1 |
commit: d29ac500f4bcced9c6cdf6ab71ef58552e598f95 |
2 |
Author: Andrey Utkin <andrey_utkin <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Apr 8 18:15:35 2019 +0000 |
4 |
Commit: Andrey Utkin <andrey_utkin <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Apr 8 18:21:47 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d29ac500 |
7 |
|
8 |
net-wireless/hostapd: drop old versions |
9 |
|
10 |
Note: what was in files/, is now obtained from "extras" distfile to |
11 |
satisfy the QA policy about FILESDIR size limits. |
12 |
|
13 |
Package-Manager: Portage-2.3.62, Repoman-2.3.12 |
14 |
Signed-off-by: Andrey Utkin <andrey_utkin <AT> gentoo.org> |
15 |
|
16 |
net-wireless/hostapd/Manifest | 5 - |
17 |
...-Avoid-key-reinstallation-in-FT-handshake.patch | 174 -------------- |
18 |
...nstallation-of-an-already-in-use-group-ke.patch | 250 ------------------- |
19 |
...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 -------------- |
20 |
...04-Prevent-installation-of-an-all-zero-TK.patch | 79 ------ |
21 |
...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 64 ----- |
22 |
...6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 ---------- |
23 |
...llow-multiple-Reassociation-Response-fram.patch | 82 ------- |
24 |
.../files/hostapd-2.6-libressl-compatibility.patch | 106 -------- |
25 |
net-wireless/hostapd/files/hostapd-conf.d | 9 - |
26 |
net-wireless/hostapd/files/hostapd-init.d | 38 --- |
27 |
net-wireless/hostapd/files/hostapd.service | 9 - |
28 |
net-wireless/hostapd/hostapd-2.6-r4.ebuild | 253 -------------------- |
29 |
net-wireless/hostapd/hostapd-2.6-r5.ebuild | 256 -------------------- |
30 |
net-wireless/hostapd/hostapd-2.6-r6.ebuild | 259 -------------------- |
31 |
net-wireless/hostapd/hostapd-2.6_p20180822.ebuild | 262 -------------------- |
32 |
net-wireless/hostapd/hostapd-2.7-r1.ebuild | 266 --------------------- |
33 |
net-wireless/hostapd/hostapd-2.7.ebuild | 262 -------------------- |
34 |
18 files changed, 2690 deletions(-) |
35 |
|
36 |
diff --git a/net-wireless/hostapd/Manifest b/net-wireless/hostapd/Manifest |
37 |
index 428bfc3a277..f18f59bcb9b 100644 |
38 |
--- a/net-wireless/hostapd/Manifest |
39 |
+++ b/net-wireless/hostapd/Manifest |
40 |
@@ -1,7 +1,2 @@ |
41 |
-DIST hostapd-2.6.tar.gz 1822341 BLAKE2B c0075ffcdb11237e11410d87329a7a71aae5e00481022e02faf03771d45a61410ff906ebffdeea03fdeab751ce85e5a5e191173883ee9f1c284e6bc00342a011 SHA512 e60baaa092786250b8de9935f5417c7626f5d749210cce9f83d776b65c19fc92a8141f41923389f05c16295d482a15ae8d8b744f4667425040c99e3c2f5b1bda |
42 |
-DIST hostapd-2.6_p20180822.tar.xz 2912628 BLAKE2B df102e2ee8fbfaf83050264fcd0374fee3a249db0bacff1b60a23d8fae4a4db7f42f2741b435112c0d94ffa1482ff08708e94b760de340bee2f341e52b8eb15a SHA512 c05edc48992edb617067bb258658210edebc6e72889af8d14e4ee5e0a2d79327798b4eb6985fd076da53973bbf965bff631afe1e1a048898433670783908f2ff |
43 |
DIST hostapd-2.7.tar.gz 2101166 BLAKE2B 4e88b7f0d2c57a02edf4214bb35efa08e87a2cbdac4eda9934a40b09f8c046da6cca1250fe5714cb403eb81739bd99e04ea5a9fad62e47bcee4d72106170905d SHA512 1c9a210dfffb951fb667be19aa44ad8c66dccd2aed26cdab939185923550e3c1998a678ebe6975e560e1b3385bff2098f1b2cb773452ba66fb35246fdd3eb2c1 |
44 |
-DIST net-wireless_hostapd_2.6-r5_extras.tar.xz 10648 BLAKE2B fef02c9fbc9b6bce662f7d569a56450371bc1e9c5cd34a7cf4fc0220bb8239214604806f3edfde87fd45c7cf07bab9cf16a6c215c1bfa3161ba4361e4b295981 SHA512 cf818854e7af6562a163b5a61d63f4fa1284905f5803abe4ef97a6743b74ce2d28c818aa462d843448146226b9c5c9578b6c69ffad2d4fb8a62777cd5d353e70 |
45 |
-DIST net-wireless_hostapd_2.6-r6_extras.tar.xz 11156 BLAKE2B 62205070d4dd081d4149616f1abb4f84105c77433464dc9fea41a3fa9f58cc09af99b4e6618657777e77759d33e38c8a5647537c0098e772f032a368b82be709 SHA512 c21155e16ef931e431cca54c0f83567915b511d7abe42a5b4a4475d40eda3616eb017f0a669fd7326bc4f410f9a8e174fb8e0619cb32631ab1ca22e6fad2c612 |
46 |
-DIST net-wireless_hostapd_2.7-r1_extras.tar.xz 1792 BLAKE2B 865d0170743432bf47bf3912316ae817bfea87ffa98df9cee77c0c366ffd2673d51b2d4e7b30339b3ad7abdcaa3addf9cd7ad9db51925ae8809d31888ec02445 SHA512 abea295f0b46b03ee829a3cecf1e89f1678f5bf326ad185d939f23e69e440544860ebafedc1b5b1a3b57c73709b6bb7bf45c4a45f9d58f8adeb7424946f34841 |
47 |
DIST net-wireless_hostapd_2.7-r2_extras.tar.xz 1820 BLAKE2B 5c4daf0e4fcf5ae0803cdbe2aabcc75e89b1e92048e8a01894d73639a16b049174b37eca6b6206c337a2874a6e6d5588d50fa5b8a4813e7f6c22bf02efca852f SHA512 65bc4634c8314280ceab44d1f5d6d62092f4bca48253f107b076211020f6f6502388490aee907f9910846a25ba2da7e4122bdb1873eb2b12bf94e867e3295f4c |
48 |
|
49 |
diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch |
50 |
deleted file mode 100644 |
51 |
index 727684865db..00000000000 |
52 |
--- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch |
53 |
+++ /dev/null |
54 |
@@ -1,174 +0,0 @@ |
55 |
-From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 |
56 |
-From: Mathy Vanhoef <Mathy.Vanhoef@×××××××××××.be> |
57 |
-Date: Fri, 14 Jul 2017 15:15:35 +0200 |
58 |
-Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake |
59 |
- |
60 |
-Do not reinstall TK to the driver during Reassociation Response frame |
61 |
-processing if the first attempt of setting the TK succeeded. This avoids |
62 |
-issues related to clearing the TX/RX PN that could result in reusing |
63 |
-same PN values for transmitted frames (e.g., due to CCM nonce reuse and |
64 |
-also hitting replay protection on the receiver) and accepting replayed |
65 |
-frames on RX side. |
66 |
- |
67 |
-This issue was introduced by the commit |
68 |
-0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in |
69 |
-authenticator') which allowed wpa_ft_install_ptk() to be called multiple |
70 |
-times with the same PTK. While the second configuration attempt is |
71 |
-needed with some drivers, it must be done only if the first attempt |
72 |
-failed. |
73 |
- |
74 |
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@×××××××××××.be> |
75 |
---- |
76 |
- src/ap/ieee802_11.c | 16 +++++++++++++--- |
77 |
- src/ap/wpa_auth.c | 11 +++++++++++ |
78 |
- src/ap/wpa_auth.h | 3 ++- |
79 |
- src/ap/wpa_auth_ft.c | 10 ++++++++++ |
80 |
- src/ap/wpa_auth_i.h | 1 + |
81 |
- 5 files changed, 37 insertions(+), 4 deletions(-) |
82 |
- |
83 |
-diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c |
84 |
-index 4e04169..333035f 100644 |
85 |
---- a/src/ap/ieee802_11.c |
86 |
-+++ b/src/ap/ieee802_11.c |
87 |
-@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, |
88 |
- { |
89 |
- struct ieee80211_ht_capabilities ht_cap; |
90 |
- struct ieee80211_vht_capabilities vht_cap; |
91 |
-+ int set = 1; |
92 |
- |
93 |
- /* |
94 |
- * Remove the STA entry to ensure the STA PS state gets cleared and |
95 |
-@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, |
96 |
- * FT-over-the-DS, where a station re-associates back to the same AP but |
97 |
- * skips the authentication flow, or if working with a driver that |
98 |
- * does not support full AP client state. |
99 |
-+ * |
100 |
-+ * Skip this if the STA has already completed FT reassociation and the |
101 |
-+ * TK has been configured since the TX/RX PN must not be reset to 0 for |
102 |
-+ * the same key. |
103 |
- */ |
104 |
-- if (!sta->added_unassoc) |
105 |
-+ if (!sta->added_unassoc && |
106 |
-+ (!(sta->flags & WLAN_STA_AUTHORIZED) || |
107 |
-+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { |
108 |
- hostapd_drv_sta_remove(hapd, sta->addr); |
109 |
-+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); |
110 |
-+ set = 0; |
111 |
-+ } |
112 |
- |
113 |
- #ifdef CONFIG_IEEE80211N |
114 |
- if (sta->flags & WLAN_STA_HT) |
115 |
-@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, |
116 |
- sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, |
117 |
- sta->flags | WLAN_STA_ASSOC, sta->qosinfo, |
118 |
- sta->vht_opmode, sta->p2p_ie ? 1 : 0, |
119 |
-- sta->added_unassoc)) { |
120 |
-+ set)) { |
121 |
- hostapd_logger(hapd, sta->addr, |
122 |
- HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, |
123 |
- "Could not %s STA to kernel driver", |
124 |
-- sta->added_unassoc ? "set" : "add"); |
125 |
-+ set ? "set" : "add"); |
126 |
- |
127 |
- if (sta->added_unassoc) { |
128 |
- hostapd_drv_sta_remove(hapd, sta->addr); |
129 |
-diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c |
130 |
-index 3587086..707971d 100644 |
131 |
---- a/src/ap/wpa_auth.c |
132 |
-+++ b/src/ap/wpa_auth.c |
133 |
-@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) |
134 |
- #else /* CONFIG_IEEE80211R */ |
135 |
- break; |
136 |
- #endif /* CONFIG_IEEE80211R */ |
137 |
-+ case WPA_DRV_STA_REMOVED: |
138 |
-+ sm->tk_already_set = FALSE; |
139 |
-+ return 0; |
140 |
- } |
141 |
- |
142 |
- #ifdef CONFIG_IEEE80211R |
143 |
-@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) |
144 |
- } |
145 |
- |
146 |
- |
147 |
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm) |
148 |
-+{ |
149 |
-+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt)) |
150 |
-+ return 0; |
151 |
-+ return sm->tk_already_set; |
152 |
-+} |
153 |
-+ |
154 |
-+ |
155 |
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, |
156 |
- struct rsn_pmksa_cache_entry *entry) |
157 |
- { |
158 |
-diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h |
159 |
-index 0de8d97..97461b0 100644 |
160 |
---- a/src/ap/wpa_auth.h |
161 |
-+++ b/src/ap/wpa_auth.h |
162 |
-@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, |
163 |
- u8 *data, size_t data_len); |
164 |
- enum wpa_event { |
165 |
- WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, |
166 |
-- WPA_REAUTH_EAPOL, WPA_ASSOC_FT |
167 |
-+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED |
168 |
- }; |
169 |
- void wpa_remove_ptk(struct wpa_state_machine *sm); |
170 |
- int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event); |
171 |
-@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm); |
172 |
- int wpa_auth_get_pairwise(struct wpa_state_machine *sm); |
173 |
- int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); |
174 |
- int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); |
175 |
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); |
176 |
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, |
177 |
- struct rsn_pmksa_cache_entry *entry); |
178 |
- struct rsn_pmksa_cache_entry * |
179 |
-diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c |
180 |
-index 42242a5..e63b99a 100644 |
181 |
---- a/src/ap/wpa_auth_ft.c |
182 |
-+++ b/src/ap/wpa_auth_ft.c |
183 |
-@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) |
184 |
- return; |
185 |
- } |
186 |
- |
187 |
-+ if (sm->tk_already_set) { |
188 |
-+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX |
189 |
-+ * PN in the driver */ |
190 |
-+ wpa_printf(MSG_DEBUG, |
191 |
-+ "FT: Do not re-install same PTK to the driver"); |
192 |
-+ return; |
193 |
-+ } |
194 |
-+ |
195 |
- /* FIX: add STA entry to kernel/driver here? The set_key will fail |
196 |
- * most likely without this.. At the moment, STA entry is added only |
197 |
- * after association has been completed. This function will be called |
198 |
-@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) |
199 |
- |
200 |
- /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ |
201 |
- sm->pairwise_set = TRUE; |
202 |
-+ sm->tk_already_set = TRUE; |
203 |
- } |
204 |
- |
205 |
- |
206 |
-@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, |
207 |
- |
208 |
- sm->pairwise = pairwise; |
209 |
- sm->PTK_valid = TRUE; |
210 |
-+ sm->tk_already_set = FALSE; |
211 |
- wpa_ft_install_ptk(sm); |
212 |
- |
213 |
- buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + |
214 |
-diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h |
215 |
-index 72b7eb3..7fd8f05 100644 |
216 |
---- a/src/ap/wpa_auth_i.h |
217 |
-+++ b/src/ap/wpa_auth_i.h |
218 |
-@@ -65,6 +65,7 @@ struct wpa_state_machine { |
219 |
- struct wpa_ptk PTK; |
220 |
- Boolean PTK_valid; |
221 |
- Boolean pairwise_set; |
222 |
-+ Boolean tk_already_set; |
223 |
- int keycount; |
224 |
- Boolean Pair; |
225 |
- struct wpa_key_replay_counter { |
226 |
--- |
227 |
-2.7.4 |
228 |
- |
229 |
|
230 |
diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch |
231 |
deleted file mode 100644 |
232 |
index 1802d664add..00000000000 |
233 |
--- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch |
234 |
+++ /dev/null |
235 |
@@ -1,250 +0,0 @@ |
236 |
-From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001 |
237 |
-From: Mathy Vanhoef <Mathy.Vanhoef@×××××××××××.be> |
238 |
-Date: Wed, 12 Jul 2017 16:03:24 +0200 |
239 |
-Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key |
240 |
- |
241 |
-Track the current GTK and IGTK that is in use and when receiving a |
242 |
-(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do |
243 |
-not install the given key if it is already in use. This prevents an |
244 |
-attacker from trying to trick the client into resetting or lowering the |
245 |
-sequence counter associated to the group key. |
246 |
- |
247 |
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@×××××××××××.be> |
248 |
---- |
249 |
- src/common/wpa_common.h | 11 +++++ |
250 |
- src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------ |
251 |
- src/rsn_supp/wpa_i.h | 4 ++ |
252 |
- 3 files changed, 87 insertions(+), 44 deletions(-) |
253 |
- |
254 |
-diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h |
255 |
-index af1d0f0..d200285 100644 |
256 |
---- a/src/common/wpa_common.h |
257 |
-+++ b/src/common/wpa_common.h |
258 |
-@@ -217,6 +217,17 @@ struct wpa_ptk { |
259 |
- size_t tk_len; |
260 |
- }; |
261 |
- |
262 |
-+struct wpa_gtk { |
263 |
-+ u8 gtk[WPA_GTK_MAX_LEN]; |
264 |
-+ size_t gtk_len; |
265 |
-+}; |
266 |
-+ |
267 |
-+#ifdef CONFIG_IEEE80211W |
268 |
-+struct wpa_igtk { |
269 |
-+ u8 igtk[WPA_IGTK_MAX_LEN]; |
270 |
-+ size_t igtk_len; |
271 |
-+}; |
272 |
-+#endif /* CONFIG_IEEE80211W */ |
273 |
- |
274 |
- /* WPA IE version 1 |
275 |
- * 00-50-f2:1 (OUI:OUI type) |
276 |
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c |
277 |
-index 3c47879..95bd7be 100644 |
278 |
---- a/src/rsn_supp/wpa.c |
279 |
-+++ b/src/rsn_supp/wpa.c |
280 |
