From 7bc9c63c9da678a7e6fceb095d56c634afd22c56 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 15 Dec 2019 18:09:03 +0000 Subject: gentoo resync : 15.12.2019 --- net-wireless/wpa_supplicant/Manifest | 17 +- ...-unauthenticated-encrypted-EAPOL-Key-data.patch | 44 -- ...wpa_supplicant-2.6-libressl-compatibility.patch | 106 ----- .../files/wpa_supplicant-2.6-openssl-1.1.patch | 48 --- ...pa_supplicant-2.7-fix-undefined-remove-ie.patch | 38 -- .../files/wpa_supplicant-2.7-libressl.patch | 46 -- net-wireless/wpa_supplicant/metadata.xml | 1 - .../wpa_supplicant/wpa_supplicant-2.6-r10.ebuild | 463 --------------------- .../wpa_supplicant/wpa_supplicant-2.7-r1.ebuild | 458 -------------------- .../wpa_supplicant/wpa_supplicant-2.7-r3.ebuild | 442 -------------------- .../wpa_supplicant/wpa_supplicant-2.8-r1.ebuild | 449 -------------------- .../wpa_supplicant/wpa_supplicant-2.9-r1.ebuild | 2 +- .../wpa_supplicant/wpa_supplicant-2.9.ebuild | 458 -------------------- 13 files changed, 3 insertions(+), 2569 deletions(-) delete mode 100644 net-wireless/wpa_supplicant/files/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch delete mode 100644 net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl-compatibility.patch delete mode 100644 net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch delete mode 100644 net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-fix-undefined-remove-ie.patch delete mode 100644 net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch delete mode 100644 net-wireless/wpa_supplicant/wpa_supplicant-2.6-r10.ebuild delete mode 100644 net-wireless/wpa_supplicant/wpa_supplicant-2.7-r1.ebuild delete mode 100644 net-wireless/wpa_supplicant/wpa_supplicant-2.7-r3.ebuild delete mode 100644 net-wireless/wpa_supplicant/wpa_supplicant-2.8-r1.ebuild delete mode 100644 net-wireless/wpa_supplicant/wpa_supplicant-2.9.ebuild (limited to 'net-wireless/wpa_supplicant') diff --git a/net-wireless/wpa_supplicant/Manifest b/net-wireless/wpa_supplicant/Manifest index b01213f5508c..68a43faef9c5 100644 --- a/net-wireless/wpa_supplicant/Manifest +++ b/net-wireless/wpa_supplicant/Manifest @@ -6,26 +6,13 @@ AUX 2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch 194 AUX 2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch 4309 BLAKE2B 6164e0343d7e4bedcaf2be9c3800eeb146a564fffeb339d032706797c04f268ade0674e67c962653c2a124af5a8ff8d28004bbeba0f3e73b166dbed03cd9a355 SHA512 37d050b2e4a3598484912667d8b2705fbe84c5c562267f900d42b0c7b606fb1fed09ddca8b80e2131768baa8f3690aab6ba7a232dee6ff1e66150fdb8816c927 AUX 2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch 1649 BLAKE2B a8a486e782b7095c3eeb13706d815cd2f72ddf94c50e5bc8c3a9f36fc68580b1a10150ce405a161f2af2f2e5f2e5ba63d6c54807fcd9c71337956d69cd57b90e SHA512 111e655cfbb3a86e3792040e0ea375490d31c42c9d43cbe911290d54df5f4db437e4c8ad0e937c51729dcefeb0db0989b8ab55b9523398683abd08ebfec18076 AUX 2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch 2750 BLAKE2B 059da1df148c8db68c9fa6aa656e46da301ebe7de3e41ecd4675ca579ebf6f1a66395e852cd8b562743ba83a345d4860618ea11bd01304a3386867115867fb9f SHA512 fc84edd8b30305cc42053c872554098f3f077292ec980ed6a442f37884087ff2f055738fd55977ed792bef1887dcc8c4626586465d78dd0258edb83dcd50a65a -AUX rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch 1999 BLAKE2B d261d3184fcb57f804aeaad487dcbd81f1b74b1145f90285cc226839675b00bc6bf21ac8ec3a891427d3ce01a398d2fe118184ae36effa62df199e8398c1cb24 SHA512 c275cb1a41901d3e5389ca301809baa16a73b40afdcd3a24b63b294e1b9e5eaead148b30742273deecbdd03c6b387a6b3da74de2ae6c49a499b5dd326ff4da9f AUX wpa_cli.sh 1284 BLAKE2B 50757aa432bf714923d0ff5e2e8357bf3126c82dcfebbc2c342325ad97e3ca95a15ea138f9a55e5a7b9ac86cb2518c173e7d5186d5feb3e57ac762a71b11ef85 SHA512 250372231eda6f7228fcf76b13fc1b95637d0d9dec96b7bef820bfa1af1496f218909f521daf2ddb2ca81d0ebb3162500f833575b64d8d2b4820c247499e1c56 AUX wpa_supplicant-2.6-do-not-call-dbus-functions-with-NULL-path.patch 486 BLAKE2B 877e15a45851331a1499cf8bc96fd514d88b6b270f54d52760e46cc7edbcc4b74a48a0271f0c93b546bb659203c56fdfba63b231757c21ca8ee6ade98406ac2e SHA512 dac56bc505a51167042ebe548f0e81a20a5578f753af9bb7ec3335a542d799c6e8739681ef7c8f7747a9bc954f8aa6f1a147250eacba17fd7fff80c4e53638ed -AUX wpa_supplicant-2.6-libressl-compatibility.patch 3873 BLAKE2B 281029d49bd4267df5913aa87b2e70741def66646f6cfbf5cf163e88522ae5bb933be3ed0df971ff2872a25a36584409feb0d22acf8254f446421201026b1ce8 SHA512 61c4cfeb119a9bc7ab1d4f690c1af5bce2def7836212469011c277ad4d97ab601d2a1efca7dc7bea433d974a8820aed7740e2cf047a0c63734d8a71e3df14e45 -AUX wpa_supplicant-2.6-openssl-1.1.patch 1777 BLAKE2B 0c879e05aba224524919a3879cf5995bae9f973c5629079292cb17666151b981748d9e7ab8589da977cc2c04b96c232abba359446ee14b5a69742b865293f746 SHA512 638d1238387382bdd888158f4c97b2af13d16ec12db31e2d409957bf00fa45fbf3a1beb109c56c815b0dc64a861b17cccc4d7cc998110c772dd2d1bfa724efc5 -AUX wpa_supplicant-2.7-fix-undefined-remove-ie.patch 1115 BLAKE2B 207c8265f6819b9d956cd99cd1f1056d6fcdf6f857fc63150a9419ee83263e0173f2e8f00b061a4c48eb516cb1c3c00f5137a9bacb857dbe6d5e6f912d77c574 SHA512 5e790b3ae50f3d29cb38f73cff30f8994798e7bdbecc9f852def910a8150c1724c051bbb52603fa9c6818c950a5fe347bccd21848427f31f54d641ae40621c3f -AUX wpa_supplicant-2.7-libressl.patch 1701 BLAKE2B e0d37967b15471641cd14ed54c1cf0456a1c1c347c35e693c0f4bf6f15f1689932c51ad8fdc3977c7ce4e5ad4a036c48eb7d3044871801d7582d2d5d170b371d SHA512 ec24051776991b0d3ac052d1c526c3e700708bd1105cf1885b4a4692344754874c636caf73abab36b54a8de8f5920a510125b51489d0ee5af31971ad52469d8c AUX wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch 2775 BLAKE2B fa9fb5db77955095e083a98a067072fccde02bf55f27af226c8aec515b047f28ab37d9f7c9a1bcc18e584ad3e582bc4dd59beabfcf15b5305394b05e687980a6 SHA512 63710cfb0992f2c346a9807d8c97cbeaed032fa376a0e93a2e56f7742ce515e9c4dfadbdb1af03ba272281f639aab832f0178f67634c222a5d99e1d462aa9e38 AUX wpa_supplicant-conf.d 291 BLAKE2B 348e7d21fe01d2fdd2117adf22444557fa3d401f649489afd1636105cdddc29d58d45659c5368cc177f919ce94a7e2b5a9ed3fe8ddccd1fba3d059d270bae1a8 SHA512 6bbb9d4f6132b3d4e20cd65f27245ccadd60712ef5794261499f882057a930a393297e491d8147e04e30c0a53645af0eb3514332587118c19b5594f23f1d62ad AUX wpa_supplicant-init.d 1250 BLAKE2B 159ebbd5a3552cbd8fdd6d48984c3a511e77cf1e140f56fc1d3e6b16454351a270e566dd7fc4717b92251193bdf59a77f57fc3fdd1d53b067f2e5253796c041b SHA512 f7439937a11d7a91eee98ab9e16a4853ce8e27395970007ae60ca9a8b1852fadc4a37ee0bf81d7e4806c545f70b139f26942ed1630db070abe8fe8e5ce752403 AUX wpa_supplicant.conf 183 BLAKE2B ea25d56f366783548b8d4bc14615d89d1c9cff1e6535992d14fa2f87a095b6c7226fbdf6b2d2ecd5fdcc13fb413fc56d5294f906c840ab3f9386c99ea69139fc SHA512 425a5c955d462ea0d0d3f79c3e1bbf68e15b495df04ad03ed7aee12408b52616af05650dfc147ca5940d69e97360c33995d33733820fef8eb8769b31e58434e8 -DIST wpa_supplicant-2.6.tar.gz 2753524 BLAKE2B 99c61326c402f60b384fa6c9a7381e43d4d021d7e44537a6e05552909270f30997da91b690d8a30aa690f0d1ce0aed7798bd8bb8972fcf6830c282ccc91193ac SHA512 46442cddb6ca043b8b08d143908f149954c238e0f3a57a0df73ca4fab9c1acd91b078f3f26375a1d99cd1d65625986328018c735d8705882c8f91e389cad28a6 -DIST wpa_supplicant-2.7.tar.gz 3093713 BLAKE2B bbf961b6e13757e9d7bb8b9de1808382a551265cd2d54de14e24bde3567aa5298b48fdcd0df75db79189a051532c54b28eab5519c32fc8fc00459365b57039aa SHA512 8b6eb5b5f30d351c73db63d73c09f24028a18166246539b4a4f89f0d226fb42751afa2ff72296df33317f615150325d285e8e7bda30e0d88abcdc9637ab731d3 -DIST wpa_supplicant-2.8.tar.gz 3155904 BLAKE2B 260b4830949a3e051ef4f33f279b3b225ab9fd95100e4b270d29af457cf07601421fac636d9f1d8927271d7c76aecb0b7c93ddab35203e31a0fd84c3e327d951 SHA512 b37d254d32a4b7a1f95fcb18ec1be0ffb9d025e0b21c42c53acc4cd839be355df1b125b32cc073f9fe09b746807321e23dbe25dc2fc8a7cafa1e71add69f245b DIST wpa_supplicant-2.9.tar.gz 3231785 BLAKE2B f1e2a5cb37b02d5c74116b5bc7f67c47d85f916c972cbd6b881d63a317161294a37c8517aabe6c74f9617c762aaa76d869f318af311473160e87bac8ac2a1807 SHA512 37a33f22cab9d27084fbef29856eaea0f692ff339c5b38bd32402dccf293cb849afd4a870cd3b5ca78179f0102f4011ce2f3444a53dc41dc75a5863b0a2226c8 -EBUILD wpa_supplicant-2.6-r10.ebuild 12637 BLAKE2B 6461f5db9a4174524d9939937a73a31cecf63e6f55ce4499ab27ffc099ae08309acedc4d2a62d9ad132e6d1842ad406bfb79c3adfae136dcba87f7377e7b18b2 SHA512 06a8bc35e5cd40bf43fd42c28a34149fff47a523c71c573101047907952bb31c128d7d4e606a6b33d7b1c8532d228fec0fcaad3d6ba0dc463623da25a73f0247 -EBUILD wpa_supplicant-2.7-r1.ebuild 11740 BLAKE2B b0619e04c599161f54220e6aec3cb750095047b4b463c01dd0aac1e25b52afc7460dad373abb0cdc51ba45fc528f4773e8c7f9ea4e89d0d5bb677574808773d4 SHA512 334289db49c59f172e838a3c33a7a16903265c5d45762473f9ab3c329d73f77937c4bd545caba471a13c4831ba1e3bbbf3cedb58a32dbb0d2e842b0b165969a6 -EBUILD wpa_supplicant-2.7-r3.ebuild 11542 BLAKE2B bbbc734c6bea7237863739eec4e63585dcb09995fa66cc7a992dd842c85d192f9afa3364a45277bc70d3438980f7f37582dedb351ce3a24e24813b9f566a0f82 SHA512 e40aae436d4357566d6f098ff2dc5416264ee205456292e93ffc2618594b922fbfdb2922760af177efde170d59614d4441b9f61bfc9351e7ad691bd0c0bcaede -EBUILD wpa_supplicant-2.8-r1.ebuild 11661 BLAKE2B 9df7321b8318959fd5741aa2b83d1305c4d4554a2b3a4d1ee35f745fd4128a67d529b5dd532c18a2dfcfd73210e656e925ef5116238856463187ce7a6837a288 SHA512 7cd5edaf38491aa44ef6f9c2384e07cb5ecf211c002f8c4b3843c418048437e1b784070714a735316e57af1b0cc01f6f4ef9d87db79829746b76e563ec9c6381 -EBUILD wpa_supplicant-2.9-r1.ebuild 11998 BLAKE2B 864425a18dc5797ddcf8be9352a8d815026de0a7930fbe2fc7ea0d9b539a0581600b03dd610bacfbf7310e7eefd0bc18049b9073ff61d76a729d7ab0cdf9d888 SHA512 9219ad070a0030faf2400e15a4e05b4b296fdcb1d9d227dd1953b73b43bba5321cd06e9ec9971f7884e16e9b546d454181e68c87bb4ff8c71f1659ca9d217b37 -EBUILD wpa_supplicant-2.9.ebuild 11873 BLAKE2B 30bc6201b56069f7324573cbc744b75bfaf4bbfdff5ecf1e8449968e9d1cea447b59277a0c6596612ded24c35cb09fd245bb42629893136793ded68b752fc93f SHA512 78e9289f0dca5d54fa33fa8fa6ad15f15d97f6add91798e7b36f8bdaade97eb8e7f47c206992b4719d3c94befa98ff0255438cc03314ccc7fc19fa64985918b7 +EBUILD wpa_supplicant-2.9-r1.ebuild 11996 BLAKE2B 6f660ea568378c62b7873830e17784d3f7d72eee9eee518a5386d2fc364ebf3206f28230a1f1f56cf7ea6dd9eca624a260b764764d70d18f0af1c83b70800bd7 SHA512 bd99242b4f84703f254e029608f1ee3510c662892d9ac1818c739e202de43edaf4f617affcf01b4b137d1e6fae6dd756b5730cbf35fb7e69850385275aa3c7fd EBUILD wpa_supplicant-9999.ebuild 11351 BLAKE2B 0e4eb379cb2db7c74e298fe220e2fc2d0e6c7aa1479046bb19fb736fa56f1583dcb4e8f80a74fae9544c29024ff8bee08f0cf657ae67bccb8561a402f558810c