diff options
author | Viktor Drobot | 2022-01-19 22:25:09 +0300 |
---|---|---|
committer | Viktor Drobot | 2022-01-19 22:25:09 +0300 |
commit | c2c0d01e0993c38556f6ec95c295f0d02ed75d5e (patch) | |
tree | 9453018c614dc66c0c0b9892341fb06a02c8cae3 | |
parent | 5ad76ab60a2877441aea05e1a28035e998880d8c (diff) | |
download | aur-c2c0d01e0993c38556f6ec95c295f0d02ed75d5e.tar.gz |
Update 2.10
-rw-r--r-- | .SRCINFO | 25 | ||||
-rw-r--r-- | PKGBUILD | 71 | ||||
-rw-r--r-- | config | 53 | ||||
-rw-r--r-- | hostapd-noscan.patch | 76 | ||||
-rw-r--r-- | noscan.patch | 100 |
5 files changed, 175 insertions, 150 deletions
@@ -1,10 +1,10 @@ pkgbase = hostapd-noscan pkgdesc = IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator (with "noscan" patch) - pkgver = 2.9 - pkgrel = 5 + pkgver = 2.10 + pkgrel = 1 url = https://w1.fi/hostapd/ - arch = x86_64 arch = i686 + arch = x86_64 arch = armv6h arch = armv7h arch = aarch64 @@ -22,22 +22,13 @@ pkgbase = hostapd-noscan backup = etc/hostapd/hostapd.radius_clients backup = etc/hostapd/hostapd.vlan backup = etc/hostapd/hostapd.wpa_psk - source = https://w1.fi/releases/hostapd-2.9.tar.gz - source = https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch - source = https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch - source = https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch - source = hostapd-2.9-CVE-2021-30004.patch::https://w1.fi/cgit/hostap/patch/?id=a0541334a6394f8237a4393b7372693cd7e96f15 + source = https://w1.fi/releases/hostapd-2.10.tar.gz source = config source = hostapd.service - source = hostapd-noscan.patch - sha256sums = 881d7d6a90b2428479288d64233151448f8990ab4958e0ecaca7eeb3c9db2bd7 - sha256sums = 2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7 - sha256sums = 49feb35a5276279b465f6836d6fa2c6b34d94dc979e8b840d1918865c04260de - sha256sums = a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a - sha256sums = a726eec646a4c6bbff380fbc4a4797d9b2d0f1e45fb79411bbc26859e3213557 - sha256sums = 87445203a518864e704b85fa970d90940e9a5d9b401ceb802d11caab6c07a495 + source = noscan.patch + sha256sums = 206e7c799b678572c2e3d12030238784bc4a9f82323b0156b4c9466f1498915d + sha256sums = d0bbbfec38e338938910b09704ab986f3615b15ed2e0832d368ce3e9b94e3c51 sha256sums = 989bc6855f44c0b360e3d4cd4a146c35b7c12f8a0ced627b4b033f58edcade8e - sha256sums = f2a57f118d5884bdc5eaba3828545742775e763eade4837668f8cd3dec8bb812 + sha256sums = b449b6158466903c06c0ed0f19aef506351021f8b332eabc03467e9928258128 pkgname = hostapd-noscan - @@ -3,36 +3,28 @@ # Contributor: David Runge <dave@sleepmap.de> pkgname=hostapd-noscan -_pkgname="hostapd" -pkgver=2.9 -pkgrel=5 +_pkgname=hostapd +pkgver=2.10 +pkgrel=1 pkgdesc="IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator (with \"noscan\" patch)" -arch=('x86_64' 'i686' 'armv6h' 'armv7h' 'aarch64') +arch=(i686 x86_64 armv6h armv7h aarch64) url="https://w1.fi/hostapd/" -license=('BSD') -depends=('glibc' 'libnl' 'openssl' 'sqlite') -conflicts=('hostapd') -provides=('hostapd') +license=(BSD) +depends=(glibc libnl openssl sqlite) +conflicts=(hostapd) +provides=(hostapd) backup=("etc/${_pkgname}/${_pkgname}."