svn commit: r426292 - in head/security/wpa_supplicant: . files
Joseph Mingrone
jrm at FreeBSD.org
Thu Nov 17 17:43:34 UTC 2016
Author: jrm
Date: Thu Nov 17 17:43:32 2016
New Revision: 426292
URL: https://svnweb.freebsd.org/changeset/ports/426292
Log:
security/wpa_supplicant: Update to version 2.6 and patch for LibreSSL support
Port changes:
- Remove patches that have been incorporated upstream
- Add patches for LibreSSL support
Approved by: AMDmi3 (mentor)
Differential Revision: https://reviews.freebsd.org/D8451
Added:
head/security/wpa_supplicant/files/patch-src_crypto_crypto__openssl.c (contents, props changed)
Deleted:
head/security/wpa_supplicant/files/patch-2015-6-backported-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame
head/security/wpa_supplicant/files/patch-2015-7-EAP-pwd-peer-Fix-last-fragment-length-validation
head/security/wpa_supplicant/files/patch-2015-7-EAP-pwd-server-Fix-last-fragment-length-validation
head/security/wpa_supplicant/files/patch-2015-8-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m
head/security/wpa_supplicant/files/patch-2016_1_1-WPS-Reject-a-Credential-with-invalid-passphrase
head/security/wpa_supplicant/files/patch-2016_1_2-Reject-psk-parameter-set-with-invalid-passphrase-cha
head/security/wpa_supplicant/files/patch-2016_1_3-Remove-newlines-from-wpa_supplicant-config-network-o
head/security/wpa_supplicant/files/patch-2016_1_4-Reject-SET_CRED-commands-with-newline-characters-in
head/security/wpa_supplicant/files/patch-2016_1_5-Reject-SET-commands-with-newline-characters-in-the-s
head/security/wpa_supplicant/files/patch-src_utils_os__unix.c
Modified:
head/security/wpa_supplicant/Makefile
head/security/wpa_supplicant/distinfo (contents, props changed)
head/security/wpa_supplicant/files/patch-src_crypto_tls__openssl.c
head/security/wpa_supplicant/files/patch-wpa__supplicant_main.c
Modified: head/security/wpa_supplicant/Makefile
==============================================================================
--- head/security/wpa_supplicant/Makefile Thu Nov 17 16:56:26 2016 (r426291)
+++ head/security/wpa_supplicant/Makefile Thu Nov 17 17:43:32 2016 (r426292)
@@ -1,8 +1,7 @@
# $FreeBSD$
PORTNAME= wpa_supplicant
-PORTVERSION= 2.5
-PORTREVISION= 2
+PORTVERSION= 2.6
CATEGORIES= security net
MASTER_SITES= http://w1.fi/releases/
@@ -96,15 +95,22 @@ PRIVSEP_PLIST_FILES= sbin/wpa_priv
.include <bsd.port.options.mk>
+.if ${PORT_OPTIONS:MNDIS} && ${PORT_OPTIONS:MPRIVSEP}
+BROKEN= Fails to compile with both NDIS and PRIVSEP
+.endif
+
+.if ${PORT_OPTIONS:MIEEE80211AC} && ${PORT_OPTIONS:MIEEE80211N}
+BROKEN= Fails to compile with both IEEE80211AC and IEEE80211N
+.endif
+
.if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME}
LIB_DEPENDS+= libpcsclite.so:devel/pcsc-lite
CFLAGS+= -I${LOCALBASE}/include/PCSC
LDFLAGS+= -L${LOCALBASE}/lib
.endif
-
post-patch:
- ${CP} ${FILESDIR}/Packet32.[ch] ${FILESDIR}/ntddndis.h \
+ @${CP} ${FILESDIR}/Packet32.[ch] ${FILESDIR}/ntddndis.h \
${WRKSRC}/src/utils
# Set driver(s)
.for item in BSD NDIS WIRED ROBOSWITCH TEST NONE
@@ -157,12 +163,12 @@ do-install:
${INSTALL_DATA} ${BUILD_WRKSRC}/wpa_supplicant.conf \
