Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Please unblock package wpa. This upload fixes two issues: * #924666: warning is printed using a function defined in a file sourced a few lines later, resulting in an error when a configuration file has not yet been created — or has been already deleted (e.g. when purging). * #924632: OpenSSL backend in 2.7 and later breaks engine support when linking against OpenSSL 1.1. unblock wpa/2:2.7+git20190128+0c1e29f-3 -----BEGIN PGP SIGNATURE----- iQFIBAEBCAAyFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAlyL2FsUHGFuZHJld3No QGRlYmlhbi5vcmcACgkQXkCM2RzYOdKCEAgAwoV+f4jhHeGdsc4Nu1NY+QBRrfg2 j3pnMsGQ41oX51nx+Xk2piemt+gOcsIq8imnyI2F7RvIETOZOXaWqLIZwKO4+Yzs 7+LY0B3NCRHCZxM/IJC8QJbNmuROXreL9zgwSIveUctGiNhMfCt6LJn/LRIJLC61 /3rorLlP1WK6nnzIz/6jisqENufOFZ1un7Q9ELvk0KRUgLVzYkckDCSnjms/pQPq gDomSfdrUnZWs4D6AQbgvMKVL33DtwO1cARczecVuypbpc+mwU1T/GeqVBs4H13N yzFQ7gq9pZ2/fNYrBoL0GkPAKrZGS2+jtjCk4gy0SS6ETsl2Fjn9UsYp6g== =JzmJ -----END PGP SIGNATURE-----
diff --git a/debian/changelog b/debian/changelog index 1d8177e..7530d0d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +wpa (2:2.7+git20190128+0c1e29f-3) unstable; urgency=medium + + * Print the warning and exit after sourcing /lib/lsb/init-functions + (Closes: #924666). + * Recognise multiple configs in DAEMON_CONF and verify them all. + * Fix ENGINE support with OpenSSL 1.1+ (Closes: #924632). + + -- Andrej Shadura <[email protected]> Fri, 15 Mar 2019 17:44:51 +0100 + wpa (2:2.7+git20190128+0c1e29f-2) unstable; urgency=medium * Apply an RFC patch to work around big endian keyidx. diff --git a/debian/hostapd.init b/debian/hostapd.init index 6151f22..0d2e970 100644 --- a/debian/hostapd.init +++ b/debian/hostapd.init @@ -25,21 +25,24 @@ PIDFILE=/run/hostapd.pid [ -s "$DAEMON_DEFS" ] && . /etc/default/hostapd [ -n "$DAEMON_CONF" ] || exit 0 -if [ ! -r "$DAEMON_CONF" ] -then - log_action_msg "No hostapd config found, not starting hostapd." - exit 0 -fi - DAEMON_OPTS="-B -P $PIDFILE $DAEMON_OPTS $DAEMON_CONF" . /lib/lsb/init-functions +for conf in $DAEMON_CONF +do + if [ ! -r "$conf" ] + then + log_action_msg "hostapd config $conf not found, not starting hostapd." + exit 0 + fi +done + case "$1" in start) if [ "$DAEMON_CONF" != /etc/hostapd/hostapd.conf ] then - log_warning_msg "hostapd config not in /etc/hostapd/hostapd.conf -- read /usr/share/doc/hostapd/NEWS.Debian.gz" + log_warning_msg "hostapd config not in /etc/hostapd/hostapd.conf -- please read /usr/share/doc/hostapd/NEWS.Debian.gz" fi log_daemon_msg "Starting $DESC" "$NAME" start-stop-daemon --start --oknodo --quiet --exec "$DAEMON_SBIN" \ diff --git a/debian/patches/fix-ENGINE-support-with-openssl-1.1.patch b/debian/patches/fix-ENGINE-support-with-openssl-1.1.patch new file mode 100644 index 0000000..ba671a0 --- /dev/null +++ b/debian/patches/fix-ENGINE-support-with-openssl-1.1.patch @@ -0,0 +1,36 @@ +From: David Woodhouse <[email protected]> +Date: Thu, 14 Mar 2019 at 18:25 +Subject: [PATCH v2] Fix ENGINE support with OpenSSL 1.1+ +To: Rosen Penev <[email protected]> +Cc: <[email protected]> + + +Commit 373c7969485 ("OpenSSL: Fix compile with OpenSSL 1.1.0 and +deprecated APIs") removed a call to ENGINE_load_dynamic() for newer +versions of OpenSSL, asserting that it should happen automatically. + +That appears not to be the case, and loading engines now fails because +the dynamic engine isn't present. + +Fix it by calling ENGINE_load_builtin_engines(), which works for all +versions of OpenSSL. Also remove the call to ERR_load_ENGINE_strings() +because that should have happened when SSL_load_error_strings() is +called anyway. + +Signed-off-by: David Woodhouse <[email protected]> + +diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c +index 705fa29a3..ee7ed7c9b 100644 +@@ -1034,10 +1034,7 @@ void * tls_init(const struct tls_config *conf) + + #ifndef OPENSSL_NO_ENGINE + wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L +- ERR_load_ENGINE_strings(); +- ENGINE_load_dynamic(); +-#endif /* OPENSSL_VERSION_NUMBER */ ++ ENGINE_load_builtin_engines(); + + if (conf && + (conf->opensc_engine_path || conf->pkcs11_engine_path || + diff --git a/debian/patches/series b/debian/patches/series index 089a1c5..4aee4ed 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -7,3 +7,4 @@ networkd-driver-fallback.patch wpa_supplicant_fix-dependency-odering-when-invoked-with-dbus.patch allow-tlsv1.patch PMF-Allow-Key-ID-in-BE-format.patch +fix-ENGINE-support-with-openssl-1.1.patch