SHA512 f9436603860527df244ccf4f00b105ed0a4e1879392f515fda120200893b7c6d4d04ad8511287cd096a54c72168b4c14b1393f45ab6e656dfe5a34fa6b917fba -MISC metadata.xml 1523 BLAKE2B 50ad101e8ccf8a08b6c778c5108c518b81f2d28770f7cf4b770aa92a7a16da5806354bfe4ac1342fdb7a1f1fdf943272507f9c7308c5f421e2ee7d7d20c70266 SHA512 3ea8bfd877e93ebe91a75f989fe09e11546d76ffbea1ddf559de0829d6728cd4bdac64321971011eccd673e8dfdd446bf4a67e4619f07c3f8330816d5a815ee2 +MISC metadata.xml 1457 BLAKE2B fdfb0a4eb716e8021a5d473e94a886d5f59c437b66610d986c309bd9b0e9d01b8996f5f5f48079a18e524db369a7a85983216bcf691be592987dda9b9b016fd6 SHA512 e7e64d2d464b3a315ff66257f7f919dda6ad27d9d12941ce269b717c5f31757b0ef32e9f991b8fa1458d45411c0fb13e1c1dbaf3a7e8306be446843c4ffb7c8c diff --git a/net-wireless/wpa_supplicant/files/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch b/net-wireless/wpa_supplicant/files/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch deleted file mode 100644 index a62b52c6b9a8..000000000000 --- a/net-wireless/wpa_supplicant/files/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 3e34cfdff6b192fe337c6fb3f487f73e96582961 Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef -Date: Sun, 15 Jul 2018 01:25:53 +0200 -Subject: [PATCH] WPA: Ignore unauthenticated encrypted EAPOL-Key data - -Ignore unauthenticated encrypted EAPOL-Key data in supplicant -processing. When using WPA2, these are frames that have the Encrypted -flag set, but not the MIC flag. - -When using WPA2, EAPOL-Key frames that had the Encrypted flag set but -not the MIC flag, had their data field decrypted without first verifying -the MIC. In case the data field was encrypted using RC4 (i.e., when -negotiating TKIP as the pairwise cipher), this meant that -unauthenticated but decrypted data would then be processed. An adversary -could abuse this as a decryption oracle to recover sensitive information -in the data field of EAPOL-Key messages (e.g., the group key). -(CVE-2018-14526) - -Signed-off-by: Mathy Vanhoef ---- - src/rsn_supp/wpa.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff -upr wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c wpa_supplicant-2.6/src/rsn_supp/wpa.c ---- wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c 2016-10-02 21:51:11.000000000 +0300 -+++ wpa_supplicant-2.6/src/rsn_supp/wpa.c 2018-08-08 16:55:11.506831029 +0300 -@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, c - - if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) && - (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { -+ /* -+ * Only decrypt the Key Data field if the frame's authenticity -+ * was verified. When using AES-SIV (FILS), the MIC flag is not -+ * set, so this check should only be performed if mic_len != 0 -+ * which is the case in this code branch. -+ */ -+ if (!(key_info & WPA_KEY_INFO_MIC)) { -+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -+ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data"); -+ goto out; -+ } - if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data, - &key_data_len)) - goto out; diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl-compatibility.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl-compatibility.patch deleted file mode 100644 index 025da58028da..000000000000 --- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl-compatibility.patch +++ /dev/null @@ -1,106 +0,0 @@ -diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c -index 19e0e2be8..6585c0245 100644 ---- a/src/crypto/crypto_openssl.c -+++ b/src/crypto/crypto_openssl.c -@@ -33,7 +33,9 @@ - #include "aes_wrap.h" - #include "crypto.h" - --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - /* Compatibility wrappers for older versions. */ - - static HMAC_CTX * HMAC_CTX_new(void) -@@ -79,7 +81,9 @@ static void EVP_MD_CTX_free(EVP_MD_CTX *ctx) - - static BIGNUM * get_group5_prime(void) - { --#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \ -+ !(defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - return BN_get_rfc3526_prime_1536(NULL); - #elif !defined(OPENSSL_IS_BORINGSSL) - return get_rfc3526_prime_1536(NULL); -@@ -611,7 +615,9 @@ void crypto_cipher_deinit(struct crypto_cipher *ctx) - - void * dh5_init(struct wpabuf **priv, struct wpabuf **publ) - { --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - DH *dh; - struct wpabuf *pubkey = NULL, *privkey = NULL; - size_t publen, privlen; -@@ -712,7 +718,9 @@ err: - - void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ) - { --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - DH *dh; - - dh = DH_new(); -diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c -index 23ac64b48..91acc579d 100644 ---- a/src/crypto/tls_openssl.c -+++ b/src/crypto/tls_openssl.c -@@ -59,7 +59,8 @@ typedef int stack_index_t; - #endif /* SSL_set_tlsext_status_type */ - - #if (OPENSSL_VERSION_NUMBER < 0x10100000L || \ -- defined(LIBRESSL_VERSION_NUMBER)) && \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L)) && \ - !defined(BORINGSSL_API_VERSION) - /* - * SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL -@@ -919,7 +920,9 @@ void * tls_init(const struct tls_config *conf) - } - #endif /* OPENSSL_FIPS */ - #endif /* CONFIG_FIPS */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - SSL_load_error_strings(); - SSL_library_init(); - #ifndef OPENSSL_NO_SHA256 -@@ -1043,7 +1046,9 @@ void tls_deinit(void *ssl_ctx) - - tls_openssl_ref_count--; - if (tls_openssl_ref_count == 0) { --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - #ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); - #endif /* OPENSSL_NO_ENGINE */ -@@ -3105,7 +3110,9 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn, - #ifdef OPENSSL_NEED_EAP_FAST_PRF - static int openssl_get_keyblock_size(SSL *ssl) - { --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - const EVP_CIPHER *c; - const EVP_MD *h; - int md_size; -@@ -4159,7 +4166,9 @@ static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len, - struct tls_connection *conn = arg; - int ret; - --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - if (conn == NULL || conn->session_ticket_cb == NULL) - return 0; - diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch deleted file mode 100644 index 1e2335f34c06..000000000000 --- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch +++ /dev/null @@ -1,48 +0,0 @@ -From f665c93e1d28fbab3d9127a8c3985cc32940824f Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani -Date: Sun, 9 Jul 2017 11:14:10 +0200 -Subject: OpenSSL: Fix private key password handling with OpenSSL >= 1.1.0f - -Since OpenSSL version 1.1.0f, SSL_use_PrivateKey_file() uses the -callback from the SSL object instead of the one from the CTX, so let's -set the callback on both SSL and CTX. Note that -SSL_set_default_passwd_cb*() is available only in 1.1.0. - -Signed-off-by: Beniamino Galvani ---- - src/crypto/tls_openssl.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c -index fd94eaf..c790b53 100644 ---- a/src/crypto/tls_openssl.c -+++ b/src/crypto/tls_openssl.c -@@ -2796,6 +2796,15 @@ static int tls_connection_private_key(struct tls_data *data, - } else - passwd = NULL; - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -+ /* -+ * In OpenSSL >= 1.1.0f SSL_use_PrivateKey_file() uses the callback -+ * from the SSL object. See OpenSSL commit d61461a75253. -+ */ -+ SSL_set_default_passwd_cb(conn->ssl, tls_passwd_cb); -+ SSL_set_default_passwd_cb_userdata(conn->ssl, passwd); -+#endif /* >= 1.1.0f && !LibreSSL */ -+ /* Keep these for OpenSSL < 1.1.0f */ - SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); - SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); - -@@ -2886,6 +2895,9 @@ static int tls_connection_private_key(struct tls_data *data, - return -1; - } - ERR_clear_error(); -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -+ SSL_set_default_passwd_cb(conn->ssl, NULL); -+#endif /* >= 1.1.0f && !LibreSSL */ - SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); - os_free(passwd); - --- -cgit v0.12 - diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-fix-undefined-remove-ie.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-fix-undefined-remove-ie.patch deleted file mode 100644 index 97a8cc7f3e12..000000000000 --- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-fix-undefined-remove-ie.patch +++ /dev/null @@ -1,38 +0,0 @@ -From f2973fa39d6109f0f34969e91551a98dc340d537 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Mon, 3 Dec 2018 12:00:26 +0200 -Subject: FT: Fix CONFIG_IEEE80211X=y build without CONFIG_FILS=y - -remove_ie() was defined within an ifdef CONFIG_FILS block while it is -now needed even without CONFIG_FILS=y. Remove the CONFIG_FILS condition -there. - -Fixes 8c41734e5de1 ("FT: Fix Reassociation Request IEs during FT protocol") -Signed-off-by: Jouni Malinen ---- - wpa_supplicant/sme.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c -index 39c8069..f77f751 100644 ---- a/wpa_supplicant/sme.c -+++ b/wpa_supplicant/sme.c -@@ -1386,7 +1386,6 @@ void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data) - } - - --#ifdef CONFIG_FILS - #ifdef CONFIG_IEEE80211R - static void remove_ie(u8 *buf, size_t *len, u8 eid) - { -@@ -1401,7 +1400,6 @@ static void remove_ie(u8 *buf, size_t *len, u8 eid) - } - } - #endif /* CONFIG_IEEE80211R */ --#endif /* CONFIG_FILS */ - - - void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode, --- -cgit v0.12 - diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch deleted file mode 100644 index 45a1cf3701f9..000000000000 --- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 2643a056bb7d0737f63f42a11c308b2804d9ebe5 Mon Sep 17 00:00:00 2001 -From: Andrey Utkin -Date: Tue, 11 Dec 2018 17:41:10 +0000 -Subject: [PATCH] Fix build with LibreSSL - -When using LibreSSL instead of OpenSSL, linkage of hostapd executable -fails with the following error when using some LibreSSL versions - - ../src/crypto/tls_openssl.o: In function `tls_verify_cb': - tls_openssl.c:(.text+0x1273): undefined reference to `ASN1_STRING_get0_data' - ../src/crypto/tls_openssl.o: In function `tls_connection_peer_serial_num': - tls_openssl.c:(.text+0x3023): undefined reference to `ASN1_STRING_get0_data' - collect2: error: ld returned 1 exit status - make: *** [Makefile:1278: hostapd] Error 1 - -ASN1_STRING_get0_data is present in recent OpenSSL, but absent in some -versions of LibreSSL (confirmed for version 2.6.5), so fallback needs to -be defined in this case, just like for old OpenSSL. - -This patch was inspired by similar patches to other projects, such as -spice-gtk, pjsip. - -Link: https://bugs.gentoo.org/672834 -Signed-off-by: Andrey Utkin ---- - src/crypto/tls_openssl.