From 3cf7c3ef441822c889356fd1812ebf2944a59851 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Tue, 25 Aug 2020 10:45:55 +0100
Subject: gentoo resync : 25.08.2020

---
 net-wireless/iwd/Manifest                          |   8 +-
 .../iwd-1.8-eapol-prevent-key-reinstallation.patch |  73 ++++++++++
 net-wireless/iwd/iwd-1.7-r1.ebuild                 |   2 +-
 net-wireless/iwd/iwd-1.7.ebuild                    |   2 +-
 net-wireless/iwd/iwd-1.8-r1.ebuild                 | 156 +++++++++++++++++++++
 net-wireless/iwd/iwd-1.8.ebuild                    |   2 +-
 6 files changed, 237 insertions(+), 6 deletions(-)
 create mode 100644 net-wireless/iwd/files/iwd-1.8-eapol-prevent-key-reinstallation.patch
 create mode 100644 net-wireless/iwd/iwd-1.8-r1.ebuild

(limited to 'net-wireless/iwd')

diff --git a/net-wireless/iwd/Manifest b/net-wireless/iwd/Manifest
index 1aad258eaa6a..c73d2e04f5d3 100644
--- a/net-wireless/iwd/Manifest
+++ b/net-wireless/iwd/Manifest
@@ -1,4 +1,5 @@
 AUX ead.initd 243 BLAKE2B dcd843a764c28064eb6bb6c0be6c64482df0ab0fa01e14831f0060719bfe0038ca75d9b0e79d78a234627a15c53da16151094c6cc6d48a049ae6ac3c9b1714a2 SHA512 1b39b25736a11870f5e740b5702b6f18b1714cc06df7e3462cd74d116cfaa82175801f336141f3fdf86be33aa97fcebf32d9c080d80419bbc548ad540ab7bd7d
+AUX iwd-1.8-eapol-prevent-key-reinstallation.patch 2575 BLAKE2B 1e9683e551178ff54f31f9c8e861afb4b1cbe6d2f11188043d2bc6075fb21fe2637db4b13a4b93c900b9450034d28088e525e42ff0cfea08341fb056c7c74fc2 SHA512 e39965ae121e42ff17c1cc05539af1d9005748d05c0fe2ff4ef7884c3b224973a30875961476ecaad7f6f7567e79dd33bc854be05a71b37c4c05a19e2b60fced
 AUX iwd.initd 246 BLAKE2B 02a422e96de99256e55f2ed86cfd9ed43bf93130021c523d0e4600ab1b7e34212a56def5ab2819c79e2d60cd63e70de4d7c31ae349326b9a15c35a025da4df29 SHA512 699f51082cb44d5ce52ea9dbb9adc4b0eeff945461c66ec4bfcb9d8f26fcc13aee3e7fe69b406d0a7e1ca89af24e655e830c7a61e028a1c0fff1ef8a2b3e153a
 AUX iwd.initd-r1 290 BLAKE2B ea7a6a51ab0fe4f83a748e61e245cf2d7abac898431bf84d9f30c56a7706828dd8e1544ecd61931f52fd5f52791abb0cfe07c685c297f560fe257b8769bfd6e6 SHA512 be44fb430252cf51e192b7b09a05302e1b9edfc4ebb7c5a357d912d727f25afc165b02752f9c51a9056e86471a12f3d2cfa384560b417d5303a93b5c4dff0a28
 DIST iwd-1.5.tar.xz 834688 BLAKE2B b3d585963c93954e4038dd85e5d57b60d8baaa7028edb79b54d8650a400a149666140f6ba438ccccb5be2d67fc7b842f6272b5efc61d75a7d4dae333410625bb SHA512 55017941f2e100d644864d2ed0528c67a486da6ba2bf7782e9df019727ce0af53cdff37c53f6625e536aa756387dd4e0d20a169710da8c3ce00f615040c9da32
