Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Andrey Utkin <andrey_utkin@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-wireless/hostapd/files/2017-1/, net-wireless/hostapd/, ...
Date: Mon, 08 Apr 2019 18:22:23
Message-Id: 1554747707.d29ac500f4bcced9c6cdf6ab71ef58552e598f95.andrey_utkin@gentoo
1 commit: d29ac500f4bcced9c6cdf6ab71ef58552e598f95
2 Author: Andrey Utkin <andrey_utkin <AT> gentoo <DOT> org>
3 AuthorDate: Mon Apr 8 18:15:35 2019 +0000
4 Commit: Andrey Utkin <andrey_utkin <AT> gentoo <DOT> org>
5 CommitDate: Mon Apr 8 18:21:47 2019 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d29ac500
7
8 net-wireless/hostapd: drop old versions
9
10 Note: what was in files/, is now obtained from "extras" distfile to
11 satisfy the QA policy about FILESDIR size limits.
12
13 Package-Manager: Portage-2.3.62, Repoman-2.3.12
14 Signed-off-by: Andrey Utkin <andrey_utkin <AT> gentoo.org>
15
16 net-wireless/hostapd/Manifest | 5 -
17 ...-Avoid-key-reinstallation-in-FT-handshake.patch | 174 --------------
18 ...nstallation-of-an-already-in-use-group-ke.patch | 250 -------------------
19 ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 184 --------------
20 ...04-Prevent-installation-of-an-all-zero-TK.patch | 79 ------
21 ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 64 -----
22 ...6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch | 132 ----------
23 ...llow-multiple-Reassociation-Response-fram.patch | 82 -------
24 .../files/hostapd-2.6-libressl-compatibility.patch | 106 --------
25 net-wireless/hostapd/files/hostapd-conf.d | 9 -
26 net-wireless/hostapd/files/hostapd-init.d | 38 ---
27 net-wireless/hostapd/files/hostapd.service | 9 -
28 net-wireless/hostapd/hostapd-2.6-r4.ebuild | 253 --------------------
29 net-wireless/hostapd/hostapd-2.6-r5.ebuild | 256 --------------------
30 net-wireless/hostapd/hostapd-2.6-r6.ebuild | 259 --------------------
31 net-wireless/hostapd/hostapd-2.6_p20180822.ebuild | 262 --------------------
32 net-wireless/hostapd/hostapd-2.7-r1.ebuild | 266 ---------------------
33 net-wireless/hostapd/hostapd-2.7.ebuild | 262 --------------------
34 18 files changed, 2690 deletions(-)
35
36 diff --git a/net-wireless/hostapd/Manifest b/net-wireless/hostapd/Manifest
37 index 428bfc3a277..f18f59bcb9b 100644
38 --- a/net-wireless/hostapd/Manifest
39 +++ b/net-wireless/hostapd/Manifest
40 @@ -1,7 +1,2 @@
41 -DIST hostapd-2.6.tar.gz 1822341 BLAKE2B c0075ffcdb11237e11410d87329a7a71aae5e00481022e02faf03771d45a61410ff906ebffdeea03fdeab751ce85e5a5e191173883ee9f1c284e6bc00342a011 SHA512 e60baaa092786250b8de9935f5417c7626f5d749210cce9f83d776b65c19fc92a8141f41923389f05c16295d482a15ae8d8b744f4667425040c99e3c2f5b1bda
42 -DIST hostapd-2.6_p20180822.tar.xz 2912628 BLAKE2B df102e2ee8fbfaf83050264fcd0374fee3a249db0bacff1b60a23d8fae4a4db7f42f2741b435112c0d94ffa1482ff08708e94b760de340bee2f341e52b8eb15a SHA512 c05edc48992edb617067bb258658210edebc6e72889af8d14e4ee5e0a2d79327798b4eb6985fd076da53973bbf965bff631afe1e1a048898433670783908f2ff
43 DIST hostapd-2.7.tar.gz 2101166 BLAKE2B 4e88b7f0d2c57a02edf4214bb35efa08e87a2cbdac4eda9934a40b09f8c046da6cca1250fe5714cb403eb81739bd99e04ea5a9fad62e47bcee4d72106170905d SHA512 1c9a210dfffb951fb667be19aa44ad8c66dccd2aed26cdab939185923550e3c1998a678ebe6975e560e1b3385bff2098f1b2cb773452ba66fb35246fdd3eb2c1
44 -DIST net-wireless_hostapd_2.6-r5_extras.tar.xz 10648 BLAKE2B fef02c9fbc9b6bce662f7d569a56450371bc1e9c5cd34a7cf4fc0220bb8239214604806f3edfde87fd45c7cf07bab9cf16a6c215c1bfa3161ba4361e4b295981 SHA512 cf818854e7af6562a163b5a61d63f4fa1284905f5803abe4ef97a6743b74ce2d28c818aa462d843448146226b9c5c9578b6c69ffad2d4fb8a62777cd5d353e70
45 -DIST net-wireless_hostapd_2.6-r6_extras.tar.xz 11156 BLAKE2B 62205070d4dd081d4149616f1abb4f84105c77433464dc9fea41a3fa9f58cc09af99b4e6618657777e77759d33e38c8a5647537c0098e772f032a368b82be709 SHA512 c21155e16ef931e431cca54c0f83567915b511d7abe42a5b4a4475d40eda3616eb017f0a669fd7326bc4f410f9a8e174fb8e0619cb32631ab1ca22e6fad2c612
46 -DIST net-wireless_hostapd_2.7-r1_extras.tar.xz 1792 BLAKE2B 865d0170743432bf47bf3912316ae817bfea87ffa98df9cee77c0c366ffd2673d51b2d4e7b30339b3ad7abdcaa3addf9cd7ad9db51925ae8809d31888ec02445 SHA512 abea295f0b46b03ee829a3cecf1e89f1678f5bf326ad185d939f23e69e440544860ebafedc1b5b1a3b57c73709b6bb7bf45c4a45f9d58f8adeb7424946f34841
47 DIST net-wireless_hostapd_2.7-r2_extras.tar.xz 1820 BLAKE2B 5c4daf0e4fcf5ae0803cdbe2aabcc75e89b1e92048e8a01894d73639a16b049174b37eca6b6206c337a2874a6e6d5588d50fa5b8a4813e7f6c22bf02efca852f SHA512 65bc4634c8314280ceab44d1f5d6d62092f4bca48253f107b076211020f6f6502388490aee907f9910846a25ba2da7e4122bdb1873eb2b12bf94e867e3295f4c
48
49 diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
50 deleted file mode 100644
51 index 727684865db..00000000000
52 --- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
53 +++ /dev/null
54 @@ -1,174 +0,0 @@
55 -From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
56 -From: Mathy Vanhoef <Mathy.Vanhoef@×××××××××××.be>
57 -Date: Fri, 14 Jul 2017 15:15:35 +0200
58 -Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
59 -
60 -Do not reinstall TK to the driver during Reassociation Response frame
61 -processing if the first attempt of setting the TK succeeded. This avoids
62 -issues related to clearing the TX/RX PN that could result in reusing
63 -same PN values for transmitted frames (e.g., due to CCM nonce reuse and
64 -also hitting replay protection on the receiver) and accepting replayed
65 -frames on RX side.
66 -
67 -This issue was introduced by the commit
68 -0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
69 -authenticator') which allowed wpa_ft_install_ptk() to be called multiple
70 -times with the same PTK. While the second configuration attempt is
71 -needed with some drivers, it must be done only if the first attempt
72 -failed.
73 -
74 -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@×××××××××××.be>
75 ----
76 - src/ap/ieee802_11.c | 16 +++++++++++++---
77 - src/ap/wpa_auth.c | 11 +++++++++++
78 - src/ap/wpa_auth.h | 3 ++-
79 - src/ap/wpa_auth_ft.c | 10 ++++++++++
80 - src/ap/wpa_auth_i.h | 1 +
81 - 5 files changed, 37 insertions(+), 4 deletions(-)
82 -
83 -diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
84 -index 4e04169..333035f 100644
85 ---- a/src/ap/ieee802_11.c
86 -+++ b/src/ap/ieee802_11.c
87 -@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
88 - {
89 - struct ieee80211_ht_capabilities ht_cap;
90 - struct ieee80211_vht_capabilities vht_cap;
91 -+ int set = 1;
92 -
93 - /*
94 - * Remove the STA entry to ensure the STA PS state gets cleared and
95 -@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
96 - * FT-over-the-DS, where a station re-associates back to the same AP but
97 - * skips the authentication flow, or if working with a driver that
98 - * does not support full AP client state.
99 -+ *
100 -+ * Skip this if the STA has already completed FT reassociation and the
101 -+ * TK has been configured since the TX/RX PN must not be reset to 0 for
102 -+ * the same key.
103 - */
104 -- if (!sta->added_unassoc)
105 -+ if (!sta->added_unassoc &&
106 -+ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
107 -+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
108 - hostapd_drv_sta_remove(hapd, sta->addr);
109 -+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
110 -+ set = 0;
111 -+ }
112 -
113 - #ifdef CONFIG_IEEE80211N
114 - if (sta->flags & WLAN_STA_HT)
115 -@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
116 - sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
117 - sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
118 - sta->vht_opmode, sta->p2p_ie ? 1 : 0,
119 -- sta->added_unassoc)) {
120 -+ set)) {
121 - hostapd_logger(hapd, sta->addr,
122 - HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
123 - "Could not %s STA to kernel driver",
124 -- sta->added_unassoc ? "set" : "add");
125 -+ set ? "set" : "add");
126 -
127 - if (sta->added_unassoc) {
128 - hostapd_drv_sta_remove(hapd, sta->addr);
129 -diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
130 -index 3587086..707971d 100644
131 ---- a/src/ap/wpa_auth.c
132 -+++ b/src/ap/wpa_auth.c
133 -@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
134 - #else /* CONFIG_IEEE80211R */
135 - break;
136 - #endif /* CONFIG_IEEE80211R */
137 -+ case WPA_DRV_STA_REMOVED:
138 -+ sm->tk_already_set = FALSE;
139 -+ return 0;
140 - }
141 -
142 - #ifdef CONFIG_IEEE80211R
143 -@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
144 - }
145 -
146 -
147 -+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
148 -+{
149 -+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
150 -+ return 0;
151 -+ return sm->tk_already_set;
152 -+}
153 -+
154 -+
155 - int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
156 - struct rsn_pmksa_cache_entry *entry)
157 - {
158 -diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
159 -index 0de8d97..97461b0 100644
160 ---- a/src/ap/wpa_auth.h
161 -+++ b/src/ap/wpa_auth.h
162 -@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
163 - u8 *data, size_t data_len);
164 - enum wpa_event {
165 - WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
166 -- WPA_REAUTH_EAPOL, WPA_ASSOC_FT
167 -+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
168 - };
169 - void wpa_remove_ptk(struct wpa_state_machine *sm);
170 - int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
171 -@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
172 - int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
173 - int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
174 - int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
175 -+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
176 - int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
177 - struct rsn_pmksa_cache_entry *entry);
178 - struct rsn_pmksa_cache_entry *
179 -diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
180 -index 42242a5..e63b99a 100644
181 ---- a/src/ap/wpa_auth_ft.c
182 -+++ b/src/ap/wpa_auth_ft.c
183 -@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
184 - return;
185 - }
186 -
187 -+ if (sm->tk_already_set) {
188 -+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
189 -+ * PN in the driver */
190 -+ wpa_printf(MSG_DEBUG,
191 -+ "FT: Do not re-install same PTK to the driver");
192 -+ return;
193 -+ }
194 -+
195 - /* FIX: add STA entry to kernel/driver here? The set_key will fail
196 - * most likely without this.. At the moment, STA entry is added only
197 - * after association has been completed. This function will be called
198 -@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
199 -
200 - /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
201 - sm->pairwise_set = TRUE;
202 -+ sm->tk_already_set = TRUE;
203 - }
204 -
205 -
206 -@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
207 -
208 - sm->pairwise = pairwise;
209 - sm->PTK_valid = TRUE;
210 -+ sm->tk_already_set = FALSE;
211 - wpa_ft_install_ptk(sm);
212 -
213 - buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
214 -diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
215 -index 72b7eb3..7fd8f05 100644
216 ---- a/src/ap/wpa_auth_i.h
217 -+++ b/src/ap/wpa_auth_i.h
218 -@@ -65,6 +65,7 @@ struct wpa_state_machine {
219 - struct wpa_ptk PTK;
220 - Boolean PTK_valid;
221 - Boolean pairwise_set;
222 -+ Boolean tk_already_set;
223 - int keycount;
224 - Boolean Pair;
225 - struct wpa_key_replay_counter {
226 ---
227 -2.7.4
228 -
229
230 diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
231 deleted file mode 100644
232 index 1802d664add..00000000000
233 --- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
234 +++ /dev/null
235 @@ -1,250 +0,0 @@
236 -From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001
237 -From: Mathy Vanhoef <Mathy.Vanhoef@×××××××××××.be>
238 -Date: Wed, 12 Jul 2017 16:03:24 +0200
239 -Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
240 -
241 -Track the current GTK and IGTK that is in use and when receiving a
242 -(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
243 -not install the given key if it is already in use. This prevents an
244 -attacker from trying to trick the client into resetting or lowering the
245 -sequence counter associated to the group key.
