Update 2.10

author: Viktor Drobot 2022-01-19 22:25:09 +0300
committer: Viktor Drobot 2022-01-19 22:25:09 +0300
commit: c2c0d01e0993c38556f6ec95c295f0d02ed75d5e (patch)
tree: 9453018c614dc66c0c0b9892341fb06a02c8cae3
parent: 5ad76ab60a2877441aea05e1a28035e998880d8c (diff)
download: aur-c2c0d01e0993c38556f6ec95c295f0d02ed75d5e.tar.gz
5 files changed, 175 insertions, 150 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 3e847f863fbd..9017b38c1458 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,10 +1,10 @@
 pkgbase = hostapd-noscan
 	pkgdesc = IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator (with "noscan" patch)
-	pkgver = 2.9
-	pkgrel = 5
+	pkgver = 2.10
+	pkgrel = 1
 	url = https://w1.fi/hostapd/
-	arch = x86_64
 	arch = i686
+	arch = x86_64
 	arch = armv6h
 	arch = armv7h
 	arch = aarch64
@@ -22,22 +22,13 @@ pkgbase = hostapd-noscan
 	backup = etc/hostapd/hostapd.radius_clients
 	backup = etc/hostapd/hostapd.vlan
 	backup = etc/hostapd/hostapd.wpa_psk
-	source = https://w1.fi/releases/hostapd-2.9.tar.gz
-	source = https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
-	source = https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
-	source = https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
-	source = hostapd-2.9-CVE-2021-30004.patch::https://w1.fi/cgit/hostap/patch/?id=a0541334a6394f8237a4393b7372693cd7e96f15
+	source = https://w1.fi/releases/hostapd-2.10.tar.gz
 	source = config
 	source = hostapd.service
-	source = hostapd-noscan.patch
-	sha256sums = 881d7d6a90b2428479288d64233151448f8990ab4958e0ecaca7eeb3c9db2bd7
-	sha256sums = 2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7
-	sha256sums = 49feb35a5276279b465f6836d6fa2c6b34d94dc979e8b840d1918865c04260de
-	sha256sums = a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a
-	sha256sums = a726eec646a4c6bbff380fbc4a4797d9b2d0f1e45fb79411bbc26859e3213557
-	sha256sums = 87445203a518864e704b85fa970d90940e9a5d9b401ceb802d11caab6c07a495
+	source = noscan.patch
+	sha256sums = 206e7c799b678572c2e3d12030238784bc4a9f82323b0156b4c9466f1498915d
+	sha256sums = d0bbbfec38e338938910b09704ab986f3615b15ed2e0832d368ce3e9b94e3c51
 	sha256sums = 989bc6855f44c0b360e3d4cd4a146c35b7c12f8a0ced627b4b033f58edcade8e
-	sha256sums = f2a57f118d5884bdc5eaba3828545742775e763eade4837668f8cd3dec8bb812
+	sha256sums = b449b6158466903c06c0ed0f19aef506351021f8b332eabc03467e9928258128
 
 pkgname = hostapd-noscan
-
diff --git a/PKGBUILD b/PKGBUILD
index 3eb725d3e7a2..7d021b90c681 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,36 +3,28 @@
 # Contributor: David Runge <dave@sleepmap.de>
 
 pkgname=hostapd-noscan
-_pkgname="hostapd"
-pkgver=2.9
-pkgrel=5
+_pkgname=hostapd
+pkgver=2.10
+pkgrel=1
 pkgdesc="IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator (with \"noscan\" patch)"
-arch=('x86_64' 'i686' 'armv6h' 'armv7h' 'aarch64')
+arch=(i686 x86_64 armv6h armv7h aarch64)
 url="https://w1.fi/hostapd/"
-license=('BSD')
-depends=('glibc' 'libnl' 'openssl' 'sqlite')
-conflicts=('hostapd')
-provides=('hostapd')
+license=(BSD)
+depends=(glibc libnl openssl sqlite)
+conflicts=(hostapd)
+provides=(hostapd)
 backup=("etc/${_pkgname}/${_pkgname}."{accept,conf,deny,eap_user,radius_clients,vlan,wpa_psk})
-source=("https://w1.fi/releases/$_pkgname-$pkgver.tar.gz"
-        "https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch"
-        "https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch"
-        "https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch"
-        "hostapd-2.9-CVE-2021-30004.patch::https://w1.fi/cgit/hostap/patch/?id=a0541334a6394f8237a4393b7372693cd7e96f15"
+source=("https://w1.fi/releases/${_pkgname}-${pkgver}.tar.gz"
         "config"
         "hostapd.service"
-        "hostapd-noscan.patch")
-sha256sums=('881d7d6a90b2428479288d64233151448f8990ab4958e0ecaca7eeb3c9db2bd7'
-            '2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7'
-            '49feb35a5276279b465f6836d6fa2c6b34d94dc979e8b840d1918865c04260de'
-            'a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a'
-            'a726eec646a4c6bbff380fbc4a4797d9b2d0f1e45fb79411bbc26859e3213557'
-            '87445203a518864e704b85fa970d90940e9a5d9b401ceb802d11caab6c07a495'
+        "noscan.patch")
+sha256sums=('206e7c799b678572c2e3d12030238784bc4a9f82323b0156b4c9466f1498915d'
+            'd0bbbfec38e338938910b09704ab986f3615b15ed2e0832d368ce3e9b94e3c51'
             '989bc6855f44c0b360e3d4cd4a146c35b7c12f8a0ced627b4b033f58edcade8e'
-            'f2a57f118d5884bdc5eaba3828545742775e763eade4837668f8cd3dec8bb812')
+            'b449b6158466903c06c0ed0f19aef506351021f8b332eabc03467e9928258128')
 
