--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Please unblock package wpa.
This upload fixes two issues:
* #924666: warning is printed using a function defined in a file sourced
a few lines later, resulting in an error when a configuration file
has not yet been created — or has been already deleted (e.g. when
purging).
* #924632: OpenSSL backend in 2.7 and later breaks engine support when
linking against OpenSSL 1.1.
unblock wpa/2:2.7+git20190128+0c1e29f-3
-----BEGIN PGP SIGNATURE-----
iQFIBAEBCAAyFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAlyL2FsUHGFuZHJld3No
QGRlYmlhbi5vcmcACgkQXkCM2RzYOdKCEAgAwoV+f4jhHeGdsc4Nu1NY+QBRrfg2
j3pnMsGQ41oX51nx+Xk2piemt+gOcsIq8imnyI2F7RvIETOZOXaWqLIZwKO4+Yzs
7+LY0B3NCRHCZxM/IJC8QJbNmuROXreL9zgwSIveUctGiNhMfCt6LJn/LRIJLC61
/3rorLlP1WK6nnzIz/6jisqENufOFZ1un7Q9ELvk0KRUgLVzYkckDCSnjms/pQPq
gDomSfdrUnZWs4D6AQbgvMKVL33DtwO1cARczecVuypbpc+mwU1T/GeqVBs4H13N
yzFQ7gq9pZ2/fNYrBoL0GkPAKrZGS2+jtjCk4gy0SS6ETsl2Fjn9UsYp6g==
=JzmJ
-----END PGP SIGNATURE-----
diff --git a/debian/changelog b/debian/changelog
index 1d8177e..7530d0d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+wpa (2:2.7+git20190128+0c1e29f-3) unstable; urgency=medium
+
+ * Print the warning and exit after sourcing /lib/lsb/init-functions
+ (Closes: #924666).
+ * Recognise multiple configs in DAEMON_CONF and verify them all.
+ * Fix ENGINE support with OpenSSL 1.1+ (Closes: #924632).
+
+ -- Andrej Shadura <andrewsh@debian.org> Fri, 15 Mar 2019 17:44:51 +0100
+
wpa (2:2.7+git20190128+0c1e29f-2) unstable; urgency=medium
* Apply an RFC patch to work around big endian keyidx.
diff --git a/debian/hostapd.init b/debian/hostapd.init
index 6151f22..0d2e970 100644
--- a/debian/hostapd.init
+++ b/debian/hostapd.init
@@ -25,21 +25,24 @@ PIDFILE=/run/hostapd.pid
[ -s "$DAEMON_DEFS" ] && . /etc/default/hostapd
[ -n "$DAEMON_CONF" ] || exit 0
-if [ ! -r "$DAEMON_CONF" ]
-then
- log_action_msg "No hostapd config found, not starting hostapd."
- exit 0
-fi
-
DAEMON_OPTS="-B -P $PIDFILE $DAEMON_OPTS $DAEMON_CONF"
. /lib/lsb/init-functions
+for conf in $DAEMON_CONF
+do
+ if [ ! -r "$conf" ]
+ then
+ log_action_msg "hostapd config $conf not found, not starting hostapd."
+ exit 0
+ fi
+done
+
case "$1" in
start)
if [ "$DAEMON_CONF" != /etc/hostapd/hostapd.conf ]
then
- log_warning_msg "hostapd config not in /etc/hostapd/hostapd.conf -- read /usr/share/doc/hostapd/NEWS.Debian.gz"
+ log_warning_msg "hostapd config not in /etc/hostapd/hostapd.conf -- please read /usr/share/doc/hostapd/NEWS.Debian.gz"
fi
log_daemon_msg "Starting $DESC" "$NAME"
start-stop-daemon --start --oknodo --quiet --exec "$DAEMON_SBIN" \
diff --git a/debian/patches/fix-ENGINE-support-with-openssl-1.1.patch b/debian/patches/fix-ENGINE-support-with-openssl-1.1.patch
new file mode 100644
index 0000000..ba671a0
--- /dev/null
+++ b/debian/patches/fix-ENGINE-support-with-openssl-1.1.patch
@@ -0,0 +1,36 @@
+From: David Woodhouse <dwmw2@infradead.org>
+Date: Thu, 14 Mar 2019 at 18:25
+Subject: [PATCH v2] Fix ENGINE support with OpenSSL 1.1+
+To: Rosen Penev <rosenp@gmail.com>
+Cc: <hostap@lists.infradead.org>
+
+
+Commit 373c7969485 ("OpenSSL: Fix compile with OpenSSL 1.1.0 and
+deprecated APIs") removed a call to ENGINE_load_dynamic() for newer
+versions of OpenSSL, asserting that it should happen automatically.
+
+That appears not to be the case, and loading engines now fails because
+the dynamic engine isn't present.
+
+Fix it by calling ENGINE_load_builtin_engines(), which works for all
+versions of OpenSSL. Also remove the call to ERR_load_ENGINE_strings()
+because that should have happened when SSL_load_error_strings() is
+called anyway.
+
+Signed-off-by: David Woodhouse <dwmw2@infradead.org>
+
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index 705fa29a3..ee7ed7c9b 100644
+@@ -1034,10 +1034,7 @@ void * tls_init(const struct tls_config *conf)
+
+ #ifndef OPENSSL_NO_ENGINE
+ wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine");
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+- ERR_load_ENGINE_strings();
+- ENGINE_load_dynamic();
+-#endif /* OPENSSL_VERSION_NUMBER */
++ ENGINE_load_builtin_engines();
+
+ if (conf &&
+ (conf->opensc_engine_path || conf->pkcs11_engine_path ||
+
diff --git a/debian/patches/series b/debian/patches/series
index 089a1c5..4aee4ed 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,4 @@ networkd-driver-fallback.patch
wpa_supplicant_fix-dependency-odering-when-invoked-with-dbus.patch
allow-tlsv1.patch
PMF-Allow-Key-ID-in-BE-format.patch
+fix-ENGINE-support-with-openssl-1.1.patch
--- End Message ---
--- Begin Message ---
On Sat, 16 Mar 2019 12:27:44 +0100 Emilio Pozuelo Monfort
<pochu@debian.org> wrote:
> Control: tags -1 moreinfo
>
> Hi Andrej,
>
> On 15/03/2019 17:52, Andrej Shadura wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian.org@packages.debian.org
> > Usertags: unblock
> >
> > Please unblock package wpa.
> >
> > This upload fixes two issues:
> >
> > * #924666: warning is printed using a function defined in a file sourced
> > a few lines later, resulting in an error when a configuration file
> > has not yet been created — or has been already deleted (e.g. when
> > purging).
> > * #924632: OpenSSL backend in 2.7 and later breaks engine support when
> > linking against OpenSSL 1.1.
> >
> > unblock wpa/2:2.7+git20190128+0c1e29f-3
>
> It looks like you haven't uploaded this yet. Let us know when the package is in
> the archive.
>
> Emilio
>
>
It has now been uploaded and unblocked.
Thanks,
~Niels
--- End Message ---