246 -
247 -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@×××××××××××.be>
248 ----
249 - src/common/wpa_common.h | 11 +++++
250 - src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------
251 - src/rsn_supp/wpa_i.h | 4 ++
252 - 3 files changed, 87 insertions(+), 44 deletions(-)
253 -
254 -diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
255 -index af1d0f0..d200285 100644
256 ---- a/src/common/wpa_common.h
257 -+++ b/src/common/wpa_common.h
258 -@@ -217,6 +217,17 @@ struct wpa_ptk {
259 - size_t tk_len;
260 - };
261 -
262 -+struct wpa_gtk {
263 -+ u8 gtk[WPA_GTK_MAX_LEN];
264 -+ size_t gtk_len;
265 -+};
266 -+
267 -+#ifdef CONFIG_IEEE80211W
268 -+struct wpa_igtk {
269 -+ u8 igtk[WPA_IGTK_MAX_LEN];
270 -+ size_t igtk_len;
271 -+};
272 -+#endif /* CONFIG_IEEE80211W */
273 -
274 - /* WPA IE version 1
275 - * 00-50-f2:1 (OUI:OUI type)
276 -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
277 -index 3c47879..95bd7be 100644
278 ---- a/src/rsn_supp/wpa.c
279 -+++ b/src/rsn_supp/wpa.c
280 -@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
281 - const u8 *_gtk = gd->gtk;
282 - u8 gtk_buf[32];
283 -
284 -+ /* Detect possible key reinstallation */
285 -+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
286 -+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
287 -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
288 -+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
289 -+ gd->keyidx, gd->tx, gd->gtk_len);
290 -+ return 0;
291 -+ }
292 -+
293 - wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
294 - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
295 - "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
296 -@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
297 - }
298 - os_memset(gtk_buf, 0, sizeof(gtk_buf));
299 -
300 -+ sm->gtk.gtk_len = gd->gtk_len;
301 -+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
302 -+
303 - return 0;
304 - }
305 -
306 -@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
307 - }
308 -
309 -
310 -+#ifdef CONFIG_IEEE80211W
311 -+static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
312 -+ const struct wpa_igtk_kde *igtk)
313 -+{
314 -+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
315 -+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
316 -+
317 -+ /* Detect possible key reinstallation */
318 -+ if (sm->igtk.igtk_len == len &&
319 -+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
320 -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
321 -+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
322 -+ keyidx);
323 -+ return 0;
324 -+ }
325 -+
326 -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
327 -+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
328 -+ keyidx, MAC2STR(igtk->pn));
329 -+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
330 -+ if (keyidx > 4095) {
331 -+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
332 -+ "WPA: Invalid IGTK KeyID %d", keyidx);
333 -+ return -1;
334 -+ }
335 -+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
336 -+ broadcast_ether_addr,
337 -+ keyidx, 0, igtk->pn, sizeof(igtk->pn),
338 -+ igtk->igtk, len) < 0) {
339 -+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
340 -+ "WPA: Failed to configure IGTK to the driver");
341 -+ return -1;
342 -+ }
343 -+
344 -+ sm->igtk.igtk_len = len;
345 -+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
346 -+
347 -+ return 0;
348 -+}
349 -+#endif /* CONFIG_IEEE80211W */
350 -+
351 -+
352 - static int ieee80211w_set_keys(struct wpa_sm *sm,
353 - struct wpa_eapol_ie_parse *ie)
354 - {
355 -@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
356 - if (ie->igtk) {
357 - size_t len;
358 - const struct wpa_igtk_kde *igtk;
359 -- u16 keyidx;
360 -+
361 - len = wpa_cipher_key_len(sm->mgmt_group_cipher);
362 - if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
363 - return -1;
364 -+
365 - igtk = (const struct wpa_igtk_kde *) ie->igtk;
366 -- keyidx = WPA_GET_LE16(igtk->keyid);
367 -- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
368 -- "pn %02x%02x%02x%02x%02x%02x",
369 -- keyidx, MAC2STR(igtk->pn));
370 -- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
371 -- igtk->igtk, len);
372 -- if (keyidx > 4095) {
373 -- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
374 -- "WPA: Invalid IGTK KeyID %d", keyidx);
375 -- return -1;
376 -- }
377 -- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
378 -- broadcast_ether_addr,
379 -- keyidx, 0, igtk->pn, sizeof(igtk->pn),
380 -- igtk->igtk, len) < 0) {
381 -- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
382 -- "WPA: Failed to configure IGTK to the driver");
383 -+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
384 - return -1;
385 -- }
386 - }
387 -
388 - return 0;
389 -@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
390 - */
391 - void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
392 - {
393 -- int clear_ptk = 1;
394 -+ int clear_keys = 1;
395 -
396 - if (sm == NULL)
397 - return;
398 -@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
399 - /* Prepare for the next transition */
400 - wpa_ft_prepare_auth_request(sm, NULL);
401 -
402 -- clear_ptk = 0;
403 -+ clear_keys = 0;
404 - }
405 - #endif /* CONFIG_IEEE80211R */
406 -
407 -- if (clear_ptk) {
408 -+ if (clear_keys) {
409 - /*
410 - * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
411 - * this is not part of a Fast BSS Transition.
412 -@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
413 - os_memset(&sm->ptk, 0, sizeof(sm->ptk));
414 - sm->tptk_set = 0;
415 - os_memset(&sm->tptk, 0, sizeof(sm->tptk));
416 -+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
417 -+#ifdef CONFIG_IEEE80211W
418 -+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
419 -+#endif /* CONFIG_IEEE80211W */
420 - }
421 -
422 - #ifdef CONFIG_TDLS
423 -@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
424 - os_memset(sm->pmk, 0, sizeof(sm->pmk));
425 - os_memset(&sm->ptk, 0, sizeof(sm->ptk));
426 - os_memset(&sm->tptk, 0, sizeof(sm->tptk));
427 -+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
428 -+#ifdef CONFIG_IEEE80211W
429 -+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
430 -+#endif /* CONFIG_IEEE80211W */
431 - #ifdef CONFIG_IEEE80211R
432 - os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
433 - os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
434 -@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
435 - os_memset(&gd, 0, sizeof(gd));
436 - #ifdef CONFIG_IEEE80211W
437 - } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
438 -- struct wpa_igtk_kde igd;
439 -- u16 keyidx;
440 --
441 -- os_memset(&igd, 0, sizeof(igd));
442 -- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
443 -- os_memcpy(igd.keyid, buf + 2, 2);
444 -- os_memcpy(igd.pn, buf + 4, 6);
445 --
446 -- keyidx = WPA_GET_LE16(igd.keyid);
447 -- os_memcpy(igd.igtk, buf + 10, keylen);
448 --
449 -- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
450 -- igd.igtk, keylen);
451 -- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
452 -- broadcast_ether_addr,
453 -- keyidx, 0, igd.pn, sizeof(igd.pn),
454 -- igd.igtk, keylen) < 0) {
455 -- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
456 -- "WNM mode");
457 -- os_memset(&igd, 0, sizeof(igd));
458 -+ const struct wpa_igtk_kde *igtk;
459 -+
460 -+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
461 -+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
462 - return -1;
463 -- }
464 -- os_memset(&igd, 0, sizeof(igd));
465 - #endif /* CONFIG_IEEE80211W */
466 - } else {
467 - wpa_printf(MSG_DEBUG, "Unknown element id");
468 -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
469 -index f653ba6..afc9e37 100644
470 ---- a/src/rsn_supp/wpa_i.h
471 -+++ b/src/rsn_supp/wpa_i.h
472 -@@ -31,6 +31,10 @@ struct wpa_sm {
473 - u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
474 - int rx_replay_counter_set;
475 - u8 request_counter[WPA_REPLAY_COUNTER_LEN];
476 -+ struct wpa_gtk gtk;
477 -+#ifdef CONFIG_IEEE80211W
478 -+ struct wpa_igtk igtk;
479 -+#endif /* CONFIG_IEEE80211W */
480 -
481 - struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
482 -
483 ---
484 -2.7.4
485 -
486
487 diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
488 deleted file mode 100644
489 index e2937b851ad..00000000000
490 --- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
491 +++ /dev/null
492 @@ -1,184 +0,0 @@
493 -From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
494 -From: Jouni Malinen <j@××.fi>
495 -Date: Sun, 1 Oct 2017 12:12:24 +0300
496 -Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
497 - Mode cases
498 -
499 -This extends the protection to track last configured GTK/IGTK value
500 -separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
501 -corner case where these two different mechanisms may get used when the
502 -GTK/IGTK has changed and tracking a single value is not sufficient to
503 -detect a possible key reconfiguration.
504 -
505 -Signed-off-by: Jouni Malinen <j@××.fi>
506 ----
507 - src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++---------------
508 - src/rsn_supp/wpa_i.h | 2 ++
509 - 2 files changed, 40 insertions(+), 15 deletions(-)
510 -
511 -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
512 -index 95bd7be..7a2c68d 100644
513 ---- a/src/rsn_supp/wpa.c
514 -+++ b/src/rsn_supp/wpa.c
515 -@@ -709,14 +709,17 @@ struct wpa_gtk_data {
516 -
517 - static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
518 - const struct wpa_gtk_data *gd,
519 -- const u8 *key_rsc)
520 -+ const u8 *key_rsc, int wnm_sleep)
521 - {
522 - const u8 *_gtk = gd->gtk;
523 - u8 gtk_buf[32];
524 -
525 - /* Detect possible key reinstallation */
526 -- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
527 -- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
528 -+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
529 -+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
530 -+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
531 -+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
532 -+ sm->gtk_wnm_sleep.gtk_len) == 0)) {
533 - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
534 - "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
535 - gd->keyidx, gd->tx, gd->gtk_len);
536 -@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
537 - }
538 - os_memset(gtk_buf, 0, sizeof(gtk_buf));
539 -
540 -- sm->gtk.gtk_len = gd->gtk_len;
541 -- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
542 -+ if (wnm_sleep) {
543 -+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
544 -+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
545 -+ sm->gtk_wnm_sleep.gtk_len);
546 -+ } else {
547 -+ sm->gtk.gtk_len = gd->gtk_len;
548 -+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
549 -+ }
550 -
551 - return 0;
552 - }
553 -@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
554 - (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
555 - gtk_len, gtk_len,
556 - &gd.key_rsc_len, &gd.alg) ||
557 -- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
558 -+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
559 - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
560 - "RSN: Failed to install GTK");
561 - os_memset(&gd, 0, sizeof(gd));
562 -@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
563 -
564 - #ifdef CONFIG_IEEE80211W
565 - static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
566 -- const struct wpa_igtk_kde *igtk)
567 -+ const struct wpa_igtk_kde *igtk,
568 -+ int wnm_sleep)
569 - {
570 - size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
571 - u16 keyidx = WPA_GET_LE16(igtk->keyid);
572 -
573 - /* Detect possible key reinstallation */
574 -- if (sm->igtk.igtk_len == len &&
575 -- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
576 -+ if ((sm->igtk.igtk_len == len &&
577 -+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
578 -+ (sm->igtk_wnm_sleep.igtk_len == len &&
579 -+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
580 -+ sm->igtk_wnm_sleep.igtk_len) == 0)) {
581 - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
582 - "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
583 - keyidx);
584 -@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
585 - return -1;
586 - }
587 -
588 -- sm->igtk.igtk_len = len;
589 -- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
590 -+ if (wnm_sleep) {
591 -+ sm->igtk_wnm_sleep.igtk_len = len;
592 -+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
593 -+ sm->igtk_wnm_sleep.igtk_len);
594 -+ } else {
595 -+ sm->igtk.igtk_len = len;
596 -+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
597 -+ }
598 -
599 - return 0;
600 - }
601 -@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
602 - return -1;
603 -
604 - igtk = (const struct wpa_igtk_kde *) ie->igtk;
605 -- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
606 -+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
607 - return -1;
608 - }
609 -
610 -@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
611 - if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
612 - key_rsc = null_rsc;
613 -
614 -- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
615 -+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
616 - wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
617 - goto failed;
618 - os_memset(&gd, 0, sizeof(gd));
619 -@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
620 - sm->tptk_set = 0;
621 - os_memset(&sm->tptk, 0, sizeof(sm->tptk));
622 - os_memset(&sm->gtk, 0, sizeof(sm->gtk));
623 -+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
624 - #ifdef CONFIG_IEEE80211W
625 - os_memset(&sm->igtk, 0, sizeof(sm->igtk));
626 -+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
627 - #endif /* CONFIG_IEEE80211W */
628 - }
629 -
630 -@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
631 - os_memset(&sm->ptk, 0, sizeof(sm->ptk));
632 - os_memset(&sm->tptk, 0, sizeof(sm->tptk));
633 - os_memset(&sm->gtk, 0, sizeof(sm->gtk));
634 -+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
635 - #ifdef CONFIG_IEEE80211W
636 - os_memset(&sm->igtk, 0, sizeof(sm->igtk));
637 -+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
638 - #endif /* CONFIG_IEEE80211W */
639 - #ifdef CONFIG_IEEE80211R
640 - os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
641 -@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
642 -
643 - wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
644 - gd.gtk, gd.gtk_len);
645 -- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
646 -+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
647 - os_memset(&gd, 0, sizeof(gd));
648 - wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
649 - "WNM mode");
650 -@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
651 - const struct wpa_igtk_kde *igtk;
652 -
653 - igtk = (const struct wpa_igtk_kde *) (buf + 2);
654 -- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
655 -+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
656 - return -1;
657 - #endif /* CONFIG_IEEE80211W */
658 - } else {
659 -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
660 -index afc9e37..9a54631 100644
661 ---- a/src/rsn_supp/wpa_i.h
662 -+++ b/src/rsn_supp/wpa_i.h
663 -@@ -32,8 +32,10 @@ struct wpa_sm {
664 - int rx_replay_counter_set;
665 - u8 request_counter[WPA_REPLAY_COUNTER_LEN];
666 - struct wpa_gtk gtk;
667 -+ struct wpa_gtk gtk_wnm_sleep;
668 - #ifdef CONFIG_IEEE80211W
669 - struct wpa_igtk igtk;
670 -+ struct wpa_igtk igtk_wnm_sleep;
671 - #endif /* CONFIG_IEEE80211W */
672 -
673 - struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
674 ---
675 -2.7.4
676 -
677
678 diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
679 deleted file mode 100644
680 index 22ee217947d..00000000000
681 --- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
682 +++ /dev/null
683 @@ -1,79 +0,0 @@
684 -From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
685 -From: Mathy Vanhoef <Mathy.Vanhoef@×××××××××××.be>
686 -Date: Fri, 29 Sep 2017 04:22:51 +0200
687 -Subject: [PATCH 4/8] Prevent installation of an all-zero TK
688 -
689 -Properly track whether a PTK has already been installed to the driver
690 -and the TK part cleared from memory. This prevents an attacker from
691 -trying to trick the client into installing an all-zero TK.
692 -
693 -This fixes the earlier fix in commit
694 -ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
695 -driver in EAPOL-Key 3/4 retry case') which did not take into account
696 -possibility of an extra message 1/4 showing up between retries of
697 -message 3/4.
