Bug#828601: wpa: FTBFS with openssl 1.1.0

2016-12-20 Thread Sebastian Andrzej Siewior 
On 2016-11-13 14:45:30 [+0100], Julian Wollrath wrote:
> I cannot do it myself but since the openssl transistion is ongoing now,
> maybe the wpa version from experimental, which fixes this bug, should
> be uploaded to unstable?

Andrew, any chance that this upload hits unstable? It won't work like
that for the release :)

> Cheers,
> Julian

Sebastian

Bug#828601: wpa: FTBFS with openssl 1.1.0

2016-11-13 Thread Julian Wollrath 
Hi,

I cannot do it myself but since the openssl transistion is ongoing now,
maybe the wpa version from experimental, which fixes this bug, should
be uploaded to unstable?

Cheers,
Julian
-- 
 ()  ascii ribbon campaign - against html e-mail 
 /\- against proprietary attachments

Bug#828601: [pkg-wpa-devel] Bug#828601: wpa: FTBFS with openssl 1.1.0

2016-10-20 Thread Julian Wollrath 
Hi,

for being able to build wpa 2.6, all that is needed is to refresh the
patches (as I did with the attached patch).

Cheers,
Juliandiff --git a/debian/patches/01_use_pkg-config_for_pcsc-lite_module.patch b/debian/patches/01_use_pkg-config_for_pcsc-lite_module.patch
index 2958bab9d820..8fc85080d50a 100644
--- a/debian/patches/01_use_pkg-config_for_pcsc-lite_module.patch
+++ b/debian/patches/01_use_pkg-config_for_pcsc-lite_module.patch
@@ -1,16 +1,13 @@
-Description: Use pkg-config for libpcsclite linkage flags
- At least in debian, we can rely on pkg-config being available and
- returning more accurate ldflags.
-Author: Reinhard Tartler 

+diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
+index f3e86c1de6c0..ba3fe350675a 100644
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -933,7 +933,7 @@ ifdef CONFIG_NATIVE_WINDOWS
- #dynamic symbol loading that is now used in pcsc_funcs.c
- #LIBS += -lwinscard
+@@ -934,7 +934,7 @@ else
+ ifdef CONFIG_OSX
+ LIBS += -framework PCSC
  else
 -LIBS += -lpcsclite -lpthread
 +LIBS += $(shell pkg-config --libs libpcsclite)
  endif
  endif
- 
+ endif
diff --git a/debian/patches/07_dbus_service_syslog.patch b/debian/patches/07_dbus_service_syslog.patch
index c02acf8057a4..639ec3a70165 100644
--- a/debian/patches/07_dbus_service_syslog.patch
+++ b/debian/patches/07_dbus_service_syslog.patch
@@ -1,9 +1,5 @@
-Description: Tweak D-Bus/systemd service activation configuration files:
- * log wpa_supplicant messages to syslog
- * activate control socket interface so that wpa_cli can be used by D-Bus
-   activated wpa_supplicant daemon
-Author: Kel Modderman 

+diff --git a/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in b/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in
+index a75918f9380b..714ef9ea556f 100644
 --- a/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in
 +++ b/wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in
 @@ -1,5 +1,5 @@
@@ -13,6 +9,8 @@ Author: Kel Modderman 
 +Exec=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant
  User=root
  SystemdService=wpa_supplicant.service
+diff --git a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
+index d97ff392175d..3b0af67afde0 100644
 --- a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
 +++ b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
 @@ -1,5 +1,5 @@
@@ -22,12 +20,14 @@ Author: Kel Modderman 
 +Exec=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant
  User=root
  SystemdService=wpa_supplicant.service
+diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.in b/wpa_supplicant/systemd/wpa_supplicant.service.in
+index bc5d49af8655..29c949bb32d2 100644
 --- a/wpa_supplicant/systemd/wpa_supplicant.service.in
 +++ b/wpa_supplicant/systemd/wpa_supplicant.service.in
-@@ -6,7 +6,7 @@
+@@ -6,7 +6,7 @@ Wants=network.target
  [Service]
  Type=dbus
- BusName=fi.epitest.hostap.WPASupplicant
+ BusName=@DBUS_INTERFACE@
 -ExecStart=@BINDIR@/wpa_supplicant -u
 +ExecStart=@BINDIR@/wpa_supplicant -u -s -O /run/wpa_supplicant
  
diff --git a/debian/patches/2015-6/backported-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch b/debian/patches/2015-6/backported-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch
deleted file mode 100644
index d36c589b7ac8..
--- a/debian/patches/2015-6/backported-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 6b12d93d2c7428a34bfd4b3813ba339ed57b698a Mon Sep 17 00:00:00 2001
-From: Jouni Malinen 
-Date: Sun, 25 Oct 2015 15:45:50 +0200
-Subject: [PATCH] WNM: Ignore Key Data in WNM Sleep Mode Response frame if no
- PMF in use
-
-WNM Sleep Mode Response frame is used to update GTK/IGTK only if PMF is
-enabled. Verify that PMF is in use before using this field on station
-side to avoid accepting unauthenticated key updates. (CVE-2015-5310)
-
-Signed-off-by: Jouni Malinen 

