* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 772d3dbd6091b75fa10317c88c25c53ce466f825
@ 2022-02-18 21:58 Peter Müller
0 siblings, 0 replies; only message in thread
From: Peter Müller @ 2022-02-18 21:58 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 14793 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 772d3dbd6091b75fa10317c88c25c53ce466f825 (commit)
via f51f8b130350b738747115ec9fccc9b50d7ec5e4 (commit)
via 6491a92335a15fa0e3a4df1fed24b40490eaf3cb (commit)
from 1bd6e152c40018054c9cad81000fcb7580153d90 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 772d3dbd6091b75fa10317c88c25c53ce466f825
Author: Peter Müller <peter.mueller(a)ipfire.org>
Date: Fri Feb 18 21:57:28 2022 +0000
Core Update 165: Ship wpa_supplicant
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
commit f51f8b130350b738747115ec9fccc9b50d7ec5e4
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Fri Feb 18 18:13:35 2022 +0100
wpa_supplicant: Update to 2.10
For details see:
https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog
"2022-01-16 - v2.10
* SAE changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
- added support for the hash-to-element mechanism (sae_pwe=1 or
sae_pwe=2); this is currently disabled by default, but will likely
get enabled by default in the future
- fixed PMKSA caching with OKC
- added support for SAE-PK
* EAP-pwd changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
* fixed P2P provision discovery processing of a specially constructed
invalid frame
[https://w1.fi/security/2021-1/]
* fixed P2P group information processing of a specially constructed
invalid frame
[https://w1.fi/security/2020-2/]
* fixed PMF disconnection protection bypass in AP mode
[https://w1.fi/security/2019-7/]
* added support for using OpenSSL 3.0
* increased the maximum number of EAP message exchanges (mainly to
support cases with very large certificates)
* fixed various issues in experimental support for EAP-TEAP peer
* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
* a number of MKA/MACsec fixes and extensions
* added support for SAE (WPA3-Personal) AP mode configuration
* added P2P support for EDMG (IEEE 802.11ay) channels
* fixed EAP-FAST peer with TLS GCM/CCM ciphers
* improved throughput estimation and BSS selection
* dropped support for libnl 1.1
* added support for nl80211 control port for EAPOL frame TX/RX
* fixed OWE key derivation with groups 20 and 21; this breaks backwards
compatibility for these groups while the default group 19 remains
backwards compatible
* added support for Beacon protection
* added support for Extended Key ID for pairwise keys
* removed WEP support from the default build (CONFIG_WEP=y can be used
to enable it, if really needed)
* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
* added support for Transition Disable mechanism to allow the AP to
automatically disable transition mode to improve security
* extended D-Bus interface
* added support for PASN
* added a file-based backend for external password storage to allow
secret information to be moved away from the main configuration file
without requiring external tools
* added EAP-TLS peer support for TLS 1.3 (disabled by default for now)
* added support for SCS, MSCS, DSCP policy
* changed driver interface selection to default to automatic fallback
to other compiled in options
* a large number of other fixes, cleanup, and extensions"
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
commit 6491a92335a15fa0e3a4df1fed24b40490eaf3cb
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Fri Feb 18 18:13:34 2022 +0100
hostapd: Update to 2.10
For details see:
https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog
"2022-01-16 - v2.10
* SAE changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
- added option send SAE Confirm immediately (sae_config_immediate=1)
after SAE Commit
- added support for the hash-to-element mechanism (sae_pwe=1 or
