Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 17 Nov 2016 17:43:33 +0000 (UTC)
From:      Joseph Mingrone <jrm@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r426292 - in head/security/wpa_supplicant: . files
Message-ID:  <201611171743.uAHHhXtk032626@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jrm
Date: Thu Nov 17 17:43:32 2016
New Revision: 426292
URL: https://svnweb.freebsd.org/changeset/ports/426292

Log:
  security/wpa_supplicant: Update to version 2.6 and patch for LibreSSL support
  
  Port changes:
  - Remove patches that have been incorporated upstream
  - Add patches for LibreSSL support
  
  Approved by:	AMDmi3 (mentor)
  Differential Revision:	https://reviews.freebsd.org/D8451

Added:
  head/security/wpa_supplicant/files/patch-src_crypto_crypto__openssl.c   (contents, props changed)
Deleted:
  head/security/wpa_supplicant/files/patch-2015-6-backported-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame
  head/security/wpa_supplicant/files/patch-2015-7-EAP-pwd-peer-Fix-last-fragment-length-validation
  head/security/wpa_supplicant/files/patch-2015-7-EAP-pwd-server-Fix-last-fragment-length-validation
  head/security/wpa_supplicant/files/patch-2015-8-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m
  head/security/wpa_supplicant/files/patch-2016_1_1-WPS-Reject-a-Credential-with-invalid-passphrase
  head/security/wpa_supplicant/files/patch-2016_1_2-Reject-psk-parameter-set-with-invalid-passphrase-cha
  head/security/wpa_supplicant/files/patch-2016_1_3-Remove-newlines-from-wpa_supplicant-config-network-o
  head/security/wpa_supplicant/files/patch-2016_1_4-Reject-SET_CRED-commands-with-newline-characters-in
  head/security/wpa_supplicant/files/patch-2016_1_5-Reject-SET-commands-with-newline-characters-in-the-s
  head/security/wpa_supplicant/files/patch-src_utils_os__unix.c
Modified:
  head/security/wpa_supplicant/Makefile
  head/security/wpa_supplicant/distinfo   (contents, props changed)
  head/security/wpa_supplicant/files/patch-src_crypto_tls__openssl.c
  head/security/wpa_supplicant/files/patch-wpa__supplicant_main.c

Modified: head/security/wpa_supplicant/Makefile
==============================================================================
--- head/security/wpa_supplicant/Makefile	Thu Nov 17 16:56:26 2016	(r426291)
+++ head/security/wpa_supplicant/Makefile	Thu Nov 17 17:43:32 2016	(r426292)
@@ -1,8 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	wpa_supplicant
-PORTVERSION=	2.5
-PORTREVISION=	2
+PORTVERSION=	2.6
 CATEGORIES=	security net
 MASTER_SITES=	http://w1.fi/releases/
 
@@ -96,15 +95,22 @@ PRIVSEP_PLIST_FILES=	sbin/wpa_priv
 
 .include <bsd.port.options.mk>
 
+.if ${PORT_OPTIONS:MNDIS} && ${PORT_OPTIONS:MPRIVSEP}
+BROKEN=	Fails to compile with both NDIS and PRIVSEP
+.endif
+
+.if ${PORT_OPTIONS:MIEEE80211AC} && ${PORT_OPTIONS:MIEEE80211N}
+BROKEN=	Fails to compile with both IEEE80211AC and IEEE80211N
+.endif
+
 .if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME}
 LIB_DEPENDS+=	libpcsclite.so:devel/pcsc-lite
 CFLAGS+=	-I${LOCALBASE}/include/PCSC
 LDFLAGS+=	-L${LOCALBASE}/lib
 .endif
 
-
 post-patch:
-	${CP} ${FILESDIR}/Packet32.[ch] ${FILESDIR}/ntddndis.h \
+	@${CP} ${FILESDIR}/Packet32.[ch] ${FILESDIR}/ntddndis.h \
 		${WRKSRC}/src/utils
 	# Set driver(s)
 .for item in BSD NDIS WIRED ROBOSWITCH TEST NONE
@@ -157,12 +163,12 @@ do-install:
 	${INSTALL_DATA} ${BUILD_WRKSRC}/wpa_supplicant.conf \
 		${STAGEDIR}${PREFIX}/etc/wpa_supplicant.conf.sample
 
