gentoo resync : 22.01.2019

4 files changed, 507 insertions, 82 deletions

diff --git a/net-wireless/wpa_supplicant/Manifest b/net-wireless/wpa_supplicant/Manifest
index d3ef9de00be4..11661dd546a2 100644
--- a/net-wireless/wpa_supplicant/Manifest
+++ b/net-wireless/wpa_supplicant/Manifest
@@ -10,9 +10,9 @@ AUX rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
 AUX wpa_cli.sh 1284 BLAKE2B 50757aa432bf714923d0ff5e2e8357bf3126c82dcfebbc2c342325ad97e3ca95a15ea138f9a55e5a7b9ac86cb2518c173e7d5186d5feb3e57ac762a71b11ef85 SHA512 250372231eda6f7228fcf76b13fc1b95637d0d9dec96b7bef820bfa1af1496f218909f521daf2ddb2ca81d0ebb3162500f833575b64d8d2b4820c247499e1c56
 AUX wpa_supplicant-2.6-do-not-call-dbus-functions-with-NULL-path.patch 486 BLAKE2B 877e15a45851331a1499cf8bc96fd514d88b6b270f54d52760e46cc7edbcc4b74a48a0271f0c93b546bb659203c56fdfba63b231757c21ca8ee6ade98406ac2e SHA512 dac56bc505a51167042ebe548f0e81a20a5578f753af9bb7ec3335a542d799c6e8739681ef7c8f7747a9bc954f8aa6f1a147250eacba17fd7fff80c4e53638ed
 AUX wpa_supplicant-2.6-libressl-compatibility.patch 3873 BLAKE2B 281029d49bd4267df5913aa87b2e70741def66646f6cfbf5cf163e88522ae5bb933be3ed0df971ff2872a25a36584409feb0d22acf8254f446421201026b1ce8 SHA512 61c4cfeb119a9bc7ab1d4f690c1af5bce2def7836212469011c277ad4d97ab601d2a1efca7dc7bea433d974a8820aed7740e2cf047a0c63734d8a71e3df14e45
-AUX wpa_supplicant-2.6-libressl.patch 3003 BLAKE2B 49781bcb77e84912b8f46ec992da7c6b1b015cc793208e1f8afa6457991bcc1be130810d90671f0e53fa65dcebd4528c6e359f69a2576ee715317b796d31eec2 SHA512 2fb29ec14db2f33f8c011e1c2e98eef4d36b2e9f3b36f6058c390484ae5c64ad5d67aa25f138829503fabfac374bda24172871bdefef2a0566db963a5a362ec8
 AUX wpa_supplicant-2.6-openssl-1.1.patch 1777 BLAKE2B 0c879e05aba224524919a3879cf5995bae9f973c5629079292cb17666151b981748d9e7ab8589da977cc2c04b96c232abba359446ee14b5a69742b865293f746 SHA512 638d1238387382bdd888158f4c97b2af13d16ec12db31e2d409957bf00fa45fbf3a1beb109c56c815b0dc64a861b17cccc4d7cc998110c772dd2d1bfa724efc5
 AUX wpa_supplicant-2.7-fix-undefined-remove-ie.patch 1115 BLAKE2B 207c8265f6819b9d956cd99cd1f1056d6fcdf6f857fc63150a9419ee83263e0173f2e8f00b061a4c48eb516cb1c3c00f5137a9bacb857dbe6d5e6f912d77c574 SHA512 5e790b3ae50f3d29cb38f73cff30f8994798e7bdbecc9f852def910a8150c1724c051bbb52603fa9c6818c950a5fe347bccd21848427f31f54d641ae40621c3f
+AUX wpa_supplicant-2.7-libressl.patch 1701 BLAKE2B e0d37967b15471641cd14ed54c1cf0456a1c1c347c35e693c0f4bf6f15f1689932c51ad8fdc3977c7ce4e5ad4a036c48eb7d3044871801d7582d2d5d170b371d SHA512 ec24051776991b0d3ac052d1c526c3e700708bd1105cf1885b4a4692344754874c636caf73abab36b54a8de8f5920a510125b51489d0ee5af31971ad52469d8c
 AUX wpa_supplicant-conf.d 291 BLAKE2B 348e7d21fe01d2fdd2117adf22444557fa3d401f649489afd1636105cdddc29d58d45659c5368cc177f919ce94a7e2b5a9ed3fe8ddccd1fba3d059d270bae1a8 SHA512 6bbb9d4f6132b3d4e20cd65f27245ccadd60712ef5794261499f882057a930a393297e491d8147e04e30c0a53645af0eb3514332587118c19b5594f23f1d62ad
 AUX wpa_supplicant-init.d 1250 BLAKE2B 159ebbd5a3552cbd8fdd6d48984c3a511e77cf1e140f56fc1d3e6b16454351a270e566dd7fc4717b92251193bdf59a77f57fc3fdd1d53b067f2e5253796c041b SHA512 f7439937a11d7a91eee98ab9e16a4853ce8e27395970007ae60ca9a8b1852fadc4a37ee0bf81d7e4806c545f70b139f26942ed1630db070abe8fe8e5ce752403
