[gentoo-commits] repo/gentoo:master commit in: net-wireless/hostapd/files/, net-wireless/hostapd/ - gentoo-commits

From:	Rick Farina <zerochaos@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-wireless/hostapd/files/, net-wireless/hostapd/
Date:	Mon, 04 Nov 2019 16:41:11
Message-Id:	`1572885657.e00db75c895fc30a6a4ec7429a2dd0035fa217c0.zerochaos@gentoo`

1

commit:     e00db75c895fc30a6a4ec7429a2dd0035fa217c0

2

Author:     Rick Farina <zerochaos <AT> gentoo <DOT> org>

3

AuthorDate: Mon Nov  4 16:40:57 2019 +0000

4

Commit:     Rick Farina <zerochaos <AT> gentoo <DOT> org>

5

CommitDate: Mon Nov  4 16:40:57 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e00db75c

7

8

net-wireless/hostapd: fix and stabilize for bug #696032

9

10

Package-Manager: Portage-2.3.78, Repoman-2.3.17

11

Signed-off-by: Rick Farina <zerochaos <AT> gentoo.org>

12

13

 ...y-ignore-management-frame-from-unexpected.patch |  73 ++++++

14

 net-wireless/hostapd/hostapd-2.9-r1.ebuild         | 264 +++++++++++++++++++++

15

 2 files changed, 337 insertions(+)

16

17

diff --git a/net-wireless/hostapd/files/hostapd-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch b/net-wireless/hostapd/files/hostapd-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch

18

new file mode 100644

19

index 00000000000..d764a9db016

20

--- /dev/null

21

+++ b/net-wireless/hostapd/files/hostapd-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch

22

@@ -0,0 +1,73 @@

23

+From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001

24

+From: Jouni Malinen <j@××.fi>

25

+Date: Thu, 29 Aug 2019 11:52:04 +0300

26

+Subject: [PATCH] AP: Silently ignore management frame from unexpected source

27

+ address

28

+

29

+Do not process any received Management frames with unexpected/invalid SA

30

+so that we do not add any state for unexpected STA addresses or end up

31

+sending out frames to unexpected destination. This prevents unexpected

32

+sequences where an unprotected frame might end up causing the AP to send

33

+out a response to another device and that other device processing the

34

+unexpected response.

35

+

36

+In particular, this prevents some potential denial of service cases

37

+where the unexpected response frame from the AP might result in a

38

+connected station dropping its association.

39

+

40

+Signed-off-by: Jouni Malinen <j@××.fi>

41

+---

42

+ src/ap/drv_callbacks.c | 13 +++++++++++++

43

+ src/ap/ieee802_11.c    | 12 ++++++++++++

44

+ 2 files changed, 25 insertions(+)

45

+

46

+diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c

47

+index 31587685fe3b..34ca379edc3d 100644

48

+--- a/src/ap/drv_callbacks.c

49

++++ b/src/ap/drv_callbacks.c

50

+@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,

51

+ 			   "hostapd_notif_assoc: Skip event with no address");

52

+ 		return -1;

53

+ 	}

54

++

55

++	if (is_multicast_ether_addr(addr) ||

56

++	    is_zero_ether_addr(addr) ||

57

++	    os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {

58

++		/* Do not process any frames with unexpected/invalid SA so that

59

++		 * we do not add any state for unexpected STA addresses or end

60

++		 * up sending out frames to unexpected destination. */

61

++		wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR

62

++			   " in received indication - ignore this indication silently",

63

++			   __func__, MAC2STR(addr));

64

++		return 0;

65

++	}

66

++

67

+ 	random_add_randomness(addr, ETH_ALEN);

68

+

69

+ 	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,

70

+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c

71

+index c85a28db44b7..e7065372e158 100644

72

+--- a/src/ap/ieee802_11.c

73

++++ b/src/ap/ieee802_11.c

74

+@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,

75

+ 	fc = le_to_host16(mgmt->frame_control);