-@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, |
281 |
- const u8 *_gtk = gd->gtk; |
282 |
- u8 gtk_buf[32]; |
283 |
- |
284 |
-+ /* Detect possible key reinstallation */ |
285 |
-+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len && |
286 |
-+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { |
287 |
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
288 |
-+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", |
289 |
-+ gd->keyidx, gd->tx, gd->gtk_len); |
290 |
-+ return 0; |
291 |
-+ } |
292 |
-+ |
293 |
- wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); |
294 |
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
295 |
- "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", |
296 |
-@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, |
297 |
- } |
298 |
- os_memset(gtk_buf, 0, sizeof(gtk_buf)); |
299 |
- |
300 |
-+ sm->gtk.gtk_len = gd->gtk_len; |
301 |
-+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); |
302 |
-+ |
303 |
- return 0; |
304 |
- } |
305 |
- |
306 |
-@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, |
307 |
- } |
308 |
- |
309 |
- |
310 |
-+#ifdef CONFIG_IEEE80211W |
311 |
-+static int wpa_supplicant_install_igtk(struct wpa_sm *sm, |
312 |
-+ const struct wpa_igtk_kde *igtk) |
313 |
-+{ |
314 |
-+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); |
315 |
-+ u16 keyidx = WPA_GET_LE16(igtk->keyid); |
316 |
-+ |
317 |
-+ /* Detect possible key reinstallation */ |
318 |
-+ if (sm->igtk.igtk_len == len && |
319 |
-+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { |
320 |
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
321 |
-+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", |
322 |
-+ keyidx); |
323 |
-+ return 0; |
324 |
-+ } |
325 |
-+ |
326 |
-+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
327 |
-+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", |
328 |
-+ keyidx, MAC2STR(igtk->pn)); |
329 |
-+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); |
330 |
-+ if (keyidx > 4095) { |
331 |
-+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
332 |
-+ "WPA: Invalid IGTK KeyID %d", keyidx); |
333 |
-+ return -1; |
334 |
-+ } |
335 |
-+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), |
336 |
-+ broadcast_ether_addr, |
337 |
-+ keyidx, 0, igtk->pn, sizeof(igtk->pn), |
338 |
-+ igtk->igtk, len) < 0) { |
339 |
-+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
340 |
-+ "WPA: Failed to configure IGTK to the driver"); |
341 |
-+ return -1; |
342 |
-+ } |
343 |
-+ |
344 |
-+ sm->igtk.igtk_len = len; |
345 |
-+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); |
346 |
-+ |
347 |
-+ return 0; |
348 |
-+} |
349 |
-+#endif /* CONFIG_IEEE80211W */ |
350 |
-+ |
351 |
-+ |
352 |
- static int ieee80211w_set_keys(struct wpa_sm *sm, |
353 |
- struct wpa_eapol_ie_parse *ie) |
354 |
- { |
355 |
-@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, |
356 |
- if (ie->igtk) { |
357 |
- size_t len; |
358 |
- const struct wpa_igtk_kde *igtk; |
359 |
-- u16 keyidx; |
360 |
-+ |
361 |
- len = wpa_cipher_key_len(sm->mgmt_group_cipher); |
362 |
- if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) |
363 |
- return -1; |
364 |
-+ |
365 |
- igtk = (const struct wpa_igtk_kde *) ie->igtk; |
366 |
-- keyidx = WPA_GET_LE16(igtk->keyid); |
367 |
-- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " |
368 |
-- "pn %02x%02x%02x%02x%02x%02x", |
369 |
-- keyidx, MAC2STR(igtk->pn)); |
370 |
-- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", |
371 |
-- igtk->igtk, len); |
372 |
-- if (keyidx > 4095) { |
373 |
-- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
374 |
-- "WPA: Invalid IGTK KeyID %d", keyidx); |
375 |
-- return -1; |
376 |
-- } |
377 |
-- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), |
378 |
-- broadcast_ether_addr, |
379 |
-- keyidx, 0, igtk->pn, sizeof(igtk->pn), |
380 |
-- igtk->igtk, len) < 0) { |
381 |
-- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, |
382 |
-- "WPA: Failed to configure IGTK to the driver"); |
383 |
-+ if (wpa_supplicant_install_igtk(sm, igtk) < 0) |
384 |
- return -1; |
385 |
-- } |
386 |
- } |
387 |
- |
388 |
- return 0; |
389 |
-@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm) |
390 |
- */ |
391 |
- void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) |
392 |
- { |
393 |
-- int clear_ptk = 1; |
394 |
-+ int clear_keys = 1; |
395 |
- |
396 |
- if (sm == NULL) |
397 |
- return; |
398 |
-@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) |
399 |
- /* Prepare for the next transition */ |
400 |
- wpa_ft_prepare_auth_request(sm, NULL); |
401 |
- |
402 |
-- clear_ptk = 0; |
403 |
-+ clear_keys = 0; |
404 |
- } |
405 |
- #endif /* CONFIG_IEEE80211R */ |
406 |
- |
407 |
-- if (clear_ptk) { |
408 |
-+ if (clear_keys) { |
409 |
- /* |
410 |
- * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if |
411 |
- * this is not part of a Fast BSS Transition. |
412 |
-@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) |
413 |
- os_memset(&sm->ptk, 0, sizeof(sm->ptk)); |
414 |
- sm->tptk_set = 0; |
415 |
- os_memset(&sm->tptk, 0, sizeof(sm->tptk)); |
416 |
-+ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); |
417 |
-+#ifdef CONFIG_IEEE80211W |
418 |
-+ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); |
419 |
-+#endif /* CONFIG_IEEE80211W */ |
420 |
- } |
421 |
- |
422 |
- #ifdef CONFIG_TDLS |
423 |
-@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) |
424 |
- os_memset(sm->pmk, 0, sizeof(sm->pmk)); |
425 |
- os_memset(&sm->ptk, 0, sizeof(sm->ptk)); |
426 |
- os_memset(&sm->tptk, 0, sizeof(sm->tptk)); |
427 |
-+ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); |
428 |
-+#ifdef CONFIG_IEEE80211W |
429 |
-+ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); |
430 |
-+#endif /* CONFIG_IEEE80211W */ |
431 |
- #ifdef CONFIG_IEEE80211R |
432 |
- os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); |
433 |
- os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); |
434 |
-@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) |
435 |
- os_memset(&gd, 0, sizeof(gd)); |
436 |
- #ifdef CONFIG_IEEE80211W |
437 |
- } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { |
438 |
-- struct wpa_igtk_kde igd; |
439 |
-- u16 keyidx; |
440 |
-- |
441 |
-- os_memset(&igd, 0, sizeof(igd)); |
442 |
-- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); |
443 |
-- os_memcpy(igd.keyid, buf + 2, 2); |
444 |
-- os_memcpy(igd.pn, buf + 4, 6); |
445 |
-- |
446 |
-- keyidx = WPA_GET_LE16(igd.keyid); |
447 |
-- os_memcpy(igd.igtk, buf + 10, keylen); |
448 |
-- |
449 |
-- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", |
450 |
-- igd.igtk, keylen); |
451 |
-- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), |
452 |
-- broadcast_ether_addr, |
453 |
-- keyidx, 0, igd.pn, sizeof(igd.pn), |
454 |
-- igd.igtk, keylen) < 0) { |
455 |
-- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " |
456 |
-- "WNM mode"); |
457 |
-- os_memset(&igd, 0, sizeof(igd)); |
458 |
-+ const struct wpa_igtk_kde *igtk; |
459 |
-+ |
460 |
-+ igtk = (const struct wpa_igtk_kde *) (buf + 2); |
461 |
-+ if (wpa_supplicant_install_igtk(sm, igtk) < 0) |
462 |
- return -1; |
463 |
-- } |
464 |
-- os_memset(&igd, 0, sizeof(igd)); |
465 |
- #endif /* CONFIG_IEEE80211W */ |
466 |
- } else { |
467 |
- wpa_printf(MSG_DEBUG, "Unknown element id"); |
468 |
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h |
469 |
-index f653ba6..afc9e37 100644 |
470 |
---- a/src/rsn_supp/wpa_i.h |
471 |
-+++ b/src/rsn_supp/wpa_i.h |
472 |
-@@ -31,6 +31,10 @@ struct wpa_sm { |
473 |
- u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; |
474 |
- int rx_replay_counter_set; |
475 |
- u8 request_counter[WPA_REPLAY_COUNTER_LEN]; |
476 |
-+ struct wpa_gtk gtk; |
477 |
-+#ifdef CONFIG_IEEE80211W |
478 |
-+ struct wpa_igtk igtk; |
479 |
-+#endif /* CONFIG_IEEE80211W */ |
480 |
- |
481 |
- struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ |
482 |
- |
483 |
--- |
484 |
-2.7.4 |
485 |
- |
486 |
|
487 |
diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch |
488 |
deleted file mode 100644 |
489 |
index e2937b851ad..00000000000 |
490 |
--- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch |
491 |
+++ /dev/null |
492 |
@@ -1,184 +0,0 @@ |
493 |
-From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001 |
494 |
-From: Jouni Malinen <j@××.fi> |
495 |
-Date: Sun, 1 Oct 2017 12:12:24 +0300 |
496 |
-Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep |
497 |
- Mode cases |
498 |
- |
499 |
-This extends the protection to track last configured GTK/IGTK value |
500 |
-separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a |
501 |
-corner case where these two different mechanisms may get used when the |
502 |
-GTK/IGTK has changed and tracking a single value is not sufficient to |
503 |
-detect a possible key reconfiguration. |
504 |
- |
505 |
-Signed-off-by: Jouni Malinen <j@××.fi> |
506 |
---- |
507 |
- src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++--------------- |
508 |
- src/rsn_supp/wpa_i.h | 2 ++ |
509 |
- 2 files changed, 40 insertions(+), 15 deletions(-) |
510 |
- |
511 |
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c |
512 |
-index 95bd7be..7a2c68d 100644 |
513 |
---- a/src/rsn_supp/wpa.c |
514 |
-+++ b/src/rsn_supp/wpa.c |
515 |
-@@ -709,14 +709,17 @@ struct wpa_gtk_data { |
516 |
- |
517 |
- static int wpa_supplicant_install_gtk(struct wpa_sm *sm, |
518 |
- const struct wpa_gtk_data *gd, |
519 |
-- const u8 *key_rsc) |
520 |
-+ const u8 *key_rsc, int wnm_sleep) |
521 |
- { |
522 |
- const u8 *_gtk = gd->gtk; |
523 |
- u8 gtk_buf[32]; |
524 |
- |
525 |
- /* Detect possible key reinstallation */ |
526 |
-- if (sm->gtk.gtk_len == (size_t) gd->gtk_len && |
527 |
-- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { |
528 |
-+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && |
529 |
-+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || |
530 |
-+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && |
531 |
-+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, |
532 |
-+ sm->gtk_wnm_sleep.gtk_len) == 0)) { |
533 |
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
534 |
- "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", |
535 |
- gd->keyidx, gd->tx, gd->gtk_len); |
536 |
-@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, |
537 |
- } |
538 |
- os_memset(gtk_buf, 0, sizeof(gtk_buf)); |
539 |
- |
540 |
-- sm->gtk.gtk_len = gd->gtk_len; |
541 |
-- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); |
542 |
-+ if (wnm_sleep) { |
543 |
-+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; |
544 |
-+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, |
545 |
-+ sm->gtk_wnm_sleep.gtk_len); |
546 |
-+ } else { |
547 |
-+ sm->gtk.gtk_len = gd->gtk_len; |
548 |
-+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); |
549 |
-+ } |
550 |
- |
551 |
- return 0; |
552 |
- } |
553 |
-@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, |
554 |
- (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, |
555 |
- gtk_len, gtk_len, |
556 |
- &gd.key_rsc_len, &gd.alg) || |
557 |
-- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) { |
558 |
-+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) { |
559 |
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
560 |
- "RSN: Failed to install GTK"); |
561 |
- os_memset(&gd, 0, sizeof(gd)); |
562 |
-@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, |
563 |
- |
564 |
- #ifdef CONFIG_IEEE80211W |
565 |
- static int wpa_supplicant_install_igtk(struct wpa_sm *sm, |
566 |
-- const struct wpa_igtk_kde *igtk) |
567 |
-+ const struct wpa_igtk_kde *igtk, |
568 |
-+ int wnm_sleep) |
569 |
- { |
570 |
- size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); |
571 |
- u16 keyidx = WPA_GET_LE16(igtk->keyid); |
572 |
- |
573 |
- /* Detect possible key reinstallation */ |
574 |
-- if (sm->igtk.igtk_len == len && |
575 |
-- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { |
576 |
-+ if ((sm->igtk.igtk_len == len && |
577 |
-+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || |
578 |
-+ (sm->igtk_wnm_sleep.igtk_len == len && |
579 |
-+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, |
580 |
-+ sm->igtk_wnm_sleep.igtk_len) == 0)) { |
581 |
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
582 |
- "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", |
583 |
- keyidx); |
584 |
-@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm, |
585 |
- return -1; |
586 |
- } |
587 |
- |
588 |
-- sm->igtk.igtk_len = len; |
589 |
-- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); |
590 |
-+ if (wnm_sleep) { |
591 |
-+ sm->igtk_wnm_sleep.igtk_len = len; |
592 |
-+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, |
593 |
-+ sm->igtk_wnm_sleep.igtk_len); |
594 |
-+ } else { |
595 |
-+ sm->igtk.igtk_len = len; |
596 |
-+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); |
597 |
-+ } |
598 |
- |
599 |
- return 0; |
600 |
- } |
601 |
-@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, |
602 |
- return -1; |
603 |
- |
604 |
- igtk = (const struct wpa_igtk_kde *) ie->igtk; |
605 |
-- if (wpa_supplicant_install_igtk(sm, igtk) < 0) |
606 |
-+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) |
607 |
- return -1; |
608 |
- } |
609 |
- |
610 |
-@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, |
611 |
- if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) |
612 |
- key_rsc = null_rsc; |
613 |
- |
614 |
-- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) || |
615 |
-+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || |
616 |
- wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) |
617 |
- goto failed; |
618 |
- os_memset(&gd, 0, sizeof(gd)); |
619 |
-@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) |
620 |
- sm->tptk_set = 0; |
621 |
- os_memset(&sm->tptk, 0, sizeof(sm->tptk)); |
622 |
- os_memset(&sm->gtk, 0, sizeof(sm->gtk)); |
623 |
-+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); |
624 |
- #ifdef CONFIG_IEEE80211W |
625 |
- os_memset(&sm->igtk, 0, sizeof(sm->igtk)); |
626 |
-+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); |