 AUX wpa_supplicant.conf 183 BLAKE2B ea25d56f366783548b8d4bc14615d89d1c9cff1e6535992d14fa2f87a095b6c7226fbdf6b2d2ecd5fdcc13fb413fc56d5294f906c840ab3f9386c99ea69139fc SHA512 425a5c955d462ea0d0d3f79c3e1bbf68e15b495df04ad03ed7aee12408b52616af05650dfc147ca5940d69e97360c33995d33733820fef8eb8769b31e58434e8
@@ -20,6 +20,7 @@ DIST wpa_supplicant-2.6.tar.gz 2753524 BLAKE2B 99c61326c402f60b384fa6c9a7381e43d
 DIST wpa_supplicant-2.7.tar.gz 3093713 BLAKE2B bbf961b6e13757e9d7bb8b9de1808382a551265cd2d54de14e24bde3567aa5298b48fdcd0df75db79189a051532c54b28eab5519c32fc8fc00459365b57039aa SHA512 8b6eb5b5f30d351c73db63d73c09f24028a18166246539b4a4f89f0d226fb42751afa2ff72296df33317f615150325d285e8e7bda30e0d88abcdc9637ab731d3
 EBUILD wpa_supplicant-2.6-r10.ebuild 12648 BLAKE2B c67a87d8edae237a17d8799fb79c2aad65da5ba6a8c80d2a8ad925542e8fb0494a5f7732a0b9e4915d64f564507c347559c459e29190e10713474b4d00c27afe SHA512 518d7f5ba4f7cd0587151af95024b8d42d7220677ba2fc73a7b29a7e6a5c47b0947e7c353d74f38fe46f17f5fe91dc6c4bd61688a8a4fe2769e55f7e48131a20
 EBUILD wpa_supplicant-2.6-r6.ebuild 11810 BLAKE2B 2c4dccf5392657392567b56598a9cf98ab968b34da44210a7608e1eda9e2eea3fbadcd6c51bbd6cffab841295cf49aa8f17d2602be537fc107b7d08370282955 SHA512 eb1a814b2cb50a5b0752061b3563c514c69c4bd637b83f9ee0e477310510869d05a1f5cbc9e2f3f894886e4309fc60c10d2f77b30adcba9d590bf9c8adde93eb
+EBUILD wpa_supplicant-2.7-r1.ebuild 11763 BLAKE2B fba2545d7c383f4df338dce069c1011c803efd2d2e70cf43efe26b46df4d72ab60856759febc13af936baae7ff7d159b16a4b304deaf318ee99991469e14802f SHA512 eacaaeb231b4dfc79ecd4e49cfd8fdbcb0e95aca7a497de4daf127581cd70c1935df7fa0e4c62fb2a518b3a20bfd486933cc63dbc829e53960cfbbcf66e59e16
 EBUILD wpa_supplicant-2.7.ebuild 11704 BLAKE2B ee03f052b3e896025970ae8be65aea336c3c0cee3eed18af4e0f6e8d5a91b1fe1a851954b3114fbdbb8a7cca99b193f9a84509e3ec0ff5cfeff6fa03d6b79d4a SHA512 ad8dedda2a83e5ba230a60b3e32471eba5334ebe7bb80f9e048a09c0701f29652ea4184d29a84736b4708db9325481056301fdff868b085e32f952577507e33b
 EBUILD wpa_supplicant-9999.ebuild 11604 BLAKE2B bba465e8a711a22fda12cfea28378e9cef2b0f634f1c268e55bd8da5a9f630f4ca0001709c54f37160a4aa1dcdd6888f6d20c18fcd53c2b843c7399c00f54b15 SHA512 005f63ab95bdd23156ba9a878fdd06dd119b9a4bf8de2a06a12e48c24851975f8a9d20ace85883184a5ca42289cbb60d578ff8ea1b2aabecde39b79ebf99e2da
 MISC metadata.xml 1387 BLAKE2B d18ad59ec0e7852ed299596a6217d705f3344b1e215875fa5eb4afb9aeb91d17edd77ed35e5cb83b6868b529d3c173574f7d1810f2f145c8398860f72b0792fe SHA512 ab26df54e5dc68ef0db3f654df1dbf144b38d78e63d11d428bd04a4b374c6b704b334e3812a4042b4827bdab887bebe6de24a82c05edb7df7d614d4d4b8925fb
diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl.patch
deleted file mode 100644
index 0394ab545b16..000000000000
--- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From d53b107120af86a0c711bac950bfc2fa728cb4e6 Mon Sep 17 00:00:00 2001
-From: Julian Ospald <hasufell@hasufell.de>
-Date: Fri, 7 Oct 2016 17:45:46 +0200
-Subject: [PATCH] Fix LibreSSL compatibility
-Upstream: pending, http://lists.infradead.org/pipermail/hostap/2016-October/036458.html
-
-This basically just follows
-587b0457e0238b7b1800d46f5cdd5e1d2b06732f
-with the same pattern, which was missed here.
-
