From aeb1ed1abcc953694bcd742ae5e3ba5a13506373 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 30 Apr 2019 00:05:36 +0200 Subject: [PATCH] gnu: wpa_supplicant: Update to 2.8 [security fixes]. This release fixes CVE-2019-9494, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, and CVE-2019-11555. * gnu/packages/admin.scm (wpa-supplicant-minimal): Update to 2.8. [source](snippet): New field. Disable D-Bus. [arguments]: Change CONFIG_TLS to use OpenSSL rather than GnuTLS. This is required by many of the new default build-time settings. [inputs]: Remove GNUTLS and LIBGCRYPT. Add OPENSSL. (wpa-supplicant)[arguments]: Remove obsolete CONFIG_CTRL_IFACE_DBUS=y. --- gnu/packages/admin.scm | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 5ab6af71f6..dbc6f7ff2a 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -1130,16 +1130,23 @@ commands and their arguments.") (define-public wpa-supplicant-minimal (package (name "wpa-supplicant-minimal") - (version "2.7") + (version "2.8") (source (origin (method url-fetch) (uri (string-append "https://w1.fi/releases/wpa_supplicant-" - version - ".tar.gz")) + version ".tar.gz")) (sha256 (base32 - "0x1hqyahq44jyla8jl6791nnwrgicrhidadikrnqxsm2nw36pskn")))) + "15ixzm347n8w6gdvi3j3yks3i15qmp6by9ayvswm34d929m372d6")) + (modules '((guix build utils))) + (snippet + '(begin + (substitute* "wpa_supplicant/defconfig" + ;; Disable D-Bus to save ~14MiB on the closure size. + (("^CONFIG_CTRL_IFACE_DBUS" line _) + (string-append "#" line))) + #t)))) (build-system gnu-build-system) (arguments '(#:phases @@ -1152,8 +1159,7 @@ commands and their arguments.") (display " CONFIG_DEBUG_SYSLOG=y - # Choose GnuTLS (the default is OpenSSL.) - CONFIG_TLS=gnutls + CONFIG_TLS=openssl CONFIG_DRIVER_NL80211=y CFLAGS += $(shell pkg-config libnl-3.0 --cflags) @@ -1187,8 +1193,7 @@ commands and their arguments.") (inputs `(("readline" ,readline) ("libnl" ,libnl) - ("gnutls" ,gnutls) - ("libgcrypt" ,libgcrypt))) ;needed by crypto_gnutls.c + ("openssl" ,openssl))) (native-inputs `(("pkg-config" ,pkg-config))) (home-page "https://w1.fi/wpa_supplicant/") @@ -1221,7 +1226,6 @@ command.") (lambda _ (let ((port (open-file ".config" "al"))) (display " - CONFIG_CTRL_IFACE_DBUS=y CONFIG_CTRL_IFACE_DBUS_NEW=y CONFIG_CTRL_IFACE_DBUS_INTRO=y\n" port) (close-port port))