Adding patch to fix bug #501828

Package-Manager: portage-2.2.8-r1/cvs/Linux i686
Manifest-Sign-Key: 0x15AE484C

4 files changed, 85 insertions, 7 deletions

diff --git a/net-wireless/wpa_supplicant/ChangeLog b/net-wireless/wpa_supplicant/ChangeLog
index 2b7693bf84d9..004daaa17346 100644
--- a/net-wireless/wpa_supplicant/ChangeLog
+++ b/net-wireless/wpa_supplicant/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-wireless/wpa_supplicant
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-wireless/wpa_supplicant/ChangeLog,v 1.209 2014/02/14 08:20:31 gurligebis Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-wireless/wpa_supplicant/ChangeLog,v 1.210 2014/02/25 07:53:52 gurligebis Exp $
+
+*wpa_supplicant-2.1-r1 (25 Feb 2014)
+
+  25 Feb 2014; <gurligebis@gentoo.org> -wpa_supplicant-2.1.ebuild,
+  +wpa_supplicant-2.1-r1.ebuild, +files/wpa_supplicant-2.1-WPA-fix.patch:
+  Adding patch to fix bug #501828
 
   14 Feb 2014; <gurligebis@gentoo.org> wpa_supplicant-2.1.ebuild,
   +files/wpa_supplicant-2.1-NFC-fix.patch:
diff --git a/net-wireless/wpa_supplicant/Manifest b/net-wireless/wpa_supplicant/Manifest
index 5b84addd92f4..bac53f12f452 100644
--- a/net-wireless/wpa_supplicant/Manifest
+++ b/net-wireless/wpa_supplicant/Manifest
@@ -7,6 +7,7 @@ AUX wpa_supplicant-2.0-do-not-call-dbus-functions-with-NULL-path.patch 2131 SHA2
 AUX wpa_supplicant-2.0-fix-undefined-reference-to-random_get_bytes.patch 633 SHA256 29b9a9ba8d4b53313593c3f56ad13e776ee76fbd04bc33b35e1d6f61e571b496 SHA512 e6e27a982c064bff7c833d33051205ddbaf931f7116724880c9c6e676139ccc69b0302229817d6c618cb3669ec68989b347a1cb40660c4ab124df9841bc7c020 WHIRLPOOL 38950a4044cfb9b9f56852e465297fed94bb9fa76907d4247346a24a7f40457b0c34dd12338d6cff9677da6b6b9d315989f4911242d472d0dbb4f8fcb8a930c9
 AUX wpa_supplicant-2.0-generate-libeap-peer.patch 9778 SHA256 771e2392754c094a8b4bacbcbff77429946e7c4acfdef37be7deab5d6ad2994e SHA512 7ceb37e7d23864351dc4960d6e867f02bd6004b29b2b4d2ca6d9bda2a71946c2dc83d2197828c56d46420ad7c3d3309b684335009b7f9129915cd113b73e6adf WHIRLPOOL 68ee035c05a4bb79479dfd62057695862073c41f4bd9265719e01cbf29328fcea6970ffeb0903e4aec83428bfa2e62a280748bfeab668e490c6763788b903dfa
 AUX wpa_supplicant-2.1-NFC-fix.patch 3817 SHA256 2a09148fe7ac406f2e2a1cbeadbc98684a9b474022e1be8080f4385e0ae3c0f5 SHA512 1a59cdb78203df24d202029f7a0245043b9773d3317a8814e778c7a3addca6d667fd2cbd0a02c76861aa1a9b63eccfeccd060fe483756c4b27498f9e8a0dad13 WHIRLPOOL 899db14999b2c50e017ff51a0dae1ef5d617fefc29d292e71712dc72d45dcda96c0ff195de688a77ae2087ddcec80f8866532e7080c9af352048389aed792c82
+AUX wpa_supplicant-2.1-WPA-fix.patch 2389 SHA256 95f591c3d00eb1bfa1a381cb4cff25b52e72f5215bba91eff725de860caeff9f SHA512 5ad5b0c7101a5b74bd3a2cc3c4108dad17a0c6e578b068d42383934413574864134190be5f48ce965615c266c54077ed054021d54c00209bf41b6b618af0e277 WHIRLPOOL cda3de41381218aac01b16588eb2b9bdc4315bfc1d4394326b7984a1f7741b94ae73d0e559ac699f30ca35a29bfb0668ee59c125e8cfdf66d48af12da5ccbe9b
