Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-wireless
diff options
context:
space:
mode:
authorMichael Mair-Keimberger <m.mairkeimberger@gmail.com>2019-11-28 18:19:13 +0100
committerAaron Bauman <bman@gentoo.org>2019-11-29 17:07:38 -0500
commit2b82a229fbd08184cfd3595e7c39b5f0c79a740d (patch)
treef678d87bdaaf673d8a290a7b8c5054e2f0dc6c37 /net-wireless
parentmedia-sound/lilypond: arm64 stable (bug #701380) (diff)
downloadgentoo-2b82a229fbd08184cfd3595e7c39b5f0c79a740d.tar.gz
gentoo-2b82a229fbd08184cfd3595e7c39b5f0c79a740d.tar.bz2
gentoo-2b82a229fbd08184cfd3595e7c39b5f0c79a740d.zip
net-wireless/wpa_supplicant: remove unused patches
Signed-off-by: Michael Mair-Keimberger <m.mairkeimberger@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/13784 Signed-off-by: Aaron Bauman <bman@gentoo.org>
Diffstat (limited to 'net-wireless')
-rw-r--r--net-wireless/wpa_supplicant/files/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch44
-rw-r--r--net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl-compatibility.patch106
-rw-r--r--net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch48
-rw-r--r--net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-fix-undefined-remove-ie.patch38
-rw-r--r--net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch46
5 files changed, 0 insertions, 282 deletions
diff --git a/net-wireless/wpa_supplicant/files/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch b/net-wireless/wpa_supplicant/files/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
deleted file mode 100644
index a62b52c6b9a8..000000000000
--- a/net-wireless/wpa_supplicant/files/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 3e34cfdff6b192fe337c6fb3f487f73e96582961 Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Sun, 15 Jul 2018 01:25:53 +0200
-Subject: [PATCH] WPA: Ignore unauthenticated encrypted EAPOL-Key data
-
-Ignore unauthenticated encrypted EAPOL-Key data in supplicant
-processing. When using WPA2, these are frames that have the Encrypted
-flag set, but not the MIC flag.
-
-When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
-not the MIC flag, had their data field decrypted without first verifying
-the MIC. In case the data field was encrypted using RC4 (i.e., when
-negotiating TKIP as the pairwise cipher), this meant that
-unauthenticated but decrypted data would then be processed. An adversary
-could abuse this as a decryption oracle to recover sensitive information
-in the data field of EAPOL-Key messages (e.g., the group key).
-(CVE-2018-14526)
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/rsn_supp/wpa.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff -upr wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c wpa_supplicant-2.6/src/rsn_supp/wpa.c
---- wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c 2016-10-02 21:51:11.000000000 +0300
-+++ wpa_supplicant-2.6/src/rsn_supp/wpa.c 2018-08-08 16:55:11.506831029 +0300
-@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, c
-
- if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
- (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
-+ /*
-+ * Only decrypt the Key Data field if the frame's authenticity
-+ * was verified. When using AES-SIV (FILS), the MIC flag is not
-+ * set, so this check should only be performed if mic_len != 0
-+ * which is the case in this code branch.