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c -index 608818310..cb70e2c47 100644 ---- a/src/crypto/tls_openssl.c -+++ b/src/crypto/tls_openssl.c -@@ -104,7 +104,9 @@ static size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, - - #endif - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - #ifdef CONFIG_SUITEB - static int RSA_bits(const RSA *r) - { --- -2.20.1 - diff --git a/net-wireless/wpa_supplicant/metadata.xml b/net-wireless/wpa_supplicant/metadata.xml index a2085baaa253..a52a722509e2 100644 --- a/net-wireless/wpa_supplicant/metadata.xml +++ b/net-wireless/wpa_supplicant/metadata.xml @@ -16,7 +16,6 @@ Add support for Wi-Fi Direct mode Add support for ps3 hypervisor driven gelic wifi Enable wpa_priv privledge separation binary - Enable enable NSA Suite B encryption Add support for Tunneled Direct Link Setup (802.11z) Add support for GPSK, SAKE, GPSK_SHA256, IKEV2 and EKE Add support for Wi-Fi Protected Setup diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.6-r10.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.6-r10.ebuild deleted file mode 100644 index 5c5b91c36f5b..000000000000 --- a/net-wireless/wpa_supplicant/wpa_supplicant-2.6-r10.ebuild +++ /dev/null @@ -1,463 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit eutils qmake-utils systemd toolchain-funcs readme.gentoo-r1 - -DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers" -HOMEPAGE="https://w1.fi/wpa_supplicant/" -SRC_URI="https://w1.fi/releases/${P}.tar.gz" -LICENSE="|| ( GPL-2 BSD )" - -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~mips ppc ppc64 ~sparc x86" -IUSE="ap bindist dbus eap-sim eapol_test fasteap gnutls +hs2-0 libressl p2p privsep ps3 qt5 readline selinux smartcard ssl suiteb tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD" -REQUIRED_USE="smartcard? ( ssl )" - -CDEPEND="dbus? ( sys-apps/dbus ) - kernel_linux? ( - dev-libs/libnl:3 - net-wireless/crda - eap-sim? ( sys-apps/pcsc-lite ) - ) - !kernel_linux? ( net-libs/libpcap ) - qt5? ( - dev-qt/qtcore:5 - dev-qt/qtgui:5 - dev-qt/qtsvg:5 - dev-qt/qtwidgets:5 - ) - readline? ( - sys-libs/ncurses:0= - sys-libs/readline:0= - ) - ssl? ( - gnutls? ( - dev-libs/libgcrypt:0= - net-libs/gnutls:= - ) - !gnutls? ( - !libressl? ( >=dev-libs/openssl-1.0.2k:0=[bindist=] ) - libressl? ( dev-libs/libressl:0= ) - ) - ) - !ssl? ( dev-libs/libtommath ) -" -DEPEND="${CDEPEND} - virtual/pkgconfig -" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-networkmanager ) -" - -DOC_CONTENTS=" - If this is a clean installation of wpa_supplicant, you - have to create a configuration file named - ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf - An example configuration file is available for reference in - ${EROOT%/}/usr/share/doc/${PF}/ -" - -S="${WORKDIR}/${P}/${PN}" - -Kconfig_style_config() { - #param 1 is CONFIG_* item - #param 2 is what to set it = to, defaulting in y - CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1" - setting="${2:-y}" - - if [ ! $setting = n ]; then - #first remove any leading "# " if $2 is not n - sed -i "/^# *$CONFIG_PARAM=/s/^# *//" .config || echo "Kconfig_style_config error uncommenting $CONFIG_PARAM" - #set item = $setting (defaulting to y) - sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config || echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting" - if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then - echo "$CONFIG_PARAM=$setting" >>.config - fi - else - #ensure item commented out - sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config || echo "Kconfig_style_config error commenting $CONFIG_PARAM" - fi -} - -pkg_setup() { - if use ssl ; then - if use gnutls && use libressl ; then - elog "You have both 'gnutls' and 'libressl' USE flags enabled: defaulting to USE=\"gnutls\"" - fi - else - elog "You have 'ssl' USE flag disabled: defaulting to internal TLS implementation" - fi -} - -src_prepare() { - default - - # net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD - sed -i \ - -e "s:\(#include \):#include \n\1:" \ - ../src/l2_packet/l2_packet_freebsd.c || die - - # People seem to take the example configuration file too literally (bug #102361) - sed -i \ - -e "s:^\(opensc_engine_path\):#\1:" \ - -e "s:^\(pkcs11_engine_path\):#\1:" \ - -e "s:^\(pkcs11_module_path\):#\1:" \ - wpa_supplicant.conf || die - - # Change configuration to match Gentoo locations (bug #143750) - sed -i \ - -e "s:/usr/lib/opensc:/usr/$(get_libdir):" \ - -e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \ - wpa_supplicant.conf || die - - # systemd entries to D-Bus service files (bug #372877) - echo 'SystemdService=wpa_supplicant.service' \ - | tee -a dbus/*.service >/dev/null || die - - cd "${WORKDIR}/${P}" || die - - if use wimax; then - # generate-libeap-peer.patch comes before - # fix-undefined-reference-to-random_get_bytes.patch - eapply "${FILESDIR}/${P}-generate-libeap-peer.patch" - - # multilib-strict fix (bug #373685) - sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile || die - fi - - # bug (320097) - eapply "${FILESDIR}/${P}-do-not-call-dbus-functions-with-NULL-path.patch" - - # bug (596332 & 651314) - eapply "${FILESDIR}/${P}-libressl-compatibility.patch" - - # bug (671006) - eapply "${FILESDIR}/${P}-openssl-1.1.patch" - - # https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt - eapply "${FILESDIR}/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch" - eapply "${FILESDIR}/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch" - eapply "${FILESDIR}/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch" - eapply "${FILESDIR}/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch" - eapply "${FILESDIR}/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch" - eapply "${FILESDIR}/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch" - eapply "${FILESDIR}/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch" - eapply "${FILESDIR}/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch" - - # https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt - eapply "${FILESDIR}/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch" - - # bug (640492) - sed -i 's#-Werror ##' wpa_supplicant/Makefile || die -} - -src_configure() { - # Toolchain setup - tc-export CC - - cp defconfig .config || die - - # Basic setup - Kconfig_style_config CTRL_IFACE - Kconfig_style_config MATCH_IFACE - Kconfig_style_config BACKEND file - Kconfig_style_config IBSS_RSN - Kconfig_style_config IEEE80211W - Kconfig_style_config IEEE80211R - - # Basic authentication methods - # NOTE: we don't set GPSK or SAKE as they conflict - # with the below options - Kconfig_style_config EAP_GTC - Kconfig_style_config EAP_MD5 - Kconfig_style_config EAP_OTP - Kconfig_style_config EAP_PAX - Kconfig_style_config EAP_PSK - Kconfig_style_config EAP_TLV - Kconfig_style_config EAP_EXE - Kconfig_style_config IEEE8021X_EAPOL - Kconfig_style_config PKCS12 - Kconfig_style_config PEERKEY - Kconfig_style_config EAP_LEAP - Kconfig_style_config EAP_MSCHAPV2 - Kconfig_style_config EAP_PEAP - Kconfig_style_config EAP_TLS - Kconfig_style_config EAP_TTLS - - # Enabling background scanning. - Kconfig_style_config BGSCAN_SIMPLE - Kconfig_style_config BGSCAN_LEARN - - if use dbus ; then - Kconfig_style_config CTRL_IFACE_DBUS - Kconfig_style_config CTRL_IFACE_DBUS_NEW - Kconfig_style_config CTRL_IFACE_DBUS_INTRO - fi - - if use eapol_test ; then - Kconfig_style_config EAPOL_TEST - fi - - # Enable support for writing debug info to a log file and syslog. - Kconfig_style_config DEBUG_FILE - Kconfig_style_config DEBUG_SYSLOG - - if use hs2-0 ; then - Kconfig_style_config INTERWORKING - Kconfig_style_config HS20 - fi - - if use uncommon-eap-types; then - Kconfig_style_config EAP_GPSK - Kconfig_style_config EAP_SAKE - Kconfig_style_config EAP_GPSK_SHA256 - Kconfig_style_config EAP_IKEV2 - Kconfig_style_config EAP_EKE - fi - - if use eap-sim ; then - # Smart card authentication - Kconfig_style_config EAP_SIM - Kconfig_style_config EAP_AKA - Kconfig_style_config EAP_AKA_PRIME - Kconfig_style_config PCSC - fi - - if use fasteap ; then - Kconfig_style_config EAP_FAST - fi - - if use readline ; then - # readline/history support for wpa_cli - Kconfig_style_config READLINE - else - #internal line edit mode for wpa_cli - Kconfig_style_config WPA_CLI_EDIT - fi - - if use suiteb; then - Kconfig_style_config SUITEB - fi - - # SSL authentication methods - if use ssl ; then - if use gnutls ; then - Kconfig_style_config TLS gnutls - Kconfig_style_config GNUTLS_EXTRA - else - #this fails for gnutls - Kconfig_style_config SUITEB192 - Kconfig_style_config TLS openssl - if ! use bindist; then - #this fails for gnutls - Kconfig_style_config EAP_PWD - # SAE fails on gnutls and everything below here needs SAE - # Enabling mesh networks. - Kconfig_style_config MESH - #WPA3 - Kconfig_style_config OWE - Kconfig_style_config SAE - #we also need to disable FILS, except that isn't enabled yet - fi - - fi - else - Kconfig_style_config TLS internal - fi - - if use smartcard ; then - Kconfig_style_config SMARTCARD - fi - - if use tdls ; then - Kconfig_style_config TDLS - fi - - if use kernel_linux ; then - # Linux specific drivers - Kconfig_style_config DRIVER_ATMEL - Kconfig_style_config DRIVER_HOSTAP - Kconfig_style_config DRIVER_IPW - Kconfig_style_config DRIVER_NL80211 - Kconfig_style_config DRIVER_RALINK - Kconfig_style_config DRIVER_WEXT - Kconfig_style_config DRIVER_WIRED - - if use ps3 ; then - Kconfig_style_config DRIVER_PS3 - fi - - elif use kernel_FreeBSD ; then - # FreeBSD specific driver - Kconfig_style_config DRIVER_BSD - fi - - # Wi-Fi Protected Setup (WPS) - if use wps ; then - Kconfig_style_config WPS - Kconfig_style_config WPS2 - # USB Flash Drive - Kconfig_style_config WPS_UFD - # External Registrar - Kconfig_style_config WPS_ER - # Universal Plug'n'Play - Kconfig_style_config WPS_UPNP - # Near Field Communication - Kconfig_style_config WPS_NFC - fi - - # Wi-Fi Direct (WiDi) - if use p2p ; then - Kconfig_style_config P2P - Kconfig_style_config WIFI_DISPLAY - fi - - # Access Point Mode - if use ap ; then - Kconfig_style_config AP - fi - - # Enable essentials for