diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2019-04-28 09:54:45 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2019-04-28 09:54:45 +0100 |
commit | b7ebc951da8800f711142f69d9d958bde67a112d (patch) | |
tree | e318514216845acb8f2e49fff7a5cba4027e9d91 /net-wireless/hostapd | |
parent | dc7cbdfa65fd814b3b9aa3c56257da201109e807 (diff) |
gentoo resync : 28.04.2019
Diffstat (limited to 'net-wireless/hostapd')
19 files changed, 2 insertions, 2709 deletions
diff --git a/net-wireless/hostapd/Manifest b/net-wireless/hostapd/Manifest index 4982263d5e98..e1cc58899912 100644 --- a/net-wireless/hostapd/Manifest +++ b/net-wireless/hostapd/Manifest @@ -1,27 +1,5 @@ -AUX 2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch 6218 BLAKE2B ac06781d0e7ac083d625c75bd1b89ad338e95ad368a5bf29257ce07b5d368ace96818e6e062ff5a3712a38e0bddf35eda866959c125c9e0b49dfe59dff333928 SHA512 f855fa792425f175ccc800eb49df42067b1c1f4b52ba2d24160af4dfbb74dcf8e81661b7e6c8d92fa408938b8a559fc74557d1677913e4a751bfd43706c14bb6 -AUX 2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch 7883 BLAKE2B 131296b8b6e94663506354c73afb3f6778d856bc282acc6d81793184a6d97519b71fa2c7a373d7912e7a4db969effdf8650f2ad9d37d372f29ac82d70aa19486 SHA512 b4e413aa815572ea0002d33d24b69cd499aebb5efebed8fcaade8b29324bb5853a5db64e8b1dfdf24478e02c66196238b81a6ec777a7a28610435dce4d2c344e -AUX 2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch 6861 BLAKE2B 1660da3f1172722af762adf1339ea3a3e4c60691d6fc795fae627d7650c96156ec4890788ce9d0294bb013d2298184ab3818796d5c9f6533e9006834190ffdef SHA512 a6382d8e84b4829be33c46bf2f4c6f3232c9d924a4547a21dfe023bf5be8ee1c635920295f52be285359efaae95bcc1f12b512659cfd1653b871dd0bea7e5ace -AUX 2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch 2566 BLAKE2B a1853a5326f177fc82ab1f0527ceccfe818dddcc87c46ca62308f76139db5dcd03b664f0e2418660297c2e8c60d7a4dd714b78236fcd1494dbd82f36a58d141d SHA512 51ed806f0d5b3f588e26d4db4dcfc6be2cfb12002e26893a6cedd62c7cad0d0de75aed4a666223c4877fc1854b08dce6ddf6f6c4cfd752a5d8d58ad4a968b553 -AUX 2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch 1949 BLAKE2B b78b50bf0cba2a5de4d1ac217ce898d4c59cba7693d5c26087012931c2578ede4b3046357fd78e0f03bcb90fdeff322de42c511efadb41209243b308dcdb8372 SHA512 8707a123cd78149dfee9f5bd791761ee1eca605ef96580167044c2339c896920cf0e030b184a5afa9e310f5755afb30bef8ebd4522fc52753f3fbd6acead2cdf -AUX 2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch 4309 BLAKE2B 6164e0343d7e4bedcaf2be9c3800eeb146a564fffeb339d032706797c04f268ade0674e67c962653c2a124af5a8ff8d28004bbeba0f3e73b166dbed03cd9a355 SHA512 37d050b2e4a3598484912667d8b2705fbe84c5c562267f900d42b0c7b606fb1fed09ddca8b80e2131768baa8f3690aab6ba7a232dee6ff1e66150fdb8816c927 -AUX 2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch 2750 BLAKE2B 059da1df148c8db68c9fa6aa656e46da301ebe7de3e41ecd4675ca579ebf6f1a66395e852cd8b562743ba83a345d4860618ea11bd01304a3386867115867fb9f SHA512 fc84edd8b30305cc42053c872554098f3f077292ec980ed6a442f37884087ff2f055738fd55977ed792bef1887dcc8c4626586465d78dd0258edb83dcd50a65a -AUX hostapd-2.6-libressl-compatibility.patch 3873 BLAKE2B 281029d49bd4267df5913aa87b2e70741def66646f6cfbf5cf163e88522ae5bb933be3ed0df971ff2872a25a36584409feb0d22acf8254f446421201026b1ce8 SHA512 61c4cfeb119a9bc7ab1d4f690c1af5bce2def7836212469011c277ad4d97ab601d2a1efca7dc7bea433d974a8820aed7740e2cf047a0c63734d8a71e3df14e45 -AUX hostapd-conf.d 245 BLAKE2B 5a4315f10ab8fcfda662252bf31b53eb4d3c55fa258062f288d7baa2f83c65bcb4db4dd2ebff58bcdbf3fe5449452f8a0c24dd75a60d3387728f4d60d0c8a172 SHA512 f07a6cd209eca351b8545017c5f025282c3fdea838ca3df49e362571ded43973281ce4ff83984b1299db15ea9b5c21a42cbda91432220af9146bf034e2265c30 -AUX hostapd-init.d 739 BLAKE2B 83c48748cf20c8ee7d1124d373ee565c724d4714bffc512629a1850be0bfe5e9430a7512b296e1441dcaa4b098a665a873948162c5edec60430bf69cc90c157c SHA512 ab364383da45403d7734be20e7486937ad0a6be25a56eb1ec03d131243270a143189b699becf6e9e14d30b02bb5d93cddde55e51908801f2e6830de53791ccc8 -AUX hostapd.service 213 BLAKE2B 0141aace8e6f807611e423e70cce437a5ae38a5fee8af74a7284980a1c2f642f1e98d020f327dbe5591e9d68114f3ee966229fb6d8f5116fe7d9e2bd93bae7bd SHA512 4d1a1619c49ad0272f360d2c9d79f2fd30503786fe8f22dd3fc4abcc39176029fe907c79d22f168c100b0d7b4ac969b5f4b5815d5ebe6805db5881dda69eef29 -DIST hostapd-2.6.tar.gz 1822341 BLAKE2B c0075ffcdb11237e11410d87329a7a71aae5e00481022e02faf03771d45a61410ff906ebffdeea03fdeab751ce85e5a5e191173883ee9f1c284e6bc00342a011 SHA512 e60baaa092786250b8de9935f5417c7626f5d749210cce9f83d776b65c19fc92a8141f41923389f05c16295d482a15ae8d8b744f4667425040c99e3c2f5b1bda -DIST hostapd-2.6_p20180822.tar.xz 2912628 BLAKE2B df102e2ee8fbfaf83050264fcd0374fee3a249db0bacff1b60a23d8fae4a4db7f42f2741b435112c0d94ffa1482ff08708e94b760de340bee2f341e52b8eb15a SHA512 c05edc48992edb617067bb258658210edebc6e72889af8d14e4ee5e0a2d79327798b4eb6985fd076da53973bbf965bff631afe1e1a048898433670783908f2ff DIST hostapd-2.7.tar.gz 2101166 BLAKE2B 4e88b7f0d2c57a02edf4214bb35efa08e87a2cbdac4eda9934a40b09f8c046da6cca1250fe5714cb403eb81739bd99e04ea5a9fad62e47bcee4d72106170905d SHA512 1c9a210dfffb951fb667be19aa44ad8c66dccd2aed26cdab939185923550e3c1998a678ebe6975e560e1b3385bff2098f1b2cb773452ba66fb35246fdd3eb2c1 -DIST net-wireless_hostapd_2.6-r5_extras.tar.xz 10648 BLAKE2B fef02c9fbc9b6bce662f7d569a56450371bc1e9c5cd34a7cf4fc0220bb8239214604806f3edfde87fd45c7cf07bab9cf16a6c215c1bfa3161ba4361e4b295981 SHA512 cf818854e7af6562a163b5a61d63f4fa1284905f5803abe4ef97a6743b74ce2d28c818aa462d843448146226b9c5c9578b6c69ffad2d4fb8a62777cd5d353e70 -DIST net-wireless_hostapd_2.6-r6_extras.tar.xz 11156 BLAKE2B 62205070d4dd081d4149616f1abb4f84105c77433464dc9fea41a3fa9f58cc09af99b4e6618657777e77759d33e38c8a5647537c0098e772f032a368b82be709 SHA512 c21155e16ef931e431cca54c0f83567915b511d7abe42a5b4a4475d40eda3616eb017f0a669fd7326bc4f410f9a8e174fb8e0619cb32631ab1ca22e6fad2c612 -DIST net-wireless_hostapd_2.7-r1_extras.tar.xz 1792 BLAKE2B 865d0170743432bf47bf3912316ae817bfea87ffa98df9cee77c0c366ffd2673d51b2d4e7b30339b3ad7abdcaa3addf9cd7ad9db51925ae8809d31888ec02445 SHA512 abea295f0b46b03ee829a3cecf1e89f1678f5bf326ad185d939f23e69e440544860ebafedc1b5b1a3b57c73709b6bb7bf45c4a45f9d58f8adeb7424946f34841 DIST net-wireless_hostapd_2.7-r2_extras.tar.xz 1820 BLAKE2B 5c4daf0e4fcf5ae0803cdbe2aabcc75e89b1e92048e8a01894d73639a16b049174b37eca6b6206c337a2874a6e6d5588d50fa5b8a4813e7f6c22bf02efca852f SHA512 65bc4634c8314280ceab44d1f5d6d62092f4bca48253f107b076211020f6f6502388490aee907f9910846a25ba2da7e4122bdb1873eb2b12bf94e867e3295f4c -EBUILD hostapd-2.6-r4.ebuild 6972 BLAKE2B b5eea637831e10463c9af560ae74f48ab045caa8d42b8889bc6acb79c6f63b33308b76a5438e5c998162cad6207a77e340ba94271de776c683fcb2634d148472 SHA512 bfe92a52d6f8f178f523a422af1ecc13298186866a0a962cad9b276c288d3b16573f49664be10c53e81386a5d0440d69b149a6fbd0a4e6c85157d37c2ed784f9 -EBUILD hostapd-2.6-r5.ebuild 7249 BLAKE2B e4fdb49c073fce962fb8a53658606f78cbbba589aa4290f92bdd8ff8c70bd6a68fd3fba1c5dcc9a05eea87e160d1c99193a5621021d8adf67538558e7bc63055 SHA512 bc156cb71b883acfba57332fb29e096d1582739ad7a5c64a01699edf26562a8cb95ebbd60f848c8b22d8926c386cd26eac58870f1956bd853f8c71d336ca90d3 -EBUILD hostapd-2.6-r6.ebuild 7337 BLAKE2B 7870dfd94d57afa9bb4aa1bfbebf7028f65e720543e0ed1b68af770f82b0346681f4938f774722aebf2b8a7c18422bd4a7a03df881eb38f17b1032fcdc205d31 SHA512 0e7e8b30cb75a0892388de7b51051f13747e2cbcbe2658eba39fc59beea1abd459f695bdb068a43e84d49ae898667592485979081af0a601d57511bc021aac18 -EBUILD hostapd-2.6_p20180822.ebuild 6690 BLAKE2B 9940744f17fc3c78d5ff1492328f460fb7c1eb2c14973691e85a262f5e4287b7dd7829e77b5e3597657d2efb342c145673d0ca1337551744310989b31f0ef084 SHA512 ee943e7fc1687015821d8f7020da43639bb763eee3f6f8d60fd51fa51cf71363838b68674659eff1054f46a33d800979c3ad6b63bd029876ab627751c377933b -EBUILD hostapd-2.7-r1.ebuild 6759 BLAKE2B 86dca46bdc70fae7136278bcd2b9682462517171cfcea0c0fd6b260cc21916003162612f0440081ece61924f6dbd16f98646c51b2aa8b4b14a9ed0849746dfd4 SHA512 e0a452ce4572eb2b788cbb1ce010dbdf5a13c53eaddf240ed944968325966f9686de9ee90f68e45838d558a7983df2fc0aafe220ad50defb0e3d43bf3dc08831 EBUILD hostapd-2.7-r2.ebuild 6758 BLAKE2B 6716ef5eb085438300d28bae8955b8f9bab9369bec988349456fe3ffa2d08f4cb76e8ead1ef92448c53fdd6ad03bdbf92cf3ec0781d06e3783c46f8c352f977b SHA512 41f007a8b01b8b3f768c75d9e73ea8acb2486362fdf8f4d09f53301531f5ad6d3e76933bdb470f758e8edacfaeac68e616cc56fd649452039e91af504ea88425 -EBUILD hostapd-2.7.ebuild 6687 BLAKE2B b2b7e706f026f8f50d30e2f488a76223f2d4dc050b5d5a08c15f5849cb309adde6512694236adce500763ef8d4b585a74ae4864288a4aed883d2d2d44afd8856 SHA512 84e4e4cc9ad900a1698f6cf3590931d255fef742ddfcdcbf02f8692b74a07ed1c71c308e8ba577456bc7e9294a278a0af2b229488eb7f5180ec9005cae67e479 -EBUILD hostapd-9999.ebuild 6680 BLAKE2B 1394519b2cd30fc9a204b1981be5d082940ce244dd3b498faa7b2f94028b9e97358b9ba0a0b8dba3997e5da608ed449258a029e00878d4c11b65ee0a412327e1 SHA512 6b7dc62f8a450e9fb747a3daf850e014cccb25177362cb19e64b259ee301ae71dc6f795008fc0765d37254c267fbedef8763da4e5c460a9139d22c50669e3597 +EBUILD hostapd-9999.ebuild 6680 BLAKE2B 332853cd775c87d218e11aeaf54e1558b0afc8c42bca308bc5435b2e43f63928f1c06d8bae9d093e91054808fdf8c4f83a15fd77cd93b473d1b07752036522bd SHA512 09c44ad528b61fa455529ef9a97d311712a7f9f65b9219fe5502c04c58e08ec816e8bd6e8738d7b483f65ee4bfb80a415a08d4774c8aa05f0760f811e30816d9 MISC metadata.xml 973 BLAKE2B 009e9b39aa6c7d1d6da4421ec1d0c4610a64b136b497f92dc5a822ab54449720cfacb9ce898fc2015cdcf741939acb46aa8797e13c80079ce424f5f6bfbde8be SHA512 19a5d72d11eee955856bde7065a784d1942b2c55adbb154e1af432c693763beedb1541d119ba6c0d7b5e2f37e13a3aa915b13def6c9ee651b6f4f7f8e85a57e5 diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch deleted file mode 100644 index 727684865dbd..000000000000 --- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch +++ /dev/null @@ -1,174 +0,0 @@ -From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> -Date: Fri, 14 Jul 2017 15:15:35 +0200 -Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake - -Do not reinstall TK to the driver during Reassociation Response frame -processing if the first attempt of setting the TK succeeded. This avoids -issues related to clearing the TX/RX PN that could result in reusing -same PN values for transmitted frames (e.g., due to CCM nonce reuse and -also hitting replay protection on the receiver) and accepting replayed -frames on RX side. - -This issue was introduced by the commit -0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in -authenticator') which allowed wpa_ft_install_ptk() to be called multiple -times with the same PTK. While the second configuration attempt is -needed with some drivers, it must be done only if the first attempt -failed. - -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> ---- - src/ap/ieee802_11.c | 16 +++++++++++++--- - src/ap/wpa_auth.c | 11 +++++++++++ - src/ap/wpa_auth.h | 3 ++- - src/ap/wpa_auth_ft.c | 10 ++++++++++ - src/ap/wpa_auth_i.h | 1 + - 5 files changed, 37 insertions(+), 4 deletions(-) - -diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c -index 4e04169..333035f 100644 ---- a/src/ap/ieee802_11.c -+++ b/src/ap/ieee802_11.c -@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, - { - struct ieee80211_ht_capabilities ht_cap; - struct ieee80211_vht_capabilities vht_cap; -+ int set = 1; - - /* - * Remove the STA entry to ensure the STA PS state gets cleared and -@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, - * FT-over-the-DS, where a station re-associates back to the same AP but - * skips the authentication flow, or if working with a driver that - * does not support full AP client state. -+ * -+ * Skip this if the STA has already completed FT reassociation and the -+ * TK has been configured since the TX/RX PN must not be reset to 0 for -+ * the same key. - */ -- if (!sta->added_unassoc) -+ if (!sta->added_unassoc && -+ (!