-Signed-off-by: Julian Ospald <hasufell@hasufell.de>
----
- src/crypto/crypto_openssl.c | 4 ++--
- src/crypto/tls_openssl.c    | 8 ++++----
- 2 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
-index 19e0e2b..b3d1b07 100644
---- a/src/crypto/crypto_openssl.c
-+++ b/src/crypto/crypto_openssl.c
-@@ -611,7 +611,7 @@ void crypto_cipher_deinit(struct crypto_cipher *ctx)
- 
- void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
- {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	DH *dh;
- 	struct wpabuf *pubkey = NULL, *privkey = NULL;
- 	size_t publen, privlen;
-@@ -712,7 +712,7 @@ err:
- 
- void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ)
- {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	DH *dh;
- 
- 	dh = DH_new();
-diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
-index 23ac64b..a7d4880 100644
---- a/src/crypto/tls_openssl.c
-+++ b/src/crypto/tls_openssl.c
-@@ -919,7 +919,7 @@ void * tls_init(const struct tls_config *conf)
- 		}
- #endif /* OPENSSL_FIPS */
- #endif /* CONFIG_FIPS */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 		SSL_load_error_strings();
- 		SSL_library_init();
- #ifndef OPENSSL_NO_SHA256
-@@ -1043,7 +1043,7 @@ void tls_deinit(void *ssl_ctx)
- 
- 	tls_openssl_ref_count--;
- 	if (tls_openssl_ref_count == 0) {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- #ifndef OPENSSL_NO_ENGINE
- 		ENGINE_cleanup();
- #endif /* OPENSSL_NO_ENGINE */
-@@ -2334,7 +2334,7 @@ static int tls_connection_client_cert(struct tls_connection *conn,
- 		return 0;
- 
- #ifdef PKCS12_FUNCS
--#if OPENSSL_VERSION_NUMBER < 0x10002000L
-+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
- 	/*
- 	 * Clear previously set extra chain certificates, if any, from PKCS#12
- 	 * processing in tls_parse_pkcs12() to allow OpenSSL to build a new
-@@ -3976,7 +3976,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
- 		engine_id = "pkcs11";
- 
- #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 	if (params->flags & TLS_CONN_EAP_FAST) {
- 		wpa_printf(MSG_DEBUG,
- 			   "OpenSSL: Use TLSv1_method() for EAP-FAST");
--- 
-2.10.1
-
diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch
new file mode 100644
index 000000000000..45a1cf3701f9
--- /dev/null
+++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch
@@ -0,0 +1,46 @@
+From 2643a056bb7d0737f63f42a11c308b2804d9ebe5 Mon Sep 17 00:00:00 2001
+From: Andrey Utkin <andrey_utkin@gentoo.org>
+Date: Tue, 11 Dec 2018 17:41:10 +0000
+Subject: [PATCH] Fix build with LibreSSL
+
+When using LibreSSL instead of OpenSSL, linkage of hostapd executable
+fails with the following error when using some LibreSSL versions
+
+    ../src/crypto/tls_openssl.o: In function `tls_verify_cb':
+    tls_openssl.c:(.text+0x1273): undefined reference to `ASN1_STRING_get0_data'
+    ../src/crypto/tls_openssl.o: In function `tls_connection_peer_serial_num':
+    tls_openssl.c:(.text+0x3023): undefined reference to `ASN1_STRING_get0_data'
+    collect2: error: ld returned 1 exit status
+    make: *** [Makefile:1278: hostapd] Error 1
+
+ASN1_STRING_get0_data is present in recent OpenSSL, but absent in some
+versions of LibreSSL (confirmed for version 2.6.5), so fallback needs to
+be defined in this case, just like for old OpenSSL.