@@ -7,8 +8,9 @@ DIST iwd-1.7.tar.xz 846040 BLAKE2B a765513da5482ab5856d1d47c3b302dc65efe3b10f444
 DIST iwd-1.8.tar.xz 865668 BLAKE2B ba1be5c1658df950fe28deca6b8c3c9482eda260fbd05f721cb34cadcb2852768086e65e7c74940bc6ddd345d1438624b59bdfe4b6a5323dd122a0cd397008d7 SHA512 f1caa330b3ff18b4598efec596a4b9a22887833218a90d19d59717503679eff71fdb990cb63bd74b8f1523197a366cd803d799259e8002e5cde2745b03d51d8e
 EBUILD iwd-1.5.ebuild 4213 BLAKE2B afe140abb9952750957c147736baa5b23d085e6899a03a814719fcddce419ddda4d76138e79641346c0d71ed2b70c4b4fb3b07cfe768a3beadff435171d28d88 SHA512 b580d7c67914ad4b0a1e99977358d7ccaacc854984c4c066f2bfb23bb54a8b011ff9ea500a5748d78b0ccd5ef658d55051c6a899cb6b0f172badf712e031bc96
 EBUILD iwd-1.6.ebuild 4230 BLAKE2B 209a21ab5524456d539af9164a986a25f367c0b2e380fc98cd88017ebac0f34369832259919afea695b34a9b39e04b637ea3584e78cb60f3b71c9e7dc5a9c073 SHA512 a1a99b605f0393828cea5077b6d4f2babb637e2028b2f41c7e809bb2ed86ec2c4a8e3c9c29e2dff39d9e72af3a258d9e24c723df41a0932b0d50ce0a8be207bc
-EBUILD iwd-1.7-r1.ebuild 4228 BLAKE2B e6f7a3806372aa1040cbded753f9d25d3d27fef9bbba1c55113c9b144b7f49a391b6c1d7cf40fb1d4025e81813d28aa0d522ed95653a8c7a496997d6c7456688 SHA512 a7787ff0dc7b3539dd80e776e9a80dd32d4e50e3f356575fb172ff76d3e5ff4412905e380a5929c439fc82cf2edfcda4bf6807e3883d92b68fd5d1e02145a2ac
-EBUILD iwd-1.7.ebuild 4226 BLAKE2B 7ae02e004aa75abf06901006b5676dfe6c1117dc3a77493d6942fb279d8e40e8422bf78e47f0e6bbc8b4ca3259eaabe4b6215d62efeb6b024aa5b820bb8f3c44 SHA512 307f17869f6aa7e500db35cd419cf731a3b425d587b307400840bdac0ae22157e9fe8b0fe200fbb6268609e7cc83106130d660fe563f3680c6ddd9bd7e0073cb
-EBUILD iwd-1.8.ebuild 4228 BLAKE2B d82fa656efaa55fd25cbdb58298686382fadb9d66d29da47068f6815843a9439176b5707a1c3793dce67df0b423050068e3b28a88c55eeac2abc398139625660 SHA512 cc12dc2ae6d9d1cad6bead917b37a125a432c18870d0428ed02f97c4839bc51be1c69ed3b2dffe962b77ce3d858ff62e371a17f87b2845efdd4381a55d754fe0
+EBUILD iwd-1.7-r1.ebuild 4222 BLAKE2B 494bb710cdc7b76bb702da467ce2bce7151cc27d239580b08bbd903b04c49375a10559353a69a2cb3b32abccef283d5cd5ef2882bd9d3840ac5f3dae81a7b4a5 SHA512 5c25dc76bbd4e014ecaf63b0b8cc400add7cc8c3cf9294df71ff1d60c1e5b7cff89eec6d7309a40008f2ae448a774a26c727b94aa97cf70316504cc642212f03
+EBUILD iwd-1.7.ebuild 4224 BLAKE2B 3690d838adf8a9f8bc9d3b11cd454cf2bf78196b40c50f7a029e2c8108cccce19ead0dd54f58d44207c647e1b9692633cdc5e281e592d16ef202102e9fca93f4 SHA512 4c30c9d78001a9ed7da673ad1704a0d967bfce1a6f011f434626739cab8b33a0564b1e42ddcc30a862364ac20828a8758b2da8cca89af100e2f1a5f9dc773075