 AUX wpa_supplicant-2.1-dbus-path-fix.patch 1028 SHA256 9d829625bbc8ddc5d9f117726ce5b505e87ceab4c42cee4241eba08d04391579 SHA512 7521764830b0ac27046c9030c632fe4f36937452b8352a257eaba28ff7a628b2d5d0b4187a23cdffe54c5adab42352ec9f7907e2606f68164d708cea34be5e45 WHIRLPOOL d36fa9563368e9670241fc2da4864a1cbe5e3190824d9b0d81739642d9e8f56bea1914dd44832df1f7ea7614331302259c6e1bfb668d7519c41a0e227fc05b61
 AUX wpa_supplicant-2.1-do-not-call-dbus-functions-with-NULL-path.patch 2131 SHA256 05231a2468853898595c6fffc0fd596c66b5d819d423d772ae2073197e9bf14c SHA512 3578594428c0361e5c9bfc80c8d467175082fd1837f026ae46a26bbd5068526a3c800bff474212bad38d7a1924d037e48a1134660332dcbace2245aa6e5f73a4 WHIRLPOOL f03fa121df0f4ffe14e6e65f9698d6cc6daf2454550afed0149a0923888ef5cd42893a3232f8a0aa188d62b45569679855bf4169a7868601b39b83e799ac8654
 AUX wpa_supplicant-2.1-fix-undefined-reference-to-random_get_bytes.patch 633 SHA256 29b9a9ba8d4b53313593c3f56ad13e776ee76fbd04bc33b35e1d6f61e571b496 SHA512 e6e27a982c064bff7c833d33051205ddbaf931f7116724880c9c6e676139ccc69b0302229817d6c618cb3669ec68989b347a1cb40660c4ab124df9841bc7c020 WHIRLPOOL 38950a4044cfb9b9f56852e465297fed94bb9fa76907d4247346a24a7f40457b0c34dd12338d6cff9677da6b6b9d315989f4911242d472d0dbb4f8fcb8a930c9
@@ -19,13 +20,13 @@ AUX wpa_supplicant_at.service 314 SHA256 caa0104f7169909d30f0c4ce9fa9a6c27e7ddb7
 DIST wpa_supplicant-2.0.tar.gz 2044281 SHA256 2c115609fbb5223d51381084a5c944455a8afcda81d584173ff55ba233379e09 SHA512 c3a599e1dfa5e0bb4b8d35ed49501696ce68c807ff458c1e3bff9ed5619c780f7117c6d8d7cb9a11351e9fad27cf83fc114f255c92552e7ba084de70c5f8e254 WHIRLPOOL 603f9ac54505166690516a0f1e3112a8279a7184a54066699ad24b1f6269ad90c46a01a87d23bb62df782cdf561aa6f8b5a11e7ee59914cb36be8daea470389e
 DIST wpa_supplicant-2.1.tar.gz 2222066 SHA256 91632e7e3b49a340ce408e2f978a93546a697383abf2e5a60f146faae9e1b277 SHA512 eb1075623502d3e8f02c803ce31487fe5efce172e30d6b818ac835f7bbfe0140a225f95573ba4557f29e54d4623be2eb4a6ee18675ae6a676ccd46c33b0b3843 WHIRLPOOL a96f6544abe640c2f246e6bad5056344ca29214a8e2703e887e10640ee35eb8d8fb42e4c2416d313d3a2d8dd89ed3876ff0a981fac7a6b77be9597bc9730dbe6
 EBUILD wpa_supplicant-2.0-r2.ebuild 9086 SHA256 a8b7ce63e9ba7b62487e11139f7de923506f5e8a072a3e452f4be45382b45567 SHA512 9dbe3a9cd9a7e1305ea0666f3f457dfe4f7944eff7cf7b597fe41a16ca6e606f0ce69d467e2c0f767eedb2d5742bed3d8207e8ec922d872e41518dda9699de32 WHIRLPOOL c7e95a15ab9a76f21af1eaf8731d059c8aaed61599013c4468dd6802293b154aa5f28314915d17ebfb5d7640680f2fd51c49f3fad2e1c1f9318512234003fe90
