
128	+REQUIRED_USE="
129	+ macsec? ( !privsep )
130	+ privsep? ( !macsec )
131	+"
132	+
133	+CDEPEND="dbus? ( sys-apps/dbus )
134	+ kernel_linux? (
135	+ dev-libs/libnl:3
136	+ net-wireless/crda
137	+ eap-sim? ( sys-apps/pcsc-lite )
138	+ )
139	+ !kernel_linux? ( net-libs/libpcap )
140	+ qt5? (
141	+ dev-qt/qtcore:5
142	+ dev-qt/qtgui:5
143	+ dev-qt/qtsvg:5
144	+ dev-qt/qtwidgets:5
145	+ )
146	+ readline? (
147	+ sys-libs/ncurses:0=
148	+ sys-libs/readline:0=
149	+ )
150	+ !libressl? ( >=dev-libs/openssl-1.0.2k:0=[bindist=] )
151	+ libressl? ( dev-libs/libressl:0= )
152	+"
153	+DEPEND="${CDEPEND}
154	+ virtual/pkgconfig
155	+"
156	+RDEPEND="${CDEPEND}
157	+ selinux? ( sec-policy/selinux-networkmanager )
158	+"
159	+
160	+DOC_CONTENTS="
161	+ If this is a clean installation of wpa_supplicant, you
162	+ have to create a configuration file named
163	+ ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf
164	+ An example configuration file is available for reference in
165	+ ${EROOT%/}/usr/share/doc/${PF}/
166	+"
167	+
168	+S="${WORKDIR}/${P}/${PN}"
169	+
170	+Kconfig_style_config() {
171	+ #param 1 is CONFIG_* item
172	+ #param 2 is what to set it = to, defaulting in y
173	+ CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1"
174	+ setting="${2:-y}"
175	+
176	+ if [ ! $setting = n ]; then
177	+ #first remove any leading "# " if $2 is not n
178	+ sed -i "/^# $CONFIG_PARAM=/s/^# //" .config \|\| echo "Kconfig_style_config error uncommenting $CONFIG_PARAM"
179	+ #set item = $setting (defaulting to y)
180	+ sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config \|\| echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting"
181	+ if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then
182	+ echo "$CONFIG_PARAM=$setting" >>.config
183	+ fi
184	+ else
185	+ #ensure item commented out
186	+ sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config \|\| echo "Kconfig_style_config error commenting $CONFIG_PARAM"
187	+ fi
188	+}
189	+
190	+src_prepare() {
191	+ default
192	+
193	+ # net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD
194	+ sed -i \
195	+ -e "s:\(#include <pcap\.h>\):#include <net/bpf.h>\n\1:" \
196	+ ../src/l2_packet/l2_packet_freebsd.c \|\| die
197	+
198	+ # People seem to take the example configuration file too literally (bug #102361)
199	+ sed -i \
200	+ -e "s:^\(opensc_engine_path\):#\1:" \
201	+ -e "s:^\(pkcs11_engine_path\):#\1:" \
202	+ -e "s:^\(pkcs11_module_path\):#\1:" \
203	+ wpa_supplicant.conf \|\| die
204	+
205	+ # Change configuration to match Gentoo locations (bug #143750)
206	+ sed -i \
207	+ -e "s:/usr/lib/opensc:/usr/$(get_libdir):" \
208	+ -e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \
209	+ wpa_supplicant.conf \|\| die
210	+
211	+ # systemd entries to D-Bus service files (bug #372877)
212	+ echo 'SystemdService=wpa_supplicant.service' \
213	+ \| tee -a dbus/*.service >/dev/null \|\| die
214	+
215	+ cd "${WORKDIR}/${P}" \|\| die
216	+
217	+ if use wimax; then
218	+ # generate-libeap-peer.patch comes before
219	+ # fix-undefined-reference-to-random_get_bytes.patch
220	+ eapply "${FILESDIR}/${P}-generate-libeap-peer.patch"
221	+
222	+ # multilib-strict fix (bug #373685)
223	+ sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile \|\| die
224	+ fi
225	+
226	+ # bug (320097)
227	+ eapply "${FILESDIR}/${PN}-2.6-do-not-call-dbus-functions-with-NULL-path.patch"