627 |
- #endif /* CONFIG_IEEE80211W */ |
628 |
- } |
629 |
- |
630 |
-@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) |
631 |
- os_memset(&sm->ptk, 0, sizeof(sm->ptk)); |
632 |
- os_memset(&sm->tptk, 0, sizeof(sm->tptk)); |
633 |
- os_memset(&sm->gtk, 0, sizeof(sm->gtk)); |
634 |
-+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); |
635 |
- #ifdef CONFIG_IEEE80211W |
636 |
- os_memset(&sm->igtk, 0, sizeof(sm->igtk)); |
637 |
-+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); |
638 |
- #endif /* CONFIG_IEEE80211W */ |
639 |
- #ifdef CONFIG_IEEE80211R |
640 |
- os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); |
641 |
-@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) |
642 |
- |
643 |
- wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", |
644 |
- gd.gtk, gd.gtk_len); |
645 |
-- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { |
646 |
-+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { |
647 |
- os_memset(&gd, 0, sizeof(gd)); |
648 |
- wpa_printf(MSG_DEBUG, "Failed to install the GTK in " |
649 |
- "WNM mode"); |
650 |
-@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) |
651 |
- const struct wpa_igtk_kde *igtk; |
652 |
- |
653 |
- igtk = (const struct wpa_igtk_kde *) (buf + 2); |
654 |
-- if (wpa_supplicant_install_igtk(sm, igtk) < 0) |
655 |
-+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) |
656 |
- return -1; |
657 |
- #endif /* CONFIG_IEEE80211W */ |
658 |
- } else { |
659 |
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h |
660 |
-index afc9e37..9a54631 100644 |
661 |
---- a/src/rsn_supp/wpa_i.h |
662 |
-+++ b/src/rsn_supp/wpa_i.h |
663 |
-@@ -32,8 +32,10 @@ struct wpa_sm { |
664 |
- int rx_replay_counter_set; |
665 |
- u8 request_counter[WPA_REPLAY_COUNTER_LEN]; |
666 |
- struct wpa_gtk gtk; |
667 |
-+ struct wpa_gtk gtk_wnm_sleep; |
668 |
- #ifdef CONFIG_IEEE80211W |
669 |
- struct wpa_igtk igtk; |
670 |
-+ struct wpa_igtk igtk_wnm_sleep; |
671 |
- #endif /* CONFIG_IEEE80211W */ |
672 |
- |
673 |
- struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ |
674 |
--- |
675 |
-2.7.4 |
676 |
- |
677 |
|
678 |
diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch |
679 |
deleted file mode 100644 |
680 |
index 22ee217947d..00000000000 |
681 |
--- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch |
682 |
+++ /dev/null |
683 |
@@ -1,79 +0,0 @@ |
684 |
-From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001 |
685 |
-From: Mathy Vanhoef <Mathy.Vanhoef@×××××××××××.be> |
686 |
-Date: Fri, 29 Sep 2017 04:22:51 +0200 |
687 |
-Subject: [PATCH 4/8] Prevent installation of an all-zero TK |
688 |
- |
689 |
-Properly track whether a PTK has already been installed to the driver |
690 |
-and the TK part cleared from memory. This prevents an attacker from |
691 |
-trying to trick the client into installing an all-zero TK. |
692 |
- |
693 |
-This fixes the earlier fix in commit |
694 |
-ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the |
695 |
-driver in EAPOL-Key 3/4 retry case') which did not take into account |
696 |
-possibility of an extra message 1/4 showing up between retries of |
697 |
-message 3/4. |
698 |
- |
699 |
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@×××××××××××.be> |
700 |
---- |
701 |
- src/common/wpa_common.h | 1 + |
702 |
- src/rsn_supp/wpa.c | 5 ++--- |
703 |
- src/rsn_supp/wpa_i.h | 1 - |
704 |
- 3 files changed, 3 insertions(+), 4 deletions(-) |
705 |
- |
706 |
-diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h |
707 |
-index d200285..1021ccb 100644 |
708 |
---- a/src/common/wpa_common.h |
709 |
-+++ b/src/common/wpa_common.h |
710 |
-@@ -215,6 +215,7 @@ struct wpa_ptk { |
711 |
- size_t kck_len; |
712 |
- size_t kek_len; |
713 |
- size_t tk_len; |
714 |
-+ int installed; /* 1 if key has already been installed to driver */ |
715 |
- }; |
716 |
- |
717 |
- struct wpa_gtk { |
718 |
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c |
719 |
-index 7a2c68d..0550a41 100644 |
720 |
---- a/src/rsn_supp/wpa.c |
721 |
-+++ b/src/rsn_supp/wpa.c |
722 |
-@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, |
723 |
- os_memset(buf, 0, sizeof(buf)); |
724 |
- } |
725 |
- sm->tptk_set = 1; |
726 |
-- sm->tk_to_set = 1; |
727 |
- |
728 |
- kde = sm->assoc_wpa_ie; |
729 |
- kde_len = sm->assoc_wpa_ie_len; |
730 |
-@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, |
731 |
- enum wpa_alg alg; |
732 |
- const u8 *key_rsc; |
733 |
- |
734 |
-- if (!sm->tk_to_set) { |
735 |
-+ if (sm->ptk.installed) { |
736 |
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
737 |
- "WPA: Do not re-install same PTK to the driver"); |
738 |
- return 0; |
739 |
-@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, |
740 |
- |
741 |
- /* TK is not needed anymore in supplicant */ |
742 |
- os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); |
743 |
-- sm->tk_to_set = 0; |
744 |
-+ sm->ptk.installed = 1; |
745 |
- |
746 |
- if (sm->wpa_ptk_rekey) { |
747 |
- eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); |
748 |
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h |
749 |
-index 9a54631..41f371f 100644 |
750 |
---- a/src/rsn_supp/wpa_i.h |
751 |
-+++ b/src/rsn_supp/wpa_i.h |
752 |
-@@ -24,7 +24,6 @@ struct wpa_sm { |
753 |
- struct wpa_ptk ptk, tptk; |
754 |
- int ptk_set, tptk_set; |
755 |
- unsigned int msg_3_of_4_ok:1; |
756 |
-- unsigned int tk_to_set:1; |
757 |
- u8 snonce[WPA_NONCE_LEN]; |
758 |
- u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ |
759 |
- int renew_snonce; |
760 |
--- |
761 |
-2.7.4 |
762 |
- |
763 |
|
764 |
diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch |
765 |
deleted file mode 100644 |
766 |
index c19c4c71023..00000000000 |
767 |
--- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch |
768 |
+++ /dev/null |
769 |
@@ -1,64 +0,0 @@ |
770 |
-From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001 |
771 |
-From: Jouni Malinen <j@××.fi> |
772 |
-Date: Sun, 1 Oct 2017 12:32:57 +0300 |
773 |
-Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce |
774 |
- |
775 |
-The Authenticator state machine path for PTK rekeying ended up bypassing |
776 |
-the AUTHENTICATION2 state where a new ANonce is generated when going |
777 |
-directly to the PTKSTART state since there is no need to try to |
778 |
-determine the PMK again in such a case. This is far from ideal since the |
779 |
-new PTK would depend on a new nonce only from the supplicant. |
780 |
- |
781 |
-Fix this by generating a new ANonce when moving to the PTKSTART state |
782 |
-for the purpose of starting new 4-way handshake to rekey PTK. |
783 |
- |
784 |
-Signed-off-by: Jouni Malinen <j@××.fi> |
785 |
---- |
786 |
- src/ap/wpa_auth.c | 24 +++++++++++++++++++++--- |
787 |
- 1 file changed, 21 insertions(+), 3 deletions(-) |
788 |
- |
789 |
-diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c |
790 |
-index 707971d..bf10cc1 100644 |
791 |
---- a/src/ap/wpa_auth.c |
792 |
-+++ b/src/ap/wpa_auth.c |
793 |
-@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) |
794 |
- } |
795 |
- |
796 |
- |
797 |
-+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) |
798 |
-+{ |
799 |
-+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { |
800 |
-+ wpa_printf(MSG_ERROR, |
801 |
-+ "WPA: Failed to get random data for ANonce"); |
802 |
-+ sm->Disconnect = TRUE; |
803 |
-+ return -1; |
804 |
-+ } |
805 |
-+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, |
806 |
-+ WPA_NONCE_LEN); |
807 |
-+ sm->TimeoutCtr = 0; |
808 |
-+ return 0; |
809 |
-+} |
810 |
-+ |
811 |
-+ |
812 |
- SM_STATE(WPA_PTK, INITPMK) |
813 |
- { |
814 |
- u8 msk[2 * PMK_LEN]; |
815 |
-@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK) |
816 |
- SM_ENTER(WPA_PTK, AUTHENTICATION); |
817 |
- else if (sm->ReAuthenticationRequest) |
818 |
- SM_ENTER(WPA_PTK, AUTHENTICATION2); |
819 |
-- else if (sm->PTKRequest) |
820 |
-- SM_ENTER(WPA_PTK, PTKSTART); |
821 |
-- else switch (sm->wpa_ptk_state) { |
822 |
-+ else if (sm->PTKRequest) { |
823 |
-+ if (wpa_auth_sm_ptk_update(sm) < 0) |
824 |
-+ SM_ENTER(WPA_PTK, DISCONNECTED); |
825 |
-+ else |
826 |
-+ SM_ENTER(WPA_PTK, PTKSTART); |
827 |
-+ } else switch (sm->wpa_ptk_state) { |
828 |
- case WPA_PTK_INITIALIZE: |
829 |
- break; |
830 |
- case WPA_PTK_DISCONNECT: |
831 |
--- |
832 |
-2.7.4 |
833 |
- |
834 |
|
835 |
diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch |
836 |
deleted file mode 100644 |
837 |
index e1bd5a57262..00000000000 |
838 |
--- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch |
839 |
+++ /dev/null |
840 |
@@ -1,132 +0,0 @@ |
841 |
-From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001 |
842 |
-From: Jouni Malinen <j@××.fi> |
843 |
-Date: Fri, 22 Sep 2017 11:03:15 +0300 |
844 |
-Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration |
845 |
- |
846 |
-Do not try to reconfigure the same TPK-TK to the driver after it has |
847 |
-been successfully configured. This is an explicit check to avoid issues |
848 |
-related to resetting the TX/RX packet number. There was already a check |
849 |
-for this for TPK M2 (retries of that message are ignored completely), so |
850 |
-that behavior does not get modified. |
851 |
- |
852 |
-For TPK M3, the TPK-TK could have been reconfigured, but that was |
853 |
-followed by immediate teardown of the link due to an issue in updating |
854 |
-the STA entry. Furthermore, for TDLS with any real security (i.e., |
855 |
-ignoring open/WEP), the TPK message exchange is protected on the AP path |
856 |
-and simple replay attacks are not feasible. |
857 |
- |
858 |
-As an additional corner case, make sure the local nonce gets updated if |
859 |
-the peer uses a very unlikely "random nonce" of all zeros. |
860 |
- |
861 |
-Signed-off-by: Jouni Malinen <j@××.fi> |
862 |
---- |
863 |
- src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++-- |
864 |
- 1 file changed, 36 insertions(+), 2 deletions(-) |
865 |
- |
866 |
-diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c |
867 |
-index e424168..9eb9738 100644 |
868 |
---- a/src/rsn_supp/tdls.c |
869 |
-+++ b/src/rsn_supp/tdls.c |
870 |
-@@ -112,6 +112,7 @@ struct wpa_tdls_peer { |
871 |
- u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */ |
872 |
- } tpk; |
873 |
- int tpk_set; |
874 |
-+ int tk_set; /* TPK-TK configured to the driver */ |
875 |
- int tpk_success; |
876 |
- int tpk_in_progress; |
877 |
- |
878 |
-@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) |
879 |
- u8 rsc[6]; |
880 |
- enum wpa_alg alg; |
881 |
- |
882 |
-+ if (peer->tk_set) { |
883 |
-+ /* |
884 |
-+ * This same TPK-TK has already been configured to the driver |
885 |
-+ * and this new configuration attempt (likely due to an |
886 |
-+ * unexpected retransmitted frame) would result in clearing |
887 |
-+ * the TX/RX sequence number which can break security, so must |
888 |
-+ * not allow that to happen. |
889 |
-+ */ |
890 |
-+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR |
891 |
-+ " has already been configured to the driver - do not reconfigure", |
892 |
-+ MAC2STR(peer->addr)); |
893 |
-+ return -1; |
894 |
-+ } |
895 |
-+ |
896 |
- os_memset(rsc, 0, 6); |
897 |
- |
898 |
- switch (peer->cipher) { |
899 |
-@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) |
900 |
- return -1; |
901 |
- } |
902 |
- |
903 |
-+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR, |
904 |
-+ MAC2STR(peer->addr)); |
905 |
- if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1, |
906 |
- rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) { |
907 |
- wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the " |
908 |
- "driver"); |
909 |
- return -1; |
910 |
- } |
911 |
-+ peer->tk_set = 1; |
912 |
- return 0; |
913 |
- } |
914 |
- |
915 |
-@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer) |
916 |
- peer->cipher = 0; |
917 |
- peer->qos_info = 0; |
918 |
- peer->wmm_capable = 0; |
919 |
-- peer->tpk_set = peer->tpk_success = 0; |
920 |
-+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0; |
921 |
- peer->chan_switch_enabled = 0; |
922 |
- os_memset(&peer->tpk, 0, sizeof(peer->tpk)); |
923 |
- os_memset(peer->inonce, 0, WPA_NONCE_LEN); |
924 |
-@@ -1159,6 +1177,7 @@ skip_rsnie: |
925 |
- wpa_tdls_peer_free(sm, peer); |
926 |
- return -1; |
927 |
- } |
928 |
-+ peer->tk_set = 0; /* A new nonce results in a new TK */ |
929 |
- wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake", |
930 |
- peer->inonce, WPA_NONCE_LEN); |
931 |
- os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN); |
932 |
-@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer, |
933 |
- } |
934 |
- |
935 |
- |
936 |
-+static int tdls_nonce_set(const u8 *nonce) |
937 |
-+{ |
938 |
-+ int i; |
939 |
-+ |
940 |
-+ for (i = 0; i < WPA_NONCE_LEN; i++) { |
941 |
-+ if (nonce[i]) |
942 |
-+ return 1; |
943 |
-+ } |
944 |
-+ |
945 |
-+ return 0; |
946 |
-+} |
947 |
-+ |
948 |
-+ |
949 |
- static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr, |
950 |
- const u8 *buf, size_t len) |
951 |
- { |
952 |
-@@ -2004,7 +2036,8 @@ skip_rsn: |
953 |
- peer->rsnie_i_len = kde.rsn_ie_len; |
954 |
- peer->cipher = cipher; |
955 |
- |
956 |
-- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) { |
957 |
-+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 || |
958 |
-+ !tdls_nonce_set(peer->inonce)) { |
959 |
- /* |
960 |
- * There is no point in updating the RNonce for every obtained |
961 |
- * TPK M1 frame (e.g., retransmission due to timeout) with the |
962 |
-@@ -2020,6 +2053,7 @@ skip_rsn: |
963 |
- "TDLS: Failed to get random data for responder nonce"); |
964 |
- goto error; |
965 |
- } |
966 |
-+ peer->tk_set = 0; /* A new nonce results in a new TK */ |
967 |
- } |
968 |
- |
969 |
- #if 0 |
970 |
--- |
971 |
-2.7.4 |
972 |
- |
973 |
|
974 |
diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch |
975 |
deleted file mode 100644 |
976 |
index b9678f6815a..00000000000 |
977 |
--- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch |
978 |
+++ /dev/null |
979 |
@@ -1,82 +0,0 @@ |
980 |
-From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001 |
981 |
-From: Jouni Malinen <j@××.fi> |
982 |