+EBUILD iwd-1.8-r1.ebuild 4298 BLAKE2B 26cfb0821ef1086439e102e3aa88b36667e46192b16a7a2d9e7775426c41f6ef1b04a8848e3309fb55301da8a352dd0b2fcd42fa3f5d56da5e39f84217e14707 SHA512 f9b39f923767ff28291e4e1c0dbc24305e603f4ede7ddab5cd6329be04dedd4bbf92c39b3aafbf58d7706660f35a9490dd91ee0fd864e914a3dce65e014fa9d7
+EBUILD iwd-1.8.ebuild 4226 BLAKE2B 6dae3dc8f42e562c84213f9edab1059c15d3bc0ee861f1ff8b20fa85deaac58b2c5b3ef45d7dfdb46a7b0ab0b2fecdffe3f1e0ce73317862c7e0d3103dcdc672 SHA512 fb9bfb2166f8e01bc862adca01d7d09a7423c8e58770204609c9f12e94ed0e932d35922bb55946dfaf3be1740201c2da7e87476bd30796465b2d0e347b4b95af
 EBUILD iwd-9999.ebuild 4224 BLAKE2B 4fbeee6dd24638918ab7a9edf38658b62ef1d379b6a23b35e1079d9b23a8d3a38077125e38cb49c68d98e937cff92a6640b609029ec2b5457f8e8801cabb7063 SHA512 67d8d45988e608a9674c380a7645a365580bc0a5fd4d5bc95ee3a3e78833f4bfbe5b9d836f45e1fec77f20379c13ee26ebc708e0f8131dcac1e27da7b1dff938
 MISC metadata.xml 623 BLAKE2B 59adc818adaf90dcb719531a1fde1507d2fb5f3ef33ad7f45ce39876e0e008cd2dc931da58c6d4092c1c57ebc8bfed704a0a7acf92548620c009202e274e76d7 SHA512 3253bfe989a6393d984fb25db1eb1576c670dde4af9aa1b6a4e34673a493b4869f70d1cb1bb502e2d28be8cf15dc595e5e594b7c988752aa9405b0b680a3273b
diff --git a/net-wireless/iwd/files/iwd-1.8-eapol-prevent-key-reinstallation.patch b/net-wireless/iwd/files/iwd-1.8-eapol-prevent-key-reinstallation.patch
new file mode 100644
index 000000000000..dceb808297e3
--- /dev/null
+++ b/net-wireless/iwd/files/iwd-1.8-eapol-prevent-key-reinstallation.patch
@@ -0,0 +1,73 @@
+From f22ba5aebb569ca54521afd2babdc1f67e3904ea Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
+Date: Wed, 12 Aug 2020 15:17:21 +0400
+Subject: eapol: prevent key reinstallation on retransmitted Msg4/4
+
+Currently an adversary can retransmit EAPOL Msg4/4 to make the AP
+reinstall the PTK. Against older Linux kernels this can subsequently
+be used to decrypt, replay, and possibly decrypt frames. See the
+KRACK attacks research at krackattacks.com for attack scenarios.
+In this case no machine-in-the-middle position is needed to trigger
+the key reinstallation.
+
+Fix this by using the ptk_complete boolean to track when the 4-way
+handshake has completed (similar to its usage for clients). When
+receiving a retransmitted Msg4/4 accept this frame but do not reinstall
+the PTK.
+
+Credits to Chris M. Stone, Sam Thomas, and Tom Chothia of Birmingham
+University to help discover this issue.