+
+This patch was inspired by similar patches to other projects, such as
+spice-gtk, pjsip.
+
+Link: https://bugs.gentoo.org/672834
+Signed-off-by: Andrey Utkin <andrey_utkin@gentoo.org>
+---
+ src/crypto/tls_openssl.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index 608818310..cb70e2c47 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -104,7 +104,9 @@ static size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
+ 
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
++	(defined(LIBRESSL_VERSION_NUMBER) && \
++	 LIBRESSL_VERSION_NUMBER < 0x20700000L)
+ #ifdef CONFIG_SUITEB
+ static int RSA_bits(const RSA *r)
+ {
+-- 
+2.20.1
+
diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.7-r1.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.7-r1.ebuild
new file mode 100644
index 000000000000..16e14e933ddc
--- /dev/null
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.7-r1.ebuild
@@ -0,0 +1,459 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils qmake-utils systemd toolchain-funcs readme.gentoo-r1
+
+DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers"
+HOMEPAGE="https://w1.fi/wpa_supplicant/"
+LICENSE="|| ( GPL-2 BSD )"
+
+if [ "${PV}" = "9999" ]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://w1.fi/hostap.git"
+	KEYWORDS=""
+else
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+	SRC_URI="https://w1.fi/releases/${P}.tar.gz"
+fi
+
+SLOT="0"
+IUSE="ap bindist dbus eap-sim eapol_test fasteap gnutls +hs2-0 libressl p2p privsep ps3 qt5 readline selinux smartcard ssl suiteb tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
+REQUIRED_USE="smartcard? ( ssl )"
+
+CDEPEND="dbus? ( sys-apps/dbus )
+	kernel_linux? (
+		dev-libs/libnl:3
+		net-wireless/crda
+		eap-sim? ( sys-apps/pcsc-lite )
+	)
+	!kernel_linux? ( net-libs/libpcap )
+	qt5? (
+		dev-qt/qtcore:5
+		dev-qt/qtgui:5
+		dev-qt/qtsvg:5
+		dev-qt/qtwidgets:5
+	)
+	readline? (
+		sys-libs/ncurses:0=
+		sys-libs/readline:0=
+	)
+	ssl? (
+		gnutls? (
+			dev-libs/libgcrypt:0=
+			net-libs/gnutls:=
+		)
+		!gnutls? (
+			!libressl? ( >=dev-libs/openssl-1.0.2k:0=[bindist=] )
+			libressl? ( dev-libs/libressl:0= )
+		)
+	)
+	!ssl? ( dev-libs/libtommath )
+"
+DEPEND="${CDEPEND}
+	virtual/pkgconfig
+"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-networkmanager )
+"
+
+DOC_CONTENTS="
+	If this is a clean installation of wpa_supplicant, you
+	have to create a configuration file named
+	${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf
+	An example configuration file is available for reference in
+	${EROOT%/}/usr/share/doc/${PF}/
+"
+
+S="${WORKDIR}/${P}/${PN}"
+
+Kconfig_style_config() {
+		#param 1 is CONFIG_* item
+		#param 2 is what to set it = to, defaulting in y
+		CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1"
+		setting="${2:-y}"
+
+		if [ ! $setting = n ]; then
+			#first remove any leading "# " if $2 is not n
+			sed -i "/^# *$CONFIG_PARAM=/s/^# *//" .config || echo "Kconfig_style_config error uncommenting $CONFIG_PARAM"
+			#set item = $setting (defaulting to y)
+			sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config || echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting"
+			if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then
+				echo "$CONFIG_PARAM=$setting" >>.config