{accept,conf,deny,eap_user,radius_clients,vlan,wpa_psk}) -source=("https://w1.fi/releases/$_pkgname-$pkgver.tar.gz" - "https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch" - "https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch" - "https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch" - "hostapd-2.9-CVE-2021-30004.patch::https://w1.fi/cgit/hostap/patch/?id=a0541334a6394f8237a4393b7372693cd7e96f15" +source=("https://w1.fi/releases/${_pkgname}-${pkgver}.tar.gz" "config" "hostapd.service" - "hostapd-noscan.patch") -sha256sums=('881d7d6a90b2428479288d64233151448f8990ab4958e0ecaca7eeb3c9db2bd7' - '2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7' - '49feb35a5276279b465f6836d6fa2c6b34d94dc979e8b840d1918865c04260de' - 'a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a' - 'a726eec646a4c6bbff380fbc4a4797d9b2d0f1e45fb79411bbc26859e3213557' - '87445203a518864e704b85fa970d90940e9a5d9b401ceb802d11caab6c07a495' + "noscan.patch") +sha256sums=('206e7c799b678572c2e3d12030238784bc4a9f82323b0156b4c9466f1498915d' + 'd0bbbfec38e338938910b09704ab986f3615b15ed2e0832d368ce3e9b94e3c51' '989bc6855f44c0b360e3d4cd4a146c35b7c12f8a0ced627b4b033f58edcade8e' - 'f2a57f118d5884bdc5eaba3828545742775e763eade4837668f8cd3dec8bb812') + 'b449b6158466903c06c0ed0f19aef506351021f8b332eabc03467e9928258128') prepare() { - cd "$_pkgname-$pkgver" + cd "${_pkgname}-${pkgver}" # fix include locations in main configuration file sed -e 's|/etc/hostapd|/etc/hostapd/hostapd|g' \ @@ -42,10 +34,10 @@ prepare() { -e 's|hostapd.ap_settings|/var/lib/hostapd/hostapd.ap_settings|g' \ -e 's|hostapd_wps_pin_requests|hostapd/wps_pin_requests|g' \ -i "${_pkgname}/${_pkgname}.conf" - + # extract license cat "${_pkgname}/README" |head -n47 |tail -n5 > LICENSE - + # link build configuration into place: # an up-to-date version of the build configuration can be found in # hostapd/defconfig and should be diffed with the packaged one before every @@ -53,46 +45,33 @@ prepare() { ln -sv "${srcdir}/config" "${_pkgname}/.config" # apply "noscan" patch - patch -p1 -i "$srcdir/hostapd-noscan.patch" - - # fix CVE-2020-12695 - patch -Np1 -i "$srcdir/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch" - patch -Np1 -i "$srcdir/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch" - patch -Np1 -i "$srcdir/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch" - patch -Np1 -i "$srcdir/hostapd-2.9-CVE-2021-30004.patch" + patch -Np0 -i "${srcdir}/noscan.patch" } build() { - cd $_pkgname-$pkgver/hostapd - make + make -C "${_pkgname}-${pkgver}/${_pkgname}" } package() { - cd "$_pkgname-$pkgver" + cd "${_pkgname}-${pkgver}" make -C "${_pkgname}" install DESTDIR="${pkgdir}" BINDIR="/usr/bin" # systemd service - install -vDm 644 "../${_pkgname}.service" \ - -t "$pkgdir/usr/lib/systemd/system/" + install -vDm 644 "../${_pkgname}.service" -t "${pkgdir}/usr/lib/systemd/system/" # license - install -vDm 644 LICENSE -t "$pkgdir/usr/share/licenses/$_pkgname/" + install -vDm 644 LICENSE -t "${pkgdir}/usr/share/licenses/${_pkgname}/" # config - install -d "$pkgdir/etc/hostapd" - install -vDm 640 "${_pkgname}/${_pkgname}."{accept,conf,deny,eap_user,radius_clients,vlan,wpa_psk} \ - -t "${pkgdir}/etc/${_pkgname}" + install -vDm 640 "${_pkgname}/${_pkgname}."{accept,conf,deny,eap_user,radius_clients,vlan,wpa_psk} -t "${pkgdir}/etc/${_pkgname}" # docs - install -vDm 644 "${_pkgname}/"{hostapd.sim_db,wired.conf,hlr_auc_gw.