# Maintainer: Natanael Copa pkgname=hostapd pkgver=2.7 pkgrel=5 pkgdesc="daemon for wireless software access points" url="http://hostap.epitest.fi/hostapd/" arch="all" license="custom" makedepends="openssl-dev libnl3-dev linux-headers" subpackages="$pkgname-doc $pkgname-openrc" patches="CVE-2012-4445.patch CVE-2019-9496.patch 0001-OpenSSL-Use-constant-time-operations-for-private-big.patch 0002-OpenSSL-Use-constant-time-selection-for-crypto_bignu.patch 0003-SAE-Minimize-timing-differences-in-PWE-derivation.patch 0004-SAE-Avoid-branches-in-is_quadratic_residue_blind.patch 0005-SAE-Mask-timing-of-MODP-groups-22-23-24.patch 0006-SAE-Use-const_time-selection-for-PWE-in-FFC.patch 0007-SAE-Use-constant-time-operations-in-sae_test_pwd_see.patch 0008-Add-helper-functions-for-constant-time-operations.patch 0009-EAP-pwd-Use-constant-time-and-memory-access-for-find.patch 0010-EAP-pwd-server-Detect-reflection-attacks.patch 0011-EAP-pwd-client-Verify-received-scalar-and-element.patch 0012-EAP-pwd-server-Verify-received-scalar-and-element.patch 0013-EAP-pwd-Check-element-x-y-coordinates-explicitly.patch 0014-EAP-pwd-server-Fix-reassembly-buffer-handling.patch 0015-EAP-pwd-peer-Fix-reassembly-buffer-handling.patch 0016-SAE-Use-const_time_memcmp-for-pwd_value-prime-compar.patch 0017-EAP-pwd-Enforce-1-rand-mask-r-and-rand-mask-mod-r-1.patch 0018-EAP-pwd-Remove-unused-checks-for-cofactor-1-cases.patch 0019-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch 0020-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch 0021-SAE-Run-through-prf-result-processing-even-if-it-pri.patch 0022-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch 0023-EAP-pwd-Disallow-ECC-groups-with-a-prime-under-256-b.patch 0024-SAE-Reject-unsuitable-groups-based-on-REVmd-changes.patch 0025-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch CVE-2019-16275.patch " source="http://hostap.epitest.fi/releases/$pkgname-$pkgver.tar.gz $patches $pkgname.initd $pkgname.confd" options="!check" #no testsuite builddir="$srcdir"/$pkgname-$pkgver/hostapd # secfixes: # 2.7-r5: # - CVE-2019-16275 # 2.7-r4: # - CVE-2019-13377 # 2.7-r3: # - CVE-2019-9496 # 2.7-r1: # - CVE-2019-11555 # 2.7-r0: # - CVE-2017-13082 # 2.6-r2: # - CVE-2017-13077 # - CVE-2017-13078 # - CVE-2017-13079 # - CVE-2017-13080 # - CVE-2017-13081 # - CVE-2017-13082 # - CVE-2017-13086 # - CVE-2017-13087 # - CVE-2017-13088 prepare() { local conf="$builddir/.config" cd "$builddir"/.. for i in $patches; do msg $i patch -p1 -i "$srcdir"/$i done cd "$builddir" sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \ hostapd.conf # toolchain setup sed \ -e '/^#CONFIG_DRIVER_NL80211=y/s/^#//' \ -e '/^#CONFIG_RADIUS_SERVER=y/s/^#//' \ -e '/^#CONFIG_DRIVER_WIRED=y/s/^#//' \ -e '/^#CONFIG_DRIVER_NONE=y/s/^#//' \ -e '/^#CONFIG_IEEE80211N=y/s/^#//' \ -e '/^#CONFIG_IEEE80211R=y/s/^#//' \ -e '/^#CONFIG_IEEE80211AC=y/s/^#//' \ -e '/^#CONFIG_FULL_DYNAMIC_VLAN=y/s/^#//' \ -e '/^#CONFIG_LIBNL32=y/s/^#//' \ -e '/^#CONFIG_ACS=y/s/^#//' \ defconfig >> .config echo "CC ?