From f10e974fff5bcefc5a68b4e684774be2a3427538 Mon Sep 17 00:00:00 2001 From: Bjarke Istrup Pedersen Date: Fri, 8 May 2015 18:14:59 +0000 Subject: Removing old version and fixing bug #548744 (Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 15AE484C) --- net-wireless/hostapd/ChangeLog | 17 +- ...r-Fix-payload-length-validation-for-Commi.patch | 73 +++++++ ...ver-Fix-payload-length-validation-for-Com.patch | 66 +++++++ ...r-Fix-Total-Length-parsing-for-fragment-r.patch | 52 +++++ ...ver-Fix-Total-Length-parsing-for-fragment.patch | 50 +++++ ...eer-Fix-asymmetric-fragmentation-behavior.patch | 32 +++ net-wireless/hostapd/hostapd-2.4-r1.ebuild | 218 +++++++++++++++++++++ net-wireless/hostapd/hostapd-2.4.ebuild | 207 ------------------- 8 files changed, 507 insertions(+), 208 deletions(-) create mode 100644 net-wireless/hostapd/files/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch create mode 100644 net-wireless/hostapd/files/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch create mode 100644 net-wireless/hostapd/files/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch create mode 100644 net-wireless/hostapd/files/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch create mode 100644 net-wireless/hostapd/files/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch create mode 100644 net-wireless/hostapd/hostapd-2.4-r1.ebuild delete mode 100644 net-wireless/hostapd/hostapd-2.4.ebuild (limited to 'net-wireless/hostapd') diff --git a/net-wireless/hostapd/ChangeLog b/net-wireless/hostapd/ChangeLog index fc54ff766f40..34e9edf6d40f 100644 --- a/net-wireless/hostapd/ChangeLog +++ b/net-wireless/hostapd/ChangeLog @@ -1,6 +1,21 @@ # ChangeLog for net-wireless/hostapd # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-wireless/hostapd/ChangeLog,v 1.154 2015/03/21 13:19:27 gurligebis Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-wireless/hostapd/ChangeLog,v 1.155 2015/05/08 18:14:59 gurligebis Exp $ + +*hostapd-2.4-r1 (08 May 2015) + + 08 May 2015; -hostapd-2.4.ebuild, + +hostapd-2.4-r1.ebuild, + +files/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch + , + +files/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch + , + +files/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch + , + +files/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch + , + +files/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch: + Removing old version and fixing #548744 *hostapd-2.4 (21 Mar 2015) diff --git a/net-wireless/hostapd/files/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch b/net-wireless/hostapd/files/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch new file mode 100644 index 000000000000..91627fb7b7f6 --- /dev/null +++ b/net-wireless/hostapd/files/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch @@ -0,0 +1,73 @@ +From dd2f043c9c43d156494e33d7ce22db96e6ef42c7 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Fri, 1 May 2015 16:37:45 +0300 +Subject: [PATCH 1/5] EAP-pwd peer: Fix payload length validation for Commit + and Confirm + +The length of the received Commit and Confirm message payloads was not +checked before reading them. This could result in a buffer read +overflow when processing an invalid message. + +Fix this by verifying that the payload is of expected length before +processing it. In addition, enforce correct state transition sequence to +make sure there is no unexpected behavior if receiving a Commit/Confirm +message before the previous exchanges have been completed. + +Thanks to Kostya Kortchinsky of Google security team for discovering and +reporting this issue. + +Signed-off-by: Jouni Malinen +--- + src/eap_peer/eap_pwd.c | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) + +diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c +index f2b0926..a629437 100644 +--- a/src/eap_peer/eap_pwd.c ++++ b/src/eap_peer/eap_pwd.c +@@ -355,6 +355,23 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data, + BIGNUM *mask = NULL, *x = NULL, *y = NULL, *cofactor = NULL; + u16 offset; + u8 *ptr, *scalar = NULL, *element = NULL; ++ size_t prime_len, order_len; ++ ++ if (data->state != PWD_Commit_Req) { ++ ret->ignore = TRUE; ++ goto fin; ++ } ++ ++ prime_len = BN_num_bytes(data->grp->prime); ++ order_len = BN_num_bytes(data->grp->order); ++ ++ if (payload_len != 2 * prime_len + order_len) { ++ wpa_printf(MSG_INFO, ++ "EAP-pwd: Unexpected Commit payload length %u (expected %u)", ++ (unsigned int) payload_len, ++ (unsigned int) (2 * prime_len + order_len)); ++ goto fin; ++ } + + if (((data->private_value = BN_new()) == NULL) || + ((data->my_element = EC_POINT_new(data->grp->group)) == NULL) || +@@ -554,6 +571,18 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data, + u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr; + int offset; + ++ if (data->state != PWD_Confirm_Req) { ++ ret->ignore = TRUE; ++ goto fin; ++ } ++ ++ if (payload_len != SHA256_MAC_LEN) { ++ wpa_printf(MSG_INFO, ++ "EAP-pwd: Unexpected Confirm payload length %u (expected %u)", ++ (unsigned int) payload_len, SHA256_MAC_LEN); ++ goto fin; ++ } ++ + /* + * first build up the ciphersuite which is group | random_function | + * prf +-- +1.9.1 + diff --git a/net-wireless/hostapd/files/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch b/net-wireless/hostapd/files/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch new file mode 100644 index 000000000000..5dca20b2771b --- /dev/null +++ b/net-wireless/hostapd/files/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch @@ -0,0 +1,66 @@ +From e28a58be26184c2a23f80b410e0997ef1bd5d578 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Fri, 1 May 2015 16:40:44 +0300 +Subject: [PATCH 2/5] EAP-pwd server: Fix payload length validation for Commit + and Confirm + +The length of the received Commit and Confirm message payloads was not +checked before reading them. This could result in a buffer read +overflow when processing an invalid message. + +Fix this by verifying that the payload is of expected length before +processing it. In addition, enforce correct state transition sequence to +make sure there is no unexpected behavior if receiving a Commit/Confirm +message before the previous exchanges have been completed. + +Thanks to Kostya Kortchinsky of Google security team for discovering and +reporting this issue. + +Signed-off-by: Jouni Malinen +--- + src/eap_server/eap_server_pwd.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c +index 66bd5d2..3189105 100644 +--- a/src/eap_server/eap_server_pwd.c ++++ b/src/eap_server/eap_server_pwd.c +@@ -656,9 +656,21 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data, + BIGNUM *x = NULL, *y = NULL, *cofactor = NULL; + EC_POINT *K = NULL, *point = NULL; + int res = 0; ++ size_t prime_len, order_len; + + wpa_printf(MSG_DEBUG, "EAP-pwd: Received commit response"); + ++ prime_len = BN_num_bytes(data->grp->prime); ++ order_len = BN_num_bytes(data->grp->order); ++ ++ if (payload_len != 2 * prime_len + order_len) { ++ wpa_printf(MSG_INFO, ++ "EAP-pwd: Unexpected Commit payload length %u (expected %u)", ++ (unsigned int) payload_len, ++ (unsigned int) (2 * prime_len + order_len)); ++ goto fin; ++ } ++ + if (((data->peer_scalar = BN_new()) == NULL) || + ((data->k = BN_new()) == NULL) || + ((cofactor = BN_new()) == NULL) || +@@ -774,6 +786,13 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data, + u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr; + int