blob: 2ac593fbecc92c7c056390f70b048171459eb097 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=hostapd
pkgver=2.7
pkgrel=5
pkgdesc="daemon for wireless software access points"
url="http://hostap.epitest.fi/hostapd/"
arch="all"
license="custom"
makedepends="openssl-dev libnl3-dev linux-headers"
subpackages="$pkgname-doc $pkgname-openrc"
patches="CVE-2012-4445.patch
CVE-2019-9496.patch
0001-OpenSSL-Use-constant-time-operations-for-private-big.patch
0002-OpenSSL-Use-constant-time-selection-for-crypto_bignu.patch
0003-SAE-Minimize-timing-differences-in-PWE-derivation.patch
0004-SAE-Avoid-branches-in-is_quadratic_residue_blind.patch
0005-SAE-Mask-timing-of-MODP-groups-22-23-24.patch
0006-SAE-Use-const_time-selection-for-PWE-in-FFC.patch
0007-SAE-Use-constant-time-operations-in-sae_test_pwd_see.patch
0008-Add-helper-functions-for-constant-time-operations.patch
0009-EAP-pwd-Use-constant-time-and-memory-access-for-find.patch
0010-EAP-pwd-server-Detect-reflection-attacks.patch
0011-EAP-pwd-client-Verify-received-scalar-and-element.patch
0012-EAP-pwd-server-Verify-received-scalar-and-element.patch
0013-EAP-pwd-Check-element-x-y-coordinates-explicitly.patch
0014-EAP-pwd-server-Fix-reassembly-buffer-handling.patch
0015-EAP-pwd-peer-Fix-reassembly-buffer-handling.patch
0016-SAE-Use-const_time_memcmp-for-pwd_value-prime-compar.patch
0017-EAP-pwd-Enforce-1-rand-mask-r-and-rand-mask-mod-r-1.patch
0018-EAP-pwd-Remove-unused-checks-for-cofactor-1-cases.patch
0019-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch
0020-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch
0021-SAE-Run-through-prf-result-processing-even-if-it-pri.patch
0022-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch
0023-EAP-pwd-Disallow-ECC-groups-with-a-prime-under-256-b.patch
0024-SAE-Reject-unsuitable-groups-based-on-REVmd-changes.patch
0025-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch
CVE-2019-16275.patch
"
source="http://hostap.epitest.fi/releases/$pkgname-$pkgver.tar.gz
$patches
$pkgname.initd
$pkgname.confd"
options="!check" #no testsuite
builddir="$srcdir"/$pkgname-$pkgver/hostapd
# secfixes:
# 2.7-r5:
# - CVE-2019-16275
# 2.7-r4:
# - CVE-2019-13377
# 2.7-r3:
# - CVE-2019-9496
# 2.7-r1:
# - CVE-2019-11555
# 2.7-r0:
# - CVE-2017-13082
# 2.6-r2:
# - CVE-2017-13077
# - CVE-2017-13078
# - CVE-2017-13079
# - CVE-2017-13080
# - CVE-2017-13081
# - CVE-2017-13082
# - CVE-2017-13086
# - CVE-2017-13087
# - CVE-2017-13088
prepare() {
local conf="$builddir/.config"
cd "$builddir"/..
for i in $patches; do
msg $i
patch -p1 -i "$srcdir"/$i
done
cd "$builddir"
sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \
hostapd.conf
# toolchain setup
sed \
-e '/^#CONFIG_DRIVER_NL80211=y/s/^#//' \
-e '/^#CONFIG_RADIUS_SERVER=y/s/^#//' \
-e '/^#CONFIG_DRIVER_WIRED=y/s/^#//' \
-e '/^#CONFIG_DRIVER_NONE=y/s/^#//' \
-e '/^#CONFIG_IEEE80211N=y/s/^#//' \
-e '/^#CONFIG_IEEE80211R=y/s/^#//' \
-e '/^#CONFIG_IEEE80211AC=y/s/^#//' \
-e '/^#CONFIG_FULL_DYNAMIC_VLAN=y/s/^#//' \
-e '/^#CONFIG_LIBNL32=y/s/^#//' \
-e '/^#CONFIG_ACS=y/s/^#//' \
defconfig >> .config
echo "CC ?= ${CC:-gcc}" >> .config
echo "CFLAGS += -I/usr/include/libnl3" >> .config
echo "LIBS += -L/usr/lib" >> .config
}