AP/P2P - if use ap || use p2p ; then - # Enabling HT support (802.11n) - Kconfig_style_config IEEE80211N - - # Enabling VHT support (802.11ac) - Kconfig_style_config IEEE80211AC - fi - - # Enable mitigation against certain attacks against TKIP - Kconfig_style_config DELAYED_MIC_ERROR_REPORT - - if use privsep ; then - Kconfig_style_config PRIVSEP - fi - - # If we are using libnl 2.0 and above, enable support for it - # Bug 382159 - # Removed for now, since the 3.2 version is broken, and we don't - # support it. - if has_version ">=dev-libs/libnl-3.2"; then - Kconfig_style_config LIBNL32 - fi - - if use qt5 ; then - pushd "${S}"/wpa_gui-qt4 > /dev/null || die - eqmake5 wpa_gui.pro - popd > /dev/null || die - fi -} - -src_compile() { - einfo "Building wpa_supplicant" - emake V=1 BINDIR=/usr/sbin - - if use wimax; then - emake -C ../src/eap_peer clean - emake -C ../src/eap_peer - fi - - if use qt5; then - einfo "Building wpa_gui" - emake -C "${S}"/wpa_gui-qt4 - fi - - if use eapol_test ; then - emake eapol_test - fi -} - -src_install() { - dosbin wpa_supplicant - use privsep && dosbin wpa_priv - dobin wpa_cli wpa_passphrase - - # baselayout-1 compat - if has_version "=sys-apps/openrc-0.5.0"; then - newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant - newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant - fi - - exeinto /etc/wpa_supplicant/ - newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh - - readme.gentoo_create_doc - dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \ - wpa_supplicant.conf - - newdoc .config build-config - - doman doc/docbook/*.{5,8} - - if use qt5 ; then - into /usr - dobin wpa_gui-qt4/wpa_gui - doicon wpa_gui-qt4/icons/wpa_gui.svg - make_desktop_entry wpa_gui "WPA Supplicant Administration GUI" "wpa_gui" "Qt;Network;" - else - rm "${ED}"/usr/share/man/man8/wpa_gui.8 - fi - - use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install - - if use dbus ; then - pushd "${S}"/dbus > /dev/null || die - insinto /etc/dbus-1/system.d - newins dbus-wpa_supplicant.conf wpa_supplicant.conf - insinto /usr/share/dbus-1/system-services - doins fi.epitest.hostap.WPASupplicant.service fi.w1.wpa_supplicant1.service - popd > /dev/null || die - - # This unit relies on dbus support, bug 538600. - systemd_dounit systemd/wpa_supplicant.service - fi - - if use eapol_test ; then - dobin eapol_test - fi - - systemd_dounit "systemd/wpa_supplicant@.service" - systemd_dounit "systemd/wpa_supplicant-nl80211@.service" - systemd_dounit "systemd/wpa_supplicant-wired@.service" -} - -pkg_postinst() { - readme.gentoo_print_elog - - if [[ -e "${EROOT%/}"/etc/wpa_supplicant.conf ]] ; then - echo - ewarn "WARNING: your old configuration file ${EROOT%/}/etc/wpa_supplicant.conf" - ewarn "needs to be moved to ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf" - fi - - if use bindist || use gnutls; then - if ! use libressl; then - ewarn "Using bindist or gnutls use flags presently breaks WPA3 (specifically SAE and OWE)." - ewarn "This is incredibly undesirable" - fi - fi - - # Mea culpa, feel free to remove that after some time --mgorny. - local fn - for fn in wpa_supplicant{,@wlan0}.service; do - if [[ -e "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} ]] - then - ebegin "Moving ${fn} to multi-user.target" - mv "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} \ - "${EROOT%/}"/etc/systemd/system/multi-user.target.wants/ || die - eend ${?} \ - "Please try to re-enable ${fn}" - fi - done - - systemd_reenable wpa_supplicant.service -} diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.7-r1.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.7-r1.ebuild deleted file mode 100644 index e9cff9806212..000000000000 --- a/net-wireless/wpa_supplicant/wpa_supplicant-2.7-r1.ebuild +++ /dev/null @@ -1,458 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit eutils qmake-utils systemd toolchain-funcs readme.gentoo-r1 - -DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers" -HOMEPAGE="https://w1.fi/wpa_supplicant/" -LICENSE="|| ( GPL-2 BSD )" - -if [ "${PV}" = "9999" ]; then - inherit git-r3 - EGIT_REPO_URI="https://w1.fi/hostap.git" -else - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" - SRC_URI="https://w1.fi/releases/${P}.tar.gz" -fi - -SLOT="0" -IUSE="ap bindist dbus eap-sim eapol_test fasteap gnutls +hs2-0 libressl p2p privsep ps3 qt5 readline selinux smartcard ssl suiteb tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD" -REQUIRED_USE="smartcard? ( ssl )" - -CDEPEND="dbus? ( sys-apps/dbus ) - kernel_linux? ( - dev-libs/libnl:3 - net-wireless/crda - eap-sim? ( sys-apps/pcsc-lite ) - ) - !kernel_linux? ( net-libs/libpcap ) - qt5? ( - dev-qt/qtcore:5 - dev-qt/qtgui:5 - dev-qt/qtsvg:5 - dev-qt/qtwidgets:5 - ) - readline? ( - sys-libs/ncurses:0= - sys-libs/readline:0= - ) - ssl? ( - gnutls? ( - dev-libs/libgcrypt:0= - net-libs/gnutls:= - ) - !gnutls? ( - !libressl? ( >=dev-libs/openssl-1.0.2k:0=[bindist=] ) - libressl? ( dev-libs/libressl:0= ) - ) - ) - !ssl? ( dev-libs/libtommath ) -" -DEPEND="${CDEPEND} - virtual/pkgconfig -" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-networkmanager ) -" - -DOC_CONTENTS=" - If this is a clean installation of wpa_supplicant, you - have to create a configuration file named - ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf - An example configuration file is available for reference in - ${EROOT%/}/usr/share/doc/${PF}/ -" - -S="${WORKDIR}/${P}/${PN}" - -Kconfig_style_config() { - #param 1 is CONFIG_* item - #param 2 is what to set it = to, defaulting in y - CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1" - setting="${2:-y}" - - if [ ! $setting = n ]; then - #first remove any leading "# " if $2 is not n - sed -i "/^# *$CONFIG_PARAM=/s/^# *//" .config || echo "Kconfig_style_config error uncommenting $CONFIG_PARAM" - #set item = $setting (defaulting to y) - sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config || echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting" - if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then - echo "$CONFIG_PARAM=$setting" >>.config - fi - else - #ensure item commented out - sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config || echo "Kconfig_style_config error commenting $CONFIG_PARAM" - fi -} - -pkg_setup() { - if use ssl ; then - if use gnutls && use libressl ; then - elog "You have both 'gnutls' and 'libressl' USE flags enabled: defaulting to USE=\"gnutls\"" - fi - else - elog "You have 'ssl' USE flag disabled: defaulting to internal TLS implementation" - fi -} - -src_prepare() { - default - - # net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD - sed -i \ - -e "s:\(#include \):#include \n\1:" \ - ../src/l2_packet/l2_packet_freebsd.c || die - - # People seem to take the example configuration file too literally (bug #102361) - sed -i \ - -e "s:^\(opensc_engine_path\):#\1:" \ - -e "s:^\(pkcs11_engine_path\):#\1:" \ - -e "s:^\(pkcs11_module_path\):#\1:" \ - wpa_supplicant.conf || die - - # Change configuration to match Gentoo locations (bug #143750) - sed -i \ - -e "s:/usr/lib/opensc:/usr/$(get_libdir):" \ - -e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \ - wpa_supplicant.conf || die - - # systemd entries to D-Bus service files (bug #372877) - echo 'SystemdService=wpa_supplicant.service' \ - | tee -a dbus/*.service >/dev/null || die - - cd "${WORKDIR}/${P}" || die - - if use wimax; then - # generate-libeap-peer.patch comes before - # fix-undefined-reference-to-random_get_bytes.patch - eapply "${FILESDIR}/${P}-generate-libeap-peer.patch" - - # multilib-strict fix (bug #373685) - sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile || die - fi - - # bug (320097) - eapply "${FILESDIR}/${PN}-2.6-do-not-call-dbus-functions-with-NULL-path.patch" - - # fix undefined reference to remove_ie() - eapply "${FILESDIR}/${P}-fix-undefined-remove-ie.patch" - - # bug (672632) - eapply "${FILESDIR}/${P}-libressl.patch" - - # bug (640492) - sed -i 's#-Werror ##' wpa_supplicant/Makefile || die -} - -src_configure() { - # Toolchain setup - tc-export CC - - cp defconfig .config || die - - # Basic setup - Kconfig_style_config CTRL_IFACE - Kconfig_style_config MATCH_IFACE - Kconfig_style_config BACKEND file - Kconfig_style_config IBSS_RSN - Kconfig_style_config IEEE80211W - Kconfig_style_config IEEE80211R - - # Basic authentication methods - # NOTE: we don't set GPSK or SAKE as they conflict - # with the below options - Kconfig_style_config EAP_GTC - Kconfig_style_config EAP_MD5 - Kconfig_style_config EAP_OTP - Kconfig_style_config EAP_PAX - Kconfig_style_config EAP_PSK - Kconfig_style_config EAP_TLV - Kconfig_style_config EAP_EXE - Kconfig_style_config IEEE8021X_EAPOL - Kconfig_style_config PKCS12 - Kconfig_style_config PEERKEY - Kconfig_style_config EAP_LEAP - Kconfig_style_config EAP_MSCHAPV2 - Kconfig_style_config EAP_PEAP - Kconfig_style_config EAP_TLS - Kconfig_style_config EAP_TTLS - - # Enabling background scanning. - Kconfig_style_config BGSCAN_SIMPLE - Kconfig_style_config BGSCAN_LEARN - - if use dbus ; then - Kconfig_style_config CTRL_IFACE_DBUS - Kconfig_style_config CTRL_IFACE_DBUS_NEW - Kconfig_style_config CTRL_IFACE_DBUS_INTRO - fi - - if use eapol_test ; then - Kconfig_style_config EAPOL_TEST - fi - - # Enable support for writing debug info to a log file and syslog. - Kconfig_style_config DEBUG_FILE - Kconfig_style_config DEBUG_SYSLOG - - if use hs2-0 ; then - Kconfig_style_config INTERWORKING - Kconfig_style_config HS20 - fi - - if use uncommon-eap-types; then - Kconfig_style_config EAP_GPSK - Kconfig_style_config EAP_SAKE - Kconfig_style_config EAP_GPSK_SHA256 - Kconfig_style_config EAP_IKEV2 - Kconfig_style_config EAP_EKE - fi - - if use eap-sim ; then - # Smart card authentication - Kconfig_style_config EAP_SIM - Kconfig_style_config EAP_AKA - Kconfig_style_config EAP_AKA_PRIME - Kconfig_style_config PCSC - fi - - if use fasteap ; then - Kconfig_style_config EAP_FAST - fi - - if use readline ; then - # readline/history support for wpa_cli - Kconfig_style_config READLINE - else - #internal line edit mode for wpa_cli - Kconfig_style_config WPA_CLI_EDIT - fi - - if use suiteb; then - Kconfig_style_config SUITEB - fi - - # SSL authentication methods - if use ssl ; then - if use gnutls ; then - Kconfig_style_config TLS gnutls - Kconfig_style_config GNUTLS_EXTRA - else - #this fails for gnutls - Kconfig_style_config