From unknown Tue Aug 19 05:08:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#35563] WPA Supplicant 2.8
Resent-From: Marius Bakke <mbakke@fastmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sat, 04 May 2019 16:27:02 +0000
Resent-Message-ID: <handler.35563.B.15569872166796@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 35563
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: 
To: 35563@debbugs.gnu.org
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.15569872166796
          (code B ref -1); Sat, 04 May 2019 16:27:02 +0000
Received: (at submit) by debbugs.gnu.org; 4 May 2019 16:26:56 +0000
Received: from localhost ([127.0.0.1]:52070 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1hMxV2-0001lX-0a
	for submit@debbugs.gnu.org; Sat, 04 May 2019 12:26:56 -0400
Received: from eggs.gnu.org ([209.51.188.92]:59396)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mbakke@fastmail.com>) id 1hMxUz-0001lJ-Sq
 for submit@debbugs.gnu.org; Sat, 04 May 2019 12:26:54 -0400
Received: from lists.gnu.org ([209.51.188.17]:42376)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <mbakke@fastmail.com>) id 1hMxUu-0007dS-Lz
 for submit@debbugs.gnu.org; Sat, 04 May 2019 12:26:48 -0400
Received: from eggs.gnu.org ([209.51.188.92]:45543)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <mbakke@fastmail.com>) id 1hMxUt-0002cQ-7Z
 for guix-patches@gnu.org; Sat, 04 May 2019 12:26:48 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
 RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <mbakke@fastmail.com>) id 1hMxUr-0007ce-Vi
 for guix-patches@gnu.org; Sat, 04 May 2019 12:26:47 -0400
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:59439)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <mbakke@fastmail.com>) id 1hMxUr-0007cO-MU
 for guix-patches@gnu.org; Sat, 04 May 2019 12:26:45 -0400
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.nyi.internal (Postfix) with ESMTP id 41C4D2C421
 for <guix-patches@gnu.org>; Sat,  4 May 2019 12:26:45 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute5.internal (MEProxy); Sat, 04 May 2019 12:26:45 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h=
 from:to:subject:date:message-id:mime-version:content-type; s=
 fm2; bh=Cjv2CFLE/UwoL4SrdYjPHwCJCM/Eo1UQ13Mdjn+objE=; b=uZFZGlEQ
 MfpQHbs4BXguHChH6yzHItrYo8BjuiFG1pMQjfDDgTBCOnQ1jVLiXenNJ8JFTDlb
 ovoBS6uObwHaIrB0O+mNA9KkvAiisb+j/f7QJKjAUNwbFrGVFTORLpG/ezcNdXEP
 NkGQadsP6e+MVP13xJh0UUjrSdqaXk7rzFS+0/C+90GG2RHdro7dJ/7U+0tG9j22
 n03ctSW8Frhk+DTwf1h3PlWyHZUdKSKbgHWUnYzYXkFTcNcWVAGG+vB/2nKPJhz7
 MUWdYx+A2y5f1bC1bT5oUrLikgEnWtQsneWlsLvmfRzvlyG5OFvSZ5sbIZSHLGTi
 y8Og2CVw6g8S2A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-type:date:from:message-id
 :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender
 :x-me-sender:x-sasl-enc; s=fm2; bh=Cjv2CFLE/UwoL4SrdYjPHwCJCM/Eo
 1UQ13Mdjn+objE=; b=7JBTjdr3xnz+jhDWK08t6CdbnXC6+uu4V89lMH2sGblXA
 SWPqrB6kdMJTIrDb2FHKPNuyLHGHmAOwxXOC1vlJ9o14bhwlDNWME8RfE7QaIlGh
 d/7ygO15+fHGlUb7LHx/Vq5aGbIAqqNQPpzFKX/jsBrxPm3voStntfllVwL6oQqM
 7a3OuVaLMtqMQE1WZMEopJkyW7gYwvx14hezw3BnfsFVuKrL9mCrIRB5F3FK0uE9
 ZOJA0ig/HdXef6+u8dPYLFtHCRxMeuruLugS1u7ykXAW6veEe1EAjoOX6pfURzUn
 od3J5tWy+SIc+d4NvhjfdXziCmnXg1bIMBoBHDcqA==
X-ME-Sender: <xms:Rb3NXDZSwKRcjbWxE9SnWYNUMealYxmyYlZMKDLR7sAMxxweG9XpAg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrjeefgddutdduucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufgffkfggtgesghdtreertd
 ertdenucfhrhhomhepofgrrhhiuhhsuceurghkkhgvuceomhgsrghkkhgvsehfrghsthhm
 rghilhdrtghomheqnecukfhppeeivddrudeirddvvdeirddugedtnecurfgrrhgrmhepmh
 grihhlfhhrohhmpehmsggrkhhkvgesfhgrshhtmhgrihhlrdgtohhmnecuvehluhhsthgv
 rhfuihiivgeptd
X-ME-Proxy: <xmx:Rb3NXOLuCah3S0Zc8pSQMZsclXdy5X5WKcNDNUxbntT0rUeU0iZ5gw>
 <xmx:Rb3NXOhBYK1O8n4VVFWP4-qO9jd7IYVoVlNxUMN_Iu3eLJGJti1QeQ>
 <xmx:Rb3NXKy1oDtxp7nXfhsfwdgNCw-lLvIKspZp9JI_f47zzXHX5gBUBA>
 <xmx:Rb3NXCalO76KPGzc4EUGKPAqlbjNc4Uztxy4HHnSpzxdYcSplR5z6g>
Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140])
 by mail.messagingengine.com (Postfix) with ESMTPA id 8EEB5103CB
 for <guix-patches@gnu.org>; Sat,  4 May 2019 12:26:44 -0400 (EDT)
From: Marius Bakke <mbakke@fastmail.com>
User-Agent: Notmuch/0.28.3 (https://notmuchmail.org) Emacs/26.2
 (x86_64-pc-linux-gnu)
Date: Sat, 04 May 2019 18:26:42 +0200
Message-ID: <87sgtudw3h.fsf@fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 66.111.4.28
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Spam-Score: -1.6 (-)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.6 (--)

--==-=-=
Content-Type: multipart/mixed; boundary="=-=-="

--=-=-=
Content-Type: text/plain

Hello!

Attached is a security update for WPA Supplicant.

