diff options
| author |   Bjarke Istrup Pedersen <gurligebis@gentoo.org> | 2012-10-10 13:14:08 +0000 |
|---|---|---|
| committer | Bjarke Istrup Pedersen <gurligebis@gentoo.org> | 2012-10-10 13:14:08 +0000 |
| commit | b54f69cb65a1c67a1b2a84523930ceea58143540 (patch) | |
| tree | bd2e36ece060013754194e7a4320f6730fa7e22c /net-wireless/hostapd | |
| parent | Drop old stable. build failure. #426682 (diff) | |
| download | gentoo-2-b54f69cb65a1c67a1b2a84523930ceea58143540.tar.gz gentoo-2-b54f69cb65a1c67a1b2a84523930ceea58143540.tar.bz2 gentoo-2-b54f69cb65a1c67a1b2a84523930ceea58143540.zip | |
Bumping to 1.0-r4, to include fix for bug #437830
(Portage version: 2.2.0_alpha135/cvs/Linux i686)
Diffstat (limited to 'net-wireless/hostapd')
| -rw-r--r-- | net-wireless/hostapd/ChangeLog | 8 | ||||
| -rw-r--r-- | net-wireless/hostapd/files/hostapd-1.0-tls_length_fix.patch | 48 | ||||
| -rw-r--r-- | net-wireless/hostapd/hostapd-1.0-r4.ebuild | 204 |
3 files changed, 259 insertions, 1 deletions
diff --git a/net-wireless/hostapd/ChangeLog b/net-wireless/hostapd/ChangeLog index 123232ccea48..162c3c120f9e 100644 --- a/net-wireless/hostapd/ChangeLog +++ b/net-wireless/hostapd/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-wireless/hostapd # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-wireless/hostapd/ChangeLog,v 1.128 2012/10/03 19:56:15 gurligebis Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-wireless/hostapd/ChangeLog,v 1.129 2012/10/10 13:14:08 gurligebis Exp $ + +*hostapd-1.0-r4 (10 Oct 2012) + + 10 Oct 2012; <gurligebis@gentoo.org> +hostapd-1.0-r4.ebuild, + +files/hostapd-1.0-tls_length_fix.patch: + Bumping to 1.0-r4, to include fix for bug #437830 *hostapd-1.0-r3 (03 Oct 2012) diff --git a/net-wireless/hostapd/files/hostapd-1.0-tls_length_fix.patch b/net-wireless/hostapd/files/hostapd-1.0-tls_length_fix.patch new file mode 100644 index 000000000000..bda92cf405fa --- /dev/null +++ b/net-wireless/hostapd/files/hostapd-1.0-tls_length_fix.patch @@ -0,0 +1,48 @@ +From 586c446e0ff42ae00315b014924ec669023bd8de Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sun, 7 Oct 2012 20:06:29 +0300 +Subject: [PATCH] EAP-TLS server: Fix TLS Message Length validation + +EAP-TLS/PEAP/TTLS/FAST server implementation did not validate TLS +Message Length value properly and could end up trying to store more +information into the message buffer than the allocated size if the first +fragment is longer than the indicated size. This could result in hostapd +process terminating in wpabuf length validation. Fix this by rejecting +messages that have invalid TLS Message Length value. + +This would affect cases that use the internal EAP authentication server +in hostapd either directly with IEEE 802.1X or when using hostapd as a +RADIUS authentication server and when receiving an incorrectly +constructed EAP-TLS message. Cases where hostapd uses an external +authentication are not affected. + +Thanks to Timo Warns for finding and reporting this issue. + +Signed-hostap: Jouni Malinen <j@w1.fi> +intended-for: hostap-1 +--- + src/eap_server/eap_server_tls_common.c | 8 ++++++++ + 1 files changed, 8 insertions(+), 0 deletions(-) + +diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c +index 31be2ec..46f282b 100644 +--- a/src/eap_server/eap_server_tls_common.c ++++ b/src/eap_server/eap_server_tls_common.c +@@ -228,6 +228,14 @@ static int eap_server_tls_process_fragment(struct eap_ssl_data *data, + return -1; + } + ++ if (len > message_length) { ++ wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in " ++ "first fragment of frame (TLS Message " ++ "Length %d bytes)", ++ (int) len, (int) message_length); ++ return -1; ++ } ++ + data->tls_in = wpabuf_alloc(message_length); + if (data->tls_in == NULL) { + wpa_printf(MSG_DEBUG, "SSL: No memory for message"); +-- +1.7.4-rc1 + diff --git a/net-wireless/hostapd/hostapd-1.0-r4.ebuild b/net-wireless/hostapd/hostapd-1.0-r4.ebuild new file mode 100644 index 000000000000..904d60f4e281 --- /dev/null +++ b/net-wireless/hostapd/hostapd-1.0-r4.ebuild @@ -0,0 +1,204 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-wireless/hostapd/hostapd-1.0-r4.ebuild,v 1.1 2012/10/10 13:14:08 gurligebis Exp $ + +EAPI="4" + +inherit toolchain-funcs eutils + +DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon" +HOMEPAGE="http://hostap.epitest.fi" +SRC_URI="http://hostap.epitest.fi/releases/${P}.tar.gz" + +LICENSE="|| ( GPL-2 BSD )" +SLOT="0" +KEYWORDS="~amd64 ~mips ~ppc ~x86" +IUSE="debug ipv6 logwatch madwifi +ssl +wps +crda" + +DEPEND="ssl? ( dev-libs/openssl ) + kernel_linux? ( + dev-libs/libnl:3 + crda? ( net-wireless/crda ) + ) + madwifi? ( || + ( >net-wireless/madwifi-ng-tools-0.9.3 + net-wireless/madwifi-old ) )" +RDEPEND="${DEPEND}" + +S="${S}/${PN}" + +src_prepare() { + cd .. + epatch "${FILESDIR}/${P}-libnl_path_fix.patch" + epatch "${FILESDIR}/${P}-tls_length_fix.patch" + + sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ + "${S}/hostapd.conf" || die +} + +src_configure() { + local CONFIG="${S}/.config" + + # toolchain setup + echo "CC = $(tc-getCC)" > ${CONFIG} + + # EAP authentication methods + echo "CONFIG_EAP=y" >> ${CONFIG} + echo "CONFIG_EAP_MD5=y" >> ${CONFIG} + + if use ssl; then + # SSL authentication methods + echo "CONFIG_EAP_TLS=y" >> ${CONFIG} + echo "CONFIG_EAP_TTLS=y" >> ${CONFIG} + echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG} + echo "CONFIG_EAP_PEAP=y" >> ${CONFIG} + fi + + if use wps; then + # Enable Wi-Fi Protected Setup + echo "CONFIG_WPS=y" >> ${CONFIG} + echo "CONFIG_WPS2=y" >> ${CONFIG} + echo "CONFIG_WPS_UPNP=y" >> ${CONFIG} + einfo "Enabling Wi-Fi Protected Setup support" + fi + + echo "CONFIG_EAP_GTC=y" >> ${CONFIG} + echo "CONFIG_EAP_SIM=y" >> ${CONFIG} + echo "CONFIG_EAP_AKA=y" >> ${CONFIG} + echo "CONFIG_EAP_PAX=y" >> ${CONFIG} + echo "CONFIG_EAP_PSK=y" >> ${CONFIG} + echo "CONFIG_EAP_SAKE=y" >> ${CONFIG} + echo "CONFIG_EAP_GPSK=y" >> ${CONFIG} + echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG} + + einfo "Enabling drivers: " + + # drivers + echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG} + einfo " HostAP driver enabled" + echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG} + einfo " Wired driver enabled" + echo "CONFIG_DRIVER_PRISM54=y" >> ${CONFIG} + einfo " Prism54 driver enabled" + echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG} + einfo " None driver enabled" + + if use