-EBUILD wpa_supplicant-2.1.ebuild 9195 SHA256 18d7d66331049cbee97c87f62763c5e5c32dcd7c51525ee2a62b15735fc71cb5 SHA512 b30ece4b1fedb653213cfaf6c51ac070fc495c9e83d826d48fe56a908594edbc1108af790ca86a2c53583df864fb380632df4e9e0970c2e1b28ec9f794fe297d WHIRLPOOL ecdaff491a7cd7ba0c0b3ac890a7ef0d734763c87f0939c829968500315d5c8e4e0c54566a4bba0c4fac045e51a5162558525e65d8efd79c799c718bf3c6e528
-MISC ChangeLog 43135 SHA256 b1e0f636c5b73b7e89d7bc3b87ea97ec94b61c51d6cd9cb56237f1b3543af4e4 SHA512 a224e17583b8f2fa6f44b863dd3a8ac4480b757a1cd3ed00e19c70a6525ef41b162c4d6a1aa2b25e018f0f445ee09dd57b20dc2c71b808f350769da8c0ac310e WHIRLPOOL 1a24ae33e3ea871a66ff43b64ee466724fa91105d6aa334c78d699e21fc313daa50e7d5eff001527b92a67c46103c66145e84dd048ed7257b301ffbc41cd57af
+EBUILD wpa_supplicant-2.1-r1.ebuild 9256 SHA256 60cddfcf5709c1c729903e3bf55055d071127d50d81c305e7f00b3a421665874 SHA512 ef1d9cf8ded580e096cebe8645652b52b34c37e8ad7a9bc9a2bce049461fdfe4bfbed54b1b64b4e7f79b3ed5892d3c217fdbcd2ebdeb9cec10595303fc3896e9 WHIRLPOOL afae6014a084ae63117178c1655600077facd0fa2d55733ee9d31b1da0be0038c47ae9ec7da85e16e7537ed5217e2fd1331925da7b8f6b7cce6277f828afb6d5
+MISC ChangeLog 43349 SHA256 f527c055602341a251d5707bd98bcdf664197deb9d22592f8a565f41ed976182 SHA512 a8bc5768639d426eb4ce435f9f15d55392308fe13d03acc62c1945757ea312b87670728753ca55d25f232b0d53eb77a279a7feab8b966e0954b301332c7f52d9 WHIRLPOOL c2e70c91883c6c4e06de95d0c4a03b4fb5b0a87608469a756552b9db44655d35cf40bed18b43f92858147062ebe9b4eb6b87e298b223b46aec5eec909dce02cc
 MISC metadata.xml 1107 SHA256 eae15b505a1ed1406d589cd6dc9227a87340119331e8373ff25302f6a9c098c8 SHA512 bcca37682eae987546d19d7b43cf62d5dabb5d905b392728b17590a5d0692c5019bc1c29513799a5c4f8c4177e42de0397cfb1387cb56463a7fa47f0425fcae8 WHIRLPOOL 13218a055188f39f11f005885bc5a80ea63f3984cab53b73a9d0190ef3c164a2be4448902217e9913f65c14b32e8cceaa0b1a65df5e7acb8e9eac39a614a1a4b
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iEYEAREIAAYFAlL90dEACgkQsR7PQhRXYEk26ACfbhwWYFueo7UsqoAL/R/3ojom
-u4UAnAjw832iHZfx8opq9GTCMgInJtaa
-=leyo
+iEYEAREIAAYFAlMMTBEACgkQsR7PQhRXYEn3TACfbBKiqCoAbHXxo9OTZWfBtTMS
+xJAAniuCRFXUTh+gaH5tlVi+g9X7uErf
+=vJax
 -----END PGP SIGNATURE-----
diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.1-WPA-fix.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.1-WPA-fix.patch
new file mode 100644
index 000000000000..e3141b0eab6f
--- /dev/null
+++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.1-WPA-fix.patch
@@ -0,0 +1,68 @@
+From b62d5b5450101676a0c05691b4bcd94e11426397 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Wed, 19 Feb 2014 09:56:02 +0000
+Subject: Revert "OpenSSL: Do not accept SSL Client certificate for server"
+
+This reverts commit 51e3eafb68e15e78e98ca955704be8a6c3a7b304. There are
+too many deployed AAA servers that include both id-kp-clientAuth and
+id-kp-serverAuth EKUs for this change to be acceptable as a generic rule
+for AAA authentication server validation. OpenSSL enforces the policy of
