From 62225251a5862ca982dd2f1d567dc23f77219ddc Mon Sep 17 00:00:00 2001 From: Juan RP Date: Fri, 6 Jun 2014 14:02:08 +0200 Subject: [PATCH] wpa_supplicant: update to 2.2. --- ...5b5450101676a0c05691b4bcd94e11426397.patch | 68 ------------------- srcpkgs/wpa_supplicant/template | 10 +-- 2 files changed, 6 insertions(+), 72 deletions(-) delete mode 100644 srcpkgs/wpa_supplicant/patches/b62d5b5450101676a0c05691b4bcd94e11426397.patch diff --git a/srcpkgs/wpa_supplicant/patches/b62d5b5450101676a0c05691b4bcd94e11426397.patch b/srcpkgs/wpa_supplicant/patches/b62d5b5450101676a0c05691b4bcd94e11426397.patch deleted file mode 100644 index 1fef0ead970..00000000000 --- a/srcpkgs/wpa_supplicant/patches/b62d5b5450101676a0c05691b4bcd94e11426397.patch +++ /dev/null @@ -1,68 +0,0 @@ -From b62d5b5450101676a0c05691b4bcd94e11426397 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen -Date: Wed, 19 Feb 2014 09:56:02 +0000 -Subject: Revert "OpenSSL: Do not accept SSL Client certificate for server" - -This reverts commit 51e3eafb68e15e78e98ca955704be8a6c3a7b304. There are -too many deployed AAA servers that include both id-kp-clientAuth and -id-kp-serverAuth EKUs for this change to be acceptable as a generic rule -for AAA authentication server validation. OpenSSL enforces the policy of -not connecting if only id-kp-clientAuth is included. If a valid EKU is -listed with it, the connection needs to be accepted. - -Signed-off-by: Jouni Malinen ---- -diff --git a/src/crypto/tls.h b/src/crypto/tls.h -index 287fd33..feba13f 100644 ---- src/crypto/tls.h -+++ src/crypto/tls.h -@@ -41,8 +41,7 @@ enum tls_fail_reason { - TLS_FAIL_ALTSUBJECT_MISMATCH = 6, - TLS_FAIL_BAD_CERTIFICATE = 7, - TLS_FAIL_SERVER_CHAIN_PROBE = 8, -- TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9, -- TLS_FAIL_SERVER_USED_CLIENT_CERT = 10 -+ TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9 - }; - - union tls_event_data { -diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c -index a13fa38..8cf1de8 100644 ---- src/crypto/tls_openssl.c -+++ src/crypto/tls_openssl.c -@@ -105,7 +105,6 @@ struct tls_connection { - unsigned int ca_cert_verify:1; - unsigned int cert_probe:1; - unsigned int server_cert_only:1; -- unsigned int server:1; - - u8 srv_cert_hash[32]; - -@@ -1480,16 +1479,6 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) - TLS_FAIL_SERVER_CHAIN_PROBE); - } - -- if (!conn->server && err_cert && preverify_ok && depth == 0 && -- (err_cert->ex_flags & EXFLAG_XKUSAGE) && -- (err_cert->ex_xkusage & XKU_SSL_CLIENT)) { -- wpa_printf(MSG_WARNING, "TLS: Server used client certificate"); -- openssl_tls_fail_event(conn, err_cert, err, depth, buf, -- "Server used client certificate", -- TLS_FAIL_SERVER_USED_CLIENT_CERT); -- preverify_ok = 0; -- } -- - if (preverify_ok && context->event_cb != NULL) - context->event_cb(context->cb_ctx, - TLS_CERT_CHAIN_SUCCESS, NULL); -@@ -2541,8 +2530,6 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data, - int res; - struct wpabuf *out_data; - -- conn->server = !!server; -- - /* - * Give TLS handshake data from the server (if available) to OpenSSL - * for processing. --- -cgit v0.9.2 diff --git a/srcpkgs/wpa_supplicant/template b/srcpkgs/wpa_supplicant/template index 8f2a4f08a64..b3fee69499e 100644 --- a/srcpkgs/wpa_supplicant/template +++ b/srcpkgs/wpa_supplicant/template @@ -1,14 +1,14 @@ # Template file for 'wpa_supplicant' pkgname=wpa_supplicant -version=2.1 -revision=5 +version=2.2 +revision=1 build_wrksrc=$pkgname short_desc="WPA/WPA2/IEEE 802.1X Supplicant" maintainer="Juan RP " -license="GPL-2" +license="BSD" homepage="http://hostap.epitest.fi" distfiles="$homepage/releases/$pkgname-$version.tar.gz" -checksum=91632e7e3b49a340ce408e2f978a93546a697383abf2e5a60f146faae9e1b277 +checksum=e0d8b8fd68a659636eaba246bb2caacbf53d22d53b2b6b90eb4b4fef0993c8ed hostmakedepends="pkg-config" makedepends="libnl3-devel openssl-devel dbus-devel readline-devel>=6.3" @@ -51,4 +51,6 @@ do_install() { ${DESTDIR}/usr/lib/systemd/system/wpa_supplicant@.service # Make wpa_supplicant@.service also work for wext (nl80211 is the default). sed -e 's|-i%I|& -Dnl80211,wext|' -i ${DESTDIR}/usr/lib/systemd/system/wpa_supplicant@.service + + vinstall README 644 usr/share/licenses/$pkgname LICENSE }