= ${CC:-gcc}" >> .config echo "CFLAGS += -I/usr/include/libnl3" >> .config echo "LIBS += -L/usr/lib" >> .config } build() { cd "$builddir" make msg "nt_password_hash" make nt_password_hash } package() { cd "$builddir" install -d "$pkgdir"/etc/hostapd install hostapd.conf hostapd.accept hostapd.deny hostapd.eap_user \ hostapd.radius_clients hostapd.sim_db hostapd.wpa_psk \ "$pkgdir"/etc/hostapd/ install -Dm755 hostapd "$pkgdir"/usr/sbin/hostapd \ && install -Dm755 hostapd_cli "$pkgdir"/usr/bin/hostapd_cli \ && install -Dm755 nt_password_hash \ "$pkgdir"/usr/bin/nt_password_hash \ && install -Dm755 "$srcdir"/hostapd.initd \ "$pkgdir"/etc/init.d/hostapd \ && install -Dm644 "$srcdir"/hostapd.confd \ "$pkgdir"/etc/conf.d/hostapd \ && install -Dm644 hostapd.8 \ "$pkgdir"/usr/share/man/man8/hostapd.8 \ && install -Dm644 hostapd_cli.1 \ "$pkgdir"/usr/share/man/man1/hostapd_cli } sha512sums="1c9a210dfffb951fb667be19aa44ad8c66dccd2aed26cdab939185923550e3c1998a678ebe6975e560e1b3385bff2098f1b2cb773452ba66fb35246fdd3eb2c1 hostapd-2.7.tar.gz 619acce84516dead1e03e5da71657ea4c4b6f3ca8271574409773aeb316cbddc88095b50320804f457f001f4f3fe83053e660c008d8409f59bb4d3bfe058b601 CVE-2012-4445.patch 90981a52d6cb2e91f67a9bc830d3db02da6fde4bea0cf512b22111da6c8ab151f5dd171a2f2e409d9ff75e388e72c2314dd023a98fdabf16248b11a950bde881 CVE-2019-9496.patch 92fca9bd4d8a1e63ff6b6bce35ceea385f040e475c97eb32a2d53b97030a5513c1a6df238081b5db06ef79163f3a505d0bed641cfd9125446dc0fc30b418a790 0001-OpenSSL-Use-constant-time-operations-for-private-big.patch 396aa9df1de947d645e22d0fbfe9c8a139a9eedbaf286b0bbba5c2341d2af0a2aec072d814c84b89c01e338ebc2ad8db02dbd52c72c2699e98fd5dc14106706f 0002-OpenSSL-Use-constant-time-selection-for-crypto_bignu.patch 0dafd95c452472e51317df4cc6ac139a10cbc130d3a3a48ce44a8a96ebfa0197ed924086ef3a2984cd84024b347137bd76fd32e834c7667712ffcb3872d75c0b 0003-SAE-Minimize-timing-differences-in-PWE-derivation.patch 132da8732d783c0e3a4af2c93f2c3c54f832c5231ef36629a45849f9f1ff045dc791ea0727d165edc76c53f827538ab5e9d6026af384733b3008c45b47d711d8 0004-SAE-Avoid-branches-in-is_quadratic_residue_blind.patch c02771f2a904d9fac5c4c1c5b25d715bd18ada5a0aaea899d68348bdcd235af66db5473e364994ddf18cf081c6a8148783700ee9e4287c6de45d242e0ef73c93 0005-SAE-Mask-timing-of-MODP-groups-22-23-24.patch ff5621cfe8e11e3f7e3efd941b3e68c6c2714d19f69932428b3efbb166760323a9540e3840bc36f930bfcf990bfc99741d96df2edf503e1813400942629b4186 0006-SAE-Use-const_time-selection-for-PWE-in-FFC.patch 07e57cd6509279fee021dfe290bad964088c39a181712424145f945ddc0682fa726b9bc6cc11c2fd7efb3f1d5bb7731dfee7e46351991340c715d39f536e7b6b 0007-SAE-Use-constant-time-operations-in-sae_test_pwd_see.patch 24bd9359f2808a62af5eaeefa08a817b578cf2a88e3f77c77f43005e2e5a6526cbd96b5c01d2ddff65fd88e3a551ec771bcfbf49419759dc3bffd6dd999415b1 0008-Add-helper-functions-for-constant-time-operations.patch 65d89c276b43766bf3e9bd6a4e6829c5ec38b59c4725c0a020ecbb9363f27cba20e82f0cebda55d264a1245b81ca545fdbe3d36eff5b5cee07d559b5e093a67c 0009-EAP-pwd-Use-constant-time-and-memory-access-for-find.patch c2ebe127e0d14c56b9e274a6f8f97c5fb763edc9dc7a3cab4cb1748d29a4d514c240e398ab140542e7aa088b8f17936187e263466290a8ec483534b7182b8703 0010-EAP-pwd-server-Detect-reflection-attacks.patch 509aaef9f32eabbc3b7d257fb85d424db89a383a1708353d52f8c26f3cac602b351615c6775731193ca9403da368052482aa8294927e9d1880f567a08e3056da 