sae_pwe=2)
- fixed PMKSA caching with OKC
- added support for SAE-PK
* EAP-pwd changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
* fixed WPS UPnP SUBSCRIBE handling of invalid operations
[https://w1.fi/security/2020-1/]
* fixed PMF disconnection protection bypass
[https://w1.fi/security/2019-7/]
* added support for using OpenSSL 3.0
* fixed various issues in experimental support for EAP-TEAP server
* added configuration (max_auth_rounds, max_auth_rounds_short) to
increase the maximum number of EAP message exchanges (mainly to
support cases with very large certificates) for the EAP server
* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
* extended HE (IEEE 802.11ax) support, including 6 GHz support
* removed obsolete IAPP functionality
* fixed EAP-FAST server with TLS GCM/CCM ciphers
* dropped support for libnl 1.1
* added support for nl80211 control port for EAPOL frame TX/RX
* fixed OWE key derivation with groups 20 and 21; this breaks backwards
compatibility for these groups while the default group 19 remains
backwards compatible; owe_ptk_workaround=1 can be used to enabled a
a workaround for the group 20/21 backwards compatibility
* added support for Beacon protection
* added support for Extended Key ID for pairwise keys
* removed WEP support from the default build (CONFIG_WEP=y can be used
to enable it, if really needed)
* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
* added support for Transition Disable mechanism to allow the AP to
automatically disable transition mode to improve security
* added support for PASN
* added EAP-TLS server support for TLS 1.3 (disabled by default for now)
* a large number of other fixes, cleanup, and extensions"
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
.../103 => core/165}/filelists/wpa_supplicant | 0
lfs/hostapd | 24 +++++++++-------------
lfs/wpa_supplicant | 15 +++++++-------
.../hostapd-2.9-increase_EAPOL-timeouts.patch | 4 ++--
src/patches/hostapd/hostapd-2.9-noscan.patch | 6 +++---
5 files changed, 23 insertions(+), 26 deletions(-)
copy config/rootfiles/{oldcore/103 => core/165}/filelists/wpa_supplicant (100%)
Difference in files:
diff --git a/config/rootfiles/core/165/filelists/wpa_supplicant b/config/rootfiles/core/165/filelists/wpa_supplicant
new file mode 120000
index 000000000..1d04c03c0
--- /dev/null
+++ b/config/rootfiles/core/165/filelists/wpa_supplicant
@@ -0,0 +1 @@
+../../../common/wpa_supplicant
\ No newline at end of file
diff --git a/lfs/hostapd b/lfs/hostapd
index cb2626bf3..f07d378be 100644
--- a/lfs/hostapd
+++ b/lfs/hostapd
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2021 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2022 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,22 +24,18 @@
include Config
-SUMMARY = Daemon for running a WPA capable Access Point
+VER = 2_10
-VER = 581dfcc
-
-THISAPP = hostapd-$(VER)
-DL_FILE = $(THISAPP).tar.gz
+THISAPP = hostap_$(VER)
+DL_FILE = $(THISAPP).tar.bz2
DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/hostap-$(VER)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = hostapd
-PAK_VER = 58
+PAK_VER = 59
DEPS =
-SERVICES = hostapd
-
###############################################################################
# Top-level Rules
###############################################################################
@@ -48,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = eed922f2daabe16d74adf2b23455d8bd
+$(DL_FILE)_MD5 = 973639d02c9f6712b3b3da6d6c70ab37
install : $(TARGET)
@@ -80,18 +76,18 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/hostapd/hostapd-2.9-increase_EAPOL-timeouts.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/hostapd/hostapd-2.9-noscan.patch
cd $(DIR_APP)/hostapd && cp $(DIR_SRC)/config/hostapd/config ./.config
cd $(DIR_APP)/hostapd && sed -e "s@/usr/local@/usr(a)g" -i Makefile
- cd $(DIR_APP)/hostapd && make $(MAKETUNING)
