gurligebis 15/07/14 19:36:35 Modified: ChangeLog Added: hostapd-2.4-r3.ebuild Log: Adding security fixes wrt. bug #554862 (Portage version: 2.2.20/cvs/Linux x86_64, signed Manifest commit with key 15AE484C)
Revision Changes Path 1.161 net-wireless/hostapd/ChangeLog file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-wireless/hostapd/ChangeLog?rev=1.161&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-wireless/hostapd/ChangeLog?rev=1.161&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-wireless/hostapd/ChangeLog?r1=1.160&r2=1.161 Index: ChangeLog =================================================================== RCS file: /var/cvsroot/gentoo-x86/net-wireless/hostapd/ChangeLog,v retrieving revision 1.160 retrieving revision 1.161 diff -u -r1.160 -r1.161 --- ChangeLog 20 May 2015 11:07:18 -0000 1.160 +++ ChangeLog 14 Jul 2015 19:36:35 -0000 1.161 @@ -1,6 +1,14 @@ # ChangeLog for net-wireless/hostapd # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-wireless/hostapd/ChangeLog,v 1.160 2015/05/20 11:07:18 gurligebis Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-wireless/hostapd/ChangeLog,v 1.161 2015/07/14 19:36:35 gurligebis Exp $ + +*hostapd-2.4-r3 (14 Jul 2015) + + 14 Jul 2015; <gurlige...@gentoo.org> +hostapd-2.4-r3.ebuild, + +files/2015-5/0001-NFC-Avoid-misaligned-read-of-an-NDEF-field.patch, + +files/2015-5/0002-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch + : + Adding security fixes wrt. bug #554862 20 May 2015; <gurlige...@gentoo.org> -hostapd-2.0-r1.ebuild, -files/hostapd-2.0-tls_length_fix.patch, metadata.xml: 1.1 net-wireless/hostapd/hostapd-2.4-r3.ebuild file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-wireless/hostapd/hostapd-2.4-r3.ebuild?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-wireless/hostapd/hostapd-2.4-r3.ebuild?rev=1.1&content-type=text/plain Index: hostapd-2.4-r3.ebuild =================================================================== # Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/net-wireless/hostapd/hostapd-2.4-r3.ebuild,v 1.1 2015/07/14 19:36:35 gurligebis Exp $ EAPI="4" inherit toolchain-funcs eutils systemd DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon" HOMEPAGE="http://hostap.epitest.fi"; SRC_URI="http://hostap.epitest.fi/releases/${P}.tar.gz"; LICENSE="|| ( GPL-2 BSD )" SLOT="0" KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" IUSE="ipv6 logwatch netlink sqlite +ssl +wps +crda" DEPEND="ssl? ( dev-libs/openssl[-bindist] ) kernel_linux? ( dev-libs/libnl:3 crda? ( net-wireless/crda ) ) netlink? ( net-libs/libnfnetlink ) sqlite? ( >=dev-db/sqlite-3 )" RDEPEND="${DEPEND}" S="${S}/${PN}" src_prepare() { cd .. # bug (548744) epatch "${FILESDIR}/2015-2/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch" epatch "${FILESDIR}/2015-3/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch" epatch "${FILESDIR}/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch" epatch "${FILESDIR}/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch" epatch "${FILESDIR}/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch" epatch "${FILESDIR}/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch" epatch "${FILESDIR}/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch" # bug (554862) epatch "${FILESDIR}/2015-5/0001-NFC-Avoid-misaligned-read-of-an-NDEF-field.patch" epatch "${FILESDIR}/2015-5/0002-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch" cd "${PN}" epatch "${FILESDIR}/${PN}-hlr_auc_gw-openssl.patch" sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ "${S}/hostapd.conf" || die } src_configure() { local CONFIG="${S}/.config" # toolchain setup echo "CC = $(tc-getCC)" > ${CONFIG} # EAP authentication methods echo "CONFIG_EAP=y" >> ${CONFIG} echo "CONFIG_ERP=y" >> ${CONFIG} echo "CONFIG_EAP_MD5=y" >> ${CONFIG} if use ssl; then # SSL authentication methods echo "CONFIG_EAP_FAST=y" >> ${CONFIG} echo "CONFIG_EAP_TLS=y" >> ${CONFIG} echo "CONFIG_EAP_TTLS=y" >> ${CONFIG} echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG} echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} echo "CONFIG_TLSV11=y" >> ${CONFIG} echo "CONFIG_TLSV12=y" >> ${CONFIG} fi if use wps; then # Enable Wi-Fi Protected Setup echo "CONFIG_WPS=y" >> ${CONFIG} echo "CONFIG_WPS2=y" >> ${CONFIG} echo "CONFIG_WPS_UPNP=y" >> ${CONFIG} echo "CONFIG_WPS_NFC=y" >> ${CONFIG} einfo "Enabling Wi-Fi Protected Setup support" fi echo "CONFIG_EAP_IKEV2=y" >> ${CONFIG} echo "CONFIG_EAP_TNC=y" >> ${CONFIG} echo "CONFIG_EAP_GTC=y" >> ${CONFIG} echo "CONFIG_EAP_SIM=y" >> ${CONFIG} echo "CONFIG_EAP_AKA=y" >> ${CONFIG} echo "CONFIG_EAP_AKA_PRIME=y" >> ${CONFIG} echo "CONFIG_EAP_EKE=y" >> ${CONFIG} echo "CONFIG_EAP_PAX=y" >> ${CONFIG} echo "CONFIG_EAP_PSK=y" >> ${CONFIG} echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} echo "CONFIG_EAP_PWD=y" >> ${CONFIG} einfo "Enabling drivers: " # drivers echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG} einfo " HostAP driver enabled" echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG} einfo " Wired driver enabled" echo "CONFIG_DRIVER_PRISM54=y" >> ${CONFIG} einfo " Prism54 driver enabled" echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG} einfo " None driver enabled" einfo " nl80211 driver enabled" echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG} # misc echo "CONFIG_DEBUG_FILE=y" >> ${CONFIG} echo "CONFIG_PKCS12=y" >> ${CONFIG} echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG} echo "CONFIG_IAPP=y" >> ${CONFIG} echo "CONFIG_IEEE80211R=y" >> ${CONFIG} echo "CONFIG_IEEE80211W=y" >> ${CONFIG} echo "CONFIG_IEEE80211N=y" >> ${CONFIG} echo "CONFIG_IEEE80211AC=y" >> ${CONFIG} echo "CONFIG_PEERKEY=y" >> ${CONFIG} echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG} echo "CONFIG_INTERWORKING=y" >> ${CONFIG} echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> ${CONFIG} echo "CONFIG_HS20=y" >> ${CONFIG} echo "CONFIG_WNM=y" >> ${CONFIG} echo "CONFIG_ACS=y" >> ${CONFIG} if use netlink; then # Netlink support echo "CONFIG_VLAN_NETLINK=y" >> ${CONFIG} fi if use ipv6; then # IPv6 support echo "CONFIG_IPV6=y" >> ${CONFIG} fi if use sqlite; then # Sqlite support echo "CONFIG_SQLITE=y" >> ${CONFIG} fi # If we are using libnl 2.0 and above, enable support for it # Removed for now, since the 3.2 version is broken, and we don't # support it. if has_version ">=dev-libs/libnl-3.2"; then echo "CONFIG_LIBNL32=y" >> .config fi # TODO: Add support for BSD drivers default_src_configure } src_compile() { emake V=1 if use ssl; then emake V=1 nt_password_hash emake V=1 hlr_auc_gw fi } src_install() { insinto /etc/${PN} doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk} fperms -R 600 /etc/${PN} dosbin ${PN} dobin ${PN}_cli use ssl && dobin nt_password_hash hlr_auc_gw newinitd "${FILESDIR}"/${PN}-init.d ${PN} newconfd "${FILESDIR}"/${PN}-conf.d ${PN} systemd_dounit "${FILESDIR}"/${PN}.service doman ${PN}{.8,_cli.1} dodoc ChangeLog README use wps && dodoc README-WPS docinto examples dodoc wired.conf if use logwatch; then insinto /etc/log.d/conf/services/ doins logwatch/${PN}.conf exeinto /etc/log.d/scripts/services/ doexe logwatch/${PN} fi } pkg_postinst() { einfo einfo "If you are running openRC you need to follow this instructions:" einfo "In order to use ${PN} you need to set up your wireless card" einfo "for master mode in /etc/conf.d/net and then start" einfo "/etc/init.d/${PN}." einfo einfo "Example configuration:" einfo einfo "config_wlan0=( \"192.168.1.1/24\" )" einfo "channel_wlan0=\"6\"" einfo "essid_wlan0=\"test\"" einfo "mode_wlan0=\"master\"" einfo #if [ -e "${KV_DIR}"/net/mac80211 ]; then # einfo "This package now compiles against the headers installed by" # einfo "the kernel source for the mac80211 driver. You should " # einfo "re-emerge ${PN} after upgrading your kernel source." #fi if use wps; then einfo "You have enabled Wi-Fi Protected Setup support, please" einfo "read the README-WPS file in /usr/share/doc/${P}" einfo "for info on how to use WPS" fi }