SUITEB192 - Kconfig_style_config TLS openssl - if ! use bindist; then - #this fails for gnutls - Kconfig_style_config EAP_PWD - # SAE fails on gnutls and everything below here needs SAE - # Enabling mesh networks. - Kconfig_style_config MESH - #WPA3 - Kconfig_style_config OWE - Kconfig_style_config SAE - #we also need to disable FILS, except that isn't enabled yet - fi - - fi - else - Kconfig_style_config TLS internal - fi - - if use smartcard ; then - Kconfig_style_config SMARTCARD - fi - - if use tdls ; then - Kconfig_style_config TDLS - fi - - if use kernel_linux ; then - # Linux specific drivers - Kconfig_style_config DRIVER_ATMEL - Kconfig_style_config DRIVER_HOSTAP - Kconfig_style_config DRIVER_IPW - Kconfig_style_config DRIVER_NL80211 - Kconfig_style_config DRIVER_RALINK - Kconfig_style_config DRIVER_WEXT - Kconfig_style_config DRIVER_WIRED - - if use ps3 ; then - Kconfig_style_config DRIVER_PS3 - fi - - elif use kernel_FreeBSD ; then - # FreeBSD specific driver - Kconfig_style_config DRIVER_BSD - fi - - # Wi-Fi Protected Setup (WPS) - if use wps ; then - Kconfig_style_config WPS - Kconfig_style_config WPS2 - # USB Flash Drive - Kconfig_style_config WPS_UFD - # External Registrar - Kconfig_style_config WPS_ER - # Universal Plug'n'Play - Kconfig_style_config WPS_UPNP - # Near Field Communication - Kconfig_style_config WPS_NFC - fi - - # Wi-Fi Direct (WiDi) - if use p2p ; then - Kconfig_style_config P2P - Kconfig_style_config WIFI_DISPLAY - fi - - # Access Point Mode - if use ap ; then - Kconfig_style_config AP - fi - - # Enable essentials for AP/P2P - if use ap || use p2p ; then - # Enabling HT support (802.11n) - Kconfig_style_config IEEE80211N - - # Enabling VHT support (802.11ac) - Kconfig_style_config IEEE80211AC - fi - - # Enable mitigation against certain attacks against TKIP - Kconfig_style_config DELAYED_MIC_ERROR_REPORT - - if use privsep ; then - Kconfig_style_config PRIVSEP - fi - - # If we are using libnl 2.0 and above, enable support for it - # Bug 382159 - # Removed for now, since the 3.2 version is broken, and we don't - # support it. - if has_version ">=dev-libs/libnl-3.2"; then - Kconfig_style_config LIBNL32 - fi - - if use qt5 ; then - pushd "${S}"/wpa_gui-qt4 > /dev/null || die - eqmake5 wpa_gui.pro - popd > /dev/null || die - fi -} - -src_compile() { - einfo "Building wpa_supplicant" - emake V=1 BINDIR=/usr/sbin - - if use wimax; then - emake -C ../src/eap_peer clean - emake -C ../src/eap_peer - fi - - if use qt5; then - einfo "Building wpa_gui" - emake -C "${S}"/wpa_gui-qt4 - fi - - if use eapol_test ; then - emake eapol_test - fi -} - -src_install() { - dosbin wpa_supplicant - use privsep && dosbin wpa_priv - dobin wpa_cli wpa_passphrase - - # baselayout-1 compat - if has_version "=sys-apps/openrc-0.5.0"; then - newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant - newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant - fi - - exeinto /etc/wpa_supplicant/ - newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh - - readme.gentoo_create_doc - dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \ - wpa_supplicant.conf - - newdoc .config build-config - - if [ "${PV}" != "9999" ]; then - doman doc/docbook/*.{5,8} - fi - - if use qt5 ; then - into /usr - dobin wpa_gui-qt4/wpa_gui - doicon wpa_gui-qt4/icons/wpa_gui.svg - make_desktop_entry wpa_gui "WPA Supplicant Administration GUI" "wpa_gui" "Qt;Network;" - else - rm "${ED}"/usr/share/man/man8/wpa_gui.8 - fi - - use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install - - if use dbus ; then - pushd "${S}"/dbus > /dev/null || die - insinto /etc/dbus-1/system.d - newins dbus-wpa_supplicant.conf wpa_supplicant.conf - insinto /usr/share/dbus-1/system-services - doins fi.epitest.hostap.WPASupplicant.service fi.w1.wpa_supplicant1.service - popd > /dev/null || die - - # This unit relies on dbus support, bug 538600. - systemd_dounit systemd/wpa_supplicant.service - fi - - if use eapol_test ; then - dobin eapol_test - fi - - systemd_dounit "systemd/wpa_supplicant@.service" - systemd_dounit "systemd/wpa_supplicant-nl80211@.service" - systemd_dounit "systemd/wpa_supplicant-wired@.service" -} - -pkg_postinst() { - readme.gentoo_print_elog - - if [[ -e "${EROOT%/}"/etc/wpa_supplicant.conf ]] ; then - echo - ewarn "WARNING: your old configuration file ${EROOT%/}/etc/wpa_supplicant.conf" - ewarn "needs to be moved to ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf" - fi - - if use bindist || use gnutls; then - if ! use libressl; then - ewarn "Using bindist or gnutls use flags presently breaks WPA3 (specifically SAE and OWE)." - ewarn "This is incredibly undesirable" - fi - fi - - # Mea culpa, feel free to remove that after some time --mgorny. - local fn - for fn in wpa_supplicant{,@wlan0}.service; do - if [[ -e "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} ]] - then - ebegin "Moving ${fn} to multi-user.target" - mv "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} \ - "${EROOT%/}"/etc/systemd/system/multi-user.target.wants/ || die - eend ${?} \ - "Please try to re-enable ${fn}" - fi - done - - systemd_reenable wpa_supplicant.service -} diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.7-r3.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.7-r3.ebuild deleted file mode 100644 index 697e343ecab3..000000000000 --- a/net-wireless/wpa_supplicant/wpa_supplicant-2.7-r3.ebuild +++ /dev/null @@ -1,442 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit eutils qmake-utils systemd toolchain-funcs readme.gentoo-r1 - -DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers" -HOMEPAGE="https://w1.fi/wpa_supplicant/" -LICENSE="|| ( GPL-2 BSD )" - -if [ "${PV}" = "9999" ]; then - inherit git-r3 - EGIT_REPO_URI="https://w1.fi/hostap.git" -else - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" - SRC_URI="https://w1.fi/releases/${P}.tar.gz" -fi - -SLOT="0" -IUSE="ap bindist dbus eap-sim eapol_test fasteap +hs2-0 libressl macsec p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD" - -CDEPEND="dbus? ( sys-apps/dbus ) - kernel_linux? ( - dev-libs/libnl:3 - net-wireless/crda - eap-sim? ( sys-apps/pcsc-lite ) - ) - !kernel_linux? ( net-libs/libpcap ) - qt5? ( - dev-qt/qtcore:5 - dev-qt/qtgui:5 - dev-qt/qtsvg:5 - dev-qt/qtwidgets:5 - ) - readline? ( - sys-libs/ncurses:0= - sys-libs/readline:0= - ) - !libressl? ( >=dev-libs/openssl-1.0.2k:0=[bindist=] ) - libressl? ( dev-libs/libressl:0= ) -" -DEPEND="${CDEPEND} - virtual/pkgconfig -" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-networkmanager ) -" - -DOC_CONTENTS=" - If this is a clean installation of wpa_supplicant, you - have to create a configuration file named - ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf - An example configuration file is available for reference in - ${EROOT%/}/usr/share/doc/${PF}/ -" - -S="${WORKDIR}/${P}/${PN}" - -Kconfig_style_config() { - #param 1 is CONFIG_* item - #param 2 is what to set it = to, defaulting in y - CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1" - setting="${2:-y}" - - if [ ! $setting = n ]; then - #first remove any leading "# " if $2 is not n - sed -i "/^# *$CONFIG_PARAM=/s/^# *//" .config || echo "Kconfig_style_config error uncommenting $CONFIG_PARAM" - #set item = $setting (defaulting to y) - sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config || echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting" - if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then - echo "$CONFIG_PARAM=$setting" >>.config - fi - else - #ensure item commented out - sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config || echo "Kconfig_style_config error commenting $CONFIG_PARAM" - fi -} - -src_prepare() { - default - - # net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD - sed -i \ - -e "s:\(#include \):#include \n\1:" \ - ../src/l2_packet/l2_packet_freebsd.c || die - - # People seem to take the example configuration file too literally (bug #102361) - sed -i \ - -e "s:^\(opensc_engine_path\):#\1:" \ - -e "s:^\(pkcs11_engine_path\):#\1:" \ - -e "s:^\(pkcs11_module_path\):#\1:" \ - wpa_supplicant.conf || die - - # Change configuration to match Gentoo locations (bug #143750) - sed -i \ - -e "s:/usr/lib/opensc:/usr/$(get_libdir):" \ - -e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \ - wpa_supplicant.conf || die - - # systemd entries to D-Bus service files (bug #372877) - echo 'SystemdService=wpa_supplicant.service' \ - | tee -a dbus/*.service >/dev/null || die - - cd "${WORKDIR}/${P}" || die - - if use wimax; then - # generate-libeap-peer.patch comes before - # fix-undefined-reference-to-random_get_bytes.patch - eapply "${FILESDIR}/${P}-generate-libeap-peer.patch" - - # multilib-strict fix (bug #373685) - sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile || die - fi - - # bug (320097) - eapply "${FILESDIR}/${PN}-2.6-do-not-call-dbus-functions-with-NULL-path.patch" - - # fix undefined reference to remove_ie() - eapply "${FILESDIR}/${P}-fix-undefined-remove-ie.patch" - - # bug (672632) - eapply "${FILESDIR}/${P}-libressl.patch" - - # bug (640492) - sed -i 's#-Werror ##' wpa_supplicant/Makefile || die -} - -src_configure() { - # Toolchain setup - tc-export CC - - cp defconfig .config || die - - # Basic setup - Kconfig_style_config CTRL_IFACE - Kconfig_style_config MATCH_IFACE - Kconfig_style_config BACKEND file - Kconfig_style_config IBSS_RSN - Kconfig_style_config IEEE80211W - Kconfig_style_config IEEE80211R - Kconfig_style_config HT_OVERRIDES - Kconfig_style_config VHT_OVERRIDES - Kconfig_style_config OCV - Kconfig_style_config TLSV11 - Kconfig_style_config TLSV12 - - # Basic authentication methods - # NOTE: we don't set GPSK or SAKE as they conflict - # with the below options - Kconfig_style_config EAP_GTC - Kconfig_style_config EAP_MD5 - Kconfig_style_config EAP_OTP - Kconfig_style_config EAP_PAX - Kconfig_style_config EAP_PSK - Kconfig_style_config EAP_TLV - Kconfig_style_config EAP_EXE - Kconfig_style_config IEEE8021X_EAPOL - Kconfig_style_config PKCS12 - Kconfig_style_config PEERKEY - Kconfig_style_config EAP_LEAP - Kconfig_style_config EAP_MSCHAPV2 - Kconfig_style_config EAP_PEAP - Kconfig_style_config EAP_TLS - Kconfig_style_config EAP_TTLS - - # Enabling background scanning. - Kconfig_style_config BGSCAN_SIMPLE - Kconfig_style_config BGSCAN_LEARN - - if use dbus ; then - Kconfig_style_config CTRL_IFACE_DBUS - Kconfig_style_config