-Date: Fri, 22 Sep 2017 12:06:37 +0300 |
983 |
-Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames |
984 |
- |
985 |
-The driver is expected to not report a second association event without |
986 |
-the station having explicitly request a new association. As such, this |
987 |
-case should not be reachable. However, since reconfiguring the same |
988 |
-pairwise or group keys to the driver could result in nonce reuse issues, |
989 |
-be extra careful here and do an additional state check to avoid this |
990 |
-even if the local driver ends up somehow accepting an unexpected |
991 |
-Reassociation Response frame. |
992 |
- |
993 |
-Signed-off-by: Jouni Malinen <j@××.fi> |
994 |
---- |
995 |
- src/rsn_supp/wpa.c | 3 +++ |
996 |
- src/rsn_supp/wpa_ft.c | 8 ++++++++ |
997 |
- src/rsn_supp/wpa_i.h | 1 + |
998 |
- 3 files changed, 12 insertions(+) |
999 |
- |
1000 |
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c |
1001 |
-index 0550a41..2a53c6f 100644 |
1002 |
---- a/src/rsn_supp/wpa.c |
1003 |
-+++ b/src/rsn_supp/wpa.c |
1004 |
-@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) |
1005 |
- #ifdef CONFIG_TDLS |
1006 |
- wpa_tdls_disassoc(sm); |
1007 |
- #endif /* CONFIG_TDLS */ |
1008 |
-+#ifdef CONFIG_IEEE80211R |
1009 |
-+ sm->ft_reassoc_completed = 0; |
1010 |
-+#endif /* CONFIG_IEEE80211R */ |
1011 |
- |
1012 |
- /* Keys are not needed in the WPA state machine anymore */ |
1013 |
- wpa_sm_drop_sa(sm); |
1014 |
-diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c |
1015 |
-index 205793e..d45bb45 100644 |
1016 |
---- a/src/rsn_supp/wpa_ft.c |
1017 |
-+++ b/src/rsn_supp/wpa_ft.c |
1018 |
-@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, |
1019 |
- u16 capab; |
1020 |
- |
1021 |
- sm->ft_completed = 0; |
1022 |
-+ sm->ft_reassoc_completed = 0; |
1023 |
- |
1024 |
- buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + |
1025 |
- 2 + sm->r0kh_id_len + ric_ies_len + 100; |
1026 |
-@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, |
1027 |
- return -1; |
1028 |
- } |
1029 |
- |
1030 |
-+ if (sm->ft_reassoc_completed) { |
1031 |
-+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); |
1032 |
-+ return 0; |
1033 |
-+ } |
1034 |
-+ |
1035 |
- if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { |
1036 |
- wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); |
1037 |
- return -1; |
1038 |
-@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, |
1039 |
- return -1; |
1040 |
- } |
1041 |
- |
1042 |
-+ sm->ft_reassoc_completed = 1; |
1043 |
-+ |
1044 |
- if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) |
1045 |
- return -1; |
1046 |
- |
1047 |
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h |
1048 |
-index 41f371f..56f88dc 100644 |
1049 |
---- a/src/rsn_supp/wpa_i.h |
1050 |
-+++ b/src/rsn_supp/wpa_i.h |
1051 |
-@@ -128,6 +128,7 @@ struct wpa_sm { |
1052 |
- size_t r0kh_id_len; |
1053 |
- u8 r1kh_id[FT_R1KH_ID_LEN]; |
1054 |
- int ft_completed; |
1055 |
-+ int ft_reassoc_completed; |
1056 |
- int over_the_ds_in_progress; |
1057 |
- u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ |
1058 |
- int set_ptk_after_assoc; |
1059 |
--- |
1060 |
-2.7.4 |
1061 |
- |
1062 |
|
1063 |
diff --git a/net-wireless/hostapd/files/hostapd-2.6-libressl-compatibility.patch b/net-wireless/hostapd/files/hostapd-2.6-libressl-compatibility.patch |
1064 |
deleted file mode 100644 |
1065 |
index 025da58028d..00000000000 |
1066 |
--- a/net-wireless/hostapd/files/hostapd-2.6-libressl-compatibility.patch |
1067 |
+++ /dev/null |
1068 |
@@ -1,106 +0,0 @@ |
1069 |
-diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c |
1070 |
-index 19e0e2be8..6585c0245 100644 |
1071 |
---- a/src/crypto/crypto_openssl.c |
1072 |
-+++ b/src/crypto/crypto_openssl.c |
1073 |
-@@ -33,7 +33,9 @@ |
1074 |
- #include "aes_wrap.h" |
1075 |
- #include "crypto.h" |
1076 |
- |
1077 |
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
1078 |
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ |
1079 |
-+ (defined(LIBRESSL_VERSION_NUMBER) && \ |
1080 |
-+ LIBRESSL_VERSION_NUMBER < 0x20700000L) |
1081 |
- /* Compatibility wrappers for older versions. */ |
1082 |
- |
1083 |
- static HMAC_CTX * HMAC_CTX_new(void) |
1084 |
-@@ -79,7 +81,9 @@ static void EVP_MD_CTX_free(EVP_MD_CTX *ctx) |
1085 |
- |
1086 |
- static BIGNUM * get_group5_prime(void) |
1087 |
- { |
1088 |
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
1089 |
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \ |
1090 |
-+ !(defined(LIBRESSL_VERSION_NUMBER) && \ |
1091 |
-+ LIBRESSL_VERSION_NUMBER < 0x20700000L) |
1092 |
- return BN_get_rfc3526_prime_1536(NULL); |
1093 |
- #elif !defined(OPENSSL_IS_BORINGSSL) |
1094 |
- return get_rfc3526_prime_1536(NULL); |
1095 |
-@@ -611,7 +615,9 @@ void crypto_cipher_deinit(struct crypto_cipher *ctx) |
1096 |
- |
1097 |
- void * dh5_init(struct wpabuf **priv, struct wpabuf **publ) |
1098 |
- { |
1099 |
--#if OPENSSL_VERSION_NUMBER < 0x10100000L |
1100 |
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ |
1101 |
-+ (defined(LIBRESSL_VERSION_NUMBER) && \ |
1102 |
-+ LIBRESSL_VERSION_NUMBER < 0x20700000L) |
1103 |
- DH *dh; |
1104 |
- struct wpabuf *pubkey = NULL, *privkey = NULL; |
1105 |
- size_t publen, privlen; |
1106 |
-@@ -712,7 +718,9 @@ err: |
1107 |
- |
1108 |
- void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ) |
1109 |
- { |
1110 |
--#if OPENSSL_VERSION_NUMBER < 0x10100000L |
1111 |
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ |
1112 |
-+ (defined(LIBRESSL_VERSION_NUMBER) && \ |
1113 |
-+ LIBRESSL_VERSION_NUMBER < 0x20700000L) |
1114 |
- DH *dh; |
1115 |
- |
1116 |
- dh = DH_new(); |
1117 |
-diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c |
1118 |
-index 23ac64b48..91acc579d 100644 |
1119 |
---- a/src/crypto/tls_openssl.c |
1120 |
-+++ b/src/crypto/tls_openssl.c |
1121 |
-@@ -59,7 +59,8 @@ typedef int stack_index_t; |
1122 |
- #endif /* SSL_set_tlsext_status_type */ |
1123 |
- |
1124 |
- #if (OPENSSL_VERSION_NUMBER < 0x10100000L || \ |
1125 |
-- defined(LIBRESSL_VERSION_NUMBER)) && \ |
1126 |
-+ (defined(LIBRESSL_VERSION_NUMBER) && \ |
1127 |
-+ LIBRESSL_VERSION_NUMBER < 0x20700000L)) && \ |
1128 |
- !defined(BORINGSSL_API_VERSION) |
1129 |
- /* |
1130 |
- * SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL |
1131 |
-@@ -919,7 +920,9 @@ void * tls_init(const struct tls_config *conf) |
1132 |
- } |
1133 |
- #endif /* OPENSSL_FIPS */ |
1134 |
- #endif /* CONFIG_FIPS */ |
1135 |
--#if OPENSSL_VERSION_NUMBER < 0x10100000L |
1136 |
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ |
1137 |
-+ (defined(LIBRESSL_VERSION_NUMBER) && \ |
1138 |
-+ LIBRESSL_VERSION_NUMBER < 0x20700000L) |
1139 |
- SSL_load_error_strings(); |
1140 |
- SSL_library_init(); |
1141 |
- #ifndef OPENSSL_NO_SHA256 |
1142 |
-@@ -1043,7 +1046,9 @@ void tls_deinit(void *ssl_ctx) |
1143 |
- |
1144 |
- tls_openssl_ref_count--; |
1145 |
- if (tls_openssl_ref_count == 0) { |
1146 |
--#if OPENSSL_VERSION_NUMBER < 0x10100000L |
1147 |
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ |
1148 |
-+ (defined(LIBRESSL_VERSION_NUMBER) && \ |
1149 |
-+ LIBRESSL_VERSION_NUMBER < 0x20700000L) |
1150 |
- #ifndef OPENSSL_NO_ENGINE |
1151 |
- ENGINE_cleanup(); |
1152 |
- #endif /* OPENSSL_NO_ENGINE */ |
1153 |
-@@ -3105,7 +3110,9 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn, |
1154 |
- #ifdef OPENSSL_NEED_EAP_FAST_PRF |
1155 |
- static int openssl_get_keyblock_size(SSL *ssl) |
1156 |
- { |
1157 |
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
1158 |
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ |
1159 |
-+ (defined(LIBRESSL_VERSION_NUMBER) && \ |
1160 |
-+ LIBRESSL_VERSION_NUMBER < 0x20700000L) |
1161 |
- const EVP_CIPHER *c; |
1162 |
- const EVP_MD *h; |
1163 |
- int md_size; |
1164 |
-@@ -4159,7 +4166,9 @@ static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len, |
1165 |
- struct tls_connection *conn = arg; |
1166 |
- int ret; |
1167 |
- |
1168 |
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
1169 |
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ |
1170 |
-+ (defined(LIBRESSL_VERSION_NUMBER) && \ |
1171 |
-+ LIBRESSL_VERSION_NUMBER < 0x20700000L) |
1172 |
- if (conn == NULL || conn->session_ticket_cb == NULL) |
1173 |
- return 0; |
1174 |
- |
1175 |
|
1176 |
diff --git a/net-wireless/hostapd/files/hostapd-conf.d b/net-wireless/hostapd/files/hostapd-conf.d |
1177 |
deleted file mode 100644 |
1178 |
index 7d05735eb3b..00000000000 |
1179 |
--- a/net-wireless/hostapd/files/hostapd-conf.d |
1180 |
+++ /dev/null |
1181 |
@@ -1,9 +0,0 @@ |
1182 |
-# Space separated List of interfaces which needs to be started before |
1183 |
-# hostapd |
1184 |
-INTERFACES="wlan0" |
1185 |
- |
1186 |
-# Space separated list of configuration files |
1187 |
-CONFIGS="/etc/hostapd/hostapd.conf" |
1188 |
- |
1189 |
-# Extra options to pass to hostapd, see hostapd(8) |
1190 |
-OPTIONS="" |
1191 |
|
1192 |
diff --git a/net-wireless/hostapd/files/hostapd-init.d b/net-wireless/hostapd/files/hostapd-init.d |
1193 |
deleted file mode 100644 |
1194 |
index 3c0fdc9e843..00000000000 |
1195 |
--- a/net-wireless/hostapd/files/hostapd-init.d |
1196 |
+++ /dev/null |
1197 |
@@ -1,38 +0,0 @@ |
1198 |
-#!/sbin/openrc-run |
1199 |
-# Copyright 1999-2014 Gentoo Foundation |
1200 |
-# Distributed under the terms of the GNU General Public License v2 |
1201 |
- |
1202 |
-pidfile="/run/${SVCNAME}.pid" |
1203 |
-command="/usr/sbin/hostapd" |
1204 |
-command_args="-P ${pidfile} -B ${OPTIONS} ${CONFIGS}" |
1205 |
- |
1206 |
-extra_started_commands="reload" |
1207 |
- |
1208 |
-depend() { |
1209 |
- local myneeds= |
1210 |
- for iface in ${INTERFACES}; do |
1211 |
- myneeds="${myneeds} net.${iface}" |
1212 |
- done |
1213 |
- |
1214 |
- [ -n "${myneeds}" ] && need ${myneeds} |
1215 |
- use logger |
1216 |
-} |
1217 |
- |
1218 |
-start_pre() { |
1219 |
- local file |
1220 |
- |
1221 |
- for file in ${CONFIGS}; do |
1222 |
- if [ ! -r "${file}" ]; then |
1223 |
- eerror "hostapd configuration file (${CONFIG}) not found" |
1224 |
- return 1 |
1225 |
- fi |
1226 |
- done |
1227 |
-} |
1228 |
- |
1229 |
-reload() { |
1230 |
- start_pre || return 1 |
1231 |
- |
1232 |
- ebegin "Reloading ${SVCNAME} configuration" |
1233 |
- kill -HUP $(cat ${pidfile}) > /dev/null 2>&1 |
1234 |
- eend $? |
1235 |
-} |
1236 |
|
1237 |
diff --git a/net-wireless/hostapd/files/hostapd.service b/net-wireless/hostapd/files/hostapd.service |
1238 |
deleted file mode 100644 |
1239 |
index 8f0ee8e8f74..00000000000 |
1240 |
--- a/net-wireless/hostapd/files/hostapd.service |
1241 |
+++ /dev/null |
1242 |
@@ -1,9 +0,0 @@ |
1243 |
-[Unit] |
1244 |
-Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator |
1245 |
-After=network.target |
1246 |
- |
1247 |
-[Service] |
1248 |
-ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd.conf |
1249 |
- |
1250 |
-[Install] |
1251 |
-WantedBy=multi-user.target |
1252 |
|
1253 |
diff --git a/net-wireless/hostapd/hostapd-2.6-r4.ebuild b/net-wireless/hostapd/hostapd-2.6-r4.ebuild |
1254 |
deleted file mode 100644 |
1255 |
index 6f00dd91246..00000000000 |
1256 |
--- a/net-wireless/hostapd/hostapd-2.6-r4.ebuild |
1257 |
+++ /dev/null |
1258 |
@@ -1,253 +0,0 @@ |
1259 |
-# Copyright 1999-2018 Gentoo Foundation |
1260 |
-# Distributed under the terms of the GNU General Public License v2 |
1261 |
- |
1262 |
-EAPI="6" |
1263 |
- |
1264 |
-inherit toolchain-funcs eutils systemd savedconfig |
1265 |
- |
1266 |
-DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon" |
1267 |
-HOMEPAGE="http://hostap.epitest.fi" |
1268 |
-SRC_URI="http://hostap.epitest.fi/releases/${P}.tar.gz" |
1269 |
- |
1270 |
-LICENSE="BSD" |
1271 |
-SLOT="0" |
1272 |
-KEYWORDS="amd64 arm ~mips ppc x86" |
1273 |
-IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda" |
1274 |
- |
1275 |
-DEPEND=" |
1276 |
- libressl? ( dev-libs/libressl:0= ) |
1277 |
- !libressl? ( |
1278 |
- internal-tls? ( dev-libs/libtommath ) |
1279 |
- !internal-tls? ( dev-libs/openssl:0=[-bindist] ) |
1280 |
- ) |
1281 |
- kernel_linux? ( |
1282 |
- dev-libs/libnl:3 |
1283 |
- crda? ( net-wireless/crda ) |
1284 |
- ) |
1285 |
- netlink? ( net-libs/libnfnetlink ) |
1286 |
- sqlite? ( >=dev-db/sqlite-3 )" |
1287 |
- |
1288 |
-RDEPEND="${DEPEND}" |
1289 |
- |
1290 |
-S="${S}/${PN}" |
1291 |
- |
1292 |
-pkg_pretend() { |
1293 |
- if use internal-tls; then |
1294 |
- if use libressl; then |
1295 |
- elog "libressl flag takes precedence over internal-tls" |
1296 |
- else |
1297 |
- ewarn "internal-tls implementation is experimental and provides fewer features" |
1298 |
- fi |
1299 |
- fi |
1300 |
-} |
1301 |
- |
1302 |
-src_prepare() { |
1303 |
- # Allow users to apply patches to src/drivers for example, |
1304 |
- # i.e. anything outside ${S}/${PN} |
1305 |
- pushd ../ >/dev/null || die |
1306 |
- |
1307 |
- # Add LibreSSL compatibility patch bug (#567262) |
1308 |
- eapply "${FILESDIR}/${P}-libressl-compatibility.patch" |
1309 |
- |
1310 |
- # https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt |
1311 |
- eapply "${FILESDIR}/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch" |
1312 |
- eapply "${FILESDIR}/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch" |
1313 |
- eapply "${FILESDIR}/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch" |
1314 |
- eapply "${FILESDIR}/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch" |
1315 |
- eapply "${FILESDIR}/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch" |
1316 |
- eapply "${FILESDIR}/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch" |
1317 |
- eapply "${FILESDIR}/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch" |
1318 |
- default |
1319 |
- popd >/dev/null || die |
1320 |
- |
1321 |
- sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ |
1322 |
- "${S}/hostapd.conf" || die |
1323 |
- |
1324 |
-} |
1325 |
- |
1326 |
-src_configure() { |
1327 |
- local CONFIG="${S}/.config" |
1328 |
- |
1329 |
- restore_config "${CONFIG}" |
1330 |
- if [[ -f "${CONFIG}" ]]; then |
1331 |
- default_src_configure |
1332 |
- return 0 |
1333 |
- fi |
1334 |
- |
1335 |
- # toolchain setup |
1336 |
- echo "CC = $(tc-getCC)" > ${CONFIG} |