+---
+ src/eapol.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/src/eapol.c b/src/eapol.c
+index b0036c10..e3581cfe 100644
+--- a/src/eapol.c
++++ b/src/eapol.c
+@@ -1462,7 +1462,6 @@ static void eapol_handle_ptk_2_of_4(struct eapol_sm *sm,
+ 	memcpy(sm->handshake->snonce, ek->key_nonce,
+ 			sizeof(sm->handshake->snonce));
+ 	sm->handshake->have_snonce = true;
+-	sm->handshake->ptk_complete = true;
+ 
+ 	sm->frame_retry = 0;
+ 
+@@ -1782,7 +1781,15 @@ static void eapol_handle_ptk_4_of_4(struct eapol_sm *sm,
+ 	l_timeout_remove(sm->timeout);
+ 	sm->timeout = NULL;
+ 
+-	handshake_state_install_ptk(sm->handshake);
++	/*
++	 * If ptk_complete is set, then we are receiving Message 4 again.
++	 * This might be a retransmission, so accept but don't install
++	 * the keys again.
++	 */
++	if (!sm->handshake->ptk_complete)
++		handshake_state_install_ptk(sm->handshake);
++
++	sm->handshake->ptk_complete = true;
+ }
+ 
+ static void eapol_handle_gtk_1_of_2(struct eapol_sm *sm,
+@@ -2185,6 +2192,7 @@ static void eapol_auth_key_handle(struct eapol_sm *sm,
+ 	size_t frame_len = 4 + L_BE16_TO_CPU(frame->header.packet_len);
+ 	const struct eapol_key *ek = eapol_key_validate((const void *) frame,
+ 							frame_len, sm->mic_len);
++	uint16_t key_data_len;
+ 
+ 	if (!ek)
+ 		return;
+@@ -2199,7 +2207,8 @@ static void eapol_auth_key_handle(struct eapol_sm *sm,
+ 	if (!sm->handshake->have_anonce)
+ 		return; /* Not expecting an EAPoL-Key yet */
+ 
+-	if (!sm->handshake->ptk_complete)
++	key_data_len = EAPOL_KEY_DATA_LEN(ek, sm->mic_len);
++	if (key_data_len != 0)
+ 		eapol_handle_ptk_2_of_4(sm, ek);
+ 	else
+ 		eapol_handle_ptk_4_of_4(sm, ek);
+-- 
+cgit 1.2.3-1.el7
+
diff --git a/net-wireless/iwd/iwd-1.7-r1.ebuild b/net-wireless/iwd/iwd-1.7-r1.ebuild
index 112a2973ad68..84c262950729 100644
--- a/net-wireless/iwd/iwd-1.7-r1.ebuild
+++ b/net-wireless/iwd/iwd-1.7-r1.ebuild
@@ -13,7 +13,7 @@ if [[ ${PV} == *9999* ]]; then
 	ELL_EGIT_REPO_URI="https://git.kernel.org/pub/scm/libs/ell/ell.git"
 else
 	SRC_URI="https://www.kernel.org/pub/linux/network/wireless/${P}.tar.xz"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+	KEYWORDS="~alpha amd64 arm arm64 ~ia64 ppc ppc64 ~sparc x86"
 fi
 
 DESCRIPTION="Wireless daemon for linux"
diff --git a/net-wireless/iwd/iwd-1.7.ebuild b/net-wireless/iwd/iwd-1.7.ebuild
index 0855a63e0201..f2b626e25c2e 100644
--- a/net-wireless/iwd/iwd-1.7.ebuild
+++ b/net-wireless/iwd/iwd-1.7.ebuild
@@ -13,7 +13,7 @@ if [[ ${PV} == *9999* ]]; then
 	ELL_EGIT_REPO_URI="https://git.kernel.org/pub/scm/libs/ell/ell.git"
 else
 	SRC_URI="https://www.kernel.org/pub/linux/network/wireless/${P}.tar.xz"
-	KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~ppc ~ppc64 ~sparc x86"
