Hi!
I was trying to update security/wpa_supplicant to the latest release (2.5).
No cookie for me this time :(
First error:
cc -c -o ../src/eap_peer/eap_tls_common.o -O2 -pipe
-I/home/cvs/obj/wpa_supplicant-2.5/wpa_supplicant-2.5/src
-I/home/cvs/obj/wpa_supplicant-2.5/wpa_supplicant-2.5/src/utils
-I/usr/local/include/PCSC -DCONFIG_BACKEND_FILE -DCONFIG_PEERKEY
-DCONFIG_DRIVER_WIRED -DCONFIG_DRIVER_OPENBSD -DEAP_TLS -DEAP_PEAP -DEAP_TTLS
-DEAP_MD5 -DEAP_MSCHAPv2 -DEAP_GTC -DEAP_OTP -DEAP_SIM -DEAP_LEAP -DEAP_PSK
-DEAP_AKA -DEAP_FAST -DEAP_PAX -DEAP_SAKE -DEAP_GPSK -DEAP_IKEV2
-DIEEE8021X_EAPOL -DPCSC_FUNCS -I/usr/include/PCSC -DPKCS12_FUNCS
-DCONFIG_SMARTCARD -DEAP_TLS_OPENSSL -DCONFIG_SHA256 -DALL_DH_GROUPS
-DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX ../src/eap_peer/eap_tls_common.c
cc -c -o ../src/crypto/tls_openssl.o -O2 -pipe
-I/home/cvs/obj/wpa_supplicant-2.5/wpa_supplicant-2.5/src
-I/home/cvs/obj/wpa_supplicant-2.5/wpa_supplicant-2.5/src/utils
-I/usr/local/include/PCSC -DCONFIG_BACKEND_FILE -DCONFIG_PEERKEY
-DCONFIG_DRIVER_WIRED -DCONFIG_DRIVER_OPENBSD -DEAP_TLS -DEAP_PEAP -DEAP_TTLS
-DEAP_MD5 -DEAP_MSCHAPv2 -DEAP_GTC -DEAP_OTP -DEAP_SIM -DEAP_LEAP -DEAP_PSK
-DEAP_AKA -DEAP_FAST -DEAP_PAX -DEAP_SAKE -DEAP_GPSK -DEAP_IKEV2
-DIEEE8021X_EAPOL -DPCSC_FUNCS -I/usr/include/PCSC -DPKCS12_FUNCS
-DCONFIG_SMARTCARD -DEAP_TLS_OPENSSL -DCONFIG_SHA256 -DALL_DH_GROUPS
-DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX ../src/crypto/tls_openssl.c
../src/crypto/tls_openssl.c: In function 'tls_parse_pkcs12':
../src/crypto/tls_openssl.c:2252: error: 'SSL_BUILD_CHAIN_FLAG_CHECK'
undeclared (first use in this function)
../src/crypto/tls_openssl.c:2252: error: (Each undeclared identifier is
reported only once
../src/crypto/tls_openssl.c:2252: error: for each function it appears in.)
../src/crypto/tls_openssl.c:2253: error: 'SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR'
undeclared (first use in this function)
Makefile:1748: recipe for target '../src/crypto/tls_openssl.o' failed
gmake: *** [../src/crypto/tls_openssl.o] Error 1
Then if I cut that chunk out:
---8<---
$ cat patches/patch-src_crypto_tls_openssl_c
$OpenBSD$
--- src/crypto/tls_openssl.c.orig Mon Sep 28 09:44:11 2015
+++ src/crypto/tls_openssl.c Mon Sep 28 09:44:30 2015
@@ -2247,18 +2247,6 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL
/* Try to continue anyway */
}
sk_X509_free(certs);
-#ifndef OPENSSL_IS_BORINGSSL
- res = SSL_build_cert_chain(ssl,
- SSL_BUILD_CHAIN_FLAG_CHECK |
- SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR);
- if (!res) {
- tls_show_errors(MSG_DEBUG, __func__,
- "Failed to build certificate chain");
- } else if (res == 2) {
- wpa_printf(MSG_DEBUG,
- "TLS: Ignore certificate chain verification
error when building chain with PKCS#12 extra certificates");
- }
-#endif /* OPENSSL_IS_BORINGSSL */
/*
* Try to continue regardless of result since it is possible for
* the extra certificates not to be required.