1337 |
- |
1338 |
- # EAP authentication methods |
1339 |
- echo "CONFIG_EAP=y" >> ${CONFIG} |
1340 |
- echo "CONFIG_ERP=y" >> ${CONFIG} |
1341 |
- echo "CONFIG_EAP_MD5=y" >> ${CONFIG} |
1342 |
- |
1343 |
- if use internal-tls && ! use libressl; then |
1344 |
- echo "CONFIG_TLS=internal" >> ${CONFIG} |
1345 |
- else |
1346 |
- # SSL authentication methods |
1347 |
- echo "CONFIG_EAP_FAST=y" >> ${CONFIG} |
1348 |
- echo "CONFIG_EAP_TLS=y" >> ${CONFIG} |
1349 |
- echo "CONFIG_EAP_TTLS=y" >> ${CONFIG} |
1350 |
- echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG} |
1351 |
- echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} |
1352 |
- echo "CONFIG_TLSV11=y" >> ${CONFIG} |
1353 |
- echo "CONFIG_TLSV12=y" >> ${CONFIG} |
1354 |
- echo "CONFIG_EAP_PWD=y" >> ${CONFIG} |
1355 |
- fi |
1356 |
- |
1357 |
- if use wps; then |
1358 |
- # Enable Wi-Fi Protected Setup |
1359 |
- echo "CONFIG_WPS=y" >> ${CONFIG} |
1360 |
- echo "CONFIG_WPS2=y" >> ${CONFIG} |
1361 |
- echo "CONFIG_WPS_UPNP=y" >> ${CONFIG} |
1362 |
- echo "CONFIG_WPS_NFC=y" >> ${CONFIG} |
1363 |
- einfo "Enabling Wi-Fi Protected Setup support" |
1364 |
- fi |
1365 |
- |
1366 |
- echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG} |
1367 |
- echo "CONFIG_EAP_TNC=y" >> ${CONFIG} |
1368 |
- echo "CONFIG_EAP_GTC=y" >> ${CONFIG} |
1369 |
- echo "CONFIG_EAP_SIM=y" >> ${CONFIG} |
1370 |
- echo "CONFIG_EAP_AKA=y" >> ${CONFIG} |
1371 |
- echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG} |
1372 |
- echo "CONFIG_EAP_EKE=y" >> ${CONFIG} |
1373 |
- echo "CONFIG_EAP_PAX=y" >> ${CONFIG} |
1374 |
- echo "CONFIG_EAP_PSK=y" >> ${CONFIG} |
1375 |
- echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} |
1376 |
- echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} |
1377 |
- echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} |
1378 |
- |
1379 |
- einfo "Enabling drivers: " |
1380 |
- |
1381 |
- # drivers |
1382 |
- echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG} |
1383 |
- einfo " HostAP driver enabled" |
1384 |
- echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG} |
1385 |
- einfo " Wired driver enabled" |
1386 |
- echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG} |
1387 |
- einfo " None driver enabled" |
1388 |
- |
1389 |
- einfo " nl80211 driver enabled" |
1390 |
- echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG} |
1391 |
- |
1392 |
- # epoll |
1393 |
- echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG} |
1394 |
- |
1395 |
- # misc |
1396 |
- echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG} |
1397 |
- echo "CONFIG_PKCS12=y" >> ${CONFIG} |
1398 |
- echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG} |
1399 |
- echo "CONFIG_IAPP=y" >> ${CONFIG} |
1400 |
- echo "CONFIG_IEEE80211R=y" >> ${CONFIG} |
1401 |
- echo "CONFIG_IEEE80211W=y" >> ${CONFIG} |
1402 |
- echo "CONFIG_IEEE80211N=y" >> ${CONFIG} |
1403 |
- echo "CONFIG_IEEE80211AC=y" >> ${CONFIG} |
1404 |
- echo "CONFIG_PEERKEY=y" >> ${CONFIG} |
1405 |
- echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG} |
1406 |
- echo "CONFIG_INTERWORKING=y" >> ${CONFIG} |
1407 |
- echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG} |
1408 |
- echo "CONFIG_HS20=y" >> ${CONFIG} |
1409 |
- echo "CONFIG_WNM=y" >> ${CONFIG} |
1410 |
- echo "CONFIG_FST=y" >> ${CONFIG} |
1411 |
- echo "CONFIG_FST_TEST=y" >> ${CONFIG} |
1412 |
- echo "CONFIG_ACS=y" >> ${CONFIG} |
1413 |
- |
1414 |
- if use netlink; then |
1415 |
- # Netlink support |
1416 |
- echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG} |
1417 |
- fi |
1418 |
- |
1419 |
- if use ipv6; then |
1420 |
- # IPv6 support |
1421 |
- echo "CONFIG_IPV6=y" >> ${CONFIG} |
1422 |
- fi |
1423 |
- |
1424 |
- if use sqlite; then |
1425 |
- # Sqlite support |
1426 |
- echo "CONFIG_SQLITE=y" >> ${CONFIG} |
1427 |
- fi |
1428 |
- |
1429 |
- # If we are using libnl 2.0 and above, enable support for it |
1430 |
- # Removed for now, since the 3.2 version is broken, and we don't |
1431 |
- # support it. |
1432 |
- if has_version ">=dev-libs/libnl-3.2"; then |
1433 |
- echo "CONFIG_LIBNL32=y" >> .config |
1434 |
- fi |
1435 |
- |
1436 |
- # TODO: Add support for BSD drivers |
1437 |
- |
1438 |
- default_src_configure |
1439 |
-} |
1440 |
- |
1441 |
-src_compile() { |
1442 |
- emake V=1 |
1443 |
- |
1444 |
- if use libressl || ! use internal-tls; then |
1445 |
- emake V=1 nt_password_hash |
1446 |
- emake V=1 hlr_auc_gw |
1447 |
- fi |
1448 |
-} |
1449 |
- |
1450 |
-src_install() { |
1451 |
- insinto /etc/${PN} |
1452 |
- doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk} |
1453 |
- |
1454 |
- fperms -R 600 /etc/${PN} |
1455 |
- |
1456 |
- dosbin ${PN} |
1457 |
- dobin ${PN}_cli |
1458 |
- |
1459 |
- if use libressl || ! use internal-tls; then |
1460 |
- dobin nt_password_hash hlr_auc_gw |
1461 |
- fi |
1462 |
- |
1463 |
- newinitd "${FILESDIR}"/${PN}-init.d ${PN} |
1464 |
- newconfd "${FILESDIR}"/${PN}-conf.d ${PN} |
1465 |
- systemd_dounit "${FILESDIR}"/${PN}.service |
1466 |
- |
1467 |
- doman ${PN}{.8,_cli.1} |
1468 |
- |
1469 |
- dodoc ChangeLog README |
1470 |
- use wps && dodoc README-WPS |
1471 |
- |
1472 |
- docinto examples |
1473 |
- dodoc wired.conf |
1474 |
- |
1475 |
- if use logwatch; then |
1476 |
- insinto /etc/log.d/conf/services/ |
1477 |
- doins logwatch/${PN}.conf |
1478 |
- |
1479 |
- exeinto /etc/log.d/scripts/services/ |
1480 |
- doexe logwatch/${PN} |
1481 |
- fi |
1482 |
- |
1483 |
- save_config .config |
1484 |
-} |
1485 |
- |
1486 |
-pkg_postinst() { |
1487 |
- einfo |
1488 |
- einfo "If you are running openRC you need to follow this instructions:" |
1489 |
- einfo "In order to use ${PN} you need to set up your wireless card" |
1490 |
- einfo "for master mode in /etc/conf.d/net and then start" |
1491 |
- einfo "/etc/init.d/${PN}." |
1492 |
- einfo |
1493 |
- einfo "Example configuration:" |
1494 |
- einfo |
1495 |
- einfo "config_wlan0=( \"192.168.1.1/24\" )" |
1496 |
- einfo "channel_wlan0=\"6\"" |
1497 |
- einfo "essid_wlan0=\"test\"" |
1498 |
- einfo "mode_wlan0=\"master\"" |
1499 |
- einfo |
1500 |
- #if [ -e "${KV_DIR}"/net/mac80211 ]; then |
1501 |
- # einfo "This package now compiles against the headers installed by" |
1502 |
- # einfo "the kernel source for the mac80211 driver. You should " |
1503 |
- # einfo "re-emerge ${PN} after upgrading your kernel source." |
1504 |
- #fi |
1505 |
- |
1506 |
- if use wps; then |
1507 |
- einfo "You have enabled Wi-Fi Protected Setup support, please" |
1508 |
- einfo "read the README-WPS file in /usr/share/doc/${P}" |
1509 |
- einfo "for info on how to use WPS" |
1510 |
- fi |
1511 |
-} |
1512 |
|
1513 |
diff --git a/net-wireless/hostapd/hostapd-2.6-r5.ebuild b/net-wireless/hostapd/hostapd-2.6-r5.ebuild |
1514 |
deleted file mode 100644 |
1515 |
index 82e50e8b7f0..00000000000 |
1516 |
--- a/net-wireless/hostapd/hostapd-2.6-r5.ebuild |
1517 |
+++ /dev/null |
1518 |
@@ -1,256 +0,0 @@ |
1519 |
-# Copyright 1999-2018 Gentoo Foundation |
1520 |
-# Distributed under the terms of the GNU General Public License v2 |
1521 |
- |
1522 |
-EAPI="6" |
1523 |
- |
1524 |
-inherit toolchain-funcs eutils systemd savedconfig |
1525 |
- |
1526 |
-DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon" |
1527 |
-HOMEPAGE="http://w1.fi" |
1528 |
-EXTRAS_VER="2.6-r5" |
1529 |
-EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras" |
1530 |
-SRC_URI="http://w1.fi/releases/${P}.tar.gz |
1531 |
- https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz" |
1532 |
- |
1533 |
-LICENSE="BSD" |
1534 |
-SLOT="0" |
1535 |
-KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" |
1536 |
-IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda" |
1537 |
- |
1538 |
-DEPEND=" |
1539 |
- libressl? ( dev-libs/libressl:0= ) |
1540 |
- !libressl? ( |
1541 |
- internal-tls? ( dev-libs/libtommath ) |
1542 |
- !internal-tls? ( dev-libs/openssl:0=[-bindist] ) |
1543 |
- ) |
1544 |
- kernel_linux? ( |
1545 |
- dev-libs/libnl:3 |
1546 |
- crda? ( net-wireless/crda ) |
1547 |
- ) |
1548 |
- netlink? ( net-libs/libnfnetlink ) |
1549 |
- sqlite? ( >=dev-db/sqlite-3 )" |
1550 |
- |
1551 |
-RDEPEND="${DEPEND}" |
1552 |
- |
1553 |
-S="${S}/${PN}" |
1554 |
- |
1555 |
-pkg_pretend() { |
1556 |
- if use internal-tls; then |
1557 |
- if use libressl; then |
1558 |
- elog "libressl flag takes precedence over internal-tls" |
1559 |
- else |
1560 |
- ewarn "internal-tls implementation is experimental and provides fewer features" |
1561 |
- fi |
1562 |
- fi |
1563 |
-} |
1564 |
- |
1565 |
-src_prepare() { |
1566 |
- # Allow users to apply patches to src/drivers for example, |
1567 |
- # i.e. anything outside ${S}/${PN} |
1568 |
- pushd ../ >/dev/null || die |
1569 |
- |
1570 |
- # Add LibreSSL compatibility patch bug (#567262) |
1571 |
- eapply "${WORKDIR}/${EXTRAS_NAME}/${P}-libressl-compatibility.patch" |
1572 |
- |
1573 |
- # https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt |
1574 |
- eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch" |
1575 |
- eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch" |
1576 |
- eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch" |
1577 |
- eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch" |
1578 |
- eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch" |
1579 |
- eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch" |
1580 |
- eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch" |
1581 |
- default |
1582 |
- popd >/dev/null || die |
1583 |
- |
1584 |
- sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ |
1585 |
- "${S}/hostapd.conf" || die |
1586 |
- |
1587 |
-} |
1588 |
- |
1589 |
-src_configure() { |
1590 |
- local CONFIG="${S}/.config" |
1591 |
- |
1592 |
- restore_config "${CONFIG}" |
1593 |
- if [[ -f "${CONFIG}" ]]; then |
1594 |
- default_src_configure |
1595 |
- return 0 |
1596 |
- fi |
1597 |
- |
1598 |
- # toolchain setup |
1599 |
- echo "CC = $(tc-getCC)" > ${CONFIG} |
1600 |
- |
1601 |
- # EAP authentication methods |
1602 |
- echo "CONFIG_EAP=y" >> ${CONFIG} |
1603 |
- echo "CONFIG_ERP=y" >> ${CONFIG} |
1604 |
- echo "CONFIG_EAP_MD5=y" >> ${CONFIG} |
1605 |
- |
1606 |
- if use internal-tls && ! use libressl; then |
1607 |
- echo "CONFIG_TLS=internal" >> ${CONFIG} |
1608 |
- else |
1609 |
- # SSL authentication methods |
1610 |
- echo "CONFIG_EAP_FAST=y" >> ${CONFIG} |
1611 |
- echo "CONFIG_EAP_TLS=y" >> ${CONFIG} |
1612 |
- echo "CONFIG_EAP_TTLS=y" >> ${CONFIG} |
1613 |
- echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG} |
1614 |
- echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} |
1615 |
- echo "CONFIG_TLSV11=y" >> ${CONFIG} |
1616 |
- echo "CONFIG_TLSV12=y" >> ${CONFIG} |
1617 |
- echo "CONFIG_EAP_PWD=y" >> ${CONFIG} |
1618 |
- fi |
1619 |
- |
1620 |
- if use wps; then |
1621 |
- # Enable Wi-Fi Protected Setup |
1622 |
- echo "CONFIG_WPS=y" >> ${CONFIG} |
1623 |
- echo "CONFIG_WPS2=y" >> ${CONFIG} |
1624 |
- echo "CONFIG_WPS_UPNP=y" >> ${CONFIG} |
1625 |
- echo "CONFIG_WPS_NFC=y" >> ${CONFIG} |
1626 |
- einfo "Enabling Wi-Fi Protected Setup support" |
1627 |
- fi |
1628 |
- |
1629 |
- echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG} |
1630 |
- echo "CONFIG_EAP_TNC=y" >> ${CONFIG} |
1631 |
- echo "CONFIG_EAP_GTC=y" >> ${CONFIG} |
1632 |
- echo "CONFIG_EAP_SIM=y" >> ${CONFIG} |
1633 |
- echo "CONFIG_EAP_AKA=y" >> ${CONFIG} |
1634 |
- echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG} |
1635 |
- echo "CONFIG_EAP_EKE=y" >> ${CONFIG} |
1636 |
- echo "CONFIG_EAP_PAX=y" >> ${CONFIG} |
1637 |
- echo "CONFIG_EAP_PSK=y" >> ${CONFIG} |
1638 |
- echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} |
1639 |
- echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} |
1640 |
- echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} |
1641 |
- |
1642 |
- einfo "Enabling drivers: " |
1643 |
- |
1644 |
- # drivers |
1645 |
- echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG} |
1646 |
- einfo " HostAP driver enabled" |
1647 |
- echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG} |
1648 |
- einfo " Wired driver enabled" |
1649 |
- echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG} |
1650 |
- einfo " None driver enabled" |
1651 |
- |
1652 |
- einfo " nl80211 driver enabled" |
1653 |
- echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG} |
1654 |
- |
1655 |
- # epoll |
1656 |
- echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG} |
1657 |
- |
1658 |
- # misc |
1659 |
- echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG} |
1660 |
- echo "CONFIG_PKCS12=y" >> ${CONFIG} |
1661 |
- echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG} |
1662 |
- echo "CONFIG_IAPP=y" >> ${CONFIG} |
1663 |
- echo "CONFIG_IEEE80211R=y" >> ${CONFIG} |
1664 |
- echo "CONFIG_IEEE80211W=y" >> ${CONFIG} |
1665 |
- echo "CONFIG_IEEE80211N=y" >> ${CONFIG} |
1666 |
- echo "CONFIG_IEEE80211AC=y" >> ${CONFIG} |
1667 |
- echo "CONFIG_PEERKEY=y" >> ${CONFIG} |
1668 |
- echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG} |
1669 |
- echo "CONFIG_INTERWORKING=y" >> ${CONFIG} |
1670 |
- echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG} |
1671 |
- echo "CONFIG_HS20=y" >> ${CONFIG} |
1672 |
- echo "CONFIG_WNM=y" >> ${CONFIG} |
1673 |
- echo "CONFIG_FST=y" >> ${CONFIG} |
1674 |
- echo "CONFIG_FST_TEST=y" >> ${CONFIG} |
1675 |
- echo "CONFIG_ACS=y" >> ${CONFIG} |
1676 |
- |
1677 |
- if use netlink; then |
1678 |
- # Netlink support |
1679 |
- echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG} |
1680 |
- fi |
1681 |
- |
1682 |
- if use ipv6; then |
1683 |
- # IPv6 support |
1684 |
- echo "CONFIG_IPV6=y" >> ${CONFIG} |
1685 |
- fi |
1686 |
- |
1687 |
- if use sqlite; then |
1688 |
- # Sqlite support |
1689 |
- echo "CONFIG_SQLITE=y" >> ${CONFIG} |
1690 |
- fi |
1691 |
- |
1692 |
- # If we are using libnl 2.0 and above, enable support for it |
1693 |
- # Removed for now, since the 3.2 version is broken, and we don't |
1694 |
- # support it. |
1695 |
- if has_version ">=dev-libs/libnl-3.2"; then |
1696 |
- echo "CONFIG_LIBNL32=y" >> .config |
1697 |
- fi |
1698 |
- |
1699 |
- # TODO: Add support for BSD drivers |