228	+
229	+ # bug (640492)
230	+ sed -i 's#-Werror ##' wpa_supplicant/Makefile \|\| die
231	+
232	+ #CVE-2019-16275 bug #696030
233	+ eapply "${FILESDIR}/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch"
234	+}
235	+
236	+src_configure() {
237	+ # Toolchain setup
238	+ tc-export CC
239	+
240	+ cp defconfig .config \|\| die
241	+
242	+ # Basic setup
243	+ Kconfig_style_config CTRL_IFACE
244	+ Kconfig_style_config MATCH_IFACE
245	+ Kconfig_style_config BACKEND file
246	+ Kconfig_style_config IBSS_RSN
247	+ Kconfig_style_config IEEE80211W
248	+ Kconfig_style_config IEEE80211R
249	+ Kconfig_style_config HT_OVERRIDES
250	+ Kconfig_style_config VHT_OVERRIDES
251	+ Kconfig_style_config OCV
252	+ Kconfig_style_config TLSV11
253	+ Kconfig_style_config TLSV12
254	+ Kconfig_style_config GETRANDOM
255	+ Kconfig_style_config MBO
256	+
257	+ # Basic authentication methods
258	+ # NOTE: we don't set GPSK or SAKE as they conflict
259	+ # with the below options
260	+ Kconfig_style_config EAP_GTC
261	+ Kconfig_style_config EAP_MD5
262	+ Kconfig_style_config EAP_OTP
263	+ Kconfig_style_config EAP_PAX
264	+ Kconfig_style_config EAP_PSK
265	+ Kconfig_style_config IEEE8021X_EAPOL
266	+ Kconfig_style_config PKCS12
267	+ Kconfig_style_config PEERKEY
268	+ Kconfig_style_config EAP_LEAP
269	+ Kconfig_style_config EAP_MSCHAPV2
270	+ Kconfig_style_config EAP_PEAP
271	+ Kconfig_style_config EAP_TEAP
272	+ Kconfig_style_config EAP_TLS
273	+ Kconfig_style_config EAP_TTLS
274	+
275	+ # Enabling background scanning.
276	+ Kconfig_style_config BGSCAN_SIMPLE
277	+ Kconfig_style_config BGSCAN_LEARN
278	+
279	+ if use dbus ; then
280	+ Kconfig_style_config CTRL_IFACE_DBUS
281	+ Kconfig_style_config CTRL_IFACE_DBUS_NEW
282	+ Kconfig_style_config CTRL_IFACE_DBUS_INTRO
283	+ else
284	+ Kconfig_style_config CTRL_IFACE_DBUS n
285	+ Kconfig_style_config CTRL_IFACE_DBUS_NEW n
286	+ Kconfig_style_config CTRL_IFACE_DBUS_INTRO n
287	+ fi
288	+
289	+ if use eapol_test ; then
290	+ Kconfig_style_config EAPOL_TEST
291	+ fi
292	+
293	+ # Enable support for writing debug info to a log file and syslog.
294	+ Kconfig_style_config DEBUG_FILE
295	+ Kconfig_style_config DEBUG_SYSLOG
296	+
297	+ if use hs2-0 ; then
298	+ Kconfig_style_config INTERWORKING
299	+ Kconfig_style_config HS20
300	+ fi
301	+
302	+ if use uncommon-eap-types; then
303	+ Kconfig_style_config EAP_GPSK
304	+ Kconfig_style_config EAP_SAKE
305	+ Kconfig_style_config EAP_GPSK_SHA256
306	+ Kconfig_style_config EAP_IKEV2
307	+ Kconfig_style_config EAP_EKE
308	+ fi
309	+
310	+ if use eap-sim ; then
311	+ # Smart card authentication
312	+ Kconfig_style_config EAP_SIM
313	+ Kconfig_style_config EAP_AKA
314	+ Kconfig_style_config EAP_AKA_PRIME
315	+ Kconfig_style_config PCSC
316	+ fi
317	+
318	+ if use fasteap ; then
319	+ Kconfig_style_config EAP_FAST
320	+ fi
321	+
322	+ if use readline ; then
323	+ # readline/history support for wpa_cli
324	+ Kconfig_style_config READLINE
325	+ else
326	+ #internal line edit mode for wpa_cli
327	+ Kconfig_style_config WPA_CLI_EDIT
328	+ fi
329	+
330	+ Kconfig_style_config TLS openssl
331	+ Kconfig_style_config FST
332	+ if ! use bindist \|\| use libressl; then
333	+ Kconfig_style_config EAP_PWD
334	+ if use fils; then
335	+ Kconfig_style_config FILS
336	+ Kconfig_style_config FILS_SK_PFS
337	+ fi
338	+ # Enabling mesh networks.