CTRL_IFACE_DBUS_NEW - Kconfig_style_config CTRL_IFACE_DBUS_INTRO - fi - - if use eapol_test ; then - Kconfig_style_config EAPOL_TEST - fi - - # Enable support for writing debug info to a log file and syslog. - Kconfig_style_config DEBUG_FILE - Kconfig_style_config DEBUG_SYSLOG - - if use hs2-0 ; then - Kconfig_style_config INTERWORKING - Kconfig_style_config HS20 - fi - - if use uncommon-eap-types; then - Kconfig_style_config EAP_GPSK - Kconfig_style_config EAP_SAKE - Kconfig_style_config EAP_GPSK_SHA256 - Kconfig_style_config EAP_IKEV2 - Kconfig_style_config EAP_EKE - fi - - if use eap-sim ; then - # Smart card authentication - Kconfig_style_config EAP_SIM - Kconfig_style_config EAP_AKA - Kconfig_style_config EAP_AKA_PRIME - Kconfig_style_config PCSC - fi - - if use fasteap ; then - Kconfig_style_config EAP_FAST - fi - - if use readline ; then - # readline/history support for wpa_cli - Kconfig_style_config READLINE - else - #internal line edit mode for wpa_cli - Kconfig_style_config WPA_CLI_EDIT - fi - - Kconfig_style_config TLS openssl - Kconfig_style_config FST - if ! use bindist || use libressl; then - Kconfig_style_config EAP_PWD - Kconfig_style_config FILS - Kconfig_style_config FILS_SK_PFS - # Enabling mesh networks. - Kconfig_style_config MESH - #WPA3 - Kconfig_style_config OWE - Kconfig_style_config SAE - Kconfig_style_config DPP - Kconfig_style_config SUITEB192 - fi - if ! use bindist && ! use libressl; then - Kconfig_style_config SUITEB - fi - - if use smartcard ; then - Kconfig_style_config SMARTCARD - fi - - if use tdls ; then - Kconfig_style_config TDLS - fi - - if use kernel_linux ; then - # Linux specific drivers - Kconfig_style_config DRIVER_ATMEL - Kconfig_style_config DRIVER_HOSTAP - Kconfig_style_config DRIVER_IPW - Kconfig_style_config DRIVER_NL80211 - Kconfig_style_config DRIVER_RALINK - Kconfig_style_config DRIVER_WEXT - Kconfig_style_config DRIVER_WIRED - - if use macsec ; then - #requires something, no idea what - #Kconfig_style_config DRIVER_MACSEC_QCA - Kconfig_style_config MACSEC - fi - - if use ps3 ; then - Kconfig_style_config DRIVER_PS3 - fi - - elif use kernel_FreeBSD ; then - # FreeBSD specific driver - Kconfig_style_config DRIVER_BSD - fi - - # Wi-Fi Protected Setup (WPS) - if use wps ; then - Kconfig_style_config WPS - Kconfig_style_config WPS2 - # USB Flash Drive - Kconfig_style_config WPS_UFD - # External Registrar - Kconfig_style_config WPS_ER - # Universal Plug'n'Play - Kconfig_style_config WPS_UPNP - # Near Field Communication - Kconfig_style_config WPS_NFC - fi - - # Wi-Fi Direct (WiDi) - if use p2p ; then - Kconfig_style_config P2P - Kconfig_style_config WIFI_DISPLAY - fi - - # Access Point Mode - if use ap ; then - Kconfig_style_config AP - fi - - # Enable essentials for AP/P2P - if use ap || use p2p ; then - # Enabling HT support (802.11n) - Kconfig_style_config IEEE80211N - - # Enabling VHT support (802.11ac) - Kconfig_style_config IEEE80211AC - fi - - # Enable mitigation against certain attacks against TKIP - Kconfig_style_config DELAYED_MIC_ERROR_REPORT - - if use privsep ; then - Kconfig_style_config PRIVSEP - fi - - # If we are using libnl 2.0 and above, enable support for it - # Bug 382159 - # Removed for now, since the 3.2 version is broken, and we don't - # support it. - if has_version ">=dev-libs/libnl-3.2"; then - Kconfig_style_config LIBNL32 - fi - - if use qt5 ; then - pushd "${S}"/wpa_gui-qt4 > /dev/null || die - eqmake5 wpa_gui.pro - popd > /dev/null || die - fi -} - -src_compile() { - einfo "Building wpa_supplicant" - emake V=1 BINDIR=/usr/sbin - - if use wimax; then - emake -C ../src/eap_peer clean - emake -C ../src/eap_peer - fi - - if use qt5; then - einfo "Building wpa_gui" - emake -C "${S}"/wpa_gui-qt4 - fi - - if use eapol_test ; then - emake eapol_test - fi -} - -src_install() { - dosbin wpa_supplicant - use privsep && dosbin wpa_priv - dobin wpa_cli wpa_passphrase - - # baselayout-1 compat - if has_version "=sys-apps/openrc-0.5.0"; then - newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant - newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant - fi - - exeinto /etc/wpa_supplicant/ - newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh - - readme.gentoo_create_doc - dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \ - wpa_supplicant.conf - - newdoc .config build-config - - if [ "${PV}" != "9999" ]; then - doman doc/docbook/*.{5,8} - fi - - if use qt5 ; then - into /usr - dobin wpa_gui-qt4/wpa_gui - doicon wpa_gui-qt4/icons/wpa_gui.svg - make_desktop_entry wpa_gui "WPA Supplicant Administration GUI" "wpa_gui" "Qt;Network;" - else - rm "${ED}"/usr/share/man/man8/wpa_gui.8 - fi - - use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install - - if use dbus ; then - pushd "${S}"/dbus > /dev/null || die - insinto /etc/dbus-1/system.d - newins dbus-wpa_supplicant.conf wpa_supplicant.conf - insinto /usr/share/dbus-1/system-services - doins fi.epitest.hostap.WPASupplicant.service fi.w1.wpa_supplicant1.service - popd > /dev/null || die - - # This unit relies on dbus support, bug 538600. - systemd_dounit systemd/wpa_supplicant.service - fi - - if use eapol_test ; then - dobin eapol_test - fi - - systemd_dounit "systemd/wpa_supplicant@.service" - systemd_dounit "systemd/wpa_supplicant-nl80211@.service" - systemd_dounit "systemd/wpa_supplicant-wired@.service" -} - -pkg_postinst() { - readme.gentoo_print_elog - - if [[ -e "${EROOT%/}"/etc/wpa_supplicant.conf ]] ; then - echo - ewarn "WARNING: your old configuration file ${EROOT%/}/etc/wpa_supplicant.conf" - ewarn "needs to be moved to ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf" - fi - - if use bindist; then - if ! use libressl; then - ewarn "Using bindist use flag presently breaks WPA3 (specifically SAE, OWE, DPP, and FILS)." - ewarn "This is incredibly undesirable" - fi - fi - if use libressl; then - ewarn "Libressl doesn't support SUITEB (part of WPA3)" - ewarn "but it does support SUITEB192 (the upgraded strength version of the same)" - ewarn "You probably don't care. Patches welcome" - fi - - # Mea culpa, feel free to remove that after some time --mgorny. - local fn - for fn in wpa_supplicant{,@wlan0}.service; do - if [[ -e "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} ]] - then - ebegin "Moving ${fn} to multi-user.target" - mv "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} \ - "${EROOT%/}"/etc/systemd/system/multi-user.target.wants/ || die - eend ${?} \ - "Please try to re-enable ${fn}" - fi - done - - systemd_reenable wpa_supplicant.service -} diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.8-r1.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.8-r1.ebuild deleted file mode 100644 index 2b773d19178e..000000000000 --- a/net-wireless/wpa_supplicant/wpa_supplicant-2.8-r1.ebuild +++ /dev/null @@ -1,449 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit eutils qmake-utils systemd toolchain-funcs readme.gentoo-r1 - -DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers" -HOMEPAGE="https://w1.fi/wpa_supplicant/" -LICENSE="|| ( GPL-2 BSD )" - -if [ "${PV}" = "9999" ]; then - inherit git-r3 - EGIT_REPO_URI="https://w1.fi/hostap.git" -else - KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~mips ppc ppc64 ~sparc x86" - SRC_URI="https://w1.fi/releases/${P}.tar.gz" -fi - -SLOT="0" -IUSE="ap bindist dbus eap-sim eapol_test fasteap +fils +hs2-0 libressl macsec p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD" - -CDEPEND="dbus? ( sys-apps/dbus ) - kernel_linux? ( - dev-libs/libnl:3 - net-wireless/crda - eap-sim? ( sys-apps/pcsc-lite ) - ) - !kernel_linux? ( net-libs/libpcap ) - qt5? ( - dev-qt/qtcore:5 - dev-qt/qtgui:5 - dev-qt/qtsvg:5 - dev-qt/qtwidgets:5 - ) - readline? ( - sys-libs/ncurses:0= - sys-libs/readline:0= - ) - !libressl? ( >=dev-libs/openssl-1.0.2k:0=[bindist=] ) - libressl? ( dev-libs/libressl:0= ) -" -DEPEND="${CDEPEND} - virtual/pkgconfig -" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-networkmanager ) -" - -DOC_CONTENTS=" - If this is a clean installation of wpa_supplicant, you - have to create a configuration file named - ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf - An example configuration file is available for reference in - ${EROOT%/}/usr/share/doc/${PF}/ -" - -S="${WORKDIR}/${P}/${PN}" - -Kconfig_style_config() { - #param 1 is CONFIG_* item - #param 2 is what to set it = to, defaulting in y - CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1" - setting="${2:-y}" - - if [ ! $setting = n ]; then - #first remove any leading "# " if $2 is not n - sed -i "/^# *$CONFIG_PARAM=/s/^# *//" .config || echo "Kconfig_style_config error uncommenting $CONFIG_PARAM" - #set item = $setting (defaulting to y) - sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config || echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting" - if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then - echo "$CONFIG_PARAM=$setting" >>.config - fi - else - #ensure item commented out - sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config || echo "Kconfig_style_config error commenting $CONFIG_PARAM" - fi -} - -src_prepare() { - default - - # net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD - sed -i \ - -e "s:\(#include \):#include \n\1:" \ - ../src/l2_packet/l2_packet_freebsd.c || die - - # People seem to take the example configuration file too literally (bug #102361) - sed -i \ - -e "s:^\(opensc_engine_path\):#\1:" \ - -e "s:^\(pkcs11_engine_path\):#\1:" \ - -e "s:^\(pkcs11_module_path\):#\1:" \ - wpa_supplicant.conf || die - - # Change configuration to match Gentoo locations (bug #143750) - sed -i \ - -e "s:/usr/lib/opensc:/usr/$(get_libdir):" \ - -e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \ - wpa_supplicant.conf || die - - # systemd entries to D-Bus service files (bug #372877) - echo 'SystemdService=wpa_supplicant.service' \ - | tee -a dbus/*.service >/dev/null || die - - cd "${WORKDIR}/${P}" || die - - if use wimax; then - # generate-libeap-peer.patch comes before - # fix-undefined-reference-to-random_get_bytes.patch - eapply "${FILESDIR}/${P}-generate-libeap-peer.patch" - - # multilib-strict fix (bug #373685) - sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile || die - fi - - # bug (320097) - eapply "${FILESDIR}/${PN}-2.6-do-not-call-dbus-functions-with-NULL-path.patch" - - # bug (640492) - sed -i 's#-Werror ##' wpa_supplicant/Makefile || die -} - -src_configure() { - # Toolchain setup - tc-export CC - - cp defconfig .config || die - - # Basic setup - Kconfig_style_config CTRL_IFACE - Kconfig_style_config MATCH_IFACE - Kconfig_style_config BACKEND file - Kconfig_style_config IBSS_RSN - Kconfig_style_config IEEE80211W - Kconfig_style_config IEEE80211R - Kconfig_style_config HT_OVERRIDES - Kconfig_style_config VHT_OVERRIDES - Kconfig_style_config OCV - Kconfig_style_config TLSV11 - Kconfig_style_config TLSV12 - Kconfig_style_config GETRANDOM - Kconfig_style_config MBO - - # Basic authentication methods - # NOTE: we don't set GPSK or SAKE as they conflict - # with the below options - Kconfig_style_config EAP_GTC - Kconfig_style_config EAP_MD5 - Kconfig_style_config EAP_OTP - Kconfig_style_config EAP_PAX - Kconfig_style_config EAP_PSK - Kconfig_style_config IEEE8021X_EAPOL - Kconfig_style_config PKCS12 - Kconfig_style_config PEERKEY - Kconfig_style_config EAP_LEAP - Kconfig_style_config EAP_MSCHAPV2 - Kconfig_style_config EAP_PEAP - Kconfig_style_config EAP_TLS - Kconfig_style_config EAP_TTLS - - # Enabling background scanning. - Kconfig_style_config BGSCAN_SIMPLE - Kconfig_style_config BGSCAN_LEARN - - if use dbus ; then - Kconfig_style_config CTRL_IFACE_DBUS - Kconfig_style_config CTRL_IFACE_DBUS_NEW - Kconfig_style_config CTRL_IFACE_DBUS_INTRO - else - Kconfig_style_config CTRL_IFACE_DBUS n - Kconfig_style_config CTRL_IFACE_DBUS_NEW n - Kconfig_style_config CTRL_IFACE_DBUS_INTRO n - fi - - if use eapol_test ; then - Kconfig_style_config EAPOL_TEST - fi - - # Enable support for writing debug info to a log file and syslog. - Kconfig_style_config DEBUG_FILE - Kconfig_style_config DEBUG_SYSLOG - - if use hs2-0 ; then - Kconfig_style_config INTERWORKING - Kconfig_style_config HS20 - fi - - if use uncommon-eap-types; then - Kconfig_style_config EAP_GPSK - Kconfig_style_config EAP_SAKE - Kconfig_style_config EAP_GPSK_SHA256 - Kconfig_style_config EAP_IKEV2 - Kconfig_style_config EAP_EKE - fi - - if use eap-sim ; then - # Smart card authentication - Kconfig_style_config EAP_SIM - Kconfig_style_config EAP_AKA - Kconfig_style_config EAP_AKA_PRIME - Kconfig_style_config PCSC - fi - - if use fasteap ; then - Kconfig_style_config EAP_FAST - fi - - if use readline ; then - # readline/history support for wpa_cli - Kconfig_style_config READLINE - else - #internal line edit mode for wpa_cli - Kconfig_style_config WPA_CLI_EDIT - fi - - Kconfig_style_config TLS openssl - Kconfig_style_config FST - if ! use bindist || use libressl; then - Kconfig_style_config EAP_PWD - if use fils; then - Kconfig_style_config FILS - Kconfig_style_config FILS_SK_PFS - fi - # Enabling mesh networks. - Kconfig_style_config MESH - #WPA3 - Kconfig_style_config OWE - Kconfig_style_config SAE - Kconfig_style_config DPP - Kconfig_style_config SUITEB192 - fi - if ! use bindist && ! use libressl; then - Kconfig_style_config SUITEB - fi - - if use smartcard ; then - Kconfig_style_config SMARTCARD - else - Kconfig_style_config SMARTCARD n - fi - - if use tdls ; then - Kconfig_style_config TDLS - fi - - if use kernel_linux ; then - # Linux specific drivers - Kconfig_style_config DRIVER_ATMEL - Kconfig_style_config DRIVER_HOSTAP - Kconfig_style_config DRIVER_IPW - Kconfig_style_config DRIVER_NL80211 - Kconfig_style_config DRIVER_RALINK - Kconfig_style_config DRIVER_WEXT - Kconfig_style_config DRIVER_WIRED - - if use macsec ; then - #requires something, no idea what - #Kconfig_style_config DRIVER_MACSEC_QCA - Kconfig_style_config DRIVER_MACSEC_LINUX - Kconfig_style_config MACSEC - fi - - if use ps3 ; then - Kconfig_style_config DRIVER_PS3 - fi - - elif use kernel_FreeBSD ; then - # FreeBSD specific driver - Kconfig_style_config DRIVER_BSD - fi - - # Wi-Fi Protected Setup (WPS) - if use wps ; then - Kconfig_style_config WPS - Kconfig_style_config WPS2 - # USB Flash Drive - Kconfig_style_config WPS_UFD - # External Registrar - Kconfig_style_config WPS_ER - # Universal Plug'n'Play - Kconfig_style_config WPS_UPNP - # Near Field Communication - Kconfig_style_config WPS_NFC - else - Kconfig_style_config WPS n - fi - - # Wi-Fi Direct (WiDi) - if use p2p ; then - Kconfig_style_config P2P - Kconfig_style_config WIFI_DISPLAY - fi - - # Access Point Mode - if use ap ; then - Kconfig_style_config AP - else - Kconfig_style_config AP n - fi - - # Enable essentials for AP/P2P - if use ap || use p2p ; then - # Enabling HT support (802.11n) - Kconfig_style_config IEEE80211N - - # Enabling VHT support (802.11ac) - Kconfig_style_config IEEE80211AC - fi - - # Enable mitigation against certain attacks against TKIP - Kconfig_style_config DELAYED_MIC_ERROR_REPORT - - if use privsep ; then - Kconfig_style_config PRIVSEP - fi - - # If we are using libnl 2.0 and above, enable support for it - # Bug 382159 - # Removed for now, since the 3.2 version is broken, and we don't - # support it. - if has_version ">=dev-libs/libnl-3.2"; then - Kconfig_style_config LIBNL32 - fi - - if use qt5 ; then - pushd "${S}"/wpa_gui-qt4 > /dev/null || die - eqmake5 wpa_gui.pro - popd > /dev/null || die - fi -} - -src_compile() { - einfo "Building wpa_supplicant" - emake V=1 BINDIR=/usr/sbin - - if use wimax; then - emake -C ../src/eap_peer clean - emake -C ../src/eap_peer - fi - - if use qt5; then - einfo "Building wpa_gui" - emake -C "${S}"/wpa_gui-qt4 - fi - - if use eapol_test ; then - emake eapol_test - fi -} - -src_install() { - dosbin wpa_supplicant - use privsep && dosbin wpa_priv - dobin wpa_cli wpa_passphrase - - # baselayout-1 compat - if has_version "=sys-apps/openrc-0.5.0"; then - newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant - newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant - fi - - exeinto /etc/wpa_supplicant/ - newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh - - readme.gentoo_create_doc - dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \ - wpa_supplicant.conf - - newdoc .config build-config - - if [ "${PV}" != "9999" ]; then - doman doc/docbook/*.{5,8} - fi - - if use qt5 ; then - into /usr - dobin wpa_gui-qt4/wpa_gui - doicon wpa_gui-qt4/icons/wpa_gui.svg - make_desktop_entry wpa_gui "WPA Supplicant Administration GUI" "wpa_gui" "Qt;Network;" - else - rm "${ED}"/usr/share/man/man8/wpa_gui.8 - fi - - use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install - - if use dbus ; then - pushd "${S}"/dbus > /dev/null || die - insinto /etc/dbus-1/system.d - newins dbus-wpa_supplicant.conf wpa_supplicant.conf - insinto /usr/share/dbus-1/system-services - doins fi.w1.wpa_supplicant1.service - popd > /dev/null || die - - # This unit relies on dbus support, bug 538600. - systemd_dounit systemd/wpa_supplicant.service - fi - - if use eapol_test ; then - dobin eapol_test - fi - - systemd_dounit "systemd/wpa_supplicant@.service" - systemd_dounit "systemd/wpa_supplicant-nl80211@.service" - systemd_dounit "systemd/wpa_supplicant-wired@.service" -} - -pkg_postinst() { - readme.gentoo_print_elog - - if [[ -e "${EROOT%/}"/etc/wpa_supplicant.conf ]] ; then - echo - ewarn "WARNING: your old configuration file ${EROOT%/}/etc/wpa_supplicant.conf" - ewarn "needs to be moved to ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf" - fi - - if use bindist; then - if ! use libressl; then - ewarn "Using bindist use flag presently breaks WPA3 (specifically SAE, OWE, DPP, and FILS)." - ewarn "This is incredibly undesirable" - fi - fi - if use libressl; then - ewarn "Libressl doesn't support SUITEB (part of WPA3)" - ewarn "but it does support SUITEB192 (the upgraded strength version of the same)" - ewarn "You probably don't care. Patches welcome" - fi - - # Mea culpa, feel free to remove that after some time --mgorny. - local fn - for fn in wpa_supplicant{,@wlan0}.service; do - if [[ -e "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} ]] - then - ebegin "Moving ${fn} to multi-user.target" - mv "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} \ - "${EROOT%/}"/etc/systemd/system/multi-user.target.wants/ || die - eend ${?} \ - "Please try to re-enable ${fn}" - fi - done - - systemd_reenable wpa_supplicant.service -} diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r1.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r1.ebuild index 3ce34b1851a6..8cfb6d7ecd1e 100644 --- a/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r1.ebuild +++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r1.ebuild @@ -13,7 +13,7 @@ if [ "${PV}" = "9999" ]; then inherit git-r3 EGIT_REPO_URI="https://w1.fi/hostap.git" else - KEYWORDS="~alpha amd64 ~arm ~arm64 ~ia64 ~mips ppc ppc64 ~sparc x86" + KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~mips ppc ppc64 ~sparc x86" SRC_URI="https://w1.fi/releases/${P}.tar.gz" fi diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.9.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.9.ebuild deleted file mode 100644 index 2eb8231f0f5f..000000000000 --- a/net-wireless/wpa_supplicant/wpa_supplicant-2.9.ebuild +++ /dev/null @@ -1,458 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit eutils qmake-utils systemd toolchain-funcs readme.gentoo-r1 - -DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers" -HOMEPAGE="https://w1.fi/wpa_supplicant/" -LICENSE="|| ( GPL-2 BSD )" - -if [ "${PV}" = "9999" ]; then - inherit git-r3 - EGIT_REPO_URI="https://w1.fi/hostap.git" -else - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" - SRC_URI="https://w1.fi/releases/${P}.tar.gz" -fi - -SLOT="0" -IUSE="ap bindist dbus eap-sim eapol_test fasteap +fils +hs2-0 libressl macsec p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD" - -# CONFIG_PRIVSEP=y does not have sufficient support for the new driver -# interface functions used for MACsec, so this combination cannot be used -# at least for now. -REQUIRED_USE=" - macsec? ( !privsep ) - privsep? ( !macsec ) -" - -CDEPEND="dbus? ( sys-apps/dbus ) - kernel_linux? ( - dev-libs/libnl:3 - net-wireless/crda - eap-sim? ( sys-apps/pcsc-lite ) - ) - !kernel_linux? ( net-libs/libpcap ) - qt5? ( - dev-qt/qtcore:5 - dev-qt/qtgui:5 - dev-qt/qtsvg:5 - dev-qt/qtwidgets:5 - ) - readline? ( - sys-libs/ncurses:0= - sys-libs/readline:0= - ) - !libressl? ( >=dev-libs/openssl-1.0.2k:0=[bindist=] ) - libressl? ( dev-libs/libressl:0= ) -" -DEPEND="${CDEPEND} - virtual/pkgconfig -" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-networkmanager ) -" - -DOC_CONTENTS=" - If this is a clean installation of wpa_supplicant, you - have to create a configuration file named - ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf - An example configuration file is available for reference in - ${EROOT%/}/usr/share/doc/${PF}/ -" - -S="${WORKDIR}/${P}/${PN}" - -Kconfig_style_config() { - #param 1 is CONFIG_* item - #param 2 is what to set it = to, defaulting in y - CONFIG_PARAM="${CONFIG_HEADER:-CONFIG_}$1" - setting="${2:-y}" - - if [ ! $setting = n ]; then - #first remove any leading "# " if $2 is not n - sed -i "/^# *$CONFIG_PARAM=/s/^# *//" .config || echo "Kconfig_style_config error uncommenting $CONFIG_PARAM" - #set item = $setting (defaulting to y) - sed -i "/^$CONFIG_PARAM/s/=.