698 -
699 -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@×××××××××××.be>
700 ----
701 - src/common/wpa_common.h | 1 +
702 - src/rsn_supp/wpa.c | 5 ++---
703 - src/rsn_supp/wpa_i.h | 1 -
704 - 3 files changed, 3 insertions(+), 4 deletions(-)
705 -
706 -diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
707 -index d200285..1021ccb 100644
708 ---- a/src/common/wpa_common.h
709 -+++ b/src/common/wpa_common.h
710 -@@ -215,6 +215,7 @@ struct wpa_ptk {
711 - size_t kck_len;
712 - size_t kek_len;
713 - size_t tk_len;
714 -+ int installed; /* 1 if key has already been installed to driver */
715 - };
716 -
717 - struct wpa_gtk {
718 -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
719 -index 7a2c68d..0550a41 100644
720 ---- a/src/rsn_supp/wpa.c
721 -+++ b/src/rsn_supp/wpa.c
722 -@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
723 - os_memset(buf, 0, sizeof(buf));
724 - }
725 - sm->tptk_set = 1;
726 -- sm->tk_to_set = 1;
727 -
728 - kde = sm->assoc_wpa_ie;
729 - kde_len = sm->assoc_wpa_ie_len;
730 -@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
731 - enum wpa_alg alg;
732 - const u8 *key_rsc;
733 -
734 -- if (!sm->tk_to_set) {
735 -+ if (sm->ptk.installed) {
736 - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
737 - "WPA: Do not re-install same PTK to the driver");
738 - return 0;
739 -@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
740 -
741 - /* TK is not needed anymore in supplicant */
742 - os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
743 -- sm->tk_to_set = 0;
744 -+ sm->ptk.installed = 1;
745 -
746 - if (sm->wpa_ptk_rekey) {
747 - eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
748 -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
749 -index 9a54631..41f371f 100644
750 ---- a/src/rsn_supp/wpa_i.h
751 -+++ b/src/rsn_supp/wpa_i.h
752 -@@ -24,7 +24,6 @@ struct wpa_sm {
753 - struct wpa_ptk ptk, tptk;
754 - int ptk_set, tptk_set;
755 - unsigned int msg_3_of_4_ok:1;
756 -- unsigned int tk_to_set:1;
757 - u8 snonce[WPA_NONCE_LEN];
758 - u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
759 - int renew_snonce;
760 ---
761 -2.7.4
762 -
763
764 diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
765 deleted file mode 100644
766 index c19c4c71023..00000000000
767 --- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
768 +++ /dev/null
769 @@ -1,64 +0,0 @@
770 -From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
771 -From: Jouni Malinen <j@××.fi>
772 -Date: Sun, 1 Oct 2017 12:32:57 +0300
773 -Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
774 -
775 -The Authenticator state machine path for PTK rekeying ended up bypassing
776 -the AUTHENTICATION2 state where a new ANonce is generated when going
777 -directly to the PTKSTART state since there is no need to try to
778 -determine the PMK again in such a case. This is far from ideal since the
779 -new PTK would depend on a new nonce only from the supplicant.
780 -
781 -Fix this by generating a new ANonce when moving to the PTKSTART state
782 -for the purpose of starting new 4-way handshake to rekey PTK.
783 -
784 -Signed-off-by: Jouni Malinen <j@××.fi>
785 ----
786 - src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
787 - 1 file changed, 21 insertions(+), 3 deletions(-)
788 -
789 -diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
790 -index 707971d..bf10cc1 100644
791 ---- a/src/ap/wpa_auth.c
792 -+++ b/src/ap/wpa_auth.c
793 -@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
794 - }
795 -
796 -
797 -+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
798 -+{
799 -+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
800 -+ wpa_printf(MSG_ERROR,
801 -+ "WPA: Failed to get random data for ANonce");
802 -+ sm->Disconnect = TRUE;
803 -+ return -1;
804 -+ }
805 -+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
806 -+ WPA_NONCE_LEN);
807 -+ sm->TimeoutCtr = 0;
808 -+ return 0;
809 -+}
810 -+
811 -+
812 - SM_STATE(WPA_PTK, INITPMK)
813 - {
814 - u8 msk[2 * PMK_LEN];
815 -@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
816 - SM_ENTER(WPA_PTK, AUTHENTICATION);
817 - else if (sm->ReAuthenticationRequest)
818 - SM_ENTER(WPA_PTK, AUTHENTICATION2);
819 -- else if (sm->PTKRequest)
820 -- SM_ENTER(WPA_PTK, PTKSTART);
821 -- else switch (sm->wpa_ptk_state) {
822 -+ else if (sm->PTKRequest) {
823 -+ if (wpa_auth_sm_ptk_update(sm) < 0)
824 -+ SM_ENTER(WPA_PTK, DISCONNECTED);
825 -+ else
826 -+ SM_ENTER(WPA_PTK, PTKSTART);
827 -+ } else switch (sm->wpa_ptk_state) {
828 - case WPA_PTK_INITIALIZE:
829 - break;
830 - case WPA_PTK_DISCONNECT:
831 ---
832 -2.7.4
833 -
834
835 diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
836 deleted file mode 100644
837 index e1bd5a57262..00000000000
838 --- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
839 +++ /dev/null
840 @@ -1,132 +0,0 @@
841 -From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001
842 -From: Jouni Malinen <j@××.fi>
843 -Date: Fri, 22 Sep 2017 11:03:15 +0300
844 -Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
845 -
846 -Do not try to reconfigure the same TPK-TK to the driver after it has
847 -been successfully configured. This is an explicit check to avoid issues
848 -related to resetting the TX/RX packet number. There was already a check
849 -for this for TPK M2 (retries of that message are ignored completely), so
850 -that behavior does not get modified.
851 -
852 -For TPK M3, the TPK-TK could have been reconfigured, but that was
853 -followed by immediate teardown of the link due to an issue in updating
854 -the STA entry. Furthermore, for TDLS with any real security (i.e.,
855 -ignoring open/WEP), the TPK message exchange is protected on the AP path
856 -and simple replay attacks are not feasible.
857 -
858 -As an additional corner case, make sure the local nonce gets updated if
859 -the peer uses a very unlikely "random nonce" of all zeros.
860 -
861 -Signed-off-by: Jouni Malinen <j@××.fi>
862 ----
863 - src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
864 - 1 file changed, 36 insertions(+), 2 deletions(-)
865 -
866 -diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
867 -index e424168..9eb9738 100644
868 ---- a/src/rsn_supp/tdls.c
869 -+++ b/src/rsn_supp/tdls.c
870 -@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
871 - u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
872 - } tpk;
873 - int tpk_set;
874 -+ int tk_set; /* TPK-TK configured to the driver */
875 - int tpk_success;
876 - int tpk_in_progress;
877 -
878 -@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
879 - u8 rsc[6];
880 - enum wpa_alg alg;
881 -
882 -+ if (peer->tk_set) {
883 -+ /*
884 -+ * This same TPK-TK has already been configured to the driver
885 -+ * and this new configuration attempt (likely due to an
886 -+ * unexpected retransmitted frame) would result in clearing
887 -+ * the TX/RX sequence number which can break security, so must
888 -+ * not allow that to happen.
889 -+ */
890 -+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
891 -+ " has already been configured to the driver - do not reconfigure",
892 -+ MAC2STR(peer->addr));
893 -+ return -1;
894 -+ }
895 -+
896 - os_memset(rsc, 0, 6);
897 -
898 - switch (peer->cipher) {
899 -@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
900 - return -1;
901 - }
902 -
903 -+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
904 -+ MAC2STR(peer->addr));
905 - if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
906 - rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
907 - wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
908 - "driver");
909 - return -1;
910 - }
911 -+ peer->tk_set = 1;
912 - return 0;
913 - }
914 -
915 -@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
916 - peer->cipher = 0;
917 - peer->qos_info = 0;
918 - peer->wmm_capable = 0;
919 -- peer->tpk_set = peer->tpk_success = 0;
920 -+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
921 - peer->chan_switch_enabled = 0;
922 - os_memset(&peer->tpk, 0, sizeof(peer->tpk));
923 - os_memset(peer->inonce, 0, WPA_NONCE_LEN);
924 -@@ -1159,6 +1177,7 @@ skip_rsnie:
925 - wpa_tdls_peer_free(sm, peer);
926 - return -1;
927 - }
928 -+ peer->tk_set = 0; /* A new nonce results in a new TK */
929 - wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
930 - peer->inonce, WPA_NONCE_LEN);
931 - os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
932 -@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
933 - }
934 -
935 -
936 -+static int tdls_nonce_set(const u8 *nonce)
937 -+{
938 -+ int i;
939 -+
940 -+ for (i = 0; i < WPA_NONCE_LEN; i++) {
941 -+ if (nonce[i])
942 -+ return 1;
943 -+ }
944 -+
945 -+ return 0;
946 -+}
947 -+
948 -+
949 - static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
950 - const u8 *buf, size_t len)
951 - {
952 -@@ -2004,7 +2036,8 @@ skip_rsn:
953 - peer->rsnie_i_len = kde.rsn_ie_len;
954 - peer->cipher = cipher;
955 -
956 -- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
957 -+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
958 -+ !tdls_nonce_set(peer->inonce)) {
959 - /*
960 - * There is no point in updating the RNonce for every obtained
961 - * TPK M1 frame (e.g., retransmission due to timeout) with the
962 -@@ -2020,6 +2053,7 @@ skip_rsn:
963 - "TDLS: Failed to get random data for responder nonce");
964 - goto error;
965 - }
966 -+ peer->tk_set = 0; /* A new nonce results in a new TK */
967 - }
968 -
969 - #if 0
970 ---
971 -2.7.4
972 -
973
974 diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
975 deleted file mode 100644
976 index b9678f6815a..00000000000
977 --- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
978 +++ /dev/null
979 @@ -1,82 +0,0 @@
980 -From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
981 -From: Jouni Malinen <j@××.fi>
982 -Date: Fri, 22 Sep 2017 12:06:37 +0300
983 -Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
984 -
985 -The driver is expected to not report a second association event without
986 -the station having explicitly request a new association. As such, this
987 -case should not be reachable. However, since reconfiguring the same
988 -pairwise or group keys to the driver could result in nonce reuse issues,
989 -be extra careful here and do an additional state check to avoid this
990 -even if the local driver ends up somehow accepting an unexpected
991 -Reassociation Response frame.