(sta->flags & WLAN_STA_AUTHORIZED) || -+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { - hostapd_drv_sta_remove(hapd, sta->addr); -+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); -+ set = 0; -+ } - - #ifdef CONFIG_IEEE80211N - if (sta->flags & WLAN_STA_HT) -@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, - sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, - sta->flags | WLAN_STA_ASSOC, sta->qosinfo, - sta->vht_opmode, sta->p2p_ie ? 1 : 0, -- sta->added_unassoc)) { -+ set)) { - hostapd_logger(hapd, sta->addr, - HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, - "Could not %s STA to kernel driver", -- sta->added_unassoc ? "set" : "add"); -+ set ? "set" : "add"); - - if (sta->added_unassoc) { - hostapd_drv_sta_remove(hapd, sta->addr); -diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c -index 3587086..707971d 100644 ---- a/src/ap/wpa_auth.c -+++ b/src/ap/wpa_auth.c -@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) - #else /* CONFIG_IEEE80211R */ - break; - #endif /* CONFIG_IEEE80211R */ -+ case WPA_DRV_STA_REMOVED: -+ sm->tk_already_set = FALSE; -+ return 0; - } - - #ifdef CONFIG_IEEE80211R -@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) - } - - -+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm) -+{ -+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt)) -+ return 0; -+ return sm->tk_already_set; -+} -+ -+ - int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, - struct rsn_pmksa_cache_entry *entry) - { -diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h -index 0de8d97..97461b0 100644 ---- a/src/ap/wpa_auth.h -+++ b/src/ap/wpa_auth.h -@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, - u8 *data, size_t data_len); - enum wpa_event { - WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, -- WPA_REAUTH_EAPOL, WPA_ASSOC_FT -+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED - }; - void wpa_remove_ptk(struct wpa_state_machine *sm); - int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event); -@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm); - int wpa_auth_get_pairwise(struct wpa_state_machine *sm); - int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); - int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); -+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); - int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, - struct rsn_pmksa_cache_entry *entry); - struct rsn_pmksa_cache_entry * -diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c -index 42242a5..e63b99a 100644 ---- a/src/ap/wpa_auth_ft.c -+++ b/src/ap/wpa_auth_ft.c -@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) - return; - } - -+ if (sm->tk_already_set) { -+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX -+ * PN in the driver */ -+ wpa_printf(MSG_DEBUG, -+ "FT: Do not re-install same PTK to the driver"); -+ return; -+ } -+ - /* FIX: add STA entry to kernel/driver here? The set_key will fail - * most likely without this.. At the moment, STA entry is added only - * after association has been completed. This function will be called -@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) - - /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ - sm->pairwise_set = TRUE; -+ sm->tk_already_set = TRUE; - } - - -@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, - - sm->pairwise = pairwise; - sm->PTK_valid = TRUE; -+ sm->tk_already_set = FALSE; - wpa_ft_install_ptk(sm); - - buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + -diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h -index 72b7eb3..7fd8f05 100644 ---- a/src/ap/wpa_auth_i.h -+++ b/src/ap/wpa_auth_i.h -@@ -65,6 +65,7 @@ struct wpa_state_machine { - struct wpa_ptk PTK; - Boolean PTK_valid; - Boolean pairwise_set; -+ Boolean tk_already_set; - int keycount; - Boolean Pair; - struct wpa_key_replay_counter { --- -2.7.4 - diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch deleted file mode 100644 index 1802d664add6..000000000000 --- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch +++ /dev/null @@ -1,250 +0,0 @@ -From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> -Date: Wed, 12 Jul 2017 16:03:24 +0200 -Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key - -Track the current GTK and IGTK that is in use and when receiving a -(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do -not install the given key if it is already in use. This prevents an -attacker from trying to trick the client into resetting or lowering the -sequence counter associated to the group key. - -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> ---- - src/common/wpa_common.h | 11 +++++ - src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------ - src/rsn_supp/wpa_i.h | 4 ++ - 3 files changed, 87 insertions(+), 44 deletions(-) - -diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h -index af1d0f0..d200285 100644 ---- a/src/common/wpa_common.h -+++ b/src/common/wpa_common.h -@@ -217,6 +217,17 @@ struct wpa_ptk { - size_t tk_len; - }; - -+struct wpa_gtk { -+ u8 gtk[WPA_GTK_MAX_LEN]; -+ size_t gtk_len; -+}; -+ -+#ifdef CONFIG_IEEE80211W -+struct wpa_igtk { -+ u8 igtk[WPA_IGTK_MAX_LEN]; -+ size_t igtk_len; -+}; -+#endif /* CONFIG_IEEE80211W */ - - /* WPA IE version 1 - * 00-50-f2:1 (OUI:OUI type) -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 3c47879..95bd7be 100644 ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, - const u8 *_gtk = gd->gtk; - u8 gtk_buf[32]; - -+ /* Detect possible key reinstallation */ -+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len && -+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, -+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", -+ gd->keyidx, gd->tx, gd->gtk_len); -+ return 0; -+ } -+ - wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", -@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, - } - os_memset(gtk_buf, 0, sizeof(gtk_buf)); - -+ sm->gtk.gtk_len = gd->gtk_len; -+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); -+ - return 0; - } - -@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, - } - - -+#ifdef CONFIG_IEEE80211W -+static int wpa_supplicant_install_igtk(struct wpa_sm *sm, -+ const struct wpa_igtk_kde *igtk) -+{ -+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); -+ u16 keyidx = WPA_GET_LE16(igtk->keyid); -+ -+ /* Detect possible key reinstallation */ -+ if (sm->igtk.igtk_len == len && -+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, -+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", -+ keyidx); -+ return 0; -+ } -+ -+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, -+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", -+ keyidx, MAC2STR(igtk->pn)); -+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); -+ if (keyidx > 4095) { -+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -+ "WPA: Invalid IGTK KeyID %d", keyidx); -+ return -1; -+ } -+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), -+ broadcast_ether_addr, -+ keyidx, 0, igtk->pn, sizeof(igtk->pn), -+ igtk->igtk, len) < 0) { -+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -+ "WPA: Failed to configure IGTK to the driver"); -+ return -1; -+ } -+ -+ sm->igtk.igtk_len = len; -+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); -+ -+ return 0; -+} -+#endif /* CONFIG_IEEE80211W */ -+ -+ - static int ieee80211w_set_keys(struct wpa_sm *sm, - struct wpa_eapol_ie_parse *ie) - { -@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, - if (ie->igtk) { - size_t len; - const struct wpa_igtk_kde *igtk; -- u16 keyidx; -+ - len = wpa_cipher_key_len(sm->mgmt_group_cipher); - if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) - return -1; -+ - igtk = (const struct wpa_igtk_kde *) ie->igtk; -- keyidx = WPA_GET_LE16(igtk->keyid); -- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " -- "pn %02x%02x%02x%02x%02x%02x", -- keyidx, MAC2STR(igtk->pn)); -- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", -- igtk->igtk, len); -- if (keyidx > 4095) { -- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -- "WPA: Invalid IGTK KeyID %d", keyidx); -- return -1; -- } -- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), -- broadcast_ether_addr, -- keyidx, 0, igtk->pn, sizeof(igtk->pn), -- igtk->igtk, len) < 0) { -- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, -- "WPA: Failed to configure IGTK to the driver"); -+ if (wpa_supplicant_install_igtk(sm, igtk) < 0) - return -1; -- } - } - - return 0; -@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm) - */ - void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) - { -- int clear_ptk = 1; -+ int clear_keys = 1; - - if (sm == NULL) - return; -@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) - /* Prepare for the next transition */ - wpa_ft_prepare_auth_request(sm, NULL); - -- clear_ptk = 0; -+ clear_keys = 0; - } - #endif /* CONFIG_IEEE80211R */ - -- if (clear_ptk) { -+ if (clear_keys) { - /* - * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if - * this is not part of a Fast BSS Transition. -@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) - os_memset(&sm->ptk, 0, sizeof(sm->ptk)); - sm->tptk_set = 0; - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); -+ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+#ifdef CONFIG_IEEE80211W -+ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+#endif /* CONFIG_IEEE80211W */ - } - - #ifdef CONFIG_TDLS -@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) - os_memset(sm->pmk, 0, sizeof(sm->pmk)); - os_memset(&sm->ptk, 0, sizeof(sm->ptk)); - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); -+ os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+#ifdef CONFIG_IEEE80211W -+ os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+#endif /* CONFIG_IEEE80211W */ - #ifdef CONFIG_IEEE80211R - os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); - os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); -@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) - os_memset(&gd, 0, sizeof(gd)); - #ifdef CONFIG_IEEE80211W - } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { -- struct wpa_igtk_kde igd; -- u16 keyidx; -- -- os_memset(&igd, 0, sizeof(igd)); -- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); -- os_memcpy(igd.keyid, buf + 2, 2); -- os_memcpy(igd.pn, buf + 4, 6); -- -- keyidx = WPA_GET_LE16(igd.keyid); -- os_memcpy(igd.igtk, buf + 10, keylen); -- -- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", -- igd.igtk, keylen); -- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), -- broadcast_ether_addr, -- keyidx, 0, igd.pn, sizeof(igd.pn), -- igd.igtk, keylen) < 0) { -- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " -- "WNM mode"); -- os_memset(&igd, 0, sizeof(igd)); -+ const struct wpa_igtk_kde *igtk; -+ -+ igtk = (const struct wpa_igtk_kde *) (buf + 2); -+ if (wpa_supplicant_install_igtk(sm, igtk) < 0) - return -1; -- } -- os_memset(&igd, 0, sizeof(igd)); - #endif /* CONFIG_IEEE80211W */ - } else { - wpa_printf(MSG_DEBUG, "Unknown element id"); -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h -index f653ba6..afc9e37 100644 ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -31,6 +31,10 @@ struct wpa_sm { - u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; - int rx_replay_counter_set; - u8 request_counter[WPA_REPLAY_COUNTER_LEN]; -+ struct wpa_gtk gtk; -+#ifdef CONFIG_IEEE80211W -+ struct wpa_igtk igtk; -+#endif /* CONFIG_IEEE80211W */ - - struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ - --- -2.7.4 - diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch deleted file mode 100644 index e2937b851ad5..000000000000 --- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch +++ /dev/null @@ -1,184 +0,0 @@ -From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Sun, 1 Oct 2017 12:12:24 +0300 -Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep - Mode cases - -This extends the protection to track last configured GTK/IGTK value -separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a -corner case where these two different mechanisms may get used when the -GTK/IGTK has changed and tracking a single value is not sufficient to -detect a possible key reconfiguration. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++--------------- - src/rsn_supp/wpa_i.h | 2 ++ - 2 files changed, 40 insertions(+), 15 deletions(-) - -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 95bd7be..7a2c68d 100644 ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -709,14 +709,17 @@ struct wpa_gtk_data { - - static int wpa_supplicant_install_gtk(struct wpa_sm *sm, - const struct wpa_gtk_data *gd, -- const u8 *key_rsc) -+ const u8 *key_rsc, int wnm_sleep) - { - const u8 *_gtk = gd->gtk; - u8 gtk_buf[32]; - - /* Detect possible key reinstallation */ -- if (sm->gtk.gtk_len == (size_t) gd->gtk_len && -- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { -+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && -+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || -+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && -+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, -+ sm->gtk_wnm_sleep.gtk_len) == 0)) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", - gd->keyidx, gd->tx, gd->gtk_len); -@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, - } - os_memset(gtk_buf, 0, sizeof(gtk_buf)); - -- sm->gtk.gtk_len = gd->gtk_len; -- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); -+ if (wnm_sleep) { -+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; -+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, -+ sm->gtk_wnm_sleep.gtk_len); -+ } else { -+ sm->gtk.gtk_len = gd->gtk_len; -+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); -+ } - - return 0; - } -@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, - (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, - gtk_len, gtk_len, - &gd.key_rsc_len, &gd.alg) || -- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) { -+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "RSN: Failed to install GTK"); - os_memset(&gd, 0, sizeof(gd)); -@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, - - #ifdef CONFIG_IEEE80211W - static int wpa_supplicant_install_igtk(struct wpa_sm *sm, -- const struct wpa_igtk_kde *igtk) -+ const struct wpa_igtk_kde *igtk, -+ int wnm_sleep) - { - size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); - u16 keyidx = WPA_GET_LE16(igtk->keyid); - - /* Detect possible key reinstallation */ -- if (sm->igtk.igtk_len == len && -- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { -+ if ((sm->igtk.igtk_len == len && -+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || -+ (sm->igtk_wnm_sleep.igtk_len == len && -+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, -+ sm->igtk_wnm_sleep.igtk_len) == 0)) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", - keyidx); -@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm, - return -1; - } - -- sm->igtk.igtk_len = len; -- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); -+ if (wnm_sleep) { -+ sm->igtk_wnm_sleep.igtk_len = len; -+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, -+ sm->igtk_wnm_sleep.igtk_len); -+ } else { -+ sm->igtk.igtk_len = len; -+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); -+ } - - return 0; - } -@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, - return -1; - - igtk = (const struct wpa_igtk_kde *) ie->igtk; -- if (wpa_supplicant_install_igtk(sm, igtk) < 0) -+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) - return -1; - } - -@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, - if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) - key_rsc = null_rsc; - -- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) || -+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || - wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) - goto failed; - os_memset(&gd, 0, sizeof(gd)); -@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) - sm->tptk_set = 0; - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); - os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); - #ifdef CONFIG_IEEE80211W - os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); - #endif /* CONFIG_IEEE80211W */ - } - -@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) - os_memset(&sm->ptk, 0, sizeof(sm->ptk)); - os_memset(&sm->tptk, 0, sizeof(sm->tptk)); - os_memset(&sm->gtk, 0, sizeof(sm->gtk)); -+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); - #ifdef CONFIG_IEEE80211W - os_memset(&sm->igtk, 0, sizeof(sm->igtk)); -+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); - #endif /* CONFIG_IEEE80211W */ - #ifdef CONFIG_IEEE80211R - os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); -@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) - - wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", - gd.gtk, gd.gtk_len); -- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { -+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { - os_memset(&gd, 0, sizeof(gd)); - wpa_printf(MSG_DEBUG, "Failed to install the GTK in " - "WNM mode"); -@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) - const struct wpa_igtk_kde *igtk; - - igtk = (const struct wpa_igtk_kde *) (buf + 2); -- if (wpa_supplicant_install_igtk(sm, igtk) < 0) -+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) - return -1; - #endif /* CONFIG_IEEE80211W */ - } else { -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h -index afc9e37..9a54631 100644 ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -32,8 +32,10 @@ struct wpa_sm { - int rx_replay_counter_set; - u8 request_counter[WPA_REPLAY_COUNTER_LEN]; - struct wpa_gtk gtk; -+ struct wpa_gtk gtk_wnm_sleep; - #ifdef CONFIG_IEEE80211W - struct wpa_igtk igtk; -+ struct wpa_igtk igtk_wnm_sleep; - #endif /* CONFIG_IEEE80211W */ - - struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ --- -2.7.4 - diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch deleted file mode 100644 index 22ee217947d6..000000000000 --- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> -Date: Fri, 29 Sep 2017 04:22:51 +0200 -Subject: [PATCH 4/8] Prevent installation of an all-zero TK - -Properly track whether a PTK has already been installed to the driver -and the TK part cleared from memory. This prevents an attacker from -trying to trick the client into installing an all-zero TK. - -This fixes the earlier fix in commit -ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the -driver in EAPOL-Key 3/4 retry case') which did not take into account -possibility of an extra message 1/4 showing up between retries of -message 3/4. - -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> ---- - src/common/wpa_common.h | 1 + - src/rsn_supp/wpa.c | 5 ++--- - src/rsn_supp/wpa_i.h | 1 - - 3 files changed, 3 insertions(+), 4 deletions(-) - -diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h -index d200285..1021ccb 100644 ---- a/src/common/wpa_common.h -+++ b/src/common/wpa_common.h -@@ -215,6 +215,7 @@ struct wpa_ptk { - size_t kck_len; - size_t kek_len; - size_t tk_len; -+ int installed; /* 1 if key has already been installed to driver */ - }; - - struct wpa_gtk { -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 7a2c68d..0550a41 100644 ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, - os_memset(buf, 0, sizeof(buf)); - } - sm->tptk_set = 1; -- sm->tk_to_set = 1; - - kde = sm->assoc_wpa_ie; - kde_len = sm->assoc_wpa_ie_len; -@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, - enum wpa_alg alg; - const u8 *key_rsc; - -- if (!sm->tk_to_set) { -+ if (sm->ptk.installed) { - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: Do not re-install same PTK to the driver"); - return 0; -@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, - - /* TK is not needed anymore in supplicant */ - os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); -- sm->tk_to_set = 0; -+ sm->ptk.installed = 1; - - if (sm->wpa_ptk_rekey) { - eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h -index 9a54631..41f371f 100644 ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -24,7 +24,6 @@ struct wpa_sm { - struct wpa_ptk ptk, tptk; - int ptk_set, tptk_set; - unsigned int msg_3_of_4_ok:1; -- unsigned int tk_to_set:1; - u8 snonce[WPA_NONCE_LEN]; - u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ - int renew_snonce; --- -2.7.4 - diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch deleted file mode 100644 index c19c4c710235..000000000000 --- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Sun, 1 Oct 2017 12:32:57 +0300 -Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce - -The Authenticator state machine path for PTK rekeying ended up bypassing -the AUTHENTICATION2 state where a new ANonce is generated when going -directly to the PTKSTART state since there is no need to try to -determine the PMK again in such a case. This is far from ideal since the -new PTK would depend on a new nonce only from the supplicant. - -Fix this by generating a new ANonce when moving to the PTKSTART state -for the purpose of starting new 4-way handshake to rekey PTK. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/ap/wpa_auth.c | 24 +++++++++++++++++++++--- - 1 file changed, 21 insertions(+), 3 deletions(-) - -diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c -index 707971d..bf10cc1 100644 ---- a/src/ap/wpa_auth.c -+++ b/src/ap/wpa_auth.c -@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) - } - - -+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) -+{ -+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { -+ wpa_printf(MSG_ERROR, -+ "WPA: Failed to get random data for ANonce"); -+ sm->Disconnect = TRUE; -+ return -1; -+ } -+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, -+ WPA_NONCE_LEN); -+ sm->TimeoutCtr = 0; -+ return 0; -+} -+ -+ - SM_STATE(WPA_PTK, INITPMK) - { - u8 msk[2 * PMK_LEN]; -@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK) - SM_ENTER(WPA_PTK, AUTHENTICATION); - else if (sm->ReAuthenticationRequest) - SM_ENTER(WPA_PTK, AUTHENTICATION2); -- else if (sm->PTKRequest) -- SM_ENTER(WPA_PTK, PTKSTART); -- else switch (sm->wpa_ptk_state) { -+ else if (sm->PTKRequest) { -+ if (wpa_auth_sm_ptk_update(sm) < 0) -+ SM_ENTER(WPA_PTK, DISCONNECTED); -+ else -+ SM_ENTER(WPA_PTK, PTKSTART); -+ } else switch (sm->wpa_ptk_state) { - case WPA_PTK_INITIALIZE: - break; - case WPA_PTK_DISCONNECT: --- -2.7.4 - diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch deleted file mode 100644 index e1bd5a572625..000000000000 --- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Fri, 22 Sep 2017 11:03:15 +0300 -Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration - -Do not try to reconfigure the same TPK-TK to the driver after it has -been successfully configured. This is an explicit check to avoid issues -related to resetting the TX/RX packet number. There was already a check -for this for TPK M2 (retries of that message are ignored completely), so -that behavior does not get modified. - -For TPK M3, the TPK-TK could have been reconfigured, but that was -followed by immediate teardown of the link due to an issue in updating -the STA entry. Furthermore, for TDLS with any real security (i.e., -ignoring open/WEP), the TPK message exchange is protected on the AP path -and simple replay attacks are not feasible. - -As an additional corner case, make sure the local nonce gets updated if -the peer uses a very unlikely "random nonce" of all zeros. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++-- - 1 file changed, 36 insertions(+), 2 deletions(-) - -diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c -index e424168..9eb9738 100644 ---- a/src/rsn_supp/tdls.c -+++ b/src/rsn_supp/tdls.c -@@ -112,6 +112,7 @@ struct wpa_tdls_peer { - u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */ - } tpk; - int tpk_set; -+ int tk_set; /* TPK-TK configured to the driver */ - int tpk_success; - int tpk_in_progress; - -@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) - u8 rsc[6]; - enum wpa_alg alg; - -+ if (peer->tk_set) { -+ /* -+ * This same TPK-TK has already been configured to the driver -+ * and this new configuration attempt (likely due to an -+ * unexpected retransmitted frame) would result in clearing -+ * the TX/RX sequence number which can break security, so must -+ * not allow that to happen. -+ */ -+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR -+ " has already been configured to the driver - do not reconfigure", -+ MAC2STR(peer->addr)); -+ return -1; -+ } -+ - os_memset(rsc, 0, 6); - - switch (peer->cipher) { -@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) - return -1; - } - -+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR, -+ MAC2STR(peer->addr)); - if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1, - rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) { - wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the " - "driver"); - return -1; - } -+ peer->tk_set = 1; - return 0; - } - -@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer) - peer->cipher = 0; - peer->qos_info = 0; - peer->wmm_capable = 0; -- peer->tpk_set = peer->tpk_success = 0; -+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0; - peer->chan_switch_enabled = 0; - os_memset(&peer->tpk, 0, sizeof(peer->tpk)); - os_memset(peer->inonce, 0, WPA_NONCE_LEN); -@@ -1159,6 +1177,7 @@ skip_rsnie: - wpa_tdls_peer_free(sm, peer); - return -1; - } -+ peer->tk_set = 0; /* A new nonce results in a new TK */ - wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake", - peer->inonce, WPA_NONCE_LEN); - os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN); -@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer, - } - - -+static int tdls_nonce_set(const u8 *nonce) -+{ -+ int i; -+ -+ for (i = 0; i < WPA_NONCE_LEN; i++) { -+ if (nonce[i]) -+ return 1; -+ } -+ -+ return 0; -+} -+ -+ - static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr, - const u8 *buf, size_t len) - { -@@ -2004,7 +2036,8 @@ skip_rsn: - peer->rsnie_i_len = kde.rsn_ie_len; - peer->cipher = cipher; - -- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) { -+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 || -+ !tdls_nonce_set(peer->inonce)) { - /* - * There is no point in updating the RNonce for every obtained - * TPK M1 frame (e.g., retransmission due to timeout) with the -@@ -2020,6 +2053,7 @@ skip_rsn: - "TDLS: Failed to get random data for responder nonce"); - goto error; - } -+ peer->tk_set = 0; /* A new nonce results in a new TK */ - } - - #if 0 --- -2.7.4 - diff --git a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch b/net-wireless/hostapd/files/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch deleted file mode 100644 index b9678f6815a8..000000000000 --- a/net-wireless/hostapd/files/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch +++ /dev/null @@ -1,82 +0,0 @@ -From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Fri, 22 Sep 2017 12:06:37 +0300 -Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames - -The driver is expected to not report a second association event without -the station having explicitly request a new association. As such, this -case should not be reachable. However, since reconfiguring the same -pairwise or group keys to the driver could result in nonce reuse issues, -be extra careful here and do an additional state check to avoid this -even if the local driver ends up somehow accepting an unexpected -Reassociation Response frame. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/rsn_supp/wpa.c | 3 +++ - src/rsn_supp/wpa_ft.c | 8 ++++++++ - src/rsn_supp/wpa_i.h | 1 + - 3 files changed, 12 insertions(+) - -diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c -index 0550a41..2a53c6f 100644 ---- a/src/rsn_supp/wpa.c -+++ b/src/rsn_supp/wpa.c -@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) - #ifdef CONFIG_TDLS - wpa_tdls_disassoc(sm); - #endif /* CONFIG_TDLS */ -+#ifdef CONFIG_IEEE80211R -+ sm->ft_reassoc_completed = 0; -+#endif /* CONFIG_IEEE80211R */ - - /* Keys are not needed in the WPA state machine anymore */ - wpa_sm_drop_sa(sm); -diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c -index 205793e..d45bb45 100644 ---- a/src/rsn_supp/wpa_ft.c -+++ b/src/rsn_supp/wpa_ft.c -@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, - u16 capab; - - sm->ft_completed = 0; -+ sm->ft_reassoc_completed = 0; - - buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + - 2 + sm->r0kh_id_len + ric_ies_len + 100; -@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, - return -1; - } - -+ if (sm->ft_reassoc_completed) { -+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); -+ return 0; -+ } -+ - if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { - wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); - return -1; -@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, - return -1; - } - -+ sm->ft_reassoc_completed = 1; -+ - if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) - return -1; - -diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h -index 41f371f..56f88dc 100644 ---- a/src/rsn_supp/wpa_i.h -+++ b/src/rsn_supp/wpa_i.h -@@ -128,6 +128,7 @@ struct wpa_sm { - size_t r0kh_id_len; - u8 r1kh_id[FT_R1KH_ID_LEN]; - int ft_completed; -+ int ft_reassoc_completed; - int over_the_ds_in_progress; - u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ - int set_ptk_after_assoc; --- -2.7.4 - diff --git a/net-wireless/hostapd/files/hostapd-2.6-libressl-compatibility.patch b/net-wireless/hostapd/files/hostapd-2.6-libressl-compatibility.patch deleted file mode 100644 index 025da58028da..000000000000 --- a/net-wireless/hostapd/files/hostapd-2.6-libressl-compatibility.patch +++ /dev/null @@ -1,106 +0,0 @@ -diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c -index 19e0e2be8..6585c0245 100644 ---- a/src/crypto/crypto_openssl.c -+++ b/src/crypto/crypto_openssl.c -@@ -33,7 +33,9 @@ - #include "aes_wrap.h" - #include "crypto.h" - --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - /* Compatibility wrappers for older versions. */ - - static HMAC_CTX * HMAC_CTX_new(void) -@@ -79,7 +81,9 @@ static void EVP_MD_CTX_free(EVP_MD_CTX *ctx) - - static BIGNUM * get_group5_prime(void) - { --#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \ -+ !(defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - return BN_get_rfc3526_prime_1536(NULL); - #elif !defined(OPENSSL_IS_BORINGSSL) - return get_rfc3526_prime_1536(NULL); -@@ -611,7 +615,9 @@ void crypto_cipher_deinit(struct crypto_cipher *ctx) - - void * dh5_init(struct wpabuf **priv, struct wpabuf **publ) - { --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - DH *dh; - struct wpabuf *pubkey = NULL, *privkey = NULL; - size_t publen, privlen; -@@ -712,7 +718,9 @@ err: - - void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ) - { --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - DH *dh; - - dh = DH_new(); -diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c -index 23ac64b48..91acc579d 100644 ---- a/src/crypto/tls_openssl.c -+++ b/src/crypto/tls_openssl.c -@@ -59,7 +59,8 @@ typedef int stack_index_t; - #endif /* SSL_set_tlsext_status_type */ - - #if (OPENSSL_VERSION_NUMBER < 0x10100000L || \ -- defined(LIBRESSL_VERSION_NUMBER)) && \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L)) && \ - !defined(BORINGSSL_API_VERSION) - /* - * SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL -@@ -919,7 +920,9 @@ void * tls_init(const struct tls_config *conf) - } - #endif /* OPENSSL_FIPS */ - #endif /* CONFIG_FIPS */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - SSL_load_error_strings(); - SSL_library_init(); - #ifndef OPENSSL_NO_SHA256 -@@ -1043,7 +1046,9 @@ void tls_deinit(void *ssl_ctx) - - tls_openssl_ref_count--; - if (tls_openssl_ref_count == 0) { --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - #ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); - #endif /* OPENSSL_NO_ENGINE */ -@@ -3105,7 +3110,9 @@ int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn, - #ifdef OPENSSL_NEED_EAP_FAST_PRF - static int openssl_get_keyblock_size(SSL *ssl) - { --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - const EVP_CIPHER *c; - const EVP_MD *h; - int md_size; -@@ -4159,7 +4166,9 @@ static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len, - struct tls_connection *conn = arg; - int ret; - --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && \ -+ LIBRESSL_VERSION_NUMBER < 0x20700000L) - if (conn == NULL || conn->session_ticket_cb == NULL) - return 0; - diff --git a/net-wireless/hostapd/files/hostapd-conf.d b/net-wireless/hostapd/files/hostapd-conf.d deleted file mode 100644 index 7d05735eb3b4..000000000000 --- a/net-wireless/hostapd/files/hostapd-conf.d +++ /dev/null @@ -1,9 +0,0 @@ -# Space separated List of interfaces which needs to be started before -# hostapd -INTERFACES="wlan0" - -# Space separated list of configuration files -CONFIGS="/etc/hostapd/hostapd.conf" - -# Extra options to pass to hostapd, see hostapd(8) -OPTIONS="" diff --git a/net-wireless/hostapd/files/hostapd-init.d b/net-wireless/hostapd/files/hostapd-init.d deleted file mode 100644 index 3c0fdc9e843b..000000000000 --- a/net-wireless/hostapd/files/hostapd-init.d +++ /dev/null @@ -1,38 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -pidfile="/run/${SVCNAME}.pid" -command="/usr/sbin/hostapd" -command_args="-P ${pidfile} -B ${OPTIONS} ${CONFIGS}" - -extra_started_commands="reload" - -depend() { - local myneeds= - for iface in ${INTERFACES}; do - myneeds="${myneeds} net.