From patchwork Sat May 4 16:26:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marius Bakke X-Patchwork-Id: 13892 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 7A8BB16F99; Sat, 4 May 2019 17:27:10 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id 7D55716F96 for ; Sat, 4 May 2019 17:27:08 +0100 (BST) Received: from localhost ([127.0.0.1]:58668 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hMxVC-0002kP-PB for patchwork@mira.cbaines.net; Sat, 04 May 2019 12:27:06 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45592) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hMxVA-0002jq-CM for guix-patches@gnu.org; Sat, 04 May 2019 12:27:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hMxV9-0007kY-4h for guix-patches@gnu.org; Sat, 04 May 2019 12:27:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:38527) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hMxV9-0007kF-1D for guix-patches@gnu.org; Sat, 04 May 2019 12:27:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hMxV8-0001lv-Ly for guix-patches@gnu.org; Sat, 04 May 2019 12:27:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#35563] WPA Supplicant 2.8 Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 04 May 2019 16:27:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 35563 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 35563@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.15569872166796 (code B ref -1); Sat, 04 May 2019 16:27:02 +0000 Received: (at submit) by debbugs.gnu.org; 4 May 2019 16:26:56 +0000 Received: from localhost ([127.0.0.1]:52070 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hMxV2-0001lX-0a for submit@debbugs.gnu.org; Sat, 04 May 2019 12:26:56 -0400 Received: from eggs.gnu.org ([209.51.188.92]:59396) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hMxUz-0001lJ-Sq for submit@debbugs.gnu.org; Sat, 04 May 2019 12:26:54 -0400 Received: from lists.gnu.org ([209.51.188.17]:42376) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hMxUu-0007dS-Lz for submit@debbugs.gnu.org; Sat, 04 May 2019 12:26:48 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45543) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hMxUt-0002cQ-7Z for guix-patches@gnu.org; Sat, 04 May 2019 12:26:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hMxUr-0007ce-Vi for guix-patches@gnu.org; Sat, 04 May 2019 12:26:47 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:59439) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hMxUr-0007cO-MU for guix-patches@gnu.org; Sat, 04 May 2019 12:26:45 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 41C4D2C421 for ; Sat, 4 May 2019 12:26:45 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Sat, 04 May 2019 12:26:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:subject:date:message-id:mime-version:content-type; s= fm2; bh=Cjv2CFLE/UwoL4SrdYjPHwCJCM/Eo1UQ13Mdjn+objE=; b=uZFZGlEQ MfpQHbs4BXguHChH6yzHItrYo8BjuiFG1pMQjfDDgTBCOnQ1jVLiXenNJ8JFTDlb ovoBS6uObwHaIrB0O+mNA9KkvAiisb+j/f7QJKjAUNwbFrGVFTORLpG/ezcNdXEP NkGQadsP6e+MVP13xJh0UUjrSdqaXk7rzFS+0/C+90GG2RHdro7dJ/7U+0tG9j22 n03ctSW8Frhk+DTwf1h3PlWyHZUdKSKbgHWUnYzYXkFTcNcWVAGG+vB/2nKPJhz7 MUWdYx+A2y5f1bC1bT5oUrLikgEnWtQsneWlsLvmfRzvlyG5OFvSZ5sbIZSHLGTi y8Og2CVw6g8S2A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=Cjv2CFLE/UwoL4SrdYjPHwCJCM/Eo 1UQ13Mdjn+objE=; b=7JBTjdr3xnz+jhDWK08t6CdbnXC6+uu4V89lMH2sGblXA SWPqrB6kdMJTIrDb2FHKPNuyLHGHmAOwxXOC1vlJ9o14bhwlDNWME8RfE7QaIlGh d/7ygO15+fHGlUb7LHx/Vq5aGbIAqqNQPpzFKX/jsBrxPm3voStntfllVwL6oQqM 