992 -
993 -Signed-off-by: Jouni Malinen <j@××.fi>
994 ----
995 - src/rsn_supp/wpa.c | 3 +++
996 - src/rsn_supp/wpa_ft.c | 8 ++++++++
997 - src/rsn_supp/wpa_i.h | 1 +
998 - 3 files changed, 12 insertions(+)
999 -
1000 -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
1001 -index 0550a41..2a53c6f 100644
1002 ---- a/src/rsn_supp/wpa.c
1003 -+++ b/src/rsn_supp/wpa.c
1004 -@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
1005 - #ifdef CONFIG_TDLS
1006 - wpa_tdls_disassoc(sm);
1007 - #endif /* CONFIG_TDLS */
1008 -+#ifdef CONFIG_IEEE80211R
1009 -+ sm->ft_reassoc_completed = 0;
1010 -+#endif /* CONFIG_IEEE80211R */
1011 -
1012 - /* Keys are not needed in the WPA state machine anymore */
1013 - wpa_sm_drop_sa(sm);
1014 -diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
1015 -index 205793e..d45bb45 100644
1016 ---- a/src/rsn_supp/wpa_ft.c
1017 -+++ b/src/rsn_supp/wpa_ft.c
1018 -@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
1019 - u16 capab;
1020 -
1021 - sm->ft_completed = 0;
1022 -+ sm->ft_reassoc_completed = 0;
1023 -
1024 - buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
1025 - 2 + sm->r0kh_id_len + ric_ies_len + 100;
1026 -@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
1027 - return -1;
1028 - }
1029 -
1030 -+ if (sm->ft_reassoc_completed) {
1031 -+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
1032 -+ return 0;
1033 -+ }
1034 -+
1035 - if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
1036 - wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
1037 - return -1;
1038 -@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
1039 - return -1;
1040 - }
1041 -
1042 -+ sm->ft_reassoc_completed = 1;
1043 -+
1044 - if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
1045 - return -1;
1046 -
1047 -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
1048 -index 41f371f..56f88dc 100644
1049 ---- a/src/rsn_supp/wpa_i.h
1050 -+++ b/src/rsn_supp/wpa_i.h
1051 -@@ -128,6 +128,7 @@ struct wpa_sm {
1052 - size_t r0kh_id_len;
1053 - u8 r1kh_id[FT_R1KH_ID_LEN];
1054 - int ft_completed;
1055 -+ int ft_reassoc_completed;
1056 - int over_the_ds_in_progress;
1057 - u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
1058 - int set_ptk_after_assoc;
1059 ---
1060 -2.7.4
1061 -
1062
1063 diff --git a/net-wireless/hostapd/files/hostapd-2.6-libressl-compatibility.patch b/net-wireless/hostapd/files/hostapd-2.6-libressl-compatibility.patch
1064 deleted file mode 100644
1065 index 025da58028d..00000000000
1066 --- a/net-wireless/hostapd/files/hostapd-2.6-libressl-compatibility.patch
1067 +++ /dev/null
1068 @@ -1,106 +0,0 @@
1069 -diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
1070 -index 19e0e2be8..6585c0245 100644
1071 ---- a/src/crypto/crypto_openssl.c
1072 -+++ b/src/crypto/crypto_openssl.c
1073 -@@ -33,7 +33,9 @@
1074 - #include "aes_wrap.h"
1075 - #include "crypto.h"
1076 -
1077 --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
1078 -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
1079 -+ (defined(LIBRESSL_VERSION_NUMBER) && \
1080 -+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
1081 - /* Compatibility wrappers for older versions. */
1082 -
1083 - static HMAC_CTX * HMAC_CTX_new(void)
1084 -@@ -79,7 +81,9 @@ static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
1085 -
1086 - static BIGNUM * get_group5_prime(void)
1087 - {
1088 --#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
1089 -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
1090 -+ !(defined(LIBRESSL_VERSION_NUMBER) && \
1091 -+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
1092 - return BN_get_rfc3526_prime_1536(NULL);
1093 - #elif !defined(OPENSSL_IS_BORINGSSL)
1094 - return get_rfc3526_prime_1536(NULL);
1095 -@@ -611,7 +615,9 @@ void crypto_cipher_deinit(struct crypto_cipher *ctx)
1096 -
1097 - void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
1098 - {
1099 --#if OPENSSL_VERSION_NUMBER < 0x10100000L
1100 -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
1101 -+ (defined(LIBRESSL_VERSION_NUMBER) && \
1102 -+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
1103 - DH *dh;
1104 - struct wpabuf *pubkey = NULL, *privkey = NULL;
1105 - size_t publen, privlen;
1106 -@@ -712,7 +718,9 @@ err:
1107 -
1108 - void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ)
1109 - {
1110 --#if OPENSSL_VERSION_NUMBER < 0x10100000L
1111 -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
1112 -+ (defined(LIBRESSL_VERSION_NUMBER) && \
1113 -+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
1114 - DH *dh;
1115 -
1116 - dh = DH_new();
1117 -diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
1118 -index 23ac64b48..91acc579d 100644
1119 ---- a/src/crypto/tls_openssl.c
1120 -+++ b/src/crypto/tls_openssl.c
1121 -@@ -59,7 +59,8 @@ typedef int stack_index_t;
1122 - #endif /* SSL_set_tlsext_status_type */
1123 -
1124 - #if (OPENSSL_VERSION_NUMBER < 0x10100000L || \
1125 -- defined(LIBRESSL_VERSION_NUMBER)) && \
1126 -+ (defined(LIBRESSL_VERSION_NUMBER) && \
1127 -+ LIBRESSL_VERSION_NUMBER < 0x20700000L)) && \
1128 - !defined(BORINGSSL_API_VERSION)
1129 - /*
1130 - * SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL
1131 -@@ -919,7 +920,9 @@ void * tls_init(const struct tls_config *conf)
1132 - }
1133 - #endif /* OPENSSL_FIPS */
1134 - #endif /* CONFIG_FIPS */
1135 --#if OPENSSL_VERSION_NUMBER < 0x10100000L
1136 -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
1137 -+ (defined(LIBRESSL_VERSION_NUMBER) && \
1138 -+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
1139 - SSL_load_error_strings();
1140 - SSL_library_init();
1141 - #ifndef OPENSSL_NO_SHA256
1142 -@@ -1043,7 +1046,9 @@ void tls_deinit(void *ssl_ctx)
1143 -
1144 - tls_openssl_ref_count--;
1145 - if (tls_openssl_ref_count == 0) {
1146 --#if OPENSSL_VERSION_NUMBER < 0x10100000L
1147 -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
1148 -+ (defined(LIBRESSL_VERSION_NUMBER) && \
1149 -+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
1150 - #ifndef OPENSSL_NO_ENGINE
1151 - ENGINE_cleanup();
1152 - #endif /* OPENSSL_NO_ENGINE */
1153 -@@ -3105,7 +3110,9 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn,
1154 - #ifdef OPENSSL_NEED_EAP_FAST_PRF
1155 - static int openssl_get_keyblock_size(SSL *ssl)
1156 - {
1157 --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
1158 -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
1159 -+ (defined(LIBRESSL_VERSION_NUMBER) && \
1160 -+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
1161 - const EVP_CIPHER *c;
1162 - const EVP_MD *h;
1163 - int md_size;
1164 -@@ -4159,7 +4166,9 @@ static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
1165 - struct tls_connection *conn = arg;
1166 - int ret;
1167 -
1168 --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
1169 -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
1170 -+ (defined(LIBRESSL_VERSION_NUMBER) && \
1171 -+ LIBRESSL_VERSION_NUMBER < 0x20700000L)
1172 - if (conn == NULL || conn->session_ticket_cb == NULL)
1173 - return 0;
1174 -
1175
1176 diff --git a/net-wireless/hostapd/files/hostapd-conf.d b/net-wireless/hostapd/files/hostapd-conf.d
1177 deleted file mode 100644
1178 index 7d05735eb3b..00000000000
1179 --- a/net-wireless/hostapd/files/hostapd-conf.d
1180 +++ /dev/null
1181 @@ -1,9 +0,0 @@
1182 -# Space separated List of interfaces which needs to be started before
1183 -# hostapd
1184 -INTERFACES="wlan0"
1185 -
1186 -# Space separated list of configuration files
1187 -CONFIGS="/etc/hostapd/hostapd.conf"
1188 -
1189 -# Extra options to pass to hostapd, see hostapd(8)
1190 -OPTIONS=""
1191
1192 diff --git a/net-wireless/hostapd/files/hostapd-init.d b/net-wireless/hostapd/files/hostapd-init.d
1193 deleted file mode 100644
1194 index 3c0fdc9e843..00000000000
1195 --- a/net-wireless/hostapd/files/hostapd-init.d
1196 +++ /dev/null
1197 @@ -1,38 +0,0 @@
1198 -#!/sbin/openrc-run
1199 -# Copyright 1999-2014 Gentoo Foundation
1200 -# Distributed under the terms of the GNU General Public License v2
1201 -
1202 -pidfile="/run/${SVCNAME}.pid"
1203 -command="/usr/sbin/hostapd"
1204 -command_args="-P ${pidfile} -B ${OPTIONS} ${CONFIGS}"
1205 -
1206 -extra_started_commands="reload"
1207 -
1208 -depend() {
1209 - local myneeds=
1210 - for iface in ${INTERFACES}; do
1211 - myneeds="${myneeds} net.${iface}"
1212 - done
1213 -
1214 - [ -n "${myneeds}" ] && need ${myneeds}
1215 - use logger
1216 -}
1217 -
1218 -start_pre() {
1219 - local file
1220 -
1221 - for file in ${CONFIGS}; do
1222 - if [ ! -r "${file}" ]; then
1223 - eerror "hostapd configuration file (${CONFIG}) not found"
1224 - return 1
1225 - fi
1226 - done
1227 -}
1228 -
1229 -reload() {
1230 - start_pre || return 1
1231 -
1232 - ebegin "Reloading ${SVCNAME} configuration"
1233 - kill -HUP $(cat ${pidfile}) > /dev/null 2>&1
1234 - eend $?
1235 -}
1236
1237 diff --git a/net-wireless/hostapd/files/hostapd.service b/net-wireless/hostapd/files/hostapd.service
1238 deleted file mode 100644
1239 index 8f0ee8e8f74..00000000000
1240 --- a/net-wireless/hostapd/files/hostapd.service
1241 +++ /dev/null
1242 @@ -1,9 +0,0 @@
1243 -[Unit]
1244 -Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
1245 -After=network.target
1246 -
1247 -[Service]
1248 -ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd.conf
1249 -
1250 -[Install]
1251 -WantedBy=multi-user.target
1252
1253 diff --git a/net-wireless/hostapd/hostapd-2.6-r4.ebuild b/net-wireless/hostapd/hostapd-2.6-r4.ebuild
1254 deleted file mode 100644
1255 index 6f00dd91246..00000000000
1256 --- a/net-wireless/hostapd/hostapd-2.6-r4.ebuild
1257 +++ /dev/null
1258 @@ -1,253 +0,0 @@
1259 -# Copyright 1999-2018 Gentoo Foundation
1260 -# Distributed under the terms of the GNU General Public License v2
1261 -
1262 -EAPI="6"
1263 -
1264 -inherit toolchain-funcs eutils systemd savedconfig
1265 -
1266 -DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon"
1267 -HOMEPAGE="http://hostap.epitest.fi"
1268 -SRC_URI="http://hostap.epitest.fi/releases/${P}.tar.gz"
1269 -
1270 -LICENSE="BSD"
1271 -SLOT="0"
1272 -KEYWORDS="amd64 arm ~mips ppc x86"
1273 -IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda"
1274 -
1275 -DEPEND="
1276 - libressl? ( dev-libs/libressl:0= )
1277 - !libressl? (
1278 - internal-tls? ( dev-libs/libtommath )
1279 - !internal-tls? ( dev-libs/openssl:0=[-bindist] )
1280 - )
1281 - kernel_linux? (
1282 - dev-libs/libnl:3
1283 - crda? ( net-wireless/crda )
1284 - )
1285 - netlink? ( net-libs/libnfnetlink )
1286 - sqlite? ( >=dev-db/sqlite-3 )"
1287 -
1288 -RDEPEND="${DEPEND}"
1289 -
1290 -S="${S}/${PN}"
1291 -
1292 -pkg_pretend() {
1293 - if use internal-tls; then
1294 - if use libressl; then
1295 - elog "libressl flag takes precedence over internal-tls"
1296 - else
1297 - ewarn "internal-tls implementation is experimental and provides fewer features"
1298 - fi
1299 - fi
1300 -}
1301 -
1302 -src_prepare() {
1303 - # Allow users to apply patches to src/drivers for example,
1304 - # i.e. anything outside ${S}/${PN}
1305 - pushd ../ >/dev/null || die
1306 -
1307 - # Add LibreSSL compatibility patch bug (#567262)
1308 - eapply "${FILESDIR}/${P}-libressl-compatibility.patch"
1309 -
1310 - # https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
1311 - eapply "${FILESDIR}/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch"
1312 - eapply "${FILESDIR}/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch"
1313 - eapply "${FILESDIR}/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch"
1314 - eapply "${FILESDIR}/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch"
1315 - eapply "${FILESDIR}/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch"
1316 - eapply "${FILESDIR}/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch"
1317 - eapply "${FILESDIR}/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch"
1318 - default
1319 - popd >/dev/null || die
1320 -
1321 - sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \
1322 - "${S}/hostapd.conf" || die
1323 -
1324 -}
1325 -
1326 -src_configure() {
1327 - local CONFIG="${S}/.config"
1328 -
1329 - restore_config "${CONFIG}"
1330 - if [[ -f "${CONFIG}" ]]; then
1331 - default_src_configure
1332 - return 0
1333 - fi
1334 -
1335 - # toolchain setup
1336 - echo "CC = $(tc-getCC)" > ${CONFIG}
1337 -
1338 - # EAP authentication methods
1339 - echo "CONFIG_EAP=y" >> ${CONFIG}
1340 - echo "CONFIG_ERP=y" >> ${CONFIG}
1341 - echo "CONFIG_EAP_MD5=y" >> ${CONFIG}
1342 -
1343 - if use internal-tls && ! use libressl; then
1344 - echo "CONFIG_TLS=internal" >> ${CONFIG}
1345 - else
1346 - # SSL authentication methods
1347 - echo "CONFIG_EAP_FAST=y" >> ${CONFIG}
1348 - echo "CONFIG_EAP_TLS=y" >> ${CONFIG}
1349 - echo "CONFIG_EAP_TTLS=y" >> ${CONFIG}
1350 - echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG}
1351 - echo "CONFIG_EAP_PEAP=y" >> ${CONFIG}
1352 - echo "CONFIG_TLSV11=y" >> ${CONFIG}
1353 - echo "CONFIG_TLSV12=y" >> ${CONFIG}
1354 - echo "CONFIG_EAP_PWD=y" >> ${CONFIG}
1355 - fi
1356 -
1357 - if use wps; then
1358 - # Enable Wi-Fi Protected Setup
1359 - echo "CONFIG_WPS=y" >> ${CONFIG}
1360 - echo "CONFIG_WPS2=y" >> ${CONFIG}
1361 - echo "CONFIG_WPS_UPNP=y" >> ${CONFIG}
1362 - echo "CONFIG_WPS_NFC=y" >> ${CONFIG}
1363 - einfo "Enabling Wi-Fi Protected Setup support"
1364 - fi
1365 -
1366 - echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG}
1367 - echo "CONFIG_EAP_TNC=y" >> ${CONFIG}
1368 - echo "CONFIG_EAP_GTC=y" >> ${CONFIG}
1369 - echo "CONFIG_EAP_SIM=y" >> ${CONFIG}
1370 - echo "CONFIG_EAP_AKA=y" >> ${CONFIG}
1371 - echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG}
1372 - echo "CONFIG_EAP_EKE=y" >> ${CONFIG}
1373 - echo "CONFIG_EAP_PAX=y" >> ${CONFIG}
1374 - echo "CONFIG_EAP_PSK=y" >> ${CONFIG}
1375 - echo "CONFIG_EAP_SAKE=y" >> ${CONFIG}
1376 - echo "CONFIG_EAP_GPSK=y" >> ${CONFIG}
1377 - echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG}
1378 -
1379 - einfo "Enabling drivers: "
1380 -
1381 - # drivers
1382 - echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG}
1383 - einfo " HostAP driver enabled"
1384 - echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG}
1385 - einfo " Wired driver enabled"
1386 - echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG}
1387 - einfo " None driver enabled"
1388 -
1389 - einfo " nl80211 driver enabled"
1390 - echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG}
1391 -
1392 - # epoll
1393 - echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG}
1394 -
1395 - # misc
1396 - echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG}
1397 - echo "CONFIG_PKCS12=y" >> ${CONFIG}
1398 - echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG}
1399 - echo "CONFIG_IAPP=y" >> ${CONFIG}
1400 - echo "CONFIG_IEEE80211R=y" >> ${CONFIG}
1401 - echo "CONFIG_IEEE80211W=y" >> ${CONFIG}
1402 - echo "CONFIG_IEEE80211N=y" >> ${CONFIG}
1403 - echo "CONFIG_IEEE80211AC=y" >> ${CONFIG}
1404 - echo "CONFIG_PEERKEY=y" >> ${CONFIG}
1405 - echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG}
1406 - echo "CONFIG_INTERWORKING=y" >> ${CONFIG}
1407 - echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG}
1408 - echo "CONFIG_HS20=y" >> ${CONFIG}
1409 - echo "CONFIG_WNM=y" >> ${CONFIG}
1410 - echo "CONFIG_FST=y" >> ${CONFIG}
1411 - echo "CONFIG_FST_TEST=y" >> ${CONFIG}
1412 - echo "CONFIG_ACS=y" >> ${CONFIG}
1413 -
1414 - if use netlink; then
1415 - # Netlink support
1416 - echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG}
1417 - fi
1418 -
1419 - if use ipv6; then
1420 - # IPv6 support
1421 - echo "CONFIG_IPV6=y" >> ${CONFIG}
1422 - fi
1423 -
1424 - if use sqlite; then
1425 - # Sqlite support
1426 - echo "CONFIG_SQLITE=y" >> ${CONFIG}
1427 - fi
1428 -
1429 - # If we are using libnl 2.0 and above, enable support for it
1430 - # Removed for now, since the 3.2 version is broken, and we don't
1431 - # support it.