76

+ 	stype = WLAN_FC_GET_STYPE(fc);

77

+

78

++	if (is_multicast_ether_addr(mgmt->sa) ||

79

++	    is_zero_ether_addr(mgmt->sa) ||

80

++	    os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {

81

++		/* Do not process any frames with unexpected/invalid SA so that

82

++		 * we do not add any state for unexpected STA addresses or end

83

++		 * up sending out frames to unexpected destination. */

84

++		wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR

85

++			   " in received frame - ignore this frame silently",

86

++			   MAC2STR(mgmt->sa));

87

++		return 0;

88

++	}

89

++

90

+ 	if (stype == WLAN_FC_STYPE_BEACON) {

91

+ 		handle_beacon(hapd, mgmt, len, fi);

92

+ 		return 1;

93

+--

94

+2.20.1

95

+

96

97

diff --git a/net-wireless/hostapd/hostapd-2.9-r1.ebuild b/net-wireless/hostapd/hostapd-2.9-r1.ebuild

98

new file mode 100644

99

index 00000000000..8702d0125f5

100

--- /dev/null

101

+++ b/net-wireless/hostapd/hostapd-2.9-r1.ebuild

102

@@ -0,0 +1,264 @@

103

+# Copyright 1999-2019 Gentoo Authors

104

+# Distributed under the terms of the GNU General Public License v2

105

+

106

+EAPI="6"

107

+

108

+inherit toolchain-funcs systemd savedconfig

109

+

110

+DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon"

111

+HOMEPAGE="http://w1.fi"

112

+EXTRAS_VER="2.7-r2"

113

+EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras"

114

+SRC_URI="https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz"

115

+

116

+if [[ $PV == 9999 ]]; then

117

+	inherit git-r3

118

+	EGIT_REPO_URI="https://w1.fi/hostap.git"

119

+else

120

+	if [[ $PV =~ ^.*_p[0-9]{8}$ ]]; then

121

+		SRC_URI+=" https://dev.gentoo.org/~andrey_utkin/distfiles/${P}.tar.xz"

122

+	else

123

+		SRC_URI+=" https://w1.fi/releases/${P}.tar.gz"

124

+	fi

125

+	# Never stabilize snapshot ebuilds please

126

+	KEYWORDS="amd64 ~arm ~arm64 ~mips ~ppc x86"

127

+fi

128

+

129

+LICENSE="BSD"

130

+SLOT="0"

131

+IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda"

132

+

133

+DEPEND="

134

+	libressl? ( dev-libs/libressl:0= )

135

+	!libressl? (

136

+		internal-tls? ( dev-libs/libtommath )

137

+		!internal-tls? ( dev-libs/openssl:0=[-bindist] )

138

+	)

139

+	kernel_linux? (

140

+		dev-libs/libnl:3

141

+		crda? ( net-wireless/crda )

142

+	)

143

+	netlink? ( net-libs/libnfnetlink )

144

+	sqlite? ( >=dev-db/sqlite-3 )"

145

+

146

+RDEPEND="${DEPEND}"

147

+

148

+S="${S}/${PN}"

149

+

150

+pkg_pretend() {

151

+	if use internal-tls; then

152

+		if use libressl; then

153

+			elog "libressl flag takes precedence over internal-tls"

154

+		else

155

+			ewarn "internal-tls implementation is experimental and provides fewer features"

156

+		fi

157

+	fi

158

+}

159

+

160

+src_unpack() {

161

+	# Override default one because we need the SRC_URI ones even in case of 9999 ebuilds

162

+	default

163

+	if [[ ${PV} == 9999 ]] ; then

164

+		git-r3_src_unpack

165

+	fi

166

+}

167

+

168

+src_prepare() {

169

+	# Allow users to apply patches to src/drivers for example,

170

+	# i.e. anything outside ${S}/${PN}

171

+	pushd ../ >/dev/null || die

172

+	default

173

+	#CVE-2019-16275 bug #696032

174

+	eapply "${FILESDIR}/hostapd-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch"