madwifi; then + # Add include path for madwifi-driver headers + einfo " Madwifi driver enabled" + echo "CFLAGS += -I/usr/include/madwifi" >> ${CONFIG} + echo "CONFIG_DRIVER_MADWIFI=y" >> ${CONFIG} + else + einfo " Madwifi driver disabled" + fi + + einfo " nl80211 driver enabled" + echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG} + echo "LIBS += -L/usr/lib" >> ${CONFIG} + + # misc + echo "CONFIG_PKCS12=y" >> ${CONFIG} + echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG} + echo "CONFIG_IAPP=y" >> ${CONFIG} + echo "CONFIG_IEEE80211R=y" >> ${CONFIG} + echo "CONFIG_IEEE80211W=y" >> ${CONFIG} + echo "CONFIG_IEEE80211N=y" >> ${CONFIG} + echo "CONFIG_PEERKEY=y" >> ${CONFIG} + echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG} + echo "CONFIG_INTERWORKING=y" >> ${CONFIG} + + if use ipv6; then + # IPv6 support + echo "CONFIG_IPV6=y" >> ${CONFIG} + fi + + if ! use debug; then + echo "CONFIG_NO_STDOUT_DEBUG=y" >> ${CONFIG} + fi + + # If we are using libnl 2.0 and above, enable support for it + # Removed for now, since the 3.2 version is broken, and we don't + # support it. + if has_version ">=dev-libs/libnl-3.2"; then + echo "CONFIG_LIBNL32=y" >> .config + fi + + # TODO: Add support for BSD drivers + + default_src_configure +} + +src_compile() { + emake V=1 + + if use ssl; then + emake V=1 nt_password_hash + emake V=1 hlr_auc_gw + fi +} + +src_install() { + insinto /etc/${PN} + doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk} + + fperms -R 600 /etc/${PN} + + dosbin ${PN} + dobin ${PN}_cli + + use ssl && dobin nt_password_hash hlr_auc_gw + + newinitd "${FILESDIR}"/${PN}-init.d ${PN} + newconfd "${FILESDIR}"/${PN}-conf.d ${PN} + + doman ${PN}{.8,_cli.1} + + dodoc ChangeLog README + use wps && dodoc README-WPS + + docinto examples + dodoc wired.conf + + if use logwatch; then + insinto /etc/log.d/conf/services/ + doins logwatch/${PN}.conf + + exeinto /etc/log.d/scripts/services/ + doexe logwatch/${PN} + fi +} + +pkg_postinst() { + einfo + einfo "In order to use ${PN} you need to set up your wireless card" + einfo "for master mode in /etc/conf.d/net and then start" + einfo "/etc/init.d/${PN}." + einfo + einfo "Example configuration:" + einfo + einfo "config_wlan0=( \"192.168.1.1/24\" )" + einfo "channel_wlan0=\"6\"" + einfo "essid_wlan0=\"test\"" + einfo "mode_wlan0=\"master\"" + einfo + if use madwifi; then + einfo "This package compiles against the headers installed by" + einfo "madwifi-old, madwifi-ng or madwifi-ng-tools." + einfo "You should remerge ${PN} after upgrading these packages." + einfo + einfo "Since you are using the madwifi-ng driver, you should disable or" + einfo "comment out wme_enabled from ${PN}.conf, since it will" + einfo "cause problems otherwise (see bug #260377" + fi + #if [ -e "${KV_DIR}"/net/mac80211 ]; then + # einfo "This package now compiles against the headers installed by" + # einfo "the kernel source for the mac80211 driver. You should " + # einfo "re-emerge ${PN} after upgrading your kernel source." + #fi + + if use wps; then + einfo "You have enabled Wi-Fi Protected Setup support, please" + einfo "read the README-WPS file in /usr/share/doc/${P}" + einfo "for info on how to use WPS" + fi +} |