---8<---
Another bunch of errors while linking:
cc -o wpa_supplicant config.o notify.o bss.o eap_register.o
../src/utils/common.o ../src/utils/wpa_debug.o ../src/utils/wpabuf.o wmm_ac.o
../src/utils/os_unix.o ../src/utils/eloop.o config_file.o ../src/rsn_supp/wpa.o
../src/rsn_supp/preauth.o ../src/rsn_supp/pmksa_cache.o
../src/rsn_supp/peerkey.o ../src/rsn_supp/wpa_ie.o ../src/common/wpa_common.o
../src/eap_peer/eap_tls.o ../src/eap_peer/eap_peap.o
../src/eap_common/eap_peap_common.o ../src/eap_peer/eap_ttls.o
../src/eap_peer/eap_md5.o ../src/eap_peer/eap_mschapv2.o
../src/eap_peer/mschapv2.o ../src/eap_peer/eap_gtc.o ../src/eap_peer/eap_otp.o
../src/eap_peer/eap_sim.o ../src/eap_peer/eap_leap.o ../src/eap_peer/eap_psk.o
../src/eap_common/eap_psk_common.o ../src/eap_peer/eap_aka.o
../src/eap_common/eap_sim_common.o ../src/eap_peer/eap_fast.o
../src/eap_peer/eap_fast_pac.o ../src/eap_common/eap_fast_common.o
../src/eap_peer/eap_pax.o ../src/eap_common/eap_pax_common.o
../src/eap_peer/eap_sake.o ../src/eap_common/eap_sake_!
common.o ../src/eap_peer/eap_gpsk.o ../src/eap_common/eap_gpsk_common.o
../src/eap_peer/eap_ikev2.o ../src/eap_peer/ikev2.o
../src/eap_common/eap_ikev2_common.o ../src/eap_common/ikev2_common.o
../src/eapol_supp/eapol_supp_sm.o ../src/eap_peer/eap.o
../src/eap_peer/eap_methods.o ../src/utils/pcsc_funcs.o
../src/crypto/ms_funcs.o ../src/eap_common/chap.o
../src/eap_peer/eap_tls_common.o ../src/crypto/tls_openssl.o
../src/crypto/crypto_openssl.o ../src/crypto/fips_prf_openssl.o
../src/crypto/aes-eax.o ../src/crypto/aes-ctr.o ../src/crypto/aes-encblock.o
../src/crypto/aes-omac1.o ../src/crypto/sha256-prf.o
../src/crypto/sha256-tlsprf.o ../src/crypto/dh_groups.o ../src/crypto/random.o
ctrl_iface.o ctrl_iface_unix.o ../src/utils/base64.o
../src/common/ieee802_11_common.o ../src/common/hw_features_common.o
../src/eap_common/eap_common.o ../src/crypto/sha1-prf.o
../src/crypto/sha1-tprf.o ../src/crypto/sha1-tlsprf.o
../src/drivers/driver_common.o wpa_supplicant.o events.o blac!
klist.o wpas_glue.o scan.o main.o ../src/drivers/driver_wired.o
../src/drivers/driver_openbsd.o ../src/drivers/drivers.o
../src/l2_packet/l2_packet_freebsd.o -L/usr/local/lib -lpcap -lpcsclite
-lpthread -lssl -lcrypto
../src/utils/os_unix.o: In function `os_random':
os_unix.c:(.text+0x4f1): warning: warning: random() may return deterministic
values, is that what you want?
/usr/local/lib/libpcsclite.so.1.0: warning: warning: strcpy() is almost always
misused, please use strlcpy()
/usr/local/lib/libpcsclite.so.1.0: warning: warning: rand() may return
deterministic values, is that what you want?
../src/crypto/tls_openssl.o: In function `tls_sess_sec_cb':
tls_openssl.c:(.text+0x4a1): undefined reference to `SSL_get_client_random'
tls_openssl.c:(.text+0x4b3): undefined reference to `SSL_get_server_random'
../src/crypto/tls_openssl.o: In function `tls_parse_pkcs12':
tls_openssl.c:(.text+0x75b): undefined reference to `SSL_clear_chain_certs'
tls_openssl.c:(.text+0x7ad): undefined reference to `SSL_add1_chain_cert'
../src/crypto/tls_openssl.o: In function `tls_connection_get_random':
tls_openssl.c:(.text+0x1569): undefined reference to `SSL_get_client_random'
tls_openssl.c:(.text+0x1589): undefined reference to `SSL_get_server_random'
../src/crypto/tls_openssl.o: In function `tls_connection_set_cipher_list':
tls_openssl.c:(.text+0x32d4): undefined reference to `SSL_set_security_level'
tls_openssl.c:(.text+0x332a): undefined reference to `SSL_get_security_level'
tls_openssl.c:(.text+0x333c): undefined reference to `SSL_set_security_level'
../src/crypto/tls_openssl.o: In function `openssl_tls_prf':
tls_openssl.c:(.text+0x3961): undefined reference to `SSL_get_client_random'
tls_openssl.c:(.text+0x397d): undefined reference to `SSL_get_server_random'
tls_openssl.c:(.text+0x3991): undefined reference to
`SSL_SESSION_get_master_key'
tls_openssl.c:(.text+0x3b6c): undefined reference to `SSL_CIPHER_get_cipher_nid'
tls_openssl.c:(.text+0x3b7a): undefined reference to `SSL_CIPHER_get_digest_nid'
collect2: ld returned 1 exit status
Makefile:1663: recipe for target 'wpa_supplicant' failed
gmake: *** [wpa_supplicant] Error 1
Help highly appreciated!