-do-install-PRIVSEP-on:
-	${INSTALL_PROGRAM} ${BUILD_WRKSRC}/wpa_priv ${STAGEDIR}${PREFIX}/sbin
-
 do-install-DOCS-on:
 	@${MKDIR} ${STAGEDIR}${DOCSDIR}
 	(cd ${BUILD_WRKSRC} && \
 		${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR})
 
+do-install-PRIVSEP-on:
+	${INSTALL_PROGRAM} ${BUILD_WRKSRC}/wpa_priv ${STAGEDIR}${PREFIX}/sbin
+
 .include <bsd.port.mk>

Modified: head/security/wpa_supplicant/distinfo
==============================================================================
--- head/security/wpa_supplicant/distinfo	Thu Nov 17 16:56:26 2016	(r426291)
+++ head/security/wpa_supplicant/distinfo	Thu Nov 17 17:43:32 2016	(r426292)
@@ -1,2 +1,3 @@
-SHA256 (wpa_supplicant-2.5.tar.gz) = cce55bae483b364eae55c35ba567c279be442ed8bab5b80a3c7fb0d057b9b316
-SIZE (wpa_supplicant-2.5.tar.gz) = 2607336
+TIMESTAMP = 1478049569
+SHA256 (wpa_supplicant-2.6.tar.gz) = b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450
+SIZE (wpa_supplicant-2.6.tar.gz) = 2753524

Added: head/security/wpa_supplicant/files/patch-src_crypto_crypto__openssl.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/wpa_supplicant/files/patch-src_crypto_crypto__openssl.c	Thu Nov 17 17:43:32 2016	(r426292)
@@ -0,0 +1,20 @@
+--- src/crypto/crypto_openssl.c.orig	2016-11-02 18:04:18 UTC
++++ src/crypto/crypto_openssl.c
+@@ -611,7 +611,7 @@ void crypto_cipher_deinit(struct crypto_
+ 
+ void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	DH *dh;
+ 	struct wpabuf *pubkey = NULL, *privkey = NULL;
+ 	size_t publen, privlen;
+@@ -712,7 +712,7 @@ err:
+ 
+ void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	DH *dh;
+ 
+ 	dh = DH_new();

Modified: head/security/wpa_supplicant/files/patch-src_crypto_tls__openssl.c
==============================================================================
--- head/security/wpa_supplicant/files/patch-src_crypto_tls__openssl.c	Thu Nov 17 16:56:26 2016	(r426291)
+++ head/security/wpa_supplicant/files/patch-src_crypto_tls__openssl.c	Thu Nov 17 17:43:32 2016	(r426292)
@@ -1,67 +1,29 @@
-Compatibility fixes for LibreSSL
-
---- src/crypto/tls_openssl.c.orig	2015-09-27 19:02:05 UTC
+--- src/crypto/tls_openssl.c.orig	2016-11-02 18:46:25 UTC
 +++ src/crypto/tls_openssl.c
-@@ -2229,7 +2229,7 @@ static int tls_parse_pkcs12(struct tls_d
- 	}
- 
- 	if (certs) {
--#if OPENSSL_VERSION_NUMBER >= 0x10002000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
- 		SSL_clear_chain_certs(ssl);
- 		while ((cert = sk_X509_pop(certs)) != NULL) {
- 			X509_NAME_oneline(X509_get_subject_name(cert), buf,
-@@ -2247,7 +2247,7 @@ static int tls_parse_pkcs12(struct tls_d
- 			/* Try to continue anyway */
+@@ -919,7 +919,7 @@ void * tls_init(const struct tls_config 
  		}
- 		sk_X509_free(certs);
--#ifndef OPENSSL_IS_BORINGSSL
-+#if !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER)
- 		res = SSL_build_cert_chain(ssl,
- 					   SSL_BUILD_CHAIN_FLAG_CHECK |
- 					   SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR);
-@@ -2812,7 +2812,7 @@ int tls_connection_get_random(void *ssl_
- 	if (conn == NULL || keys == NULL)
- 		return -1;
- 	ssl = conn->ssl;
+ #endif /* OPENSSL_FIPS */
+ #endif /* CONFIG_FIPS */
 -#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
- 		return -1;
+ 		SSL_load_error_strings();
+ 		SSL_library_init();
+ #ifndef OPENSSL_NO_SHA256
+@@ -1043,7 +1043,7 @@ void tls_deinit(void *ssl_ctx)
  