offset; + ++ if (payload_len != SHA256_MAC_LEN) { ++ wpa_printf(MSG_INFO, ++ "EAP-pwd: Unexpected Confirm payload length %u (expected %u)", ++ (unsigned int) payload_len, SHA256_MAC_LEN); ++ goto fin; ++ } ++ + /* build up the ciphersuite: group | random_function | prf */ + grp = htons(data->group_num); + ptr = (u8 *) &cs; +-- +1.9.1 + diff --git a/net-wireless/hostapd/files/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch b/net-wireless/hostapd/files/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch new file mode 100644 index 000000000000..4d2f9d8aefeb --- /dev/null +++ b/net-wireless/hostapd/files/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch @@ -0,0 +1,52 @@ +From 477c74395acd0123340457ba6f15ab345d42016e Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Sat, 2 May 2015 19:23:04 +0300 +Subject: [PATCH 3/5] EAP-pwd peer: Fix Total-Length parsing for fragment + reassembly + +The remaining number of bytes in the message could be smaller than the +Total-Length field size, so the length needs to be explicitly checked +prior to reading the field and decrementing the len variable. This could +have resulted in the remaining length becoming negative and interpreted +as a huge positive integer. + +In addition, check that there is no already started fragment in progress +before allocating a new buffer for reassembling fragments. This avoid a +potential memory leak when processing invalid message. + +Signed-off-by: Jouni Malinen +--- + src/eap_peer/eap_pwd.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c +index a629437..1d2079b 100644 +--- a/src/eap_peer/eap_pwd.c ++++ b/src/eap_peer/eap_pwd.c +@@ -866,11 +866,23 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, + * if it's the first fragment there'll be a length field + */ + if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) { ++ if (len < 2) { ++ wpa_printf(MSG_DEBUG, ++ "EAP-pwd: Frame too short to contain Total-Length field"); ++ ret->ignore = TRUE; ++ return NULL; ++ } + tot_len = WPA_GET_BE16(pos); + wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments whose " + "total length = %d", tot_len); + if (tot_len > 15000) + return NULL; ++ if (data->inbuf) { ++ wpa_printf(MSG_DEBUG, ++ "EAP-pwd: Unexpected new fragment start when previous fragment is still in use"); ++ ret->ignore = TRUE; ++ return NULL; ++ } + data->inbuf = wpabuf_alloc(tot_len); + if (data->inbuf == NULL) { + wpa_printf(MSG_INFO, "Out of memory to buffer " +-- +1.9.1 + diff --git a/net-wireless/hostapd/files/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch b/net-wireless/hostapd/files/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch new file mode 100644 index 000000000000..7edef099eb59 --- /dev/null +++ b/net-wireless/hostapd/files/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch @@ -0,0 +1,50 @@ +From 3035cc2894e08319b905bd6561e8bddc8c2db9fa Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Sat, 2 May 2015 19:26:06 +0300 +Subject: [PATCH 4/5] EAP-pwd server: Fix Total-Length parsing for fragment + reassembly + +The remaining number of bytes in the message could be smaller than the +Total-Length field size, so the length needs to be explicitly checked +prior to reading the field and decrementing the len variable. This could +have resulted in the remaining length becoming negative and interpreted +as a huge positive integer. + +In addition, check that there is no already started fragment in progress +before allocating a new buffer for reassembling fragments. This avoid a +potential memory leak when processing invalid message. + +Signed-off-by: Jouni Malinen +--- + src/eap_server/eap_server_pwd.