${iface}" - done - - [ -n "${myneeds}" ] && need ${myneeds} - use logger -} - -start_pre() { - local file - - for file in ${CONFIGS}; do - if [ ! -r "${file}" ]; then - eerror "hostapd configuration file (${CONFIG}) not found" - return 1 - fi - done -} - -reload() { - start_pre || return 1 - - ebegin "Reloading ${SVCNAME} configuration" - kill -HUP $(cat ${pidfile}) > /dev/null 2>&1 - eend $? -} diff --git a/net-wireless/hostapd/files/hostapd.service b/net-wireless/hostapd/files/hostapd.service deleted file mode 100644 index 8f0ee8e8f744..000000000000 --- a/net-wireless/hostapd/files/hostapd.service +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator -After=network.target - -[Service] -ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd.conf - -[Install] -WantedBy=multi-user.target diff --git a/net-wireless/hostapd/hostapd-2.6-r4.ebuild b/net-wireless/hostapd/hostapd-2.6-r4.ebuild deleted file mode 100644 index 6f00dd912468..000000000000 --- a/net-wireless/hostapd/hostapd-2.6-r4.ebuild +++ /dev/null @@ -1,253 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI="6" - -inherit toolchain-funcs eutils systemd savedconfig - -DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon" -HOMEPAGE="http://hostap.epitest.fi" -SRC_URI="http://hostap.epitest.fi/releases/${P}.tar.gz" - -LICENSE="BSD" -SLOT="0" -KEYWORDS="amd64 arm ~mips ppc x86" -IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda" - -DEPEND=" - libressl? ( dev-libs/libressl:0= ) - !libressl? ( - internal-tls? ( dev-libs/libtommath ) - !internal-tls? ( dev-libs/openssl:0=[-bindist] ) - ) - kernel_linux? ( - dev-libs/libnl:3 - crda? ( net-wireless/crda ) - ) - netlink? ( net-libs/libnfnetlink ) - sqlite? ( >=dev-db/sqlite-3 )" - -RDEPEND="${DEPEND}" - -S="${S}/${PN}" - -pkg_pretend() { - if use internal-tls; then - if use libressl; then - elog "libressl flag takes precedence over internal-tls" - else - ewarn "internal-tls implementation is experimental and provides fewer features" - fi - fi -} - -src_prepare() { - # Allow users to apply patches to src/drivers for example, - # i.e. anything outside ${S}/${PN} - pushd ../ >/dev/null || die - - # Add LibreSSL compatibility patch bug (#567262) - eapply "${FILESDIR}/${P}-libressl-compatibility.patch" - - # https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt - eapply "${FILESDIR}/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch" - eapply "${FILESDIR}/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch" - eapply "${FILESDIR}/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch" - eapply "${FILESDIR}/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch" - eapply "${FILESDIR}/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch" - eapply "${FILESDIR}/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch" - eapply "${FILESDIR}/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch" - default - popd >/dev/null || die - - sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ - "${S}/hostapd.conf" || die - -} - -src_configure() { - local CONFIG="${S}/.config" - - restore_config "${CONFIG}" - if [[ -f "${CONFIG}" ]]; then - default_src_configure - return 0 - fi - - # toolchain setup - echo "CC = $(tc-getCC)" > ${CONFIG} - - # EAP authentication methods - echo "CONFIG_EAP=y" >> ${CONFIG} - echo "CONFIG_ERP=y" >> ${CONFIG} - echo "CONFIG_EAP_MD5=y" >> ${CONFIG} - - if use internal-tls && ! use libressl; then - echo "CONFIG_TLS=internal" >> ${CONFIG} - else - # SSL authentication methods - echo "CONFIG_EAP_FAST=y" >> ${CONFIG} - echo "CONFIG_EAP_TLS=y" >> ${CONFIG} - echo "CONFIG_EAP_TTLS=y" >> ${CONFIG} - echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG} - echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} - echo "CONFIG_TLSV11=y" >> ${CONFIG} - echo "CONFIG_TLSV12=y" >> ${CONFIG} - echo "CONFIG_EAP_PWD=y" >> ${CONFIG} - fi - - if use wps; then - # Enable Wi-Fi Protected Setup - echo "CONFIG_WPS=y" >> ${CONFIG} - echo "CONFIG_WPS2=y" >> ${CONFIG} - echo "CONFIG_WPS_UPNP=y" >> ${CONFIG} - echo "CONFIG_WPS_NFC=y" >> ${CONFIG} - einfo "Enabling Wi-Fi Protected Setup support" - fi - - echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG} - echo "CONFIG_EAP_TNC=y" >> ${CONFIG} - echo "CONFIG_EAP_GTC=y" >> ${CONFIG} - echo "CONFIG_EAP_SIM=y" >> ${CONFIG} - echo "CONFIG_EAP_AKA=y" >> ${CONFIG} - echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG} - echo "CONFIG_EAP_EKE=y" >> ${CONFIG} - echo "CONFIG_EAP_PAX=y" >> ${CONFIG} - echo "CONFIG_EAP_PSK=y" >> ${CONFIG} - echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} - echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} - echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} - - einfo "Enabling drivers: " - - # drivers - echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG} - einfo " HostAP driver enabled" - echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG} - einfo " Wired driver enabled" - echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG} - einfo " None driver enabled" - - einfo " nl80211 driver enabled" - echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG} - - # epoll - echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG} - - # misc - echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG} - echo "CONFIG_PKCS12=y" >> ${CONFIG} - echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG} - echo "CONFIG_IAPP=y" >> ${CONFIG} - echo "CONFIG_IEEE80211R=y" >> ${CONFIG} - echo "CONFIG_IEEE80211W=y" >> ${CONFIG} - echo "CONFIG_IEEE80211N=y" >> ${CONFIG} - echo "CONFIG_IEEE80211AC=y" >> ${CONFIG} - echo "CONFIG_PEERKEY=y" >> ${CONFIG} - echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG} - echo "CONFIG_INTERWORKING=y" >> ${CONFIG} - echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG} - echo "CONFIG_HS20=y" >> ${CONFIG} - echo "CONFIG_WNM=y" >> ${CONFIG} - echo "CONFIG_FST=y" >> ${CONFIG} - echo "CONFIG_FST_TEST=y" >> ${CONFIG} - echo "CONFIG_ACS=y" >> ${CONFIG} - - if use netlink; then - # Netlink support - echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG} - fi - - if use ipv6; then - # IPv6 support - echo "CONFIG_IPV6=y" >> ${CONFIG} - fi - - if use sqlite; then - # Sqlite support - echo "CONFIG_SQLITE=y" >> ${CONFIG} - fi - - # If we are using libnl 2.0 and above, enable support for it - # Removed for now, since the 3.2 version is broken, and we don't - # support it. - if has_version ">=dev-libs/libnl-3.2"; then - echo "CONFIG_LIBNL32=y" >> .config - fi - - # TODO: Add support for BSD drivers - - default_src_configure -} - -src_compile() { - emake V=1 - - if use libressl || ! use internal-tls; then - emake V=1 nt_password_hash - emake V=1 hlr_auc_gw - fi -} - -src_install() { - insinto /etc/${PN} - doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk} - - fperms -R 600 /etc/${PN} - - dosbin ${PN} - dobin ${PN}_cli - - if use libressl || ! use internal-tls; then - dobin nt_password_hash hlr_auc_gw - fi - - newinitd "${FILESDIR}"/${PN}-init.d ${PN} - newconfd "${FILESDIR}"/${PN}-conf.d ${PN} - systemd_dounit "${FILESDIR}"/${PN}.service - - doman ${PN}{.8,_cli.1} - - dodoc ChangeLog README - use wps && dodoc README-WPS - - docinto examples - dodoc wired.conf - - if use logwatch; then - insinto /etc/log.d/conf/services/ - doins logwatch/${PN}.conf - - exeinto /etc/log.d/scripts/services/ - doexe logwatch/${PN} - fi - - save_config .config -} - -pkg_postinst() { - einfo - einfo "If you are running openRC you need to follow this instructions:" - einfo "In order to use ${PN} you need to set up your wireless card" - einfo "for master mode in /etc/conf.d/net and then start" - einfo "/etc/init.d/${PN}." - einfo - einfo "Example configuration:" - einfo - einfo "config_wlan0=( \"192.168.1.1/24\" )" - einfo "channel_wlan0=\"6\"" - einfo "essid_wlan0=\"test\"" - einfo "mode_wlan0=\"master\"" - einfo - #if [ -e "${KV_DIR}"/net/mac80211 ]; then - # einfo "This package now compiles against the headers installed by" - # einfo "the kernel source for the mac80211 driver. You should " - # einfo "re-emerge ${PN} after upgrading your kernel source." - #fi - - if use wps; then - einfo "You have enabled Wi-Fi Protected Setup support, please" - einfo "read the README-WPS file in /usr/share/doc/${P}" - einfo "for info on how to use WPS" - fi -} diff --git a/net-wireless/hostapd/hostapd-2.6-r5.ebuild b/net-wireless/hostapd/hostapd-2.6-r5.ebuild deleted file mode 100644 index 82e50e8b7f08..000000000000 --- a/net-wireless/hostapd/hostapd-2.6-r5.ebuild +++ /dev/null @@ -1,256 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI="6" - -inherit toolchain-funcs eutils systemd savedconfig - -DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon" -HOMEPAGE="http://w1.fi" -EXTRAS_VER="2.6-r5" -EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras" -SRC_URI="http://w1.fi/releases/${P}.tar.gz - https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz" - -LICENSE="BSD" -SLOT="0" -KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" -IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda" - -DEPEND=" - libressl? ( dev-libs/libressl:0= ) - !libressl? ( - internal-tls? ( dev-libs/libtommath ) - !internal-tls? ( dev-libs/openssl:0=[-bindist] ) - ) - kernel_linux? ( - dev-libs/libnl:3 - crda? ( net-wireless/crda ) - ) - netlink? ( net-libs/libnfnetlink ) - sqlite? ( >=dev-db/sqlite-3 )" - -RDEPEND="${DEPEND}" - -S="${S}/${PN}" - -pkg_pretend() { - if use internal-tls; then - if use libressl; then - elog "libressl flag takes precedence over internal-tls" - else - ewarn "internal-tls implementation is experimental and provides fewer features" - fi - fi -} - -src_prepare() { - # Allow users to apply patches to src/drivers for example, - # i.e. anything outside ${S}/${PN} - pushd ../ >/dev/null || die - - # Add LibreSSL compatibility patch bug (#567262) - eapply "${WORKDIR}/${EXTRAS_NAME}/${P}-libressl-compatibility.patch" - - # https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch" - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch" - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch" - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch" - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch" - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch" - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch" - default - popd >/dev/null || die - - sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ - "${S}/hostapd.conf" || die - -} - -src_configure() { - local CONFIG="${S}/.config" - - restore_config "${CONFIG}" - if [[ -f "${CONFIG}" ]]; then - default_src_configure - return 0 - fi - - # toolchain setup - echo "CC = $(tc-getCC)" > ${CONFIG} - - # EAP authentication methods - echo "CONFIG_EAP=y" >> ${CONFIG} - echo "CONFIG_ERP=y" >> ${CONFIG} - echo "CONFIG_EAP_MD5=y" >> ${CONFIG} - - if use internal-tls && ! use libressl; then - echo "CONFIG_TLS=internal" >> ${CONFIG} - else - # SSL authentication methods - echo "CONFIG_EAP_FAST=y" >> ${CONFIG} - echo "CONFIG_EAP_TLS=y" >> ${CONFIG} - echo "CONFIG_EAP_TTLS=y" >> ${CONFIG} - echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG} - echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} - echo "CONFIG_TLSV11=y" >> ${CONFIG} - echo "CONFIG_TLSV12=y" >> ${CONFIG} - echo "CONFIG_EAP_PWD=y" >> ${CONFIG} - fi - - if use wps; then - # Enable Wi-Fi Protected Setup - echo "CONFIG_WPS=y" >> ${CONFIG} - echo "CONFIG_WPS2=y" >> ${CONFIG} - echo "CONFIG_WPS_UPNP=y" >> ${CONFIG} - echo "CONFIG_WPS_NFC=y" >> ${CONFIG} - einfo "Enabling Wi-Fi Protected Setup support" - fi - - echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG} - echo "CONFIG_EAP_TNC=y" >> ${CONFIG} - echo "CONFIG_EAP_GTC=y" >> ${CONFIG} - echo "CONFIG_EAP_SIM=y" >> ${CONFIG} - echo "CONFIG_EAP_AKA=y" >> ${CONFIG} - echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG} - echo "CONFIG_EAP_EKE=y" >> ${CONFIG} - echo "CONFIG_EAP_PAX=y" >> ${CONFIG} - echo "CONFIG_EAP_PSK=y" >> ${CONFIG} - echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} - echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} - echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} - - einfo "Enabling drivers: " - - # drivers - echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG} - einfo " HostAP driver enabled" - echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG} - einfo " Wired driver enabled" - echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG} - einfo " None driver enabled" - - einfo " nl80211 driver enabled" - echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG} - - # epoll - echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG} - - # misc - echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG} - echo "CONFIG_PKCS12=y" >> ${CONFIG} - echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG} - echo "CONFIG_IAPP=y" >> ${CONFIG} - echo "CONFIG_IEEE80211R=y" >> ${CONFIG} - echo "CONFIG_IEEE80211W=y" >> ${CONFIG} - echo "CONFIG_IEEE80211N=y" >> ${CONFIG} - echo "CONFIG_IEEE80211AC=y" >> ${CONFIG} - echo "CONFIG_PEERKEY=y" >> ${CONFIG} - echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG} - echo "CONFIG_INTERWORKING=y" >> ${CONFIG} - echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG} - echo "CONFIG_HS20=y" >> ${CONFIG} - echo "CONFIG_WNM=y" >> ${CONFIG} - echo "CONFIG_FST=y" >> ${CONFIG} - echo "CONFIG_FST_TEST=y" >> ${CONFIG} - echo "CONFIG_ACS=y" >> ${CONFIG} - - if use netlink; then - # Netlink support - echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG} - fi - - if use ipv6; then - # IPv6 support - echo "CONFIG_IPV6=y" >> ${CONFIG} - fi - - if use sqlite; then - # Sqlite support - echo "CONFIG_SQLITE=y" >> ${CONFIG} - fi - - # If we are using libnl 2.0 and above, enable support for it - # Removed for now, since the 3.2 version is broken, and we don't - # support it. - if has_version ">=dev-libs/libnl-3.2"; then - echo "CONFIG_LIBNL32=y" >> .config - fi - - # TODO: Add support for BSD drivers - - default_src_configure -} - -src_compile() { - emake V=1 - - if use libressl || ! use internal-tls; then - emake V=1 nt_password_hash - emake V=1 hlr_auc_gw - fi -} - -src_install() { - insinto /etc/${PN} - doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk} - - fperms -R 600 /etc/${PN} - - dosbin ${PN} - dobin ${PN}_cli - - if use libressl || ! use internal-tls; then - dobin nt_password_hash hlr_auc_gw - fi - - newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN} - newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN} - systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service - - doman ${PN}{.8,_cli.1} - - dodoc ChangeLog README - use wps && dodoc README-WPS - - docinto examples - dodoc wired.conf - - if use logwatch; then - insinto /etc/log.d/conf/services/ - doins logwatch/${PN}.conf - - exeinto /etc/log.d/scripts/services/ - doexe logwatch/${PN} - fi - - save_config .config -} - -pkg_postinst() { - einfo - einfo "If you are running openRC you need to follow this instructions:" - einfo "In order to use ${PN} you need to set up your wireless card" - einfo "for master mode in /etc/conf.d/net and then start" - einfo "/etc/init.d/${PN}." - einfo - einfo "Example configuration:" - einfo - einfo "config_wlan0=( \"192.168.1.1/24\" )" - einfo "channel_wlan0=\"6\"" - einfo "essid_wlan0=\"test\"" - einfo "mode_wlan0=\"master\"" - einfo - #if [ -e "${KV_DIR}"/net/mac80211 ]; then - # einfo "This package now compiles against the headers installed by" - # einfo "the kernel source for the mac80211 driver. You should " - # einfo "re-emerge ${PN} after upgrading your kernel source." - #fi - - if use wps; then - einfo "You have enabled Wi-Fi Protected Setup support, please" - einfo "read the README-WPS file in /usr/share/doc/${P}" - einfo "for info on how to use WPS" - fi -} diff --git a/net-wireless/hostapd/hostapd-2.6-r6.ebuild b/net-wireless/hostapd/hostapd-2.6-r6.ebuild deleted file mode 100644 index 484677f3913d..000000000000 --- a/net-wireless/hostapd/hostapd-2.6-r6.ebuild +++ /dev/null @@ -1,259 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI="6" - -inherit toolchain-funcs eutils systemd savedconfig - -DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon" -HOMEPAGE="http://w1.fi" -EXTRAS_VER="2.6-r6" -EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras" -SRC_URI="http://w1.fi/releases/${P}.tar.gz - https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz" - -LICENSE="BSD" -SLOT="0" -KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" -IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda" - -DEPEND=" - libressl? ( dev-libs/libressl:0= ) - !libressl? ( - internal-tls? ( dev-libs/libtommath ) - !internal-tls? ( dev-libs/openssl:0=[-bindist] ) - ) - kernel_linux? ( - dev-libs/libnl:3 - crda? ( net-wireless/crda ) - ) - netlink? ( net-libs/libnfnetlink ) - sqlite? ( >=dev-db/sqlite-3 )" - -RDEPEND="${DEPEND}" - -S="${S}/${PN}" - -pkg_pretend() { - if use internal-tls; then - if use libressl; then - elog "libressl flag takes precedence over internal-tls" - else - ewarn "internal-tls implementation is experimental and provides fewer features" - fi - fi -} - -src_prepare() { - # Allow users to apply patches to src/drivers for example, - # i.e. anything outside ${S}/${PN} - pushd ../ >/dev/null || die - - # Add LibreSSL compatibility patch bug (#567262) - eapply "${WORKDIR}/${EXTRAS_NAME}/${P}-libressl-compatibility.patch" - - # https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch" - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch" - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch" - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch" - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch" - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch" - eapply "${WORKDIR}/${EXTRAS_NAME}/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch" - - eapply "${WORKDIR}/${EXTRAS_NAME}/nl80211-Fix-NL80211_ATTR_SMPS_MODE-encoding.patch" - - default - popd >/dev/null || die - - sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ - "${S}/hostapd.conf" || die - -} - -src_configure() { - local CONFIG="${S}/.config" - - restore_config "${CONFIG}" - if [[ -f "${CONFIG}" ]]; then - default_src_configure - return 0 - fi - - # toolchain setup - echo "CC = $(tc-getCC)" > ${CONFIG} - - # EAP authentication methods - echo "CONFIG_EAP=y" >> ${CONFIG} - echo "CONFIG_ERP=y" >> ${CONFIG} - echo "CONFIG_EAP_MD5=y" >> ${CONFIG} - - if use internal-tls && ! use libressl; then - echo "CONFIG_TLS=internal" >> ${CONFIG} - else - # SSL authentication methods - echo "CONFIG_EAP_FAST=y" >> ${CONFIG} - echo "CONFIG_EAP_TLS=y" >> ${CONFIG} - echo "CONFIG_EAP_TTLS=y" >> ${CONFIG} - echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG} - echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} - echo "CONFIG_TLSV11=y" >> ${CONFIG} - echo "CONFIG_TLSV12=y" >> ${CONFIG} - echo "CONFIG_EAP_PWD=y" >> ${CONFIG} - fi - - if use wps; then - # Enable Wi-Fi Protected Setup - echo "CONFIG_WPS=y" >> ${CONFIG} - echo "CONFIG_WPS2=y" >> ${CONFIG} - echo "CONFIG_WPS_UPNP=y" >> ${CONFIG} - echo "CONFIG_WPS_NFC=y" >> ${CONFIG} - einfo "Enabling Wi-Fi Protected Setup support" - fi - - echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG} - echo "CONFIG_EAP_TNC=y" >> ${CONFIG} - echo "CONFIG_EAP_GTC=y" >> ${CONFIG} - echo "CONFIG_EAP_SIM=y" >> ${CONFIG} - echo "CONFIG_EAP_AKA=y" >> ${CONFIG} - echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG} - echo "CONFIG_EAP_EKE=y" >> ${CONFIG} - echo "CONFIG_EAP_PAX=y" >> ${CONFIG} - echo "CONFIG_EAP_PSK=y" >> ${CONFIG} - echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} - echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} - echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} - - einfo "Enabling drivers: " - - # drivers - echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG} - einfo " HostAP driver enabled" - echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG} - einfo " Wired driver enabled" - echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG} - einfo " None driver enabled" - - einfo " nl80211 driver enabled" - echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG} - - # epoll - echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG} - - # misc - echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG} - echo "CONFIG_PKCS12=y" >> ${CONFIG} - echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG} - echo "CONFIG_IAPP=y" >> ${CONFIG} - echo "CONFIG_IEEE80211R=y" >> ${CONFIG} - echo "CONFIG_IEEE80211W=y" >> ${CONFIG} - echo "CONFIG_IEEE80211N=y" >> ${CONFIG} - echo "CONFIG_IEEE80211AC=y" >> ${CONFIG} - echo "CONFIG_PEERKEY=y" >> ${CONFIG} - echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG} - echo "CONFIG_INTERWORKING=y" >> ${CONFIG} - echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG} - echo "CONFIG_HS20=y" >> ${CONFIG} - echo "CONFIG_WNM=y" >> ${CONFIG} - echo "CONFIG_FST=y" >> ${CONFIG} - echo "CONFIG_FST_TEST=y" >> ${CONFIG} - echo "CONFIG_ACS=y" >> ${CONFIG} - - if use netlink; then - # Netlink support - echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG} - fi - - if use ipv6; then - # IPv6 support - echo "CONFIG_IPV6=y" >> ${CONFIG} - fi - - if use sqlite; then - # Sqlite support - echo "CONFIG_SQLITE=y" >> ${CONFIG} - fi - - # If we are using libnl 2.0 and above, enable support for it - # Removed for now, since the 3.2 version is broken, and we don't - # support it. - if has_version ">=dev-libs/libnl-3.2"; then - echo "CONFIG_LIBNL32=y" >> .config - fi - - # TODO: Add support for BSD drivers - - default_src_configure -} - -src_compile() { - emake V=1 - - if use libressl || ! use internal-tls; then - emake V=1 nt_password_hash - emake V=1 hlr_auc_gw - fi -} - -src_install() { - insinto /etc/${PN} - doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk} - - fperms -R 600 /etc/${PN} - - dosbin ${PN} - dobin ${PN}_cli - - if use libressl || ! use internal-tls; then - dobin nt_password_hash hlr_auc_gw - fi - - newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN} - newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN} - systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service - - doman ${PN}{.8,_cli.1} - - dodoc ChangeLog README - use wps && dodoc README-WPS - - docinto examples - dodoc wired.conf - - if use logwatch; then - insinto /etc/log.d/conf/services/ - doins logwatch/${PN}.conf - - exeinto /etc/log.d/scripts/services/ - doexe logwatch/${PN} - fi - - save_config .config -} - -pkg_postinst() { - einfo - einfo "If you are running openRC you need to follow this instructions:" - einfo "In order to use ${PN} you need to set up your wireless card" - einfo "for master mode in /etc/conf.d/net and then start" - einfo "/etc/init.d/${PN}." - einfo - einfo "Example configuration:" - einfo - einfo "config_wlan0=( \"192.168.1.1/24\" )" - einfo "channel_wlan0=\"6\"" - einfo "essid_wlan0=\"test\"" - einfo "mode_wlan0=\"master\"" - einfo - #if [ -e "${KV_DIR}"/net/mac80211 ]; then - # einfo "This package now compiles against the headers installed by" - # einfo "the kernel source for the mac80211 driver. You should " - # einfo "re-emerge ${PN} after upgrading your kernel source." - #fi - - if use wps; then - einfo "You have enabled Wi-Fi Protected Setup support, please" - einfo "read the README-WPS file in /usr/share/doc/${P}" - einfo "for info on how to use WPS" - fi -} diff --git a/net-wireless/hostapd/hostapd-2.6_p20180822.ebuild b/net-wireless/hostapd/hostapd-2.6_p20180822.ebuild deleted file mode 100644 index 342d0151c2d8..000000000000 --- a/net-wireless/hostapd/hostapd-2.6_p20180822.ebuild +++ /dev/null @@ -1,262 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI="6" - -inherit toolchain-funcs eutils systemd savedconfig - -DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon" -HOMEPAGE="http://w1.fi" -EXTRAS_VER="2.6-r5" -EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras" -SRC_URI="https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz" - -if [[ $PV == 9999 ]]; then - inherit git-r3 - EGIT_REPO_URI="https://w1.fi/hostap.git" -else - if [[ $PV =~ ^.