From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([209.51.188.92]:49928)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hOl5Z-0003YW-CD
	for guix-patches@gnu.org; Thu, 09 May 2019 11:36:06 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hOl5Y-00086L-7T
	for guix-patches@gnu.org; Thu, 09 May 2019 11:36:05 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:50794)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1hOl5Y-000869-46
	for guix-patches@gnu.org; Thu, 09 May 2019 11:36:04 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hOl5X-0007sg-S7
	for guix-patches@gnu.org; Thu, 09 May 2019 11:36:03 -0400
Subject: bug#35563: WPA Supplicant 2.8
Resent-To: guix-patches@gnu.org
Resent-Message-ID: <handler.35563.D35563.155741615530274.done@debbugs.gnu.org>
From: Marius Bakke <mbakke@fastmail.com>
In-Reply-To: <877eb25lzx.fsf@gnu.org>
References: <87sgtudw3h.fsf@fastmail.com> <874l68ngu5.fsf@gnu.org>
	<87ftpren3h.fsf@fastmail.com> <877eb25lzx.fsf@gnu.org>
Date: Thu, 09 May 2019 17:35:45 +0200
Message-ID: <87bm0bd4j2.fsf@fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 35563-done@debbugs.gnu.org

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Ludovic Court=C3=A8s <ludo@gnu.org> writes:

> Hi,
>
> Marius Bakke <mbakke@fastmail.com> skribis:
>
>> Ludovic Court=C3=A8s <ludo@gnu.org> writes:
>>
>>> Hello Marius,
>>>
>>> Marius Bakke <mbakke@fastmail.com> skribis:
>>>
>>>> Attached is a security update for WPA Supplicant.
>>>>
>>>> The new version toggles a lot of build-time options to more closely
>>>> resemble what Debian and Arch do.  Unfortunately the new defaults
>>>> appears to require OpenSSL instead of GnuTLS.
>>>
>>> What happens when you keep CONFIG_TLS=3Dgnutls?
>>
>> The linker fails to find a lot of OpenSSL interfaces.  Short excerpt:
>>
>> ld: ../src/common/dpp.o: in function `dpp_set_pubkey_point':
>> /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supplica=
nt/../src/common/dpp.c:538: undefined reference to `EVP_PKEY_get1_EC_KEY'
>> ld: /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supp=
licant/../src/common/dpp.c:545: undefined reference to `EC_KEY_get0_group'
>> ld: /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supp=
licant/../src/common/dpp.c:552: undefined reference to `EC_KEY_free'
>>
>> Omitting the OpenSSL input makes it fail earlier due to lack of headers.
>
> OK.
>
>>> This change is unrelated to the upgrade, right?  It would break Connman
>>> (which expects to talk to wpa_supplicant over D-Bus), as well as
>>> NetworkManager probably, no?  Or am I missing something?
>>
>> The distinguishing feature between "wpa-supplicant-minimal" and
>> "wpa-supplicant" is D-Bus support.
>>
>> Upstream enabled D-Bus by default in version 2.8, so I toggled it back
>> with the snippet above so "wpa-supplicant-minimal" stays the same.
>>
>> However I notice now that the new "wpa-supplicant-minimal" has D-Bus in
>> its closure even though the D-Bus interface is disabled.
>>
>> So I'm not sure if it makes sense to have the separate -minimal variant
>> anymore.  The size of both wpa-supplicant variants are 102.4MiB after
>> this patch, down from 157.4 and 143.1 MiB on the Guix master branch.
>
> Well you=E2=80=99re right, maybe it doesn=E2=80=99t make much sense to ke=
ep both
> variants in that case.

Errh nevermind, the "wpa-supplicant-minimal" package does *not* have
D-Bus in its closure.  The updated sizes are 87.8 and 102.1 MiB.

> So I guess you can go ahead and push so we can all test it in the coming
> days!

I have tested this on a few different setups and it appears to work
fine.  Pushed as aeb1ed1abcc953694bcd742ae5e3ba5a13506373!

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlzUSNEACgkQoqBt8qM6
VPq9hQgAizAkVsS3+Iu42CX5Q9yXrFmSqb91a9PZxdHbU1sqmH/Dn2GZ3uIbzm8d
QnN3T/uKCqvtvFvHr6Y9qJnuvkVvyFl4xiNNoAuWEtUWsR7n+mSwwgDaLqs43Hks
AItJH4iJApmuAzZJ5p6+PYZlKHZbm5ltbMQAz4NNWtviH3WnFZMg7BwEBo5B2Q/Y
EVpYEJgPv6MWxeRVaSe6PLaCQEe6E6/lbVGkMr26DJmztNnWTUtVwH/TI4+Zr5XN
k2ZnQeV6k8nh2TOS9wpf8NsCNZpP5EvtZ/wrA8qbIY1vciSXuX4d54K3LWTdz01b
+P1OzufFLLTZ8rMIFgu5+HZ35IjACQ==
=UcOK
-----END PGP SIGNATURE-----
--=-=-=--