1700 |
- |
1701 |
- default_src_configure |
1702 |
-} |
1703 |
- |
1704 |
-src_compile() { |
1705 |
- emake V=1 |
1706 |
- |
1707 |
- if use libressl || ! use internal-tls; then |
1708 |
- emake V=1 nt_password_hash |
1709 |
- emake V=1 hlr_auc_gw |
1710 |
- fi |
1711 |
-} |
1712 |
- |
1713 |
-src_install() { |
1714 |
- insinto /etc/${PN} |
1715 |
- doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk} |
1716 |
- |
1717 |
- fperms -R 600 /etc/${PN} |
1718 |
- |
1719 |
- dosbin ${PN} |
1720 |
- dobin ${PN}_cli |
1721 |
- |
1722 |
- if use libressl || ! use internal-tls; then |
1723 |
- dobin nt_password_hash hlr_auc_gw |
1724 |
- fi |
1725 |
- |
1726 |
- newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN} |
1727 |
- newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN} |
1728 |
- systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service |
1729 |
- |
1730 |
- doman ${PN}{.8,_cli.1} |
1731 |
- |
1732 |
- dodoc ChangeLog README |
1733 |
- use wps && dodoc README-WPS |
1734 |
- |
1735 |
- docinto examples |
1736 |
- dodoc wired.conf |
1737 |
- |
1738 |
- if use logwatch; then |
1739 |
- insinto /etc/log.d/conf/services/ |
1740 |
- doins logwatch/${PN}.conf |
1741 |
- |
1742 |
- exeinto /etc/log.d/scripts/services/ |
1743 |
- doexe logwatch/${PN} |
1744 |
- fi |
1745 |
- |
1746 |
- save_config .config |
1747 |
-} |
1748 |
- |
1749 |
-pkg_postinst() { |
1750 |
- einfo |
1751 |
- einfo "If you are running openRC you need to follow this instructions:" |
1752 |
- einfo "In order to use ${PN} you need to set up your wireless card" |
1753 |
- einfo "for master mode in /etc/conf.d/net and then start" |
1754 |
- einfo "/etc/init.d/${PN}." |
1755 |
- einfo |
1756 |
- einfo "Example configuration:" |
1757 |
- einfo |
1758 |
- einfo "config_wlan0=( \"192.168.1.1/24\" )" |
1759 |
- einfo "channel_wlan0=\"6\"" |
1760 |
- einfo "essid_wlan0=\"test\"" |
1761 |
- einfo "mode_wlan0=\"master\"" |
1762 |
- einfo |
1763 |
- #if [ -e "${KV_DIR}"/net/mac80211 ]; then |
1764 |
- # einfo "This package now compiles against the headers installed by" |
1765 |
- # einfo "the kernel source for the mac80211 driver. You should " |
1766 |
- # einfo "re-emerge ${PN} after upgrading your kernel source." |
1767 |
- #fi |
1768 |
- |
1769 |
- if use wps; then |
1770 |
- einfo "You have enabled Wi-Fi Protected Setup support, please" |
1771 |
- einfo "read the README-WPS file in /usr/share/doc/${P}" |
1772 |
- einfo "for info on how to use WPS" |
1773 |
- fi |
1774 |
-} |
1775 |
|
1776 |
diff --git a/net-wireless/hostapd/hostapd-2.6-r6.ebuild b/net-wireless/hostapd/hostapd-2.6-r6.ebuild |
1777 |
deleted file mode 100644 |
1778 |
index 484677f3913..00000000000 |
1779 |
--- a/net-wireless/hostapd/hostapd-2.6-r6.ebuild |
1780 |
+++ /dev/null |
1781 |
@@ -1,259 +0,0 @@ |
1782 |
-# Copyright 1999-2018 Gentoo Foundation |
1783 |
-# Distributed under the terms of the GNU General Public License v2 |
1784 |
- |
1785 |
-EAPI="6" |
1786 |
- |
1787 |
-inherit toolchain-funcs eutils systemd savedconfig |
1788 |
- |
1789 |
-DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon" |
1790 |
-HOMEPAGE="http://w1.fi" |
1791 |
-EXTRAS_VER="2.6-r6" |
1792 |
-EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras" |
1793 |
-SRC_URI="http://w1.fi/releases/${P}.tar.gz |
1794 |
- https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz" |
1795 |
- |
1796 |
-LICENSE="BSD" |
1797 |
-SLOT="0" |
1798 |
-KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" |
1799 |
-IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda" |
1800 |
- |
1801 |
-DEPEND=" |
1802 |
- libressl? ( dev-libs/libressl:0= ) |
1803 |
- !libressl? ( |
1804 |
- internal-tls? ( dev-libs/libtommath ) |
1805 |
- !internal-tls? ( dev-libs/openssl:0=[-bindist] ) |
1806 |
- ) |
1807 |
- kernel_linux? ( |
1808 |
- dev-libs/libnl:3 |
1809 |
- crda? ( net-wireless/crda ) |
1810 |
- ) |
1811 |
- netlink? ( net-libs/libnfnetlink ) |
1812 |
- sqlite? ( >=dev-db/sqlite-3 )" |
1813 |
- |
1814 |
-RDEPEND="${DEPEND}" |
1815 |
- |
1816 |
-S="${S}/${PN}" |
1817 |
- |
1818 |
-pkg_pretend() { |
1819 |
- if use internal-tls; then |
1820 |
- if use libressl; then |
1821 |
- elog "libressl flag takes precedence over internal-tls" |
1822 |
- else |
1823 |
- ewarn "internal-tls implementation is experimental and provides fewer features" |
1824 |
- fi |
1825 |
- fi |
1826 |
-} |
1827 |
- |
1828 |
-src_prepare() { |
1829 |
- # Allow users to apply patches to src/drivers for example, |
1830 |
- # i.e. anything outside ${S}/${PN} |
1831 |
- pushd ../ >/dev/null || die |
1832 |
- |
1833 |
- # Add LibreSSL compatibility patch bug (#567262) |
1834 |
- eapply "${WORKDIR}/${EXTRAS_NAME}/${P}-libressl-compatibility.patch" |
1835 |
- |
1836 |
- # https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt |
1837 |
- eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch" |
1838 |
- eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch" |
1839 |
- eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch" |
1840 |
- eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch" |
1841 |
- eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch" |
1842 |
- eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch" |
1843 |
- eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch" |
1844 |
- |
1845 |
- eapply "${WORKDIR}/${EXTRAS_NAME}/nl80211-Fix-NL80211_ATTR_SMPS_MODE-encoding.patch" |
1846 |
- |
1847 |
- default |
1848 |
- popd >/dev/null || die |
1849 |
- |
1850 |
- sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ |
1851 |
- "${S}/hostapd.conf" || die |
1852 |
- |
1853 |
-} |
1854 |
- |
1855 |
-src_configure() { |
1856 |
- local CONFIG="${S}/.config" |
1857 |
- |
1858 |
- restore_config "${CONFIG}" |
1859 |
- if [[ -f "${CONFIG}" ]]; then |
1860 |
- default_src_configure |
1861 |
- return 0 |
1862 |
- fi |
1863 |
- |
1864 |
- # toolchain setup |
1865 |
- echo "CC = $(tc-getCC)" > ${CONFIG} |
1866 |
- |
1867 |
- # EAP authentication methods |
1868 |
- echo "CONFIG_EAP=y" >> ${CONFIG} |
1869 |
- echo "CONFIG_ERP=y" >> ${CONFIG} |
1870 |
- echo "CONFIG_EAP_MD5=y" >> ${CONFIG} |
1871 |
- |
1872 |
- if use internal-tls && ! use libressl; then |
1873 |
- echo "CONFIG_TLS=internal" >> ${CONFIG} |
1874 |
- else |
1875 |
- # SSL authentication methods |
1876 |
- echo "CONFIG_EAP_FAST=y" >> ${CONFIG} |
1877 |
- echo "CONFIG_EAP_TLS=y" >> ${CONFIG} |
1878 |
- echo "CONFIG_EAP_TTLS=y" >> ${CONFIG} |
1879 |
- echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG} |
1880 |
- echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} |
1881 |
- echo "CONFIG_TLSV11=y" >> ${CONFIG} |
1882 |
- echo "CONFIG_TLSV12=y" >> ${CONFIG} |
1883 |
- echo "CONFIG_EAP_PWD=y" >> ${CONFIG} |
1884 |
- fi |
1885 |
- |
1886 |
- if use wps; then |
1887 |
- # Enable Wi-Fi Protected Setup |
1888 |
- echo "CONFIG_WPS=y" >> ${CONFIG} |
1889 |
- echo "CONFIG_WPS2=y" >> ${CONFIG} |
1890 |
- echo "CONFIG_WPS_UPNP=y" >> ${CONFIG} |
1891 |
- echo "CONFIG_WPS_NFC=y" >> ${CONFIG} |
1892 |
- einfo "Enabling Wi-Fi Protected Setup support" |
1893 |
- fi |
1894 |
- |
1895 |
- echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG} |
1896 |
- echo "CONFIG_EAP_TNC=y" >> ${CONFIG} |
1897 |
- echo "CONFIG_EAP_GTC=y" >> ${CONFIG} |
1898 |
- echo "CONFIG_EAP_SIM=y" >> ${CONFIG} |
1899 |
- echo "CONFIG_EAP_AKA=y" >> ${CONFIG} |
1900 |
- echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG} |
1901 |
- echo "CONFIG_EAP_EKE=y" >> ${CONFIG} |
1902 |
- echo "CONFIG_EAP_PAX=y" >> ${CONFIG} |
1903 |
- echo "CONFIG_EAP_PSK=y" >> ${CONFIG} |
1904 |
- echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} |
1905 |
- echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} |
1906 |
- echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} |
1907 |
- |
1908 |
- einfo "Enabling drivers: " |
1909 |
- |
1910 |
- # drivers |
1911 |
- echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG} |
1912 |
- einfo " HostAP driver enabled" |
1913 |
- echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG} |
1914 |
- einfo " Wired driver enabled" |
1915 |
- echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG} |
1916 |
- einfo " None driver enabled" |
1917 |
- |
1918 |
- einfo " nl80211 driver enabled" |
1919 |
- echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG} |
1920 |
- |
1921 |
- # epoll |
1922 |
- echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG} |
1923 |
- |
1924 |
- # misc |
1925 |
- echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG} |
1926 |
- echo "CONFIG_PKCS12=y" >> ${CONFIG} |
1927 |
- echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG} |
1928 |
- echo "CONFIG_IAPP=y" >> ${CONFIG} |
1929 |
- echo "CONFIG_IEEE80211R=y" >> ${CONFIG} |
1930 |
- echo "CONFIG_IEEE80211W=y" >> ${CONFIG} |
1931 |
- echo "CONFIG_IEEE80211N=y" >> ${CONFIG} |
1932 |
- echo "CONFIG_IEEE80211AC=y" >> ${CONFIG} |
1933 |
- echo "CONFIG_PEERKEY=y" >> ${CONFIG} |
1934 |
- echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG} |
1935 |
- echo "CONFIG_INTERWORKING=y" >> ${CONFIG} |
1936 |
- echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG} |
1937 |
- echo "CONFIG_HS20=y" >> ${CONFIG} |
1938 |
- echo "CONFIG_WNM=y" >> ${CONFIG} |
1939 |
- echo "CONFIG_FST=y" >> ${CONFIG} |
1940 |
- echo "CONFIG_FST_TEST=y" >> ${CONFIG} |
1941 |
- echo "CONFIG_ACS=y" >> ${CONFIG} |
1942 |
- |
1943 |
- if use netlink; then |
1944 |
- # Netlink support |
1945 |
- echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG} |
1946 |
- fi |
1947 |
- |
1948 |
- if use ipv6; then |
1949 |
- # IPv6 support |
1950 |
- echo "CONFIG_IPV6=y" >> ${CONFIG} |
1951 |
- fi |
1952 |
- |
1953 |
- if use sqlite; then |
1954 |
- # Sqlite support |
1955 |
- echo "CONFIG_SQLITE=y" >> ${CONFIG} |
1956 |
- fi |
1957 |
- |
1958 |
- # If we are using libnl 2.0 and above, enable support for it |
1959 |
- # Removed for now, since the 3.2 version is broken, and we don't |
1960 |
- # support it. |
1961 |
- if has_version ">=dev-libs/libnl-3.2"; then |
1962 |
- echo "CONFIG_LIBNL32=y" >> .config |
1963 |
- fi |
1964 |
- |
1965 |
- # TODO: Add support for BSD drivers |
1966 |
- |
1967 |
- default_src_configure |
1968 |
-} |
1969 |
- |
1970 |
-src_compile() { |
1971 |
- emake V=1 |
1972 |
- |
1973 |
- if use libressl || ! use internal-tls; then |
1974 |
- emake V=1 nt_password_hash |
1975 |
- emake V=1 hlr_auc_gw |
1976 |
- fi |
1977 |
-} |
1978 |
- |
1979 |
-src_install() { |
1980 |
- insinto /etc/${PN} |
1981 |
- doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk} |
1982 |
- |
1983 |
- fperms -R 600 /etc/${PN} |
1984 |
- |
1985 |
- dosbin ${PN} |
1986 |
- dobin ${PN}_cli |
1987 |
- |
1988 |
- if use libressl || ! use internal-tls; then |
1989 |
- dobin nt_password_hash hlr_auc_gw |
1990 |
- fi |
1991 |
- |
1992 |
- newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN} |
1993 |
- newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN} |
1994 |
- systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service |
1995 |
- |
1996 |
- doman ${PN}{.8,_cli.1} |
1997 |
- |
1998 |
- dodoc ChangeLog README |
1999 |
- use wps && dodoc README-WPS |
2000 |
- |
2001 |
- docinto examples |
2002 |
- dodoc wired.conf |
2003 |
- |
2004 |
- if use logwatch; then |
2005 |
- insinto /etc/log.d/conf/services/ |
2006 |
- doins logwatch/${PN}.conf |
2007 |
- |
2008 |
- exeinto /etc/log.d/scripts/services/ |
2009 |
- doexe logwatch/${PN} |
2010 |
- fi |
2011 |
- |
2012 |
- save_config .config |
2013 |
-} |
2014 |
- |
2015 |
-pkg_postinst() { |
2016 |
- einfo |
2017 |
- einfo "If you are running openRC you need to follow this instructions:" |
2018 |
- einfo "In order to use ${PN} you need to set up your wireless card" |
2019 |
- einfo "for master mode in /etc/conf.d/net and then start" |
2020 |
- einfo "/etc/init.d/${PN}." |
2021 |
- einfo |
2022 |
- einfo "Example configuration:" |
2023 |
- einfo |
2024 |
- einfo "config_wlan0=( \"192.168.1.1/24\" )" |
2025 |
- einfo "channel_wlan0=\"6\"" |
2026 |
- einfo "essid_wlan0=\"test\"" |
2027 |
- einfo "mode_wlan0=\"master\"" |
2028 |
- einfo |
2029 |
- #if [ -e "${KV_DIR}"/net/mac80211 ]; then |
2030 |
- # einfo "This package now compiles against the headers installed by" |
2031 |
- # einfo "the kernel source for the mac80211 driver. You should " |
2032 |
- # einfo "re-emerge ${PN} after upgrading your kernel source." |
2033 |
- #fi |
2034 |
- |
2035 |
- if use wps; then |
2036 |
- einfo "You have enabled Wi-Fi Protected Setup support, please" |
2037 |
- einfo "read the README-WPS file in /usr/share/doc/${P}" |
2038 |
- einfo "for info on how to use WPS" |
2039 |
- fi |
2040 |
-} |
2041 |
|
2042 |
diff --git a/net-wireless/hostapd/hostapd-2.6_p20180822.ebuild b/net-wireless/hostapd/hostapd-2.6_p20180822.ebuild |
2043 |
deleted file mode 100644 |
2044 |
index 342d0151c2d..00000000000 |
2045 |
--- a/net-wireless/hostapd/hostapd-2.6_p20180822.ebuild |
2046 |
+++ /dev/null |
2047 |
@@ -1,262 +0,0 @@ |
2048 |
-# Copyright 1999-2018 Gentoo Foundation |
2049 |
-# Distributed under the terms of the GNU General Public License v2 |
2050 |
- |
2051 |
-EAPI="6" |
2052 |
- |
2053 |
-inherit toolchain-funcs eutils systemd savedconfig |
2054 |
- |
2055 |
-DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon" |
2056 |
-HOMEPAGE="http://w1.fi" |
2057 |
-EXTRAS_VER="2.6-r5" |
2058 |
-EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras" |
2059 |
-SRC_URI="https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz" |
2060 |
- |
2061 |
-if [[ $PV == 9999 ]]; then |
2062 |
- inherit git-r3 |
2063 |
- EGIT_REPO_URI="https://w1.fi/hostap.git" |
2064 |
-else |
2065 |
- if [[ $PV =~ ^.*_p[0-9]{8}$ ]]; then |
2066 |
- SRC_URI+=" https://dev.gentoo.org/~andrey_utkin/distfiles/${P}.tar.xz" |
2067 |
- else |
2068 |
- SRC_URI+=" https://w1.fi/releases/${P}.tar.gz" |
2069 |
- fi |
2070 |
- # Never stabilize snapshot ebuilds please |
2071 |
- KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" |
2072 |
-fi |
2073 |
- |
2074 |
-LICENSE="BSD" |
2075 |
-SLOT="0" |
2076 |
-IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda" |
2077 |
- |
2078 |
-DEPEND=" |
2079 |