{txt,milenage_db}} \ - "${_pkgname}/"{README*,ChangeLog} \ - -t "${pkgdir}/usr/share/doc/${_pkgname}" + install -vDm 644 "${_pkgname}/"{hostapd.sim_db,wired.conf,hlr_auc_gw.{txt,milenage_db}} "${_pkgname}/"{README*,ChangeLog} -t "${pkgdir}/usr/share/doc/${_pkgname}" # man pages - install -vDm 644 "${_pkgname}/${_pkgname}.8" -t "$pkgdir/usr/share/man/man8/" - install -vDm 644 "${_pkgname}/${_pkgname}_cli.1" \ - -t "$pkgdir/usr/share/man/man1/" + install -vDm 644 "${_pkgname}/${_pkgname}.8" -t "${pkgdir}/usr/share/man/man8/" + install -vDm 644 "${_pkgname}/${_pkgname}_cli.1" -t "${pkgdir}/usr/share/man/man1/" # state dir install -vdm 750 "${pkgdir}/var/lib/${_pkgname}" @@ -44,15 +44,9 @@ CONFIG_LIBNL32=y # Driver interface for no driver (e.g., RADIUS server only) #CONFIG_DRIVER_NONE=y -# IEEE 802.11F/IAPP -CONFIG_IAPP=y - # WPA2/IEEE 802.11i RSN pre-authentication CONFIG_RSN_PREAUTH=y -# IEEE 802.11w (management frame protection) -CONFIG_IEEE80211W=y - # Support Operating Channel Validation #CONFIG_OCV=y @@ -154,9 +148,6 @@ CONFIG_IEEE80211R=y # the IEEE 802.11 Management capability (e.g., FreeBSD/net80211) #CONFIG_DRIVER_RADIUS_ACL=y -# IEEE 802.11n (High Throughput) support -CONFIG_IEEE80211N=y - # Wireless Network Management (IEEE Std 802.11v-2011) # Note: This is experimental and not complete implementation. #CONFIG_WNM=y @@ -355,12 +346,12 @@ CONFIG_SQLITE=y # * ath10k # # For more details refer to: -# http://wireless.kernel.org/en/users/Documentation/acs +# https://wireless.wiki.kernel.org/en/users/documentation/acs # CONFIG_ACS=y # Multiband Operation support -# These extentions facilitate efficient use of multiple frequency bands +# These extensions facilitate efficient use of multiple frequency bands # available to the AP and the devices that may associate with it. #CONFIG_MBO=y @@ -390,7 +381,47 @@ CONFIG_ACS=y # parameter. See that parameter in hostapd.conf for more details. #CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 +# Wired equivalent privacy (WEP) +# WEP is an obsolete cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used for anything anymore. The +# functionality needed to use WEP is available in the current hostapd +# release under this optional build parameter. This functionality is subject to +# be completely removed in a future release. +#CONFIG_WEP=y + +# Remove all TKIP functionality +# TKIP is an old cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used anymore. For now, the default hostapd +# build includes this to allow mixed mode WPA+WPA2 networks to be enabled, but +# that functionality is subject to be removed in the future. +#CONFIG_NO_TKIP=y + +# Pre-Association Security Negotiation (PASN) +# Experimental implementation based on IEEE P802.11z/D2.6 and the protocol +# design is still subject to change. As such, this should not yet be enabled in +# production use. +# This requires CONFIG_IEEE80211W=y to be enabled, too. +#CONFIG_PASN=y + +# Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect) +CONFIG_DPP=y +# DPP version 2 support +CONFIG_DPP2=y +# DPP version 3 support (experimental and still changing; do not enable for +# production use) +#CONFIG_DPP3=y + # custom configuration