+			fi
+		else
+			#ensure item commented out
+			sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config || echo "Kconfig_style_config error commenting $CONFIG_PARAM"
+		fi
+}
+
+pkg_setup() {
+	if use ssl ; then
+		if use gnutls && use libressl ; then
+			elog "You have both 'gnutls' and 'libressl' USE flags enabled: defaulting to USE=\"gnutls\""
+		fi
+	else
+		elog "You have 'ssl' USE flag disabled: defaulting to internal TLS implementation"
+	fi
+}
+
+src_prepare() {
+	default
+
+	# net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD
+	sed -i \
+		-e "s:\(#include <pcap\.h>\):#include <net/bpf.h>\n\1:" \
+		../src/l2_packet/l2_packet_freebsd.c || die
+
+	# People seem to take the example configuration file too literally (bug #102361)
+	sed -i \
+		-e "s:^\(opensc_engine_path\):#\1:" \
+		-e "s:^\(pkcs11_engine_path\):#\1:" \
+		-e "s:^\(pkcs11_module_path\):#\1:" \
+		wpa_supplicant.conf || die
+
+	# Change configuration to match Gentoo locations (bug #143750)
+	sed -i \
+		-e "s:/usr/lib/opensc:/usr/$(get_libdir):" \
+		-e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \
+		wpa_supplicant.conf || die
+
+	# systemd entries to D-Bus service files (bug #372877)
+	echo 'SystemdService=wpa_supplicant.service' \
+		| tee -a dbus/*.service >/dev/null || die
+
+	cd "${WORKDIR}/${P}" || die
+
+	if use wimax; then
+		# generate-libeap-peer.patch comes before
+		# fix-undefined-reference-to-random_get_bytes.patch
+		eapply "${FILESDIR}/${P}-generate-libeap-peer.patch"
+
+		# multilib-strict fix (bug #373685)
+		sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile || die
+	fi
+
+	# bug (320097)
+	eapply "${FILESDIR}/${PN}-2.6-do-not-call-dbus-functions-with-NULL-path.patch"
+
+	# fix undefined reference to remove_ie()
+	eapply "${FILESDIR}/${P}-fix-undefined-remove-ie.patch"
+
+	# bug (672632)
+	eapply "${FILESDIR}/${P}-libressl.patch"
+
+	# bug (640492)
+	sed -i 's#-Werror ##' wpa_supplicant/Makefile || die
+}
+
+src_configure() {
+	# Toolchain setup
+	tc-export CC
+
+	cp defconfig .config || die
+
+	# Basic setup
+	Kconfig_style_config CTRL_IFACE
+	Kconfig_style_config MATCH_IFACE
+	Kconfig_style_config BACKEND file
+	Kconfig_style_config IBSS_RSN
+	Kconfig_style_config IEEE80211W
+	Kconfig_style_config IEEE80211R
+
+	# Basic authentication methods
+	# NOTE: we don't set GPSK or SAKE as they conflict
+	# with the below options
+	Kconfig_style_config EAP_GTC
+	Kconfig_style_config EAP_MD5
+	Kconfig_style_config EAP_OTP
+	Kconfig_style_config EAP_PAX
+	Kconfig_style_config EAP_PSK
+	Kconfig_style_config EAP_TLV
+	Kconfig_style_config EAP_EXE
+	Kconfig_style_config IEEE8021X_EAPOL
+	Kconfig_style_config PKCS12
+	Kconfig_style_config PEERKEY
+	Kconfig_style_config EAP_LEAP
+	Kconfig_style_config EAP_MSCHAPV2
+	Kconfig_style_config EAP_PEAP
+	Kconfig_style_config EAP_TLS
+	Kconfig_style_config EAP_TTLS
+
+	# Enabling background scanning.
+	Kconfig_style_config BGSCAN_SIMPLE
+	Kconfig_style_config BGSCAN_LEARN
+
+	if use dbus ; then
+		Kconfig_style_config CTRL_IFACE_DBUS
+		Kconfig_style_config CTRL_IFACE_DBUS_NEW
+		Kconfig_style_config CTRL_IFACE_DBUS_INTRO
+	fi
+
+	if use eapol_test ; then
+		Kconfig_style_config EAPOL_TEST
+	fi
+
+	# Enable support for writing debug info to a log file and syslog.