1432 - if has_version ">=dev-libs/libnl-3.2"; then
1433 - echo "CONFIG_LIBNL32=y" >> .config
1434 - fi
1435 -
1436 - # TODO: Add support for BSD drivers
1437 -
1438 - default_src_configure
1439 -}
1440 -
1441 -src_compile() {
1442 - emake V=1
1443 -
1444 - if use libressl || ! use internal-tls; then
1445 - emake V=1 nt_password_hash
1446 - emake V=1 hlr_auc_gw
1447 - fi
1448 -}
1449 -
1450 -src_install() {
1451 - insinto /etc/${PN}
1452 - doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk}
1453 -
1454 - fperms -R 600 /etc/${PN}
1455 -
1456 - dosbin ${PN}
1457 - dobin ${PN}_cli
1458 -
1459 - if use libressl || ! use internal-tls; then
1460 - dobin nt_password_hash hlr_auc_gw
1461 - fi
1462 -
1463 - newinitd "${FILESDIR}"/${PN}-init.d ${PN}
1464 - newconfd "${FILESDIR}"/${PN}-conf.d ${PN}
1465 - systemd_dounit "${FILESDIR}"/${PN}.service
1466 -
1467 - doman ${PN}{.8,_cli.1}
1468 -
1469 - dodoc ChangeLog README
1470 - use wps && dodoc README-WPS
1471 -
1472 - docinto examples
1473 - dodoc wired.conf
1474 -
1475 - if use logwatch; then
1476 - insinto /etc/log.d/conf/services/
1477 - doins logwatch/${PN}.conf
1478 -
1479 - exeinto /etc/log.d/scripts/services/
1480 - doexe logwatch/${PN}
1481 - fi
1482 -
1483 - save_config .config
1484 -}
1485 -
1486 -pkg_postinst() {
1487 - einfo
1488 - einfo "If you are running openRC you need to follow this instructions:"
1489 - einfo "In order to use ${PN} you need to set up your wireless card"
1490 - einfo "for master mode in /etc/conf.d/net and then start"
1491 - einfo "/etc/init.d/${PN}."
1492 - einfo
1493 - einfo "Example configuration:"
1494 - einfo
1495 - einfo "config_wlan0=( \"192.168.1.1/24\" )"
1496 - einfo "channel_wlan0=\"6\""
1497 - einfo "essid_wlan0=\"test\""
1498 - einfo "mode_wlan0=\"master\""
1499 - einfo
1500 - #if [ -e "${KV_DIR}"/net/mac80211 ]; then
1501 - # einfo "This package now compiles against the headers installed by"
1502 - # einfo "the kernel source for the mac80211 driver. You should "
1503 - # einfo "re-emerge ${PN} after upgrading your kernel source."
1504 - #fi
1505 -
1506 - if use wps; then
1507 - einfo "You have enabled Wi-Fi Protected Setup support, please"
1508 - einfo "read the README-WPS file in /usr/share/doc/${P}"
1509 - einfo "for info on how to use WPS"
1510 - fi
1511 -}
1512
1513 diff --git a/net-wireless/hostapd/hostapd-2.6-r5.ebuild b/net-wireless/hostapd/hostapd-2.6-r5.ebuild
1514 deleted file mode 100644
1515 index 82e50e8b7f0..00000000000
1516 --- a/net-wireless/hostapd/hostapd-2.6-r5.ebuild
1517 +++ /dev/null
1518 @@ -1,256 +0,0 @@
1519 -# Copyright 1999-2018 Gentoo Foundation
1520 -# Distributed under the terms of the GNU General Public License v2
1521 -
1522 -EAPI="6"
1523 -
1524 -inherit toolchain-funcs eutils systemd savedconfig
1525 -
1526 -DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon"
1527 -HOMEPAGE="http://w1.fi"
1528 -EXTRAS_VER="2.6-r5"
1529 -EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras"
1530 -SRC_URI="http://w1.fi/releases/${P}.tar.gz
1531 - https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz"
1532 -
1533 -LICENSE="BSD"
1534 -SLOT="0"
1535 -KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86"
1536 -IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda"
1537 -
1538 -DEPEND="
1539 - libressl? ( dev-libs/libressl:0= )
1540 - !libressl? (
1541 - internal-tls? ( dev-libs/libtommath )
1542 - !internal-tls? ( dev-libs/openssl:0=[-bindist] )
1543 - )
1544 - kernel_linux? (
1545 - dev-libs/libnl:3
1546 - crda? ( net-wireless/crda )
1547 - )
1548 - netlink? ( net-libs/libnfnetlink )
1549 - sqlite? ( >=dev-db/sqlite-3 )"
1550 -
1551 -RDEPEND="${DEPEND}"
1552 -
1553 -S="${S}/${PN}"
1554 -
1555 -pkg_pretend() {
1556 - if use internal-tls; then
1557 - if use libressl; then
1558 - elog "libressl flag takes precedence over internal-tls"
1559 - else
1560 - ewarn "internal-tls implementation is experimental and provides fewer features"
1561 - fi
1562 - fi
1563 -}
1564 -
1565 -src_prepare() {
1566 - # Allow users to apply patches to src/drivers for example,
1567 - # i.e. anything outside ${S}/${PN}
1568 - pushd ../ >/dev/null || die
1569 -
1570 - # Add LibreSSL compatibility patch bug (#567262)
1571 - eapply "${WORKDIR}/${EXTRAS_NAME}/${P}-libressl-compatibility.patch"
1572 -
1573 - # https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
1574 - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch"
1575 - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch"
1576 - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch"
1577 - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch"
1578 - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch"
1579 - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch"
1580 - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch"
1581 - default
1582 - popd >/dev/null || die
1583 -
1584 - sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \
1585 - "${S}/hostapd.conf" || die
1586 -
1587 -}
1588 -
1589 -src_configure() {
1590 - local CONFIG="${S}/.config"
1591 -
1592 - restore_config "${CONFIG}"
1593 - if [[ -f "${CONFIG}" ]]; then
1594 - default_src_configure
1595 - return 0
1596 - fi
1597 -
1598 - # toolchain setup
1599 - echo "CC = $(tc-getCC)" > ${CONFIG}
1600 -
1601 - # EAP authentication methods
1602 - echo "CONFIG_EAP=y" >> ${CONFIG}
1603 - echo "CONFIG_ERP=y" >> ${CONFIG}
1604 - echo "CONFIG_EAP_MD5=y" >> ${CONFIG}
1605 -
1606 - if use internal-tls && ! use libressl; then
1607 - echo "CONFIG_TLS=internal" >> ${CONFIG}
1608 - else
1609 - # SSL authentication methods
1610 - echo "CONFIG_EAP_FAST=y" >> ${CONFIG}
1611 - echo "CONFIG_EAP_TLS=y" >> ${CONFIG}
1612 - echo "CONFIG_EAP_TTLS=y" >> ${CONFIG}
1613 - echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG}
1614 - echo "CONFIG_EAP_PEAP=y" >> ${CONFIG}
1615 - echo "CONFIG_TLSV11=y" >> ${CONFIG}
1616 - echo "CONFIG_TLSV12=y" >> ${CONFIG}
1617 - echo "CONFIG_EAP_PWD=y" >> ${CONFIG}
1618 - fi
1619 -
1620 - if use wps; then
1621 - # Enable Wi-Fi Protected Setup
1622 - echo "CONFIG_WPS=y" >> ${CONFIG}
1623 - echo "CONFIG_WPS2=y" >> ${CONFIG}
1624 - echo "CONFIG_WPS_UPNP=y" >> ${CONFIG}
1625 - echo "CONFIG_WPS_NFC=y" >> ${CONFIG}
1626 - einfo "Enabling Wi-Fi Protected Setup support"
1627 - fi
1628 -
1629 - echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG}
1630 - echo "CONFIG_EAP_TNC=y" >> ${CONFIG}
1631 - echo "CONFIG_EAP_GTC=y" >> ${CONFIG}
1632 - echo "CONFIG_EAP_SIM=y" >> ${CONFIG}
1633 - echo "CONFIG_EAP_AKA=y" >> ${CONFIG}
1634 - echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG}
1635 - echo "CONFIG_EAP_EKE=y" >> ${CONFIG}
1636 - echo "CONFIG_EAP_PAX=y" >> ${CONFIG}
1637 - echo "CONFIG_EAP_PSK=y" >> ${CONFIG}
1638 - echo "CONFIG_EAP_SAKE=y" >> ${CONFIG}
1639 - echo "CONFIG_EAP_GPSK=y" >> ${CONFIG}
1640 - echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG}
1641 -
1642 - einfo "Enabling drivers: "
1643 -
1644 - # drivers
1645 - echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG}
1646 - einfo " HostAP driver enabled"
1647 - echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG}
1648 - einfo " Wired driver enabled"
1649 - echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG}
1650 - einfo " None driver enabled"
1651 -
1652 - einfo " nl80211 driver enabled"
1653 - echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG}
1654 -
1655 - # epoll
1656 - echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG}
1657 -
1658 - # misc
1659 - echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG}
1660 - echo "CONFIG_PKCS12=y" >> ${CONFIG}
1661 - echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG}
1662 - echo "CONFIG_IAPP=y" >> ${CONFIG}
1663 - echo "CONFIG_IEEE80211R=y" >> ${CONFIG}
1664 - echo "CONFIG_IEEE80211W=y" >> ${CONFIG}
1665 - echo "CONFIG_IEEE80211N=y" >> ${CONFIG}
1666 - echo "CONFIG_IEEE80211AC=y" >> ${CONFIG}
1667 - echo "CONFIG_PEERKEY=y" >> ${CONFIG}
1668 - echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG}
1669 - echo "CONFIG_INTERWORKING=y" >> ${CONFIG}
1670 - echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG}
1671 - echo "CONFIG_HS20=y" >> ${CONFIG}
1672 - echo "CONFIG_WNM=y" >> ${CONFIG}
1673 - echo "CONFIG_FST=y" >> ${CONFIG}
1674 - echo "CONFIG_FST_TEST=y" >> ${CONFIG}
1675 - echo "CONFIG_ACS=y" >> ${CONFIG}
1676 -
1677 - if use netlink; then
1678 - # Netlink support
1679 - echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG}
1680 - fi
1681 -
1682 - if use ipv6; then
1683 - # IPv6 support
1684 - echo "CONFIG_IPV6=y" >> ${CONFIG}
1685 - fi
1686 -
1687 - if use sqlite; then
1688 - # Sqlite support
1689 - echo "CONFIG_SQLITE=y" >> ${CONFIG}
1690 - fi
1691 -
1692 - # If we are using libnl 2.0 and above, enable support for it
1693 - # Removed for now, since the 3.2 version is broken, and we don't
1694 - # support it.
1695 - if has_version ">=dev-libs/libnl-3.2"; then
1696 - echo "CONFIG_LIBNL32=y" >> .config
1697 - fi
1698 -
1699 - # TODO: Add support for BSD drivers
1700 -
1701 - default_src_configure
1702 -}
1703 -
1704 -src_compile() {
1705 - emake V=1
1706 -
1707 - if use libressl || ! use internal-tls; then
1708 - emake V=1 nt_password_hash
1709 - emake V=1 hlr_auc_gw
1710 - fi
1711 -}
1712 -
1713 -src_install() {
1714 - insinto /etc/${PN}
1715 - doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk}
1716 -
1717 - fperms -R 600 /etc/${PN}
1718 -
1719 - dosbin ${PN}
1720 - dobin ${PN}_cli
1721 -
1722 - if use libressl || ! use internal-tls; then
1723 - dobin nt_password_hash hlr_auc_gw
1724 - fi
1725 -
1726 - newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN}
1727 - newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN}
1728 - systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service
1729 -
1730 - doman ${PN}{.8,_cli.1}
1731 -
1732 - dodoc ChangeLog README
1733 - use wps && dodoc README-WPS
1734 -
1735 - docinto examples
1736 - dodoc wired.conf
1737 -
1738 - if use logwatch; then
1739 - insinto /etc/log.d/conf/services/
1740 - doins logwatch/${PN}.conf
1741 -
1742 - exeinto /etc/log.d/scripts/services/
1743 - doexe logwatch/${PN}
1744 - fi
1745 -
1746 - save_config .config
1747 -}
1748 -
1749 -pkg_postinst() {
1750 - einfo
1751 - einfo "If you are running openRC you need to follow this instructions:"
1752 - einfo "In order to use ${PN} you need to set up your wireless card"
1753 - einfo "for master mode in /etc/conf.d/net and then start"
1754 - einfo "/etc/init.d/${PN}."
1755 - einfo
1756 - einfo "Example configuration:"
1757 - einfo
1758 - einfo "config_wlan0=( \"192.168.1.1/24\" )"
1759 - einfo "channel_wlan0=\"6\""
1760 - einfo "essid_wlan0=\"test\""
1761 - einfo "mode_wlan0=\"master\""
1762 - einfo
1763 - #if [ -e "${KV_DIR}"/net/mac80211 ]; then
1764 - # einfo "This package now compiles against the headers installed by"
1765 - # einfo "the kernel source for the mac80211 driver. You should "
1766 - # einfo "re-emerge ${PN} after upgrading your kernel source."
