From ebfb51605146ea137dd605d71f8b04072015bca7 Mon Sep 17 00:00:00 2001
From: Juan RP <xtraeme@voidlinux.eu>
Date: Mon, 12 Oct 2015 10:05:41 +0200
Subject: [PATCH] wpa_supplicant: update to 2.5.

---
 ...D-element-length-before-copying-it-C.patch | 42 -----------
 .../patches/patch-src_crypto_tls_openssl_c    | 69 +++++++++++++++++++
 .../patches/patch-src_utils_eloop_c           | 16 +++++
 srcpkgs/wpa_supplicant/template               |  7 +-
 4 files changed, 88 insertions(+), 46 deletions(-)
 delete mode 100644 srcpkgs/wpa_supplicant/patches/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
 create mode 100644 srcpkgs/wpa_supplicant/patches/patch-src_crypto_tls_openssl_c
 create mode 100644 srcpkgs/wpa_supplicant/patches/patch-src_utils_eloop_c

diff --git a/srcpkgs/wpa_supplicant/patches/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch b/srcpkgs/wpa_supplicant/patches/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
deleted file mode 100644
index de1964ca769..00000000000
--- a/srcpkgs/wpa_supplicant/patches/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@qca.qualcomm.com>
-Date: Tue, 7 Apr 2015 11:32:11 +0300
-Subject: [PATCH] P2P: Validate SSID element length before copying it
- (CVE-2015-1863)
-
-This fixes a possible memcpy overflow for P2P dev->oper_ssid in
-p2p_add_device(). The length provided by the peer device (0..255 bytes)
-was used without proper bounds checking and that could have resulted in
-arbitrary data of up to 223 bytes being written beyond the end of the
-dev->oper_ssid[] array (of which about 150 bytes would be beyond the
-heap allocation) when processing a corrupted management frame for P2P
-peer discovery purposes.
-
-This could result in corrupted state in heap, unexpected program
-behavior due to corrupted P2P peer device information, denial of service
-due to process crash, exposure of memory contents during GO Negotiation,
-and potentially arbitrary code execution.
-
-Thanks to Google security team for reporting this issue and smart
-hardware research group of Alibaba security team for discovering it.
-
-Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
----
- src/p2p/p2p.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
-index f584fae..a45fe73 100644
---- a/src/p2p/p2p.c
-+++ b/src/p2p/p2p.c
-@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq,
- 	if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
- 		os_memcpy(dev->interface_addr, addr, ETH_ALEN);
- 	if (msg.ssid &&
-+	    msg.ssid[1] <= sizeof(dev->oper_ssid) &&
- 	    (msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
- 	     os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
- 	     != 0)) {
--- 
-1.9.1
-
diff --git a/srcpkgs/wpa_supplicant/patches/patch-src_crypto_tls_openssl_c b/srcpkgs/wpa_supplicant/patches/patch-src_crypto_tls_openssl_c
new file mode 100644
index 00000000000..8564a9d8545
--- /dev/null
+++ b/srcpkgs/wpa_supplicant/patches/patch-src_crypto_tls_openssl_c
@@ -0,0 +1,69 @@
+$OpenBSD: patch-src_crypto_tls_openssl_c,v 1.3 2015/09/29 11:57:54 dcoppa Exp $
+
+Compatibility fixes for LibreSSL
+
+--- src/crypto/tls_openssl.c.orig	Sun Sep 27 21:02:05 2015
++++ src/crypto/tls_openssl.c	Mon Sep 28 13:43:46 2015
+@@ -2229,7 +2229,7 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL
+ 	}
+ 
+ 	if (certs) {
+-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ 		SSL_clear_chain_certs(ssl);
+ 		while ((cert = sk_X509_pop(certs)) != NULL) {
+ 			X509_NAME_oneline(X509_get_subject_name(cert), buf,
+@@ -2247,7 +2247,7 @@ static int tls_parse_pkcs12(struct tls_data *data, SSL
+ 			/* Try to continue anyway */
+ 		}
+ 		sk_X509_free(certs);
+-#ifndef OPENSSL_IS_BORINGSSL
++#if !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER)
+ 		res = SSL_build_cert_chain(ssl,
+ 					   SSL_BUILD_CHAIN_FLAG_CHECK |
+ 					   SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR);
+@@ -2812,7 +2812,7 @@ int tls_connection_get_random(void *ssl_ctx, struct tl
+ 	if (conn == NULL || keys == NULL)
+ 		return -1;
+ 	ssl = conn->ssl;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL)
+ 		return -1;
+ 
+@@ -2841,7 +2841,7 @@ int tls_connection_get_random(void *ssl_ctx, struct tl
+ #ifndef CONFIG_FIPS
+ static int openssl_get_keyblock_size(SSL *ssl)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	const EVP_CIPHER *c;
+ 	const EVP_MD *h;
+ 	int md_size;
+@@ -2911,7 +2911,7 @@ static int openssl_tls_prf(struct tls_connection *conn
+ 		   "mode");
+ 	return -1;
+ #else /* CONFIG_FIPS */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	SSL *ssl;
+ 	u8 *rnd;
+ 	int ret = -1;
+@@ -3394,7 +3394,7 @@ int tls_connection_set_cipher_list(void *tls_ctx, stru
+ 
+ 	wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
+ 	if (os_strstr(buf, ":ADH-")) {
+ 		/*
+@@ -3977,7 +3977,7 @@ static int tls_sess_sec_cb(SSL *s, void *secret, int *
+ 	struct tls_connection *conn = arg;
+ 	int ret;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	if (conn == NULL || conn->session_ticket_cb == NULL)
+ 		return 0;
+ 
diff --git a/srcpkgs/wpa_supplicant/patches/patch-src_utils_eloop_c b/srcpkgs/wpa_supplicant/patches/patch-src_utils_eloop_c
new file mode 100644
index 00000000000..58044e44aa9
--- /dev/null
+++ b/srcpkgs/wpa_supplicant/patches/patch-src_utils_eloop_c
@@ -0,0 +1,16 @@
+$OpenBSD: patch-src_utils_eloop_c,v 1.5 2015/09/29 11:57:54 dcoppa Exp $
+
+don't try to access list members to free them unless already initialised
+
+--- src/utils/eloop.c.orig	Sun Sep 27 21:02:05 2015
++++ src/utils/eloop.c	Mon Sep 28 09:35:05 2015
+@@ -1064,6 +1064,9 @@ void eloop_destroy(void)
+ 	struct eloop_timeout *timeout, *prev;
+ 	struct os_reltime now;
+ 
++	if (eloop.timeout.prev == NULL)
++		return;
++
+ 	os_get_reltime(&now);
+ 	dl_list_for_each_safe(timeout, prev, &eloop.timeout,
+ 			      struct eloop_timeout, list) {
diff --git a/srcpkgs/wpa_supplicant/template b/srcpkgs/wpa_supplicant/template
index 09002fa0cc0..db27ee57594 100644
--- a/srcpkgs/wpa_supplicant/template
+++ b/srcpkgs/wpa_supplicant/template
@@ -1,15 +1,14 @@
 # Template file for 'wpa_supplicant'
 pkgname=wpa_supplicant
-version=2.4
-revision=6
-patch_args="-Np1"
+version=2.5
+revision=1
 build_wrksrc=$pkgname
 short_desc="WPA/WPA2/IEEE 802.1X Supplicant"
 maintainer="Juan RP <xtraeme@voidlinux.eu>"
 license="BSD"
 homepage="http://w1.fi/wpa_supplicant/"
 distfiles="http://w1.fi/releases/$pkgname-$version.tar.gz"
-checksum=058dc832c096139a059e6df814080f50251a8d313c21b13364c54a1e70109122
+checksum=cce55bae483b364eae55c35ba567c279be442ed8bab5b80a3c7fb0d057b9b316
 
 build_pie=yes
 hostmakedepends="pkg-config"