options + +# IEEE 802.11F/IAPP +CONFIG_IAPP=y + +# IEEE 802.11w (management frame protection) +CONFIG_IEEE80211W=y + +# IEEE 802.11n (High Throughput) support +CONFIG_IEEE80211N=y + CONFIG_MESH=y CONFIG_SAE=y CONFIG_WPS2=y diff --git a/hostapd-noscan.patch b/hostapd-noscan.patch deleted file mode 100644 index aecab68e1b9d..000000000000 --- a/hostapd-noscan.patch +++ /dev/null @@ -1,76 +0,0 @@ -diff -wbBur hostapd-2.9/hostapd/config_file.c hostapd-2.9.q/hostapd/config_file.c ---- hostapd-2.9/hostapd/config_file.c 2019-04-21 10:10:22.000000000 +0300 -+++ hostapd-2.9.q/hostapd/config_file.c 2019-04-25 14:59:57.594749041 +0300 -@@ -2879,6 +2879,8 @@ - bss->wpa_gmk_rekey = atoi(pos); - } else if (os_strcmp(buf, "wpa_ptk_rekey") == 0) { - bss->wpa_ptk_rekey = atoi(pos); -+ } else if (os_strcmp(buf, "noscan") == 0) { -+ conf->noscan = atoi(pos); - } else if (os_strcmp(buf, "wpa_group_update_count") == 0) { - char *endp; - unsigned long val = strtoul(pos, &endp, 0); -@@ -3411,6 +3413,8 @@ - bss->ieee80211w = 1; - #endif /* CONFIG_OCV */ - #ifdef CONFIG_IEEE80211N -+ } else if (os_strcmp(buf, "noscan") == 0) { -+ conf->noscan = atoi(pos); - } else if (os_strcmp(buf, "ieee80211n") == 0) { - conf->ieee80211n = atoi(pos); - } else if (os_strcmp(buf, "ht_capab") == 0) { -diff -wbBur hostapd-2.9/src/ap/ap_config.h hostapd-2.9.q/src/ap/ap_config.h ---- hostapd-2.9/src/ap/ap_config.h 2019-04-21 10:10:22.000000000 +0300 -+++ hostapd-2.9.q/src/ap/ap_config.h 2019-04-25 15:01:32.981414600 +0300 -@@ -932,6 +932,7 @@ - - int ht_op_mode_fixed; - u16 ht_capab; -+ int noscan; - int ieee80211n; - int secondary_channel; - int no_pri_sec_switch; -diff -wbBur hostapd-2.9/src/ap/hw_features.c hostapd-2.9.q/src/ap/hw_features.c ---- hostapd-2.9/src/ap/hw_features.c 2019-04-21 10:10:22.000000000 +0300 -+++ hostapd-2.9.q/src/ap/hw_features.c 2019-04-25 14:58:10.278083605 +0300 -@@ -477,7 +477,7 @@ - int ret; - - /* Check that HT40 is used and PRI / SEC switch is allowed */ -- if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch) -+ if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch || iface->conf->noscan) - return 0; - - hostapd_set_state(iface, HAPD_IFACE_HT_SCAN); -@@ -743,7 +743,7 @@ - if (!hostapd_is_usable_chan(iface, iface->conf->channel, 1)) - return 0; - -- if (!iface->conf->secondary_channel) -+ if (!iface->conf->secondary_channel || iface->conf->noscan) - return 1; - - if (!iface->conf->ht40_plus_minus_allowed) -diff -wbBur hostapd-2.9/src/ap/ieee802_11_ht.c hostapd-2.9.q/src/ap/ieee802_11_ht.c ---- hostapd-2.9/src/ap/ieee802_11_ht.c 2019-04-21 10:10:22.000000000 +0300 -+++ hostapd-2.9.q/src/ap/ieee802_11_ht.c 2019-04-25 14:58:10.278083605 +0300 -@@ -252,6 +252,9 @@ - return; - } - -+ if (iface->conf->noscan) -+ return; -+ - if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie)) { - wpa_printf(MSG_DEBUG, - "Ignore too short 20/40 BSS Coexistence Management frame"); -@@ -412,6 +415,9 @@ - if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G) - return; - -+ if (iface->conf->noscan) -+ return; -+ - wpa_printf(MSG_INFO, "HT: Forty MHz Intolerant is set by STA " MACSTR - " in Association Request", MAC2STR(sta->addr)); - diff --git a/noscan.patch b/noscan.patch new file mode 100644 index 