From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([209.51.188.92]:59256) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hO1ut-0002Mn-Ot for guix-patches@gnu.org; Tue, 07 May 2019 11:22:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hO1us-0005y1-Px for guix-patches@gnu.org; Tue, 07 May 2019 11:22:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:45801) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hO1us-0005xn-MD for guix-patches@gnu.org; Tue, 07 May 2019 11:22:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hO1us-0004I8-Fl for guix-patches@gnu.org; Tue, 07 May 2019 11:22:02 -0400 Subject: [bug#35563] WPA Supplicant 2.8 Resent-Message-ID: From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <87sgtudw3h.fsf@fastmail.com> <874l68ngu5.fsf@gnu.org> <87ftpren3h.fsf@fastmail.com> Date: Tue, 07 May 2019 17:21:06 +0200 In-Reply-To: <87ftpren3h.fsf@fastmail.com> (Marius Bakke's message of "Mon, 06 May 2019 15:20:18 +0200") Message-ID: <877eb25lzx.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Marius Bakke Cc: 35563@debbugs.gnu.org Hi, Marius Bakke skribis: > Ludovic Court=C3=A8s writes: > >> Hello Marius, >> >> Marius Bakke skribis: >> >>> Attached is a security update for WPA Supplicant. >>> >>> The new version toggles a lot of build-time options to more closely >>> resemble what Debian and Arch do. Unfortunately the new defaults >>> appears to require OpenSSL instead of GnuTLS. >> >> What happens when you keep CONFIG_TLS=3Dgnutls? > > The linker fails to find a lot of OpenSSL interfaces. Short excerpt: > > ld: ../src/common/dpp.o: in function `dpp_set_pubkey_point': > /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supplican= t/../src/common/dpp.c:538: undefined reference to `EVP_PKEY_get1_EC_KEY' > ld: /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_suppl= icant/../src/common/dpp.c:545: undefined reference to `EC_KEY_get0_group' > ld: /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_suppl= icant/../src/common/dpp.c:552: undefined reference to `EC_KEY_free' > > Omitting the OpenSSL input makes it fail earlier due to lack of headers. OK. >> This change is unrelated to the upgrade, right? It would break Connman >> (which expects to talk to wpa_supplicant over D-Bus), as well as >> NetworkManager probably, no? Or am I missing something? > > The distinguishing feature between "wpa-supplicant-minimal" and > "wpa-supplicant" is D-Bus support. > > Upstream enabled D-Bus by default in version 2.8, so I toggled it back > with the snippet above so "wpa-supplicant-minimal" stays the same. > > However I notice now that the new "wpa-supplicant-minimal" has D-Bus in > its closure even though the D-Bus interface is disabled. > > So I'm not sure if it makes sense to have the separate -minimal variant > anymore. The size of both wpa-supplicant variants are 102.4MiB after > this patch, down from 157.4 and 143.1 MiB on the Guix master branch. Well you=E2=80=99re right, maybe it doesn=E2=80=99t make much sense to keep= both variants in that case. So I guess you can go ahead and push so we can all test it in the coming days! Thanks, Ludo=E2=80=99.