${STAGEDIR}${PREFIX}/etc/wpa_supplicant.conf.sample
-do-install-PRIVSEP-on:
- ${INSTALL_PROGRAM} ${BUILD_WRKSRC}/wpa_priv ${STAGEDIR}${PREFIX}/sbin
-
do-install-DOCS-on:
@${MKDIR} ${STAGEDIR}${DOCSDIR}
(cd ${BUILD_WRKSRC} && \
${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR})
+do-install-PRIVSEP-on:
+ ${INSTALL_PROGRAM} ${BUILD_WRKSRC}/wpa_priv ${STAGEDIR}${PREFIX}/sbin
+
.include <bsd.port.mk>
Modified: head/security/wpa_supplicant/distinfo
==============================================================================
--- head/security/wpa_supplicant/distinfo Thu Nov 17 16:56:26 2016 (r426291)
+++ head/security/wpa_supplicant/distinfo Thu Nov 17 17:43:32 2016 (r426292)
@@ -1,2 +1,3 @@
-SHA256 (wpa_supplicant-2.5.tar.gz) = cce55bae483b364eae55c35ba567c279be442ed8bab5b80a3c7fb0d057b9b316
-SIZE (wpa_supplicant-2.5.tar.gz) = 2607336
+TIMESTAMP = 1478049569
+SHA256 (wpa_supplicant-2.6.tar.gz) = b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450
+SIZE (wpa_supplicant-2.6.tar.gz) = 2753524
Added: head/security/wpa_supplicant/files/patch-src_crypto_crypto__openssl.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/wpa_supplicant/files/patch-src_crypto_crypto__openssl.c Thu Nov 17 17:43:32 2016 (r426292)
@@ -0,0 +1,20 @@
+--- src/crypto/crypto_openssl.c.orig 2016-11-02 18:04:18 UTC
++++ src/crypto/crypto_openssl.c
+@@ -611,7 +611,7 @@ void crypto_cipher_deinit(struct crypto_
+
+ void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ DH *dh;
+ struct wpabuf *pubkey = NULL, *privkey = NULL;
+ size_t publen, privlen;
+@@ -712,7 +712,7 @@ err:
+
+ void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ DH *dh;
+
+ dh = DH_new();
Modified: head/security/wpa_supplicant/files/patch-src_crypto_tls__openssl.c
==============================================================================
--- head/security/wpa_supplicant/files/patch-src_crypto_tls__openssl.c Thu Nov 17 16:56:26 2016 (r426291)
+++ head/security/wpa_supplicant/files/patch-src_crypto_tls__openssl.c Thu Nov 17 17:43:32 2016 (r426292)
@@ -1,67 +1,29 @@
-Compatibility fixes for LibreSSL
-
---- src/crypto/tls_openssl.c.orig 2015-09-27 19:02:05 UTC
+--- src/crypto/tls_openssl.c.orig 2016-11-02 18:46:25 UTC
+++ src/crypto/tls_openssl.c
-@@ -2229,7 +2229,7 @@ static int tls_parse_pkcs12(struct tls_d
- }
-
- if (certs) {
--#if OPENSSL_VERSION_NUMBER >= 0x10002000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
- SSL_clear_chain_certs(ssl);
- while ((cert = sk_X509_pop(certs)) != NULL) {
- X509_NAME_oneline(X509_get_subject_name(cert), buf,
-@@ -2247,7 +2247,7 @@ static int tls_parse_pkcs12(struct tls_d
- /* Try to continue anyway */
+@@ -919,7 +919,7 @@ void * tls_init(const struct tls_config
}
- sk_X509_free(certs);
--#ifndef OPENSSL_IS_BORINGSSL
-+#if !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER)
- res = SSL_build_cert_chain(ssl,
- SSL_BUILD_CHAIN_FLAG_CHECK |
- SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR);
-@@ -2812,7 +2812,7 @@ int tls_connection_get_random(void *ssl_
- if (conn == NULL || keys == NULL)
- return -1;
- ssl = conn->ssl;
+ #endif /* OPENSSL_FIPS */