175

+	popd >/dev/null || die

176

+

177

+	sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \

178

+		"${S}/hostapd.conf" || die

179

+}

180

+

181

+src_configure() {

182

+	local CONFIG="${S}/.config"

183

+

184

+	restore_config "${CONFIG}"

185

+	if [[ -f "${CONFIG}" ]]; then

186

+		default_src_configure

187

+		return 0

188

+	fi

189

+

190

+	# toolchain setup

191

+	echo "CC = $(tc-getCC)" > ${CONFIG}

192

+

193

+	# EAP authentication methods

194

+	echo "CONFIG_EAP=y" >> ${CONFIG}

195

+	echo "CONFIG_ERP=y" >> ${CONFIG}

196

+	echo "CONFIG_EAP_MD5=y" >> ${CONFIG}

197

+

198

+	if use internal-tls && ! use libressl; then

199

+		echo "CONFIG_TLS=internal" >> ${CONFIG}

200

+	else

201

+		# SSL authentication methods

202

+		echo "CONFIG_EAP_FAST=y" >> ${CONFIG}

203

+		echo "CONFIG_EAP_TLS=y" >> ${CONFIG}

204

+		echo "CONFIG_EAP_TTLS=y" >> ${CONFIG}

205

+		echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG}

206

+		echo "CONFIG_EAP_PEAP=y" >> ${CONFIG}

207

+		echo "CONFIG_TLSV11=y" >> ${CONFIG}

208

+		echo "CONFIG_TLSV12=y" >> ${CONFIG}

209

+		echo "CONFIG_EAP_PWD=y" >> ${CONFIG}

210

+	fi

211

+

212

+	if use wps; then

213

+		# Enable Wi-Fi Protected Setup

214

+		echo "CONFIG_WPS=y" >> ${CONFIG}

215

+		echo "CONFIG_WPS2=y" >> ${CONFIG}

216

+		echo "CONFIG_WPS_UPNP=y" >> ${CONFIG}

217

+		echo "CONFIG_WPS_NFC=y" >> ${CONFIG}

218

+		einfo "Enabling Wi-Fi Protected Setup support"

219

+	fi

220

+

221

+	echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG}

222

+	echo "CONFIG_EAP_TNC=y" >> ${CONFIG}

223

+	echo "CONFIG_EAP_GTC=y" >> ${CONFIG}

224

+	echo "CONFIG_EAP_SIM=y" >> ${CONFIG}

225

+	echo "CONFIG_EAP_AKA=y" >> ${CONFIG}

226

+	echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG}

227

+	echo "CONFIG_EAP_EKE=y" >> ${CONFIG}

228

+	echo "CONFIG_EAP_PAX=y" >> ${CONFIG}

229

+	echo "CONFIG_EAP_PSK=y" >> ${CONFIG}

230

+	echo "CONFIG_EAP_SAKE=y" >> ${CONFIG}

231

+	echo "CONFIG_EAP_GPSK=y" >> ${CONFIG}

232

+	echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG}

233

+

234

+	einfo "Enabling drivers: "

235

+

236

+	# drivers

237

+	echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG}

238

+	einfo "  HostAP driver enabled"

239

+	echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG}

240

+	einfo "  Wired driver enabled"

241

+	echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG}

242

+	einfo "  None driver enabled"

243

+

244

+	einfo "  nl80211 driver enabled"

