diff options
| -rw-r--r-- | debian/changelog | 9 | ||||
| -rw-r--r-- | debian/hostapd.init | 17 | ||||
| -rw-r--r-- | debian/patches/fix-ENGINE-support-with-openssl-1.1.patch | 38 | ||||
| -rw-r--r-- | debian/patches/series | 1 | ||||
| -rw-r--r-- | src/crypto/tls_openssl.c | 5 |
5 files changed, 59 insertions, 11 deletions
diff --git a/debian/changelog b/debian/changelog index 1d8177e..7530d0d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +wpa (2:2.7+git20190128+0c1e29f-3) unstable; urgency=medium + + * Print the warning and exit after sourcing /lib/lsb/init-functions + (Closes: #924666). + * Recognise multiple configs in DAEMON_CONF and verify them all. + * Fix ENGINE support with OpenSSL 1.1+ (Closes: #924632). + + -- Andrej Shadura <andrewsh@debian.org> Fri, 15 Mar 2019 17:44:51 +0100 + wpa (2:2.7+git20190128+0c1e29f-2) unstable; urgency=medium * Apply an RFC patch to work around big endian keyidx. diff --git a/debian/hostapd.init b/debian/hostapd.init index 6151f22..0d2e970 100644 --- a/debian/hostapd.init +++ b/debian/hostapd.init @@ -25,21 +25,24 @@ PIDFILE=/run/hostapd.pid [ -s "$DAEMON_DEFS" ] && . /etc/default/hostapd [ -n "$DAEMON_CONF" ] || exit 0 -if [ ! -r "$DAEMON_CONF" ] -then - log_action_msg "No hostapd config found, not starting hostapd." - exit 0 -fi - DAEMON_OPTS="-B -P $PIDFILE $DAEMON_OPTS $DAEMON_CONF" . /lib/lsb/init-functions +for conf in $DAEMON_CONF +do + if [ ! -r "$conf" ] + then + log_action_msg "hostapd config $conf not found, not starting hostapd." + exit 0 + fi +done + case "$1" in start) if [ "$DAEMON_CONF" != /etc/hostapd/hostapd.conf ] then - log_warning_msg "hostapd config not in /etc/hostapd/hostapd.conf -- read /usr/share/doc/hostapd/NEWS.Debian.gz" + log_warning_msg "hostapd config not in /etc/hostapd/hostapd.conf -- please read /usr/share/doc/hostapd/NEWS.Debian.gz" fi log_daemon_msg "Starting $DESC" "$NAME" start-stop-daemon --start --oknodo --quiet --exec "$DAEMON_SBIN" \ diff --git a/debian/patches/fix-ENGINE-support-with-openssl-1.1.patch b/debian/patches/fix-ENGINE-support-with-openssl-1.1.patch new file mode 100644 index 0000000..f5600bd --- /dev/null +++ b/debian/patches/fix-ENGINE-support-with-openssl-1.1.patch @@ -0,0 +1,38 @@ +From: David Woodhouse <dwmw2@infradead.org> +Date: Thu, 14 Mar 2019 at 18:25 +Subject: [PATCH v2] Fix ENGINE support with OpenSSL 1.1+ +To: Rosen Penev <rosenp@gmail.com> +Cc: <hostap@lists.infradead.org> + + +Commit 373c7969485 ("OpenSSL: Fix compile with OpenSSL 1.1.0 and +deprecated APIs") removed a call to ENGINE_load_dynamic() for newer +versions of OpenSSL, asserting that it should happen automatically. + +That appears not to be the case, and loading engines now fails because +the dynamic engine isn't present. + +Fix it by calling ENGINE_load_builtin_engines(), which works for all +versions of OpenSSL. Also remove the call to ERR_load_ENGINE_strings() +because that should have happened when SSL_load_error_strings() is +called anyway. + +Signed-off-by: David Woodhouse <dwmw2@infradead.org> + +diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c +index 705fa29a3..ee7ed7c9b 100644 +--- a/src/crypto/tls_openssl.c ++++ b/src/crypto/tls_openssl.c +@@ -1034,10 +1034,7 @@ void * tls_init(const struct tls_config *conf) + + #ifndef OPENSSL_NO_ENGINE + wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine"); +-#if OPENSSL_VERSION_NUMBER < 0x10100000L +- ERR_load_ENGINE_strings(); +- ENGINE_load_dynamic(); +-#endif /* OPENSSL_VERSION_NUMBER */ ++ ENGINE_load_builtin_engines(); + + if (conf && + (conf->opensc_engine_path || conf->pkcs11_engine_path || + diff --git a/debian/patches/series b/debian/patches/series index 089a1c5..4aee4ed 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -7,3 +7,4 @@ networkd-driver-fallback.patch wpa_supplicant_fix-dependency-odering-when-invoked-with-dbus.patch allow-tlsv1.patch PMF-Allow-Key-ID-in-BE-format.patch +fix-ENGINE-support-with-openssl-1.1.patch diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index cec4805..89157db 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -1078,10 +1078,7 @@ void * tls_init(const struct tls_config *conf) #ifndef OPENSSL_NO_ENGINE wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine"); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - ERR_load_ENGINE_strings(); - ENGINE_load_dynamic(); -#endif /* OPENSSL_VERSION_NUMBER */ + ENGINE_load_builtin_engines(); if (conf && (conf->opensc_engine_path || conf->pkcs11_engine_path || |