+	Kconfig_style_config DEBUG_FILE
+	Kconfig_style_config DEBUG_SYSLOG
+
+	if use hs2-0 ; then
+		Kconfig_style_config INTERWORKING
+		Kconfig_style_config HS20
+	fi
+
+	if use uncommon-eap-types; then
+		Kconfig_style_config EAP_GPSK
+		Kconfig_style_config EAP_SAKE
+		Kconfig_style_config EAP_GPSK_SHA256
+		Kconfig_style_config EAP_IKEV2
+		Kconfig_style_config EAP_EKE
+	fi
+
+	if use eap-sim ; then
+		# Smart card authentication
+		Kconfig_style_config EAP_SIM
+		Kconfig_style_config EAP_AKA
+		Kconfig_style_config EAP_AKA_PRIME
+		Kconfig_style_config PCSC
+	fi
+
+	if use fasteap ; then
+		Kconfig_style_config EAP_FAST
+	fi
+
+	if use readline ; then
+		# readline/history support for wpa_cli
+		Kconfig_style_config READLINE
+	else
+		#internal line edit mode for wpa_cli
+		Kconfig_style_config WPA_CLI_EDIT
+	fi
+
+	if use suiteb; then
+		Kconfig_style_config SUITEB
+	fi
+
+	# SSL authentication methods
+	if use ssl ; then
+		if use gnutls ; then
+			Kconfig_style_config TLS gnutls
+			Kconfig_style_config GNUTLS_EXTRA
+		else
+			#this fails for gnutls
+			Kconfig_style_config SUITEB192
+			Kconfig_style_config TLS openssl
+			if ! use bindist; then
+			  #this fails for gnutls
+			  Kconfig_style_config EAP_PWD
+			  # SAE fails on gnutls and everything below here needs SAE
+			  # Enabling mesh networks.
+			  Kconfig_style_config MESH
+			  #WPA3
+			  Kconfig_style_config OWE
+			  Kconfig_style_config SAE
+			  #we also need to disable FILS, except that isn't enabled yet
+			fi
+
+		fi
+	else
+		Kconfig_style_config TLS internal
+	fi
+
+	if use smartcard ; then
+		Kconfig_style_config SMARTCARD
+	fi
+
+	if use tdls ; then
+		Kconfig_style_config TDLS
+	fi
+
+	if use kernel_linux ; then
+		# Linux specific drivers
+		Kconfig_style_config DRIVER_ATMEL
+		Kconfig_style_config DRIVER_HOSTAP
+		Kconfig_style_config DRIVER_IPW
+		Kconfig_style_config DRIVER_NL80211
+		Kconfig_style_config DRIVER_RALINK
+		Kconfig_style_config DRIVER_WEXT
+		Kconfig_style_config DRIVER_WIRED
+
+		if use ps3 ; then
+			Kconfig_style_config DRIVER_PS3
+		fi
+
+	elif use kernel_FreeBSD ; then
+		# FreeBSD specific driver
+		Kconfig_style_config DRIVER_BSD
+	fi
+
+	# Wi-Fi Protected Setup (WPS)
+	if use wps ; then
+		Kconfig_style_config WPS
+		Kconfig_style_config WPS2
+		# USB Flash Drive
+		Kconfig_style_config WPS_UFD
+		# External Registrar
+		Kconfig_style_config WPS_ER
+		# Universal Plug'n'Play
+		Kconfig_style_config WPS_UPNP
+		# Near Field Communication
+		Kconfig_style_config WPS_NFC
+	fi
+
+	# Wi-Fi Direct (WiDi)
+	if use p2p ; then
+		Kconfig_style_config P2P
+		Kconfig_style_config WIFI_DISPLAY
+	fi
+
+	# Access Point Mode
+	if use ap ; then
+		Kconfig_style_config AP
+	fi
+
+	# Enable essentials for AP/P2P
+	if use ap || use p2p ; then
+		# Enabling HT support (802.11n)
+		Kconfig_style_config IEEE80211N
+
+		# Enabling VHT support (802.11ac)
+		Kconfig_style_config IEEE80211AC
+	fi
+
+	# Enable mitigation against certain attacks against TKIP
+	Kconfig_style_config DELAYED_MIC_ERROR_REPORT
+
+	if use privsep ; then
+		Kconfig_style_config PRIVSEP
+	fi
+
+	# If we are using libnl 2.0 and above, enable support for it
+	# Bug 382159
+	# Removed for now, since the 3.2 version is broken, and we don't
+	# support it.