245

+	echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG}

246

+

247

+	# epoll

248

+	echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG}

249

+

250

+	# misc

251

+	echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG}

252

+	echo "CONFIG_PKCS12=y" >> ${CONFIG}

253

+	echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG}

254

+	echo "CONFIG_IAPP=y" >> ${CONFIG}

255

+	echo "CONFIG_IEEE80211R=y" >> ${CONFIG}

256

+	echo "CONFIG_IEEE80211W=y" >> ${CONFIG}

257

+	echo "CONFIG_IEEE80211N=y" >> ${CONFIG}

258

+	echo "CONFIG_IEEE80211AC=y" >> ${CONFIG}

259

+	echo "CONFIG_PEERKEY=y" >> ${CONFIG}

260

+	echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG}

261

+	echo "CONFIG_INTERWORKING=y" >> ${CONFIG}

262

+	echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG}

263

+	echo "CONFIG_HS20=y" >> ${CONFIG}

264

+	echo "CONFIG_WNM=y" >> ${CONFIG}

265

+	echo "CONFIG_FST=y" >> ${CONFIG}

266

+	echo "CONFIG_FST_TEST=y" >> ${CONFIG}

267

+	echo "CONFIG_ACS=y" >> ${CONFIG}

268

+

269

+	if use netlink; then

270

+		# Netlink support

271

+		echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG}

272

+	fi

273

+

274

+	if use ipv6; then

275

+		# IPv6 support

276

+		echo "CONFIG_IPV6=y" >> ${CONFIG}

277

+	fi

278

+

279

+	if use sqlite; then

280

+		# Sqlite support

281

+		echo "CONFIG_SQLITE=y" >> ${CONFIG}

282

+	fi

283

+

284

+	# If we are using libnl 2.0 and above, enable support for it

285

+	# Removed for now, since the 3.2 version is broken, and we don't

286

+	# support it.

287

+	if has_version ">=dev-libs/libnl-3.2"; then

288

+		echo "CONFIG_LIBNL32=y" >> .config

289

+	fi

290

+

291

+	# TODO: Add support for BSD drivers

292

+

293

+	default_src_configure

294

+}

295

+

296

+src_compile() {

297

+	emake V=1

298

+

299

+	if use libressl || ! use internal-tls; then

300

+		emake V=1 nt_password_hash

301

+		emake V=1 hlr_auc_gw

302

+	fi

303

+}

304

+

305

+src_install() {

306

+	insinto /etc/${PN}

307

+	doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk}

308

+

309

+	fperms -R 600 /etc/${PN}

310

+

311

+	dosbin ${PN}

312

+	dobin ${PN}_cli

313

+

314

+	if use libressl || ! use internal-tls; then

315

+		dobin nt_password_hash hlr_auc_gw

316

+	fi

317

+

318

+	newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN}

319

+	newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN}

320

+	systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service

321

+

322

+	doman ${PN}{.8,_cli.1}

323

+

324

+	dodoc ChangeLog README

325

+	use wps && dodoc README-WPS

326

+

327

+	docinto examples

328

+	dodoc wired.conf

329

+

330

+	if use logwatch; then

331

+		insinto /etc/log.d/conf/services/

332

+		doins logwatch/${PN}.conf

333

+

334

+		exeinto /etc/log.d/scripts/services/

335

+		doexe logwatch/${PN}

336

+	fi

337

+

338

+	save_config .config

339

+}

340

+

341

+pkg_postinst() {

342

+	einfo

343

+	einfo "If you are running openRC you need to follow this instructions:"

344

+	einfo "In order to use ${PN} you need to set up your wireless card"

345

+	einfo "for master mode in /etc/conf.d/net and then start"

346

+	einfo "/etc/init.d/${PN}."

347

+	einfo

348

+	einfo "Example configuration:"

349

+	einfo

350

+	einfo "config_wlan0=( \"192.168.1.1/24\" )"

351

+	einfo "channel_wlan0=\"6\""

352

+	einfo "essid_wlan0=\"test\""

353

+	einfo "mode_wlan0=\"master\""

354

+	einfo

355

+	#if [ -e "${KV_DIR}"/net/mac80211 ]; then

356

+	#	einfo "This package now compiles against the headers installed by"

357

+	#	einfo "the kernel source for the mac80211 driver. You should "

358

+	#	einfo "re-emerge ${PN} after upgrading your kernel source."