 prepare() {
-  cd "$_pkgname-$pkgver"
+  cd "${_pkgname}-${pkgver}"
 
   # fix include locations in main configuration file
   sed -e 's|/etc/hostapd|/etc/hostapd/hostapd|g' \
@@ -42,10 +34,10 @@ prepare() {
       -e 's|hostapd.ap_settings|/var/lib/hostapd/hostapd.ap_settings|g' \
       -e 's|hostapd_wps_pin_requests|hostapd/wps_pin_requests|g' \
       -i "${_pkgname}/${_pkgname}.conf"
-  
+
   # extract license
   cat "${_pkgname}/README" |head -n47 |tail -n5 > LICENSE
-  
+
   # link build configuration into place:
   # an up-to-date version of the build configuration can be found in
   # hostapd/defconfig and should be diffed with the packaged one before every
@@ -53,46 +45,33 @@ prepare() {
   ln -sv "${srcdir}/config" "${_pkgname}/.config"
 
   # apply "noscan" patch
-  patch -p1 -i "$srcdir/hostapd-noscan.patch"
-
-  # fix CVE-2020-12695
-  patch -Np1 -i "$srcdir/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch"
-  patch -Np1 -i "$srcdir/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch"
-  patch -Np1 -i "$srcdir/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch"
-  patch -Np1 -i "$srcdir/hostapd-2.9-CVE-2021-30004.patch"
+  patch -Np0 -i "${srcdir}/noscan.patch"
 }
 
 build() {
-  cd $_pkgname-$pkgver/hostapd
-  make
+  make -C "${_pkgname}-${pkgver}/${_pkgname}"
 }
 
 package() {
-  cd "$_pkgname-$pkgver"
+  cd "${_pkgname}-${pkgver}"
 
   make -C "${_pkgname}" install DESTDIR="${pkgdir}" BINDIR="/usr/bin"
 
   # systemd service
-  install -vDm 644 "../${_pkgname}.service" \
-    -t "$pkgdir/usr/lib/systemd/system/"
+  install -vDm 644 "../${_pkgname}.service" -t "${pkgdir}/usr/lib/systemd/system/"
 
   # license
-  install -vDm 644 LICENSE -t "$pkgdir/usr/share/licenses/$_pkgname/"
+  install -vDm 644 LICENSE -t "${pkgdir}/usr/share/licenses/${_pkgname}/"
 
   # config
-  install -d "$pkgdir/etc/hostapd"
-  install -vDm 640 "${_pkgname}/${_pkgname}."{accept,conf,deny,eap_user,radius_clients,vlan,wpa_psk} \
-    -t "${pkgdir}/etc/${_pkgname}"
+  install -vDm 640 "${_pkgname}/${_pkgname}."{accept,conf,deny,eap_user,radius_clients,vlan,wpa_psk} -t "${pkgdir}/etc/${_pkgname}"
 
   # docs
-  install -vDm 644 "${_pkgname}/"{hostapd.sim_db,wired.conf,hlr_auc_gw.{txt,milenage_db}} \
-    "${_pkgname}/"{README*,ChangeLog} \
-    -t "${pkgdir}/usr/share/doc/${_pkgname}"
+  install -vDm 644 "${_pkgname}/"{hostapd.sim_db,wired.conf,hlr_auc_gw.{txt,milenage_db}} "${_pkgname}/"{README*,ChangeLog} -t "${pkgdir}/usr/share/doc/${_pkgname}"
 
