[debbugs-tracker] bug#35563: closed (WPA Supplicant 2.8)

[GNU bug Tracking System]

Your message dated Thu, 09 May 2019 17:35:45 +0200
with message-id <address@hidden>
and subject line Re: [bug#35563] WPA Supplicant 2.8
has caused the debbugs.gnu.org bug report #35563,
regarding WPA Supplicant 2.8
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
35563: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=35563
GNU Bug Tracking System
Contact address@hidden with problems

--- Begin Message --- Subject: WPA Supplicant 2.8 Date: Sat, 04 May 2019 18:26:42 +0200 User-agent: Notmuch/0.28.3 (https://notmuchmail.org) Emacs/26.2 (x86_64-pc-linux-gnu)

Hello!

Attached is a security update for WPA Supplicant.

The new version toggles a lot of build-time options to more closely
resemble what Debian and Arch do.  Unfortunately the new defaults
appears to require OpenSSL instead of GnuTLS.

Thoughts?

0001-gnu-wpa_supplicant-Update-to-2.8-security-fixes.patch
Description: Text Data

signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message --- Subject: Re: [bug#35563] WPA Supplicant 2.8 Date: Thu, 09 May 2019 17:35:45 +0200 User-agent: Notmuch/0.28.3 (https://notmuchmail.org) Emacs/26.2 (x86_64-pc-linux-gnu)

Ludovic Courtès <address@hidden> writes:

> Hi,
>
> Marius Bakke <address@hidden> skribis:
>
>> Ludovic Courtès <address@hidden> writes:
>>
>>> Hello Marius,
>>>
>>> Marius Bakke <address@hidden> skribis:
>>>
>>>> Attached is a security update for WPA Supplicant.
>>>>
>>>> The new version toggles a lot of build-time options to more closely
>>>> resemble what Debian and Arch do.  Unfortunately the new defaults
>>>> appears to require OpenSSL instead of GnuTLS.
>>>
>>> What happens when you keep CONFIG_TLS=gnutls?
>>
>> The linker fails to find a lot of OpenSSL interfaces.  Short excerpt:
>>
>> ld: ../src/common/dpp.o: in function `dpp_set_pubkey_point':
>> /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supplicant/../src/common/dpp.c:538:
>>  undefined reference to `EVP_PKEY_get1_EC_KEY'
>> ld: 
>> /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supplicant/../src/common/dpp.c:545:
>>  undefined reference to `EC_KEY_get0_group'
>> ld: 
>> /tmp/guix-build-wpa-supplicant-2.8.drv-0/wpa_supplicant-2.8/wpa_supplicant/../src/common/dpp.c:552:
>>  undefined reference to `EC_KEY_free'
>>
>> Omitting the OpenSSL input makes it fail earlier due to lack of headers.
>
> OK.
>
>>> This change is unrelated to the upgrade, right?  It would break Connman
>>> (which expects to talk to wpa_supplicant over D-Bus), as well as
>>> NetworkManager probably, no?  Or am I missing something?
>>
>> The distinguishing feature between "wpa-supplicant-minimal" and
>> "wpa-supplicant" is D-Bus support.
>>
>> Upstream enabled D-Bus by default in version 2.8, so I toggled it back
>> with the snippet above so "wpa-supplicant-minimal" stays the same.
>>
>> However I notice now that the new "wpa-supplicant-minimal" has D-Bus in
>> its closure even though the D-Bus interface is disabled.
>>
>> So I'm not sure if it makes sense to have the separate -minimal variant
>> anymore.  The size of both wpa-supplicant variants are 102.4MiB after
>> this patch, down from 157.4 and 143.1 MiB on the Guix master branch.
>
> Well you’re right, maybe it doesn’t make much sense to keep both
> variants in that case.

Errh nevermind, the "wpa-supplicant-minimal" package does *not* have
D-Bus in its closure.  The updated sizes are 87.8 and 102.1 MiB.

> So I guess you can go ahead and push so we can all test it in the coming
> days!

I have tested this on a few different setups and it appears to work
fine.  Pushed as aeb1ed1abcc953694bcd742ae5e3ba5a13506373!

signature.asc
Description: PGP signature

--- End Message ---