+	KEYWORDS="~alpha amd64 arm arm64 ~ia64 ppc ppc64 ~sparc x86"
 fi
 
 DESCRIPTION="Wireless daemon for linux"
diff --git a/net-wireless/iwd/iwd-1.8-r1.ebuild b/net-wireless/iwd/iwd-1.8-r1.ebuild
new file mode 100644
index 000000000000..61bd996e8df6
--- /dev/null
+++ b/net-wireless/iwd/iwd-1.8-r1.ebuild
@@ -0,0 +1,156 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit flag-o-matic linux-info systemd
+
+#Set this variable to the required external ell version
+ELL_REQ="0.32"
+
+if [[ ${PV} == *9999* ]]; then
+	inherit autotools git-r3
+	IWD_EGIT_REPO_URI="https://git.kernel.org/pub/scm/network/wireless/iwd.git"
+	ELL_EGIT_REPO_URI="https://git.kernel.org/pub/scm/libs/ell/ell.git"
+else
+	SRC_URI="https://www.kernel.org/pub/linux/network/wireless/${P}.tar.xz"
+	KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~ppc ~ppc64 ~sparc x86"
+fi
+
+DESCRIPTION="Wireless daemon for linux"
+HOMEPAGE="https://git.kernel.org/pub/scm/network/wireless/iwd.git/"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="+client +crda +monitor ofono wired cpu_flags_x86_aes cpu_flags_x86_ssse3"
+
+COMMON_DEPEND="sys-apps/dbus
+	client? ( sys-libs/readline:0= )"
+
+[[ -z "${ELL_REQ}" ]] || COMMON_DEPEND+=" >=dev-libs/ell-${ELL_REQ}"
+
+RDEPEND="${COMMON_DEPEND}
+	net-wireless/wireless-regdb
+	crda? ( net-wireless/crda )"
+
+DEPEND="${COMMON_DEPEND}
+	virtual/pkgconfig"
+
+[[ ${PV} == *9999* ]] && DEPEND+=" dev-python/docutils"
+
+PATCHES=( "${FILESDIR}"/iwd-1.8-eapol-prevent-key-reinstallation.patch )
+
+pkg_setup() {
+	CONFIG_CHECK="
+		~ASYMMETRIC_KEY_TYPE
+		~ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+		~CFG80211
+		~CRYPTO_AES
+		~CRYPTO_ARC4
+		~CRYPTO_CBC
+		~CRYPTO_CMAC
+		~CRYPTO_DES
+		~CRYPTO_ECB
+		~CRYPTO_HMAC
+		~CRYPTO_MD4
+		~CRYPTO_MD5
+		~CRYPTO_RSA
+		~CRYPTO_SHA1
+		~CRYPTO_SHA256
+		~CRYPTO_SHA512
+		~CRYPTO_USER_API_HASH
+		~CRYPTO_USER_API_SKCIPHER
+		~KEY_DH_OPERATIONS
+		~PKCS7_MESSAGE_PARSER
+		~RFKILL
+		~X509_CERTIFICATE_PARSER
+	"
+	if use crda;then
+		CONFIG_CHECK="${CONFIG_CHECK} ~CFG80211_CRDA_SUPPORT"
+		WARNING_CFG80211_CRDA_SUPPORT="REGULATORY DOMAIN PROBLEM: please enable CFG80211_CRDA_SUPPORT for proper regulatory domain support"
+	fi
+
+	if use amd64;then
+		CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_DES3_EDE_X86_64"
+		WARNING_CRYPTO_DES3_EDE_X86_64="CRYPTO_DES3_EDE_X86_64: enable for increased performance"
+	fi
+
+	if use cpu_flags_x86_aes;then
+		CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_AES_NI_INTEL"
+		WARNING_CRYPTO_AES_NI_INTEL="CRYPTO_AES_NI_INTEL: enable for increased performance"
+	fi
+
+	if use cpu_flags_x86_ssse3 && use amd64; then