The new version toggles a lot of build-time options to more closely
resemble what Debian and Arch do.  Unfortunately the new defaults
appears to require OpenSSL instead of GnuTLS.

Thoughts?


--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment;
 filename=0001-gnu-wpa_supplicant-Update-to-2.8-security-fixes.patch
Content-Transfer-Encoding: quoted-printable

From=20194bb2914a0724587f04dd03cb4dd40465887248 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Tue, 30 Apr 2019 00:05:36 +0200
Subject: [PATCH] gnu: wpa_supplicant: Update to 2.8 [security fixes].

This release fixes CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-94=
97,
CVE-2019-9498, CVE-2019-9499, and CVE-2019-11555.

* gnu/packages/admin.scm (wpa-supplicant-minimal): Update to 2.8.
[source](snippet): New field.  Disable D-Bus.
[arguments]: Remove now-default CONFIG_DEBUG_SYSLOG=3Dy.  Change CONFIG_TLS=
 to
use OpenSSL rather than GnuTLS.
[inputs]: Remove GNUTLS and LIBGCRYPT.  Add OPENSSL-NEXT.
(wpa-supplicant)[arguments]: Remove obsolete CONFIG_CTRL_IFACE_DBUS=3Dy.
=2D--
 gnu/packages/admin.scm | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 275ce8bb2f..e0fc1c54c9 100644
=2D-- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -1198,16 +1198,23 @@ commands and their arguments.")
 (define-public wpa-supplicant-minimal
   (package
     (name "wpa-supplicant-minimal")
=2D    (version "2.7")
+    (version "2.8")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "https://w1.fi/releases/wpa_supplicant-"
=2D                    version
=2D                    ".tar.gz"))
+                    version ".tar.gz"))
               (sha256
                (base32
=2D                "0x1hqyahq44jyla8jl6791nnwrgicrhidadikrnqxsm2nw36pskn"))=
))
+                "15ixzm347n8w6gdvi3j3yks3i15qmp6by9ayvswm34d929m372d6"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  (substitute* "wpa_supplicant/defconfig"
+                    ;; Disable D-Bus by default.
+                    (("^CONFIG_CTRL_IFACE_DBUS_" line _)
+                     (string-append "#" line)))
+                    #t))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -1218,10 +1225,7 @@ commands and their arguments.")
              (copy-file "defconfig" ".config")
              (let ((port (open-file ".config" "al")))
                (display "
=2D      CONFIG_DEBUG_SYSLOG=3Dy
=2D
=2D      # Choose GnuTLS (the default is OpenSSL.)
=2D      CONFIG_TLS=3Dgnutls
+      CONFIG_TLS=3Dopenssl
=20
       CONFIG_DRIVER_NL80211=3Dy
       CFLAGS +=3D $(shell pkg-config libnl-3.0 --cflags)
@@ -1255,8 +1259,7 @@ commands and their arguments.")
     (inputs
      `(("readline" ,readline)
        ("libnl" ,libnl)
=2D       ("gnutls" ,gnutls)
=2D       ("libgcrypt" ,libgcrypt)))                 ;needed by crypto_gnut=
ls.c
+       ("openssl" ,openssl-next)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (home-page "https://w1.fi/wpa_supplicant/")
@@ -1289,7 +1292,6 @@ command.")
              (lambda _
                (let ((port (open-file ".config" "al")))
                  (display "
=2D      CONFIG_CTRL_IFACE_DBUS=3Dy
       CONFIG_CTRL_IFACE_DBUS_NEW=3Dy
       CONFIG_CTRL_IFACE_DBUS_INTRO=3Dy\n" port)
                  (close-port port))
=2D-=20
2.21.0


--=-=-=--

--==-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlzNvUIACgkQoqBt8qM6
VPrCiwgAjlmWxmrELQOpiUcxxGmvukTkbC72b8PP1IIiFxKqUn4tbQoBtJfwveLp
/EBp60pdfRoXMbtE0i3wPRY1NCzG/kt7zEudMZR1c6LTzKsz7PeZVdx5d1gXB2V5
sZW+9kT8ardjSpC+wx5iPvDCobaC4d1j50EA8am9A1CE1EBPqk2FxMTq7GejpJr1
bFpEbZpoNnNfwMcS682lDgaDuY0GPI2jLFYuTb8M7WghegCYXpRwPbM1VHwF632j
uMrAR9nmFsxEGVgjUtmPp6SrJ/CIb9WsbJ+riKBTisjFWt+gcZbrexZOY5cmfGzj
j4/R5NCgROr6H9J/+ebtrG7Q93WPtw==
=IoZj
-----END PGP SIGNATURE-----
--==-=-=--




From unknown Tue Aug 19 05:08:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#35563] WPA Supplicant 2.8
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 06 May 2019 08:11:02 +0000
Resent-Message-ID: <handler.35563.B35563.155713025616771@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 35563
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: 
To: Marius Bakke <mbakke@fastmail.com>
Cc: 35563@debbugs.gnu.org
Received: via spool by 35563-submit@debbugs.gnu.org id=B35563.155713025616771
          (code B ref 35563); Mon, 06 May 2019 08:11:02 +0000
Received: (at 35563) by debbugs.gnu.org; 6 May 2019 08:10:56 +0000
Received: from localhost ([127.0.0.1]:55643 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1hNYi7-0004MR-Vz
	for submit@debbugs.gnu.org; Mon, 06 May 2019 04:10:56 -0400
Received: from eggs.gnu.org ([209.51.188.92]:33014)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1hNYi6-0004MD-Va
 for 35563@debbugs.gnu.org; Mon, 06 May 2019 04:10:55 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:34804)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1hNYi1-00013L-Lb; Mon, 06 May 2019 04:10:49 -0400
Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=47566 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1hNYhv-0007o9-OS; Mon, 06 May 2019 04:10:45 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
References: <87sgtudw3h.fsf@fastmail.com>
Date: Mon, 06 May 2019 10:10:42 +0200
In-Reply-To: <87sgtudw3h.fsf@fastmail.com> (Marius Bakke's message of "Sat, 04
 May 2019 18:26:42 +0200")
Message-ID: <874l68ngu5.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hello Marius,

Marius Bakke <mbakke@fastmail.com> skribis:

> Attached is a security update for WPA Supplicant.
>
> The new version toggles a lot of build-time options to more closely
> resemble what Debian and Arch do.  Unfortunately the new defaults
> appears to require OpenSSL instead of GnuTLS.