- libressl? ( dev-libs/libressl:0= ) |
2080 |
- !libressl? ( |
2081 |
- internal-tls? ( dev-libs/libtommath ) |
2082 |
- !internal-tls? ( dev-libs/openssl:0=[-bindist] ) |
2083 |
- ) |
2084 |
- kernel_linux? ( |
2085 |
- dev-libs/libnl:3 |
2086 |
- crda? ( net-wireless/crda ) |
2087 |
- ) |
2088 |
- netlink? ( net-libs/libnfnetlink ) |
2089 |
- sqlite? ( >=dev-db/sqlite-3 )" |
2090 |
- |
2091 |
-RDEPEND="${DEPEND}" |
2092 |
- |
2093 |
-S="${S}/${PN}" |
2094 |
- |
2095 |
-pkg_pretend() { |
2096 |
- if use internal-tls; then |
2097 |
- if use libressl; then |
2098 |
- elog "libressl flag takes precedence over internal-tls" |
2099 |
- else |
2100 |
- ewarn "internal-tls implementation is experimental and provides fewer features" |
2101 |
- fi |
2102 |
- fi |
2103 |
-} |
2104 |
- |
2105 |
-src_unpack() { |
2106 |
- # Override default one because we need the SRC_URI ones even in case of 9999 ebuilds |
2107 |
- default |
2108 |
- if [[ ${PV} == 9999 ]] ; then |
2109 |
- git-r3_src_unpack |
2110 |
- fi |
2111 |
-} |
2112 |
- |
2113 |
-src_prepare() { |
2114 |
- # Allow users to apply patches to src/drivers for example, |
2115 |
- # i.e. anything outside ${S}/${PN} |
2116 |
- pushd ../ >/dev/null || die |
2117 |
- default |
2118 |
- popd >/dev/null || die |
2119 |
- |
2120 |
- sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ |
2121 |
- "${S}/hostapd.conf" || die |
2122 |
-} |
2123 |
- |
2124 |
-src_configure() { |
2125 |
- local CONFIG="${S}/.config" |
2126 |
- |
2127 |
- restore_config "${CONFIG}" |
2128 |
- if [[ -f "${CONFIG}" ]]; then |
2129 |
- default_src_configure |
2130 |
- return 0 |
2131 |
- fi |
2132 |
- |
2133 |
- # toolchain setup |
2134 |
- echo "CC = $(tc-getCC)" > ${CONFIG} |
2135 |
- |
2136 |
- # EAP authentication methods |
2137 |
- echo "CONFIG_EAP=y" >> ${CONFIG} |
2138 |
- echo "CONFIG_ERP=y" >> ${CONFIG} |
2139 |
- echo "CONFIG_EAP_MD5=y" >> ${CONFIG} |
2140 |
- |
2141 |
- if use internal-tls && ! use libressl; then |
2142 |
- echo "CONFIG_TLS=internal" >> ${CONFIG} |
2143 |
- else |
2144 |
- # SSL authentication methods |
2145 |
- echo "CONFIG_EAP_FAST=y" >> ${CONFIG} |
2146 |
- echo "CONFIG_EAP_TLS=y" >> ${CONFIG} |
2147 |
- echo "CONFIG_EAP_TTLS=y" >> ${CONFIG} |
2148 |
- echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG} |
2149 |
- echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} |
2150 |
- echo "CONFIG_TLSV11=y" >> ${CONFIG} |
2151 |
- echo "CONFIG_TLSV12=y" >> ${CONFIG} |
2152 |
- echo "CONFIG_EAP_PWD=y" >> ${CONFIG} |
2153 |
- fi |
2154 |
- |
2155 |
- if use wps; then |
2156 |
- # Enable Wi-Fi Protected Setup |
2157 |
- echo "CONFIG_WPS=y" >> ${CONFIG} |
2158 |
- echo "CONFIG_WPS2=y" >> ${CONFIG} |
2159 |
- echo "CONFIG_WPS_UPNP=y" >> ${CONFIG} |
2160 |
- echo "CONFIG_WPS_NFC=y" >> ${CONFIG} |
2161 |
- einfo "Enabling Wi-Fi Protected Setup support" |
2162 |
- fi |
2163 |
- |
2164 |
- echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG} |
2165 |
- echo "CONFIG_EAP_TNC=y" >> ${CONFIG} |
2166 |
- echo "CONFIG_EAP_GTC=y" >> ${CONFIG} |
2167 |
- echo "CONFIG_EAP_SIM=y" >> ${CONFIG} |
2168 |
- echo "CONFIG_EAP_AKA=y" >> ${CONFIG} |
2169 |
- echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG} |
2170 |
- echo "CONFIG_EAP_EKE=y" >> ${CONFIG} |
2171 |
- echo "CONFIG_EAP_PAX=y" >> ${CONFIG} |
2172 |
- echo "CONFIG_EAP_PSK=y" >> ${CONFIG} |
2173 |
- echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} |
2174 |
- echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} |
2175 |
- echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} |
2176 |
- |
2177 |
- einfo "Enabling drivers: " |
2178 |
- |
2179 |
- # drivers |
2180 |
- echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG} |
2181 |
- einfo " HostAP driver enabled" |
2182 |
- echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG} |
2183 |
- einfo " Wired driver enabled" |
2184 |
- echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG} |
2185 |
- einfo " None driver enabled" |
2186 |
- |
2187 |
- einfo " nl80211 driver enabled" |
2188 |
- echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG} |
2189 |
- |
2190 |
- # epoll |
2191 |
- echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG} |
2192 |
- |
2193 |
- # misc |
2194 |
- echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG} |
2195 |
- echo "CONFIG_PKCS12=y" >> ${CONFIG} |
2196 |
- echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG} |
2197 |
- echo "CONFIG_IAPP=y" >> ${CONFIG} |
2198 |
- echo "CONFIG_IEEE80211R=y" >> ${CONFIG} |
2199 |
- echo "CONFIG_IEEE80211W=y" >> ${CONFIG} |
2200 |
- echo "CONFIG_IEEE80211N=y" >> ${CONFIG} |
2201 |
- echo "CONFIG_IEEE80211AC=y" >> ${CONFIG} |
2202 |
- echo "CONFIG_PEERKEY=y" >> ${CONFIG} |
2203 |
- echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG} |
2204 |
- echo "CONFIG_INTERWORKING=y" >> ${CONFIG} |
2205 |
- echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG} |
2206 |
- echo "CONFIG_HS20=y" >> ${CONFIG} |
2207 |
- echo "CONFIG_WNM=y" >> ${CONFIG} |
2208 |
- echo "CONFIG_FST=y" >> ${CONFIG} |
2209 |
- echo "CONFIG_FST_TEST=y" >> ${CONFIG} |
2210 |
- echo "CONFIG_ACS=y" >> ${CONFIG} |
2211 |
- |
2212 |
- if use netlink; then |
2213 |
- # Netlink support |
2214 |
- echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG} |
2215 |
- fi |
2216 |
- |
2217 |
- if use ipv6; then |
2218 |
- # IPv6 support |
2219 |
- echo "CONFIG_IPV6=y" >> ${CONFIG} |
2220 |
- fi |
2221 |
- |
2222 |
- if use sqlite; then |
2223 |
- # Sqlite support |
2224 |
- echo "CONFIG_SQLITE=y" >> ${CONFIG} |
2225 |
- fi |
2226 |
- |
2227 |
- # If we are using libnl 2.0 and above, enable support for it |
2228 |
- # Removed for now, since the 3.2 version is broken, and we don't |
2229 |
- # support it. |
2230 |
- if has_version ">=dev-libs/libnl-3.2"; then |
2231 |
- echo "CONFIG_LIBNL32=y" >> .config |
2232 |
- fi |
2233 |
- |
2234 |
- # TODO: Add support for BSD drivers |
2235 |
- |
2236 |
- default_src_configure |
2237 |
-} |
2238 |
- |
2239 |
-src_compile() { |
2240 |
- emake V=1 |
2241 |
- |
2242 |
- if use libressl || ! use internal-tls; then |
2243 |
- emake V=1 nt_password_hash |
2244 |
- emake V=1 hlr_auc_gw |
2245 |
- fi |
2246 |
-} |
2247 |
- |
2248 |
-src_install() { |
2249 |
- insinto /etc/${PN} |
2250 |
- doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk} |
2251 |
- |
2252 |
- fperms -R 600 /etc/${PN} |
2253 |
- |
2254 |
- dosbin ${PN} |
2255 |
- dobin ${PN}_cli |
2256 |
- |
2257 |
- if use libressl || ! use internal-tls; then |
2258 |
- dobin nt_password_hash hlr_auc_gw |
2259 |
- fi |
2260 |
- |
2261 |
- newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN} |
2262 |
- newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN} |
2263 |
- systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service |
2264 |
- |
2265 |
- doman ${PN}{.8,_cli.1} |
2266 |
- |
2267 |
- dodoc ChangeLog README |
2268 |
- use wps && dodoc README-WPS |
2269 |
- |
2270 |
- docinto examples |
2271 |
- dodoc wired.conf |
2272 |
- |
2273 |
- if use logwatch; then |
2274 |
- insinto /etc/log.d/conf/services/ |
2275 |
- doins logwatch/${PN}.conf |
2276 |
- |
2277 |
- exeinto /etc/log.d/scripts/services/ |
2278 |
- doexe logwatch/${PN} |
2279 |
- fi |
2280 |
- |
2281 |
- save_config .config |
2282 |
-} |
2283 |
- |
2284 |
-pkg_postinst() { |
2285 |
- einfo |
2286 |
- einfo "If you are running openRC you need to follow this instructions:" |
2287 |
- einfo "In order to use ${PN} you need to set up your wireless card" |
2288 |
- einfo "for master mode in /etc/conf.d/net and then start" |
2289 |
- einfo "/etc/init.d/${PN}." |
2290 |
- einfo |
2291 |
- einfo "Example configuration:" |
2292 |
- einfo |
2293 |
- einfo "config_wlan0=( \"192.168.1.1/24\" )" |
2294 |
- einfo "channel_wlan0=\"6\"" |
2295 |
- einfo "essid_wlan0=\"test\"" |
2296 |
- einfo "mode_wlan0=\"master\"" |
2297 |
- einfo |
2298 |
- #if [ -e "${KV_DIR}"/net/mac80211 ]; then |
2299 |
- # einfo "This package now compiles against the headers installed by" |
2300 |
- # einfo "the kernel source for the mac80211 driver. You should " |
2301 |
- # einfo "re-emerge ${PN} after upgrading your kernel source." |
2302 |
- #fi |
2303 |
- |
2304 |
- if use wps; then |
2305 |
- einfo "You have enabled Wi-Fi Protected Setup support, please" |
2306 |
- einfo "read the README-WPS file in /usr/share/doc/${P}" |
2307 |
- einfo "for info on how to use WPS" |
2308 |
- fi |
2309 |
-} |
2310 |
|
2311 |
diff --git a/net-wireless/hostapd/hostapd-2.7-r1.ebuild b/net-wireless/hostapd/hostapd-2.7-r1.ebuild |
2312 |
deleted file mode 100644 |
2313 |
index a7e0d6678cb..00000000000 |
2314 |
--- a/net-wireless/hostapd/hostapd-2.7-r1.ebuild |
2315 |
+++ /dev/null |
2316 |
@@ -1,266 +0,0 @@ |
2317 |
-# Copyright 1999-2018 Gentoo Authors |
2318 |
-# Distributed under the terms of the GNU General Public License v2 |
2319 |
- |
2320 |
-EAPI="6" |
2321 |
- |
2322 |
-inherit toolchain-funcs eutils systemd savedconfig |
2323 |
- |
2324 |
-DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon" |
2325 |
-HOMEPAGE="http://w1.fi" |
2326 |
-EXTRAS_VER="2.7-r1" |
2327 |
-EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras" |
2328 |
-SRC_URI="https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz" |
2329 |
- |
2330 |
-if [[ $PV == 9999 ]]; then |
2331 |
- inherit git-r3 |
2332 |
- EGIT_REPO_URI="https://w1.fi/hostap.git" |
2333 |
-else |
2334 |
- if [[ $PV =~ ^.*_p[0-9]{8}$ ]]; then |
2335 |
- SRC_URI+=" https://dev.gentoo.org/~andrey_utkin/distfiles/${P}.tar.xz" |
2336 |
- else |
2337 |
- SRC_URI+=" https://w1.fi/releases/${P}.tar.gz" |
2338 |
- fi |
2339 |
- # Never stabilize snapshot ebuilds please |
2340 |
- KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" |
2341 |
-fi |
2342 |
- |
2343 |
-LICENSE="BSD" |
2344 |
-SLOT="0" |
2345 |
-IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda" |
2346 |
- |
2347 |
-DEPEND=" |
2348 |
- libressl? ( dev-libs/libressl:0= ) |
2349 |
- !libressl? ( |
2350 |
- internal-tls? ( dev-libs/libtommath ) |
2351 |
- !internal-tls? ( dev-libs/openssl:0=[-bindist] ) |
2352 |
- ) |
2353 |
- kernel_linux? ( |
2354 |
- dev-libs/libnl:3 |
2355 |
- crda? ( net-wireless/crda ) |
2356 |
- ) |
2357 |
- netlink? ( net-libs/libnfnetlink ) |
2358 |
- sqlite? ( >=dev-db/sqlite-3 )" |
2359 |
- |
2360 |
-RDEPEND="${DEPEND}" |
2361 |
- |
2362 |
-PATCHES=( |
2363 |
- "${WORKDIR}/${EXTRAS_NAME}/0001-bug672834-libressl.patch" |
2364 |
-) |
2365 |
- |
2366 |
-S="${S}/${PN}" |
2367 |
- |
2368 |
-pkg_pretend() { |
2369 |
- if use internal-tls; then |
2370 |
- if use libressl; then |
2371 |
- elog "libressl flag takes precedence over internal-tls" |
2372 |
- else |
2373 |
- ewarn "internal-tls implementation is experimental and provides fewer features" |
2374 |
- fi |
2375 |
- fi |
2376 |
-} |
2377 |
- |
2378 |
-src_unpack() { |
2379 |
- # Override default one because we need the SRC_URI ones even in case of 9999 ebuilds |
2380 |
- default |
2381 |
- if [[ ${PV} == 9999 ]] ; then |
2382 |
- git-r3_src_unpack |
2383 |
- fi |
2384 |
-} |
2385 |
- |
2386 |
-src_prepare() { |
2387 |
- # Allow users to apply patches to src/drivers for example, |
2388 |
- # i.e. anything outside ${S}/${PN} |
2389 |
- pushd ../ >/dev/null || die |
2390 |
- default |
2391 |
- popd >/dev/null || die |
2392 |
- |
2393 |
- sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ |
2394 |
- "${S}/hostapd.conf" || die |
2395 |
-} |
2396 |
- |
2397 |
-src_configure() { |
2398 |
- local CONFIG="${S}/.config" |
2399 |
- |
2400 |
- restore_config "${CONFIG}" |
2401 |
- if [[ -f "${CONFIG}" ]]; then |
2402 |
- default_src_configure |
2403 |
- return 0 |
2404 |
- fi |
2405 |
- |
2406 |
- # toolchain setup |
2407 |
- echo "CC = $(tc-getCC)" > ${CONFIG} |
2408 |
- |
2409 |
- # EAP authentication methods |
2410 |
- echo "CONFIG_EAP=y" >> ${CONFIG} |
2411 |
- echo "CONFIG_ERP=y" >> ${CONFIG} |
2412 |
- echo "CONFIG_EAP_MD5=y" >> ${CONFIG} |
2413 |
- |
2414 |
- if use internal-tls && ! use libressl; then |
2415 |
- echo "CONFIG_TLS=internal" >> ${CONFIG} |
2416 |
- else |
2417 |
- # SSL authentication methods |
2418 |
- echo "CONFIG_EAP_FAST=y" >> ${CONFIG} |
2419 |
- echo "CONFIG_EAP_TLS=y" >> ${CONFIG} |
2420 |
- echo "CONFIG_EAP_TTLS=y" >> ${CONFIG} |
2421 |
- echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG} |
2422 |
- echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} |
2423 |
- echo "CONFIG_TLSV11=y" >> ${CONFIG} |
2424 |
- echo "CONFIG_TLSV12=y" >> ${CONFIG} |
2425 |
- echo "CONFIG_EAP_PWD=y" >> ${CONFIG} |
2426 |
- fi |
2427 |
- |
2428 |
- if use wps; then |
2429 |
- # Enable Wi-Fi Protected Setup |
2430 |
- echo "CONFIG_WPS=y" >> ${CONFIG} |
2431 |
- echo "CONFIG_WPS2=y" >> ${CONFIG} |
2432 |
- echo "CONFIG_WPS_UPNP=y" >> ${CONFIG} |
2433 |
- echo "CONFIG_WPS_NFC=y" >> ${CONFIG} |
2434 |
- einfo "Enabling Wi-Fi Protected Setup support" |
2435 |
- fi |
2436 |
- |
2437 |
- echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG} |
2438 |
- echo "CONFIG_EAP_TNC=y" >> ${CONFIG} |
2439 |
- echo "CONFIG_EAP_GTC=y" >> ${CONFIG} |
2440 |
- echo "CONFIG_EAP_SIM=y" >> ${CONFIG} |
2441 |
- echo "CONFIG_EAP_AKA=y" >> ${CONFIG} |
2442 |
- echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG} |
2443 |
- echo "CONFIG_EAP_EKE=y" >> ${CONFIG} |
2444 |
- echo "CONFIG_EAP_PAX=y" >> ${CONFIG} |
2445 |
- echo "CONFIG_EAP_PSK=y" >> ${CONFIG} |
2446 |
- echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} |
2447 |
- echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} |
2448 |
- echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} |
2449 |
- |
2450 |
- einfo "Enabling drivers: " |
2451 |
- |
2452 |
- # drivers |
2453 |
- echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG} |
2454 |
- einfo " HostAP driver enabled" |
2455 |
- echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG} |
2456 |
- einfo " Wired driver enabled" |
2457 |
- echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG} |
2458 |
- einfo " None driver enabled" |
2459 |
- |
2460 |
- einfo " nl80211 driver enabled" |
2461 |
- echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG} |
2462 |
- |
2463 |
- # epoll |
2464 |
- echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG} |
2465 |
- |
2466 |
- # misc |
2467 |
- echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG} |
2468 |
- echo "CONFIG_PKCS12=y" >> ${CONFIG} |
2469 |
- echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG} |
2470 |
- echo "CONFIG_IAPP=y" >> ${CONFIG} |
2471 |
- echo "CONFIG_IEEE80211R=y" >> ${CONFIG} |
2472 |
- echo "CONFIG_IEEE80211W=y" >> ${CONFIG} |
2473 |
- echo "CONFIG_IEEE80211N=y" >> ${CONFIG} |
2474 |
- echo "CONFIG_IEEE80211AC=y" >> ${CONFIG} |
2475 |
- echo "CONFIG_PEERKEY=y" >> ${CONFIG} |
2476 |
- echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG} |
2477 |
- echo "CONFIG_INTERWORKING=y" >> ${CONFIG} |
2478 |
- echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG} |
2479 |
- echo "CONFIG_HS20=y" >> ${CONFIG} |
2480 |
- echo "CONFIG_WNM=y" >> ${CONFIG} |
2481 |
- echo "CONFIG_FST=y" >> ${CONFIG} |
2482 |
- echo "CONFIG_FST_TEST=y" >> ${CONFIG} |
2483 |
- echo "CONFIG_ACS=y" >> ${CONFIG} |
2484 |
- |
2485 |
- if use netlink; then |
2486 |
- # Netlink support |
2487 |
- echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG} |
2488 |
- fi |
2489 |
- |
2490 |
- if use ipv6; then |
2491 |
- # IPv6 support |
2492 |
- echo "CONFIG_IPV6=y" >> ${CONFIG} |
2493 |
- fi |
2494 |
- |
2495 |
- if use sqlite; then |
2496 |
- # Sqlite support |
2497 |
- echo "CONFIG_SQLITE=y" >> ${CONFIG} |
2498 |
- fi |
2499 |
- |
2500 |
- # If we are using libnl 2.0 and above, enable support for it |
2501 |
- # Removed for now, since the 3.2 version is broken, and we don't |
2502 |
- # support it. |
2503 |
- if has_version ">=dev-libs/libnl-3.2"; then |
2504 |
- echo "CONFIG_LIBNL32=y" >> .config |
2505 |
- fi |
2506 |
- |
2507 |
- # TODO: Add support for BSD drivers |
2508 |
- |
2509 |
- default_src_configure |
2510 |
-} |
2511 |
- |
2512 |
-src_compile() { |
2513 |
- emake V=1 |
2514 |
- |
2515 |
- if use libressl || ! use internal-tls; then |
2516 |
- emake V=1 nt_password_hash |
2517 |
- emake V=1 hlr_auc_gw |
2518 |
- fi |
2519 |
-} |
2520 |
- |
2521 |
-src_install() { |
2522 |
- insinto /etc/${PN} |
2523 |
- doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk} |
2524 |
- |
2525 |
- fperms -R 600 /etc/${PN} |
2526 |
- |
2527 |
- dosbin ${PN} |
2528 |
- dobin ${PN}_cli |
2529 |
- |
2530 |
- if use libressl || ! use internal-tls; then |
2531 |
- dobin nt_password_hash hlr_auc_gw |
2532 |
- fi |
2533 |
- |
2534 |
- newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN} |
2535 |
- newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN} |
2536 |
- systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service |
2537 |
- |
2538 |
- doman ${PN}{.8,_cli.1} |
2539 |
- |
2540 |
- dodoc ChangeLog README |
2541 |
- use wps && dodoc README-WPS |
2542 |
- |
2543 |
- docinto examples |
2544 |
- dodoc wired.conf |
2545 |
- |
2546 |
- if use logwatch; then |
2547 |
- insinto /etc/log.d/conf/services/ |
2548 |
- doins logwatch/${PN}.conf |
2549 |
- |
2550 |
- exeinto /etc/log.d/scripts/services/ |
2551 |
- doexe logwatch/${PN} |
2552 |
- fi |
2553 |
- |
2554 |
- save_config .config |
2555 |
-} |
2556 |
- |
2557 |
-pkg_postinst() { |
2558 |
- einfo |
2559 |
- einfo "If you are running openRC you need to follow this instructions:" |
2560 |
- einfo "In order to use ${PN} you need to set up your wireless card" |
2561 |
- einfo "for master mode in /etc/conf.d/net and then start" |
2562 |
- einfo "/etc/init.d/${PN}." |
2563 |
- einfo |
2564 |
- einfo "Example configuration:" |
2565 |
- einfo |
2566 |
- einfo "config_wlan0=( \"192.168.1.1/24\" )" |
2567 |
- einfo "channel_wlan0=\"6\"" |
2568 |
- einfo "essid_wlan0=\"test\"" |
2569 |
- einfo "mode_wlan0=\"master\"" |
2570 |
- einfo |
2571 |
- #if [ -e "${KV_DIR}"/net/mac80211 ]; then |
2572 |
- # einfo "This package now compiles against the headers installed by" |
2573 |
- # einfo "the kernel source for the mac80211 driver. You should " |
2574 |
- # einfo "re-emerge ${PN} after upgrading your kernel source." |
2575 |
- #fi |
2576 |
- |
2577 |
- if use wps; then |
2578 |
- einfo "You have enabled Wi-Fi Protected Setup support, please" |
2579 |
- einfo "read the README-WPS file in /usr/share/doc/${P}" |
2580 |
- einfo "for info on how to use WPS" |
2581 |
- fi |
2582 |
-} |
2583 |
|
2584 |
diff --git a/net-wireless/hostapd/hostapd-2.7.ebuild b/net-wireless/hostapd/hostapd-2.7.ebuild |
2585 |
deleted file mode 100644 |
2586 |
index 6e23c9c8295..00000000000 |
2587 |
--- a/net-wireless/hostapd/hostapd-2.7.ebuild |
2588 |
+++ /dev/null |
2589 |
@@ -1,262 +0,0 @@ |
2590 |
-# Copyright 1999-2018 Gentoo Authors |
2591 |
-# Distributed under the terms of the GNU General Public License v2 |
2592 |
- |
2593 |
-EAPI="6" |
2594 |
- |
2595 |
-inherit toolchain-funcs eutils systemd savedconfig |
2596 |
- |
2597 |
-DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon" |
2598 |
-HOMEPAGE="http://w1.fi" |
2599 |
-EXTRAS_VER="2.6-r5" |
2600 |
-EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras" |
2601 |
-SRC_URI="https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz" |
2602 |
- |
2603 |
-if [[ $PV == 9999 ]]; then |
2604 |
- inherit git-r3 |
2605 |
- EGIT_REPO_URI="https://w1.fi/hostap.git" |
2606 |
-else |
2607 |
- if [[ $PV =~ ^.*_p[0-9]{8}$ ]]; then |
2608 |
- SRC_URI+=" https://dev.gentoo.org/~andrey_utkin/distfiles/${P}.tar.xz" |
2609 |
- else |
2610 |
- SRC_URI+=" https://w1.fi/releases/${P}.tar.gz" |
2611 |
- fi |
2612 |
- # Never stabilize snapshot ebuilds please |
2613 |
- KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" |
2614 |
-fi |
2615 |
- |
2616 |
-LICENSE="BSD" |
2617 |
-SLOT="0" |
2618 |
-IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda" |
2619 |
- |
2620 |
-DEPEND=" |
2621 |
- libressl? ( dev-libs/libressl:0= ) |
2622 |
- !libressl? ( |
2623 |
- internal-tls? ( dev-libs/libtommath ) |
2624 |
- !internal-tls? ( dev-libs/openssl:0=[-bindist] ) |
2625 |
- ) |
2626 |
- kernel_linux? ( |
2627 |
- dev-libs/libnl:3 |
2628 |
- crda? ( net-wireless/crda ) |
2629 |
- ) |
2630 |
- netlink? ( net-libs/libnfnetlink ) |
2631 |
- sqlite? ( >=dev-db/sqlite-3 )" |
2632 |
- |
2633 |
-RDEPEND="${DEPEND}" |
2634 |
- |
2635 |
-S="${S}/${PN}" |
2636 |
- |
2637 |
-pkg_pretend() { |
2638 |
- if use internal-tls; then |
2639 |
- if use libressl; then |
2640 |
- elog "libressl flag takes precedence over internal-tls" |
2641 |
- else |
2642 |
- ewarn "internal-tls implementation is experimental and provides fewer features" |
2643 |
- fi |
2644 |
- fi |
2645 |
-} |
2646 |
- |
2647 |
-src_unpack() { |
2648 |
- # Override default one because we need the SRC_URI ones even in case of 9999 ebuilds |
2649 |
- default |
2650 |
- if [[ ${PV} == 9999 ]] ; then |
2651 |
- git-r3_src_unpack |
2652 |
- fi |
2653 |
-} |
2654 |
- |
2655 |
-src_prepare() { |
2656 |
- # Allow users to apply patches to src/drivers for example, |
2657 |
- # i.e. anything outside ${S}/${PN} |
2658 |
- pushd ../ >/dev/null || die |
2659 |
- default |
2660 |
- popd >/dev/null || die |
2661 |
- |
2662 |
- sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ |
2663 |
- "${S}/hostapd.conf" || die |
2664 |
-} |
2665 |
- |
2666 |
-src_configure() { |
2667 |
- local CONFIG="${S}/.config" |
2668 |
- |
2669 |
- restore_config "${CONFIG}" |
2670 |
- if [[ -f "${CONFIG}" ]]; then |
2671 |
- default_src_configure |
2672 |
- return 0 |
2673 |
- fi |
2674 |
- |
2675 |
- # toolchain setup |
2676 |
- echo "CC = $(tc-getCC)" > ${CONFIG} |
2677 |
- |
2678 |
- # EAP authentication methods |
2679 |
- echo "CONFIG_EAP=y" >> ${CONFIG} |
2680 |
- echo "CONFIG_ERP=y" >> ${CONFIG} |
2681 |
- echo "CONFIG_EAP_MD5=y" >> ${CONFIG} |
2682 |
- |
2683 |
- if use internal-tls && ! use libressl; then |
2684 |
- echo "CONFIG_TLS=internal" >> ${CONFIG} |
2685 |
- else |
2686 |
- # SSL authentication methods |
2687 |
- echo "CONFIG_EAP_FAST=y" >> ${CONFIG} |
2688 |
- echo "CONFIG_EAP_TLS=y" >> ${CONFIG} |
2689 |
- echo "CONFIG_EAP_TTLS=y" >> ${CONFIG} |
2690 |
- echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG} |
2691 |
- echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} |
2692 |
- echo "CONFIG_TLSV11=y" >> ${CONFIG} |
2693 |
- echo "CONFIG_TLSV12=y" >> ${CONFIG} |
2694 |
- echo "CONFIG_EAP_PWD=y" >> ${CONFIG} |
2695 |
- fi |
2696 |
- |
2697 |
- if use wps; then |
2698 |
- # Enable Wi-Fi Protected Setup |
2699 |
- echo "CONFIG_WPS=y" >> ${CONFIG} |
2700 |
- echo "CONFIG_WPS2=y" >> ${CONFIG} |
2701 |
- echo "CONFIG_WPS_UPNP=y" >> ${CONFIG} |
2702 |
- echo "CONFIG_WPS_NFC=y" >> ${CONFIG} |
2703 |
- einfo "Enabling Wi-Fi Protected Setup support" |
2704 |
- fi |
2705 |
- |
2706 |
- echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG} |
2707 |
- echo "CONFIG_EAP_TNC=y" >> ${CONFIG} |
2708 |
- echo "CONFIG_EAP_GTC=y" >> ${CONFIG} |
2709 |
- echo "CONFIG_EAP_SIM=y" >> ${CONFIG} |
2710 |
- echo "CONFIG_EAP_AKA=y" >> ${CONFIG} |
2711 |
- echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG} |
2712 |
- echo "CONFIG_EAP_EKE=y" >> ${CONFIG} |
2713 |
- echo "CONFIG_EAP_PAX=y" >> ${CONFIG} |
2714 |
- echo "CONFIG_EAP_PSK=y" >> ${CONFIG} |
2715 |
- echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} |
2716 |
- echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} |
2717 |
- echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} |
2718 |
- |
2719 |
- einfo "Enabling drivers: " |
2720 |
- |
2721 |
- # drivers |
2722 |
- echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG} |
2723 |
- einfo " HostAP driver enabled" |
2724 |
- echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG} |
2725 |
- einfo " Wired driver enabled" |
2726 |
- echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG} |
2727 |
- einfo " None driver enabled" |
2728 |
- |
2729 |
- einfo " nl80211 driver enabled" |
2730 |
- echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG} |
2731 |
- |
2732 |
- # epoll |
2733 |
- echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG} |
2734 |
- |
2735 |
- # misc |
2736 |
- echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG} |
2737 |
- echo "CONFIG_PKCS12=y" >> ${CONFIG} |
2738 |
- echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG} |
2739 |
- echo "CONFIG_IAPP=y" >> ${CONFIG} |
2740 |
- echo "CONFIG_IEEE80211R=y" >> ${CONFIG} |
2741 |
- echo "CONFIG_IEEE80211W=y" >> ${CONFIG} |
2742 |
- echo "CONFIG_IEEE80211N=y" >> ${CONFIG} |
2743 |
- echo "CONFIG_IEEE80211AC=y" >> ${CONFIG} |
2744 |
- echo "CONFIG_PEERKEY=y" >> ${CONFIG} |
2745 |
- echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG} |
2746 |
- echo "CONFIG_INTERWORKING=y" >> ${CONFIG} |
2747 |
- echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG} |
2748 |
- echo "CONFIG_HS20=y" >> ${CONFIG} |
2749 |
- echo "CONFIG_WNM=y" >> ${CONFIG} |
2750 |
- echo "CONFIG_FST=y" >> ${CONFIG} |
2751 |
- echo "CONFIG_FST_TEST=y" >> ${CONFIG} |
2752 |
- echo "CONFIG_ACS=y" >> ${CONFIG} |
2753 |
- |
2754 |
- if use netlink; then |
2755 |
- # Netlink support |
2756 |
- echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG} |
2757 |
- fi |
2758 |
- |
2759 |
- if use ipv6; then |
2760 |
- # IPv6 support |
2761 |
- echo "CONFIG_IPV6=y" >> ${CONFIG} |
2762 |
- fi |
2763 |
- |
2764 |
- if use sqlite; then |
2765 |
- # Sqlite support |
2766 |
- echo "CONFIG_SQLITE=y" >> ${CONFIG} |
2767 |
- fi |
2768 |
- |
2769 |
- # If we are using libnl 2.0 and above, enable support for it |
2770 |
- # Removed for now, since the 3.2 version is broken, and we don't |
2771 |
- # support it. |
2772 |
- if has_version ">=dev-libs/libnl-3.2"; then |
2773 |
- echo "CONFIG_LIBNL32=y" >> .config |
2774 |
- fi |
2775 |
- |
2776 |
- # TODO: Add support for BSD drivers |
2777 |
- |
2778 |
- default_src_configure |
2779 |
-} |
2780 |
- |
2781 |
-src_compile() { |
2782 |
- emake V=1 |
2783 |
- |
2784 |
- if use libressl || ! use internal-tls; then |
2785 |
- emake V=1 nt_password_hash |
2786 |
- emake V=1 hlr_auc_gw |
2787 |
- fi |
2788 |
-} |
2789 |
- |
2790 |
-src_install() { |
2791 |
- insinto /etc/${PN} |
2792 |
- doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk} |
2793 |
- |
2794 |
- fperms -R 600 /etc/${PN} |
2795 |
- |
2796 |
- dosbin ${PN} |
2797 |
- dobin ${PN}_cli |
2798 |
- |
2799 |
- if use libressl || ! use internal-tls; then |
2800 |
- dobin nt_password_hash hlr_auc_gw |
2801 |
- fi |
2802 |
- |
2803 |
- newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN} |
2804 |
- newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN} |
2805 |
- systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service |
2806 |
- |
2807 |
- doman ${PN}{.8,_cli.1} |
2808 |
- |
2809 |
- dodoc ChangeLog README |
2810 |
- use wps && dodoc README-WPS |
2811 |
- |
2812 |
- docinto examples |
2813 |
- dodoc wired.conf |
2814 |
- |
2815 |
- if use logwatch; then |
2816 |
- insinto /etc/log.d/conf/services/ |
2817 |
- doins logwatch/${PN}.conf |
2818 |
- |
2819 |
- exeinto /etc/log.d/scripts/services/ |
2820 |
- doexe logwatch/${PN} |
2821 |
- fi |
2822 |
- |
2823 |
- save_config .config |
2824 |
-} |
2825 |
- |
2826 |
-pkg_postinst() { |
2827 |
- einfo |
2828 |
- einfo "If you are running openRC you need to follow this instructions:" |
2829 |
- einfo "In order to use ${PN} you need to set up your wireless card" |
2830 |
- einfo "for master mode in /etc/conf.d/net and then start" |
2831 |
- einfo "/etc/init.d/${PN}." |
2832 |
- einfo |
2833 |
- einfo "Example configuration:" |
2834 |
- einfo |
2835 |
- einfo "config_wlan0=( \"192.168.1.1/24\" )" |
2836 |
- einfo "channel_wlan0=\"6\"" |
2837 |
- einfo "essid_wlan0=\"test\"" |
2838 |
- einfo "mode_wlan0=\"master\"" |
2839 |
- einfo |
2840 |
- #if [ -e "${KV_DIR}"/net/mac80211 ]; then |
2841 |
- # einfo "This package now compiles against the headers installed by" |
2842 |
- # einfo "the kernel source for the mac80211 driver. You should " |
2843 |
- # einfo "re-emerge ${PN} after upgrading your kernel source." |
2844 |
- #fi |
2845 |
- |
2846 |
- if use wps; then |
2847 |
- einfo "You have enabled Wi-Fi Protected Setup support, please" |
2848 |
- einfo "read the README-WPS file in /usr/share/doc/${P}" |
2849 |
- einfo "for info on how to use WPS" |
2850 |
- fi |
2851 |
-} |