-@@ -2841,7 +2841,7 @@ int tls_connection_get_random(void *ssl_
- #ifndef CONFIG_FIPS
- static int openssl_get_keyblock_size(SSL *ssl)
- {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	const EVP_CIPHER *c;
- 	const EVP_MD *h;
- 	int md_size;
-@@ -2911,7 +2911,7 @@ static int openssl_tls_prf(struct tls_co
- 		   "mode");
- 	return -1;
- #else /* CONFIG_FIPS */
+ 	tls_openssl_ref_count--;
+ 	if (tls_openssl_ref_count == 0) {
 -#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	SSL *ssl;
- 	u8 *rnd;
- 	int ret = -1;
-@@ -3394,7 +3394,7 @@ int tls_connection_set_cipher_list(void
+ #ifndef OPENSSL_NO_ENGINE
+ 		ENGINE_cleanup();
+ #endif /* OPENSSL_NO_ENGINE */
+@@ -3976,7 +3976,7 @@ int tls_connection_set_params(void *tls_
+ 		engine_id = "pkcs11";
  
- 	wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
- 
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
  #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
- 	if (os_strstr(buf, ":ADH-")) {
- 		/*
-@@ -3977,7 +3977,7 @@ static int tls_sess_sec_cb(SSL *s, void
- 	struct tls_connection *conn = arg;
- 	int ret;
- 
 -#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	if (conn == NULL || conn->session_ticket_cb == NULL)
- 		return 0;
- 
+ 	if (params->flags & TLS_CONN_EAP_FAST) {
+ 		wpa_printf(MSG_DEBUG,
+ 			   "OpenSSL: Use TLSv1_method() for EAP-FAST");

Modified: head/security/wpa_supplicant/files/patch-wpa__supplicant_main.c
==============================================================================
--- head/security/wpa_supplicant/files/patch-wpa__supplicant_main.c	Thu Nov 17 16:56:26 2016	(r426291)
+++ head/security/wpa_supplicant/files/patch-wpa__supplicant_main.c	Thu Nov 17 17:43:32 2016	(r426292)
@@ -1,6 +1,25 @@
---- wpa_supplicant/main.c.orig	2015-03-15 17:30:39 UTC
+--- wpa_supplicant/main.c.orig	2016-11-05 20:56:30 UTC
 +++ wpa_supplicant/main.c
-@@ -173,6 +173,11 @@ int main(int argc, char *argv[])
+@@ -66,7 +66,7 @@ static void usage(void)
+ 	       "  -c = Configuration file\n"
+ 	       "  -C = ctrl_interface parameter (only used if -c is not)\n"
+ 	       "  -d = increase debugging verbosity (-dd even more)\n"
+-	       "  -D = driver name (can be multiple drivers: nl80211,wext)\n"
++	       "  -D = driver name (can be multiple drivers: bsd,wired)\n"
+ 	       "  -e = entropy file\n"
+ #ifdef CONFIG_DEBUG_FILE
+ 	       "  -f = log output to debug file instead of stdout\n"
+@@ -105,8 +105,7 @@ static void usage(void)
+ 	       "  -W = wait for a control interface monitor before starting\n");
+ 
+ 	printf("example:\n"
+-	       "  wpa_supplicant -D%s -iwlan0 -c/etc/wpa_supplicant.conf\n",
+-	       wpa_drivers[0] ? wpa_drivers[0]->name : "nl80211");
++                "  wpa_supplicant -Dbsd -iwlan0 -c/etc/wpa_supplicant.conf\n");
+ #endif /* CONFIG_NO_STDOUT_DEBUG */
+ }
+ 
+@@ -199,6 +198,11 @@ int main(int argc, char *argv[])
  
  	wpa_supplicant_fd_workaround(1);
  
@@ -11,4 +30,4 @@
 +
  	for (;;) {
  		c = getopt(argc, argv,
- 			   "b:Bc:C:D:de:f:g:G:hi:I:KLm:No:O:p:P:qsTtuvW");
+ 			   "b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuvW");



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201611171743.uAHHhXtk032626>