What happens when you keep CONFIG_TLS=3Dgnutls?

> From 194bb2914a0724587f04dd03cb4dd40465887248 Mon Sep 17 00:00:00 2001
> From: Marius Bakke <mbakke@fastmail.com>
> Date: Tue, 30 Apr 2019 00:05:36 +0200
> Subject: [PATCH] gnu: wpa_supplicant: Update to 2.8 [security fixes].
>
> This release fixes CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-=
9497,
> CVE-2019-9498, CVE-2019-9499, and CVE-2019-11555.
>
> * gnu/packages/admin.scm (wpa-supplicant-minimal): Update to 2.8.
> [source](snippet): New field.  Disable D-Bus.
> [arguments]: Remove now-default CONFIG_DEBUG_SYSLOG=3Dy.  Change CONFIG_T=
LS to
> use OpenSSL rather than GnuTLS.
> [inputs]: Remove GNUTLS and LIBGCRYPT.  Add OPENSSL-NEXT.
> (wpa-supplicant)[arguments]: Remove obsolete CONFIG_CTRL_IFACE_DBUS=3Dy.

[...]

> +                  (substitute* "wpa_supplicant/defconfig"
> +                    ;; Disable D-Bus by default.
> +                    (("^CONFIG_CTRL_IFACE_DBUS_" line _)
> +                     (string-append "#" line)))

This change is unrelated to the upgrade, right?  It would break Connman
(which expects to talk to wpa_supplicant over D-Bus), as well as
NetworkManager probably, no?  Or am I missing something?

I=E2=80=99d like to have to make sure wpa_supplicant works well in the 1.0.1
installer.  :-)

Thanks for looking into it!

Ludo=E2=80=99.




From unknown Tue Aug 19 05:08:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#35563] WPA Supplicant 2.8
Resent-From: Marius Bakke <mbakke@fastmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 06 May 2019 13:21:02 +0000
Resent-Message-ID: <handler.35563.B35563.155714883023671@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 35563
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: 
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 35563@debbugs.gnu.org
Received: via spool by 35563-submit@debbugs.gnu.org id=B35563.155714883023671
          (code B ref 35563); Mon, 06 May 2019 13:21:02 +0000
Received: (at 35563) by debbugs.gnu.org; 6 May 2019 13:20:30 +0000
Received: from localhost ([127.0.0.1]:55895 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1hNdXi-00069j-53
	for submit@debbugs.gnu.org; Mon, 06 May 2019 09:20:30 -0400
Received: from wout3-smtp.messagingengine.com ([64.147.123.19]:48737)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mbakke@fastmail.com>) id 1hNdXg-00069U-Ac
 for 35563@debbugs.gnu.org; Mon, 06 May 2019 09:20:28 -0400
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.west.internal (Postfix) with ESMTP id 2595B409;
 Mon,  6 May 2019 09:20:22 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute5.internal (MEProxy); Mon, 06 May 2019 09:20:22 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h=
 from:to:cc:subject:in-reply-to:references:date:message-id
 :mime-version:content-type; s=fm2; bh=NHk12CkPdNevjUU2hpJ4moCiM/
 c5PH1MqaeX5Qfjd54=; b=HA/4A6hBWpnI1b4CrEWyAJCz+sQJpgxB/kLPkwnYJR
 /d9F9l4mSrz4xcdpT8h2f/6kqIoTDpu9irQTAMP/8jHZyKCE2xRSOfpwy+ll2epa
 z+WTKryYlHMJt9qMvRXIC2fYd0erL3eyy4VtmtvWJAZbFo3wpoxaW9p36o7cyjuh
 pTrAhpdE7/lJpo6/2E08eHXFFV0QU3ABheFPeqEyP66AgRRAUOBmFPn2X6OTLpOB
 7QDjR9Pe2HoqU2lzv/SuZg2G/bHktNt430ekO1JPA1iIOZ7lrSFNMLHm3dZdyDRm
 UR7K3ZRO1aJqips9eipKQCavnnMV4HbZZcZURWmFR/kQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=NHk12C
 kPdNevjUU2hpJ4moCiM/c5PH1MqaeX5Qfjd54=; b=iMLJDV3/P+FTXEggAvrs4d
 MFD788X+wZS5PykX/Um+BNq3BPglRVPQTTsvhPOWVRzHHiy5LEtWYNeQghzeom3w
 c6uTJ1d0Q8vhP3cwjP2qXVWWBMKD3EUzP5AaIaOd8BmdgdcYVJcLEJLflxRQqIap
 zZ/Xe4hQF8dwtBqWYal5kaBzMllZz/z6HcqokMikBfoe5qRLw2vgQwOBe23I1ppJ
 e5PNeDVKD3/GW2/wceMtNpDr4LXUivKqsWO93D55EYVyDgNqXzHQK0fJd+Nz5WwM
 fr7PVJ7eW/GvfT/xii47MZJF8xeiQ6jx5XhPJ7moUT3xuLG4kPP7QfNquSZLGBbg
 ==
X-ME-Sender: <xms:lTTQXGIYoIBWFpERCEiKSA8jykcDvG3GoSTazX0mUUHvam3TtLTlEA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrjeejgdeihecutefuodetggdotefrodftvf
 curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
 uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc
 fjughrpefhvffujghffgffkfggtgesghdtreertderjeenucfhrhhomhepofgrrhhiuhhs
 uceurghkkhgvuceomhgsrghkkhgvsehfrghsthhmrghilhdrtghomheqnecukfhppeeivd
 drudeirddvvdeirddugedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmsggrkhhkvges
 fhgrshhtmhgrihhlrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:lTTQXKTSQipp1FPhP3P2UwNEwZMsWSeWlaKduLNvGU6kUhS5qWbZEw>
 <xmx:lTTQXC17mNznLTIs9wCbkLb32pV84YTPYd3-iXqiJGxHUuvt6L4L7w>
 <xmx:lTTQXADUwMgvWNlnPvcof8-HAQ20eE5-XBCv5DN2nAESLM2UxW3EiQ>
 <xmx:lTTQXNzlYDdRRmjjD0xHgrxzFIPZW3gcM0r_vLO0ZNd1fSpj0yspZQ>
Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140])
 by mail.messagingengine.com (Postfix) with ESMTPA id 25226103CF;
 Mon,  6 May 2019 09:20:21 -0400 (EDT)
From: Marius Bakke <mbakke@fastmail.com>
In-Reply-To: <874l68ngu5.fsf@gnu.org>
References: <87sgtudw3h.fsf@fastmail.com> <874l68ngu5.fsf@gnu.org>
User-Agent: Notmuch/0.28.3 (https://notmuchmail.org) Emacs/26.2
 (x86_64-pc-linux-gnu)
Date: Mon, 06 May 2019 15:20:18 +0200
Message-ID: <87ftpren3h.fsf@fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Ludovic Court=C3=A8s <ludo@gnu.org> writes:

> Hello Marius,
>
> Marius Bakke <mbakke@fastmail.com> skribis:
>
>> Attached is a security update for WPA Supplicant.
>>
>> The new version toggles a lot of build-time options to more closely
>> resemble what Debian and Arch do.  Unfortunately the new defaults
>> appears to require OpenSSL instead of GnuTLS.
>
> What happens when you keep CONFIG_TLS=3Dgnutls?

The linker fails to find a lot of OpenSSL interfaces.  Short excerpt:

ld: ../src/common/dpp.o: in function `dpp_set_pubkey_point':
/tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supplicant/=
../src/common/dpp.c:538: undefined reference to `EVP_PKEY_get1_EC_KEY'
ld: /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supplic=
ant/../src/common/dpp.c:545: undefined reference to `EC_KEY_get0_group'
ld: /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supplic=
ant/../src/common/dpp.c:552: undefined reference to `EC_KEY_free'

Omitting the OpenSSL input makes it fail earlier due to lack of headers.

>> From 194bb2914a0724587f04dd03cb4dd40465887248 Mon Sep 17 00:00:00 2001
>> From: Marius Bakke <mbakke@fastmail.com>
>> Date: Tue, 30 Apr 2019 00:05:36 +0200
>> Subject: [PATCH] gnu: wpa_supplicant: Update to 2.8 [security fixes].
>>
>> This release fixes CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019=
-9497,
>> CVE-2019-9498, CVE-2019-9499, and CVE-2019-11555.
>>
>> * gnu/packages/admin.scm (wpa-supplicant-minimal): Update to 2.8.
>> [source](snippet): New field.  Disable D-Bus.
>> [arguments]: Remove now-default CONFIG_DEBUG_SYSLOG=3Dy.  Change CONFIG_=
TLS to
>> use OpenSSL rather than GnuTLS.
>> [inputs]: Remove GNUTLS and LIBGCRYPT.  Add OPENSSL-NEXT.
>> (wpa-supplicant)[arguments]: Remove obsolete CONFIG_CTRL_IFACE_DBUS=3Dy.
>
> [...]
>
>> +                  (substitute* "wpa_supplicant/defconfig"
>> +                    ;; Disable D-Bus by default.
>> +                    (("^CONFIG_CTRL_IFACE_DBUS_" line _)
>> +                     (string-append "#" line)))
>
> This change is unrelated to the upgrade, right?  It would break Connman
> (which expects to talk to wpa_supplicant over D-Bus), as well as
> NetworkManager probably, no?  Or am I missing something?

The distinguishing feature between "wpa-supplicant-minimal" and
"wpa-supplicant" is D-Bus support.

Upstream enabled D-Bus by default in version 2.8, so I toggled it back
with the snippet above so "wpa-supplicant-minimal" stays the same.

However I notice now that the new "wpa-supplicant-minimal" has D-Bus in
its closure even though the D-Bus interface is disabled.

So I'm not sure if it makes sense to have the separate -minimal variant
anymore.  The size of both wpa-supplicant variants are 102.4MiB after
this patch, down from 157.4 and 143.1 MiB on the Guix master branch.

Thoughts?

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlzQNJIACgkQoqBt8qM6
VPq+mQf/Y6iBqDkzbx6QgpbsD9lpr+tolACyDldz0COWzBxwGWRsqvu6N849uxMt
+bm35725BVnD/DGtzcDJEg1i9e55rs+JKMTWzL092gXhqz7OJrIT75dHyas+NXqi
W/ZzIZermuPjaFM1OMRcBGfqOO1nf0FaKbUV6P9q48DHAuW2AcZPhdTDYeyKyhR0
9UN5IcnLk/avh/a9Qg966wDTwjsXoTJFRBFGDVe+HscAfgwT5jUCDYwGtuWg4ySB
ZJVUL9atW/+l+1XmyC3uCEqr0ZlQkn/v2j9lWOyWu7itRhjgFYm5ylXdrcd5AEoG
oVPjGGtrKNVTyJadGXr0GXJMSLikUg==
=Vb2C
-----END PGP SIGNATURE-----
--=-=-=--




From unknown Tue Aug 19 05:08:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#35563] WPA Supplicant 2.8
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 07 May 2019 15:22:02 +0000
Resent-Message-ID: <handler.35563.B35563.155724248116440@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 35563
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: 
To: Marius Bakke <mbakke@fastmail.com>
Cc: 35563@debbugs.gnu.org
Received: via spool by 35563-submit@debbugs.gnu.org id=B35563.155724248116440
          (code B ref 35563); Tue, 07 May 2019 15:22:02 +0000
Received: (at 35563) by debbugs.gnu.org; 7 May 2019 15:21:21 +0000
Received: from localhost ([127.0.0.1]:59345 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1hO1uD-0004H3-Cn
	for submit@debbugs.gnu.org; Tue, 07 May 2019 11:21:21 -0400
Received: from eggs.gnu.org ([209.51.188.92]:44576)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1hO1uA-0004Go-RY
 for 35563@debbugs.gnu.org; Tue, 07 May 2019 11:21:20 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:32996)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1hO1u3-0005VS-1T; Tue, 07 May 2019 11:21:12 -0400
Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=39736 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1hO1tz-0005H1-SU; Tue, 07 May 2019 11:21:09 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
References: <87sgtudw3h.fsf@fastmail.com> <874l68ngu5.fsf@gnu.org>
 <87ftpren3h.fsf@fastmail.com>
Date: Tue, 07 May 2019 17:21:06 +0200
In-Reply-To: <87ftpren3h.fsf@fastmail.com> (Marius Bakke's message of "Mon, 06
 May 2019 15:20:18 +0200")
Message-ID: <877eb25lzx.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi,

