Bug#924672: marked as done (unblock: wpa/2:2.7+git20190128+0c1e29f-3)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sun, 17 Mar 2019 07:14:00 +0000
with message-id <25a81021-b918-c19c-3ed2-935b1cb34661@thykier.net>
and subject line Re: Bug#924672: unblock: wpa/2:2.7+git20190128+0c1e29f-3
has caused the Debian Bug report #924672,
regarding unblock: wpa/2:2.7+git20190128+0c1e29f-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
924672: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924672
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: wpa/2:2.7+git20190128+0c1e29f-3
• From: Andrej Shadura <andrewsh@debian.org>
• Date: Fri, 15 Mar 2019 17:52:44 +0100
• Message-id: <[🔎] 155266876462.5062.1933724397774879622.reportbug@nuevo>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Please unblock package wpa.

This upload fixes two issues:

* #924666: warning is printed using a function defined in a file sourced
  a few lines later, resulting in an error when a configuration file
  has not yet been created — or has been already deleted (e.g. when
  purging).
* #924632: OpenSSL backend in 2.7 and later breaks engine support when
  linking against OpenSSL 1.1.

unblock wpa/2:2.7+git20190128+0c1e29f-3

-----BEGIN PGP SIGNATURE-----

iQFIBAEBCAAyFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAlyL2FsUHGFuZHJld3No
QGRlYmlhbi5vcmcACgkQXkCM2RzYOdKCEAgAwoV+f4jhHeGdsc4Nu1NY+QBRrfg2
j3pnMsGQ41oX51nx+Xk2piemt+gOcsIq8imnyI2F7RvIETOZOXaWqLIZwKO4+Yzs
7+LY0B3NCRHCZxM/IJC8QJbNmuROXreL9zgwSIveUctGiNhMfCt6LJn/LRIJLC61
/3rorLlP1WK6nnzIz/6jisqENufOFZ1un7Q9ELvk0KRUgLVzYkckDCSnjms/pQPq
gDomSfdrUnZWs4D6AQbgvMKVL33DtwO1cARczecVuypbpc+mwU1T/GeqVBs4H13N
yzFQ7gq9pZ2/fNYrBoL0GkPAKrZGS2+jtjCk4gy0SS6ETsl2Fjn9UsYp6g==
=JzmJ
-----END PGP SIGNATURE-----

diff --git a/debian/changelog b/debian/changelog
index 1d8177e..7530d0d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+wpa (2:2.7+git20190128+0c1e29f-3) unstable; urgency=medium
+
+  * Print the warning and exit after sourcing /lib/lsb/init-functions
+    (Closes: #924666).
+  * Recognise multiple configs in DAEMON_CONF and verify them all.
+  * Fix ENGINE support with OpenSSL 1.1+ (Closes: #924632).
+
+ -- Andrej Shadura <andrewsh@debian.org>  Fri, 15 Mar 2019 17:44:51 +0100
+
 wpa (2:2.7+git20190128+0c1e29f-2) unstable; urgency=medium
 
   * Apply an RFC patch to work around big endian keyidx.
diff --git a/debian/hostapd.init b/debian/hostapd.init
index 6151f22..0d2e970 100644
--- a/debian/hostapd.init
+++ b/debian/hostapd.init
@@ -25,21 +25,24 @@ PIDFILE=/run/hostapd.pid
 [ -s "$DAEMON_DEFS" ] && . /etc/default/hostapd
 [ -n "$DAEMON_CONF" ] || exit 0
 
-if [ ! -r "$DAEMON_CONF" ]
-then
-    log_action_msg "No hostapd config found, not starting hostapd."
-    exit 0
-fi
-
 DAEMON_OPTS="-B -P $PIDFILE $DAEMON_OPTS $DAEMON_CONF"
 