+	if has_version ">=dev-libs/libnl-3.2"; then
+		Kconfig_style_config LIBNL32
+	fi
+
+	if use qt5 ; then
+		pushd "${S}"/wpa_gui-qt4 > /dev/null || die
+		eqmake5 wpa_gui.pro
+		popd > /dev/null || die
+	fi
+}
+
+src_compile() {
+	einfo "Building wpa_supplicant"
+	emake V=1 BINDIR=/usr/sbin
+
+	if use wimax; then
+		emake -C ../src/eap_peer clean
+		emake -C ../src/eap_peer
+	fi
+
+	if use qt5; then
+		einfo "Building wpa_gui"
+		emake -C "${S}"/wpa_gui-qt4
+	fi
+
+	if use eapol_test ; then
+		emake eapol_test
+	fi
+}
+
+src_install() {
+	dosbin wpa_supplicant
+	use privsep && dosbin wpa_priv
+	dobin wpa_cli wpa_passphrase
+
+	# baselayout-1 compat
+	if has_version "<sys-apps/baselayout-2.0.0"; then
+		dodir /sbin
+		dosym ../usr/sbin/wpa_supplicant /sbin/wpa_supplicant
+		dodir /bin
+		dosym ../usr/bin/wpa_cli /bin/wpa_cli
+	fi
+
+	if has_version ">=sys-apps/openrc-0.5.0"; then
+		newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant
+		newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant
+	fi
+
+	exeinto /etc/wpa_supplicant/
+	newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh
+
+	readme.gentoo_create_doc
+	dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \
+		wpa_supplicant.conf
+
+	newdoc .config build-config
+
+	if [ "${PV}" != "9999" ]; then
+		doman doc/docbook/*.{5,8}
+	fi
+
+	if use qt5 ; then
+		into /usr
+		dobin wpa_gui-qt4/wpa_gui
+		doicon wpa_gui-qt4/icons/wpa_gui.svg
+		make_desktop_entry wpa_gui "WPA Supplicant Administration GUI" "wpa_gui" "Qt;Network;"
+	else
+		rm "${ED}"/usr/share/man/man8/wpa_gui.8
+	fi
+
+	use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install
+
+	if use dbus ; then
+		pushd "${S}"/dbus > /dev/null || die
+		insinto /etc/dbus-1/system.d
+		newins dbus-wpa_supplicant.conf wpa_supplicant.conf
+		insinto /usr/share/dbus-1/system-services
+		doins fi.epitest.hostap.WPASupplicant.service fi.w1.wpa_supplicant1.service
+		popd > /dev/null || die
+
+		# This unit relies on dbus support, bug 538600.
+		systemd_dounit systemd/wpa_supplicant.service
+	fi
+
+	if use eapol_test ; then
+		dobin eapol_test
+	fi
+
+	systemd_dounit "systemd/wpa_supplicant@.service"
+	systemd_dounit "systemd/wpa_supplicant-nl80211@.service"
+	systemd_dounit "systemd/wpa_supplicant-wired@.service"
+}
+
+pkg_postinst() {
+	readme.gentoo_print_elog
+
+	if [[ -e "${EROOT%/}"/etc/wpa_supplicant.conf ]] ; then
+		echo
+		ewarn "WARNING: your old configuration file ${EROOT%/}/etc/wpa_supplicant.conf"
+		ewarn "needs to be moved to ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf"
+	fi
+
+	if use bindist || use gnutls; then
+		if ! use libressl; then
+			ewarn "Using bindist or gnutls use flags presently breaks WPA3 (specifically SAE and OWE)."
+			ewarn "This is incredibly undesirable"
+		fi
+	fi
+
+	# Mea culpa, feel free to remove that after some time --mgorny.
+	local fn
+	for fn in wpa_supplicant{,@wlan0}.service; do
+		if [[ -e "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} ]]
+		then
+			ebegin "Moving ${fn} to multi-user.target"
+			mv "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} \
+				"${EROOT%/}"/etc/systemd/system/multi-user.target.wants/ || die
+			eend ${?} \
+				"Please try to re-enable ${fn}"
+		fi
+	done
+
+	systemd_reenable wpa_supplicant.service
+}