*/=$setting/" .config || echo "Kconfig_style_config error setting $CONFIG_PARAM=$setting" - if [ -z "$( grep ^$CONFIG_PARAM= .config )" ] ; then - echo "$CONFIG_PARAM=$setting" >>.config - fi - else - #ensure item commented out - sed -i "/^$CONFIG_PARAM/s/$CONFIG_PARAM/# $CONFIG_PARAM/" .config || echo "Kconfig_style_config error commenting $CONFIG_PARAM" - fi -} - -src_prepare() { - default - - # net/bpf.h needed for net-libs/libpcap on Gentoo/FreeBSD - sed -i \ - -e "s:\(#include \):#include \n\1:" \ - ../src/l2_packet/l2_packet_freebsd.c || die - - # People seem to take the example configuration file too literally (bug #102361) - sed -i \ - -e "s:^\(opensc_engine_path\):#\1:" \ - -e "s:^\(pkcs11_engine_path\):#\1:" \ - -e "s:^\(pkcs11_module_path\):#\1:" \ - wpa_supplicant.conf || die - - # Change configuration to match Gentoo locations (bug #143750) - sed -i \ - -e "s:/usr/lib/opensc:/usr/$(get_libdir):" \ - -e "s:/usr/lib/pkcs11:/usr/$(get_libdir):" \ - wpa_supplicant.conf || die - - # systemd entries to D-Bus service files (bug #372877) - echo 'SystemdService=wpa_supplicant.service' \ - | tee -a dbus/*.service >/dev/null || die - - cd "${WORKDIR}/${P}" || die - - if use wimax; then - # generate-libeap-peer.patch comes before - # fix-undefined-reference-to-random_get_bytes.patch - eapply "${FILESDIR}/${P}-generate-libeap-peer.patch" - - # multilib-strict fix (bug #373685) - sed -e "s/\/usr\/lib/\/usr\/$(get_libdir)/" -i src/eap_peer/Makefile || die - fi - - # bug (320097) - eapply "${FILESDIR}/${PN}-2.6-do-not-call-dbus-functions-with-NULL-path.patch" - - # bug (640492) - sed -i 's#-Werror ##' wpa_supplicant/Makefile || die -} - -src_configure() { - # Toolchain setup - tc-export CC - - cp defconfig .config || die - - # Basic setup - Kconfig_style_config CTRL_IFACE - Kconfig_style_config MATCH_IFACE - Kconfig_style_config BACKEND file - Kconfig_style_config IBSS_RSN - Kconfig_style_config IEEE80211W - Kconfig_style_config IEEE80211R - Kconfig_style_config HT_OVERRIDES - Kconfig_style_config VHT_OVERRIDES - Kconfig_style_config OCV - Kconfig_style_config TLSV11 - Kconfig_style_config TLSV12 - Kconfig_style_config GETRANDOM - Kconfig_style_config MBO - - # Basic authentication methods - # NOTE: we don't set GPSK or SAKE as they conflict - # with the below options - Kconfig_style_config EAP_GTC - Kconfig_style_config EAP_MD5 - Kconfig_style_config EAP_OTP - Kconfig_style_config EAP_PAX - Kconfig_style_config EAP_PSK - Kconfig_style_config IEEE8021X_EAPOL - Kconfig_style_config PKCS12 - Kconfig_style_config PEERKEY - Kconfig_style_config EAP_LEAP - Kconfig_style_config EAP_MSCHAPV2 - Kconfig_style_config EAP_PEAP - Kconfig_style_config EAP_TEAP - Kconfig_style_config EAP_TLS - Kconfig_style_config EAP_TTLS - - # Enabling background scanning. - Kconfig_style_config BGSCAN_SIMPLE - Kconfig_style_config BGSCAN_LEARN - - if use dbus ; then - Kconfig_style_config CTRL_IFACE_DBUS - Kconfig_style_config CTRL_IFACE_DBUS_NEW - Kconfig_style_config CTRL_IFACE_DBUS_INTRO - else - Kconfig_style_config CTRL_IFACE_DBUS n - Kconfig_style_config CTRL_IFACE_DBUS_NEW n - Kconfig_style_config CTRL_IFACE_DBUS_INTRO n - fi - - if use eapol_test ; then - Kconfig_style_config EAPOL_TEST - fi - - # Enable support for writing debug info to a log file and syslog. - Kconfig_style_config DEBUG_FILE - Kconfig_style_config DEBUG_SYSLOG - - if use hs2-0 ; then - Kconfig_style_config INTERWORKING - Kconfig_style_config HS20 - fi - - if use uncommon-eap-types; then - Kconfig_style_config EAP_GPSK - Kconfig_style_config EAP_SAKE - Kconfig_style_config EAP_GPSK_SHA256 - Kconfig_style_config EAP_IKEV2 - Kconfig_style_config EAP_EKE - fi - - if use eap-sim ; then - # Smart card authentication - Kconfig_style_config EAP_SIM - Kconfig_style_config EAP_AKA - Kconfig_style_config EAP_AKA_PRIME - Kconfig_style_config PCSC - fi - - if use fasteap ; then - Kconfig_style_config EAP_FAST - fi - - if use readline ; then - # readline/history support for wpa_cli - Kconfig_style_config READLINE - else - #internal line edit mode for wpa_cli - Kconfig_style_config WPA_CLI_EDIT - fi - - Kconfig_style_config TLS openssl - Kconfig_style_config FST - if ! use bindist || use libressl; then - Kconfig_style_config EAP_PWD - if use fils; then - Kconfig_style_config FILS - Kconfig_style_config FILS_SK_PFS - fi - # Enabling mesh networks. - Kconfig_style_config MESH - #WPA3 - Kconfig_style_config OWE - Kconfig_style_config SAE - Kconfig_style_config DPP - Kconfig_style_config SUITEB192 - fi - if ! use bindist && ! use libressl; then - Kconfig_style_config SUITEB - fi - - if use smartcard ; then - Kconfig_style_config SMARTCARD - else - Kconfig_style_config SMARTCARD n - fi - - if use tdls ; then - Kconfig_style_config TDLS - fi - - if use kernel_linux ; then - # Linux specific drivers - Kconfig_style_config DRIVER_ATMEL - Kconfig_style_config DRIVER_HOSTAP - Kconfig_style_config DRIVER_IPW - Kconfig_style_config DRIVER_NL80211 - Kconfig_style_config DRIVER_RALINK - Kconfig_style_config DRIVER_WEXT - Kconfig_style_config DRIVER_WIRED - - if use macsec ; then - #requires something, no idea what - #Kconfig_style_config DRIVER_MACSEC_QCA - Kconfig_style_config DRIVER_MACSEC_LINUX - Kconfig_style_config MACSEC - fi - - if use ps3 ; then - Kconfig_style_config DRIVER_PS3 - fi - - elif use kernel_FreeBSD ; then - # FreeBSD specific driver - Kconfig_style_config DRIVER_BSD - fi - - # Wi-Fi Protected Setup (WPS) - if use wps ; then - Kconfig_style_config WPS - Kconfig_style_config WPS2 - # USB Flash Drive - Kconfig_style_config WPS_UFD - # External Registrar - Kconfig_style_config WPS_ER - # Universal Plug'n'Play - Kconfig_style_config WPS_UPNP - # Near Field Communication - Kconfig_style_config WPS_NFC - else - Kconfig_style_config WPS n - fi - - # Wi-Fi Direct (WiDi) - if use p2p ; then - Kconfig_style_config P2P - Kconfig_style_config WIFI_DISPLAY - fi - - # Access Point Mode - if use ap ; then - Kconfig_style_config AP - else - Kconfig_style_config AP n - fi - - # Enable essentials for AP/P2P - if use ap || use p2p ; then - # Enabling HT support (802.11n) - Kconfig_style_config IEEE80211N - - # Enabling VHT support (802.11ac) - Kconfig_style_config IEEE80211AC - fi - - # Enable mitigation against certain attacks against TKIP - Kconfig_style_config DELAYED_MIC_ERROR_REPORT - - if use privsep ; then - Kconfig_style_config PRIVSEP - fi - - # If we are using libnl 2.0 and above, enable support for it - # Bug 382159 - # Removed for now, since the 3.2 version is broken, and we don't - # support it. - if has_version ">=dev-libs/libnl-3.2"; then - Kconfig_style_config LIBNL32 - fi - - if use qt5 ; then - pushd "${S}"/wpa_gui-qt4 > /dev/null || die - eqmake5 wpa_gui.pro - popd > /dev/null || die - fi -} - -src_compile() { - einfo "Building wpa_supplicant" - emake V=1 BINDIR=/usr/sbin - - if use wimax; then - emake -C ../src/eap_peer clean - emake -C ../src/eap_peer - fi - - if use qt5; then - einfo "Building wpa_gui" - emake -C "${S}"/wpa_gui-qt4 - fi - - if use eapol_test ; then - emake eapol_test - fi -} - -src_install() { - dosbin wpa_supplicant - use privsep && dosbin wpa_priv - dobin wpa_cli wpa_passphrase - - # baselayout-1 compat - if has_version "=sys-apps/openrc-0.5.0"; then - newinitd "${FILESDIR}/${PN}-init.d" wpa_supplicant - newconfd "${FILESDIR}/${PN}-conf.d" wpa_supplicant - fi - - exeinto /etc/wpa_supplicant/ - newexe "${FILESDIR}/wpa_cli.sh" wpa_cli.sh - - readme.gentoo_create_doc - dodoc ChangeLog {eap_testing,todo}.txt README{,-WPS} \ - wpa_supplicant.conf - - newdoc .config build-config - - if [ "${PV}" != "9999" ]; then - doman doc/docbook/*.{5,8} - fi - - if use qt5 ; then - into /usr - dobin wpa_gui-qt4/wpa_gui - doicon wpa_gui-qt4/icons/wpa_gui.svg - domenu wpa_gui-qt4/wpa_gui.desktop - else - rm "${ED}"/usr/share/man/man8/wpa_gui.8 - fi - - use wimax && emake DESTDIR="${D}" -C ../src/eap_peer install - - if use dbus ; then - pushd "${S}"/dbus > /dev/null || die - insinto /etc/dbus-1/system.d - newins dbus-wpa_supplicant.conf wpa_supplicant.conf - insinto /usr/share/dbus-1/system-services - doins fi.w1.wpa_supplicant1.service - popd > /dev/null || die - - # This unit relies on dbus support, bug 538600. - systemd_dounit systemd/wpa_supplicant.service - fi - - if use eapol_test ; then - dobin eapol_test - fi - - systemd_dounit "systemd/wpa_supplicant@.service" - systemd_dounit "systemd/wpa_supplicant-nl80211@.service" - systemd_dounit "systemd/wpa_supplicant-wired@.service" -} - -pkg_postinst() { - readme.gentoo_print_elog - - if [[ -e "${EROOT%/}"/etc/wpa_supplicant.conf ]] ; then - echo - ewarn "WARNING: your old configuration file ${EROOT%/}/etc/wpa_supplicant.conf" - ewarn "needs to be moved to ${EROOT%/}/etc/wpa_supplicant/wpa_supplicant.conf" - fi - - if use bindist; then - if ! use libressl; then - ewarn "Using bindist use flag presently breaks WPA3 (specifically SAE, OWE, DPP, and FILS)." - ewarn "This is incredibly undesirable" - fi - fi - if use libressl; then - ewarn "Libressl doesn't support SUITEB (part of WPA3)" - ewarn "but it does support SUITEB192 (the upgraded strength version of the same)" - ewarn "You probably don't care. Patches welcome" - fi - - # Mea culpa, feel free to remove that after some time --mgorny. - local fn - for fn in wpa_supplicant{,@wlan0}.service; do - if [[ -e "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} ]] - then - ebegin "Moving ${fn} to multi-user.target" - mv "${EROOT%/}"/etc/systemd/system/network.target.wants/${fn} \ - "${EROOT%/}"/etc/systemd/system/multi-user.target.wants/ || die - eend ${?} \ - "Please try to re-enable ${fn}" - fi - done - - systemd_reenable wpa_supplicant.service -} -- cgit v1.2.3