From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([209.51.188.92]:45592) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hMxVA-0002jq-CM for guix-patches@gnu.org; Sat, 04 May 2019 12:27:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hMxV9-0007kY-4h for guix-patches@gnu.org; Sat, 04 May 2019 12:27:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:38527) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hMxV9-0007kF-1D for guix-patches@gnu.org; Sat, 04 May 2019 12:27:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hMxV8-0001lv-Ly for guix-patches@gnu.org; Sat, 04 May 2019 12:27:02 -0400 Subject: [bug#35563] WPA Supplicant 2.8 Resent-Message-ID: Received: from eggs.gnu.org ([209.51.188.92]:45543) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hMxUt-0002cQ-7Z for guix-patches@gnu.org; Sat, 04 May 2019 12:26:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hMxUr-0007ce-Vi for guix-patches@gnu.org; Sat, 04 May 2019 12:26:47 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:59439) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hMxUr-0007cO-MU for guix-patches@gnu.org; Sat, 04 May 2019 12:26:45 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 41C4D2C421 for ; Sat, 4 May 2019 12:26:45 -0400 (EDT) Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id 8EEB5103CB for ; Sat, 4 May 2019 12:26:44 -0400 (EDT) From: Marius Bakke Date: Sat, 04 May 2019 18:26:42 +0200 Message-ID: <87sgtudw3h.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 35563@debbugs.gnu.org --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Hello! Attached is a security update for WPA Supplicant. The new version toggles a lot of build-time options to more closely resemble what Debian and Arch do. Unfortunately the new defaults appears to require OpenSSL instead of GnuTLS. Thoughts? --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-gnu-wpa_supplicant-Update-to-2.8-security-fixes.patch Content-Transfer-Encoding: quoted-printable From=20194bb2914a0724587f04dd03cb4dd40465887248 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 30 Apr 2019 00:05:36 +0200 Subject: [PATCH] gnu: wpa_supplicant: Update to 2.8 [security fixes]. This release fixes CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-94= 97, CVE-2019-9498, CVE-2019-9499, and CVE-2019-11555. * gnu/packages/admin.scm (wpa-supplicant-minimal): Update to 2.8. [source](snippet): New field. Disable D-Bus. [arguments]: Remove now-default CONFIG_DEBUG_SYSLOG=3Dy. Change CONFIG_TLS= to use OpenSSL rather than GnuTLS. [inputs]: Remove GNUTLS and LIBGCRYPT. Add OPENSSL-NEXT. (wpa-supplicant)[arguments]: Remove obsolete CONFIG_CTRL_IFACE_DBUS=3Dy. =2D-- gnu/packages/admin.scm | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 275ce8bb2f..e0fc1c54c9 100644 =2D-- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -1198,16 +1198,23 @@ commands and their arguments.") (define-public wpa-supplicant-minimal (package (name "wpa-supplicant-minimal") =2D (version "2.7") + (version "2.8") (source (origin (method url-fetch) (uri (string-append "https://w1.fi/releases/wpa_supplicant-" =2D version =2D ".tar.gz")) + version ".tar.gz")) (sha256 (base32 =2D "0x1hqyahq44jyla8jl6791nnwrgicrhidadikrnqxsm2nw36pskn"))= )) + "15ixzm347n8w6gdvi3j3yks3i15qmp6by9ayvswm34d929m372d6")) + (modules '((guix build utils))) + (snippet + '(begin + (substitute* "wpa_supplicant/defconfig" + ;; Disable D-Bus by default. + (("^CONFIG_CTRL_IFACE_DBUS_" line _) + (string-append "#" line))) + #t)))) (build-system gnu-build-system) (arguments '(#:phases @@ -1218,10 +1225,7 @@ commands and their arguments.") (copy-file "defconfig" ".config") (let ((port (open-file ".config" "al"))) (display " =2D CONFIG_DEBUG_SYSLOG=3Dy =2D =2D # Choose GnuTLS (the default is OpenSSL.) =2D CONFIG_TLS=3Dgnutls + CONFIG_TLS=3Dopenssl =20 CONFIG_DRIVER_NL80211=3Dy CFLAGS +=3D $(shell pkg-config libnl-3.0 --cflags) @@ -1255,8 +1259,7 @@ commands and their arguments.") (inputs `(("readline" ,readline) ("libnl" ,libnl) =2D ("gnutls" ,gnutls) =2D ("libgcrypt" ,libgcrypt))) ;needed by crypto_gnut= ls.c + ("openssl" ,openssl-next))) (native-inputs `(("pkg-config" ,pkg-config))) (home-page "https://w1.fi/wpa_supplicant/") @@ -1289,7 +1292,6 @@ command.") (lambda _ (let ((port (open-file ".config" "al"))) (display " =2D CONFIG_CTRL_IFACE_DBUS=3Dy CONFIG_CTRL_IFACE_DBUS_NEW=3Dy CONFIG_CTRL_IFACE_DBUS_INTRO=3Dy\n" port) (close-port port)) =2D-=20 2.21.0 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlzNvUIACgkQoqBt8qM6 VPrCiwgAjlmWxmrELQOpiUcxxGmvukTkbC72b8PP1IIiFxKqUn4tbQoBtJfwveLp /EBp60pdfRoXMbtE0i3wPRY1NCzG/kt7zEudMZR1c6LTzKsz7PeZVdx5d1gXB2V5 sZW+9kT8ardjSpC+wx5iPvDCobaC4d1j50EA8am9A1CE1EBPqk2FxMTq7GejpJr1 bFpEbZpoNnNfwMcS682lDgaDuY0GPI2jLFYuTb8M7WghegCYXpRwPbM1VHwF632j uMrAR9nmFsxEGVgjUtmPp6SrJ/CIb9WsbJ+riKBTisjFWt+gcZbrexZOY5cmfGzj j4/R5NCgROr6H9J/+ebtrG7Q93WPtw== =IoZj -----END PGP SIGNATURE----- --==-=-=--