+ cd $(DIR_APP)/hostapd && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_APP)/hostapd && make install
install -v -m 644 $(DIR_SRC)/config/backup/includes/hostapd /var/ipfire/backup/addons/includes/hostapd
# install initscript
- $(call INSTALL_INITSCRIPTS,$(SERVICES))
+ $(call INSTALL_INITSCRIPT,hostapd)
mkdir -p /var/ipfire/wlanap
touch /var/ipfire/wlanap/settings
cp -vrf $(DIR_SRC)/config/hostapd/hostapd.conf /var/ipfire/wlanap/hostapd.conf
diff --git a/lfs/wpa_supplicant b/lfs/wpa_supplicant
index c64b6aab4..ad9150611 100644
--- a/lfs/wpa_supplicant
+++ b/lfs/wpa_supplicant
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2022 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,13 +24,14 @@
include Config
-VER = 581dfcc
+VER = 2.10
THISAPP = wpa_supplicant-$(VER)
-DL_FILE = hostapd-$(VER).tar.gz
+DL_FILE = $(THISAPP).tar.gz
DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/hostap-$(VER)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = wpa_supplicant
###############################################################################
# Top-level Rules
@@ -40,7 +41,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = eed922f2daabe16d74adf2b23455d8bd
+$(DL_FILE)_MD5 = d26797fcb002898d4ee989179346e1cc
install : $(TARGET)
@@ -73,10 +74,10 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+
cd $(DIR_APP)/wpa_supplicant && cp $(DIR_SRC)/config/wpa_supplicant/config ./.config
cd $(DIR_APP)/wpa_supplicant && sed -e "s/wpa_cli\ dynamic_eap_methods/wpa_cli\ #dynamic_eap_methods/" -i Makefile
cd $(DIR_APP)/wpa_supplicant && sed -e "s@/usr/local@/usr(a)g" -i Makefile
- cd $(DIR_APP)/wpa_supplicant && make $(MAKETUNING)
- cd $(DIR_APP)/wpa_supplicant && make install
+ cd $(DIR_APP)/wpa_supplicant && make && make install
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/src/patches/hostapd/hostapd-2.9-increase_EAPOL-timeouts.patch b/src/patches/hostapd/hostapd-2.9-increase_EAPOL-timeouts.patch
index 87aec005b..67d9d4f22 100644
--- a/src/patches/hostapd/hostapd-2.9-increase_EAPOL-timeouts.patch
+++ b/src/patches/hostapd/hostapd-2.9-increase_EAPOL-timeouts.patch
@@ -1,8 +1,8 @@
diff U3 src/ap/wpa_auth.c src/ap/wpa_auth.c
--- a/src/ap/wpa_auth.c Wed Aug 7 15:25:25 2019
+++ b/src/ap/wpa_auth.c Fri Sep 20 17:35:23 2019
-@@ -65,9 +65,9 @@
- struct wpa_group *group);
+@@ -68,9 +68,9 @@
+ static int ieee80211w_kde_len(struct wpa_state_machine *sm);
static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos);
-static const u32 eapol_key_timeout_first = 100; /* ms */
diff --git a/src/patches/hostapd/hostapd-2.9-noscan.patch b/src/patches/hostapd/hostapd-2.9-noscan.patch
index 638b76f84..01a33d0d0 100644
--- a/src/patches/hostapd/hostapd-2.9-noscan.patch
+++ b/src/patches/hostapd/hostapd-2.9-noscan.patch
@@ -1,6 +1,6 @@
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
-@@ -3493,6 +3493,10 @@ static int hostapd_config_fill(struct ho
+@@ -3474,6 +3474,10 @@ static int hostapd_config_fill(struct ho
if (bss->ocv && !bss->ieee80211w)
bss->ieee80211w = 1;
#endif /* CONFIG_OCV */
@@ -13,7 +13,7 @@
} else if (os_strcmp(buf, "ht_capab") == 0) {
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
-@@ -984,6 +984,8 @@ struct hostapd_config {
+@@ -1014,6 +1014,8 @@ struct hostapd_config {
int ht_op_mode_fixed;
u16 ht_capab;
@@ -24,7 +24,7 @@
int no_pri_sec_switch;
--- a/src/ap/hw_features.c
+++ b/src/ap/hw_features.c
-@@ -500,7 +500,8 @@ static int ieee80211n_check_40mhz(struct
+@@ -517,7 +517,8 @@ static int ieee80211n_check_40mhz(struct
int ret;
/* Check that HT40 is used and PRI / SEC switch is allowed */
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-02-18 21:58 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-18 21:58 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 772d3dbd6091b75fa10317c88c25c53ce466f825 Peter Müller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox