Bumping to 1.1

(Portage version: 2.2.0_alpha144/cvs/Linux i686, signed Manifest commit with key 15AE484C)

4 files changed, 284 insertions, 1 deletions

diff --git a/net-wireless/hostapd/ChangeLog b/net-wireless/hostapd/ChangeLog
index 34e6d6ebf60d..8b7cec2c0569 100644
--- a/net-wireless/hostapd/ChangeLog
+++ b/net-wireless/hostapd/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-wireless/hostapd
 # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-wireless/hostapd/ChangeLog,v 1.134 2012/11/18 11:16:32 pacho Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-wireless/hostapd/ChangeLog,v 1.135 2012/12/03 09:18:15 gurligebis Exp $
+
+*hostapd-1.1 (03 Dec 2012)
+
+  03 Dec 2012; <gurligebis@gentoo.org> +hostapd-1.1.ebuild,
+  +files/hostapd-1.1-libnl_path_fix.patch,
+  +files/hostapd-1.1-tls_length_fix.patch:
+  Bumping to 1.1
 
   18 Nov 2012; Pacho Ramos <pacho@gentoo.org> metadata.xml:
   Drop mobile herd as talked in gentoo-dev ML
diff --git a/net-wireless/hostapd/files/hostapd-1.1-libnl_path_fix.patch b/net-wireless/hostapd/files/hostapd-1.1-libnl_path_fix.patch
new file mode 100644
index 000000000000..abf15a6e7e07
--- /dev/null
+++ b/net-wireless/hostapd/files/hostapd-1.1-libnl_path_fix.patch
@@ -0,0 +1,24 @@
+diff -aurp a/src/drivers/drivers.mak b/src/drivers/drivers.mak
+--- a/src/drivers/drivers.mak	2012-10-03 19:42:16.387634128 +0000
++++ b/src/drivers/drivers.mak	2012-10-03 19:43:16.246693744 +0000
+@@ -48,7 +48,7 @@ NEED_RFKILL=y
+ ifdef CONFIG_LIBNL32
+   DRV_LIBS += -lnl-3
+   DRV_LIBS += -lnl-genl-3
+-  DRV_CFLAGS += -DCONFIG_LIBNL20
++  DRV_CFLAGS += -DCONFIG_LIBNL20 -I/usr/include/libnl3
+ else
+   ifdef CONFIG_LIBNL_TINY
+     DRV_LIBS += -lnl-tiny
+diff -aurp a/src/drivers/drivers.mk b/src/drivers/drivers.mk
+--- a/src/drivers/drivers.mk	2012-10-03 19:42:16.385634126 +0000
++++ b/src/drivers/drivers.mk	2012-10-03 19:43:23.333700780 +0000
+@@ -48,7 +48,7 @@ NEED_RFKILL=y
+ ifdef CONFIG_LIBNL32
+   DRV_LIBS += -lnl-3
+   DRV_LIBS += -lnl-genl-3
+-  DRV_CFLAGS += -DCONFIG_LIBNL20
++  DRV_CFLAGS += -DCONFIG_LIBNL20 -I/usr/include/libnl3
+ else
+   ifdef CONFIG_LIBNL_TINY
+     DRV_LIBS += -lnl-tiny
diff --git a/net-wireless/hostapd/files/hostapd-1.1-tls_length_fix.patch b/net-wireless/hostapd/files/hostapd-1.1-tls_length_fix.patch
new file mode 100644
index 000000000000..bda92cf405fa
--- /dev/null
+++ b/net-wireless/hostapd/files/hostapd-1.1-tls_length_fix.patch
@@ -0,0 +1,48 @@
+From 586c446e0ff42ae00315b014924ec669023bd8de Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 7 Oct 2012 20:06:29 +0300
+Subject: [PATCH] EAP-TLS server: Fix TLS Message Length validation
+
+EAP-TLS/PEAP/TTLS/FAST server implementation did not validate TLS
+Message Length value properly and could end up trying to store more
+information into the message buffer than the allocated size if the first
+fragment is longer than the indicated size. This could result in hostapd
+process terminating in wpabuf length validation. Fix this by rejecting
+messages that have invalid TLS Message Length value.
+
+This would affect cases that use the internal EAP authentication server
+in hostapd either directly with IEEE 802.1X or when using hostapd as a
+RADIUS authentication server and when receiving an incorrectly
+constructed EAP-TLS message. Cases where hostapd uses an external
+authentication are not affected.
+
+Thanks to Timo Warns for finding and reporting this issue.