359

+	#fi

360

+

361

+	if use wps; then

362

+		einfo "You have enabled Wi-Fi Protected Setup support, please"

363

+		einfo "read the README-WPS file in /usr/share/doc/${P}"

364

+		einfo "for info on how to use WPS"

365

+	fi

366

+}

1	commit: e00db75c895fc30a6a4ec7429a2dd0035fa217c0
2	Author: Rick Farina <zerochaos <AT> gentoo <DOT> org>
3	AuthorDate: Mon Nov 4 16:40:57 2019 +0000
4	Commit: Rick Farina <zerochaos <AT> gentoo <DOT> org>
5	CommitDate: Mon Nov 4 16:40:57 2019 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e00db75c
7
8	net-wireless/hostapd: fix and stabilize for bug #696032
9
10	Package-Manager: Portage-2.3.78, Repoman-2.3.17
11	Signed-off-by: Rick Farina <zerochaos <AT> gentoo.org>
12
13	...y-ignore-management-frame-from-unexpected.patch \| 73 ++++++
14	net-wireless/hostapd/hostapd-2.9-r1.ebuild \| 264 +++++++++++++++++++++
15	2 files changed, 337 insertions(+)
16
17	diff --git a/net-wireless/hostapd/files/hostapd-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch b/net-wireless/hostapd/files/hostapd-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch
18	new file mode 100644
19	index 00000000000..d764a9db016
20	--- /dev/null
21	+++ b/net-wireless/hostapd/files/hostapd-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch
22	@@ -0,0 +1,73 @@
23	+From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
24	+From: Jouni Malinen <j@××.fi>
25	+Date: Thu, 29 Aug 2019 11:52:04 +0300
26	+Subject: [PATCH] AP: Silently ignore management frame from unexpected source
27	+ address
28	+
29	+Do not process any received Management frames with unexpected/invalid SA
30	+so that we do not add any state for unexpected STA addresses or end up
31	+sending out frames to unexpected destination. This prevents unexpected
32	+sequences where an unprotected frame might end up causing the AP to send
33	+out a response to another device and that other device processing the
34	+unexpected response.
35	+
36	+In particular, this prevents some potential denial of service cases
37	+where the unexpected response frame from the AP might result in a
38	+connected station dropping its association.
39	+
40	+Signed-off-by: Jouni Malinen <j@××.fi>
41	+---
42	+ src/ap/drv_callbacks.c \| 13 +++++++++++++
43	+ src/ap/ieee802_11.c \| 12 ++++++++++++
44	+ 2 files changed, 25 insertions(+)
45	+
46	+diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
47	+index 31587685fe3b..34ca379edc3d 100644
48	+--- a/src/ap/drv_callbacks.c
49	++++ b/src/ap/drv_callbacks.c
50	+@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data hapd, const u8 addr,
51	+ "hostapd_notif_assoc: Skip event with no address");
52	+ return -1;
53	+ }
54	++
55	++ if (is_multicast_ether_addr(addr) \|\|
56	++ is_zero_ether_addr(addr) \|\|
57	++ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
58	++ /* Do not process any frames with unexpected/invalid SA so that
59	++ * we do not add any state for unexpected STA addresses or end
60	++ * up sending out frames to unexpected destination. */
61	++ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
62	++ " in received indication - ignore this indication silently",
63	++ __func__, MAC2STR(addr));
64	++ return 0;
65	++ }
66	++