Cheers,
David
Here's the WIP diff:
Index: Makefile
===================================================================
RCS file: /cvs/ports/security/wpa_supplicant/Makefile,v
retrieving revision 1.29
diff -u -p -u -p -r1.29 Makefile
--- Makefile 11 Sep 2015 16:38:04 -0000 1.29
+++ Makefile 28 Sep 2015 08:25:45 -0000
@@ -2,8 +2,7 @@
COMMENT= IEEE 802.1X supplicant
-DISTNAME= wpa_supplicant-2.4
-REVISION= 3
+DISTNAME= wpa_supplicant-2.5
CATEGORIES= security net
HOMEPAGE= http://w1.fi/wpa_supplicant/
Index: distinfo
===================================================================
RCS file: /cvs/ports/security/wpa_supplicant/distinfo,v
retrieving revision 1.7
diff -u -p -u -p -r1.7 distinfo
--- distinfo 18 Mar 2015 15:35:44 -0000 1.7
+++ distinfo 28 Sep 2015 08:25:45 -0000
@@ -1,2 +1,2 @@
-SHA256 (wpa_supplicant-2.4.tar.gz) =
BY3IMsCWE5oFnm34FAgPUCUajTE8IbEzZMVKHnAQkSI=
-SIZE (wpa_supplicant-2.4.tar.gz) = 2525648
+SHA256 (wpa_supplicant-2.5.tar.gz) =
zOVbrkg7Nk6uVcNbpWfCeb5ELti6tbgKPH+w0Fe5sxY=
+SIZE (wpa_supplicant-2.5.tar.gz) = 2607336
Index: patches/patch-src_crypto_tls_openssl_c
===================================================================
RCS file: patches/patch-src_crypto_tls_openssl_c
diff -N patches/patch-src_crypto_tls_openssl_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_crypto_tls_openssl_c 28 Sep 2015 08:25:45 -0000
@@ -0,0 +1,22 @@
+$OpenBSD$
+--- src/crypto/tls_openssl.c.orig Mon Sep 28 09:44:11 2015
++++ src/crypto/tls_openssl.c Mon Sep 28 09:44:30 2015
+@@ -2247,18 +2247,6 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL
+ /* Try to continue anyway */
+ }
+ sk_X509_free(certs);
+-#ifndef OPENSSL_IS_BORINGSSL
+- res = SSL_build_cert_chain(ssl,
+- SSL_BUILD_CHAIN_FLAG_CHECK |
+- SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR);
+- if (!res) {
+- tls_show_errors(MSG_DEBUG, __func__,
+- "Failed to build certificate chain");
+- } else if (res == 2) {
+- wpa_printf(MSG_DEBUG,
+- "TLS: Ignore certificate chain verification
error when building chain with PKCS#12 extra certificates");
+- }
+-#endif /* OPENSSL_IS_BORINGSSL */
+ /*
+ * Try to continue regardless of result since it is possible for
+ * the extra certificates not to be required.
Index: patches/patch-src_drivers_driver_openbsd_c
===================================================================
RCS file:
/cvs/ports/security/wpa_supplicant/patches/patch-src_drivers_driver_openbsd_c,v
retrieving revision 1.3
diff -u -p -u -p -r1.3 patch-src_drivers_driver_openbsd_c
--- patches/patch-src_drivers_driver_openbsd_c 18 Mar 2014 05:57:22 -0000
1.3
+++ patches/patch-src_drivers_driver_openbsd_c 28 Sep 2015 08:25:45 -0000
@@ -1,14 +1,24 @@
$OpenBSD: patch-src_drivers_driver_openbsd_c,v 1.3 2014/03/18 05:57:22 dcoppa
Exp $
-missing include
+fix includes
---- src/drivers/driver_openbsd.c.orig Fri Mar 14 10:44:23 2014
-+++ src/drivers/driver_openbsd.c Fri Mar 14 10:44:46 2014
-@@ -10,6 +10,7 @@
+--- src/drivers/driver_openbsd.c.orig Sun Sep 27 21:02:05 2015
++++ src/drivers/driver_openbsd.c Mon Sep 28 09:51:53 2015
+@@ -9,13 +9,14 @@
+ #include "includes.h"
#include <sys/ioctl.h>
++#include "common.h"
++#include "driver.h"
++
#include <net/if.h>
+#include <net/if_var.h>
#include <net80211/ieee80211.h>
#include <net80211/ieee80211_crypto.h>
#include <net80211/ieee80211_ioctl.h>
+-
+-#include "common.h"