339	+ Kconfig_style_config MESH
340	+ #WPA3
341	+ Kconfig_style_config OWE
342	+ Kconfig_style_config SAE
343	+ Kconfig_style_config DPP
344	+ Kconfig_style_config SUITEB192
345	+ fi
346	+ if ! use bindist && ! use libressl; then
347	+ Kconfig_style_config SUITEB
348	+ fi
349	+
350	+ if use smartcard ; then
351	+ Kconfig_style_config SMARTCARD
352	+ else
353	+ Kconfig_style_config SMARTCARD n
354	+ fi
355	+
356	+ if use tdls ; then
357	+ Kconfig_style_config TDLS
358	+ fi
359	+
360	+ if use kernel_linux ; then
361	+ # Linux specific drivers
362	+ Kconfig_style_config DRIVER_ATMEL
363	+ Kconfig_style_config DRIVER_HOSTAP
364	+ Kconfig_style_config DRIVER_IPW
365	+ Kconfig_style_config DRIVER_NL80211
366	+ Kconfig_style_config DRIVER_RALINK
367	+ Kconfig_style_config DRIVER_WEXT
368	+ Kconfig_style_config DRIVER_WIRED
369	+
370	+ if use macsec ; then
371	+ #requires something, no idea what
372	+ #Kconfig_style_config DRIVER_MACSEC_QCA
373	+ Kconfig_style_config DRIVER_MACSEC_LINUX
374	+ Kconfig_style_config MACSEC
375	+ fi
376	+
377	+ if use ps3 ; then
378	+ Kconfig_style_config DRIVER_PS3
379	+ fi
380	+
381	+ elif use kernel_FreeBSD ; then
382	+ # FreeBSD specific driver
383	+ Kconfig_style_config DRIVER_BSD
384	+ fi
385	+
386	+ # Wi-Fi Protected Setup (WPS)
387	+ if use wps ; then
388	+ Kconfig_style_config WPS
389	+ Kconfig_style_config WPS2
390	+ # USB Flash Drive
391	+ Kconfig_style_config WPS_UFD
392	+ # External Registrar
393	+ Kconfig_style_config WPS_ER
394	+ # Universal Plug'n'Play
395	+ Kconfig_style_config WPS_UPNP
396	+ # Near Field Communication
397	+ Kconfig_style_config WPS_NFC
398	+ else
399	+ Kconfig_style_config WPS n
400	+ fi
401	+
402	+ # Wi-Fi Direct (WiDi)
403	+ if use p2p ; then
404	+ Kconfig_style_config P2P
405	+ Kconfig_style_config WIFI_DISPLAY
406	+ fi
407	+
408	+ # Access Point Mode
409	+ if use ap ; then
410	+ Kconfig_style_config AP
411	+ else
412	+ Kconfig_style_config AP n
413	+ fi
414	+
415	+ # Enable essentials for AP/P2P
416	+ if use ap \|\| use p2p ; then
417	+ # Enabling HT support (802.11n)
418	+ Kconfig_style_config IEEE80211N
419	+
420	+ # Enabling VHT support (802.11ac)
421	+ Kconfig_style_config IEEE80211AC
422	+ fi
423	+
424	+ # Enable mitigation against certain attacks against TKIP
425	+ Kconfig_style_config DELAYED_MIC_ERROR_REPORT
426	+
427	+ if use privsep ; then
428	+ Kconfig_style_config PRIVSEP
429	+ fi
430	+
431	+ # If we are using libnl 2.0 and above, enable support for it
432	+ # Bug 382159
433	+ # Removed for now, since the 3.2 version is broken, and we don't
434	+ # support it.