   # man pages
-  install -vDm 644 "${_pkgname}/${_pkgname}.8" -t "$pkgdir/usr/share/man/man8/"
-  install -vDm 644 "${_pkgname}/${_pkgname}_cli.1" \
-    -t "$pkgdir/usr/share/man/man1/"
+  install -vDm 644 "${_pkgname}/${_pkgname}.8" -t "${pkgdir}/usr/share/man/man8/"
+  install -vDm 644 "${_pkgname}/${_pkgname}_cli.1" -t "${pkgdir}/usr/share/man/man1/"
 
   # state dir
   install -vdm 750 "${pkgdir}/var/lib/${_pkgname}"
diff --git a/config b/config
index 08005f26b488..be9476fb2225 100644
--- a/config
+++ b/config
@@ -44,15 +44,9 @@ CONFIG_LIBNL32=y
 # Driver interface for no driver (e.g., RADIUS server only)
 #CONFIG_DRIVER_NONE=y
 
-# IEEE 802.11F/IAPP
-CONFIG_IAPP=y
-
 # WPA2/IEEE 802.11i RSN pre-authentication
 CONFIG_RSN_PREAUTH=y
 
-# IEEE 802.11w (management frame protection)
-CONFIG_IEEE80211W=y
-
 # Support Operating Channel Validation
 #CONFIG_OCV=y
 
@@ -154,9 +148,6 @@ CONFIG_IEEE80211R=y
 # the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
 #CONFIG_DRIVER_RADIUS_ACL=y
 
-# IEEE 802.11n (High Throughput) support
-CONFIG_IEEE80211N=y
-
 # Wireless Network Management (IEEE Std 802.11v-2011)
 # Note: This is experimental and not complete implementation.
 #CONFIG_WNM=y
@@ -355,12 +346,12 @@ CONFIG_SQLITE=y
 # * ath10k
 #
 # For more details refer to:
-# http://wireless.kernel.org/en/users/Documentation/acs
+# https://wireless.wiki.kernel.org/en/users/documentation/acs
 #
 CONFIG_ACS=y
 
 # Multiband Operation support
-# These extentions facilitate efficient use of multiple frequency bands
+# These extensions facilitate efficient use of multiple frequency bands
 # available to the AP and the devices that may associate with it.
 #CONFIG_MBO=y
 
@@ -390,7 +381,47 @@ CONFIG_ACS=y
 # parameter. See that parameter in hostapd.conf for more details.
 #CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
 