+-#include "driver.h"
+
+ struct openbsd_driver_data {
+ char ifname[IFNAMSIZ + 1];
Index: patches/patch-src_utils_eloop_c
===================================================================
RCS file: /cvs/ports/security/wpa_supplicant/patches/patch-src_utils_eloop_c,v
retrieving revision 1.4
diff -u -p -u -p -r1.4 patch-src_utils_eloop_c
--- patches/patch-src_utils_eloop_c 18 Mar 2015 15:35:44 -0000 1.4
+++ patches/patch-src_utils_eloop_c 28 Sep 2015 08:25:45 -0000
@@ -2,9 +2,9 @@ $OpenBSD: patch-src_utils_eloop_c,v 1.4
don't try to access list members to free them unless already initialised
---- src/utils/eloop.c.orig Sun Mar 15 12:30:39 2015
-+++ src/utils/eloop.c Wed Mar 18 04:20:32 2015
-@@ -1035,6 +1035,9 @@ void eloop_destroy(void)
+--- src/utils/eloop.c.orig Sun Sep 27 21:02:05 2015
++++ src/utils/eloop.c Mon Sep 28 09:35:05 2015
+@@ -1064,6 +1064,9 @@ void eloop_destroy(void)
struct eloop_timeout *timeout, *prev;
struct os_reltime now;
Index: patches/patch-wpa_supplicant_Makefile
===================================================================
RCS file:
/cvs/ports/security/wpa_supplicant/patches/patch-wpa_supplicant_Makefile,v
retrieving revision 1.7
diff -u -p -u -p -r1.7 patch-wpa_supplicant_Makefile
--- patches/patch-wpa_supplicant_Makefile 19 Jul 2015 21:44:07 -0000
1.7
+++ patches/patch-wpa_supplicant_Makefile 28 Sep 2015 08:25:45 -0000
@@ -1,17 +1,20 @@
$OpenBSD: patch-wpa_supplicant_Makefile,v 1.7 2015/07/19 21:44:07 jasper Exp $
---- wpa_supplicant/Makefile.orig Sun Mar 15 12:30:39 2015
-+++ wpa_supplicant/Makefile Wed Mar 18 04:20:32 2015
-@@ -121,13 +121,6 @@ CONFIG_ELOOP=eloop
- endif
+--- wpa_supplicant/Makefile.orig Mon Sep 28 09:36:07 2015
++++ wpa_supplicant/Makefile Mon Sep 28 09:36:36 2015
+@@ -131,16 +131,6 @@ endif
OBJS += ../src/utils/$(CONFIG_ELOOP).o
OBJS_c += ../src/utils/$(CONFIG_ELOOP).o
--
+
+-ifndef CONFIG_OSX
-ifeq ($(CONFIG_ELOOP), eloop)
-# Using glibc < 2.17 requires -lrt for clock_gettime()
+-# OS X has an alternate implementation
-LIBS += -lrt
-LIBS_c += -lrt
-LIBS_p += -lrt
-endif
-
+-endif
+-
ifdef CONFIG_ELOOP_POLL
CFLAGS += -DCONFIG_ELOOP_POLL
+ endif
Index: patches/patch-wpa_supplicant_main_c
===================================================================
RCS file:
/cvs/ports/security/wpa_supplicant/patches/patch-wpa_supplicant_main_c,v
retrieving revision 1.1
diff -u -p -u -p -r1.1 patch-wpa_supplicant_main_c
--- patches/patch-wpa_supplicant_main_c 8 Sep 2014 08:28:23 -0000 1.1
+++ patches/patch-wpa_supplicant_main_c 28 Sep 2015 08:25:45 -0000
@@ -2,9 +2,9 @@ $OpenBSD: patch-wpa_supplicant_main_c,v
Remove Linuxisms from usage()
---- wpa_supplicant/main.c.orig Wed Jun 4 15:26:14 2014
-+++ wpa_supplicant/main.c Mon Sep 8 09:45:48 2014
-@@ -67,7 +67,7 @@ static void usage(void)
+--- wpa_supplicant/main.c.orig Sun Sep 27 21:02:05 2015
++++ wpa_supplicant/main.c Mon Sep 28 09:35:05 2015
+@@ -68,7 +68,7 @@ static void usage(void)
" -i = interface name\n"
" -I = additional configuration file\n"
" -d = increase debugging verbosity (-dd even more)\n"
@@ -13,7 +13,7 @@ Remove Linuxisms from usage()
" -e = entropy file\n");
#ifdef CONFIG_DEBUG_FILE
printf(" -f = log output to debug file instead of stdout\n");
-@@ -101,8 +101,7 @@ static void usage(void)
+@@ -102,8 +102,7 @@ static void usage(void)
" -N = start describing new interface\n");
printf("example:\n"