+		CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_SHA1_SSSE3 ~CRYPTO_SHA256_SSSE3 ~CRYPTO_SHA512_SSSE3"
+		WARNING_CRYPTO_SHA1_SSSE3="CRYPTO_SHA1_SSSE3: enable for increased performance"
+		WARNING_CRYPTO_SHA256_SSSE3="CRYPTO_SHA256_SSSE3: enable for increased performance"
+		WARNING_CRYPTO_SHA512_SSSE3="CRYPTO_SHA512_SSSE3: enable for increased performance"
+	fi
+
+	if use kernel_linux && kernel_is -ge 4 20; then
+		CONFIG_CHECK="${CONFIG_CHECK} ~PKCS8_PRIVATE_KEY_PARSER"
+	fi
+
+	check_extra_config
+
+	if ! use crda; then
+		if linux_config_exists && linux_chkconfig_builtin CFG80211 &&
+			[[ $(linux_chkconfig_string EXTRA_FIRMWARE) != *regulatory.db* ]]
+		then
+			ewarn ""
+			ewarn "REGULATORY DOMAIN PROBLEM:"
+			ewarn "With CONFIG_CFG80211=y (built-in), the driver won't be able to load regulatory.db from"
+			ewarn " /lib/firmware, resulting in broken regulatory domain support.  Please set CONFIG_CFG80211=m"
+			ewarn " or add regulatory.db and regulatory.db.p7s to CONFIG_EXTRA_FIRMWARE."
+			ewarn ""
+		fi
+	fi
+}
+
+src_unpack() {
+	if [[ ${PV} == *9999* ]] ; then
+		EGIT_REPO_URI=${IWD_EGIT_REPO_URI} git-r3_src_unpack
+		EGIT_REPO_URI=${ELL_EGIT_REPO_URI} EGIT_CHECKOUT_DIR=${WORKDIR}/ell git-r3_src_unpack
+	else
+		default
+	fi
+}
+
+src_prepare() {
+	default
+	if [[ ${PV} == *9999* ]] ; then
+		eautoreconf
+	fi
+}
+
+src_configure() {
+	append-cflags "-fsigned-char"
+	local myeconfargs=(
+		--sysconfdir="${EPREFIX}"/etc/iwd --localstatedir="${EPREFIX}"/var
+		$(use_enable client)
+		$(use_enable monitor)
+		$(use_enable ofono)
+		$(use_enable wired)
+		--enable-systemd-service
+		--with-systemd-unitdir="$(systemd_get_systemunitdir)"
+		--with-systemd-modloaddir="${EPREFIX}/usr/lib/modules-load.d"
+		--with-systemd-networkdir="$(systemd_get_utildir)/network"
+	)
+	[[ ${PV} == *9999* ]] || myeconfargs+=(--enable-external-ell)
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+	keepdir /var/lib/${PN}
+
+	newinitd "${FILESDIR}/iwd.initd-r1" iwd
+
+	if use wired;then
+		newinitd "${FILESDIR}/ead.initd" ead
+	fi
+
+	if [[ ${PV} == *9999* ]] ; then
+		exeinto /usr/share/iwd/scripts/
+		doexe test/*
+	fi
+}
diff --git a/net-wireless/iwd/iwd-1.8.ebuild b/net-wireless/iwd/iwd-1.8.ebuild
index 9d3581ffb566..3e066268c2b2 100644
--- a/net-wireless/iwd/iwd-1.8.ebuild
+++ b/net-wireless/iwd/iwd-1.8.ebuild
@@ -13,7 +13,7 @@ if [[ ${PV} == *9999* ]]; then
 	ELL_EGIT_REPO_URI="https://git.kernel.org/pub/scm/libs/ell/ell.git"
 else
 	SRC_URI="https://www.kernel.org/pub/linux/network/wireless/${P}.tar.xz"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+	KEYWORDS="~alpha ~amd64 arm arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
 fi
 
 DESCRIPTION="Wireless daemon for linux"
-- 
cgit v1.2.3