Bug#924672: unblock: wpa/2:2.7+git20190128+0c1e29f-3

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#924672: unblock: wpa/2:2.7+git20190128+0c1e29f-3
From: Andrej Shadura <andrewsh@debian.org>
Date: Fri, 15 Mar 2019 17:52:44 +0100
Message-id: <[🔎] 155266876462.5062.1933724397774879622.reportbug@nuevo>
Reply-to: Andrej Shadura <andrewsh@debian.org>, 924672@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Please unblock package wpa.

This upload fixes two issues:

* #924666: warning is printed using a function defined in a file sourced
  a few lines later, resulting in an error when a configuration file
  has not yet been created — or has been already deleted (e.g. when
  purging).
* #924632: OpenSSL backend in 2.7 and later breaks engine support when
  linking against OpenSSL 1.1.

unblock wpa/2:2.7+git20190128+0c1e29f-3

-----BEGIN PGP SIGNATURE-----

iQFIBAEBCAAyFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAlyL2FsUHGFuZHJld3No
QGRlYmlhbi5vcmcACgkQXkCM2RzYOdKCEAgAwoV+f4jhHeGdsc4Nu1NY+QBRrfg2
j3pnMsGQ41oX51nx+Xk2piemt+gOcsIq8imnyI2F7RvIETOZOXaWqLIZwKO4+Yzs
7+LY0B3NCRHCZxM/IJC8QJbNmuROXreL9zgwSIveUctGiNhMfCt6LJn/LRIJLC61
/3rorLlP1WK6nnzIz/6jisqENufOFZ1un7Q9ELvk0KRUgLVzYkckDCSnjms/pQPq
gDomSfdrUnZWs4D6AQbgvMKVL33DtwO1cARczecVuypbpc+mwU1T/GeqVBs4H13N
yzFQ7gq9pZ2/fNYrBoL0GkPAKrZGS2+jtjCk4gy0SS6ETsl2Fjn9UsYp6g==
=JzmJ
-----END PGP SIGNATURE-----

diff --git a/debian/changelog b/debian/changelog
index 1d8177e..7530d0d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+wpa (2:2.7+git20190128+0c1e29f-3) unstable; urgency=medium
+
+  * Print the warning and exit after sourcing /lib/lsb/init-functions
+    (Closes: #924666).
+  * Recognise multiple configs in DAEMON_CONF and verify them all.
+  * Fix ENGINE support with OpenSSL 1.1+ (Closes: #924632).
+
+ -- Andrej Shadura <andrewsh@debian.org>  Fri, 15 Mar 2019 17:44:51 +0100
+
 wpa (2:2.7+git20190128+0c1e29f-2) unstable; urgency=medium
 
   * Apply an RFC patch to work around big endian keyidx.
diff --git a/debian/hostapd.init b/debian/hostapd.init
index 6151f22..0d2e970 100644
--- a/debian/hostapd.init
+++ b/debian/hostapd.init
@@ -25,21 +25,24 @@ PIDFILE=/run/hostapd.pid
 [ -s "$DAEMON_DEFS" ] && . /etc/default/hostapd
 [ -n "$DAEMON_CONF" ] || exit 0
 
-if [ ! -r "$DAEMON_CONF" ]
-then
-    log_action_msg "No hostapd config found, not starting hostapd."
-    exit 0
-fi
-
 DAEMON_OPTS="-B -P $PIDFILE $DAEMON_OPTS $DAEMON_CONF"
 
 . /lib/lsb/init-functions
 
+for conf in $DAEMON_CONF
+do
+    if [ ! -r "$conf" ]
+    then
+        log_action_msg "hostapd config $conf not found, not starting hostapd."
+        exit 0
+    fi
+done
+
 case "$1" in
   start)
 	if [ "$DAEMON_CONF" != /etc/hostapd/hostapd.conf ]
 	then
-		log_warning_msg "hostapd config not in /etc/hostapd/hostapd.conf -- read /usr/share/doc/hostapd/NEWS.Debian.gz"
+		log_warning_msg "hostapd config not in /etc/hostapd/hostapd.conf -- please read /usr/share/doc/hostapd/NEWS.Debian.gz"
 	fi
 	log_daemon_msg "Starting $DESC" "$NAME"
 	start-stop-daemon --start --oknodo --quiet --exec "$DAEMON_SBIN" \
diff --git a/debian/patches/fix-ENGINE-support-with-openssl-1.1.patch b/debian/patches/fix-ENGINE-support-with-openssl-1.1.patch
new file mode 100644
index 0000000..ba671a0
--- /dev/null
+++ b/debian/patches/fix-ENGINE-support-with-openssl-1.1.patch
@@ -0,0 +1,36 @@
+From: David Woodhouse <dwmw2@infradead.org>
+Date: Thu, 14 Mar 2019 at 18:25
+Subject: [PATCH v2] Fix ENGINE support with OpenSSL 1.1+
+To: Rosen Penev <rosenp@gmail.com>
+Cc: <hostap@lists.infradead.org>
+
+
+Commit 373c7969485 ("OpenSSL: Fix compile with OpenSSL 1.1.0 and
+deprecated APIs") removed a call to ENGINE_load_dynamic() for newer
+versions of OpenSSL, asserting that it should happen automatically.
+
+That appears not to be the case, and loading engines now fails because
+the dynamic engine isn't present.
+
+Fix it by calling ENGINE_load_builtin_engines(), which works for all
+versions of OpenSSL. Also remove the call to ERR_load_ENGINE_strings()
+because that should have happened when SSL_load_error_strings() is
+called anyway.
+
+Signed-off-by: David Woodhouse <dwmw2@infradead.org>
+
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index 705fa29a3..ee7ed7c9b 100644
+@@ -1034,10 +1034,7 @@ void * tls_init(const struct tls_config *conf)
+
+ #ifndef OPENSSL_NO_ENGINE
+ 	wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine");
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+-	ERR_load_ENGINE_strings();
+-	ENGINE_load_dynamic();
+-#endif /* OPENSSL_VERSION_NUMBER */
++	ENGINE_load_builtin_engines();
+
+ 	if (conf &&
+ 	    (conf->opensc_engine_path || conf->pkcs11_engine_path ||
+
diff --git a/debian/patches/series b/debian/patches/series
index 089a1c5..4aee4ed 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,4 @@ networkd-driver-fallback.patch
 wpa_supplicant_fix-dependency-odering-when-invoked-with-dbus.patch
 allow-tlsv1.patch
 PMF-Allow-Key-ID-in-BE-format.patch
+fix-ENGINE-support-with-openssl-1.1.patch

Reply to:

Follow-Ups:
- Bug#924672: unblock: wpa/2:2.7+git20190128+0c1e29f-3
  - From: Emilio Pozuelo Monfort <pochu@debian.org>
- Processed: Re: Bug#924672: unblock: wpa/2:2.7+git20190128+0c1e29f-3
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#924672: marked as done (unblock: wpa/2:2.7+git20190128+0c1e29f-3)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#924671: unblock: skimage/0.14.2-2
Next by Date: Bug#924550: marked as done (unblock: open-vm-tools/2:10.3.5-8)
Previous by thread: Bug#924671: marked as done (unblock: skimage/0.14.2-2)
Next by thread: Bug#924672: unblock: wpa/2:2.7+git20190128+0c1e29f-3
Index(es):
- Date
- Thread