Update to wpa_supplicant-2.5

Tested by me, Gregor Best, and sthen@ Help and ok sthen@
2015-09-29 11:57:54 +00:00 · 2015-09-29 11:57:54 +00:00 · 310baa0355
commit 310baa0355
parent 60575189ab
7 changed files with 107 additions and 26 deletions
--- a/security/wpa_supplicant/Makefile
+++ b/security/wpa_supplicant/Makefile
@ -1,9 +1,8 @@
-# $OpenBSD: Makefile,v 1.29 2015/09/11 16:38:04 sthen Exp $
+# $OpenBSD: Makefile,v 1.30 2015/09/29 11:57:54 dcoppa Exp $

 COMMENT=	IEEE 802.1X supplicant

-DISTNAME=	wpa_supplicant-2.4
-REVISION=	3
+DISTNAME=	wpa_supplicant-2.5
 CATEGORIES=	security net

 HOMEPAGE=	http://w1.fi/wpa_supplicant/
--- a/security/wpa_supplicant/distinfo
+++ b/security/wpa_supplicant/distinfo
@ -1,2 +1,2 @@
-SHA256 (wpa_supplicant-2.4.tar.gz) = BY3IMsCWE5oFnm34FAgPUCUajTE8IbEzZMVKHnAQkSI=
-SIZE (wpa_supplicant-2.4.tar.gz) = 2525648
+SHA256 (wpa_supplicant-2.5.tar.gz) = zOVbrkg7Nk6uVcNbpWfCeb5ELti6tbgKPH+w0Fe5sxY=
+SIZE (wpa_supplicant-2.5.tar.gz) = 2607336
--- a/security/wpa_supplicant/patches/patch-src_crypto_tls_openssl_c
+++ b/security/wpa_supplicant/patches/patch-src_crypto_tls_openssl_c
@ -0,0 +1,69 @@
+$OpenBSD: patch-src_crypto_tls_openssl_c,v 1.3 2015/09/29 11:57:54 dcoppa Exp $
+
+Compatibility fixes for LibreSSL
+
+--- src/crypto/tls_openssl.c.orig	Sun Sep 27 21:02:05 2015
+++ src/crypto/tls_openssl.c	Mon Sep 28 13:43:46 2015
+@@ -2229,7 +2229,7 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL
+ 	}
+ 
+ 	if (certs) {
+-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ 		SSL_clear_chain_certs(ssl);
+ 		while ((cert = sk_X509_pop(certs)) != NULL) {
+ 			X509_NAME_oneline(X509_get_subject_name(cert), buf,
+@@ -2247,7 +2247,7 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL
+ 			/* Try to continue anyway */
+ 		}
+ 		sk_X509_free(certs);
+-#ifndef OPENSSL_IS_BORINGSSL
+#if !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER)
+ 		res = SSL_build_cert_chain(ssl,
+ 					   SSL_BUILD_CHAIN_FLAG_CHECK |
+ 					   SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR);
+@@ -2812,7 +2812,7 @@ int tls_connection_get_random(void *ssl_ctx, struct tl
+ 	if (conn == NULL || keys == NULL)
+ 		return -1;
+ 	ssl = conn->ssl;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
+ 		return -1;
+ 
+@@ -2841,7 +2841,7 @@ int tls_connection_get_random(void *ssl_ctx, struct tl
+ #ifndef CONFIG_FIPS
+ static int openssl_get_keyblock_size(SSL *ssl)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	const EVP_CIPHER *c;
+ 	const EVP_MD *h;
+ 	int md_size;
+@@ -2911,7 +2911,7 @@ static int openssl_tls_prf(struct tls_connection *conn
+ 		   "mode");
+ 	return -1;
+ #else /* CONFIG_FIPS */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	SSL *ssl;
+ 	u8 *rnd;
+ 	int ret = -1;
+@@ -3394,7 +3394,7 @@ int tls_connection_set_cipher_list(void *tls_ctx, stru
+ 
+ 	wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
+ 	if (os_strstr(buf, ":ADH-")) {
+ 		/*
+@@ -3977,7 +3977,7 @@ static int tls_sess_sec_cb(SSL *s, void *secret, int *
+ 	struct tls_connection *conn = arg;
+ 	int ret;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	if (conn == NULL || conn->session_ticket_cb == NULL)
+ 		return 0;
+ 
--- a/security/wpa_supplicant/patches/patch-src_drivers_driver_openbsd_c
+++ b/security/wpa_supplicant/patches/patch-src_drivers_driver_openbsd_c
@ -1,14 +1,24 @@
-$OpenBSD: patch-src_drivers_driver_openbsd_c,v 1.3 2014/03/18 05:57:22 dcoppa Exp $
+$OpenBSD: patch-src_drivers_driver_openbsd_c,v 1.4 2015/09/29 11:57:54 dcoppa Exp $

