From 70b82ae359a5538711e103b0e8dfb92654296644 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Sat, 27 Oct 2018 12:48:57 +0100
Subject: gentoo resync : 27.10.2018

---
 net-wireless/crda/Manifest                         |   2 +
 net-wireless/crda/crda-3.18-r2.ebuild              |  81 ++++++
 .../crda-3.18-openssl-1.1.0-compatibility.patch    | 315 +++++++++++++++++++++
 3 files changed, 398 insertions(+)
 create mode 100644 net-wireless/crda/crda-3.18-r2.ebuild
 create mode 100644 net-wireless/crda/files/crda-3.18-openssl-1.1.0-compatibility.patch

(limited to 'net-wireless/crda')

diff --git a/net-wireless/crda/Manifest b/net-wireless/crda/Manifest
index 92840ef16446..a20356ffed58 100644
--- a/net-wireless/crda/Manifest
+++ b/net-wireless/crda/Manifest
@@ -3,9 +3,11 @@ AUX crda-3.18-cflags.patch 895 BLAKE2B 0a8d8acb268ff58656a5b66a77744c14fd9f92fd6
 AUX crda-3.18-libreg-link.patch 908 BLAKE2B 60d9307ba43235cbce089835ae7406313b9f68a90fbe503130e81fb423e04d3f257e1a1d78db9fef605e42a4d9571c54e8ac9cb8a2569d3c3cd3f5c6d542a295 SHA512 41c98f1e4ca0ae3d22b08086eb54aefd4ec95fed5a6e5fafd55fb6a9b9649ec18f5f65003a1424cf59bf99e266fddf110c92d9e46a4b40a18be5931fc7bbbbeb
 AUX crda-3.18-no-ldconfig.patch 748 BLAKE2B 1ef8aff911a5f4af14fb321782cfb40abc8a946dc80af95ec2c2d50e509f318d84be36190c5b899c882b6173617746600b04bf6d0c282a59c568c44e2f255d16 SHA512 faea7d4bfc0b1a4a674cb6c285975805985dc4211c43ca47da38102cb79a1d6d770aa6267e85d811998f9a13799335cfb6116f272ed40c4ecd6b3f813ca93a28
 AUX crda-3.18-no-werror.patch 916 BLAKE2B 2e7c79e14ae0ab05cbf032f104747eeea0df165197ba1ff8039fb14de43880894b03e59e14fe2d906b7f99c8d910cef701c1abcb68d9558cfd37d4455ce03501 SHA512 ab521bbc47826bb9356c8b96bee24f6e6d7f03a98036398627e840b89e7245329115664fc740d2b3c0d3a497ef638e3be3fa9d1e991a7e03a0753e078c8019e9
+AUX crda-3.18-openssl-1.1.0-compatibility.patch 8782 BLAKE2B 7906eedd86aca173199ec957516167cf940d41da668cc7c5b5935232984f88960c1e00c87dfcd03c7d068cdb9168525378c46e1c52b28a9714d14cddce9240df SHA512 417a67139f61c467cd13274d0e6ad1542107dbb00765beed5becccdb64ac0228236498241e1fba9dfd4a5e1acb04ee583c435b699cca9b6a6461e5b7e86328cb
 AUX crda-3.18-openssl.patch 1601 BLAKE2B 49c22bc12d3b1da7d4ef8cecc8f167ec8e0a76c6f71de151457006deeef49dca7ce9a550ab33f379d36421c029b4bd59934e1cf835c34a970845313b5aca37a0 SHA512 0ffd2b51689ee30b064494022127eb7933c9dfe6f90189ef4b6209f7f733813026da0b2cb7fcf473fa81549515355b7f5b285ce759a3f3053f95b290550a71fe
 DIST crda-1.1.3.tar.bz2 38697 BLAKE2B 5ca68362a134e6f5fad1a450edc3cfc083686d45750dbfdd04821f30e18873f86870d97fd796d1ea4dfc79f74f65dc548562890dcfc21f224ac76006878aea41 SHA512 4ec37d3d51f5988af79c2eaadc1bce344f20d4d9833533838d308533ee02cb12d5ed193391679ae1231c8afe61b21defdb368614a6238f99fdc5824f6819cfed
 DIST crda-3.18.tar.xz 61516 BLAKE2B 76feac7fcf85b03b39bfe78de444515f54cd513041f81f7588cd7866e5bf072d000ad0c8df181ccacde7fc8125ed04ece00d5d9d3013df759b5f9fd05f8cfd56 SHA512 57ae6309159f396448f052c127f401c2f63d47f4193e87dca231c4b7bbbd7e69b5e5666f356fc76dfc8a6ae58ffa55c3794428d6eb34d9937df77c4276036588