1767 - #fi
1768 -
1769 - if use wps; then
1770 - einfo "You have enabled Wi-Fi Protected Setup support, please"
1771 - einfo "read the README-WPS file in /usr/share/doc/${P}"
1772 - einfo "for info on how to use WPS"
1773 - fi
1774 -}
1775
1776 diff --git a/net-wireless/hostapd/hostapd-2.6-r6.ebuild b/net-wireless/hostapd/hostapd-2.6-r6.ebuild
1777 deleted file mode 100644
1778 index 484677f3913..00000000000
1779 --- a/net-wireless/hostapd/hostapd-2.6-r6.ebuild
1780 +++ /dev/null
1781 @@ -1,259 +0,0 @@
1782 -# Copyright 1999-2018 Gentoo Foundation
1783 -# Distributed under the terms of the GNU General Public License v2
1784 -
1785 -EAPI="6"
1786 -
1787 -inherit toolchain-funcs eutils systemd savedconfig
1788 -
1789 -DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon"
1790 -HOMEPAGE="http://w1.fi"
1791 -EXTRAS_VER="2.6-r6"
1792 -EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras"
1793 -SRC_URI="http://w1.fi/releases/${P}.tar.gz
1794 - https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz"
1795 -
1796 -LICENSE="BSD"
1797 -SLOT="0"
1798 -KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86"
1799 -IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda"
1800 -
1801 -DEPEND="
1802 - libressl? ( dev-libs/libressl:0= )
1803 - !libressl? (
1804 - internal-tls? ( dev-libs/libtommath )
1805 - !internal-tls? ( dev-libs/openssl:0=[-bindist] )
1806 - )
1807 - kernel_linux? (
1808 - dev-libs/libnl:3
1809 - crda? ( net-wireless/crda )
1810 - )
1811 - netlink? ( net-libs/libnfnetlink )
1812 - sqlite? ( >=dev-db/sqlite-3 )"
1813 -
1814 -RDEPEND="${DEPEND}"
1815 -
1816 -S="${S}/${PN}"
1817 -
1818 -pkg_pretend() {
1819 - if use internal-tls; then
1820 - if use libressl; then
1821 - elog "libressl flag takes precedence over internal-tls"
1822 - else
1823 - ewarn "internal-tls implementation is experimental and provides fewer features"
1824 - fi
1825 - fi
1826 -}
1827 -
1828 -src_prepare() {
1829 - # Allow users to apply patches to src/drivers for example,
1830 - # i.e. anything outside ${S}/${PN}
1831 - pushd ../ >/dev/null || die
1832 -
1833 - # Add LibreSSL compatibility patch bug (#567262)
1834 - eapply "${WORKDIR}/${EXTRAS_NAME}/${P}-libressl-compatibility.patch"
1835 -
1836 - # https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
1837 - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch"
1838 - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch"
1839 - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch"
1840 - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch"
1841 - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch"
1842 - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch"
1843 - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch"
1844 -
1845 - eapply "${WORKDIR}/${EXTRAS_NAME}/nl80211-Fix-NL80211_ATTR_SMPS_MODE-encoding.patch"
1846 -
1847 - default
1848 - popd >/dev/null || die
1849 -
1850 - sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \
1851 - "${S}/hostapd.conf" || die
1852 -
1853 -}
1854 -
1855 -src_configure() {
1856 - local CONFIG="${S}/.config"
1857 -
1858 - restore_config "${CONFIG}"
1859 - if [[ -f "${CONFIG}" ]]; then
1860 - default_src_configure
1861 - return 0
1862 - fi
1863 -
1864 - # toolchain setup
1865 - echo "CC = $(tc-getCC)" > ${CONFIG}
1866 -
1867 - # EAP authentication methods
1868 - echo "CONFIG_EAP=y" >> ${CONFIG}
1869 - echo "CONFIG_ERP=y" >> ${CONFIG}
1870 - echo "CONFIG_EAP_MD5=y" >> ${CONFIG}
1871 -
1872 - if use internal-tls && ! use libressl; then
1873 - echo "CONFIG_TLS=internal" >> ${CONFIG}
1874 - else
1875 - # SSL authentication methods
1876 - echo "CONFIG_EAP_FAST=y" >> ${CONFIG}
1877 - echo "CONFIG_EAP_TLS=y" >> ${CONFIG}
1878 - echo "CONFIG_EAP_TTLS=y" >> ${CONFIG}
1879 - echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG}
1880 - echo "CONFIG_EAP_PEAP=y" >> ${CONFIG}
1881 - echo "CONFIG_TLSV11=y" >> ${CONFIG}
1882 - echo "CONFIG_TLSV12=y" >> ${CONFIG}
1883 - echo "CONFIG_EAP_PWD=y" >> ${CONFIG}
1884 - fi
1885 -
1886 - if use wps; then
1887 - # Enable Wi-Fi Protected Setup
1888 - echo "CONFIG_WPS=y" >> ${CONFIG}
1889 - echo "CONFIG_WPS2=y" >> ${CONFIG}
1890 - echo "CONFIG_WPS_UPNP=y" >> ${CONFIG}
1891 - echo "CONFIG_WPS_NFC=y" >> ${CONFIG}
1892 - einfo "Enabling Wi-Fi Protected Setup support"
1893 - fi
1894 -
1895 - echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG}
1896 - echo "CONFIG_EAP_TNC=y" >> ${CONFIG}
1897 - echo "CONFIG_EAP_GTC=y" >> ${CONFIG}
1898 - echo "CONFIG_EAP_SIM=y" >> ${CONFIG}
1899 - echo "CONFIG_EAP_AKA=y" >> ${CONFIG}
1900 - echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG}
1901 - echo "CONFIG_EAP_EKE=y" >> ${CONFIG}
1902 - echo "CONFIG_EAP_PAX=y" >> ${CONFIG}
1903 - echo "CONFIG_EAP_PSK=y" >> ${CONFIG}
1904 - echo "CONFIG_EAP_SAKE=y" >> ${CONFIG}
1905 - echo "CONFIG_EAP_GPSK=y" >> ${CONFIG}
1906 - echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG}
1907 -
1908 - einfo "Enabling drivers: "
1909 -
1910 - # drivers
1911 - echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG}
1912 - einfo " HostAP driver enabled"
1913 - echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG}
1914 - einfo " Wired driver enabled"
1915 - echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG}
1916 - einfo " None driver enabled"
1917 -
1918 - einfo " nl80211 driver enabled"
1919 - echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG}
1920 -
1921 - # epoll
1922 - echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG}
1923 -
1924 - # misc
1925 - echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG}
1926 - echo "CONFIG_PKCS12=y" >> ${CONFIG}
1927 - echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG}
1928 - echo "CONFIG_IAPP=y" >> ${CONFIG}
1929 - echo "CONFIG_IEEE80211R=y" >> ${CONFIG}
1930 - echo "CONFIG_IEEE80211W=y" >> ${CONFIG}
1931 - echo "CONFIG_IEEE80211N=y" >> ${CONFIG}
1932 - echo "CONFIG_IEEE80211AC=y" >> ${CONFIG}
1933 - echo "CONFIG_PEERKEY=y" >> ${CONFIG}
1934 - echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG}
1935 - echo "CONFIG_INTERWORKING=y" >> ${CONFIG}
1936 - echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG}
1937 - echo "CONFIG_HS20=y" >> ${CONFIG}
1938 - echo "CONFIG_WNM=y" >> ${CONFIG}
1939 - echo "CONFIG_FST=y" >> ${CONFIG}
1940 - echo "CONFIG_FST_TEST=y" >> ${CONFIG}
1941 - echo "CONFIG_ACS=y" >> ${CONFIG}
1942 -
1943 - if use netlink; then
1944 - # Netlink support
1945 - echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG}
1946 - fi
1947 -
1948 - if use ipv6; then
1949 - # IPv6 support
1950 - echo "CONFIG_IPV6=y" >> ${CONFIG}
1951 - fi
1952 -
1953 - if use sqlite; then
1954 - # Sqlite support
1955 - echo "CONFIG_SQLITE=y" >> ${CONFIG}
1956 - fi
1957 -
1958 - # If we are using libnl 2.0 and above, enable support for it
1959 - # Removed for now, since the 3.2 version is broken, and we don't
1960 - # support it.
1961 - if has_version ">=dev-libs/libnl-3.2"; then
1962 - echo "CONFIG_LIBNL32=y" >> .config
1963 - fi
1964 -
1965 - # TODO: Add support for BSD drivers
1966 -
1967 - default_src_configure
1968 -}
1969 -
1970 -src_compile() {
1971 - emake V=1
1972 -
1973 - if use libressl || ! use internal-tls; then
1974 - emake V=1 nt_password_hash
1975 - emake V=1 hlr_auc_gw
1976 - fi
1977 -}
1978 -
1979 -src_install() {
1980 - insinto /etc/${PN}
1981 - doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk}
1982 -
1983 - fperms -R 600 /etc/${PN}
1984 -
1985 - dosbin ${PN}
1986 - dobin ${PN}_cli
1987 -
1988 - if use libressl || ! use internal-tls; then
1989 - dobin nt_password_hash hlr_auc_gw
1990 - fi
1991 -
1992 - newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN}
1993 - newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN}
1994 - systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service
1995 -
1996 - doman ${PN}{.8,_cli.1}
1997 -
1998 - dodoc ChangeLog README
1999 - use wps && dodoc README-WPS
2000 -
2001 - docinto examples
2002 - dodoc wired.conf
2003 -
2004 - if use logwatch; then
2005 - insinto /etc/log.d/conf/services/
2006 - doins logwatch/${PN}.conf
2007 -
2008 - exeinto /etc/log.d/scripts/services/
2009 - doexe logwatch/${PN}
2010 - fi
2011 -
2012 - save_config .config
2013 -}
2014 -
2015 -pkg_postinst() {
2016 - einfo
2017 - einfo "If you are running openRC you need to follow this instructions:"
2018 - einfo "In order to use ${PN} you need to set up your wireless card"
2019 - einfo "for master mode in /etc/conf.d/net and then start"
2020 - einfo "/etc/init.d/${PN}."
2021 - einfo
2022 - einfo "Example configuration:"
2023 - einfo
2024 - einfo "config_wlan0=( \"192.168.1.1/24\" )"
2025 - einfo "channel_wlan0=\"6\""
2026 - einfo "essid_wlan0=\"test\""
2027 - einfo "mode_wlan0=\"master\""
2028 - einfo
2029 - #if [ -e "${KV_DIR}"/net/mac80211 ]; then
2030 - # einfo "This package now compiles against the headers installed by"
2031 - # einfo "the kernel source for the mac80211 driver. You should "
2032 - # einfo "re-emerge ${PN} after upgrading your kernel source."
2033 - #fi
2034 -
2035 - if use wps; then
2036 - einfo "You have enabled Wi-Fi Protected Setup support, please"
2037 - einfo "read the README-WPS file in /usr/share/doc/${P}"
2038 - einfo "for info on how to use WPS"
2039 - fi
2040 -}
2041
2042 diff --git a/net-wireless/hostapd/hostapd-2.6_p20180822.ebuild b/net-wireless/hostapd/hostapd-2.6_p20180822.ebuild
2043 deleted file mode 100644
2044 index 342d0151c2d..00000000000
2045 --- a/net-wireless/hostapd/hostapd-2.6_p20180822.ebuild
2046 +++ /dev/null
2047 @@ -1,262 +0,0 @@
2048 -# Copyright 1999-2018 Gentoo Foundation
2049 -# Distributed under the terms of the GNU General Public License v2
2050 -
2051 -EAPI="6"
2052 -
2053 -inherit toolchain-funcs eutils systemd savedconfig
2054 -
2055 -DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon"
2056 -HOMEPAGE="http://w1.fi"
2057 -EXTRAS_VER="2.6-r5"
2058 -EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras"
2059 -SRC_URI="https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz"
2060 -
2061 -if [[ $PV == 9999 ]]; then
2062 - inherit git-r3
2063 - EGIT_REPO_URI="https://w1.fi/hostap.git"
2064 -else
2065 - if [[ $PV =~ ^.*_p[0-9]{8}$ ]]; then
2066 - SRC_URI+=" https://dev.gentoo.org/~andrey_utkin/distfiles/${P}.tar.xz"
2067 - else
2068 - SRC_URI+=" https://w1.fi/releases/${P}.tar.gz"
2069 - fi
2070 - # Never stabilize snapshot ebuilds please
2071 - KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86"
2072 -fi
2073 -
2074 -LICENSE="BSD"
2075 -SLOT="0"
2076 -IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda"
2077 -
2078 -DEPEND="
2079 - libressl? ( dev-libs/libressl:0= )
2080 - !libressl? (
2081 - internal-tls? ( dev-libs/libtommath )
2082 - !internal-tls? ( dev-libs/openssl:0=[-bindist] )
2083 - )
2084 - kernel_linux? (
2085 - dev-libs/libnl:3
2086 - crda? ( net-wireless/crda )
2087 - )
2088 - netlink? ( net-libs/libnfnetlink )
2089 - sqlite? ( >=dev-db/sqlite-3 )"
2090 -
2091 -RDEPEND="${DEPEND}"
2092 -
2093 -S="${S}/${PN}"
2094 -
2095 -pkg_pretend() {
2096 - if use internal-tls; then
2097 - if use libressl; then
2098 - elog "libressl flag takes precedence over internal-tls"
2099 - else
2100 - ewarn "internal-tls implementation is experimental and provides fewer features"
2101 - fi
2102 - fi
2103 -}
2104 -
2105 -src_unpack() {
2106 - # Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
2107 - default
2108 - if [[ ${PV} == 9999 ]] ; then
2109 - git-r3_src_unpack
2110 - fi
2111 -}
2112 -
2113 -src_prepare() {
2114 - # Allow users to apply patches to src/drivers for example,
2115 - # i.e. anything outside ${S}/${PN}
2116 - pushd ../ >/dev/null || die
2117 - default
2118 - popd >/dev/null || die
2119 -
2120 - sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \
2121 - "${S}/hostapd.conf" || die
2122 -}
2123 -
2124 -src_configure() {
2125 - local CONFIG="${S}/.config"
2126 -
2127 - restore_config "${CONFIG}"
2128 - if [[ -f "${CONFIG}" ]]; then
2129 - default_src_configure
2130 - return 0
2131 - fi
2132 -
2133 - # toolchain setup
2134 - echo "CC = $(tc-getCC)" > ${CONFIG}
2135 -
2136 - # EAP authentication methods
2137 - echo "CONFIG_EAP=y" >> ${CONFIG}
2138 - echo "CONFIG_ERP=y" >> ${CONFIG}
2139 - echo "CONFIG_EAP_MD5=y" >> ${CONFIG}
2140 -
2141 - if use internal-tls && ! use libressl; then
2142 - echo "CONFIG_TLS=internal" >> ${CONFIG}
2143 - else
2144 - # SSL authentication methods
2145 - echo "CONFIG_EAP_FAST=y" >> ${CONFIG}
2146 - echo "CONFIG_EAP_TLS=y" >> ${CONFIG}
2147 - echo "CONFIG_EAP_TTLS=y" >> ${CONFIG}
2148 - echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG}
2149 - echo "CONFIG_EAP_PEAP=y" >> ${CONFIG}
2150 - echo "CONFIG_TLSV11=y" >> ${CONFIG}
2151 - echo "CONFIG_TLSV12=y" >> ${CONFIG}
2152 - echo "CONFIG_EAP_PWD=y" >> ${CONFIG}
2153 - fi
2154 -
2155 - if use wps; then
2156 - # Enable Wi-Fi Protected Setup
2157 - echo "CONFIG_WPS=y" >> ${CONFIG}
2158 - echo "CONFIG_WPS2=y" >> ${CONFIG}
2159 - echo "CONFIG_WPS_UPNP=y" >> ${CONFIG}
2160 - echo "CONFIG_WPS_NFC=y" >> ${CONFIG}
2161 - einfo "Enabling Wi-Fi Protected Setup support"
2162 - fi
2163 -
2164 - echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG}
2165 - echo "CONFIG_EAP_TNC=y" >> ${CONFIG}
2166 - echo "CONFIG_EAP_GTC=y" >> ${CONFIG}
2167 - echo "CONFIG_EAP_SIM=y" >> ${CONFIG}
2168 - echo "CONFIG_EAP_AKA=y" >> ${CONFIG}
2169 - echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG}
2170 - echo "CONFIG_EAP_EKE=y" >> ${CONFIG}
2171 - echo "CONFIG_EAP_PAX=y" >> ${CONFIG}
2172 - echo "CONFIG_EAP_PSK=y" >> ${CONFIG}
2173 - echo "CONFIG_EAP_SAKE=y" >> ${CONFIG}
2174 - echo "CONFIG_EAP_GPSK=y" >> ${CONFIG}
2175 - echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG}
2176 -
2177 - einfo "Enabling drivers: "
2178 -
2179 - # drivers
2180 - echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG}
2181 - einfo " HostAP driver enabled"
2182 - echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG}
2183 - einfo " Wired driver enabled"
2184 - echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG}
2185 - einfo " None driver enabled"
2186 -
2187 - einfo " nl80211 driver enabled"
2188 - echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG}
2189 -
2190 - # epoll
2191 - echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG}
2192 -
2193 - # misc
2194 - echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG}
2195 - echo "CONFIG_PKCS12=y" >> ${CONFIG}
2196 - echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG}
2197 - echo "CONFIG_IAPP=y" >> ${CONFIG}
2198 - echo "CONFIG_IEEE80211R=y" >> ${CONFIG}
2199 - echo "CONFIG_IEEE80211W=y" >> ${CONFIG}
2200 - echo "CONFIG_IEEE80211N=y" >> ${CONFIG}
2201 - echo "CONFIG_IEEE80211AC=y" >> ${CONFIG}
2202 - echo "CONFIG_PEERKEY=y" >> ${CONFIG}
2203 - echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG}
2204 - echo "CONFIG_INTERWORKING=y" >> ${CONFIG}
2205 - echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG}
2206 - echo "CONFIG_HS20=y" >> ${CONFIG}
2207 - echo "CONFIG_WNM=y" >> ${CONFIG}
2208 - echo "CONFIG_FST=y" >> ${CONFIG}
2209 - echo "CONFIG_FST_TEST=y" >> ${CONFIG}
2210 - echo "CONFIG_ACS=y" >> ${CONFIG}
2211 -
2212 - if use netlink; then
2213 - # Netlink support
2214 - echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG}
2215 - fi
2216 -
2217 - if use ipv6; then
2218 - # IPv6 support
2219 - echo "CONFIG_IPV6=y" >> ${CONFIG}
2220 - fi
2221 -
2222 - if use sqlite; then
2223 - # Sqlite support
2224 - echo "CONFIG_SQLITE=y" >> ${CONFIG}
2225 - fi
2226 -
2227 - # If we are using libnl 2.0 and above, enable support for it
2228 - # Removed for now, since the 3.2 version is broken, and we don't
2229 - # support it.