*_p[0-9]{8}$ ]]; then - SRC_URI+=" https://dev.gentoo.org/~andrey_utkin/distfiles/${P}.tar.xz" - else - SRC_URI+=" https://w1.fi/releases/${P}.tar.gz" - fi - # Never stabilize snapshot ebuilds please - KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" -fi - -LICENSE="BSD" -SLOT="0" -IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda" - -DEPEND=" - libressl? ( dev-libs/libressl:0= ) - !libressl? ( - internal-tls? ( dev-libs/libtommath ) - !internal-tls? ( dev-libs/openssl:0=[-bindist] ) - ) - kernel_linux? ( - dev-libs/libnl:3 - crda? ( net-wireless/crda ) - ) - netlink? ( net-libs/libnfnetlink ) - sqlite? ( >=dev-db/sqlite-3 )" - -RDEPEND="${DEPEND}" - -S="${S}/${PN}" - -pkg_pretend() { - if use internal-tls; then - if use libressl; then - elog "libressl flag takes precedence over internal-tls" - else - ewarn "internal-tls implementation is experimental and provides fewer features" - fi - fi -} - -src_unpack() { - # Override default one because we need the SRC_URI ones even in case of 9999 ebuilds - default - if [[ ${PV} == 9999 ]] ; then - git-r3_src_unpack - fi -} - -src_prepare() { - # Allow users to apply patches to src/drivers for example, - # i.e. anything outside ${S}/${PN} - pushd ../ >/dev/null || die - default - popd >/dev/null || die - - sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ - "${S}/hostapd.conf" || die -} - -src_configure() { - local CONFIG="${S}/.config" - - restore_config "${CONFIG}" - if [[ -f "${CONFIG}" ]]; then - default_src_configure - return 0 - fi - - # toolchain setup - echo "CC = $(tc-getCC)" > ${CONFIG} - - # EAP authentication methods - echo "CONFIG_EAP=y" >> ${CONFIG} - echo "CONFIG_ERP=y" >> ${CONFIG} - echo "CONFIG_EAP_MD5=y" >> ${CONFIG} - - if use internal-tls && ! use libressl; then - echo "CONFIG_TLS=internal" >> ${CONFIG} - else - # SSL authentication methods - echo "CONFIG_EAP_FAST=y" >> ${CONFIG} - echo "CONFIG_EAP_TLS=y" >> ${CONFIG} - echo "CONFIG_EAP_TTLS=y" >> ${CONFIG} - echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG} - echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} - echo "CONFIG_TLSV11=y" >> ${CONFIG} - echo "CONFIG_TLSV12=y" >> ${CONFIG} - echo "CONFIG_EAP_PWD=y" >> ${CONFIG} - fi - - if use wps; then - # Enable Wi-Fi Protected Setup - echo "CONFIG_WPS=y" >> ${CONFIG} - echo "CONFIG_WPS2=y" >> ${CONFIG} - echo "CONFIG_WPS_UPNP=y" >> ${CONFIG} - echo "CONFIG_WPS_NFC=y" >> ${CONFIG} - einfo "Enabling Wi-Fi Protected Setup support" - fi - - echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG} - echo "CONFIG_EAP_TNC=y" >> ${CONFIG} - echo "CONFIG_EAP_GTC=y" >> ${CONFIG} - echo "CONFIG_EAP_SIM=y" >> ${CONFIG} - echo "CONFIG_EAP_AKA=y" >> ${CONFIG} - echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG} - echo "CONFIG_EAP_EKE=y" >> ${CONFIG} - echo "CONFIG_EAP_PAX=y" >> ${CONFIG} - echo "CONFIG_EAP_PSK=y" >> ${CONFIG} - echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} - echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} - echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} - - einfo "Enabling drivers: " - - # drivers - echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG} - einfo " HostAP driver enabled" - echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG} - einfo " Wired driver enabled" - echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG} - einfo " None driver enabled" - - einfo " nl80211 driver enabled" - echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG} - - # epoll - echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG} - - # misc - echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG} - echo "CONFIG_PKCS12=y" >> ${CONFIG} - echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG} - echo "CONFIG_IAPP=y" >> ${CONFIG} - echo "CONFIG_IEEE80211R=y" >> ${CONFIG} - echo "CONFIG_IEEE80211W=y" >> ${CONFIG} - echo "CONFIG_IEEE80211N=y" >> ${CONFIG} - echo "CONFIG_IEEE80211AC=y" >> ${CONFIG} - echo "CONFIG_PEERKEY=y" >> ${CONFIG} - echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG} - echo "CONFIG_INTERWORKING=y" >> ${CONFIG} - echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG} - echo "CONFIG_HS20=y" >> ${CONFIG} - echo "CONFIG_WNM=y" >> ${CONFIG} - echo "CONFIG_FST=y" >> ${CONFIG} - echo "CONFIG_FST_TEST=y" >> ${CONFIG} - echo "CONFIG_ACS=y" >> ${CONFIG} - - if use netlink; then - # Netlink support - echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG} - fi - - if use ipv6; then - # IPv6 support - echo "CONFIG_IPV6=y" >> ${CONFIG} - fi - - if use sqlite; then - # Sqlite support - echo "CONFIG_SQLITE=y" >> ${CONFIG} - fi - - # If we are using libnl 2.0 and above, enable support for it - # Removed for now, since the 3.2 version is broken, and we don't - # support it. - if has_version ">=dev-libs/libnl-3.2"; then - echo "CONFIG_LIBNL32=y" >> .config - fi - - # TODO: Add support for BSD drivers - - default_src_configure -} - -src_compile() { - emake V=1 - - if use libressl || ! use internal-tls; then - emake V=1 nt_password_hash - emake V=1 hlr_auc_gw - fi -} - -src_install() { - insinto /etc/${PN} - doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk} - - fperms -R 600 /etc/${PN} - - dosbin ${PN} - dobin ${PN}_cli - - if use libressl || ! use internal-tls; then - dobin nt_password_hash hlr_auc_gw - fi - - newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN} - newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN} - systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service - - doman ${PN}{.8,_cli.1} - - dodoc ChangeLog README - use wps && dodoc README-WPS - - docinto examples - dodoc wired.conf - - if use logwatch; then - insinto /etc/log.d/conf/services/ - doins logwatch/${PN}.conf - - exeinto /etc/log.d/scripts/services/ - doexe logwatch/${PN} - fi - - save_config .config -} - -pkg_postinst() { - einfo - einfo "If you are running openRC you need to follow this instructions:" - einfo "In order to use ${PN} you need to set up your wireless card" - einfo "for master mode in /etc/conf.d/net and then start" - einfo "/etc/init.d/${PN}." - einfo - einfo "Example configuration:" - einfo - einfo "config_wlan0=( \"192.168.1.1/24\" )" - einfo "channel_wlan0=\"6\"" - einfo "essid_wlan0=\"test\"" - einfo "mode_wlan0=\"master\"" - einfo - #if [ -e "${KV_DIR}"/net/mac80211 ]; then - # einfo "This package now compiles against the headers installed by" - # einfo "the kernel source for the mac80211 driver. You should " - # einfo "re-emerge ${PN} after upgrading your kernel source." - #fi - - if use wps; then - einfo "You have enabled Wi-Fi Protected Setup support, please" - einfo "read the README-WPS file in /usr/share/doc/${P}" - einfo "for info on how to use WPS" - fi -} diff --git a/net-wireless/hostapd/hostapd-2.7-r1.ebuild b/net-wireless/hostapd/hostapd-2.7-r1.ebuild deleted file mode 100644 index a7e0d6678cb1..000000000000 --- a/net-wireless/hostapd/hostapd-2.7-r1.ebuild +++ /dev/null @@ -1,266 +0,0 @@ -# Copyright 1999-2018 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="6" - -inherit toolchain-funcs eutils systemd savedconfig - -DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon" -HOMEPAGE="http://w1.fi" -EXTRAS_VER="2.7-r1" -EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras" -SRC_URI="https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz" - -if [[ $PV == 9999 ]]; then - inherit git-r3 - EGIT_REPO_URI="https://w1.fi/hostap.git" -else - if [[ $PV =~ ^.*_p[0-9]{8}$ ]]; then - SRC_URI+=" https://dev.gentoo.org/~andrey_utkin/distfiles/${P}.tar.xz" - else - SRC_URI+=" https://w1.fi/releases/${P}.tar.gz" - fi - # Never stabilize snapshot ebuilds please - KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" -fi - -LICENSE="BSD" -SLOT="0" -IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda" - -DEPEND=" - libressl? ( dev-libs/libressl:0= ) - !libressl? ( - internal-tls? ( dev-libs/libtommath ) - !internal-tls? ( dev-libs/openssl:0=[-bindist] ) - ) - kernel_linux? ( - dev-libs/libnl:3 - crda? ( net-wireless/crda ) - ) - netlink? ( net-libs/libnfnetlink ) - sqlite? ( >=dev-db/sqlite-3 )" - -RDEPEND="${DEPEND}" - -PATCHES=( - "${WORKDIR}/${EXTRAS_NAME}/0001-bug672834-libressl.patch" -) - -S="${S}/${PN}" - -pkg_pretend() { - if use internal-tls; then - if use libressl; then - elog "libressl flag takes precedence over internal-tls" - else - ewarn "internal-tls implementation is experimental and provides fewer features" - fi - fi -} - -src_unpack() { - # Override default one because we need the SRC_URI ones even in case of 9999 ebuilds - default - if [[ ${PV} == 9999 ]] ; then - git-r3_src_unpack - fi -} - -src_prepare() { - # Allow users to apply patches to src/drivers for example, - # i.e. anything outside ${S}/${PN} - pushd ../ >/dev/null || die - default - popd >/dev/null || die - - sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ - "${S}/hostapd.conf" || die -} - -src_configure() { - local CONFIG="${S}/.config" - - restore_config "${CONFIG}" - if [[ -f "${CONFIG}" ]]; then - default_src_configure - return 0 - fi - - # toolchain setup - echo "CC = $(tc-getCC)" > ${CONFIG} - - # EAP authentication methods - echo "CONFIG_EAP=y" >> ${CONFIG} - echo "CONFIG_ERP=y" >> ${CONFIG} - echo "CONFIG_EAP_MD5=y" >> ${CONFIG} - - if use internal-tls && ! use libressl; then - echo "CONFIG_TLS=internal" >> ${CONFIG} - else - # SSL authentication methods - echo "CONFIG_EAP_FAST=y" >> ${CONFIG} - echo "CONFIG_EAP_TLS=y" >> ${CONFIG} - echo "CONFIG_EAP_TTLS=y" >> ${CONFIG} - echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG} - echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} - echo "CONFIG_TLSV11=y" >> ${CONFIG} - echo "CONFIG_TLSV12=y" >> ${CONFIG} - echo "CONFIG_EAP_PWD=y" >> ${CONFIG} - fi - - if use wps; then - # Enable Wi-Fi Protected Setup - echo "CONFIG_WPS=y" >> ${CONFIG} - echo "CONFIG_WPS2=y" >> ${CONFIG} - echo "CONFIG_WPS_UPNP=y" >> ${CONFIG} - echo "CONFIG_WPS_NFC=y" >> ${CONFIG} - einfo "Enabling Wi-Fi Protected Setup support" - fi - - echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG} - echo "CONFIG_EAP_TNC=y" >> ${CONFIG} - echo "CONFIG_EAP_GTC=y" >> ${CONFIG} - echo "CONFIG_EAP_SIM=y" >> ${CONFIG} - echo "CONFIG_EAP_AKA=y" >> ${CONFIG} - echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG} - echo "CONFIG_EAP_EKE=y" >> ${CONFIG} - echo "CONFIG_EAP_PAX=y" >> ${CONFIG} - echo "CONFIG_EAP_PSK=y" >> ${CONFIG} - echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} - echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} - echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} - - einfo "Enabling drivers: " - - # drivers - echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG} - einfo " HostAP driver