GNU bug report logs -
#35563
WPA Supplicant 2.8
Previous Next
Reported by: Marius Bakke <mbakke <at> fastmail.com>
Date: Sat, 4 May 2019 16:27:02 UTC
Severity: normal
Done: Marius Bakke <mbakke <at> fastmail.com>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your message dated Thu, 09 May 2019 17:35:45 +0200
with message-id <87bm0bd4j2.fsf <at> fastmail.com>
and subject line Re: [bug#35563] WPA Supplicant 2.8
has caused the debbugs.gnu.org bug report #35563,
regarding WPA Supplicant 2.8
to be marked as done.
(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)
--
35563: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=35563
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
[Message part 3 (text/plain, inline)]
Hello!
Attached is a security update for WPA Supplicant.
The new version toggles a lot of build-time options to more closely
resemble what Debian and Arch do. Unfortunately the new defaults
appears to require OpenSSL instead of GnuTLS.
Thoughts?
[0001-gnu-wpa_supplicant-Update-to-2.8-security-fixes.patch (text/x-patch, attachment)]
[signature.asc (application/pgp-signature, inline)]
[Message part 6 (message/rfc822, inline)]
[Message part 7 (text/plain, inline)]
Ludovic Courtès <ludo <at> gnu.org> writes:
> Hi,
>
> Marius Bakke <mbakke <at> fastmail.com> skribis:
>
>> Ludovic Courtès <ludo <at> gnu.org> writes:
>>
>>> Hello Marius,
>>>
>>> Marius Bakke <mbakke <at> fastmail.com> skribis:
>>>
>>>> Attached is a security update for WPA Supplicant.
>>>>
>>>> The new version toggles a lot of build-time options to more closely
>>>> resemble what Debian and Arch do. Unfortunately the new defaults
>>>> appears to require OpenSSL instead of GnuTLS.
>>>
>>> What happens when you keep CONFIG_TLS=gnutls?
>>
>> The linker fails to find a lot of OpenSSL interfaces. Short excerpt:
>>
>> ld: ../src/common/dpp.o: in function `dpp_set_pubkey_point':
>> /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supplicant/../src/common/dpp.c:538: undefined reference to `EVP_PKEY_get1_EC_KEY'
>> ld: /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supplicant/../src/common/dpp.c:545: undefined reference to `EC_KEY_get0_group'
>> ld: /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supplicant/../src/common/dpp.c:552: undefined reference to `EC_KEY_free'
>>
>> Omitting the OpenSSL input makes it fail earlier due to lack of headers.
>
> OK.
>
>>> This change is unrelated to the upgrade, right? It would break Connman
>>> (which expects to talk to wpa_supplicant over D-Bus), as well as
>>> NetworkManager probably, no? Or am I missing something?
>>
>> The distinguishing feature between "wpa-supplicant-minimal" and
>> "wpa-supplicant" is D-Bus support.
>>
>> Upstream enabled D-Bus by default in version 2.8, so I toggled it back
>> with the snippet above so "wpa-supplicant-minimal" stays the same.
>>
>> However I notice now that the new "wpa-supplicant-minimal" has D-Bus in
>> its closure even though the D-Bus interface is disabled.
>>
>> So I'm not sure if it makes sense to have the separate -minimal variant
>> anymore. The size of both wpa-supplicant variants are 102.4MiB after
>> this patch, down from 157.4 and 143.1 MiB on the Guix master branch.
>
> Well you’re right, maybe it doesn’t make much sense to keep both
> variants in that case.
Errh nevermind, the "wpa-supplicant-minimal" package does *not* have
D-Bus in its closure. The updated sizes are 87.8 and 102.1 MiB.
> So I guess you can go ahead and push so we can all test it in the coming
> days!
I have tested this on a few different setups and it appears to work
fine. Pushed as aeb1ed1abcc953694bcd742ae5e3ba5a13506373!
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 6 years and 74 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.