+
+Signed-hostap: Jouni Malinen <j@w1.fi>
+intended-for: hostap-1
+---
+ src/eap_server/eap_server_tls_common.c |    8 ++++++++
+ 1 files changed, 8 insertions(+), 0 deletions(-)
+
+diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
+index 31be2ec..46f282b 100644
+--- a/src/eap_server/eap_server_tls_common.c
++++ b/src/eap_server/eap_server_tls_common.c
+@@ -228,6 +228,14 @@ static int eap_server_tls_process_fragment(struct eap_ssl_data *data,
+ 			return -1;
+ 		}
+ 
++		if (len > message_length) {
++			wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in "
++				   "first fragment of frame (TLS Message "
++				   "Length %d bytes)",
++				   (int) len, (int) message_length);
++			return -1;
++		}
++
+ 		data->tls_in = wpabuf_alloc(message_length);
+ 		if (data->tls_in == NULL) {
+ 			wpa_printf(MSG_DEBUG, "SSL: No memory for message");
+-- 
+1.7.4-rc1
+
diff --git a/net-wireless/hostapd/hostapd-1.1.ebuild b/net-wireless/hostapd/hostapd-1.1.ebuild
new file mode 100644
index 000000000000..76620b5d05a4
--- /dev/null
+++ b/net-wireless/hostapd/hostapd-1.1.ebuild
@@ -0,0 +1,204 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-wireless/hostapd/hostapd-1.1.ebuild,v 1.1 2012/12/03 09:18:15 gurligebis Exp $
+
+EAPI="4"
+
+inherit toolchain-funcs eutils
+
+DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon"
+HOMEPAGE="http://hostap.epitest.fi"
+SRC_URI="http://hostap.epitest.fi/releases/${P}.tar.gz"
+
+LICENSE="|| ( GPL-2 BSD )"
+SLOT="0"
+KEYWORDS="~amd64 ~mips ~ppc ~x86"
+IUSE="debug ipv6 logwatch madwifi +ssl +wps +crda"
+
+DEPEND="ssl? ( dev-libs/openssl )
+	kernel_linux? (
+		dev-libs/libnl:3
+		crda? ( net-wireless/crda )
+	)
+	madwifi? ( ||
+		( >net-wireless/madwifi-ng-tools-0.9.3
+		net-wireless/madwifi-old ) )"
+RDEPEND="${DEPEND}"
+
+S="${S}/${PN}"
+
+src_prepare() {
+	cd ..
+	epatch "${FILESDIR}/${P}-libnl_path_fix.patch"
+	epatch "${FILESDIR}/${P}-tls_length_fix.patch"
+
+	sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \
+		"${S}/hostapd.conf" || die
+}
+
+src_configure() {
+	local CONFIG="${S}/.config"
+
+	# toolchain setup
+	echo "CC = $(tc-getCC)" > ${CONFIG}
+
+	# EAP authentication methods
+	echo "CONFIG_EAP=y" >> ${CONFIG}
+	echo "CONFIG_EAP_MD5=y" >> ${CONFIG}
+
+	if use ssl; then
+		# SSL authentication methods
+		echo "CONFIG_EAP_TLS=y" >> ${CONFIG}
+		echo "CONFIG_EAP_TTLS=y" >> ${CONFIG}
+		echo "CONFIG_EAP_MSCHAPV2=y" >> ${CONFIG}
+		echo "CONFIG_EAP_PEAP=y" >> ${CONFIG}
+	fi
+
+	if use wps; then
+		# Enable Wi-Fi Protected Setup
+		echo "CONFIG_WPS=y" >> ${CONFIG}
+		echo "CONFIG_WPS2=y" >> ${CONFIG}
+		echo "CONFIG_WPS_UPNP=y" >> ${CONFIG}
+		einfo "Enabling Wi-Fi Protected Setup support"
+	fi
+
+	echo "CONFIG_EAP_GTC=y" >> ${CONFIG}
+	echo "CONFIG_EAP_SIM=y" >> ${CONFIG}
+	echo "CONFIG_EAP_AKA=y" >> ${CONFIG}
+	echo "CONFIG_EAP_PAX=y" >> ${CONFIG}
+	echo "CONFIG_EAP_PSK=y" >> ${CONFIG}
+	echo "CONFIG_EAP_SAKE=y" >> ${CONFIG}
+	echo "CONFIG_EAP_GPSK=y" >> ${CONFIG}
+	echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG}
+
+	einfo "Enabling drivers: "
+
+	# drivers
+	echo "CONFIG_DRIVER_HOSTAP=y" >> ${CONFIG}
+	einfo "  HostAP driver enabled"
+	echo "CONFIG_DRIVER_WIRED=y" >> ${CONFIG}
+	einfo "  Wired driver enabled"
+	echo "CONFIG_DRIVER_PRISM54=y" >> ${CONFIG}
+	einfo "  Prism54 driver enabled"
+	echo "CONFIG_DRIVER_NONE=y" >> ${CONFIG}
+	einfo "  None driver enabled"
+
+	if use madwifi; then
+		# Add include path for madwifi-driver headers
+		einfo "  Madwifi driver enabled"
+		echo "CFLAGS += -I/usr/include/madwifi" >> ${CONFIG}
+		echo "CONFIG_DRIVER_MADWIFI=y" >> ${CONFIG}
+	else
+		einfo "  Madwifi driver disabled"
+	fi
+
+	einfo "  nl80211 driver enabled"
+	echo "CONFIG_DRIVER_NL80211=y" >> ${CONFIG}
+	echo "LIBS += -L/usr/lib" >> ${CONFIG}
+
+	# misc
+	echo "CONFIG_PKCS12=y" >> ${CONFIG}
+	echo "CONFIG_RADIUS_SERVER=y" >> ${CONFIG}
+	echo "CONFIG_IAPP=y" >> ${CONFIG}
+	echo "CONFIG_IEEE80211R=y" >> ${CONFIG}
+	echo "CONFIG_IEEE80211W=y" >> ${CONFIG}
+	echo "CONFIG_IEEE80211N=y" >> ${CONFIG}
+	echo "CONFIG_PEERKEY=y" >> ${CONFIG}
+	echo "CONFIG_RSN_PREAUTH=y" >> ${CONFIG}
+	echo "CONFIG_INTERWORKING=y" >> ${CONFIG}
+
+	if use ipv6; then
+		# IPv6 support
+		echo "CONFIG_IPV6=y" >> ${CONFIG}
+	fi
+
+	if ! use debug; then
+		echo "CONFIG_NO_STDOUT_DEBUG=y" >> ${CONFIG}
+	fi
+
+	# If we are using libnl 2.0 and above, enable support for it
+	# Removed for now, since the 3.2 version is broken, and we don't
+	# support it.
+	if has_version ">=dev-libs/libnl-3.2"; then
+		echo "CONFIG_LIBNL32=y" >> .config
+	fi
+
+	# TODO: Add support for BSD drivers
+
+	default_src_configure
+}
+
+src_compile() {
+	emake V=1
+
+	if use ssl; then
+		emake V=1 nt_password_hash
+		emake V=1 hlr_auc_gw
+	fi
+}
+
+src_install() {
+	insinto /etc/${PN}
+	doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk}
+
+	fperms -R 600 /etc/${PN}
+
+	dosbin ${PN}
+	dobin ${PN}_cli
+
+	use ssl && dobin nt_password_hash hlr_auc_gw
+
+	newinitd "${FILESDIR}"/${PN}-init.d ${PN}
+	newconfd "${FILESDIR}"/${PN}-conf.d ${PN}
+
+	doman ${PN}{.8,_cli.1}
+
+	dodoc ChangeLog README
+	use wps && dodoc README-WPS
+
+	docinto examples
+	dodoc wired.conf
+
+	if use logwatch; then
+		insinto /etc/log.d/conf/services/
+		doins logwatch/${PN}.conf
+
+		exeinto /etc/log.d/scripts/services/
+		doexe logwatch/${PN}
+	fi
+}
+
+pkg_postinst() {
+	einfo
+	einfo "In order to use ${PN} you need to set up your wireless card"
+	einfo "for master mode in /etc/conf.d/net and then start"
+	einfo "/etc/init.d/${PN}."
+	einfo
+	einfo "Example configuration:"
+	einfo
+	einfo "config_wlan0=( \"192.168.1.1/24\" )"
+	einfo "channel_wlan0=\"6\""
+	einfo "essid_wlan0=\"test\""
+	einfo "mode_wlan0=\"master\""
+	einfo
+	if use madwifi; then
+		einfo "This package compiles against the headers installed by"
+		einfo "madwifi-old, madwifi-ng or madwifi-ng-tools."
+		einfo "You should remerge ${PN} after upgrading these packages."
+		einfo
+		einfo "Since you are using the madwifi-ng driver, you should disable or"
+		einfo "comment out wme_enabled from ${PN}.conf, since it will"
+		einfo "cause problems otherwise (see bug #260377"
+	fi
+	#if [ -e "${KV_DIR}"/net/mac80211 ]; then
+	#	einfo "This package now compiles against the headers installed by"
+	#	einfo "the kernel source for the mac80211 driver. You should "
+	#	einfo "re-emerge ${PN} after upgrading your kernel source."
+	#fi
+
+	if use wps; then
+		einfo "You have enabled Wi-Fi Protected Setup support, please"
+		einfo "read the README-WPS file in /usr/share/doc/${P}"
+		einfo "for info on how to use WPS"
+	fi
+}