From 134d07bcea4d52f961c848dc82c07304cae6a928 Mon Sep 17 00:00:00 2001
From: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Date: Tue, 7 May 2019 23:01:33 +0200
Subject: wpa-supplicant: update to 2.8

Source: OpenEmbedded.org
MR: 97302, 97307, 97312, 97317, 97327, 97322
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-connectivity/wpa-supplicant?id=d6df8c1a7766e5df6351bb56f905664394cbdcc0
ChangeID: 90cdfc7008381f91dd18f6310c8c862a1f13c818
Description:

License checksums were changed due to modified copyright years.

Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Bug fix update only
Includes
CVE-2019-9494
CVE-2019-9495
CVE-2019-9496
CVE-2019-9497
CVE-2019-9498
]

Signed-off-by: Armin Kuster <akuster@mvista.com>
---
 .../wpa-supplicant/wpa-supplicant_2.8.bb           | 111 +++++++++++++++++++++
 1 file changed, 111 insertions(+)
 create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.8.bb

(limited to 'meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.8.bb')

diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.8.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.8.bb
new file mode 100644
index 0000000000..073a3004bd
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.8.bb
@@ -0,0 +1,111 @@
+SUMMARY = "Client for Wi-Fi Protected Access (WPA)"
+HOMEPAGE = "http://w1.fi/wpa_supplicant/"
+BUGTRACKER = "http://w1.fi/security/"
+SECTION = "network"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=279b4f5abb9c153c285221855ddb78cc \
+                    file://README;beginline=1;endline=56;md5=e7d3dbb01f75f0b9799e192731d1e1ff \
+                    file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=0a8b56d3543498b742b9c0e94cc2d18b"
+DEPENDS = "dbus libnl"
+RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli"
+
+PACKAGECONFIG ??= "gnutls"
+PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt"
+PACKAGECONFIG[openssl] = ",,openssl"
+
+inherit pkgconfig systemd
+
+SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service wpa_supplicant-nl80211@.service wpa_supplicant-wired@.service"
+SYSTEMD_AUTO_ENABLE = "disable"
+
+SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz  \
+           file://defconfig \
+           file://wpa-supplicant.sh \
+           file://wpa_supplicant.conf \
+           file://wpa_supplicant.conf-sane \
+           file://99_wpa_supplicant \
+           file://0001-replace-systemd-install-Alias-with-WantedBy.patch \
+          "
+SRC_URI[md5sum] = "0af5998c5d924e985cab16b9a1c77904"
+SRC_URI[sha256sum] = "a689336a12a99151b9de5e25bfccadb88438f4f4438eb8db331cd94346fd3d96"
+
+CVE_PRODUCT = "wpa_supplicant"
+
+S = "${WORKDIR}/wpa_supplicant-${PV}"
+
+PACKAGES_prepend = "wpa-supplicant-passphrase wpa-supplicant-cli "
+FILES_wpa-supplicant-passphrase = "${bindir}/wpa_passphrase"
+FILES_wpa-supplicant-cli = "${sbindir}/wpa_cli"
+FILES_${PN} += "${datadir}/dbus-1/system-services/*"
+CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf"
+
+do_configure () {
+	${MAKE} -C wpa_supplicant clean
+	install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config
+	echo "CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config
+	echo "DRV_CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config
+	
+	if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then
+        	ssl=openssl
+	elif echo "${PACKAGECONFIG}" | grep -qw "gnutls"; then
+        	ssl=gnutls
+	fi
+	if [ -n "$ssl" ]; then
+        	sed -i "s/%ssl%/$ssl/" wpa_supplicant/.config
+	fi
+
+	# For rebuild
+	rm -f wpa_supplicant/*.d wpa_supplicant/dbus/*.d
+}
+
+export EXTRA_CFLAGS = "${CFLAGS}"
+export BINDIR = "${sbindir}"
+
+do_compile () {
+	unset CFLAGS CPPFLAGS CXXFLAGS
+	sed -e "s:CFLAGS\ =.*:& \$(EXTRA_CFLAGS):g" -i ${S}/src/lib.rules
+	oe_runmake -C wpa_supplicant
+}
+
+do_install () {
+	install -d ${D}${sbindir}
+	install -m 755 wpa_supplicant/wpa_supplicant ${D}${sbindir}
+	install -m 755 wpa_supplicant/wpa_cli        ${D}${sbindir}
+
+	install -d ${D}${bindir}
+	install -m 755 wpa_supplicant/wpa_passphrase ${D}${bindir}
+
+	install -d ${D}${docdir}/wpa_supplicant
+	install -m 644 wpa_supplicant/README ${WORKDIR}/wpa_supplicant.conf ${D}${docdir}/wpa_supplicant
+
+	install -d ${D}${sysconfdir}
+	install -m 600 ${WORKDIR}/wpa_supplicant.conf-sane ${D}${sysconfdir}/wpa_supplicant.conf
+
+	install -d ${D}${sysconfdir}/network/if-pre-up.d/
+	install -d ${D}${sysconfdir}/network/if-post-down.d/
+	install -d ${D}${sysconfdir}/network/if-down.d/
+	install -m 755 ${WORKDIR}/wpa-supplicant.sh ${D}${sysconfdir}/network/if-pre-up.d/wpa-supplicant
+	cd ${D}${sysconfdir}/network/ && \
+	ln -sf ../if-pre-up.d/wpa-supplicant if-post-down.d/wpa-supplicant
+
+	install -d ${D}/${sysconfdir}/dbus-1/system.d
+	install -m 644 ${S}/wpa_supplicant/dbus/dbus-wpa_supplicant.conf ${D}/${sysconfdir}/dbus-1/system.d
+	install -d ${D}/${datadir}/dbus-1/system-services
+	install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services
+
+	if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+		install -d ${D}/${systemd_unitdir}/system
+		install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_unitdir}/system
+	fi
+
+	install -d ${D}/etc/default/volatiles
+	install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles
+}
+
+pkg_postinst_wpa-supplicant () {
+	# If we're offline, we don't need to do this.
+	if [ "x$D" = "x" ]; then
+		killall -q -HUP dbus-daemon || true
+	fi
+
+}
-- 
cgit 1.2.3-korg