0011-EAP-pwd-client-Verify-received-scalar-and-element.patch 217714f651b489f9bc9dad1485b1ea409b0d9c40aef70a4c343f59261198175e5360e6dff99773a7a7358731e010f6c334a095f4868adc9f914a4c4085fb3092 0012-EAP-pwd-server-Verify-received-scalar-and-element.patch 39cb011348a4723b52405bd6cd85f78da1a80e077b61ef0c489e5a0a03e21e30de38378554f1a81092b65cd923d1c3c430821812037a7607f582038d3ba26687 0013-EAP-pwd-Check-element-x-y-coordinates-explicitly.patch 7038044885871271ac724790663d5c0a428db83b41a691747be7a618ae893670a98f3ba52a297937249084296b0e9bcfd791edaa3928548efddb259e1a15f46c 0014-EAP-pwd-server-Fix-reassembly-buffer-handling.patch 99c734fe395b4231aa6a097a08a00e5dab65ea9c37a7c83b1904a37c39307d9e7e95485734b0d483687126f4100c75f8a7b1420f0a2edcbfe07b454a14548822 0015-EAP-pwd-peer-Fix-reassembly-buffer-handling.patch 0dfc8728cfc3a86f7a182a7f71213b94f64880ee4470e2a939c83059df5af7a60d56ec0a8a5f2f717838995f4ef2c6a8fb909324875b0f12a52040239092d115 0016-SAE-Use-const_time_memcmp-for-pwd_value-prime-compar.patch abc2a40f9437280b1b0d3355f6485fd3d3b6412011e23b4699eb53eebbb761b7d6af553df5655bf5171dabf010f18bd9923a5589c295766d8b6643645b466146 0017-EAP-pwd-Enforce-1-rand-mask-r-and-rand-mask-mod-r-1.patch d9113a9f59cd35de88a2ef57e2f83c10986dddd3fa18652c3ddfe9f9d5db828d5fdd6385f2de9d6e8e11207c4b35fad2fb72d6698e554fc017cd369231115f44 0018-EAP-pwd-Remove-unused-checks-for-cofactor-1-cases.patch 88b28f73267b5031417e527b4e2eea117e62649862bafbe99b83b77bade56612283279906c8d1a4c997fb8f32fc7a6cf8c88931a64e9520d1bf45fbdb0e6c381 0019-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch 01389b9d3951bf1148894c0f4b45d22ef8352a8fe1090721d17216506581305726f6a6c0ebff88479e5342330e75fc04db9201d7d65d4cc6b01a5f7258dc26f9 0020-OpenSSL-Use-BN_bn2binpad-or-BN_bn2bin_padded-if-avai.patch 1fabc83a5e05ce3d09c89e37365d038bd0eec3a76683966ad172eac3c2c884dbc24fc6ca11c27a8f4582e886d0f1cde73bbede4484352b42a3f686d89d088fff 0021-SAE-Run-through-prf-result-processing-even-if-it-pri.patch bcae73930c35d441c5615970c305abb3dff293fdec16df50823e57419b22d1aac0e780970619e0c78b4482b7d07962bcf6162706a20e20f7b21a3a10f500eff1 0022-EAP-pwd-Run-through-prf-result-processing-even-if-it.patch 89ac9ee8b0a3521b135ea5075fcc01ee37b111ba129e75f58e4bb863aad0e782c0e1928c91cab2ab1859a7a52d66987e14018b0552c167c05dbaeed76f1b12dd 0023-EAP-pwd-Disallow-ECC-groups-with-a-prime-under-256-b.patch da5f4248a0173cd7d07972b760631a8dc26f258e7b5be059c0d7de26e17f668945a62d2afce01ed1a1e9df6c55f9fd6ee344d4f006f5564b90a25e90e1e7c704 0024-SAE-Reject-unsuitable-groups-based-on-REVmd-changes.patch 4734a8ab8ba1e91fc9e3d729f34527c14c291df238b02adea5acc04b0361b41d4bffca2fb13a4f464e9f007fa624117af4f50d755cb41a3129b4868da91bdf9a 0025-dragonfly-Disable-use-of-groups-using-Brainpool-curv.patch 63710cfb0992f2c346a9807d8c97cbeaed032fa376a0e93a2e56f7742ce515e9c4dfadbdb1af03ba272281f639aab832f0178f67634c222a5d99e1d462aa9e38 CVE-2019-16275.patch b54b7c6aa17e5cb86a9b354a516eb2dbefb544df18471339c61d82776de447011a2ac290bea1e6c8beae4b6cebefafb8174683ea42fb773e9e8fe6c679f33ba3 hostapd.initd 0882263bbd7c0b05bf51f51d66e11a23a0b8ca7da2a3b8a30166d2c5f044c0c134e6bccb1d02c9e81819ca8fb0c0fb55c7121a08fe7233ccaa73ff8ab9a238fe hostapd.confd"