 EBUILD crda-1.1.3-r1.ebuild 1613 BLAKE2B f1f3513e3333284224db0a62e2a692926bc8fa1c82d3f5ff6e295d153b892fa15e64a30085afc91dd1f908ca8ef5be773c82679ca999e8659c1492c684adf91a SHA512 5e344dcca9f79a1223714ac621666dfe9f09e161e69ac636ad1402a7be1dacca209e1b24b3df9e23314c0e1d59cbfe7245921fd0d2a1141593c11ac7fe1cd229
 EBUILD crda-3.18-r1.ebuild 2070 BLAKE2B a5ef6ef29f933bc18053244465bc4e714e5296c3a59a9b0916028bfa829ca07a445c9c226c370582815b393ec6cf97e1ec650699c020405250fd0d4ba890ed53 SHA512 e2dcf9eb33a9086969e5efbbc0147f758de24ca52e7bd112dead58302fde6b9203ef6a7c44b89faeaec233dfc2a40848d77e667de63c9b32e842e1ba6c687892
+EBUILD crda-3.18-r2.ebuild 2083 BLAKE2B fe89799f996660fd0473f08bb2000e540f92909e7896be1cd574f4956fa71add202dd067a1111f5f17c3cdb839b8c32900d90916a50f2f243fba9f7665666b89 SHA512 f7a0449d49c231d205e1b1ef46471ee89b2e75aa4dd53ef38353188308cb1d197c02d574f12b8d72e6281bee945f8ff4af359ce1193bcca8143ad1455aa3c36d
 MISC metadata.xml 341 BLAKE2B 3164318aaf0c333f739b8c863660b2b77844b0aa7cdca818358f566dd6cfbf585e1b6661373e58e6c1116771cb4f23c962e27b24bf325cd415ee23a035d5d8a2 SHA512 ca1f9e4b85c7921ab86bf2b5c6be5c8ad07ec900ec23e0c602cc63e815c4e0036fc3ab03470debf645b4f3d444d986f16f9a120af56193d902150e15156f9d59
diff --git a/net-wireless/crda/crda-3.18-r2.ebuild b/net-wireless/crda/crda-3.18-r2.ebuild
new file mode 100644
index 000000000000..db7d191eab6d
--- /dev/null
+++ b/net-wireless/crda/crda-3.18-r2.ebuild
@@ -0,0 +1,81 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+PYTHON_COMPAT=( python2_7 )
+inherit toolchain-funcs python-any-r1 udev
+
+DESCRIPTION="Central Regulatory Domain Agent for wireless networks"
+HOMEPAGE="https://wireless.wiki.kernel.org/en/developers/regulatory/crda"
+SRC_URI="http://linuxwireless.org/download/crda/${P}.tar.xz
+	mirror://kernel/software/network/crda/${P}.tar.xz"
+
+LICENSE="ISC"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="gcrypt libressl"
+
+RDEPEND="!gcrypt? (
+		!libressl? ( dev-libs/openssl:0 )
+		libressl? ( dev-libs/libressl )
+	)
+	gcrypt? ( dev-libs/libgcrypt:0 )
+	dev-libs/libnl:3
+	net-wireless/wireless-regdb"
+DEPEND="${RDEPEND}
+	${PYTHON_DEPS}
+	$(python_gen_any_dep 'dev-python/m2crypto[${PYTHON_USEDEP}]')
+	virtual/pkgconfig"
+
+python_check_deps() {
+	has_version --host-root "dev-python/m2crypto[${PYTHON_USEDEP}]"
+}
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-3.18-no-ldconfig.patch
+	"${FILESDIR}"/${PN}-3.18-no-werror.patch
+	"${FILESDIR}"/${PN}-3.18-cflags.patch
+	"${FILESDIR}"/${PN}-3.18-libreg-link.patch #542436
+	"${FILESDIR}"/${PN}-3.18-openssl-1.1.0-compatibility.patch #652428
+)
+
+src_prepare() {
+	default
+	sed -i \
+		-e "s:\<pkg-config\>:$(tc-getPKG_CONFIG):" \
+		Makefile || die
+}
+
+_emake() {
+	# The source hardcodes /usr/lib/crda/ paths (ignoring all make vars
+	# that look like it should change it).  We want to use /usr/lib/
+	# anyways as this file is not ABI specific and we want to share it
+	# among all ABIs rather than pointlessly duplicate it.
+	#
+	# The trailing slash on SBINDIR is required by the source.