-+ */
-+ if (!(key_info & WPA_KEY_INFO_MIC)) {
-+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
-+ goto out;
-+ }
- if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
- &key_data_len))
- goto out;
diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl-compatibility.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl-compatibility.patch
deleted file mode 100644
index 025da58028da..000000000000
--- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl-compatibility.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
-index 19e0e2be8..6585c0245 100644
---- a/src/crypto/crypto_openssl.c
-+++ b/src/crypto/crypto_openssl.c
-@@ -33,7 +33,9 @@
- #include "aes_wrap.h"
- #include "crypto.h"
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-+ (defined(LIBRESSL_VERSION_NUMBER) && \
-+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
- /* Compatibility wrappers for older versions. */
-
- static HMAC_CTX * HMAC_CTX_new(void)
-@@ -79,7 +81,9 @@ static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
-
- static BIGNUM * get_group5_prime(void)
- {
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-+ !(defined(LIBRESSL_VERSION_NUMBER) && \
-+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
- return BN_get_rfc3526_prime_1536(NULL);
- #elif !defined(OPENSSL_IS_BORINGSSL)
- return get_rfc3526_prime_1536(NULL);
-@@ -611,7 +615,9 @@ void crypto_cipher_deinit(struct crypto_cipher *ctx)
-
- void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
- {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-+ (defined(LIBRESSL_VERSION_NUMBER) && \
-+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
- DH *dh;
- struct wpabuf *pubkey = NULL, *privkey = NULL;
- size_t publen, privlen;
-@@ -712,7 +718,9 @@ err:
-
- void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ)
- {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-+ (defined(LIBRESSL_VERSION_NUMBER) && \
-+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
- DH *dh;
-
- dh = DH_new();
-diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
-index 23ac64b48..91acc579d 100644
---- a/src/crypto/tls_openssl.c
-+++ b/src/crypto/tls_openssl.c
-@@ -59,7 +59,8 @@ typedef int stack_index_t;
- #endif /* SSL_set_tlsext_status_type */
-
- #if (OPENSSL_VERSION_NUMBER < 0x10100000L || \
-- defined(LIBRESSL_VERSION_NUMBER)) && \
-+ (defined(LIBRESSL_VERSION_NUMBER) && \
-+ LIBRESSL_VERSION_NUMBER < 0x20700000L)) && \
- !defined(BORINGSSL_API_VERSION)
- /*
- * SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL
-@@ -919,7 +920,9 @@ void * tls_init(const struct tls_config *conf)
- }
- #endif /* OPENSSL_FIPS */
- #endif /* CONFIG_FIPS */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-+ (defined(LIBRESSL_VERSION_NUMBER) && \
-+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
- SSL_load_error_strings();
- SSL_library_init();
- #ifndef OPENSSL_NO_SHA256
-@@ -1043,7 +1046,9 @@ void tls_deinit(void *ssl_ctx)
-
- tls_openssl_ref_count--;
- if (tls_openssl_ref_count == 0) {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-+ (defined(LIBRESSL_VERSION_NUMBER) && \
-+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
- #ifndef OPENSSL_NO_ENGINE
- ENGINE_cleanup();
- #endif /* OPENSSL_NO_ENGINE */
-@@ -3105,7 +3110,9 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
- #ifdef OPENSSL_NEED_EAP_FAST_PRF
- static int openssl_get_keyblock_size(SSL *ssl)
- {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-+ (defined(LIBRESSL_VERSION_NUMBER) && \
-+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
- const EVP_CIPHER *c;
- const EVP_MD *h;
- int md_size;
-@@ -4159,7 +4166,9 @@ static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
- struct tls_connection *conn = arg;
- int ret;
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-+ (defined(LIBRESSL_VERSION_NUMBER) && \
-+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
- if (conn == NULL || conn->session_ticket_cb == NULL)
- return 0;
-
diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch
deleted file mode 100644
index 1e2335f34c06..000000000000
--- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From f665c93e1d28fbab3d9127a8c3985cc32940824f Mon Sep 17 00:00:00 2001
-From: Beniamino Galvani <bgalvani@redhat.com>
-Date: Sun, 9 Jul 2017 11:14:10 +0200
-Subject: OpenSSL: Fix private key password handling with OpenSSL >= 1.1.0f
-
-Since OpenSSL version 1.1.0f, SSL_use_PrivateKey_file() uses the
-callback from the SSL object instead of the one from the CTX, so let's
-set the callback on both SSL and CTX. Note that
-SSL_set_default_passwd_cb*() is available only in 1.1.0.
-
-Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
----
- src/crypto/tls_openssl.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
-index fd94eaf..c790b53 100644
---- a/src/crypto/tls_openssl.c
-+++ b/src/crypto/tls_openssl.c
-@@ -2796,6 +2796,15 @@ static int tls_connection_private_key(struct tls_data *data,
- } else
- passwd = NULL;
-
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+ /*
-+ * In OpenSSL >= 1.1.0f SSL_use_PrivateKey_file() uses the callback
-+ * from the SSL object. See OpenSSL commit d61461a75253.