+# Wired equivalent privacy (WEP)
+# WEP is an obsolete cryptographic data confidentiality algorithm that is not
+# considered secure. It should not be used for anything anymore. The
+# functionality needed to use WEP is available in the current hostapd
+# release under this optional build parameter. This functionality is subject to
+# be completely removed in a future release.
+#CONFIG_WEP=y
+
+# Remove all TKIP functionality
+# TKIP is an old cryptographic data confidentiality algorithm that is not
+# considered secure. It should not be used anymore. For now, the default hostapd
+# build includes this to allow mixed mode WPA+WPA2 networks to be enabled, but
+# that functionality is subject to be removed in the future.
+#CONFIG_NO_TKIP=y
+
+# Pre-Association Security Negotiation (PASN)
+# Experimental implementation based on IEEE P802.11z/D2.6 and the protocol
+# design is still subject to change. As such, this should not yet be enabled in
+# production use.
+# This requires CONFIG_IEEE80211W=y to be enabled, too.
+#CONFIG_PASN=y
+
+# Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect)
+CONFIG_DPP=y
+# DPP version 2 support
+CONFIG_DPP2=y
+# DPP version 3 support (experimental and still changing; do not enable for
+# production use)
+#CONFIG_DPP3=y
+
 # custom configuration options
+
+# IEEE 802.11F/IAPP
+CONFIG_IAPP=y
+
+# IEEE 802.11w (management frame protection)
+CONFIG_IEEE80211W=y
+
+# IEEE 802.11n (High Throughput) support
+CONFIG_IEEE80211N=y
+
 CONFIG_MESH=y
 CONFIG_SAE=y
 CONFIG_WPS2=y
diff --git a/hostapd-noscan.patch b/hostapd-noscan.patch
deleted file mode 100644
index aecab68e1b9d..000000000000
--- a/hostapd-noscan.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-diff -wbBur hostapd-2.9/hostapd/config_file.c hostapd-2.9.q/hostapd/config_file.c
---- hostapd-2.9/hostapd/config_file.c	2019-04-21 10:10:22.000000000 +0300
-+++ hostapd-2.9.q/hostapd/config_file.c	2019-04-25 14:59:57.594749041 +0300
-@@ -2879,6 +2879,8 @@
- 		bss->wpa_gmk_rekey = atoi(pos);
- 	} else if (os_strcmp(buf, "wpa_ptk_rekey") == 0) {
- 		bss->wpa_ptk_rekey = atoi(pos);
-+	} else if (os_strcmp(buf, "noscan") == 0) {
-+		conf->noscan = atoi(pos);
- 	} else if (os_strcmp(buf, "wpa_group_update_count") == 0) {
- 		char *endp;
- 		unsigned long val = strtoul(pos, &endp, 0);
-@@ -3411,6 +3413,8 @@
- 			bss->ieee80211w = 1;
- #endif /* CONFIG_OCV */
- #ifdef CONFIG_IEEE80211N
-+	} else if (os_strcmp(buf, "noscan") == 0) {
-+		conf->noscan = atoi(pos);
- 	} else if (os_strcmp(buf, "ieee80211n") == 0) {
- 		conf->ieee80211n = atoi(pos);
- 	} else if (os_strcmp(buf, "ht_capab") == 0) {
-diff -wbBur hostapd-2.9/src/ap/ap_config.h hostapd-2.9.q/src/ap/ap_config.h
---- hostapd-2.9/src/ap/ap_config.h	2019-04-21 10:10:22.000000000 +0300
-+++ hostapd-2.9.q/src/ap/ap_config.h	2019-04-25 15:01:32.981414600 +0300
-@@ -932,6 +932,7 @@
- 
- 	int ht_op_mode_fixed;
- 	u16 ht_capab;
-+	int noscan;
- 	int ieee80211n;
- 	int secondary_channel;
- 	int no_pri_sec_switch;
-diff -wbBur hostapd-2.9/src/ap/hw_features.c hostapd-2.9.q/src/ap/hw_features.c
---- hostapd-2.9/src/ap/hw_features.c	2019-04-21 10:10:22.000000000 +0300
-+++ hostapd-2.9.q/src/ap/hw_features.c	2019-04-25 14:58:10.278083605 +0300
-@@ -477,7 +477,7 @@
- 	int ret;
- 
- 	/* Check that HT40 is used and PRI / SEC switch is allowed */
--	if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch)
-+	if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch || iface->conf->noscan)
- 		return 0;
- 
- 	hostapd_set_state(iface, HAPD_IFACE_HT_SCAN);
-@@ -743,7 +743,7 @@
- 	if (!hostapd_is_usable_chan(iface, iface->conf->channel, 1))
- 		return 0;
- 
--	if (!iface->conf->secondary_channel)
-+	if (!iface->conf->secondary_channel || iface->conf->noscan)
- 		return 1;
- 
- 	if (!iface->conf->ht40_plus_minus_allowed)
-diff -wbBur hostapd-2.9/src/ap/ieee802_11_ht.c hostapd-2.9.q/src/ap/ieee802_11_ht.c
---- hostapd-2.9/src/ap/ieee802_11_ht.c	2019-04-21 10:10:22.000000000 +0300
-+++ hostapd-2.9.q/src/ap/ieee802_11_ht.c	2019-04-25 14:58:10.278083605 +0300
-@@ -252,6 +252,9 @@
- 		return;
- 	}
- 
-+	if (iface->conf->noscan)
-+		return;
-+
- 	if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie)) {