67	+ random_add_randomness(addr, ETH_ALEN);
68	+
69	+ hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
70	+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
71	+index c85a28db44b7..e7065372e158 100644
72	+--- a/src/ap/ieee802_11.c
73	++++ b/src/ap/ieee802_11.c
74	+@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data hapd, const u8 buf, size_t len,
75	+ fc = le_to_host16(mgmt->frame_control);
76	+ stype = WLAN_FC_GET_STYPE(fc);
77	+
78	++ if (is_multicast_ether_addr(mgmt->sa) \|\|
79	++ is_zero_ether_addr(mgmt->sa) \|\|
80	++ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
81	++ /* Do not process any frames with unexpected/invalid SA so that
82	++ * we do not add any state for unexpected STA addresses or end
83	++ * up sending out frames to unexpected destination. */
84	++ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
85	++ " in received frame - ignore this frame silently",
86	++ MAC2STR(mgmt->sa));
87	++ return 0;
88	++ }
89	++
90	+ if (stype == WLAN_FC_STYPE_BEACON) {
91	+ handle_beacon(hapd, mgmt, len, fi);
92	+ return 1;
93	+--
94	+2.20.1
95	+
96
97	diff --git a/net-wireless/hostapd/hostapd-2.9-r1.ebuild b/net-wireless/hostapd/hostapd-2.9-r1.ebuild
98	new file mode 100644
99	index 00000000000..8702d0125f5
100	--- /dev/null
101	+++ b/net-wireless/hostapd/hostapd-2.9-r1.ebuild
102	@@ -0,0 +1,264 @@
103	+# Copyright 1999-2019 Gentoo Authors
104	+# Distributed under the terms of the GNU General Public License v2
105	+
106	+EAPI="6"
107	+
108	+inherit toolchain-funcs systemd savedconfig
109	+
110	+DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon"
111	+HOMEPAGE="http://w1.fi"
112	+EXTRAS_VER="2.7-r2"
113	+EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras"
114	+SRC_URI="https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz"
115	+
116	+if [[ $PV == 9999 ]]; then
117	+ inherit git-r3
118	+ EGIT_REPO_URI="https://w1.fi/hostap.git"
119	+else
120	+ if [[ $PV =~ ^.*_p[0-9]{8}$ ]]; then
121	+ SRC_URI+=" https://dev.gentoo.org/~andrey_utkin/distfiles/${P}.tar.xz"
122	+ else
123	+ SRC_URI+=" https://w1.fi/releases/${P}.tar.gz"
124	+ fi
125	+ # Never stabilize snapshot ebuilds please
126	+ KEYWORDS="amd64 ~arm ~arm64 ~mips ~ppc x86"
127	+fi
128	+
129	+LICENSE="BSD"
130	+SLOT="0"
131	+IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda"
132	+
133	+DEPEND="
134	+ libressl? ( dev-libs/libressl:0= )
135	+ !libressl? (
136	+ internal-tls? ( dev-libs/libtommath )
137	+ !internal-tls? ( dev-libs/openssl:0=[-bindist] )
138	+ )
139	+ kernel_linux? (
140	+ dev-libs/libnl:3
141	+ crda? ( net-wireless/crda )
142	+ )
143	+ netlink? ( net-libs/libnfnetlink )
144	+ sqlite? ( >=dev-db/sqlite-3 )"
145	+
146	+RDEPEND="${DEPEND}"
147	+
148	+S="${S}/${PN}"
149	+
150	+pkg_pretend() {
151	+ if use internal-tls; then
152	+ if use libressl; then
153	+ elog "libressl flag takes precedence over internal-tls"
154	+ else
155	+ ewarn "internal-tls implementation is experimental and provides fewer features"
156	+ fi
157	+ fi
158	+}
159	+
160	+src_unpack() {
161	+ # Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
162	+ default
163	+ if [[ ${PV} == 9999 ]] ; then
164	+ git-r3_src_unpack
165	+ fi
166	+}
167	+
168	+src_prepare() {