2230 - if has_version ">=dev-libs/libnl-3.2"; then
2231 - echo "CONFIG_LIBNL32=y" >> .config
2232 - fi
2233 -
2234 - # TODO: Add support for BSD drivers
2235 -
2236 - default_src_configure
2237 -}
2238 -
2239 -src_compile() {
2240 - emake V=1
2241 -
2242 - if use libressl || ! use internal-tls; then
2243 - emake V=1 nt_password_hash
2244 - emake V=1 hlr_auc_gw
2245 - fi
2246 -}
2247 -
2248 -src_install() {
2249 - insinto /etc/${PN}
2250 - doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk}
2251 -
2252 - fperms -R 600 /etc/${PN}
2253 -
2254 - dosbin ${PN}
2255 - dobin ${PN}_cli
2256 -
2257 - if use libressl || ! use internal-tls; then
2258 - dobin nt_password_hash hlr_auc_gw
2259 - fi
2260 -
2261 - newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN}
2262 - newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN}
2263 - systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service
2264 -
2265 - doman ${PN}{.8,_cli.1}
2266 -
2267 - dodoc ChangeLog README
2268 - use wps && dodoc README-WPS
2269 -
2270 - docinto examples
2271 - dodoc wired.conf
2272 -
2273 - if use logwatch; then
2274 - insinto /etc/log.d/conf/services/
2275 - doins logwatch/${PN}.conf
2276 -
2277 - exeinto /etc/log.d/scripts/services/
2278 - doexe logwatch/${PN}
2279 - fi
2280 -
2281 - save_config .config
2282 -}
2283 -
2284 -pkg_postinst() {
2285 - einfo
2286 - einfo "If you are running openRC you need to follow this instructions:"
2287 - einfo "In order to use ${PN} you need to set up your wireless card"
2288 - einfo "for master mode in /etc/conf.d/net and then start"
2289 - einfo "/etc/init.d/${PN}."
2290 - einfo
2291 - einfo "Example configuration:"
2292 - einfo
2293 - einfo "config_wlan0=( \"192.168.1.1/24\" )"
2294 - einfo "channel_wlan0=\"6\""
2295 - einfo "essid_wlan0=\"test\""
2296 - einfo "mode_wlan0=\"master\""
2297 - einfo
2298 - #if [ -e "${KV_DIR}"/net/mac80211 ]; then
2299 - # einfo "This package now compiles against the headers installed by"
2300 - # einfo "the kernel source for the mac80211 driver. You should "
2301 - # einfo "re-emerge ${PN} after upgrading your kernel source."
2302 - #fi
2303 -
2304 - if use wps; then
2305 - einfo "You have enabled Wi-Fi Protected Setup support, please"
2306 - einfo "read the README-WPS file in /usr/share/doc/${P}"
2307 - einfo "for info on how to use WPS"
2308 - fi
2309 -}
2310
2311 diff --git a/net-wireless/hostapd/hostapd-2.7-r1.ebuild b/net-wireless/hostapd/hostapd-2.7-r1.ebuild
2312 deleted file mode 100644
2313 index a7e0d6678cb..00000000000
2314 --- a/net-wireless/hostapd/hostapd-2.7-r1.ebuild
2315 +++ /dev/null
2316 @@ -1,266 +0,0 @@
2317 -# Copyright 1999-2018 Gentoo Authors
2318 -# Distributed under the terms of the GNU General Public License v2
2319 -
2320 -EAPI="6"
2321 -
2322 -inherit toolchain-funcs eutils systemd savedconfig
2323 -
2324 -DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon"
2325 -HOMEPAGE="http://w1.fi"
2326 -EXTRAS_VER="2.7-r1"
2327 -EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras"
2328 -SRC_URI="https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz"
2329 -
2330 -if [[ $PV == 9999 ]]; then
2331 - inherit git-r3
2332 - EGIT_REPO_URI="https://w1.fi/hostap.git"
2333 -else
2334 - if [[ $PV =~ ^.*_p[0-9]{8}$ ]]; then
2335 - SRC_URI+=" https://dev.gentoo.org/~andrey_utkin/distfiles/${P}.tar.xz"
2336 - else
2337 - SRC_URI+=" https://w1.fi/releases/${P}.tar.gz"
2338 - fi
2339 - # Never stabilize snapshot ebuilds please
2340 - KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86"
2341 -fi
2342 -
2343 -LICENSE="BSD"
2344 -SLOT="0"
2345 -IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda"
2346 -
2347 -DEPEND="
2348 - libressl? ( dev-libs/libressl:0= )
2349 - !libressl? (
2350 - internal-tls? ( dev-libs/libtommath )
2351 - !internal-tls? ( dev-libs/openssl:0=[-bindist] )
2352 - )
2353 - kernel_linux? (
2354 - dev-libs/libnl:3
2355 - crda? ( net-wireless/crda )
2356 - )
2357 - netlink? ( net-libs/libnfnetlink )
2358 - sqlite? ( >=dev-db/sqlite-3 )"
2359 -
2360 -RDEPEND="${DEPEND}"
2361 -
2362 -PATCHES=(
2363 - "${WORKDIR}/${EXTRAS_NAME}/0001-bug672834-libressl.patch"
2364 -)
2365 -
2366 -S="${S}/${PN}"
2367 -
2368 -pkg_pretend() {
2369 - if use internal-tls; then
2370 - if use libressl; then
2371 - elog "libressl flag takes precedence over internal-tls"
2372 - else
2373 - ewarn "internal-tls implementation is experimental and provides fewer features"
2374 - fi
2375 - fi
2376 -}
2377 -
2378 -src_unpack() {
2379 - # Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
2380 - default
2381 - if [[ ${PV} == 9999 ]] ; then
2382 - git-r3_src_unpack
2383 - fi
2384 -}
2385 -
2386 -src_prepare() {
2387 - # Allow users to apply patches to src/drivers for example,
2388 - # i.e. anything outside ${S}/${PN}
2389 - pushd ../ >/dev/null || die
2390 - default
2391 - popd >/dev/null || die
2392 -
2393 - sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \
2394 - "${S}/hostapd.conf" || die
2395 -}
2396 -
2397 -src_configure() {
2398 - local CONFIG="${S}/.config"
2399 -
2400 - restore_config "${CONFIG}"
2401 - if [[ -f "${CONFIG}" ]]; then
2402 - default_src_configure
2403 - return 0
2404 - fi
2405 -
2406 - # toolchain setup
2407 - echo "CC = $(tc-getCC)" > ${CONFIG}
2408 -
2409 - # EAP authentication methods
2410 - echo "CONFIG_EAP=y" >> ${CONFIG}
2411 - echo "CONFIG_ERP=y" >> ${CONFIG}
2412 - echo "CONFIG_EAP_MD5=y" >> ${CONFIG}
2413 -
2414 - if use internal-tls && ! use libressl; then
2415 - echo "CONFIG_TLS=internal" >> ${CONFIG}
2416 - else
2417 - # SSL authentication methods
2418 - echo "CONFIG_EAP_FAST=y" >> ${CONFIG}
2419 - echo "CONFIG_EAP_TLS=y" >> ${CONFIG}
2420 - echo "CONFIG_EAP_TTLS=y" >> ${CONFIG}
2421 - echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG}
2422 - echo "CONFIG_EAP_PEAP=y" >> ${CONFIG}
2423 - echo "CONFIG_TLSV11=y" >> ${CONFIG}
2424 - echo "CONFIG_TLSV12=y" >> ${CONFIG}
2425 - echo "CONFIG_EAP_PWD=y" >> ${CONFIG}
2426 - fi
2427 -
2428 - if use wps; then
2429 - # Enable Wi-Fi Protected Setup
2430 - echo "CONFIG_WPS=y" >> ${CONFIG}
2431 - echo "CONFIG_WPS2=y" >> ${CONFIG}
2432 - echo "CONFIG_WPS_UPNP=y" >> ${CONFIG}
2433 - echo "CONFIG_WPS_NFC=y" >> ${CONFIG}
2434 - einfo "Enabling Wi-Fi Protected Setup support"
2435 - fi
2436 -
2437 - echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG}
2438 - echo "CONFIG_EAP_TNC=y" >> ${CONFIG}
2439 - echo "CONFIG_EAP_GTC=y" >> ${CONFIG}
2440 - echo "CONFIG_EAP_SIM=y" >> ${CONFIG}
2441 - echo "CONFIG_EAP_AKA=y" >> ${CONFIG}
2442 - echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG}
2443 - echo "CONFIG_EAP_EKE=y" >> ${CONFIG}
2444 - echo "CONFIG_EAP_PAX=y" >> ${CONFIG}
2445 - echo "CONFIG_EAP_PSK=y" >> ${CONFIG}
2446 - echo "CONFIG_EAP_SAKE=y" >> ${CONFIG}
2447 - echo "CONFIG_EAP_GPSK=y" >> ${CONFIG}
2448 - echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG}
2449 -
2450 - einfo "Enabling drivers: "
2451 -
2452 - # drivers
2453 - echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG}
2454 - einfo " HostAP driver enabled"
2455 - echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG}
2456 - einfo " Wired driver enabled"
2457 - echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG}
2458 - einfo " None driver enabled"
2459 -
2460 - einfo " nl80211 driver enabled"
2461 - echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG}
2462 -
2463 - # epoll
2464 - echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG}
2465 -
2466 - # misc
2467 - echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG}
2468 - echo "CONFIG_PKCS12=y" >> ${CONFIG}
2469 - echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG}
2470 - echo "CONFIG_IAPP=y" >> ${CONFIG}
2471 - echo "CONFIG_IEEE80211R=y" >> ${CONFIG}
2472 - echo "CONFIG_IEEE80211W=y" >> ${CONFIG}
2473 - echo "CONFIG_IEEE80211N=y" >> ${CONFIG}
2474 - echo "CONFIG_IEEE80211AC=y" >> ${CONFIG}
2475 - echo "CONFIG_PEERKEY=y" >> ${CONFIG}
2476 - echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG}
2477 - echo "CONFIG_INTERWORKING=y" >> ${CONFIG}
2478 - echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG}
2479 - echo "CONFIG_HS20=y" >> ${CONFIG}
2480 - echo "CONFIG_WNM=y" >> ${CONFIG}
2481 - echo "CONFIG_FST=y" >> ${CONFIG}
2482 - echo "CONFIG_FST_TEST=y" >> ${CONFIG}
2483 - echo "CONFIG_ACS=y" >> ${CONFIG}
2484 -
2485 - if use netlink; then
2486 - # Netlink support
2487 - echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG}
2488 - fi
2489 -
2490 - if use ipv6; then
2491 - # IPv6 support
2492 - echo "CONFIG_IPV6=y" >> ${CONFIG}
2493 - fi
2494 -
2495 - if use sqlite; then
2496 - # Sqlite support
2497 - echo "CONFIG_SQLITE=y" >> ${CONFIG}
2498 - fi
2499 -
2500 - # If we are using libnl 2.0 and above, enable support for it
2501 - # Removed for now, since the 3.2 version is broken, and we don't
2502 - # support it.