+	emake \
+		PREFIX="${EPREFIX}/usr" \
+		SBINDIR='$(PREFIX)/sbin/' \
+		LIBDIR='$(PREFIX)/'"$(get_libdir)" \
+		UDEV_RULE_DIR="$(get_udevdir)/rules.d" \
+		REG_BIN="${SYSROOT}"/usr/lib/crda/regulatory.bin \
+		USE_OPENSSL=$(usex gcrypt 0 1) \
+		CC="$(tc-getCC)" \
+		V=1 \
+		WERROR= \
+		"$@"
+}
+
+src_compile() {
+	_emake all_noverify
+}
+
+src_test() {
+	_emake verify
+}
+
+src_install() {
+	_emake DESTDIR="${D}" install
+	keepdir /etc/wireless-regdb/pubkeys
+}
diff --git a/net-wireless/crda/files/crda-3.18-openssl-1.1.0-compatibility.patch b/net-wireless/crda/files/crda-3.18-openssl-1.1.0-compatibility.patch
new file mode 100644
index 000000000000..00a9b5570d2d
--- /dev/null
+++ b/net-wireless/crda/files/crda-3.18-openssl-1.1.0-compatibility.patch
@@ -0,0 +1,315 @@
+From 338637ac08c19708eb35523894b44bbe3c726cfa Mon Sep 17 00:00:00 2001
+From: quentin <quentin@minster.io>
+Date: Mon, 2 Apr 2018 18:07:50 +0200
+Subject: [PATCH] crda: Fix for OpenSSL 1.1.0: BIGNUM now opaque
+
+OpenSSL 1.1.0 makes most of OpenSSL's structures opaque, and provides
+functions to manipulate them. This means it's no longer possible to
+construct an OpenSSL BIGNUM directly from scratch, as was done in
+keys-ssl.c.
+
+Use BN_bin2bn() (available since OpenSSL 0.9.8) to build the bignum from
+its big-endian representation as a byte array.
+
+This also allows factoring the code in utils/key2pub.py as it's now the
+same mechanism as with libgcrypt.
+
+This was tested with OpenSSL 1.1.0g.
+
+Signed-off-by: Quentin Minster <quentin@minster.io>
+---
+ Makefile         |  12 +++----
+ reglib.c         |  44 +++++++++++++++++------
+ utils/key2pub.py | 107 ++++++-------------------------------------------------
+ 3 files changed, 49 insertions(+), 114 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index a3ead30..a4e7373 100644
+--- a/Makefile
++++ b/Makefile
+@@ -38,18 +38,16 @@ all: all_noverify verify
+ 
+ all_noverify: $(LIBREG) crda intersect regdbdump db2rd optimize
+ 
++$(LIBREG): keys.c
++
+ ifeq ($(USE_OPENSSL),1)
+ CFLAGS += -DUSE_OPENSSL -DPUBKEY_DIR=\"$(RUNTIME_PUBKEY_DIR)\" `pkg-config --cflags openssl`
+ LDLIBS += `pkg-config --libs openssl`
+ 
+-$(LIBREG): keys-ssl.c
+-
+ else
+ CFLAGS += -DUSE_GCRYPT
+ LDLIBS += -lgcrypt
+ 
+-$(LIBREG): keys-gcrypt.c
+-
+ endif
+ MKDIR ?= mkdir -p
+ INSTALL ?= install
+@@ -109,10 +107,10 @@ $(REG_BIN):
+ 	$(NQ)
+ 	$(Q) exit 1
+ 
+-keys-%.c: utils/key2pub.py $(wildcard $(PUBKEY_DIR)/*.pem)
++keys.c: utils/key2pub.py $(wildcard $(PUBKEY_DIR)/*.pem)
+ 	$(NQ) '  GEN ' $@
+ 	$(NQ) '  Trusted pubkeys:' $(wildcard $(PUBKEY_DIR)/*.pem)
+-	$(Q)./utils/key2pub.py --$* $(wildcard $(PUBKEY_DIR)/*.pem) $@
++	$(Q)./utils/key2pub.py $(wildcard $(PUBKEY_DIR)/*.pem) $@
+ 
+ $(LIBREG): regdb.h reglib.h reglib.c
+ 	$(NQ) '  CC  ' $@
+@@ -187,5 +185,5 @@ install: install-libreg install-libreg-headers crda crda.8.gz regdbdump.8.gz
+ 
+ clean:
+ 	$(Q)rm -f $(LIBREG) crda regdbdump intersect db2rd optimize \
+-		*.o *~ *.pyc keys-*.c *.gz \
++		*.o *~ *.pyc keys.c *.gz \
+ 	udev/$(UDEV_LEVEL)regulatory.rules udev/regulatory.rules.parsed
+diff --git a/reglib.c b/reglib.c
+index e00e9b8..00f7f56 100644
+--- a/reglib.c
++++ b/reglib.c
+@@ -22,6 +22,7 @@
+ #include <openssl/rsa.h>
+ #include <openssl/sha.h>
+ #include <openssl/pem.h>
