net-wireless/wpa_supplicant: drop OpenSSL bindist kludge

Not needed anymore now that (stable) OpenSSL now lacks USE=bindist;
see news item for more information.

Originally added in fed37693d6442a4ec65e121c80ad2f52b6d93335, the
changes were/are just to allow building wpa_supplicant against
openssl[bindist] rather than anything shipped within wpa_supplicant
that might have patent issues, etc.

Bug: https://bugs.gentoo.org/762850
Signed-off-by: Sam James <sam@gentoo.org>

2 files changed, 43 insertions, 46 deletions

diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r6.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r7.ebuild
index 5e770398c338..2935a7227ab1 100644
--- a/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r6.ebuild
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-2.9-r7.ebuild
@@ -19,7 +19,7 @@ else
 fi
 
 SLOT="0"
-IUSE="ap bindist +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
+IUSE="ap +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
 
 # CONFIG_PRIVSEP=y does not have sufficient support for the new driver
 # interface functions used for MACsec, so this combination cannot be used
@@ -264,24 +264,23 @@ src_configure() {
 
 	Kconfig_style_config TLS openssl
 	Kconfig_style_config FST
-	if ! use bindist ; then
-		Kconfig_style_config EAP_PWD
-		if use fils; then
-			Kconfig_style_config FILS
-			Kconfig_style_config FILS_SK_PFS
-		fi
-		if use mesh; then
-			Kconfig_style_config MESH
-		else
-			Kconfig_style_config MESH n
-		fi
-		#WPA3
-		Kconfig_style_config OWE
-		Kconfig_style_config SAE
-		Kconfig_style_config DPP
-		Kconfig_style_config SUITEB192
-		Kconfig_style_config SUITEB
+
+	Kconfig_style_config EAP_PWD
+	if use fils; then
+		Kconfig_style_config FILS
+		Kconfig_style_config FILS_SK_PFS
 	fi
+	if use mesh; then
+		Kconfig_style_config MESH
+	else
+		Kconfig_style_config MESH n
+	fi
+	# WPA3
+	Kconfig_style_config OWE
+	Kconfig_style_config SAE
+	Kconfig_style_config DPP
+	Kconfig_style_config SUITEB192
+	Kconfig_style_config SUITEB
 
 	if use smartcard ; then
 		Kconfig_style_config SMARTCARD
@@ -478,11 +477,6 @@ pkg_postinst() {
 		ewarn "needs to be moved to ${EROOT}/etc/wpa_supplicant/wpa_supplicant.conf"
 	fi
 
-	if use bindist; then
-		ewarn "Using bindist use flag presently breaks WPA3 (specifically SAE, OWE, DPP, and FILS)."
-		ewarn "This is incredibly undesirable"
-	fi
-
 	# Mea culpa, feel free to remove that after some time --mgorny.
 	local fn
 	for fn in wpa_supplicant{,@wlan0}.service; do
diff --git a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild b/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
index 0420a22e8dc9..2935a7227ab1 100644
--- a/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
+++ b/net-wireless/wpa_supplicant/wpa_supplicant-9999.ebuild
@@ -15,10 +15,11 @@ if [ "${PV}" = "9999" ]; then
 else
 	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
 	SRC_URI="https://w1.fi/releases/${P}.tar.gz"
+	SRC_URI+=" https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/${PN}-2.9-r3-patches.tar.bz2"
 fi
 
 SLOT="0"
-IUSE="ap bindist +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
+IUSE="ap +crda broadcom-sta dbus eap-sim eapol-test fasteap +fils +hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls uncommon-eap-types wimax wps kernel_linux kernel_FreeBSD"
 
 # CONFIG_PRIVSEP=y does not have sufficient support for the new driver
 # interface functions used for MACsec, so this combination cannot be used
@@ -150,6 +151,14 @@ src_prepare() {
 
 	# bug (640492)
 	sed -i 's#-Werror ##' wpa_supplicant/Makefile || die
+
+	## Security patches
+	# CVE-2019-16275 (bug #696030)
+	eapply "${FILESDIR}/wpa_supplicant-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch"
+	# 2020-2, 2021-1 security advisories (bug #768759)
+	eapply "${WORKDIR}"/wpa_supplicant-2.9-r3-patches/security-{2020-2,2021-1}/*.patch
+	# CVE-2021-30004 (bug #780138)
+	eapply "${WORKDIR}"/wpa_supplicant-2.9-r3-patches/misc/CVE-2021-30004.patch
 }
 
 src_configure() {
@@ -255,24 +264,23 @@ src_configure() {
 
 	Kconfig_style_config TLS openssl
 	Kconfig_style_config FST
-	if ! use bindist ; then
-		Kconfig_style_config EAP_PWD
-		if use fils; then
-			Kconfig_style_config FILS
-			Kconfig_style_config FILS_SK_PFS
-		fi
-		if use mesh; then
-			Kconfig_style_config MESH
-		else
-			Kconfig_style_config MESH n
-		fi
-		#WPA3
-		Kconfig_style_config OWE
-		Kconfig_style_config SAE
-		Kconfig_style_config DPP
-		Kconfig_style_config SUITEB192
-		Kconfig_style_config SUITEB
+
+	Kconfig_style_config EAP_PWD
+	if use fils; then
+		Kconfig_style_config FILS
+		Kconfig_style_config FILS_SK_PFS
 	fi
+	if use mesh; then
+		Kconfig_style_config MESH
+	else
+		Kconfig_style_config MESH n
+	fi
+	# WPA3
+	Kconfig_style_config OWE
+	Kconfig_style_config SAE
+	Kconfig_style_config DPP
+	Kconfig_style_config SUITEB192
+	Kconfig_style_config SUITEB
 
 	if use smartcard ; then
 		Kconfig_style_config SMARTCARD
@@ -469,11 +477,6 @@ pkg_postinst() {
 		ewarn "needs to be moved to ${EROOT}/etc/wpa_supplicant/wpa_supplicant.conf"
 	fi
 
-	if use bindist; then
-		ewarn "Using bindist use flag presently breaks WPA3 (specifically SAE, OWE, DPP, and FILS)."
-		ewarn "This is incredibly undesirable"
-	fi
-
 	# Mea culpa, feel free to remove that after some time --mgorny.
 	local fn
 	for fn in wpa_supplicant{,@wlan0}.service; do