wpa_supplicant: update to 2.2.

2014-06-06 14:02:08 +02:00 · 2014-06-06 14:02:08 +02:00 · 62225251a5
parent 69e1408967
commit 62225251a5
2 changed files with 6 additions and 72 deletions
--- a/srcpkgs/wpa_supplicant/patches/b62d5b5450101676a0c05691b4bcd94e11426397.patch
+++ b/srcpkgs/wpa_supplicant/patches/b62d5b5450101676a0c05691b4bcd94e11426397.patch
@ -1,68 +0,0 @@
-From b62d5b5450101676a0c05691b4bcd94e11426397 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Wed, 19 Feb 2014 09:56:02 +0000
-Subject: Revert "OpenSSL: Do not accept SSL Client certificate for server"
-
-This reverts commit 51e3eafb68e15e78e98ca955704be8a6c3a7b304. There are
-too many deployed AAA servers that include both id-kp-clientAuth and
-id-kp-serverAuth EKUs for this change to be acceptable as a generic rule
-for AAA authentication server validation. OpenSSL enforces the policy of
-not connecting if only id-kp-clientAuth is included. If a valid EKU is
-listed with it, the connection needs to be accepted.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
---
-diff --git a/src/crypto/tls.h b/src/crypto/tls.h
-index 287fd33..feba13f 100644
--- src/crypto/tls.h
-+++ src/crypto/tls.h
-@@ -41,8 +41,7 @@ enum tls_fail_reason {
- 	TLS_FAIL_ALTSUBJECT_MISMATCH = 6,
- 	TLS_FAIL_BAD_CERTIFICATE = 7,
- 	TLS_FAIL_SERVER_CHAIN_PROBE = 8,
-	TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9,
-	TLS_FAIL_SERVER_USED_CLIENT_CERT = 10
-+	TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9
- };
- 
- union tls_event_data {
-diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
-index a13fa38..8cf1de8 100644
--- src/crypto/tls_openssl.c
-+++ src/crypto/tls_openssl.c
-@@ -105,7 +105,6 @@ struct tls_connection {
- 	unsigned int ca_cert_verify:1;
- 	unsigned int cert_probe:1;
- 	unsigned int server_cert_only:1;
-	unsigned int server:1;
- 
- 	u8 srv_cert_hash[32];
- 
-@@ -1480,16 +1479,6 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
- 				       TLS_FAIL_SERVER_CHAIN_PROBE);
- 	}
- 
-	if (!conn->server && err_cert && preverify_ok && depth == 0 &&
-	    (err_cert->ex_flags & EXFLAG_XKUSAGE) &&
-	    (err_cert->ex_xkusage & XKU_SSL_CLIENT)) {
-		wpa_printf(MSG_WARNING, "TLS: Server used client certificate");
-		openssl_tls_fail_event(conn, err_cert, err, depth, buf,
-				       "Server used client certificate",
-				       TLS_FAIL_SERVER_USED_CLIENT_CERT);
-		preverify_ok = 0;
-	}
-
- 	if (preverify_ok && context->event_cb != NULL)
- 		context->event_cb(context->cb_ctx,
- 				  TLS_CERT_CHAIN_SUCCESS, NULL);
-@@ -2541,8 +2530,6 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
- 	int res;
- 	struct wpabuf *out_data;
- 
-	conn->server = !!server;
-
- 	/*
- 	 * Give TLS handshake data from the server (if available) to OpenSSL
- 	 * for processing.
--
-cgit v0.9.2
--- a/srcpkgs/wpa_supplicant/template
+++ b/srcpkgs/wpa_supplicant/template
@ -1,14 +1,14 @@
 # Template file for 'wpa_supplicant'
 pkgname=wpa_supplicant
-version=2.1
-revision=5
+version=2.2
+revision=1
 build_wrksrc=$pkgname
 short_desc="WPA/WPA2/IEEE 802.1X Supplicant"
 maintainer="Juan RP <xtraeme@gmail.com>"
-license="GPL-2"
+license="BSD"
 homepage="http://hostap.epitest.fi"
 distfiles="$homepage/releases/$pkgname-$version.tar.gz"
-checksum=91632e7e3b49a340ce408e2f978a93546a697383abf2e5a60f146faae9e1b277
+checksum=e0d8b8fd68a659636eaba246bb2caacbf53d22d53b2b6b90eb4b4fef0993c8ed

 hostmakedepends="pkg-config"
 makedepends="libnl3-devel openssl-devel dbus-devel readline-devel>=6.3"
@ -51,4 +51,6 @@ do_install() {
 		${DESTDIR}/usr/lib/systemd/system/wpa_supplicant@.service
 	# Make wpa_supplicant@.service also work for wext (nl80211 is the default).
 	sed -e 's|-i%I|& -Dnl80211,wext|' -i ${DESTDIR}/usr/lib/systemd/system/wpa_supplicant@.service
+
+	vinstall README 644 usr/share/licenses/$pkgname LICENSE
 }