++#include <openssl/bn.h>
+ #endif
+ 
+ #ifdef USE_GCRYPT
+@@ -30,12 +31,8 @@
+ 
+ #include "reglib.h"
+ 
+-#ifdef USE_OPENSSL
+-#include "keys-ssl.c"
+-#endif
+-
+-#ifdef USE_GCRYPT
+-#include "keys-gcrypt.c"
++#if defined(USE_OPENSSL) || defined(USE_GCRYPT)
++#include "keys.c"
+ #endif
+ 
+ int debug = 0;
+@@ -81,7 +78,8 @@ reglib_array_len(size_t baselen, unsigned int elemcount, size_t elemlen)
+ #ifdef USE_OPENSSL
+ int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen)
+ {
+-	RSA *rsa;
++	RSA *rsa = NULL;
++	BIGNUM *rsa_e = NULL, *rsa_n = NULL;
+ 	uint8_t hash[SHA_DIGEST_LENGTH];
+ 	unsigned int i;
+ 	int ok = 0;
+@@ -102,15 +100,35 @@ int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen)
+ 			goto out;
+ 		}
+ 
+-		rsa->e = &keys[i].e;
+-		rsa->n = &keys[i].n;
++		rsa_e = BN_bin2bn(keys[i].e, keys[i].len_e, NULL);
++		if (!rsa_e) {
++			fprintf(stderr, "Failed to convert value for RSA e.\n");
++			goto out;
++		}
++		rsa_n = BN_bin2bn(keys[i].n, keys[i].len_n, NULL);
++		if (!rsa_n) {
++			fprintf(stderr, "Failed to convert value for RSA n.\n");
++			goto out;
++		}
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++		rsa->e = rsa_e;
++		rsa->n = rsa_n;
++#else
++		if (RSA_set0_key(rsa, rsa_n, rsa_e, NULL) != 1) {
++			fprintf(stderr, "Failed to set RSA key.\n");
++			goto out;
++		}
++#endif
++		/* BIGNUMs now owned by the RSA object */
++		rsa_e = NULL;
++		rsa_n = NULL;
+ 
+ 		ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
+ 				db + dblen, siglen, rsa) == 1;
+ 
+-		rsa->e = NULL;
+-		rsa->n = NULL;
+ 		RSA_free(rsa);
++		rsa = NULL;
+ 	}
+ 	if (!ok && (pubkey_dir = opendir(PUBKEY_DIR))) {
+ 		while (!ok && (nextfile = readdir(pubkey_dir))) {
+@@ -123,6 +141,7 @@ int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen)
+ 					ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
+ 						db + dblen, siglen, rsa) == 1;
+ 				RSA_free(rsa);
++				rsa = NULL;
+ 				fclose(keyfile);
+ 			}
+ 		}
+@@ -133,6 +152,9 @@ int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen)
+ 		fprintf(stderr, "Database signature verification failed.\n");
+ 
+ out:
++	RSA_free(rsa);
++	BN_free(rsa_e);
++	BN_free(rsa_n);
+ 	return ok;
+ }
+ #endif /* USE_OPENSSL */
+diff --git a/utils/key2pub.py b/utils/key2pub.py
+index 9bb04cd..1919270 100755
+--- a/utils/key2pub.py
++++ b/utils/key2pub.py
+@@ -9,84 +9,7 @@ except ImportError, e:
+        sys.stderr.write('On Debian GNU/Linux the package is called "python-m2crypto".\n')
+        sys.exit(1)
+ 
+-def print_ssl_64(output, name, val):
+-    while val[0] == '\0':
+-        val = val[1:]
+-    while len(val) % 8:
+-        val = '\0' + val
+-    vnew = []
+-    while len(val):
+-        vnew.append((val[0], val[1], val[2], val[3], val[4], val[5], val[6], val[7]))
+-        val = val[8:]
+-    vnew.reverse()
+-    output.write('static BN_ULONG %s[%d] = {\n' % (name, len(vnew)))
+-    idx = 0
+-    for v1, v2, v3, v4, v5, v6, v7, v8 in vnew:
+-        if not idx:
+-            output.write('\t')
+-        output.write('0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x, ' % (ord(v1), ord(v2), ord(v3), ord(v4), ord(v5), ord(v6), ord(v7), ord(v8)))
+-        idx += 1
+-        if idx == 2:
+-            idx = 0
+-            output.write('\n')
+-    if idx:
+-        output.write('\n')
