diff options
| author |   Michael Mair-Keimberger <m.mairkeimberger@gmail.com> | 2019-11-28 18:19:13 +0100 |
|---|---|---|
| committer |   Aaron Bauman <bman@gentoo.org> | 2019-11-29 17:07:38 -0500 |
| commit | 2b82a229fbd08184cfd3595e7c39b5f0c79a740d (patch) | |
| tree | f678d87bdaaf673d8a290a7b8c5054e2f0dc6c37 /net-wireless | |
| parent | media-sound/lilypond: arm64 stable (bug #701380) (diff) | |
| download | gentoo-2b82a229fbd08184cfd3595e7c39b5f0c79a740d.tar.gz gentoo-2b82a229fbd08184cfd3595e7c39b5f0c79a740d.tar.bz2 gentoo-2b82a229fbd08184cfd3595e7c39b5f0c79a740d.zip | |
net-wireless/wpa_supplicant: remove unused patches
Signed-off-by: Michael Mair-Keimberger <m.mairkeimberger@gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/13784
Signed-off-by: Aaron Bauman <bman@gentoo.org>
Diffstat (limited to 'net-wireless')
5 files changed, 0 insertions, 282 deletions
diff --git a/net-wireless/wpa_supplicant/files/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch b/net-wireless/wpa_supplicant/files/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch deleted file mode 100644 index a62b52c6b9a8..000000000000 --- a/net-wireless/wpa_supplicant/files/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 3e34cfdff6b192fe337c6fb3f487f73e96582961 Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> -Date: Sun, 15 Jul 2018 01:25:53 +0200 -Subject: [PATCH] WPA: Ignore unauthenticated encrypted EAPOL-Key data - -Ignore unauthenticated encrypted EAPOL-Key data in supplicant -processing. When using WPA2, these are frames that have the Encrypted -flag set, but not the MIC flag. - -When using WPA2, EAPOL-Key frames that had the Encrypted flag set but -not the MIC flag, had their data field decrypted without first verifying -the MIC. In case the data field was encrypted using RC4 (i.e., when -negotiating TKIP as the pairwise cipher), this meant that -unauthenticated but decrypted data would then be processed. An adversary -could abuse this as a decryption oracle to recover sensitive information -in the data field of EAPOL-Key messages (e.g., the group key). -(CVE-2018-14526) - -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> ---- - src/rsn_supp/wpa.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff -upr wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c wpa_supplicant-2.6/src/rsn_supp/wpa.c ---- wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c 2016-10-02 21:51:11.000000000 +0300 -+++ wpa_supplicant-2.6/src/rsn_supp/wpa.c 2018-08-08 16:55:11.506831029 +0300 -@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, c - - if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) && - (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { -+ /* -+ * Only decrypt the Key Data field if the frame's authenticity -+ * was verified. When using AES-SIV (FILS), the MIC flag is not -+ * set, so this check should only be performed if mic_len != 0 -+ * which is the case in this code branch. -+ */ -+ if (!(key_info & WPA_KEY_INFO_MIC)) { -+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -+ "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data"); -+ goto out; -+ } - if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data, - &key_data_len)) - goto out; diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl-compatibility.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl-compatibility.patch deleted file mode 100644 index 025da58028da..000000000000 --- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-libressl-compatibility.patch +++ /dev/null @@ -1,106 +0,0 @@ -diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c -index 19e0e2be8..6585c0245 100644 ---- a/src/crypto/crypto_openssl.c -+++ b/src/crypto/crypto_openssl.c -@@ -33,7 +33,9 @@ - #include "aes_wrap.h" - #include "crypto.h" - --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - /* Compatibility wrappers for older versions. */ - - static HMAC_CTX * HMAC_CTX_new(void) -@@ -79,7 +81,9 @@ static void EVP_MD_CTX_free(EVP_MD_CTX *ctx) - - static BIGNUM * get_group5_prime(void) - { --#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \ -+ !(defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - return BN_get_rfc3526_prime_1536(NULL); - #elif !defined(OPENSSL_IS_BORINGSSL) - return get_rfc3526_prime_1536(NULL); -@@ -611,7 +615,9 @@ void crypto_cipher_deinit(struct crypto_cipher *ctx) - - void * dh5_init(struct wpabuf **priv, struct wpabuf **publ) - { --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - DH *dh; - struct wpabuf *pubkey = NULL, *privkey = NULL; - size_t publen, privlen; -@@ -712,7 +718,9 @@ err: - - void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ) - { --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - DH *dh; - - dh = DH_new(); -diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c -index 23ac64b48..91acc579d 100644 ---- a/src/crypto/tls_openssl.c -+++ b/src/crypto/tls_openssl.c -@@ -59,7 +59,8 @@ typedef int stack_index_t; - #endif /* SSL_set_tlsext_status_type */ - - #if (OPENSSL_VERSION_NUMBER < 0x10100000L || \ -- defined(LIBRESSL_VERSION_NUMBER)) && \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L)) && \ - !defined(BORINGSSL_API_VERSION) - /* - * SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL -@@ -919,7 +920,9 @@ void * tls_init(const struct tls_config *conf) - } - #endif /* OPENSSL_FIPS */ - #endif /* CONFIG_FIPS */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - SSL_load_error_strings(); - SSL_library_init(); - #ifndef OPENSSL_NO_SHA256 -@@ -1043,7 +1046,9 @@ void tls_deinit(void *ssl_ctx) - - tls_openssl_ref_count--; - if (tls_openssl_ref_count == 0) { --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - #ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); - #endif /* OPENSSL_NO_ENGINE */ -@@ -3105,7 +3110,9 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn, - #ifdef OPENSSL_NEED_EAP_FAST_PRF - static int openssl_get_keyblock_size(SSL *ssl) - { --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - const EVP_CIPHER *c; - const EVP_MD *h; - int md_size; -@@ -4159,7 +4166,9 @@ static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len, - struct tls_connection *conn = arg; - int ret; - --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - if (conn == NULL || conn->session_ticket_cb == NULL) - return 0; - diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch deleted file mode 100644 index 1e2335f34c06..000000000000 --- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch +++ /dev/null @@ -1,48 +0,0 @@ -From f665c93e1d28fbab3d9127a8c3985cc32940824f Mon Sep 17 00:00:00 2001 -From: Beniamino Galvani <bgalvani@redhat.com> -Date: Sun, 9 Jul 2017 11:14:10 +0200 -Subject: OpenSSL: Fix private key password handling with OpenSSL >= 1.1.0f - -Since OpenSSL version 1.1.0f, SSL_use_PrivateKey_file() uses the -callback from the SSL object instead of the one from the CTX, so let's -set the callback on both SSL and CTX. Note that -SSL_set_default_passwd_cb*() is available only in 1.1.0. - -Signed-off-by: Beniamino Galvani <bgalvani@redhat.com> ---- - src/crypto/tls_openssl.c | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c -index fd94eaf..c790b53 100644 ---- a/src/crypto/tls_openssl.c -+++ b/src/crypto/tls_openssl.c -@@ -2796,6 +2796,15 @@ static int tls_connection_private_key(struct tls_data *data, - } else - passwd = NULL; - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -+ /* -+ * In OpenSSL >= 1.1.0f SSL_use_PrivateKey_file() uses the callback -+ * from the SSL object. See OpenSSL commit d61461a75253. -+ */ -+ SSL_set_default_passwd_cb(conn->ssl, tls_passwd_cb); -+ SSL_set_default_passwd_cb_userdata(conn->ssl, passwd); -+#endif /* >= 1.1.0f && !LibreSSL */ -+ /* Keep these for OpenSSL < 1.1.0f */ - SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); - SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); - -@@ -2886,6 +2895,9 @@ static int tls_connection_private_key(struct tls_data *data, - return -1; - } - ERR_clear_error(); -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -+ SSL_set_default_passwd_cb(conn->ssl, NULL); -+#endif /* >= 1.1.0f && !LibreSSL */ - SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); - os_free(passwd); - --- -cgit v0.12 - diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-fix-undefined-remove-ie.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-fix-undefined-remove-ie.patch deleted file mode 100644 index 97a8cc7f3e12..000000000000 --- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-fix-undefined-remove-ie.patch +++ /dev/null @@ -1,38 +0,0 @@ -From f2973fa39d6109f0f34969e91551a98dc340d537 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Mon, 3 Dec 2018 12:00:26 +0200 -Subject: FT: Fix CONFIG_IEEE80211X=y build without CONFIG_FILS=y - -remove_ie() was defined within an ifdef CONFIG_FILS block while it is -now needed even without CONFIG_FILS=y. Remove the CONFIG_FILS condition -there. - -Fixes 8c41734e5de1 ("FT: Fix Reassociation Request IEs during FT protocol") -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - wpa_supplicant/sme.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c -index 39c8069..f77f751 100644 ---- a/wpa_supplicant/sme.c -+++ b/wpa_supplicant/sme.c -@@ -1386,7 +1386,6 @@ void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data) - } - - --#ifdef CONFIG_FILS - #ifdef CONFIG_IEEE80211R - static void remove_ie(u8 *buf, size_t *len, u8 eid) - { -@@ -1401,7 +1400,6 @@ static void remove_ie(u8 *buf, size_t *len, u8 eid) - } - } - #endif /* CONFIG_IEEE80211R */ --#endif /* CONFIG_FILS */ - - - void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode, --- -cgit v0.12 - diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch deleted file mode 100644 index 45a1cf3701f9..000000000000 --- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.7-libressl.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 2643a056bb7d0737f63f42a11c308b2804d9ebe5 Mon Sep 17 00:00:00 2001 -From: Andrey Utkin <andrey_utkin@gentoo.org> -Date: Tue, 11 Dec 2018 17:41:10 +0000 -Subject: [PATCH] Fix build with LibreSSL - -When using LibreSSL instead of OpenSSL, linkage of hostapd executable -fails with the following error when using some LibreSSL versions - - ../src/crypto/tls_openssl.o: In function `tls_verify_cb': - tls_openssl.c:(.text+0x1273): undefined reference to `ASN1_STRING_get0_data' - ../src/crypto/tls_openssl.o: In function `tls_connection_peer_serial_num': - tls_openssl.c:(.text+0x3023): undefined reference to `ASN1_STRING_get0_data' - collect2: error: ld returned 1 exit status - make: *** [Makefile:1278: hostapd] Error 1 - -ASN1_STRING_get0_data is present in recent OpenSSL, but absent in some -versions of LibreSSL (confirmed for version 2.6.5), so fallback needs to -be defined in this case, just like for old OpenSSL. - -This patch was inspired by similar patches to other projects, such as -spice-gtk, pjsip. - -Link: https://bugs.gentoo.org/672834 -Signed-off-by: Andrey Utkin <andrey_utkin@gentoo.org> ---- - src/crypto/tls_openssl.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c -index 608818310..cb70e2c47 100644 ---- a/src/crypto/tls_openssl.c -+++ b/src/crypto/tls_openssl.c -@@ -104,7 +104,9 @@ static size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, - - #endif - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - #ifdef CONFIG_SUITEB - static int RSA_bits(const RSA *r) - { --- -2.20.1 - |