Marius Bakke <mbakke@fastmail.com> skribis:

> Ludovic Court=C3=A8s <ludo@gnu.org> writes:
>
>> Hello Marius,
>>
>> Marius Bakke <mbakke@fastmail.com> skribis:
>>
>>> Attached is a security update for WPA Supplicant.
>>>
>>> The new version toggles a lot of build-time options to more closely
>>> resemble what Debian and Arch do.  Unfortunately the new defaults
>>> appears to require OpenSSL instead of GnuTLS.
>>
>> What happens when you keep CONFIG_TLS=3Dgnutls?
>
> The linker fails to find a lot of OpenSSL interfaces.  Short excerpt:
>
> ld: ../src/common/dpp.o: in function `dpp_set_pubkey_point':
> /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supplican=
t/../src/common/dpp.c:538: undefined reference to `EVP_PKEY_get1_EC_KEY'
> ld: /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_suppl=
icant/../src/common/dpp.c:545: undefined reference to `EC_KEY_get0_group'
> ld: /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_suppl=
icant/../src/common/dpp.c:552: undefined reference to `EC_KEY_free'
>
> Omitting the OpenSSL input makes it fail earlier due to lack of headers.

OK.

>> This change is unrelated to the upgrade, right?  It would break Connman
>> (which expects to talk to wpa_supplicant over D-Bus), as well as
>> NetworkManager probably, no?  Or am I missing something?
>
> The distinguishing feature between "wpa-supplicant-minimal" and
> "wpa-supplicant" is D-Bus support.
>
> Upstream enabled D-Bus by default in version 2.8, so I toggled it back
> with the snippet above so "wpa-supplicant-minimal" stays the same.
>
> However I notice now that the new "wpa-supplicant-minimal" has D-Bus in
> its closure even though the D-Bus interface is disabled.
>
> So I'm not sure if it makes sense to have the separate -minimal variant
> anymore.  The size of both wpa-supplicant variants are 102.4MiB after
> this patch, down from 157.4 and 143.1 MiB on the Guix master branch.

Well you=E2=80=99re right, maybe it doesn=E2=80=99t make much sense to keep=
 both
variants in that case.

So I guess you can go ahead and push so we can all test it in the coming
days!

Thanks,
Ludo=E2=80=99.




From unknown Tue Aug 19 05:08:13 2025
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
X-Loop: help-debbugs@gnu.org
From: help-debbugs@gnu.org (GNU bug Tracking System)
To: Marius Bakke <mbakke@fastmail.com>
Subject: bug#35563: closed (Re: [bug#35563] WPA Supplicant 2.8)
Message-ID: <handler.35563.D35563.155741615530274.notifdone@debbugs.gnu.org>
References: <87bm0bd4j2.fsf@fastmail.com> <87sgtudw3h.fsf@fastmail.com>
X-Gnu-PR-Message: they-closed 35563
X-Gnu-PR-Package: guix-patches
Reply-To: 35563@debbugs.gnu.org
Date: Thu, 09 May 2019 15:36:04 +0000
Content-Type: multipart/mixed; boundary="----------=_1557416164-30289-1"

This is a multi-part message in MIME format...

------------=_1557416164-30289-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Your bug report

#35563: WPA Supplicant 2.8

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 35563@debbugs.gnu.org.

--=20
35563: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D35563
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems

------------=_1557416164-30289-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at 35563-done) by debbugs.gnu.org; 9 May 2019 15:35:55 +0000
Received: from localhost ([127.0.0.1]:36103 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1hOl5P-0007sD-Ac
	for submit@debbugs.gnu.org; Thu, 09 May 2019 11:35:55 -0400
Received: from out5-smtp.messagingengine.com ([66.111.4.29]:52849)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mbakke@fastmail.com>) id 1hOl5N-0007rt-8l
 for 35563-done@debbugs.gnu.org; Thu, 09 May 2019 11:35:53 -0400
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.nyi.internal (Postfix) with ESMTP id 157D822616;
 Thu,  9 May 2019 11:35:48 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute5.internal (MEProxy); Thu, 09 May 2019 11:35:48 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h=
 from:to:cc:subject:in-reply-to:references:date:message-id
 :mime-version:content-type; s=fm2; bh=YyLE/Yo9AOZEIWaW87mSAmmEi4
 px1OnD2C8PS/mlaJc=; b=akLl4VVU6mo8+RijpjbO5eN05IN2PI7Wk9rqkswBbd
 n+fcvh5hCTZggIxsRUWrRB82xG1XftVJhIi2kE3aBy+BNgT7k1cmQUKbl1b/O8JN
 p9PAdUkrih8umdkiiSmrU86s5mp9m8U68whAmM5wSlY5pBfy08DT+x9jopKbXU6z
 sVKzKEzniO20TWwkBjd4q9x2gJohqPxTYTIunDgE3k/ZPc6Q6m2OBWbeozkb72mj
 hrJ+qeEOjETX/yfPgNX2raLocndpsmUT1FsGT9J49ANd/i/yymaAiLse5A2fpASi
 ADEbvEEfLWrvAWN5J0huQU+UQRtkjO65u++zonXyZdng==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=YyLE/Y
 o9AOZEIWaW87mSAmmEi4px1OnD2C8PS/mlaJc=; b=sALuKSgSNp0lnrF3P3k8OP
 O/dOgTmMIK5mvTG54EuB+NidLlkNNMihMs57ENfWnImF1ruVmYe2Q0ecOA4l6DUY
 XLyvcFAjHB/BPUQO2jWVc9lnnxT52C28uRfdKul7qcgtFNTHLy1FiyT7JsSmS7F8
 fDbJgE0S0diOKI2AkOQe8SnG8K4nV6VuxVH8BMpaG0QHSeJo8GT4RJJR3OOafAsa
 SoGo4w437Yrxdi2mJ0u04KzvYf5FLxeATeQ/04mYBSHViUBR+9YcX7Q88Uria+pw
 bkmKC4/w1nBVJfjqSxs4VP548WGbtLEB5oQhvf8FXElcGudg0urep64qNtMh7aDQ
 ==
X-ME-Sender: <xms:00jUXHilv9aNbbg31ysiMSKXqaFid_kg0usSa92JvRVwEehYYR5hSA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrkeeigddvkecutefuodetggdotefrodftvf
 curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
 uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc
 fjughrpefhvffujghffgffkfggtgesghdtreertderjeenucfhrhhomhepofgrrhhiuhhs
 uceurghkkhgvuceomhgsrghkkhgvsehfrghsthhmrghilhdrtghomheqnecukfhppeeivd
 drudeirddvvdeirddugedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmsggrkhhkvges
 fhgrshhtmhgrihhlrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:00jUXBsr90EX6X5m4zUf7hvAwrzOavfvSezulAhhQltr7rFUQ-c2KQ>
 <xmx:00jUXI2GTqHRbaVk-R4QrUsEC6kHeQ89Nl1cmtpUbiQ7AMgcGfmgag>
 <xmx:00jUXAyxuQbenOnv5TEyv_g1C-wMya-N2RKr3WDoxt4wV5ZphyDZcw>
 <xmx:1EjUXEwFsehbxTfzvftEMQwDbhJsXGeQszDTPfQ8Ct4MlV9JqLr7TQ>
Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140])
 by mail.messagingengine.com (Postfix) with ESMTPA id 393B6103D2;
 Thu,  9 May 2019 11:35:47 -0400 (EDT)
From: Marius Bakke <mbakke@fastmail.com>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Subject: Re: [bug#35563] WPA Supplicant 2.8
In-Reply-To: <877eb25lzx.fsf@gnu.org>
References: <87sgtudw3h.fsf@fastmail.com> <874l68ngu5.fsf@gnu.org>
 <87ftpren3h.fsf@fastmail.com> <877eb25lzx.fsf@gnu.org>
User-Agent: Notmuch/0.28.3 (https://notmuchmail.org) Emacs/26.2
 (x86_64-pc-linux-gnu)
Date: Thu, 09 May 2019 17:35:45 +0200
Message-ID: <87bm0bd4j2.fsf@fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 35563-done
Cc: 35563-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Ludovic Court=C3=A8s <ludo@gnu.org> writes:

> Hi,
>
> Marius Bakke <mbakke@fastmail.com> skribis:
>
>> Ludovic Court=C3=A8s <ludo@gnu.org> writes:
>>
>>> Hello Marius,
>>>
>>> Marius Bakke <mbakke@fastmail.com> skribis:
>>>
>>>> Attached is a security update for WPA Supplicant.
>>>>
>>>> The new version toggles a lot of build-time options to more closely
>>>> resemble what Debian and Arch do.  Unfortunately the new defaults
>>>> appears to require OpenSSL instead of GnuTLS.
>>>
>>> What happens when you keep CONFIG_TLS=3Dgnutls?
>>
>> The linker fails to find a lot of OpenSSL interfaces.  Short excerpt:
>>
>> ld: ../src/common/dpp.o: in function `dpp_set_pubkey_point':
>> /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supplica=
nt/../src/common/dpp.c:538: undefined reference to `EVP_PKEY_get1_EC_KEY'
>> ld: /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supp=
licant/../src/common/dpp.c:545: undefined reference to `EC_KEY_get0_group'
>> ld: /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supp=
licant/../src/common/dpp.c:552: undefined reference to `EC_KEY_free'
>>
>> Omitting the OpenSSL input makes it fail earlier due to lack of headers.
>
> OK.
>
>>> This change is unrelated to the upgrade, right?  It would break Connman
>>> (which expects to talk to wpa_supplicant over D-Bus), as well as
>>> NetworkManager probably, no?  Or am I missing something?
>>
>> The distinguishing feature between "wpa-supplicant-minimal" and
>> "wpa-supplicant" is D-Bus support.
>>
>> Upstream enabled D-Bus by default in version 2.8, so I toggled it back
>> with the snippet above so "wpa-supplicant-minimal" stays the same.
>>
>> However I notice now that the new "wpa-supplicant-minimal" has D-Bus in
>> its closure even though the D-Bus interface is disabled.
>>
>> So I'm not sure if it makes sense to have the separate -minimal variant
>> anymore.  The size of both wpa-supplicant variants are 102.4MiB after
>> this patch, down from 157.4 and 143.1 MiB on the Guix master branch.
>
> Well you=E2=80=99re right, maybe it doesn=E2=80=99t make much sense to ke=
ep both
> variants in that case.

Errh nevermind, the "wpa-supplicant-minimal" package does *not* have
D-Bus in its closure.  The updated sizes are 87.8 and 102.1 MiB.

> So I guess you can go ahead and push so we can all test it in the coming
> days!

I have tested this on a few different setups and it appears to work
fine.  Pushed as aeb1ed1abcc953694bcd742ae5e3ba5a13506373!

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlzUSNEACgkQoqBt8qM6
VPq9hQgAizAkVsS3+Iu42CX5Q9yXrFmSqb91a9PZxdHbU1sqmH/Dn2GZ3uIbzm8d
QnN3T/uKCqvtvFvHr6Y9qJnuvkVvyFl4xiNNoAuWEtUWsR7n+mSwwgDaLqs43Hks
AItJH4iJApmuAzZJ5p6+PYZlKHZbm5ltbMQAz4NNWtviH3WnFZMg7BwEBo5B2Q/Y
EVpYEJgPv6MWxeRVaSe6PLaCQEe6E6/lbVGkMr26DJmztNnWTUtVwH/TI4+Zr5XN
k2ZnQeV6k8nh2TOS9wpf8NsCNZpP5EvtZ/wrA8qbIY1vciSXuX4d54K3LWTdz01b
+P1OzufFLLTZ8rMIFgu5+HZ35IjACQ==
=UcOK
-----END PGP SIGNATURE-----
--=-=-=--