-+ */
-+ SSL_set_default_passwd_cb(conn->ssl, tls_passwd_cb);
-+ SSL_set_default_passwd_cb_userdata(conn->ssl, passwd);
-+#endif /* >= 1.1.0f && !LibreSSL */
-+ /* Keep these for OpenSSL < 1.1.0f */
- SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
- SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
-
-@@ -2886,6 +2895,9 @@ static int tls_connection_private_key(struct tls_data *data,
- return -1;
- }
- ERR_clear_error();
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+ SSL_set_default_passwd_cb(conn->ssl, NULL);
-+#endif /* >= 1.1.0f && !LibreSSL */
- SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
- os_free(passwd);
-
---
-cgit v0.12
-
diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-fix-undefined-remove-ie.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-fix-undefined-remove-ie.patch
deleted file mode 100644
index 97a8cc7f3e12..000000000000
--- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-fix-undefined-remove-ie.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From f2973fa39d6109f0f34969e91551a98dc340d537 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Mon, 3 Dec 2018 12:00:26 +0200
-Subject: FT: Fix CONFIG_IEEE80211X=y build without CONFIG_FILS=y
-
-remove_ie() was defined within an ifdef CONFIG_FILS block while it is
-now needed even without CONFIG_FILS=y. Remove the CONFIG_FILS condition
-there.
-
-Fixes 8c41734e5de1 ("FT: Fix Reassociation Request IEs during FT protocol")
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- wpa_supplicant/sme.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
-index 39c8069..f77f751 100644
---- a/wpa_supplicant/sme.c
-+++ b/wpa_supplicant/sme.c
-@@ -1386,7 +1386,6 @@ void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
- }
-
-
--#ifdef CONFIG_FILS
- #ifdef CONFIG_IEEE80211R
- static void remove_ie(u8 *buf, size_t *len, u8 eid)
- {
-@@ -1401,7 +1400,6 @@ static void remove_ie(u8 *buf, size_t *len, u8 eid)
- }
- }
- #endif /* CONFIG_IEEE80211R */
--#endif /* CONFIG_FILS */
-
-
- void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode,
---
-cgit v0.12
-
diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch
deleted file mode 100644
index 45a1cf3701f9..000000000000
--- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 2643a056bb7d0737f63f42a11c308b2804d9ebe5 Mon Sep 17 00:00:00 2001
-From: Andrey Utkin <andrey_utkin@gentoo.org>
-Date: Tue, 11 Dec 2018 17:41:10 +0000
-Subject: [PATCH] Fix build with LibreSSL
-
-When using LibreSSL instead of OpenSSL, linkage of hostapd executable
-fails with the following error when using some LibreSSL versions
-
- ../src/crypto/tls_openssl.o: In function `tls_verify_cb':
- tls_openssl.c:(.text+0x1273): undefined reference to `ASN1_STRING_get0_data'
- ../src/crypto/tls_openssl.o: In function `tls_connection_peer_serial_num':
- tls_openssl.c:(.text+0x3023): undefined reference to `ASN1_STRING_get0_data'
- collect2: error: ld returned 1 exit status
- make: *** [Makefile:1278: hostapd] Error 1
-
-ASN1_STRING_get0_data is present in recent OpenSSL, but absent in some
-versions of LibreSSL (confirmed for version 2.6.5), so fallback needs to
-be defined in this case, just like for old OpenSSL.
-
-This patch was inspired by similar patches to other projects, such as
-spice-gtk, pjsip.
-
-Link: https://bugs.gentoo.org/672834
-Signed-off-by: Andrey Utkin <andrey_utkin@gentoo.org>
----
- src/crypto/tls_openssl.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
-index 608818310..cb70e2c47 100644
---- a/src/crypto/tls_openssl.c
-+++ b/src/crypto/tls_openssl.c
-@@ -104,7 +104,9 @@ static size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
-
- #endif
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-+ (defined(LIBRESSL_VERSION_NUMBER) && \
-+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
- #ifdef CONFIG_SUITEB
- static int RSA_bits(const RSA *r)
- {
---
-2.20.1
-