169	+ # Allow users to apply patches to src/drivers for example,
170	+ # i.e. anything outside ${S}/${PN}
171	+ pushd ../ >/dev/null \|\| die
172	+ default
173	+ #CVE-2019-16275 bug #696032
174	+ eapply "${FILESDIR}/hostapd-2.9-AP-Silently-ignore-management-frame-from-unexpected.patch"
175	+ popd >/dev/null \|\| die
176	+
177	+ sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \
178	+ "${S}/hostapd.conf" \|\| die
179	+}
180	+
181	+src_configure() {
182	+ local CONFIG="${S}/.config"
183	+
184	+ restore_config "${CONFIG}"
185	+ if [[ -f "${CONFIG}" ]]; then
186	+ default_src_configure
187	+ return 0
188	+ fi
189	+
190	+ # toolchain setup
191	+ echo "CC = $(tc-getCC)" > ${CONFIG}
192	+
193	+ # EAP authentication methods
194	+ echo "CONFIG_EAP=y" >> ${CONFIG}
195	+ echo "CONFIG_ERP=y" >> ${CONFIG}
196	+ echo "CONFIG_EAP_MD5=y" >> ${CONFIG}
197	+
198	+ if use internal-tls && ! use libressl; then
199	+ echo "CONFIG_TLS=internal" >> ${CONFIG}
200	+ else
201	+ # SSL authentication methods
202	+ echo "CONFIG_EAP_FAST=y" >> ${CONFIG}
203	+ echo "CONFIG_EAP_TLS=y" >> ${CONFIG}
204	+ echo "CONFIG_EAP_TTLS=y" >> ${CONFIG}
205	+ echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG}
206	+ echo "CONFIG_EAP_PEAP=y" >> ${CONFIG}
207	+ echo "CONFIG_TLSV11=y" >> ${CONFIG}
208	+ echo "CONFIG_TLSV12=y" >> ${CONFIG}
209	+ echo "CONFIG_EAP_PWD=y" >> ${CONFIG}
210	+ fi
211	+
212	+ if use wps; then
213	+ # Enable Wi-Fi Protected Setup
214	+ echo "CONFIG_WPS=y" >> ${CONFIG}
215	+ echo "CONFIG_WPS2=y" >> ${CONFIG}
216	+ echo "CONFIG_WPS_UPNP=y" >> ${CONFIG}
217	+ echo "CONFIG_WPS_NFC=y" >> ${CONFIG}
218	+ einfo "Enabling Wi-Fi Protected Setup support"
219	+ fi
220	+
221	+ echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG}
222	+ echo "CONFIG_EAP_TNC=y" >> ${CONFIG}
223	+ echo "CONFIG_EAP_GTC=y" >> ${CONFIG}
224	+ echo "CONFIG_EAP_SIM=y" >> ${CONFIG}
225	+ echo "CONFIG_EAP_AKA=y" >> ${CONFIG}
226	+ echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG}
227	+ echo "CONFIG_EAP_EKE=y" >> ${CONFIG}
228	+ echo "CONFIG_EAP_PAX=y" >> ${CONFIG}
229	+ echo "CONFIG_EAP_PSK=y" >> ${CONFIG}
230	+ echo "CONFIG_EAP_SAKE=y" >> ${CONFIG}
231	+ echo "CONFIG_EAP_GPSK=y" >> ${CONFIG}
232	+ echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG}
233	+
234	+ einfo "Enabling drivers: "
235	+
236	+ # drivers
237	+ echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG}
238	+ einfo " HostAP driver enabled"
239	+ echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG}
240	+ einfo " Wired driver enabled"
241	+ echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG}
242	+ einfo " None driver enabled"
243	+
244	+ einfo " nl80211 driver enabled"
245	+ echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG}
246	+
247	+ # epoll
248	+ echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG}
249	+
250	+ # misc
251	+ echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG}
252	+ echo "CONFIG_PKCS12=y" >> ${CONFIG}
253	+ echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG}
254	+ echo "CONFIG_IAPP=y" >> ${CONFIG}
255	+ echo "CONFIG_IEEE80211R=y" >> ${CONFIG}
256	+ echo "CONFIG_IEEE80211W=y" >> ${CONFIG}
257	+ echo "CONFIG_IEEE80211N=y" >> ${CONFIG}
258	+ echo "CONFIG_IEEE80211AC=y" >> ${CONFIG}