2503 - if has_version ">=dev-libs/libnl-3.2"; then
2504 - echo "CONFIG_LIBNL32=y" >> .config
2505 - fi
2506 -
2507 - # TODO: Add support for BSD drivers
2508 -
2509 - default_src_configure
2510 -}
2511 -
2512 -src_compile() {
2513 - emake V=1
2514 -
2515 - if use libressl || ! use internal-tls; then
2516 - emake V=1 nt_password_hash
2517 - emake V=1 hlr_auc_gw
2518 - fi
2519 -}
2520 -
2521 -src_install() {
2522 - insinto /etc/${PN}
2523 - doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk}
2524 -
2525 - fperms -R 600 /etc/${PN}
2526 -
2527 - dosbin ${PN}
2528 - dobin ${PN}_cli
2529 -
2530 - if use libressl || ! use internal-tls; then
2531 - dobin nt_password_hash hlr_auc_gw
2532 - fi
2533 -
2534 - newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN}
2535 - newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN}
2536 - systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service
2537 -
2538 - doman ${PN}{.8,_cli.1}
2539 -
2540 - dodoc ChangeLog README
2541 - use wps && dodoc README-WPS
2542 -
2543 - docinto examples
2544 - dodoc wired.conf
2545 -
2546 - if use logwatch; then
2547 - insinto /etc/log.d/conf/services/
2548 - doins logwatch/${PN}.conf
2549 -
2550 - exeinto /etc/log.d/scripts/services/
2551 - doexe logwatch/${PN}
2552 - fi
2553 -
2554 - save_config .config
2555 -}
2556 -
2557 -pkg_postinst() {
2558 - einfo
2559 - einfo "If you are running openRC you need to follow this instructions:"
2560 - einfo "In order to use ${PN} you need to set up your wireless card"
2561 - einfo "for master mode in /etc/conf.d/net and then start"
2562 - einfo "/etc/init.d/${PN}."
2563 - einfo
2564 - einfo "Example configuration:"
2565 - einfo
2566 - einfo "config_wlan0=( \"192.168.1.1/24\" )"
2567 - einfo "channel_wlan0=\"6\""
2568 - einfo "essid_wlan0=\"test\""
2569 - einfo "mode_wlan0=\"master\""
2570 - einfo
2571 - #if [ -e "${KV_DIR}"/net/mac80211 ]; then
2572 - # einfo "This package now compiles against the headers installed by"
2573 - # einfo "the kernel source for the mac80211 driver. You should "
2574 - # einfo "re-emerge ${PN} after upgrading your kernel source."
2575 - #fi
2576 -
2577 - if use wps; then
2578 - einfo "You have enabled Wi-Fi Protected Setup support, please"
2579 - einfo "read the README-WPS file in /usr/share/doc/${P}"
2580 - einfo "for info on how to use WPS"
2581 - fi
2582 -}
2583
2584 diff --git a/net-wireless/hostapd/hostapd-2.7.ebuild b/net-wireless/hostapd/hostapd-2.7.ebuild
2585 deleted file mode 100644
2586 index 6e23c9c8295..00000000000
2587 --- a/net-wireless/hostapd/hostapd-2.7.ebuild
2588 +++ /dev/null
2589 @@ -1,262 +0,0 @@
2590 -# Copyright 1999-2018 Gentoo Authors
2591 -# Distributed under the terms of the GNU General Public License v2
2592 -
2593 -EAPI="6"
2594 -
2595 -inherit toolchain-funcs eutils systemd savedconfig
2596 -
2597 -DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon"
2598 -HOMEPAGE="http://w1.fi"
2599 -EXTRAS_VER="2.6-r5"
2600 -EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras"
2601 -SRC_URI="https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz"
2602 -
2603 -if [[ $PV == 9999 ]]; then
2604 - inherit git-r3
2605 - EGIT_REPO_URI="https://w1.fi/hostap.git"
2606 -else
2607 - if [[ $PV =~ ^.*_p[0-9]{8}$ ]]; then
2608 - SRC_URI+=" https://dev.gentoo.org/~andrey_utkin/distfiles/${P}.tar.xz"
2609 - else
2610 - SRC_URI+=" https://w1.fi/releases/${P}.tar.gz"
2611 - fi
2612 - # Never stabilize snapshot ebuilds please
2613 - KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86"
2614 -fi
2615 -
2616 -LICENSE="BSD"
2617 -SLOT="0"
2618 -IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda"
2619 -
2620 -DEPEND="
2621 - libressl? ( dev-libs/libressl:0= )
2622 - !libressl? (
2623 - internal-tls? ( dev-libs/libtommath )
2624 - !internal-tls? ( dev-libs/openssl:0=[-bindist] )
2625 - )
2626 - kernel_linux? (
2627 - dev-libs/libnl:3
2628 - crda? ( net-wireless/crda )
2629 - )
2630 - netlink? ( net-libs/libnfnetlink )
2631 - sqlite? ( >=dev-db/sqlite-3 )"
2632 -
2633 -RDEPEND="${DEPEND}"
2634 -
2635 -S="${S}/${PN}"
2636 -
2637 -pkg_pretend() {
2638 - if use internal-tls; then
2639 - if use libressl; then
2640 - elog "libressl flag takes precedence over internal-tls"
2641 - else
2642 - ewarn "internal-tls implementation is experimental and provides fewer features"
2643 - fi
2644 - fi
2645 -}
2646 -
2647 -src_unpack() {
2648 - # Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
2649 - default
2650 - if [[ ${PV} == 9999 ]] ; then
2651 - git-r3_src_unpack
2652 - fi
2653 -}
2654 -
2655 -src_prepare() {
2656 - # Allow users to apply patches to src/drivers for example,
2657 - # i.e. anything outside ${S}/${PN}
2658 - pushd ../ >/dev/null || die
2659 - default
2660 - popd >/dev/null || die
2661 -
2662 - sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \
2663 - "${S}/hostapd.conf" || die
2664 -}
2665 -
2666 -src_configure() {
2667 - local CONFIG="${S}/.config"
2668 -
2669 - restore_config "${CONFIG}"
2670 - if [[ -f "${CONFIG}" ]]; then
2671 - default_src_configure
2672 - return 0
2673 - fi
2674 -
2675 - # toolchain setup
2676 - echo "CC = $(tc-getCC)" > ${CONFIG}
2677 -
2678 - # EAP authentication methods
2679 - echo "CONFIG_EAP=y" >> ${CONFIG}
2680 - echo "CONFIG_ERP=y" >> ${CONFIG}
2681 - echo "CONFIG_EAP_MD5=y" >> ${CONFIG}
2682 -
2683 - if use internal-tls && ! use libressl; then
2684 - echo "CONFIG_TLS=internal" >> ${CONFIG}
2685 - else
2686 - # SSL authentication methods
2687 - echo "CONFIG_EAP_FAST=y" >> ${CONFIG}
2688 - echo "CONFIG_EAP_TLS=y" >> ${CONFIG}
2689 - echo "CONFIG_EAP_TTLS=y" >> ${CONFIG}
2690 - echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG}
2691 - echo "CONFIG_EAP_PEAP=y" >> ${CONFIG}
2692 - echo "CONFIG_TLSV11=y" >> ${CONFIG}
2693 - echo "CONFIG_TLSV12=y" >> ${CONFIG}
2694 - echo "CONFIG_EAP_PWD=y" >> ${CONFIG}
2695 - fi
2696 -
2697 - if use wps; then
2698 - # Enable Wi-Fi Protected Setup
2699 - echo "CONFIG_WPS=y" >> ${CONFIG}
2700 - echo "CONFIG_WPS2=y" >> ${CONFIG}
2701 - echo "CONFIG_WPS_UPNP=y" >> ${CONFIG}
2702 - echo "CONFIG_WPS_NFC=y" >> ${CONFIG}
2703 - einfo "Enabling Wi-Fi Protected Setup support"
2704 - fi
2705 -
2706 - echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG}
2707 - echo "CONFIG_EAP_TNC=y" >> ${CONFIG}
2708 - echo "CONFIG_EAP_GTC=y" >> ${CONFIG}
2709 - echo "CONFIG_EAP_SIM=y" >> ${CONFIG}
2710 - echo "CONFIG_EAP_AKA=y" >> ${CONFIG}
2711 - echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG}
2712 - echo "CONFIG_EAP_EKE=y" >> ${CONFIG}
2713 - echo "CONFIG_EAP_PAX=y" >> ${CONFIG}
2714 - echo "CONFIG_EAP_PSK=y" >> ${CONFIG}
2715 - echo "CONFIG_EAP_SAKE=y" >> ${CONFIG}
2716 - echo "CONFIG_EAP_GPSK=y" >> ${CONFIG}
2717 - echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG}
2718 -
2719 - einfo "Enabling drivers: "
2720 -
2721 - # drivers
2722 - echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG}
2723 - einfo " HostAP driver enabled"
2724 - echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG}
2725 - einfo " Wired driver enabled"
2726 - echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG}
2727 - einfo " None driver enabled"
2728 -
2729 - einfo " nl80211 driver enabled"
2730 - echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG}
2731 -
2732 - # epoll
2733 - echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG}
2734 -
2735 - # misc
2736 - echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG}
2737 - echo "CONFIG_PKCS12=y" >> ${CONFIG}
2738 - echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG}
2739 - echo "CONFIG_IAPP=y" >> ${CONFIG}
2740 - echo "CONFIG_IEEE80211R=y" >> ${CONFIG}
2741 - echo "CONFIG_IEEE80211W=y" >> ${CONFIG}
2742 - echo "CONFIG_IEEE80211N=y" >> ${CONFIG}
2743 - echo "CONFIG_IEEE80211AC=y" >> ${CONFIG}
2744 - echo "CONFIG_PEERKEY=y" >> ${CONFIG}
2745 - echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG}
2746 - echo "CONFIG_INTERWORKING=y" >> ${CONFIG}
2747 - echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG}
2748 - echo "CONFIG_HS20=y" >> ${CONFIG}
2749 - echo "CONFIG_WNM=y" >> ${CONFIG}
2750 - echo "CONFIG_FST=y" >> ${CONFIG}
2751 - echo "CONFIG_FST_TEST=y" >> ${CONFIG}
2752 - echo "CONFIG_ACS=y" >> ${CONFIG}
2753 -
2754 - if use netlink; then
2755 - # Netlink support
2756 - echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG}
2757 - fi
2758 -
2759 - if use ipv6; then
2760 - # IPv6 support
2761 - echo "CONFIG_IPV6=y" >> ${CONFIG}
2762 - fi
2763 -
2764 - if use sqlite; then
2765 - # Sqlite support
2766 - echo "CONFIG_SQLITE=y" >> ${CONFIG}
2767 - fi
2768 -
2769 - # If we are using libnl 2.0 and above, enable support for it
2770 - # Removed for now, since the 3.2 version is broken, and we don't
2771 - # support it.
2772 - if has_version ">=dev-libs/libnl-3.2"; then
2773 - echo "CONFIG_LIBNL32=y" >> .config
2774 - fi
2775 -
2776 - # TODO: Add support for BSD drivers
2777 -
2778 - default_src_configure
2779 -}
2780 -
2781 -src_compile() {
2782 - emake V=1
2783 -
2784 - if use libressl || ! use internal-tls; then
2785 - emake V=1 nt_password_hash
2786 - emake V=1 hlr_auc_gw
2787 - fi
2788 -}
2789 -
2790 -src_install() {
2791 - insinto /etc/${PN}
2792 - doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk}
2793 -
2794 - fperms -R 600 /etc/${PN}
2795 -
2796 - dosbin ${PN}
2797 - dobin ${PN}_cli
2798 -
2799 - if use libressl || ! use internal-tls; then
2800 - dobin nt_password_hash hlr_auc_gw
2801 - fi
2802 -
2803 - newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN}
2804 - newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN}
2805 - systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service
2806 -
2807 - doman ${PN}{.8,_cli.1}
2808 -
2809 - dodoc ChangeLog README
2810 - use wps && dodoc README-WPS
2811 -
2812 - docinto examples
2813 - dodoc wired.conf
2814 -
2815 - if use logwatch; then
2816 - insinto /etc/log.d/conf/services/
2817 - doins logwatch/${PN}.conf
2818 -
2819 - exeinto /etc/log.d/scripts/services/
2820 - doexe logwatch/${PN}
2821 - fi
2822 -
2823 - save_config .config
2824 -}
2825 -
2826 -pkg_postinst() {
2827 - einfo
2828 - einfo "If you are running openRC you need to follow this instructions:"
2829 - einfo "In order to use ${PN} you need to set up your wireless card"
2830 - einfo "for master mode in /etc/conf.d/net and then start"
2831 - einfo "/etc/init.d/${PN}."
2832 - einfo
2833 - einfo "Example configuration:"
2834 - einfo
2835 - einfo "config_wlan0=( \"192.168.1.1/24\" )"
2836 - einfo "channel_wlan0=\"6\""
2837 - einfo "essid_wlan0=\"test\""
2838 - einfo "mode_wlan0=\"master\""
2839 - einfo
2840 - #if [ -e "${KV_DIR}"/net/mac80211 ]; then
2841 - # einfo "This package now compiles against the headers installed by"
2842 - # einfo "the kernel source for the mac80211 driver. You should "
2843 - # einfo "re-emerge ${PN} after upgrading your kernel source."
2844 - #fi
2845 -
2846 - if use wps; then
2847 - einfo "You have enabled Wi-Fi Protected Setup support, please"
2848 - einfo "read the README-WPS file in /usr/share/doc/${P}"
2849 - einfo "for info on how to use WPS"
2850 - fi
2851 -}
Report Message
Find on MARC Find on Google Groups