main/wpa_supplicant: upgrade to 2.2

2 files changed, 5 insertions, 77 deletions

diff --git a/main/wpa_supplicant/APKBUILD b/main/wpa_supplicant/APKBUILD
index d88292e00d..a7c924f1d0 100644
--- a/main/wpa_supplicant/APKBUILD
+++ b/main/wpa_supplicant/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=wpa_supplicant
-pkgver=2.1
-pkgrel=2
+pkgver=2.2
+pkgrel=0
 pkgdesc="A utility providing key negotiation for WPA wireless networks"
 url="http://hostap.epitest.fi/wpa_supplicant"
 arch="all"
@@ -11,7 +11,6 @@ depends="dbus"
 makedepends="openssl-dev dbus-dev libnl3-dev qt-dev"
 source="http://hostap.epitest.fi/releases/$pkgname-$pkgver.tar.gz
 	musl-fix-types.patch
-	Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-for-server.patch
 
 	wpa_supplicant.initd
 	wpa_supplicant.confd
@@ -154,18 +153,15 @@ gui() {
 	mv "$pkgdir"/usr/bin/wpa_gui "$subpkgdir"/usr/bin/
 }
 
-md5sums="e96b8db5a8171cd17a5b2012d6ad7cc7  wpa_supplicant-2.1.tar.gz
+md5sums="238e8e888bbd558e1a57e3eb28d1dd07  wpa_supplicant-2.2.tar.gz
 6023cac7f7fc6801e575f255af025368  musl-fix-types.patch
-ba6674b926dc30cfca46cf9a6bdacd23  Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-for-server.patch
 8c88d2418857028c8a8c8489b516f22a  wpa_supplicant.initd
 bc117427f2c538439f3f1481a028ee06  wpa_supplicant.confd"
-sha256sums="91632e7e3b49a340ce408e2f978a93546a697383abf2e5a60f146faae9e1b277  wpa_supplicant-2.1.tar.gz
+sha256sums="e0d8b8fd68a659636eaba246bb2caacbf53d22d53b2b6b90eb4b4fef0993c8ed  wpa_supplicant-2.2.tar.gz
 2196f8850f72c5f269d2b5c1495c33e254c7c1526648e5cd4a51901205d3b45b  musl-fix-types.patch
-95f591c3d00eb1bfa1a381cb4cff25b52e72f5215bba91eff725de860caeff9f  Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-for-server.patch
 66b7fd1322540ed39120c453d6f8852b519b67e3efcb3abdc3a76733ff75ecb4  wpa_supplicant.initd
 61ec59007f66ac5bacc0aa095d1f2ccbc977a687038e161a463d1727223d5a90  wpa_supplicant.confd"
-sha512sums="eb1075623502d3e8f02c803ce31487fe5efce172e30d6b818ac835f7bbfe0140a225f95573ba4557f29e54d4623be2eb4a6ee18675ae6a676ccd46c33b0b3843  wpa_supplicant-2.1.tar.gz
+sha512sums="34dd3eb2c7c65baadbd8108cfb879be5b68e70d925fe65cda566bcfb9bcc31b3e2c521ee719d056d2b4f7fd17a8d387ee1217cb4ebbbaf384962bbcbc27ea57a  wpa_supplicant-2.2.tar.gz
 64bc462d10f99f13098554db85d514530fcb85bc93d65843d0db66493cf7b6280e22540c95846d0f6c870f6cbd95cc8d4208675775e964988d97351bc716b7df  musl-fix-types.patch
-5ad5b0c7101a5b74bd3a2cc3c4108dad17a0c6e578b068d42383934413574864134190be5f48ce965615c266c54077ed054021d54c00209bf41b6b618af0e277  Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-for-server.patch
 12a59d1f60f61aea6733add7d8a961fb728d27c156c49481775194cc655b1cec77f021624cf6a9cd93d0e5db12ebfca315a41801f03213919cf2b896b901f3bb  wpa_supplicant.initd
 29103161ec2b9631fca9e8d9a97fafd60ffac3fe78cf613b834395ddcaf8be1e253c22e060d7d9f9b974b2d7ce794caa932a2125e29f6494b75bce475f7b30e1  wpa_supplicant.confd"
diff --git a/main/wpa_supplicant/Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-for-server.patch b/main/wpa_supplicant/Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-for-server.patch
deleted file mode 100644
index e3141b0eab..0000000000
--- a/main/wpa_supplicant/Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-for-server.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From b62d5b5450101676a0c05691b4bcd94e11426397 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Wed, 19 Feb 2014 09:56:02 +0000
-Subject: Revert "OpenSSL: Do not accept SSL Client certificate for server"
-
-This reverts commit 51e3eafb68e15e78e98ca955704be8a6c3a7b304. There are
-too many deployed AAA servers that include both id-kp-clientAuth and
-id-kp-serverAuth EKUs for this change to be acceptable as a generic rule
-for AAA authentication server validation. OpenSSL enforces the policy of
-not connecting if only id-kp-clientAuth is included. If a valid EKU is
-listed with it, the connection needs to be accepted.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
-diff --git a/src/crypto/tls.h b/src/crypto/tls.h
-index 287fd33..feba13f 100644
---- a/src/crypto/tls.h
-+++ b/src/crypto/tls.h
-@@ -41,8 +41,7 @@ enum tls_fail_reason {
- 	TLS_FAIL_ALTSUBJECT_MISMATCH = 6,
- 	TLS_FAIL_BAD_CERTIFICATE = 7,
- 	TLS_FAIL_SERVER_CHAIN_PROBE = 8,
--	TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9,
--	TLS_FAIL_SERVER_USED_CLIENT_CERT = 10
-+	TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9
- };
- 
- union tls_event_data {
-diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
-index a13fa38..8cf1de8 100644
---- a/src/crypto/tls_openssl.c
-+++ b/src/crypto/tls_openssl.c
-@@ -105,7 +105,6 @@ struct tls_connection {
- 	unsigned int ca_cert_verify:1;
- 	unsigned int cert_probe:1;
- 	unsigned int server_cert_only:1;
--	unsigned int server:1;
- 
- 	u8 srv_cert_hash[32];
- 
-@@ -1480,16 +1479,6 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
- 				       TLS_FAIL_SERVER_CHAIN_PROBE);
- 	}
- 
--	if (!conn->server && err_cert && preverify_ok && depth == 0 &&
--	    (err_cert->ex_flags & EXFLAG_XKUSAGE) &&
--	    (err_cert->ex_xkusage & XKU_SSL_CLIENT)) {
--		wpa_printf(MSG_WARNING, "TLS: Server used client certificate");
--		openssl_tls_fail_event(conn, err_cert, err, depth, buf,
--				       "Server used client certificate",
--				       TLS_FAIL_SERVER_USED_CLIENT_CERT);
--		preverify_ok = 0;
--	}
--
- 	if (preverify_ok && context->event_cb != NULL)
- 		context->event_cb(context->cb_ctx,
- 				  TLS_CERT_CHAIN_SUCCESS, NULL);
-@@ -2541,8 +2530,6 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
- 	int res;
- 	struct wpabuf *out_data;
- 
--	conn->server = !!server;
--
- 	/*
- 	 * Give TLS handshake data from the server (if available) to OpenSSL
- 	 * for processing.
---
-cgit v0.9.2