enabled" - echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG} - einfo " Wired driver enabled" - echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG} - einfo " None driver enabled" - - einfo " nl80211 driver enabled" - echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG} - - # epoll - echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG} - - # misc - echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG} - echo "CONFIG_PKCS12=y" >> ${CONFIG} - echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG} - echo "CONFIG_IAPP=y" >> ${CONFIG} - echo "CONFIG_IEEE80211R=y" >> ${CONFIG} - echo "CONFIG_IEEE80211W=y" >> ${CONFIG} - echo "CONFIG_IEEE80211N=y" >> ${CONFIG} - echo "CONFIG_IEEE80211AC=y" >> ${CONFIG} - echo "CONFIG_PEERKEY=y" >> ${CONFIG} - echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG} - echo "CONFIG_INTERWORKING=y" >> ${CONFIG} - echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG} - echo "CONFIG_HS20=y" >> ${CONFIG} - echo "CONFIG_WNM=y" >> ${CONFIG} - echo "CONFIG_FST=y" >> ${CONFIG} - echo "CONFIG_FST_TEST=y" >> ${CONFIG} - echo "CONFIG_ACS=y" >> ${CONFIG} - - if use netlink; then - # Netlink support - echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG} - fi - - if use ipv6; then - # IPv6 support - echo "CONFIG_IPV6=y" >> ${CONFIG} - fi - - if use sqlite; then - # Sqlite support - echo "CONFIG_SQLITE=y" >> ${CONFIG} - fi - - # If we are using libnl 2.0 and above, enable support for it - # Removed for now, since the 3.2 version is broken, and we don't - # support it. - if has_version ">=dev-libs/libnl-3.2"; then - echo "CONFIG_LIBNL32=y" >> .config - fi - - # TODO: Add support for BSD drivers - - default_src_configure -} - -src_compile() { - emake V=1 - - if use libressl || ! use internal-tls; then - emake V=1 nt_password_hash - emake V=1 hlr_auc_gw - fi -} - -src_install() { - insinto /etc/${PN} - doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk} - - fperms -R 600 /etc/${PN} - - dosbin ${PN} - dobin ${PN}_cli - - if use libressl || ! use internal-tls; then - dobin nt_password_hash hlr_auc_gw - fi - - newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN} - newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN} - systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service - - doman ${PN}{.8,_cli.1} - - dodoc ChangeLog README - use wps && dodoc README-WPS - - docinto examples - dodoc wired.conf - - if use logwatch; then - insinto /etc/log.d/conf/services/ - doins logwatch/${PN}.conf - - exeinto /etc/log.d/scripts/services/ - doexe logwatch/${PN} - fi - - save_config .config -} - -pkg_postinst() { - einfo - einfo "If you are running openRC you need to follow this instructions:" - einfo "In order to use ${PN} you need to set up your wireless card" - einfo "for master mode in /etc/conf.d/net and then start" - einfo "/etc/init.d/${PN}." - einfo - einfo "Example configuration:" - einfo - einfo "config_wlan0=( \"192.168.1.1/24\" )" - einfo "channel_wlan0=\"6\"" - einfo "essid_wlan0=\"test\"" - einfo "mode_wlan0=\"master\"" - einfo - #if [ -e "${KV_DIR}"/net/mac80211 ]; then - # einfo "This package now compiles against the headers installed by" - # einfo "the kernel source for the mac80211 driver. You should " - # einfo "re-emerge ${PN} after upgrading your kernel source." - #fi - - if use wps; then - einfo "You have enabled Wi-Fi Protected Setup support, please" - einfo "read the README-WPS file in /usr/share/doc/${P}" - einfo "for info on how to use WPS" - fi -} diff --git a/net-wireless/hostapd/hostapd-2.7.ebuild b/net-wireless/hostapd/hostapd-2.7.ebuild deleted file mode 100644 index 6e23c9c82953..000000000000 --- a/net-wireless/hostapd/hostapd-2.7.ebuild +++ /dev/null @@ -1,262 +0,0 @@ -# Copyright 1999-2018 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="6" - -inherit toolchain-funcs eutils systemd savedconfig - -DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon" -HOMEPAGE="http://w1.fi" -EXTRAS_VER="2.6-r5" -EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras" -SRC_URI="https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz" - -if [[ $PV == 9999 ]]; then - inherit git-r3 - EGIT_REPO_URI="https://w1.fi/hostap.git" -else - if [[ $PV =~ ^.*_p[0-9]{8}$ ]]; then - SRC_URI+=" https://dev.gentoo.org/~andrey_utkin/distfiles/${P}.tar.xz" - else - SRC_URI+=" https://w1.fi/releases/${P}.tar.gz" - fi - # Never stabilize snapshot ebuilds please - KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" -fi - -LICENSE="BSD" -SLOT="0" -IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda" - -DEPEND=" - libressl? ( dev-libs/libressl:0= ) - !libressl? ( - internal-tls? ( dev-libs/libtommath ) - !internal-tls? ( dev-libs/openssl:0=[-bindist] ) - ) - kernel_linux? ( - dev-libs/libnl:3 - crda? ( net-wireless/crda ) - ) - netlink? ( net-libs/libnfnetlink ) - sqlite? ( >=dev-db/sqlite-3 )" - -RDEPEND="${DEPEND}" - -S="${S}/${PN}" - -pkg_pretend() { - if use internal-tls; then - if use libressl; then - elog "libressl flag takes precedence over internal-tls" - else - ewarn "internal-tls implementation is experimental and provides fewer features" - fi - fi -} - -src_unpack() { - # Override default one because we need the SRC_URI ones even in case of 9999 ebuilds - default - if [[ ${PV} == 9999 ]] ; then - git-r3_src_unpack - fi -} - -src_prepare() { - # Allow users to apply patches to src/drivers for example, - # i.e. anything outside ${S}/${PN} - pushd ../ >/dev/null || die - default - popd >/dev/null || die - - sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ - "${S}/hostapd.conf" || die -} - -src_configure() { - local CONFIG="${S}/.config" - - restore_config "${CONFIG}" - if [[ -f "${CONFIG}" ]]; then - default_src_configure - return 0 - fi - - # toolchain setup - echo "CC = $(tc-getCC)" > ${CONFIG} - - # EAP authentication methods - echo "CONFIG_EAP=y" >> ${CONFIG} - echo "CONFIG_ERP=y" >> ${CONFIG} - echo "CONFIG_EAP_MD5=y" >> ${CONFIG} - - if use internal-tls && ! use libressl; then - echo "CONFIG_TLS=internal" >> ${CONFIG} - else - # SSL authentication methods - echo "CONFIG_EAP_FAST=y" >> ${CONFIG} - echo "CONFIG_EAP_TLS=y" >> ${CONFIG} - echo "CONFIG_EAP_TTLS=y" >> ${CONFIG} - echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG} - echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} - echo "CONFIG_TLSV11=y" >> ${CONFIG} - echo "CONFIG_TLSV12=y" >> ${CONFIG} - echo "CONFIG_EAP_PWD=y" >> ${CONFIG} - fi - - if use wps; then - # Enable Wi-Fi Protected Setup - echo "CONFIG_WPS=y" >> ${CONFIG} - echo "CONFIG_WPS2=y" >> ${CONFIG} - echo "CONFIG_WPS_UPNP=y" >> ${CONFIG} - echo "CONFIG_WPS_NFC=y" >> ${CONFIG} - einfo "Enabling Wi-Fi Protected Setup support" - fi - - echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG} - echo "CONFIG_EAP_TNC=y" >> ${CONFIG} - echo "CONFIG_EAP_GTC=y" >> ${CONFIG} - echo "CONFIG_EAP_SIM=y" >> ${CONFIG} - echo "CONFIG_EAP_AKA=y" >> ${CONFIG} - echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG} - echo "CONFIG_EAP_EKE=y" >> ${CONFIG} - echo "CONFIG_EAP_PAX=y" >> ${CONFIG} - echo "CONFIG_EAP_PSK=y" >> ${CONFIG} - echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} - echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} - echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} - - einfo "Enabling drivers: " - - # drivers - echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG} - einfo " HostAP driver enabled" - echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG} - einfo " Wired driver enabled" - echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG} - einfo " None driver enabled" - - einfo " nl80211 driver enabled" - echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG} - - # epoll - echo "CONFIG_ELOOP_EPOLL=y" >> ${CONFIG} - - # misc - echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG} - echo "CONFIG_PKCS12=y" >> ${CONFIG} - echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG} - echo "CONFIG_IAPP=y" >> ${CONFIG} - echo "CONFIG_IEEE80211R=y" >> ${CONFIG} - echo "CONFIG_IEEE80211W=y" >> ${CONFIG} - echo "CONFIG_IEEE80211N=y" >> ${CONFIG} - echo "CONFIG_IEEE80211AC=y" >> ${CONFIG} - echo "CONFIG_PEERKEY=y" >> ${CONFIG} - echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG} - echo "CONFIG_INTERWORKING=y" >> ${CONFIG} - echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG} - echo "CONFIG_HS20=y" >> ${CONFIG} - echo "CONFIG_WNM=y" >> ${CONFIG} - echo "CONFIG_FST=y" >> ${CONFIG} - echo "CONFIG_FST_TEST=y" >> ${CONFIG} - echo "CONFIG_ACS=y" >> ${CONFIG} - - if use netlink; then - # Netlink support - echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG} - fi - - if use ipv6; then - # IPv6 support - echo "CONFIG_IPV6=y" >> ${CONFIG} - fi - - if use sqlite; then - # Sqlite support - echo "CONFIG_SQLITE=y" >> ${CONFIG} - fi - - # If we are using libnl 2.0 and above, enable support for it - # Removed for now, since the 3.2 version is broken, and we don't - # support it. - if has_version ">=dev-libs/libnl-3.2"; then - echo "CONFIG_LIBNL32=y" >> .config - fi - - # TODO: Add support for BSD drivers - - default_src_configure -} - -src_compile() { - emake V=1 - - if use libressl || ! use internal-tls; then - emake V=1 nt_password_hash - emake V=1 hlr_auc_gw - fi -} - -src_install() { - insinto /etc/${PN} - doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk} - - fperms -R 600 /etc/${PN} - - dosbin ${PN} - dobin ${PN}_cli - - if use libressl || ! use internal-tls; then - dobin nt_password_hash hlr_auc_gw - fi - - newinitd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-init.d ${PN} - newconfd "${WORKDIR}/${EXTRAS_NAME}"/${PN}-conf.d ${PN} - systemd_dounit "${WORKDIR}/${EXTRAS_NAME}"/${PN}.service - - doman ${PN}{.8,_cli.1} - - dodoc ChangeLog README - use wps && dodoc README-WPS - - docinto examples - dodoc wired.conf - - if use logwatch; then - insinto /etc/log.d/conf/services/ - doins logwatch/${PN}.conf - - exeinto /etc/log.d/scripts/services/ - doexe logwatch/${PN} - fi - - save_config .config -} - -pkg_postinst() { - einfo - einfo "If you are running openRC you need to follow this instructions:" - einfo "In order to use ${PN} you need to set up your wireless card" - einfo "for master mode in /etc/conf.d/net and then start" - einfo "/etc/init.d/${PN}." - einfo - einfo "Example configuration:" - einfo - einfo "config_wlan0=( \"192.168.1.1/24\" )" - einfo "channel_wlan0=\"6\"" - einfo "essid_wlan0=\"test\"" - einfo "mode_wlan0=\"master\"" - einfo - #if [ -e "${KV_DIR}"/net/mac80211 ]; then - # einfo "This package now compiles against the headers installed by" - # einfo "the kernel source for the mac80211 driver. You should " - # einfo "re-emerge ${PN} after upgrading your kernel source." - #fi - - if use wps; then - einfo "You have enabled Wi-Fi Protected Setup support, please" - einfo "read the README-WPS file in /usr/share/doc/${P}" - einfo "for info on how to use WPS" - fi -} diff --git a/net-wireless/hostapd/hostapd-9999.ebuild b/net-wireless/hostapd/hostapd-9999.ebuild index 590d42c623a1..645a653d5623 100644 --- a/net-wireless/hostapd/hostapd-9999.ebuild +++ b/net-wireless/hostapd/hostapd-9999.ebuild @@ -7,7 +7,7 @@ inherit toolchain-funcs systemd savedconfig DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon" HOMEPAGE="http://w1.fi" -EXTRAS_VER="2.6-r5" +EXTRAS_VER="2.7-r2" EXTRAS_NAME="${CATEGORY}_${PN}_${EXTRAS_VER}_extras" SRC_URI="https://dev.gentoo.org/~andrey_utkin/distfiles/${EXTRAS_NAME}.tar.xz" |