[packages/wpa_supplicant] - updated to 2.2 - removed obsolete client-cert patch

Sun, 15 Jun 2014 05:10:27 -0700 

commit 7691c99ad76778fff738ef9e9298dfac25280c40
Author: Jakub Bogusz <[email protected]>
Date:   Sun Jun 15 14:13:20 2014 +0200

    - updated to 2.2
    - removed obsolete client-cert patch

 wpa_supplicant-client-cert.patch | 67 ----------------------------------------
 wpa_supplicant.spec              |  8 ++---
 2 files changed, 3 insertions(+), 72 deletions(-)
---
diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec
index 530d635..cc044b5 100644
--- a/wpa_supplicant.spec
+++ b/wpa_supplicant.spec
@@ -15,12 +15,12 @@
 Summary:       Linux WPA/WPA2/RSN/IEEE 802.1X supplicant
 Summary(pl.UTF-8):     Suplikant WPA/WPA2/RSN/IEEE 802.1X dla Linuksa
 Name:          wpa_supplicant
-Version:       2.1
-Release:       3
+Version:       2.2
+Release:       1
 License:       GPL v2
 Group:         Networking
 Source0:       http://hostap.epitest.fi/releases/%{name}-%{version}.tar.gz
-# Source0-md5: e96b8db5a8171cd17a5b2012d6ad7cc7
+# Source0-md5: 238e8e888bbd558e1a57e3eb28d1dd07
 Source1:       %{name}.config
 Source2:       %{name}-wpa_gui.desktop
 Source3:       %{name}.tmpfiles
@@ -31,7 +31,6 @@ Patch2:               %{name}-lrelease.patch
 # http://www.linuxwimax.org/Download
 Patch3:                %{name}-0.7.2-generate-libeap-peer.patch
 Patch4:                dbus-services.patch
-Patch5:                %{name}-client-cert.patch
 URL:           http://hostap.epitest.fi/wpa_supplicant/
 %{?with_dbus:BuildRequires:    dbus-devel}
 BuildRequires: libnl-devel >= 1:3.2
@@ -137,7 +136,6 @@ Pliki programistyczne dla biblioteki eap.
 %patch2 -p0
 %patch3 -p1
 %patch4 -p1
-%patch5 -p1
 
 %{__sed} -i -e 's,@LIB@,%{_lib},' src/eap_peer/libeap0.pc
 
diff --git a/wpa_supplicant-client-cert.patch b/wpa_supplicant-client-cert.patch
deleted file mode 100644
index 7e207fa..0000000
--- a/wpa_supplicant-client-cert.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-commit b62d5b5450101676a0c05691b4bcd94e11426397
-Author: Jouni Malinen <[email protected]>
-Date:   Wed Feb 19 11:56:02 2014 +0200
-
-    Revert "OpenSSL: Do not accept SSL Client certificate for server"
-    
-    This reverts commit 51e3eafb68e15e78e98ca955704be8a6c3a7b304. There are
-    too many deployed AAA servers that include both id-kp-clientAuth and
-    id-kp-serverAuth EKUs for this change to be acceptable as a generic rule
-    for AAA authentication server validation. OpenSSL enforces the policy of
-    not connecting if only id-kp-clientAuth is included. If a valid EKU is
-    listed with it, the connection needs to be accepted.
-    
-    Signed-off-by: Jouni Malinen <[email protected]>
-
-diff --git a/src/crypto/tls.h b/src/crypto/tls.h
-index 287fd33..feba13f 100644
---- a/src/crypto/tls.h
-+++ b/src/crypto/tls.h
-@@ -41,8 +41,7 @@ enum tls_fail_reason {
-       TLS_FAIL_ALTSUBJECT_MISMATCH = 6,
-       TLS_FAIL_BAD_CERTIFICATE = 7,
-       TLS_FAIL_SERVER_CHAIN_PROBE = 8,
--      TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9,
--      TLS_FAIL_SERVER_USED_CLIENT_CERT = 10
-+      TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9
- };
- 
- union tls_event_data {
-diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
-index a13fa38..8cf1de8 100644
---- a/src/crypto/tls_openssl.c
-+++ b/src/crypto/tls_openssl.c
-@@ -105,7 +105,6 @@ struct tls_connection {
-       unsigned int ca_cert_verify:1;
-       unsigned int cert_probe:1;
-       unsigned int server_cert_only:1;
--      unsigned int server:1;
- 
-       u8 srv_cert_hash[32];
- 
-@@ -1480,16 +1479,6 @@ static int tls_verify_cb(int preverify_ok, 
X509_STORE_CTX *x509_ctx)
-                                      TLS_FAIL_SERVER_CHAIN_PROBE);
-       }
- 
--      if (!conn->server && err_cert && preverify_ok && depth == 0 &&
--          (err_cert->ex_flags & EXFLAG_XKUSAGE) &&
--          (err_cert->ex_xkusage & XKU_SSL_CLIENT)) {
--              wpa_printf(MSG_WARNING, "TLS: Server used client certificate");
--              openssl_tls_fail_event(conn, err_cert, err, depth, buf,
--                                     "Server used client certificate",
--                                     TLS_FAIL_SERVER_USED_CLIENT_CERT);
--              preverify_ok = 0;
--      }
--
-       if (preverify_ok && context->event_cb != NULL)
-               context->event_cb(context->cb_ctx,
-                                 TLS_CERT_CHAIN_SUCCESS, NULL);
-@@ -2541,8 +2530,6 @@ openssl_handshake(struct tls_connection *conn, const 
struct wpabuf *in_data,
-       int res;
-       struct wpabuf *out_data;
- 
--      conn->server = !!server;
--
-       /*
-        * Give TLS handshake data from the server (if available) to OpenSSL
-        * for processing.
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/wpa_supplicant.git/commitdiff/7691c99ad76778fff738ef9e9298dfac25280c40

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

Reply via email to