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c +index 3189105..2bfc3c2 100644 +--- a/src/eap_server/eap_server_pwd.c ++++ b/src/eap_server/eap_server_pwd.c +@@ -942,11 +942,21 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv, + * the first fragment has a total length + */ + if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) { ++ if (len < 2) { ++ wpa_printf(MSG_DEBUG, ++ "EAP-pwd: Frame too short to contain Total-Length field"); ++ return; ++ } + tot_len = WPA_GET_BE16(pos); + wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments, total " + "length = %d", tot_len); + if (tot_len > 15000) + return; ++ if (data->inbuf) { ++ wpa_printf(MSG_DEBUG, ++ "EAP-pwd: Unexpected new fragment start when previous fragment is still in use"); ++ return; ++ } + data->inbuf = wpabuf_alloc(tot_len); + if (data->inbuf == NULL) { + wpa_printf(MSG_INFO, "EAP-pwd: Out of memory to " +-- +1.9.1 + diff --git a/net-wireless/hostapd/files/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch b/net-wireless/hostapd/files/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch new file mode 100644 index 000000000000..a601323f14da --- /dev/null +++ b/net-wireless/hostapd/files/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch @@ -0,0 +1,32 @@ +From 28a069a545b06b99eb55ad53f63f2c99e65a98f6 Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Sat, 2 May 2015 19:26:28 +0300 +Subject: [PATCH 5/5] EAP-pwd peer: Fix asymmetric fragmentation behavior + +The L (Length) and M (More) flags needs to be cleared before deciding +whether the locally generated response requires fragmentation. This +fixes an issue where these flags from the server could have been invalid +for the following message. In some cases, this could have resulted in +triggering the wpabuf security check that would terminate the process +due to invalid buffer allocation. + +Signed-off-by: Jouni Malinen +--- + src/eap_peer/eap_pwd.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c +index 1d2079b..e58b13a 100644 +--- a/src/eap_peer/eap_pwd.c ++++ b/src/eap_peer/eap_pwd.c +@@ -968,6 +968,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, + /* + * we have output! Do we need to fragment it? + */ ++ lm_exch = EAP_PWD_GET_EXCHANGE(lm_exch); + len = wpabuf_len(data->outbuf); + if ((len + EAP_PWD_HDR_SIZE) > data->mtu) { + resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data->mtu, +-- +1.9.1 + diff --git a/net-wireless/hostapd/hostapd-2.4-r1.ebuild b/net-wireless/hostapd/hostapd-2.4-r1.ebuild new file mode 100644 index 000000000000..f8ff714f196f --- /dev/null +++ b/net-wireless/hostapd/hostapd-2.4-r1.ebuild @@ -0,0 +1,218 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-wireless/hostapd/hostapd-2.4-r1.ebuild,v 1.1 2015/05/08 18:14:59 gurligebis Exp $ + +EAPI="4" + +inherit toolchain-funcs eutils systemd + +DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon" +HOMEPAGE="http://hostap.epitest.fi" +SRC_URI="http://hostap.epitest.fi/releases/${P}.tar.gz" + +LICENSE="|| ( GPL-2 BSD )" +SLOT="0" +KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" +IUSE="ipv6 logwatch netlink sqlite +ssl +wps +crda" + +DEPEND="ssl? ( dev-libs/openssl[-bindist] ) + kernel_linux? ( + dev-libs/libnl:3 + crda? ( net-wireless/crda ) + ) + netlink? ( net-libs/libnfnetlink ) + sqlite? ( >=dev-db/sqlite-3 )" + +RDEPEND="${DEPEND}" + +S="${S}/${PN}" + +src_prepare() { + cd .. + + # bug (548744) + epatch "${FILESDIR}/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch" + epatch "${FILESDIR}/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch" + epatch "${FILESDIR}/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch" + epatch "${FILESDIR}/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch" + epatch "${FILESDIR}/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch" + + cd "${PN}" + + epatch "${FILESDIR}/${PN}-hlr_auc_gw-openssl.patch" + + sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ + "${S}/hostapd.conf" || die +} + +src_configure() { + local CONFIG="${S}/.config" + + # toolchain setup + echo "CC = $(tc-getCC)" > ${CONFIG} + + # EAP authentication methods + echo "CONFIG_EAP=y" >> ${CONFIG} + echo "CONFIG_ERP=y" >> ${CONFIG} + echo "CONFIG_EAP_MD5=y" >> ${CONFIG} + + if use ssl; then + # SSL authentication methods + echo "CONFIG_EAP_FAST=y" >> ${CONFIG} + echo "CONFIG_EAP_TLS=y" >> ${CONFIG} + echo "CONFIG_EAP_TTLS=y" >> ${CONFIG} + echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG} + echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} + echo "CONFIG_TLSV11=y" >> ${CONFIG} + echo "CONFIG_TLSV12=y" >> ${CONFIG} + fi + + if use wps; then + # Enable Wi-Fi Protected Setup + echo "CONFIG_WPS=y" >> ${CONFIG} + echo "CONFIG_WPS2=y" >> ${CONFIG} + echo "CONFIG_WPS_UPNP=y" >> ${CONFIG} + echo "CONFIG_WPS_NFC=y" >> ${CONFIG} + einfo "Enabling Wi-Fi Protected Setup support" + fi + + echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG} + echo "CONFIG_EAP_TNC=y" >> ${CONFIG} + echo "CONFIG_EAP_GTC=y" >> ${CONFIG} + echo "CONFIG_EAP_SIM=y" >> ${CONFIG} + echo "CONFIG_EAP_AKA=y" >> ${CONFIG} + echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG} + echo "CONFIG_EAP_EKE=y" >> ${CONFIG} + echo "CONFIG_EAP_PAX=y" >> ${CONFIG} + echo "CONFIG_EAP_PSK=y" >> ${CONFIG} + echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} + echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} + echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} + echo "CONFIG_EAP_PWD=y" >> ${CONFIG} + + einfo "Enabling drivers: " + + # drivers + echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG} + einfo " HostAP driver enabled" + echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG} + einfo " Wired driver enabled" + echo "CONFIG_DRIVER_PRISM54=y" >> ${CONFIG} + einfo " Prism54 driver enabled" + echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG} + einfo " None driver enabled" + + einfo " nl80211 driver enabled" + echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG} + + # misc + echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG} + echo "CONFIG_PKCS12=y" >> ${CONFIG} + echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG} + echo "CONFIG_IAPP=y" >> ${CONFIG} + echo "CONFIG_IEEE80211R=y" >> ${CONFIG} + echo "CONFIG_IEEE80211W=y" >> ${CONFIG} + echo "CONFIG_IEEE80211N=y" >> ${CONFIG} + echo "CONFIG_IEEE80211AC=y" >> ${CONFIG} + echo "CONFIG_PEERKEY=y" >> ${CONFIG} + echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG} + echo "CONFIG_INTERWORKING=y" >> ${CONFIG} + echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG} + echo "CONFIG_HS20=y" >> ${CONFIG} + echo "CONFIG_WNM=y" >> ${CONFIG} + echo "CONFIG_ACS=y" >> ${CONFIG} + + if use netlink; then + # Netlink support + echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG} + fi + + if use ipv6; then + # IPv6 support + echo "CONFIG_IPV6=y" >> ${CONFIG} + fi + + if use sqlite; then + # Sqlite support + echo "CONFIG_SQLITE=y" >> ${CONFIG} + fi + + # If we are using libnl 2.0 and above, enable support for it + # Removed for now, since the 3.2 version is broken, and we don't + # support it. + if has_version ">=dev-libs/libnl-3.2"; then + echo "CONFIG_LIBNL32=y" >> .config + fi + + # TODO: Add support for BSD drivers + + default_src_configure +} + +src_compile() { + emake V=1 + + if use ssl; then + emake V=1 nt_password_hash + emake V=1 hlr_auc_gw + fi +} + +src_install() { + insinto /etc/${PN} + doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk} + + fperms -R 600 /etc/${PN} + + dosbin ${PN} + dobin ${PN}_cli + + use ssl && dobin nt_password_hash hlr_auc_gw + + newinitd "${FILESDIR}"/${PN}-init.d ${PN} + newconfd "${FILESDIR}"/${PN}-conf.d ${PN} + systemd_dounit "${FILESDIR}"/${PN}.service + + doman ${PN}{.8,_cli.1} + + dodoc ChangeLog README + use wps && dodoc README-WPS + + docinto examples + dodoc wired.conf + + if use logwatch; then + insinto /etc/log.d/conf/services/ + doins logwatch/${PN}.conf + + exeinto /etc/log.d/scripts/services/ + doexe logwatch/${PN} + fi +} + +pkg_postinst() { + einfo + einfo "If you are running openRC you need to follow this instructions:" + einfo "In order to use ${PN} you need to set up your wireless card" + einfo "for master mode in /etc/conf.d/net and then start" + einfo "/etc/init.d/${PN}." + einfo + einfo "Example configuration:" + einfo + einfo "config_wlan0=( \"192.168.1.1/24\" )" + einfo "channel_wlan0=\"6\"" + einfo "essid_wlan0=\"test\"" + einfo "mode_wlan0=\"master\"" + einfo + #if [ -e "${KV_DIR}"/net/mac80211 ]; then + # einfo "This package now compiles against the headers installed by" + # einfo "the kernel source for the mac80211 driver. You should " + # einfo "re-emerge ${PN} after upgrading your kernel source." + #fi + + if use wps; then + einfo "You have enabled Wi-Fi Protected Setup support, please" + einfo "read the README-WPS file in /usr/share/doc/${P}" + einfo "for info on how to use WPS" + fi +} diff --git a/net-wireless/hostapd/hostapd-2.4.ebuild b/net-wireless/hostapd/hostapd-2.4.ebuild deleted file mode 100644 index f1ecb4ef15c9..000000000000 --- a/net-wireless/hostapd/hostapd-2.4.ebuild +++ /dev/null @@ -1,207 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-wireless/hostapd/hostapd-2.4.ebuild,v 1.1 2015/03/21 13:19:27 gurligebis Exp $ - -EAPI="4" - -inherit toolchain-funcs eutils systemd - -DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon" -HOMEPAGE="http://hostap.epitest.fi" -SRC_URI="http://hostap.epitest.fi/releases/${P}.tar.gz" - -LICENSE="|| ( GPL-2 BSD )" -SLOT="0" -KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" -IUSE="ipv6 logwatch netlink sqlite +ssl +wps +crda" - -DEPEND="ssl? ( dev-libs/openssl[-bindist] ) - kernel_linux? ( - dev-libs/libnl:3 - crda? ( net-wireless/crda ) - ) - netlink? ( net-libs/libnfnetlink ) - sqlite? ( >=dev-db/sqlite-3 )" - -RDEPEND="${DEPEND}" - -S="${S}/${PN}" - -src_prepare() { - epatch "${FILESDIR}/${PN}-hlr_auc_gw-openssl.patch" - - sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ - "${S}/hostapd.conf" || die -} - -src_configure() { - local CONFIG="${S}/.config" - - # toolchain setup - echo "CC = $(tc-getCC)" > ${CONFIG} - - # EAP authentication methods - echo "CONFIG_EAP=y" >> ${CONFIG} - echo "CONFIG_ERP=y" >> ${CONFIG} - echo "CONFIG_EAP_MD5=y" >> ${CONFIG} - - if use ssl; then - # SSL authentication methods - echo "CONFIG_EAP_FAST=y" >> ${CONFIG} - echo "CONFIG_EAP_TLS=y" >> ${CONFIG} - echo "CONFIG_EAP_TTLS=y" >> ${CONFIG} - echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG} - echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} - echo "CONFIG_TLSV11=y" >> ${CONFIG} - echo "CONFIG_TLSV12=y" >> ${CONFIG} - fi - - if use wps; then - # Enable Wi-Fi Protected Setup - echo "CONFIG_WPS=y" >> ${CONFIG} - echo "CONFIG_WPS2=y" >> ${CONFIG} - echo "CONFIG_WPS_UPNP=y" >> ${CONFIG} - echo "CONFIG_WPS_NFC=y" >> ${CONFIG} - einfo "Enabling Wi-Fi Protected Setup support" - fi - - echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG} - echo "CONFIG_EAP_TNC=y" >> ${CONFIG} - echo "CONFIG_EAP_GTC=y" >> ${CONFIG} - echo "CONFIG_EAP_SIM=y" >> ${CONFIG} - echo "CONFIG_EAP_AKA=y" >> ${CONFIG} - echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG} - echo "CONFIG_EAP_EKE=y" >> ${CONFIG} - echo "CONFIG_EAP_PAX=y" >> ${CONFIG} - echo "CONFIG_EAP_PSK=y" >> ${CONFIG} - echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} - echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} - echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} - echo "CONFIG_EAP_PWD=y" >> ${CONFIG} - - einfo "Enabling drivers: " - - # drivers - echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG} - einfo " HostAP driver enabled" - echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG} - einfo " Wired driver enabled" - echo "CONFIG_DRIVER_PRISM54=y" >> ${CONFIG} - einfo " Prism54 driver enabled" - echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG} - einfo " None driver enabled" - - einfo " nl80211 driver enabled" - echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG} - - # misc - echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG} - echo "CONFIG_PKCS12=y" >> ${CONFIG} - echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG} - echo "CONFIG_IAPP=y" >> ${CONFIG} - echo "CONFIG_IEEE80211R=y" >> ${CONFIG} - echo "CONFIG_IEEE80211W=y" >> ${CONFIG} - echo "CONFIG_IEEE80211N=y" >> ${CONFIG} - echo "CONFIG_IEEE80211AC=y" >> ${CONFIG} - echo "CONFIG_PEERKEY=y" >> ${CONFIG} - echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG} - echo "CONFIG_INTERWORKING=y" >> ${CONFIG} - echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG} - echo "CONFIG_HS20=y" >> ${CONFIG} - echo "CONFIG_WNM=y" >> ${CONFIG} - echo "CONFIG_ACS=y" >> ${CONFIG} - - if use netlink; then - # Netlink support - echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG} - fi - - if use ipv6; then - # IPv6 support - echo "CONFIG_IPV6=y" >> ${CONFIG} - fi - - if use sqlite; then - # Sqlite support - echo "CONFIG_SQLITE=y" >> ${CONFIG} - fi - - # If we are using libnl 2.0 and above, enable support for it - # Removed for now, since the 3.2 version is broken, and we don't - # support it. - if has_version ">=dev-libs/libnl-3.2"; then - echo "CONFIG_LIBNL32=y" >> .config - fi - - # TODO: Add support for BSD drivers - - default_src_configure -} - -src_compile() { - emake V=1 - - if use ssl; then - emake V=1 nt_password_hash - emake V=1 hlr_auc_gw - fi -} - -src_install() { - insinto /etc/${PN} - doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk} - - fperms -R 600 /etc/${PN} - - dosbin ${PN} - dobin ${PN}_cli - - use ssl && dobin nt_password_hash hlr_auc_gw - - newinitd "${FILESDIR}"/${PN}-init.d ${PN} - newconfd "${FILESDIR}"/${PN}-conf.d ${PN} - systemd_dounit "${FILESDIR}"/${PN}.service - - doman ${PN}{.8,_cli.1} - - dodoc ChangeLog README - use wps && dodoc README-WPS - - docinto examples - dodoc wired.conf - - if use logwatch; then - insinto /etc/log.d/conf/services/ - doins logwatch/${PN}.conf - - exeinto /etc/log.d/scripts/services/ - doexe logwatch/${PN} - fi -} - -pkg_postinst() { - einfo - einfo "If you are running openRC you need to follow this instructions:" - einfo "In order to use ${PN} you need to set up your wireless card" - einfo "for master mode in /etc/conf.d/net and then start" - einfo "/etc/init.d/${PN}." - einfo - einfo "Example configuration:" - einfo - einfo "config_wlan0=( \"192.168.1.1/24\" )" - einfo "channel_wlan0=\"6\"" - einfo "essid_wlan0=\"test\"" - einfo "mode_wlan0=\"master\"" - einfo - #if [ -e "${KV_DIR}"/net/mac80211 ]; then - # einfo "This package now compiles against the headers installed by" - # einfo "the kernel source for the mac80211 driver. You should " - # einfo "re-emerge ${PN} after upgrading your kernel source." - #fi - - if use wps; then - einfo "You have enabled Wi-Fi Protected Setup support, please" - einfo "read the README-WPS file in /usr/share/doc/${P}" - einfo "for info on how to use WPS" - fi -} -- cgit v1.2.3-65-gdbad