 . /lib/lsb/init-functions
 
+for conf in $DAEMON_CONF
+do
+    if [ ! -r "$conf" ]
+    then
+        log_action_msg "hostapd config $conf not found, not starting hostapd."
+        exit 0
+    fi
+done
+
 case "$1" in
   start)
 	if [ "$DAEMON_CONF" != /etc/hostapd/hostapd.conf ]
 	then
-		log_warning_msg "hostapd config not in /etc/hostapd/hostapd.conf -- read /usr/share/doc/hostapd/NEWS.Debian.gz"
+		log_warning_msg "hostapd config not in /etc/hostapd/hostapd.conf -- please read /usr/share/doc/hostapd/NEWS.Debian.gz"
 	fi
 	log_daemon_msg "Starting $DESC" "$NAME"
 	start-stop-daemon --start --oknodo --quiet --exec "$DAEMON_SBIN" \
diff --git a/debian/patches/fix-ENGINE-support-with-openssl-1.1.patch b/debian/patches/fix-ENGINE-support-with-openssl-1.1.patch
new file mode 100644
index 0000000..ba671a0
--- /dev/null
+++ b/debian/patches/fix-ENGINE-support-with-openssl-1.1.patch
@@ -0,0 +1,36 @@
+From: David Woodhouse <dwmw2@infradead.org>
+Date: Thu, 14 Mar 2019 at 18:25
+Subject: [PATCH v2] Fix ENGINE support with OpenSSL 1.1+
+To: Rosen Penev <rosenp@gmail.com>
+Cc: <hostap@lists.infradead.org>
+
+
+Commit 373c7969485 ("OpenSSL: Fix compile with OpenSSL 1.1.0 and
+deprecated APIs") removed a call to ENGINE_load_dynamic() for newer
+versions of OpenSSL, asserting that it should happen automatically.
+
+That appears not to be the case, and loading engines now fails because
+the dynamic engine isn't present.
+
+Fix it by calling ENGINE_load_builtin_engines(), which works for all
+versions of OpenSSL. Also remove the call to ERR_load_ENGINE_strings()
+because that should have happened when SSL_load_error_strings() is
+called anyway.
+
+Signed-off-by: David Woodhouse <dwmw2@infradead.org>
+
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index 705fa29a3..ee7ed7c9b 100644
+@@ -1034,10 +1034,7 @@ void * tls_init(const struct tls_config *conf)
+
+ #ifndef OPENSSL_NO_ENGINE
+ 	wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine");
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+-	ERR_load_ENGINE_strings();
+-	ENGINE_load_dynamic();
+-#endif /* OPENSSL_VERSION_NUMBER */
++	ENGINE_load_builtin_engines();
+
+ 	if (conf &&
+ 	    (conf->opensc_engine_path || conf->pkcs11_engine_path ||
+
diff --git a/debian/patches/series b/debian/patches/series
index 089a1c5..4aee4ed 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,4 @@ networkd-driver-fallback.patch
 wpa_supplicant_fix-dependency-odering-when-invoked-with-dbus.patch
 allow-tlsv1.patch
 PMF-Allow-Key-ID-in-BE-format.patch
+fix-ENGINE-support-with-openssl-1.1.patch

--- End Message ---

--- Begin Message ---

• To: 924672-done@bugs.debian.org
• Subject: Re: Bug#924672: unblock: wpa/2:2.7+git20190128+0c1e29f-3
• From: Niels Thykier <niels@thykier.net>
• Date: Sun, 17 Mar 2019 07:14:00 +0000
• Message-id: <25a81021-b918-c19c-3ed2-935b1cb34661@thykier.net>
• In-reply-to: <[🔎] a2f1441e-c839-33a1-578b-bb1369933ee1@debian.org>
• References: <[🔎] 155266876462.5062.1933724397774879622.reportbug@nuevo> <[🔎] a2f1441e-c839-33a1-578b-bb1369933ee1@debian.org> <[🔎] a2f1441e-c839-33a1-578b-bb1369933ee1@debian.org>

On Sat, 16 Mar 2019 12:27:44 +0100 Emilio Pozuelo Monfort
<pochu@debian.org> wrote:
> Control: tags -1 moreinfo
> 
> Hi Andrej,
> 
> On 15/03/2019 17:52, Andrej Shadura wrote:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian.org@packages.debian.org
> > Usertags: unblock
> > 
> > Please unblock package wpa.
> > 
> > This upload fixes two issues:
> > 
> > * #924666: warning is printed using a function defined in a file sourced
> >   a few lines later, resulting in an error when a configuration file
> >   has not yet been created — or has been already deleted (e.g. when
> >   purging).
> > * #924632: OpenSSL backend in 2.7 and later breaks engine support when
> >   linking against OpenSSL 1.1.
> > 
> > unblock wpa/2:2.7+git20190128+0c1e29f-3
> 
> It looks like you haven't uploaded this yet. Let us know when the package is in
> the archive.
> 
> Emilio
> 
> 

It has now been uploaded and unblocked.

Thanks,
~Niels

--- End Message ---