commit: c87a5a3b0b692fbe21af5bfd7a28e1c42688c55b Author: orbea <orbea <AT> riseup <DOT> net> AuthorDate: Mon May 5 05:15:28 2025 +0000 Commit: orbea <orbea <AT> riseup <DOT> net> CommitDate: Mon May 5 05:16:16 2025 +0000 URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=c87a5a3b
net-wireless/wpa_supplicant: update patch for LibreSSL 4.1.0 Closes: https://github.com/gentoo/libressl/issues/590 Signed-off-by: orbea <orbea <AT> riseup.net> .../files/wpa_supplicant-2.11-libressl.patch | 9 +++++++++ .../wpa_supplicant/files/wpa_supplicant-2.9-libressl.patch | 14 +++++++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.11-libressl.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.11-libressl.patch index 450946c..b90b261 100644 --- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.11-libressl.patch +++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.11-libressl.patch @@ -22,3 +22,12 @@ #ifdef OPENSSL_IS_BORINGSSL if (openssl_ciphers && os_strcmp(openssl_ciphers, "SUITEB192") == 0) { +@@ -5778,7 +5786,7 @@ int tls_global_set_params(void *tls_ctx, + * commented out unless explicitly needed for EAP-FAST in order to be able to + * build this file with unmodified openssl. */ + +-#if (defined(OPENSSL_IS_BORINGSSL) || OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) ++#if (defined(OPENSSL_IS_BORINGSSL) || OPENSSL_VERSION_NUMBER >= 0x10100000L) && (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x4010000fL) + static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + const SSL_CIPHER **cipher, void *arg) diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.9-libressl.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.9-libressl.patch index 7a3fe0d..3140d32 100644 --- a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.9-libressl.patch +++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.9-libressl.patch @@ -1,8 +1,6 @@ -diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c -index 345a35ee1..fc6a606d0 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c -@@ -3034,7 +3034,7 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags, +@@ -3048,7 +3048,7 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags, /* Start with defaults from BoringSSL */ SSL_CTX_set_verify_algorithm_prefs(conn->ssl_ctx, NULL, 0); #endif /* OPENSSL_IS_BORINGSSL */ @@ -10,3 +8,13 @@ index 345a35ee1..fc6a606d0 100644 +#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) if (flags & TLS_CONN_SUITEB_NO_ECDH) { const char *ciphers = "DHE-RSA-AES256-GCM-SHA384"; + +@@ -5538,7 +5538,7 @@ int tls_global_set_params(void *tls_ctx, + * commented out unless explicitly needed for EAP-FAST in order to be able to + * build this file with unmodified openssl. */ + +-#if (defined(OPENSSL_IS_BORINGSSL) || OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) ++#if (defined(OPENSSL_IS_BORINGSSL) || OPENSSL_VERSION_NUMBER >= 0x10100000L) && (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x4010000fL) + static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + const SSL_CIPHER **cipher, void *arg)