build() {
cd "$builddir"
make
msg "nt_password_hash"
make nt_password_hash
}
package() {
cd "$builddir"
install -d "$pkgdir"/etc/hostapd
install hostapd.conf hostapd.accept hostapd.deny hostapd.eap_user \
hostapd.radius_clients hostapd.sim_db hostapd.wpa_psk \
"$pkgdir"/etc/hostapd/
install -Dm755 hostapd "$pkgdir"/usr/sbin/hostapd \
&& install -Dm755 hostapd_cli "$pkgdir"/usr/bin/hostapd_cli \
&& install -Dm755 nt_password_hash \
"$pkgdir"/usr/bin/nt_password_hash \
&& install -Dm755 "$srcdir"/hostapd.initd \
"$pkgdir"/etc/init.d/hostapd \
&& install -Dm644 "$srcdir"/hostapd.confd \
"$pkgdir"/etc/conf.d/hostapd \
&& install -Dm644 hostapd.8 \
"$pkgdir"/usr/share/man/man8/hostapd.8 \
&& install -Dm644 hostapd_cli.1 \
"$pkgdir"/usr/share/man/man1/hostapd_cli
}
sha512sums="1c9a210dfffb951fb667be19aa44ad8c66dccd2aed26cdab939185923550e3c1998a678ebe6975e560e1b3385bff2098f1b2cb773452ba66fb35246fdd3eb2c1 hostapd-2.7.tar.gz
619acce84516dead1e03e5da71657ea4c4b6f3ca8271574409773aeb316cbddc88095b50320804f457f001f4f3fe83053e660c008d8409f59bb4d3bfe058b601 CVE-2012-4445.patch
90981a52d6cb2e91f67a9bc830d3db02da6fde4bea0cf512b22111da6c8ab151f5dd171a2f2e409d9ff75e388e72c2314dd023a98fdabf16248b11a950bde881 CVE-2019-9496.patch
92fca9bd4d8a1e63ff6b6bce35ceea385f040e475c97eb32a2d53b97030a5513c1a6df238081b5db06ef79163f3a505d0bed641cfd9125446dc0fc30b418a790 0001-OpenSSL-Use-constant-time-operations-for-private-big.patch
396aa9df1de947d645e22d0fbfe9c8a139a9eedbaf286b0bbba5c2341d2af0a2aec072d814c84b89c01e338ebc2ad8db02dbd52c72c2699e98fd5dc14106706f 0002-OpenSSL-Use-constant-time-selection-for-crypto_bignu.patch
0dafd95c452472e51317df4cc6ac139a10cbc130d3a3a48ce44a8a96ebfa0197ed924086ef3a2984cd84024b347137bd76fd32e834c7667712ffcb3872d75c0b 0003-SAE-Minimize-timing-differences-in-PWE-derivation.patch
132da8732d783c0e3a4af2c93f2c3c54f832c5231ef36629a45849f9f1ff045dc791ea0727d165edc76c53f827538ab5e9d6026af384733b3008c45b47d711d8 0004-SAE-Avoid-branches-in-is_quadratic_residue_blind.patch
c02771f2a904d9fac5c4c1c5b25d715bd18ada5a0aaea899d68348bdcd235af66db5473e364994ddf18cf081c6a8148783700ee9e4287c6de45d242e0ef73c93 0005-SAE-Mask-timing-of-MODP-groups-22-23-24.patch
ff5621cfe8e11e3f7e3efd941b3e68c6c2714d19f69932428b3efbb166760323a9540e3840bc36f930bfcf990bfc99741d96df2edf503e1813400942629b4186 0006-SAE-Use-const_time-selection-for-PWE-in-FFC.patch
07e57cd6509279fee021dfe290bad964088c39a181712424145f945ddc0682fa726b9bc6cc11c2fd7efb3f1d5bb7731dfee7e46351991340c715d39f536e7b6b 0007-SAE-Use-constant-time-operations-in-sae_test_pwd_see.patch
24bd9359f2808a62af5eaeefa08a817b578cf2a88e3f77c77f43005e2e5a6526cbd96b5c01d2ddff65fd88e3a551ec771bcfbf49419759dc3bffd6dd999415b1 0008-Add-helper-functions-for-constant-time-operations.patch
65d89c276b43766bf3e9bd6a4e6829c5ec38b59c4725c0a020ecbb9363f27cba20e82f0cebda55d264a1245b81ca545fdbe3d36eff5b5cee07d559b5e093a67c 0009-EAP-pwd-Use-constant-time-and-memory-access-for-find.patch
c2ebe127e0d14c56b9e274a6f8f97c5fb763edc9dc7a3cab4cb1748d29a4d514c240e398ab140542e7aa088b8f17936187e263466290a8ec483534b7182b8703 0010-EAP-pwd-server-Detect-reflection-attacks.patch