- wpa_supplicant/wnm_sta.c | 6 ++
- 1 file changed, 6 insertions(+)
-
 a/wpa_supplicant/wnm_sta.c
-+++ b/wpa_supplicant/wnm_sta.c
-@@ -187,6 +187,12 @@
- 	end = ptr + key_len_total;
- 	wpa_hexdump_key(MSG_DEBUG, "WNM: Key Data", ptr, key_len_total);
- 
-+	if (key_len_total && !wpa_sm_pmf_enabled(wpa_s->wpa)) {
-+		wpa_msg(wpa_s, MSG_INFO,
-+			"WNM: Ignore Key Data in WNM-Sleep Mode Response - PMF not enabled");
-+		return;
-+	}
-+
- 	while (ptr + 1 < end) {
- 		if (ptr + 2 + ptr[1] > end) {
- 			wpa_printf(MSG_DEBUG, "WNM: Invalid Key Data element "
diff --git a/debian/patches/2015-7/0001-EAP-pwd-peer-Fix-last-fragment-length-validation.patch b/debian/patches/2015-7/0001-EAP-pwd-peer-Fix-last-fragment-length-validation.patch
deleted file mode 100644
index d2c5af8a06a3..
--- a/debian/patches/2015-7/0001-EAP-pwd-peer-Fix-last-fragment-length-validation.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 8057821706784608b828e769ccefbced95591e50 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen 
-

Bug#828601: [pkg-wpa-devel] Bug#828601: wpa: FTBFS with openssl 1.1.0

2016-10-15 Thread Andrew Shadura 
Hi,

On 14 October 2016 at 23:36, Sebastian Andrzej Siewior
 wrote:
> On 2016-09-01 23:54:23 [+0200], Sebastian Andrzej Siewior wrote:
>> The latest build failed against 2.5-2+v2.4-2. I see that 2.5-3 is
>> prepared for experimental. Upstream's git seems to build against openssl
>> 1.1.0 (didn't test but the commits make it look like).
>
> 2.6 has been released almost two weeks ago and according to the
> changelog it builds against openssl 1.1.0

Cool, thanks, I'll have a look at it tomorrow.

-- 
Cheers,
  Andrew

Bug#828601: wpa: FTBFS with openssl 1.1.0

2016-10-14 Thread Sebastian Andrzej Siewior 
On 2016-09-01 23:54:23 [+0200], Sebastian Andrzej Siewior wrote:
> The latest build failed against 2.5-2+v2.4-2. I see that 2.5-3 is
> prepared for experimental. Upstream's git seems to build against openssl
> 1.1.0 (didn't test but the commits make it look like).

2.6 has been released almost two weeks ago and according to the
changelog it builds against openssl 1.1.0

> > Kurt

Sebastian

Bug#828601: wpa: FTBFS with openssl 1.1.0

2016-09-01 Thread Sebastian Andrzej Siewior 
On 2016-06-26 12:24:46 [+0200], Kurt Roeckx wrote:
> OpenSSL 1.1.0 is about to released.  During a rebuild of all packages using
> OpenSSL this package fail to build.  A log of that build can be found at:
> https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/wpa_2.3-2.3_amd64-20160529-1552

The latest build failed against 2.5-2+v2.4-2. I see that 2.5-3 is
prepared for experimental. Upstream's git seems to build against openssl
1.1.0 (didn't test but the commits make it look like).
How do you suggest to proceed? Cherry-pick the multiple commits or just
git-diff hostap_2_5.. for the openssl-related files? Or do you plan to
do something yourself?

> Kurt

Sebastian

Bug#828601: wpa: FTBFS with openssl 1.1.0

2016-06-26 Thread Kurt Roeckx 
Source: wpa
Version: 2.3-2.3
Severity: important
Control: block 827061 by -1

Hi,

OpenSSL 1.1.0 is about to released.  During a rebuild of all packages using
OpenSSL this package fail to build.  A log of that build can be found at:
https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/wpa_2.3-2.3_amd64-20160529-1552

On https://wiki.openssl.org/index.php/1.1_API_Changes you can see various of the
reasons why it might fail.  There are also updated man pages at
https://www.openssl.org/docs/manmaster/ that should contain useful information.

There is a libssl-dev package available in experimental that contains a recent
snapshot, I suggest you try building against that to see if everything works.

If you have problems making things work, feel free to contact us.


Kurt