7a3OuVaLMtqMQE1WZMEopJkyW7gYwvx14hezw3BnfsFVuKrL9mCrIRB5F3FK0uE9 ZOJA0ig/HdXef6+u8dPYLFtHCRxMeuruLugS1u7ykXAW6veEe1EAjoOX6pfURzUn od3J5tWy+SIc+d4NvhjfdXziCmnXg1bIMBoBHDcqA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrjeefgddutdduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufgffkfggtgesghdtreertd ertdenucfhrhhomhepofgrrhhiuhhsuceurghkkhgvuceomhgsrghkkhgvsehfrghsthhm rghilhdrtghomheqnecukfhppeeivddrudeirddvvdeirddugedtnecurfgrrhgrmhepmh grihhlfhhrohhmpehmsggrkhhkvgesfhgrshhtmhgrihhlrdgtohhmnecuvehluhhsthgv rhfuihiivgeptd X-ME-Proxy: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id 8EEB5103CB for ; Sat, 4 May 2019 12:26:44 -0400 (EDT) From: Marius Bakke User-Agent: Notmuch/0.28.3 (https://notmuchmail.org) Emacs/26.2 (x86_64-pc-linux-gnu) Date: Sat, 04 May 2019 18:26:42 +0200 Message-ID: <87sgtudw3h.fsf@fastmail.com> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches Hello! Attached is a security update for WPA Supplicant. The new version toggles a lot of build-time options to more closely resemble what Debian and Arch do. Unfortunately the new defaults appears to require OpenSSL instead of GnuTLS. Thoughts? From 194bb2914a0724587f04dd03cb4dd40465887248 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 30 Apr 2019 00:05:36 +0200 Subject: [PATCH] gnu: wpa_supplicant: Update to 2.8 [security fixes]. This release fixes CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, and CVE-2019-11555. * gnu/packages/admin.scm (wpa-supplicant-minimal): Update to 2.8. [source](snippet): New field. Disable D-Bus. [arguments]: Remove now-default CONFIG_DEBUG_SYSLOG=y. Change CONFIG_TLS to use OpenSSL rather than GnuTLS. [inputs]: Remove GNUTLS and LIBGCRYPT. Add OPENSSL-NEXT. (wpa-supplicant)[arguments]: Remove obsolete CONFIG_CTRL_IFACE_DBUS=y. --- gnu/packages/admin.scm | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 275ce8bb2f..e0fc1c54c9 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -1198,16 +1198,23 @@ commands and their arguments.") (define-public wpa-supplicant-minimal (package (name "wpa-supplicant-minimal") - (version "2.7") + (version "2.8") (source (origin (method url-fetch) (uri (string-append "https://w1.fi/releases/wpa_supplicant-" - version - ".tar.gz")) + version ".tar.gz")) (sha256 (base32 - "0x1hqyahq44jyla8jl6791nnwrgicrhidadikrnqxsm2nw36pskn")))) + "15ixzm347n8w6gdvi3j3yks3i15qmp6by9ayvswm34d929m372d6")) + (modules '((guix build utils))) + (snippet + '(begin + (substitute* "wpa_supplicant/defconfig" + ;; Disable D-Bus by default. + (("^CONFIG_CTRL_IFACE_DBUS_" line _) + (string-append "#" line))) + #t)))) (build-system gnu-build-system) (arguments '(#:phases @@ -1218,10 +1225,7 @@ commands and their arguments.") (copy-file "defconfig" ".config") (let ((port (open-file ".config" "al"))) (display " - CONFIG_DEBUG_SYSLOG=y - - # Choose GnuTLS (the default is OpenSSL.) - CONFIG_TLS=gnutls + CONFIG_TLS=openssl CONFIG_DRIVER_NL80211=y CFLAGS += $(shell pkg-config libnl-3.0 --cflags) @@ -1255,8 +1259,7 @@ commands and their arguments.") (inputs `(("readline" ,readline) ("libnl" ,libnl) - ("gnutls" ,gnutls) - ("libgcrypt" ,libgcrypt))) ;needed by crypto_gnutls.c + ("openssl" ,openssl-next))) (native-inputs `(("pkg-config" ,pkg-config))) (home-page "https://w1.fi/wpa_supplicant/") @@ -1289,7 +1292,6 @@ command.") (lambda _ (let ((port (open-file ".config" "al"))) (display " - CONFIG_CTRL_IFACE_DBUS=y CONFIG_CTRL_IFACE_DBUS_NEW=y CONFIG_CTRL_IFACE_DBUS_INTRO=y\n" port) (close-port port)) -- 2.21.0