-missing include
+fix includes

--- src/drivers/driver_openbsd.c.orig	Fri Mar 14 10:44:23 2014
-+++ src/drivers/driver_openbsd.c	Fri Mar 14 10:44:46 2014
-@@ -10,6 +10,7 @@
+--- src/drivers/driver_openbsd.c.orig	Sun Sep 27 21:02:05 2015
+++ src/drivers/driver_openbsd.c	Mon Sep 28 09:51:53 2015
+@@ -9,13 +9,14 @@
+ #include "includes.h"
 #include <sys/ioctl.h>
 
+#include "common.h"
+#include "driver.h"
+
 #include <net/if.h>
 +#include <net/if_var.h>
 #include <net80211/ieee80211.h>
 #include <net80211/ieee80211_crypto.h>
 #include <net80211/ieee80211_ioctl.h>
+-
+-#include "common.h"
+-#include "driver.h"
+ 
+ struct openbsd_driver_data {
+ 	char ifname[IFNAMSIZ + 1];
--- a/security/wpa_supplicant/patches/patch-src_utils_eloop_c
+++ b/security/wpa_supplicant/patches/patch-src_utils_eloop_c
@ -1,10 +1,10 @@
-$OpenBSD: patch-src_utils_eloop_c,v 1.4 2015/03/18 15:35:44 dcoppa Exp $
+$OpenBSD: patch-src_utils_eloop_c,v 1.5 2015/09/29 11:57:54 dcoppa Exp $

 don't try to access list members to free them unless already initialised

--- src/utils/eloop.c.orig	Sun Mar 15 12:30:39 2015
-+++ src/utils/eloop.c	Wed Mar 18 04:20:32 2015
-@@ -1035,6 +1035,9 @@ void eloop_destroy(void)
+--- src/utils/eloop.c.orig	Sun Sep 27 21:02:05 2015
+++ src/utils/eloop.c	Mon Sep 28 09:35:05 2015
+@@ -1064,6 +1064,9 @@ void eloop_destroy(void)
 	struct eloop_timeout *timeout, *prev;
 	struct os_reltime now;
 
--- a/security/wpa_supplicant/patches/patch-wpa_supplicant_Makefile
+++ b/security/wpa_supplicant/patches/patch-wpa_supplicant_Makefile
@ -1,17 +1,20 @@
-$OpenBSD: patch-wpa_supplicant_Makefile,v 1.7 2015/07/19 21:44:07 jasper Exp $
--- wpa_supplicant/Makefile.orig	Sun Mar 15 12:30:39 2015
-+++ wpa_supplicant/Makefile	Wed Mar 18 04:20:32 2015
-@@ -121,13 +121,6 @@ CONFIG_ELOOP=eloop
- endif
+$OpenBSD: patch-wpa_supplicant_Makefile,v 1.8 2015/09/29 11:57:54 dcoppa Exp $
+--- wpa_supplicant/Makefile.orig	Mon Sep 28 09:36:07 2015
+++ wpa_supplicant/Makefile	Mon Sep 28 09:36:36 2015
+@@ -131,16 +131,6 @@ endif
 OBJS += ../src/utils/$(CONFIG_ELOOP).o
 OBJS_c += ../src/utils/$(CONFIG_ELOOP).o
-
+ 
+-ifndef CONFIG_OSX
 -ifeq ($(CONFIG_ELOOP), eloop)
 -# Using glibc < 2.17 requires -lrt for clock_gettime()
+-# OS X has an alternate implementation
 -LIBS += -lrt
 -LIBS_c += -lrt
 -LIBS_p += -lrt
 -endif
- 
+-endif
+-
 ifdef CONFIG_ELOOP_POLL
 CFLAGS += -DCONFIG_ELOOP_POLL
+ endif
--- a/security/wpa_supplicant/patches/patch-wpa_supplicant_main_c
+++ b/security/wpa_supplicant/patches/patch-wpa_supplicant_main_c
@ -1,10 +1,10 @@
-$OpenBSD: patch-wpa_supplicant_main_c,v 1.1 2014/09/08 08:28:23 dcoppa Exp $
+$OpenBSD: patch-wpa_supplicant_main_c,v 1.2 2015/09/29 11:57:54 dcoppa Exp $

 Remove Linuxisms from usage()

--- wpa_supplicant/main.c.orig	Wed Jun  4 15:26:14 2014
-+++ wpa_supplicant/main.c	Mon Sep  8 09:45:48 2014
-@@ -67,7 +67,7 @@ static void usage(void)
+--- wpa_supplicant/main.c.orig	Sun Sep 27 21:02:05 2015
+++ wpa_supplicant/main.c	Mon Sep 28 09:35:05 2015
+@@ -68,7 +68,7 @@ static void usage(void)
 	       "  -i = interface name\n"
 	       "  -I = additional configuration file\n"
 	       "  -d = increase debugging verbosity (-dd even more)\n"
@ -13,7 +13,7 @@ Remove Linuxisms from usage()
 	       "  -e = entropy file\n");
 #ifdef CONFIG_DEBUG_FILE
 	printf("  -f = log output to debug file instead of stdout\n");
-@@ -101,8 +101,7 @@ static void usage(void)
+@@ -102,8 +102,7 @@ static void usage(void)
 	       "  -N = start describing new interface\n");
 
 	printf("example:\n"