[gentoo-commits] repo/gentoo:master commit in: net-wireless/wpa_supplicant/

Sun, 21 Nov 2021 04:31:24 -0800 

commit:     86f2873941b8049bfd376569e7871c74782257f4
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 21 12:25:43 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Nov 21 12:30:25 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=86f28739

net-wireless/wpa_supplicant: make crda optional

Since the bug was originally filed, the situation
has changed and upstream now _discourage_ CRDA usage.

Let's make it optional to avoid pulling in m2crypto
on smaller devices.

Keeping it on by default (for now?) to avoid
breaking existing setups.

Closes: https://bugs.gentoo.org/462032
Thanks-to: Michael Weiser <michael <AT> weiser.dinsnail.net>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 ...nt-9999.ebuild => wpa_supplicant-2.9-r6.ebuild} | 41 ++++++++++++++++++++--
 .../wpa_supplicant/wpa_supplicant-9999.ebuild      | 32 +++++++++++++++--
 2 files changed, 67 insertions(+), 6 deletions(-)

diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild 
b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r6.ebuild
similarity index 87%
copy from net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
copy to net-wireless/wpa_supplicant/wpa_supplicant-2.9-r6.ebuild
index 97cde554f0db..d2ef0b6caa03 100644
--- a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r6.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=7
 
-inherit desktop qmake-utils readme.gentoo-r1 systemd toolchain-funcs
+inherit desktop linux-info qmake-utils readme.gentoo-r1 systemd toolchain-funcs
 
 DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers"
 HOMEPAGE="https://w1.fi/wpa_supplicant/";
@@ -13,12 +13,13 @@ if [ "${PV}" = "9999" ]; then
        inherit git-r3
        EGIT_REPO_URI="https://w1.fi/hostap.git";
 else
-       KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+       KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~riscv 
~sparc ~x86"
        SRC_URI="https://w1.fi/releases/${P}.tar.gz";
+       SRC_URI+=" 
https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${PN}-2.9-r3-patches.tar.bz2";
 fi
 
 SLOT="0"
-IUSE="ap bindist broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 
macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls 
uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
+IUSE="ap bindist +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils 
+hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls 
uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
 
 # CONFIG_PRIVSEP=y does not have sufficient support for the new driver
 # interface functions used for MACsec, so this combination cannot be used
@@ -51,6 +52,10 @@ DEPEND="
 "
 RDEPEND="${DEPEND}
        selinux? ( sec-policy/selinux-networkmanager )
+       kernel_linux? (
+               net-wireless/wireless-regdb
+               crda? ( net-wireless/crda )
+       )
 "
 BDEPEND="virtual/pkgconfig"
 
@@ -84,6 +89,28 @@ Kconfig_style_config() {
                fi
 }
 
+pkg_pretend() {
+       CONFIG_CHECK=""
+
+       if use crda ; then
+               CONFIG_CHECK="${CONFIG_CHECK} ~CFG80211_CRDA_SUPPORT"
+               WARNING_CFG80211_CRDA_SUPPORT="REGULATORY DOMAIN PROBLEM: 
please enable CFG80211_CRDA_SUPPORT for proper regulatory domain support"
+       fi
+
+       check_extra_config
+
+       if ! use crda ; then
+               if linux_config_exists && linux_chkconfig_builtin CFG80211 &&
+                       [[ $(linux_chkconfig_string EXTRA_FIRMWARE) != 
*regulatory.db* ]]
+               then
+                       ewarn "REGULATORY DOMAIN PROBLEM:"
+                       ewarn "With CONFIG_CFG80211=y (built-in), the driver 
won't be able to load regulatory.db from"
+                       ewarn " /lib/firmware, resulting in broken regulatory 
domain support.  Please set CONFIG_CFG80211=m"
+                       ewarn " or add regulatory.db and regulatory.db.p7s to 
CONFIG_EXTRA_FIRMWARE."
+               fi
+       fi
+}
+
 src_prepare() {
        default
 
@@ -125,6 +152,14 @@ src_prepare() {
 
        # bug (640492)
        sed -i 's#-Werror ##' wpa_supplicant/Makefile || die
+
+       ## Security patches
+       # CVE-2019-16275 (bug #696030)
+       eapply 
"${FILESDIR}/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch"
+       # 2020-2, 2021-1 security advisories (bug #768759)
+       eapply 
"${WORKDIR}"/wpa_supplicant-2.9-r3-patches/security-{2020-2,2021-1}/*.patch
+       # CVE-2021-30004 (bug #780138)
+       eapply 
"${WORKDIR}"/wpa_supplicant-2.9-r3-patches/misc/CVE-2021-30004.patch
 }
 
 src_configure() {

diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild 
b/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
index 97cde554f0db..92aa484c96d9 100644
--- a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=7
 
-inherit desktop qmake-utils readme.gentoo-r1 systemd toolchain-funcs
+inherit desktop linux-info qmake-utils readme.gentoo-r1 systemd toolchain-funcs
 
 DESCRIPTION="IEEE 802.1X/WPA supplicant for secure wireless transfers"
 HOMEPAGE="https://w1.fi/wpa_supplicant/";
@@ -13,12 +13,12 @@ if [ "${PV}" = "9999" ]; then
        inherit git-r3
        EGIT_REPO_URI="https://w1.fi/hostap.git";
 else
-       KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+       KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~riscv 
~sparc ~x86"
        SRC_URI="https://w1.fi/releases/${P}.tar.gz";
 fi
 
 SLOT="0"
-IUSE="ap bindist broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 
macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls 
uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
+IUSE="ap bindist +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils 
+hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls 
uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
 
 # CONFIG_PRIVSEP=y does not have sufficient support for the new driver
 # interface functions used for MACsec, so this combination cannot be used
@@ -51,6 +51,10 @@ DEPEND="
 "
 RDEPEND="${DEPEND}
        selinux? ( sec-policy/selinux-networkmanager )
+       kernel_linux? (
+               net-wireless/wireless-regdb
+               crda? ( net-wireless/crda )
+       )
 "
 BDEPEND="virtual/pkgconfig"
 
@@ -84,6 +88,28 @@ Kconfig_style_config() {
                fi
 }
 
+pkg_pretend() {
+       CONFIG_CHECK=""
+
+       if use crda ; then
+               CONFIG_CHECK="${CONFIG_CHECK} ~CFG80211_CRDA_SUPPORT"
+               WARNING_CFG80211_CRDA_SUPPORT="REGULATORY DOMAIN PROBLEM: 
please enable CFG80211_CRDA_SUPPORT for proper regulatory domain support"
+       fi
+
+       check_extra_config
+
+       if ! use crda ; then
+               if linux_config_exists && linux_chkconfig_builtin CFG80211 &&
+                       [[ $(linux_chkconfig_string EXTRA_FIRMWARE) != 
*regulatory.db* ]]
+               then
+                       ewarn "REGULATORY DOMAIN PROBLEM:"
+                       ewarn "With CONFIG_CFG80211=y (built-in), the driver 
won't be able to load regulatory.db from"
+                       ewarn " /lib/firmware, resulting in broken regulatory 
domain support.  Please set CONFIG_CFG80211=m"
+                       ewarn " or add regulatory.db and regulatory.db.p7s to 
CONFIG_EXTRA_FIRMWARE."
+               fi
+       fi
+}
+
 src_prepare() {
        default

Reply via email to