+not connecting if only id-kp-clientAuth is included. If a valid EKU is
+listed with it, the connection needs to be accepted.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+diff --git a/src/crypto/tls.h b/src/crypto/tls.h
+index 287fd33..feba13f 100644
+--- a/src/crypto/tls.h
++++ b/src/crypto/tls.h
+@@ -41,8 +41,7 @@ enum tls_fail_reason {
+ 	TLS_FAIL_ALTSUBJECT_MISMATCH = 6,
+ 	TLS_FAIL_BAD_CERTIFICATE = 7,
+ 	TLS_FAIL_SERVER_CHAIN_PROBE = 8,
+-	TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9,
+-	TLS_FAIL_SERVER_USED_CLIENT_CERT = 10
++	TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9
+ };
+ 
+ union tls_event_data {
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index a13fa38..8cf1de8 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -105,7 +105,6 @@ struct tls_connection {
+ 	unsigned int ca_cert_verify:1;
+ 	unsigned int cert_probe:1;
+ 	unsigned int server_cert_only:1;
+-	unsigned int server:1;
+ 
+ 	u8 srv_cert_hash[32];
+ 
+@@ -1480,16 +1479,6 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
+ 				       TLS_FAIL_SERVER_CHAIN_PROBE);
+ 	}
+ 
+-	if (!conn->server && err_cert && preverify_ok && depth == 0 &&
+-	    (err_cert->ex_flags & EXFLAG_XKUSAGE) &&
+-	    (err_cert->ex_xkusage & XKU_SSL_CLIENT)) {
+-		wpa_printf(MSG_WARNING, "TLS: Server used client certificate");
+-		openssl_tls_fail_event(conn, err_cert, err, depth, buf,
+-				       "Server used client certificate",
+-				       TLS_FAIL_SERVER_USED_CLIENT_CERT);
+-		preverify_ok = 0;
+-	}
+-
+ 	if (preverify_ok && context->event_cb != NULL)
+ 		context->event_cb(context->cb_ctx,
+ 				  TLS_CERT_CHAIN_SUCCESS, NULL);
+@@ -2541,8 +2530,6 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
+ 	int res;
+ 	struct wpabuf *out_data;
+ 
+-	conn->server = !!server;
+-
+ 	/*
+ 	 * Give TLS handshake data from the server (if available) to OpenSSL
+ 	 * for processing.
+--
+cgit v0.9.2
diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.1.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.1-r1.ebuild
index 04c3ecba5579..301e33789a93 100644
--- a/net-wireless/wpa_supplicant/wpa_supplicant-2.1.ebuild
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.1-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-wireless/wpa_supplicant/wpa_supplicant-2.1.ebuild,v 1.2 2014/02/14 08:20:31 gurligebis Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-wireless/wpa_supplicant/wpa_supplicant-2.1-r1.ebuild,v 1.1 2014/02/25 07:53:52 gurligebis Exp $
 
 EAPI=4
 
@@ -93,6 +93,9 @@ src_prepare() {
 	# bug (320097)
 	epatch "${FILESDIR}/${P}-do-not-call-dbus-functions-with-NULL-path.patch"
 
+	# bug (501828)
+	epatch "${FILESDIR}/${P}-WPA-fix.patch"
+
 	# TODO - NEED TESTING TO SEE IF STILL NEEDED, NOT COMPATIBLE WITH 1.0 OUT OF THE BOX,
 	# SO WOULD BE NICE TO JUST DROP IT, IF IT IS NOT NEEDED.
 	# bug (374089)