435	+ if has_version ">=dev-libs/libnl-3.2"; then
436	+ Kconfig_style_config LIBNL32
437	+ fi
438	+
439	+ if use qt5 ; then
440	+ pushd "${S}"/wpa_gui-qt4 > /dev/null \|\| die
441	+ eqmake5 wpa_gui.pro
442	+ popd > /dev/null \|\| die
443	+ fi
444	+}
445	+
446	+src_compile() {
447	+ einfo "Building wpa_supplicant"
448	+ emake V=1 BINDIR=/usr/sbin
449	+
450	+ if use wimax; then
451	+ emake -C ../src/eap_peer clean
452	+ emake -C ../src/eap_peer
453	+ fi
454	+
455	+ if use qt5; then
456	+ einfo "Building wpa_gui"
457	+ emake -C "${S}"/wpa_gui-qt4
458	+ fi
459	+
460	+ if use eapol_test ; then
461	+ emake eapol_test
462	+ fi
463	+}
464	+
465	+src_install() {
466	+ dosbin wpa_supplicant
467	+ use privsep && dosbin wpa_priv
468	+ dobin wpa_cli wpa_passphrase
469	+
470	+ # baselayout-1 compat
471	+ if has_version "<sys-apps/baselayout-2.0.0"; then
472	+ dodir /sbin
473	+ dosym ../usr/sbin/wpa_supplicant /sbin/wpa_supplicant
474	+ dodir /bin
475	+ dosym ../usr/bin/wpa_cli /bin/wpa_cli
476	+ fi
477	+
478	+ if has_version ">=sys-apps/openrc-0.5.0"; then
479	+ newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant
480	+ newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant
481	+ fi
482	+
483	+ exeinto /etc/wpa_supplicant/
484	+ newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh
485	+
486	+ readme.gentoo_create_doc
487	+ dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \
488	+ wpa_supplicant.conf
489	+
490	+ newdoc .config build-config
491	+
492	+ if [ "${PV}" != "9999" ]; then
493	+ doman doc/docbook/*.{5,8}
494	+ fi
495	+
496	+ if use qt5 ; then
497	+ into /usr
498	+ dobin wpa_gui-qt4/wpa_gui
499	+ doicon wpa_gui-qt4/icons/wpa_gui.svg
500	+ domenu wpa_gui-qt4/wpa_gui.desktop
501	+ else
502	+ rm "${ED}"/usr/share/man/man8/wpa_gui.8
503	+ fi
504	+
505	+ use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install
506	+
507	+ if use dbus ; then
508	+ pushd "${S}"/dbus > /dev/null \|\| die
509	+ insinto /etc/dbus-1/system.d
510	+ newins dbus-wpa_supplicant.conf wpa_supplicant.conf
511	+ insinto /usr/share/dbus-1/system-services
512	+ doins fi.w1.wpa_supplicant1.service
513	+ popd > /dev/null \|\| die
514	+
515	+ # This unit relies on dbus support, bug 538600.
516	+ systemd_dounit systemd/wpa_supplicant.service
517	+ fi
518	+
519	+ if use eapol_test ; then
520	+ dobin eapol_test
521	+ fi
522	+
523	+ systemd_dounit "systemd/wpa_supplicant@.service"
524	+ systemd_dounit "systemd/wpa_supplicant-nl80211@.service"
525	+ systemd_dounit "systemd/wpa_supplicant-wired@.service"
526	+}
527	+
528	+pkg_postinst() {
529	+ readme.gentoo_print_elog
530	+
531	+ if [[ -e "${EROOT%/}"/etc/wpa_supplicant.conf ]] ; then
532	+ echo
533	+ ewarn "WARNING: your old configuration file ${EROOT%/}/etc/wpa_supplicant.conf"
534	+ ewarn "needs to be moved to ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf"
535	+ fi
536	+
537	+ if use bindist; then
538	+ if ! use libressl; then
539	+ ewarn "Using bindist use flag presently breaks WPA3 (specifically SAE, OWE, DPP, and FILS)."
540	+ ewarn "This is incredibly undesirable"
541	+ fi
542	+ fi
543	+ if use libressl; then
544	+ ewarn "Libressl doesn't support SUITEB (part of WPA3)"
545	+ ewarn "but it does support SUITEB192 (the upgraded strength version of the same)"
546	+ ewarn "You probably don't care. Patches welcome"
547	+ fi
548	+
549	+ # Mea culpa, feel free to remove that after some time --mgorny.
550	+ local fn
551	+ for fn in wpa_supplicant{,@wlan0}.service; do
552	+ if [[ -e "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} ]]
553	+ then
554	+ ebegin "Moving ${fn} to multi-user.target"
555	+ mv "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} \
556	+ "${EROOT%/}"/etc/systemd/system/multi-user.target.wants/ \|\| die
557	+ eend ${?} \
558	+ "Please try to re-enable ${fn}"
559	+ fi
560	+ done
561	+
562	+ systemd_reenable wpa_supplicant.service
563	+}

Gentoo Archives: gentoo-commits