- 		wpa_printf(MSG_DEBUG,
- 			   "Ignore too short 20/40 BSS Coexistence Management frame");
-@@ -412,6 +415,9 @@
- 	if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G)
- 		return;
- 
-+	if (iface->conf->noscan)
-+		return;
-+
- 	wpa_printf(MSG_INFO, "HT: Forty MHz Intolerant is set by STA " MACSTR
- 		   " in Association Request", MAC2STR(sta->addr));
- 
diff --git a/noscan.patch b/noscan.patch
new file mode 100644
index 000000000000..c2b28a23ce27
--- /dev/null
+++ b/noscan.patch
@@ -0,0 +1,100 @@
+--- hostapd/config_file.c	2022-01-16 23:51:29.000000000 +0300
++++ hostapd/config_file.c	2022-01-19 13:47:09.436558002 +0300
+@@ -2904,10 +2904,12 @@
+ 			wpa_printf(MSG_ERROR,
+ 				   "Line %d: Invalid wpa_deny_ptk0_rekey=%d; allowed range 0..2",
+ 				   line, bss->wpa_deny_ptk0_rekey);
+ 			return 1;
+ 		}
++    } else if (os_strcmp(buf, "noscan") == 0) {
++        conf->noscan = atoi(pos);
+ 	} else if (os_strcmp(buf, "wpa_group_update_count") == 0) {
+ 		char *endp;
+ 		unsigned long val = strtoul(pos, &endp, 0);
+ 
+ 		if (*endp || val < 1 || val > (u32) -1) {
+@@ -3472,10 +3474,12 @@
+ 	} else if (os_strcmp(buf, "ocv") == 0) {
+ 		bss->ocv = atoi(pos);
+ 		if (bss->ocv && !bss->ieee80211w)
+ 			bss->ieee80211w = 1;
+ #endif /* CONFIG_OCV */
++    } else if (os_strcmp(buf, "noscan") == 0) {
++        conf->noscan = atoi(pos);
+ 	} else if (os_strcmp(buf, "ieee80211n") == 0) {
+ 		conf->ieee80211n = atoi(pos);
+ 	} else if (os_strcmp(buf, "ht_capab") == 0) {
+ 		if (hostapd_config_ht_capab(conf, pos) < 0) {
+ 			wpa_printf(MSG_ERROR, "Line %d: invalid ht_capab",
+--- src/ap/ap_config.h	2022-01-16 23:51:29.000000000 +0300
++++ src/ap/ap_config.h	2022-01-19 13:48:24.301239489 +0300
+@@ -1012,10 +1012,11 @@
+ 	 */
+ 	struct hostapd_wmm_ac_params wmm_ac_params[4];
+ 
+ 	int ht_op_mode_fixed;
+ 	u16 ht_capab;
++    int noscan;
+ 	int ieee80211n;
+ 	int secondary_channel;
+ 	int no_pri_sec_switch;
+ 	int require_ht;
+ 	int obss_interval;
+--- src/ap/hw_features.c	2022-01-16 23:51:29.000000000 +0300
++++ src/ap/hw_features.c	2022-01-19 13:52:15.198720584 +0300
+@@ -515,11 +515,11 @@
+ {
+ 	struct wpa_driver_scan_params params;
+ 	int ret;
+ 
+ 	/* Check that HT40 is used and PRI / SEC switch is allowed */
+-	if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch)
++	if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch || iface->conf->noscan)
+ 		return 0;
+ 
+ 	hostapd_set_state(iface, HAPD_IFACE_HT_SCAN);
+ 	wpa_printf(MSG_DEBUG, "Scan for neighboring BSSes prior to enabling "
+ 		   "40 MHz channel");
+@@ -913,11 +913,11 @@
+ 		return 0;
+ 	}
+ 	if (!hostapd_is_usable_edmg(iface))
+ 		return 0;
+ 
+-	if (!iface->conf->secondary_channel)
++	if (!iface->conf->secondary_channel || iface->conf->noscan)
+ 		return 1;
+ 
+ 	if (hostapd_is_usable_chan(iface, iface->freq +
+ 				   iface->conf->secondary_channel * 20, 0)) {
+ 		if (iface->conf->secondary_channel == 1 &&
+--- src/ap/ieee802_11_ht.c	2022-01-16 23:51:29.000000000 +0300
++++ src/ap/ieee802_11_ht.c	2022-01-19 13:55:53.112624851 +0300
+@@ -228,10 +228,13 @@
+ 		wpa_printf(MSG_DEBUG,
+ 			   "Ignore 20/40 BSS Coexistence Management frame since 40 MHz capability is not enabled");
+ 		return;
+ 	}
+ 
++    if (iface->conf->noscan)
++        return;
++
+ 	if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie)) {
+ 		wpa_printf(MSG_DEBUG,
+ 			   "Ignore too short 20/40 BSS Coexistence Management frame");
+ 		return;
+ 	}
+@@ -388,10 +391,13 @@
+ void ht40_intolerant_add(struct hostapd_iface *iface, struct sta_info *sta)
+ {
+ 	if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G)
+ 		return;
+ 
++    if (iface->conf->noscan)
++        return;
++
+ 	wpa_printf(MSG_INFO, "HT: Forty MHz Intolerant is set by STA " MACSTR
+ 		   " in Association Request", MAC2STR(sta->addr));
+ 
+ 	if (sta->ht40_intolerant_set)
+ 		return;
author	Viktor Drobot	2022-01-19 22:25:09 +0300
committer	Viktor Drobot	2022-01-19 22:25:09 +0300
commit	c2c0d01e0993c38556f6ec95c295f0d02ed75d5e (patch)
tree	9453018c614dc66c0c0b9892341fb06a02c8cae3
parent	5ad76ab60a2877441aea05e1a28035e998880d8c (diff)
download	aur-c2c0d01e0993c38556f6ec95c295f0d02ed75d5e.tar.gz