------------=_1557416164-30289-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by debbugs.gnu.org; 4 May 2019 16:26:56 +0000
Received: from localhost ([127.0.0.1]:52070 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1hMxV2-0001lX-0a
	for submit@debbugs.gnu.org; Sat, 04 May 2019 12:26:56 -0400
Received: from eggs.gnu.org ([209.51.188.92]:59396)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mbakke@fastmail.com>) id 1hMxUz-0001lJ-Sq
 for submit@debbugs.gnu.org; Sat, 04 May 2019 12:26:54 -0400
Received: from lists.gnu.org ([209.51.188.17]:42376)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <mbakke@fastmail.com>) id 1hMxUu-0007dS-Lz
 for submit@debbugs.gnu.org; Sat, 04 May 2019 12:26:48 -0400
Received: from eggs.gnu.org ([209.51.188.92]:45543)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <mbakke@fastmail.com>) id 1hMxUt-0002cQ-7Z
 for guix-patches@gnu.org; Sat, 04 May 2019 12:26:48 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
 RCVD_IN_DNSWL_LOW,URIBL_BLOCKED autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <mbakke@fastmail.com>) id 1hMxUr-0007ce-Vi
 for guix-patches@gnu.org; Sat, 04 May 2019 12:26:47 -0400
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:59439)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <mbakke@fastmail.com>) id 1hMxUr-0007cO-MU
 for guix-patches@gnu.org; Sat, 04 May 2019 12:26:45 -0400
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.nyi.internal (Postfix) with ESMTP id 41C4D2C421
 for <guix-patches@gnu.org>; Sat,  4 May 2019 12:26:45 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute5.internal (MEProxy); Sat, 04 May 2019 12:26:45 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h=
 from:to:subject:date:message-id:mime-version:content-type; s=
 fm2; bh=Cjv2CFLE/UwoL4SrdYjPHwCJCM/Eo1UQ13Mdjn+objE=; b=uZFZGlEQ
 MfpQHbs4BXguHChH6yzHItrYo8BjuiFG1pMQjfDDgTBCOnQ1jVLiXenNJ8JFTDlb
 ovoBS6uObwHaIrB0O+mNA9KkvAiisb+j/f7QJKjAUNwbFrGVFTORLpG/ezcNdXEP
 NkGQadsP6e+MVP13xJh0UUjrSdqaXk7rzFS+0/C+90GG2RHdro7dJ/7U+0tG9j22
 n03ctSW8Frhk+DTwf1h3PlWyHZUdKSKbgHWUnYzYXkFTcNcWVAGG+vB/2nKPJhz7
 MUWdYx+A2y5f1bC1bT5oUrLikgEnWtQsneWlsLvmfRzvlyG5OFvSZ5sbIZSHLGTi
 y8Og2CVw6g8S2A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-type:date:from:message-id
 :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender
 :x-me-sender:x-sasl-enc; s=fm2; bh=Cjv2CFLE/UwoL4SrdYjPHwCJCM/Eo
 1UQ13Mdjn+objE=; b=7JBTjdr3xnz+jhDWK08t6CdbnXC6+uu4V89lMH2sGblXA
 SWPqrB6kdMJTIrDb2FHKPNuyLHGHmAOwxXOC1vlJ9o14bhwlDNWME8RfE7QaIlGh
 d/7ygO15+fHGlUb7LHx/Vq5aGbIAqqNQPpzFKX/jsBrxPm3voStntfllVwL6oQqM
 7a3OuVaLMtqMQE1WZMEopJkyW7gYwvx14hezw3BnfsFVuKrL9mCrIRB5F3FK0uE9
 ZOJA0ig/HdXef6+u8dPYLFtHCRxMeuruLugS1u7ykXAW6veEe1EAjoOX6pfURzUn
 od3J5tWy+SIc+d4NvhjfdXziCmnXg1bIMBoBHDcqA==
X-ME-Sender: <xms:Rb3NXDZSwKRcjbWxE9SnWYNUMealYxmyYlZMKDLR7sAMxxweG9XpAg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrjeefgddutdduucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufgffkfggtgesghdtreertd
 ertdenucfhrhhomhepofgrrhhiuhhsuceurghkkhgvuceomhgsrghkkhgvsehfrghsthhm
 rghilhdrtghomheqnecukfhppeeivddrudeirddvvdeirddugedtnecurfgrrhgrmhepmh
 grihhlfhhrohhmpehmsggrkhhkvgesfhgrshhtmhgrihhlrdgtohhmnecuvehluhhsthgv
 rhfuihiivgeptd
X-ME-Proxy: <xmx:Rb3NXOLuCah3S0Zc8pSQMZsclXdy5X5WKcNDNUxbntT0rUeU0iZ5gw>
 <xmx:Rb3NXOhBYK1O8n4VVFWP4-qO9jd7IYVoVlNxUMN_Iu3eLJGJti1QeQ>
 <xmx:Rb3NXKy1oDtxp7nXfhsfwdgNCw-lLvIKspZp9JI_f47zzXHX5gBUBA>
 <xmx:Rb3NXCalO76KPGzc4EUGKPAqlbjNc4Uztxy4HHnSpzxdYcSplR5z6g>
Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140])
 by mail.messagingengine.com (Postfix) with ESMTPA id 8EEB5103CB
 for <guix-patches@gnu.org>; Sat,  4 May 2019 12:26:44 -0400 (EDT)
From: Marius Bakke <mbakke@fastmail.com>
To: guix-patches@gnu.org
Subject: WPA Supplicant 2.8
User-Agent: Notmuch/0.28.3 (https://notmuchmail.org) Emacs/26.2
 (x86_64-pc-linux-gnu)
Date: Sat, 04 May 2019 18:26:42 +0200
Message-ID: <87sgtudw3h.fsf@fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 66.111.4.28
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Spam-Score: -1.6 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.6 (--)

--==-=-=
Content-Type: multipart/mixed; boundary="=-=-="

--=-=-=
Content-Type: text/plain

Hello!

Attached is a security update for WPA Supplicant.

The new version toggles a lot of build-time options to more closely
resemble what Debian and Arch do.  Unfortunately the new defaults
appears to require OpenSSL instead of GnuTLS.

Thoughts?


--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment;
 filename=0001-gnu-wpa_supplicant-Update-to-2.8-security-fixes.patch
Content-Transfer-Encoding: quoted-printable

From=20194bb2914a0724587f04dd03cb4dd40465887248 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Tue, 30 Apr 2019 00:05:36 +0200
Subject: [PATCH] gnu: wpa_supplicant: Update to 2.8 [security fixes].

This release fixes CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-94=
97,
CVE-2019-9498, CVE-2019-9499, and CVE-2019-11555.