+-    output.write('};\n\n')
+-
+-def print_ssl_32(output, name, val):
+-    while val[0] == '\0':
+-        val = val[1:]
+-    while len(val) % 4:
+-        val = '\0' + val
+-    vnew = []
+-    while len(val):
+-        vnew.append((val[0], val[1], val[2], val[3], ))
+-        val = val[4:]
+-    vnew.reverse()
+-    output.write('static BN_ULONG %s[%d] = {\n' % (name, len(vnew)))
+-    idx = 0
+-    for v1, v2, v3, v4 in vnew:
+-        if not idx:
+-            output.write('\t')
+-        output.write('0x%.2x%.2x%.2x%.2x, ' % (ord(v1), ord(v2), ord(v3), ord(v4)))
+-        idx += 1
+-        if idx == 4:
+-            idx = 0
+-            output.write('\n')
+-    if idx:
+-        output.write('\n')
+-    output.write('};\n\n')
+-
+-def print_ssl(output, name, val):
+-    import struct
+-    output.write('#include <stdint.h>\n')
+-    if len(struct.pack('@L', 0)) == 8:
+-        return print_ssl_64(output, name, val)
+-    else:
+-        return print_ssl_32(output, name, val)
+-
+-def print_ssl_keys(output, n):
+-    output.write(r'''
+-struct pubkey {
+-	struct bignum_st e, n;
+-};
+-
+-#define KEY(data) {				\
+-	.d = data,				\
+-	.top = sizeof(data)/sizeof(data[0]),	\
+-}
+-
+-#define KEYS(e,n)	{ KEY(e), KEY(n), }
+-
+-static struct pubkey keys[] = {
+-''')
+-    for n in xrange(n + 1):
+-        output.write('	KEYS(e_%d, n_%d),\n' % (n, n))
+-    output.write('};\n')
+-    pass
+-
+-def print_gcrypt(output, name, val):
+-    output.write('#include <stdint.h>\n')
++def print_bignum(output, name, val):
+     while val[0] == '\0':
+         val = val[1:]
+     output.write('static const uint8_t %s[%d] = {\n' % (name, len(val)))
+@@ -103,11 +26,11 @@ def print_gcrypt(output, name, val):
+         output.write('\n')
+     output.write('};\n\n')
+ 
+-def print_gcrypt_keys(output, n):
++def print_keys(output, n):
+     output.write(r'''
+ struct key_params {
+ 	const uint8_t *e, *n;
+-	uint32_t len_e, len_n;
++	const uint32_t len_e, len_n;
+ };
+ 
+ #define KEYS(_e, _n) {			\
+@@ -120,25 +43,17 @@ static const struct key_params __attribute__ ((unused)) keys[] = {
+     for n in xrange(n + 1):
+         output.write('	KEYS(e_%d, n_%d),\n' % (n, n))
+     output.write('};\n')
+-    
+ 
+-modes = {
+-    '--ssl': (print_ssl, print_ssl_keys),
+-    '--gcrypt': (print_gcrypt, print_gcrypt_keys),
+-}
+ 
+-try:
+-    mode = sys.argv[1]
+-    files = sys.argv[2:-1]
+-    outfile = sys.argv[-1]
+-except IndexError:
+-    mode = None
++files = sys.argv[1:-1]
++outfile = sys.argv[-1]
+ 
+-if not mode in modes:
+-    print 'Usage: %s [%s] input-file... output-file' % (sys.argv[0], '|'.join(modes.keys()))
++if len(files) == 0:
++    print 'Usage: %s input-file... output-file' % (sys.argv[0], )
+     sys.exit(2)
+ 
+ output = open(outfile, 'w')
++output.write('#include <stdint.h>\n\n\n')
+ 
+ # load key
+ idx = 0
+@@ -148,8 +63,8 @@ for f in files:
+     except RSA.RSAError:
+         key = RSA.load_key(f)
+ 
+-    modes[mode][0](output, 'e_%d' % idx, key.e[4:])
+-    modes[mode][0](output, 'n_%d' % idx, key.n[4:])
++    print_bignum(output, 'e_%d' % idx, key.e[4:])
++    print_bignum(output, 'n_%d' % idx, key.n[4:])
+     idx += 1
+ 
+-modes[mode][1](output, idx - 1)
++print_keys(output, idx - 1)
+-- 
+2.16.2
+
-- 
cgit v1.2.3