259	+ echo "CONFIG_PEERKEY=y" >> ${CONFIG}
260	+ echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG}
261	+ echo "CONFIG_INTERWORKING=y" >> ${CONFIG}
262	+ echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG}
263	+ echo "CONFIG_HS20=y" >> ${CONFIG}
264	+ echo "CONFIG_WNM=y" >> ${CONFIG}
265	+ echo "CONFIG_FST=y" >> ${CONFIG}
266	+ echo "CONFIG_FST_TEST=y" >> ${CONFIG}
267	+ echo "CONFIG_ACS=y" >> ${CONFIG}
268	+
269	+ if use netlink; then
270	+ # Netlink support
271	+ echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG}
272	+ fi
273	+
274	+ if use ipv6; then
275	+ # IPv6 support
276	+ echo "CONFIG_IPV6=y" >> ${CONFIG}
277	+ fi
278	+
279	+ if use sqlite; then
280	+ # Sqlite support
281	+ echo "CONFIG_SQLITE=y" >> ${CONFIG}
282	+ fi
283	+
284	+ # If we are using libnl 2.0 and above, enable support for it
285	+ # Removed for now, since the 3.2 version is broken, and we don't
286	+ # support it.
287	+ if has_version ">=dev-libs/libnl-3.2"; then
288	+ echo "CONFIG_LIBNL32=y" >> .config
289	+ fi
290	+
291	+ # TODO: Add support for BSD drivers
292	+
293	+ default_src_configure
294	+}
295	+
296	+src_compile() {
297	+ emake V=1
298	+
299	+ if use libressl \|\| ! use internal-tls; then
300	+ emake V=1 nt_password_hash
301	+ emake V=1 hlr_auc_gw
302	+ fi
303	+}
304	+
305	+src_install() {
306	+ insinto /etc/${PN}
307	+ doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk}
308	+
309	+ fperms -R 600 /etc/${PN}
310	+
311	+ dosbin ${PN}
312	+ dobin ${PN}_cli
313	+
314	+ if use libressl \|\| ! use internal-tls; then
315	+ dobin nt_password_hash hlr_auc_gw
316	+ fi
317	+
318	+ newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN}
319	+ newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN}
320	+ systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service
321	+
322	+ doman ${PN}{.8,_cli.1}
323	+
324	+ dodoc ChangeLog README
325	+ use wps && dodoc README-WPS
326	+
327	+ docinto examples
328	+ dodoc wired.conf
329	+
330	+ if use logwatch; then
331	+ insinto /etc/log.d/conf/services/
332	+ doins logwatch/${PN}.conf
333	+
334	+ exeinto /etc/log.d/scripts/services/
335	+ doexe logwatch/${PN}
336	+ fi
337	+
338	+ save_config .config
339	+}
340	+
341	+pkg_postinst() {
342	+ einfo
343	+ einfo "If you are running openRC you need to follow this instructions:"
344	+ einfo "In order to use ${PN} you need to set up your wireless card"
345	+ einfo "for master mode in /etc/conf.d/net and then start"
346	+ einfo "/etc/init.d/${PN}."
347	+ einfo
348	+ einfo "Example configuration:"
349	+ einfo
350	+ einfo "config_wlan0=( \"192.168.1.1/24\" )"
351	+ einfo "channel_wlan0=\"6\""
352	+ einfo "essid_wlan0=\"test\""
353	+ einfo "mode_wlan0=\"master\""
354	+ einfo
355	+ #if [ -e "${KV_DIR}"/net/mac80211 ]; then
356	+ # einfo "This package now compiles against the headers installed by"
357	+ # einfo "the kernel source for the mac80211 driver. You should "
358	+ # einfo "re-emerge ${PN} after upgrading your kernel source."
359	+ #fi
360	+
361	+ if use wps; then
362	+ einfo "You have enabled Wi-Fi Protected Setup support, please"
363	+ einfo "read the README-WPS file in /usr/share/doc/${P}"
364	+ einfo "for info on how to use WPS"
365	+ fi
366	+}

Gentoo Archives: gentoo-commits