* gnu/packages/admin.scm (wpa-supplicant-minimal): Update to 2.8.
[source](snippet): New field.  Disable D-Bus.
[arguments]: Remove now-default CONFIG_DEBUG_SYSLOG=3Dy.  Change CONFIG_TLS=
 to
use OpenSSL rather than GnuTLS.
[inputs]: Remove GNUTLS and LIBGCRYPT.  Add OPENSSL-NEXT.
(wpa-supplicant)[arguments]: Remove obsolete CONFIG_CTRL_IFACE_DBUS=3Dy.
=2D--
 gnu/packages/admin.scm | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 275ce8bb2f..e0fc1c54c9 100644
=2D-- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -1198,16 +1198,23 @@ commands and their arguments.")
 (define-public wpa-supplicant-minimal
   (package
     (name "wpa-supplicant-minimal")
=2D    (version "2.7")
+    (version "2.8")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "https://w1.fi/releases/wpa_supplicant-"
=2D                    version
=2D                    ".tar.gz"))
+                    version ".tar.gz"))
               (sha256
                (base32
=2D                "0x1hqyahq44jyla8jl6791nnwrgicrhidadikrnqxsm2nw36pskn"))=
))
+                "15ixzm347n8w6gdvi3j3yks3i15qmp6by9ayvswm34d929m372d6"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  (substitute* "wpa_supplicant/defconfig"
+                    ;; Disable D-Bus by default.
+                    (("^CONFIG_CTRL_IFACE_DBUS_" line _)
+                     (string-append "#" line)))
+                    #t))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -1218,10 +1225,7 @@ commands and their arguments.")
              (copy-file "defconfig" ".config")
              (let ((port (open-file ".config" "al")))
                (display "
=2D      CONFIG_DEBUG_SYSLOG=3Dy
=2D
=2D      # Choose GnuTLS (the default is OpenSSL.)
=2D      CONFIG_TLS=3Dgnutls
+      CONFIG_TLS=3Dopenssl
=20
       CONFIG_DRIVER_NL80211=3Dy
       CFLAGS +=3D $(shell pkg-config libnl-3.0 --cflags)
@@ -1255,8 +1259,7 @@ commands and their arguments.")
     (inputs
      `(("readline" ,readline)
        ("libnl" ,libnl)
=2D       ("gnutls" ,gnutls)
=2D       ("libgcrypt" ,libgcrypt)))                 ;needed by crypto_gnut=
ls.c
+       ("openssl" ,openssl-next)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (home-page "https://w1.fi/wpa_supplicant/")
@@ -1289,7 +1292,6 @@ command.")
              (lambda _
                (let ((port (open-file ".config" "al")))
                  (display "
=2D      CONFIG_CTRL_IFACE_DBUS=3Dy
       CONFIG_CTRL_IFACE_DBUS_NEW=3Dy
       CONFIG_CTRL_IFACE_DBUS_INTRO=3Dy\n" port)
                  (close-port port))
=2D-=20
2.21.0


--=-=-=--

--==-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlzNvUIACgkQoqBt8qM6
VPrCiwgAjlmWxmrELQOpiUcxxGmvukTkbC72b8PP1IIiFxKqUn4tbQoBtJfwveLp
/EBp60pdfRoXMbtE0i3wPRY1NCzG/kt7zEudMZR1c6LTzKsz7PeZVdx5d1gXB2V5
sZW+9kT8ardjSpC+wx5iPvDCobaC4d1j50EA8am9A1CE1EBPqk2FxMTq7GejpJr1
bFpEbZpoNnNfwMcS682lDgaDuY0GPI2jLFYuTb8M7WghegCYXpRwPbM1VHwF632j
uMrAR9nmFsxEGVgjUtmPp6SrJ/CIb9WsbJ+riKBTisjFWt+gcZbrexZOY5cmfGzj
j4/R5NCgROr6H9J/+ebtrG7Q93WPtw==
=IoZj
-----END PGP SIGNATURE-----
--==-=-=--



------------=_1557416164-30289-1--


From unknown Tue Aug 19 05:08:13 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#35563] WPA Supplicant 2.8
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Fri, 10 May 2019 07:53:01 +0000
Resent-Message-ID: <handler.35563.D35563.15574747458475@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 35563
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: 
To: Marius Bakke <mbakke@fastmail.com>
Cc: 35563-done@debbugs.gnu.org
Received: via spool by 35563-done@debbugs.gnu.org id=D35563.15574747458475
          (code D ref 35563); Fri, 10 May 2019 07:53:01 +0000
Received: (at 35563-done) by debbugs.gnu.org; 10 May 2019 07:52:25 +0000
Received: from localhost ([127.0.0.1]:37020 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1hP0KP-0002Cd-6a
	for submit@debbugs.gnu.org; Fri, 10 May 2019 03:52:25 -0400
Received: from eggs.gnu.org ([209.51.188.92]:39703)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1hP0KN-0002CP-JK
 for 35563-done@debbugs.gnu.org; Fri, 10 May 2019 03:52:23 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:57770)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1hP0KI-0005Ut-Dp; Fri, 10 May 2019 03:52:18 -0400
Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=51336 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1hP0KH-0006a5-Uj; Fri, 10 May 2019 03:52:18 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
References: <87sgtudw3h.fsf@fastmail.com> <874l68ngu5.fsf@gnu.org>
 <87ftpren3h.fsf@fastmail.com> <877eb25lzx.fsf@gnu.org>
 <87bm0bd4j2.fsf@fastmail.com>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 21 =?UTF-8?Q?Flor=C3=A9al?= an 227 de la =?UTF-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Fri, 10 May 2019 09:52:15 +0200
In-Reply-To: <87bm0bd4j2.fsf@fastmail.com> (Marius Bakke's message of "Thu, 09
 May 2019 17:35:45 +0200")
Message-ID: <87ftpm691s.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi!

Marius Bakke <mbakke@fastmail.com> skribis:

> Errh nevermind, the "wpa-supplicant-minimal" package does *not* have
> D-Bus in its closure.  The updated sizes are 87.8 and 102.1 MiB.

Alright.  :-)

>> So I guess you can go ahead and push so we can all test it in the coming
>> days!
>
> I have tested this on a few different setups and it appears to work
> fine.  Pushed as aeb1ed1abcc953694bcd742ae5e3ba5a13506373!

Thanks!

Ludo=E2=80=99.