509aaef9f32eabbc3b7d257fb85d424db89a383a1708353d52f8c26f3cac602b351615c6775731193ca9403da368052482aa8294927e9d1880f567a08e3056da 0011-EAP-pwd-client-Verify-received-scalar-and-element.patch
217714f651b489f9bc9dad1485b1ea409b0d9c40aef70a4c343f59261198175e5360e6dff99773a7a7358731e010f6c334a095f4868adc9f914a4c4085fb3092 0012-EAP-pwd-server-Verify-received-scalar-and-element.patch
39cb011348a4723b52405bd6cd85f78da1a80e077b61ef0c489e5a0a03e21e30de38378554f1a81092b65cd923d1c3c430821812037a7607f582038d3ba26687 0013-EAP-pwd-Check-element-x-y-coordinates-explicitly.patch
7038044885871271ac724790663d5c0a428db83b41a691747be7a618ae893670a98f3ba52a297937249084296b0e9bcfd791edaa3928548efddb259e1a15f46c 0014-EAP-pwd-server-Fix-reassembly-buffer-handling.patch
99c734fe395b4231aa6a097a08a00e5dab65ea9c37a7c83b1904a37c39307d9e7e95485734b0d483687126f4100c75f8a7b1420f0a2edcbfe07b454a14548822 0015-EAP-pwd-peer-Fix-reassembly-buffer-handling.patch
0dfc8728cfc3a86f7a182a7f71213b94f64880ee4470e2a939c83059df5af7a60d56ec0a8a5f2f717838995f4ef2c6a8fb909324875b0f12a52040239092d115 0016-SAE-Use-const_time_memcmp-for-pwd_value-prime-compar.patch
abc2a40f9437280b1b0d3355f6485fd3d3b6412011e23b4699eb53eebbb761b7d6af553df5655bf5171dabf010f18bd9923a5589c295766d8b6643645b466146 0017-EAP-pwd-Enforce-1-rand-mask-r-and-rand-mask-mod-r-1.patch
d9113a9f59cd35de88a2ef57e2f83c10986dddd3fa18652c3ddfe9f9d5db828d5fdd6385f2de9d6e8e11207c4b35fad2fb72d6698e554fc017cd369231115f44 0018-EAP-pwd-Remove-unused-checks-for-cofactor-1-cases.patch
88b28f73267b5031417e527b4e2eea117e62649862bafbe99b83b77bade56612283279906c8d1a4c997fb8f32fc7a6cf8c88931a64e9520d1bf45fbdb0e6c381 0019-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch
01389b9d3951bf1148894c0f4b45d22ef8352a8fe1090721d17216506581305726f6a6c0ebff88479e5342330e75fc04db9201d7d65d4cc6b01a5f7258dc26f9 0020-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch
1fabc83a5e05ce3d09c89e37365d038bd0eec3a76683966ad172eac3c2c884dbc24fc6ca11c27a8f4582e886d0f1cde73bbede4484352b42a3f686d89d088fff 0021-SAE-Run-through-prf-result-processing-even-if-it-pri.patch
bcae73930c35d441c5615970c305abb3dff293fdec16df50823e57419b22d1aac0e780970619e0c78b4482b7d07962bcf6162706a20e20f7b21a3a10f500eff1 0022-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch
89ac9ee8b0a3521b135ea5075fcc01ee37b111ba129e75f58e4bb863aad0e782c0e1928c91cab2ab1859a7a52d66987e14018b0552c167c05dbaeed76f1b12dd 0023-EAP-pwd-Disallow-ECC-groups-with-a-prime-under-256-b.patch
da5f4248a0173cd7d07972b760631a8dc26f258e7b5be059c0d7de26e17f668945a62d2afce01ed1a1e9df6c55f9fd6ee344d4f006f5564b90a25e90e1e7c704 0024-SAE-Reject-unsuitable-groups-based-on-REVmd-changes.patch
4734a8ab8ba1e91fc9e3d729f34527c14c291df238b02adea5acc04b0361b41d4bffca2fb13a4f464e9f007fa624117af4f50d755cb41a3129b4868da91bdf9a 0025-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch
63710cfb0992f2c346a9807d8c97cbeaed032fa376a0e93a2e56f7742ce515e9c4dfadbdb1af03ba272281f639aab832f0178f67634c222a5d99e1d462aa9e38 CVE-2019-16275.patch
b54b7c6aa17e5cb86a9b354a516eb2dbefb544df18471339c61d82776de447011a2ac290bea1e6c8beae4b6cebefafb8174683ea42fb773e9e8fe6c679f33ba3 hostapd.initd
0882263bbd7c0b05bf51f51d66e11a23a0b8ca7da2a3b8a30166d2c5f044c0c134e6bccb1d02c9e81819ca8fb0c0fb55c7121a08fe7233ccaa73ff8ab9a238fe hostapd.confd"
|