+ #endif /* CONFIG_FIPS */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
- return -1;
+ SSL_load_error_strings();
+ SSL_library_init();
+ #ifndef OPENSSL_NO_SHA256
+@@ -1043,7 +1043,7 @@ void tls_deinit(void *ssl_ctx)
-@@ -2841,7 +2841,7 @@ int tls_connection_get_random(void *ssl_
- #ifndef CONFIG_FIPS
- static int openssl_get_keyblock_size(SSL *ssl)
- {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- const EVP_CIPHER *c;
- const EVP_MD *h;
- int md_size;
-@@ -2911,7 +2911,7 @@ static int openssl_tls_prf(struct tls_co
- "mode");
- return -1;
- #else /* CONFIG_FIPS */
+ tls_openssl_ref_count--;
+ if (tls_openssl_ref_count == 0) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- SSL *ssl;
- u8 *rnd;
- int ret = -1;
-@@ -3394,7 +3394,7 @@ int tls_connection_set_cipher_list(void
+ #ifndef OPENSSL_NO_ENGINE
+ ENGINE_cleanup();
+ #endif /* OPENSSL_NO_ENGINE */
+@@ -3976,7 +3976,7 @@ int tls_connection_set_params(void *tls_
+ engine_id = "pkcs11";
- wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
-
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
- if (os_strstr(buf, ":ADH-")) {
- /*
-@@ -3977,7 +3977,7 @@ static int tls_sess_sec_cb(SSL *s, void
- struct tls_connection *conn = arg;
- int ret;
-
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- if (conn == NULL || conn->session_ticket_cb == NULL)
- return 0;
-
+ if (params->flags & TLS_CONN_EAP_FAST) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Use TLSv1_method() for EAP-FAST");
Modified: head/security/wpa_supplicant/files/patch-wpa__supplicant_main.c
==============================================================================
--- head/security/wpa_supplicant/files/patch-wpa__supplicant_main.c Thu Nov 17 16:56:26 2016 (r426291)
+++ head/security/wpa_supplicant/files/patch-wpa__supplicant_main.c Thu Nov 17 17:43:32 2016 (r426292)
@@ -1,6 +1,25 @@
---- wpa_supplicant/main.c.orig 2015-03-15 17:30:39 UTC
+--- wpa_supplicant/main.c.orig 2016-11-05 20:56:30 UTC
+++ wpa_supplicant/main.c
-@@ -173,6 +173,11 @@ int main(int argc, char *argv[])
+@@ -66,7 +66,7 @@ static void usage(void)
+ " -c = Configuration file\n"
+ " -C = ctrl_interface parameter (only used if -c is not)\n"
+ " -d = increase debugging verbosity (-dd even more)\n"
+- " -D = driver name (can be multiple drivers: nl80211,wext)\n"
++ " -D = driver name (can be multiple drivers: bsd,wired)\n"
+ " -e = entropy file\n"
+ #ifdef CONFIG_DEBUG_FILE
+ " -f = log output to debug file instead of stdout\n"
+@@ -105,8 +105,7 @@ static void usage(void)
+ " -W = wait for a control interface monitor before starting\n");
+
+ printf("example:\n"
+- " wpa_supplicant -D%s -iwlan0 -c/etc/wpa_supplicant.conf\n",
+- wpa_drivers[0] ? wpa_drivers[0]->name : "nl80211");
++ " wpa_supplicant -Dbsd -iwlan0 -c/etc/wpa_supplicant.conf\n");
+ #endif /* CONFIG_NO_STDOUT_DEBUG */
+ }
+
+@@ -199,6 +198,11 @@ int main(int argc, char *argv[])
wpa_supplicant_fd_workaround(1);
@@ -11,4 +30,4 @@
+
for (;;) {
c = getopt(argc, argv,
- "b:Bc:C:D:de:f:g:G:hi:I:KLm:No:O:p:P:qsTtuvW");
+ "b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuvW");
More information about the svn-ports-all
mailing list