From 194bb2914a0724587f04dd03cb4dd40465887248 Mon Sep 17 00:00:00 2001
From: Marius Bakke <address@hidden>
Date: Tue, 30 Apr 2019 00:05:36 +0200
Subject: [PATCH] gnu: wpa_supplicant: Update to 2.8 [security fixes].

This release fixes CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497,
CVE-2019-9498, CVE-2019-9499, and CVE-2019-11555.

* gnu/packages/admin.scm (wpa-supplicant-minimal): Update to 2.8.
[source](snippet): New field.  Disable D-Bus.
[arguments]: Remove now-default CONFIG_DEBUG_SYSLOG=y.  Change CONFIG_TLS to
use OpenSSL rather than GnuTLS.
[inputs]: Remove GNUTLS and LIBGCRYPT.  Add OPENSSL-NEXT.
(wpa-supplicant)[arguments]: Remove obsolete CONFIG_CTRL_IFACE_DBUS=y.
---
 gnu/packages/admin.scm | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 275ce8bb2f..e0fc1c54c9 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -1198,16 +1198,23 @@ commands and their arguments.")
 (define-public wpa-supplicant-minimal
   (package
     (name "wpa-supplicant-minimal")
-    (version "2.7")
+    (version "2.8")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "https://w1.fi/releases/wpa_supplicant-"
-                    version
-                    ".tar.gz"))
+                    version ".tar.gz"))
               (sha256
                (base32
-                "0x1hqyahq44jyla8jl6791nnwrgicrhidadikrnqxsm2nw36pskn"))))
+                "15ixzm347n8w6gdvi3j3yks3i15qmp6by9ayvswm34d929m372d6"))
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  (substitute* "wpa_supplicant/defconfig"
+                    ;; Disable D-Bus by default.
+                    (("^CONFIG_CTRL_IFACE_DBUS_" line _)
+                     (string-append "#" line)))
+                    #t))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -1218,10 +1225,7 @@ commands and their arguments.")
              (copy-file "defconfig" ".config")
              (let ((port (open-file ".config" "al")))
                (display "
-      CONFIG_DEBUG_SYSLOG=y
-
-      # Choose GnuTLS (the default is OpenSSL.)
-      CONFIG_TLS=gnutls
+      CONFIG_TLS=openssl
 
       CONFIG_DRIVER_NL80211=y
       CFLAGS += $(shell pkg-config libnl-3.0 --cflags)
@@ -1255,8 +1259,7 @@ commands and their arguments.")
     (inputs
      `(("readline" ,readline)
        ("libnl" ,libnl)
-       ("gnutls" ,gnutls)
-       ("libgcrypt" ,libgcrypt)))                 ;needed by crypto_gnutls.c
+       ("openssl" ,openssl-next)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (home-page "https://w1.fi/wpa_supplicant/")
@@ -1289,7 +1292,6 @@ command.")
              (lambda _
                (let ((port (open-file ".config" "al")))
                  (display "
-      CONFIG_CTRL_IFACE_DBUS=y
       CONFIG_CTRL_IFACE_DBUS_NEW=y
       CONFIG_CTRL_IFACE_DBUS_INTRO=y\n" port)
                  (close-port port))
-- 
2.21.0