000000000000..c2b28a23ce27 --- /dev/null +++ b/noscan.patch @@ -0,0 +1,100 @@ +--- hostapd/config_file.c 2022-01-16 23:51:29.000000000 +0300 ++++ hostapd/config_file.c 2022-01-19 13:47:09.436558002 +0300 +@@ -2904,10 +2904,12 @@ + wpa_printf(MSG_ERROR, + "Line %d: Invalid wpa_deny_ptk0_rekey=%d; allowed range 0..2", + line, bss->wpa_deny_ptk0_rekey); + return 1; + } ++ } else if (os_strcmp(buf, "noscan") == 0) { ++ conf->noscan = atoi(pos); + } else if (os_strcmp(buf, "wpa_group_update_count") == 0) { + char *endp; + unsigned long val = strtoul(pos, &endp, 0); + + if (*endp || val < 1 || val > (u32) -1) { +@@ -3472,10 +3474,12 @@ + } else if (os_strcmp(buf, "ocv") == 0) { + bss->ocv = atoi(pos); + if (bss->ocv && !bss->ieee80211w) + bss->ieee80211w = 1; + #endif /* CONFIG_OCV */ ++ } else if (os_strcmp(buf, "noscan") == 0) { ++ conf->noscan = atoi(pos); + } else if (os_strcmp(buf, "ieee80211n") == 0) { + conf->ieee80211n = atoi(pos); + } else if (os_strcmp(buf, "ht_capab") == 0) { + if (hostapd_config_ht_capab(conf, pos) < 0) { + wpa_printf(MSG_ERROR, "Line %d: invalid ht_capab", +--- src/ap/ap_config.h 2022-01-16 23:51:29.000000000 +0300 ++++ src/ap/ap_config.h 2022-01-19 13:48:24.301239489 +0300 +@@ -1012,10 +1012,11 @@ + */ + struct hostapd_wmm_ac_params wmm_ac_params[4]; + + int ht_op_mode_fixed; + u16 ht_capab; ++ int noscan; + int ieee80211n; + int secondary_channel; + int no_pri_sec_switch; + int require_ht; + int obss_interval; +--- src/ap/hw_features.c 2022-01-16 23:51:29.000000000 +0300 ++++ src/ap/hw_features.c 2022-01-19 13:52:15.198720584 +0300 +@@ -515,11 +515,11 @@ + { + struct wpa_driver_scan_params params; + int ret; + + /* Check that HT40 is used and PRI / SEC switch is allowed */ +- if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch) ++ if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch || iface->conf->noscan) + return 0; + + hostapd_set_state(iface, HAPD_IFACE_HT_SCAN); + wpa_printf(MSG_DEBUG, "Scan for neighboring BSSes prior to enabling " + "40 MHz channel"); +@@ -913,11 +913,11 @@ + return 0; + } + if (!hostapd_is_usable_edmg(iface)) + return 0; + +- if (!iface->conf->secondary_channel) ++ if (!iface->conf->secondary_channel || iface->conf->noscan) + return 1; + + if (hostapd_is_usable_chan(iface, iface->freq + + iface->conf->secondary_channel * 20, 0)) { + if (iface->conf->secondary_channel == 1 && +--- src/ap/ieee802_11_ht.c 2022-01-16 23:51:29.000000000 +0300 ++++ src/ap/ieee802_11_ht.c 2022-01-19 13:55:53.112624851 +0300 +@@ -228,10 +228,13 @@ + wpa_printf(MSG_DEBUG, + "Ignore 20/40 BSS Coexistence Management frame since 40 MHz capability is not enabled"); + return; + } + ++ if (iface->conf->noscan) ++ return; ++ + if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie)) { + wpa_printf(MSG_DEBUG, + "Ignore too short 20/40 BSS Coexistence Management frame"); + return; + } +@@ -388,10 +391,13 @@ + void ht40_intolerant_add(struct hostapd_iface *iface, struct sta_info *sta) + { + if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G) + return; + ++ if (iface->conf->noscan) ++ return; ++ + wpa_printf(MSG_INFO, "HT: Forty MHz Intolerant is set by STA " MACSTR + " in Association Request", MAC2STR(sta->addr)); + + if (sta->ht40_intolerant_set) + return; |