APKBUILD 5.63 KB
Newer Older
Natanael Copa's avatar
Natanael Copa committed
1 2
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=hostapd
3
pkgver=2.6
4
pkgrel=6
Natanael Copa's avatar
Natanael Copa committed
5 6
pkgdesc="daemon for wireless software access points"
url="http://hostap.epitest.fi/hostapd/"
7
arch="all"
Natanael Copa's avatar
Natanael Copa committed
8
license="custom"
9
makedepends="libressl-dev libnl3-dev linux-headers"
10
subpackages="$pkgname-doc"
11
patches="CVE-2012-4445.patch
12
	libressl-compat.patch
13 14 15 16 17 18 19
	0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
	0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
	0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
	0004-Prevent-installation-of-an-all-zero-TK.patch
	0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
	0006-TDLS-Reject-TPK-TK-reconfiguration.patch
	0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
20
	CVE-2019-9496.patch
21 22
	0009-EAP-pwd-server-Fix-reassembly-buffer-handling.patch
	0010-EAP-pwd-peer-Fix-reassembly-buffer-handling.patch
23
	CVE-2019-16275.patch
24
	"
Natanael Copa's avatar
Natanael Copa committed
25
source="http://hostap.epitest.fi/releases/$pkgname-$pkgver.tar.gz
26
	$patches
Natanael Copa's avatar
Natanael Copa committed
27 28
	$pkgname.initd
	$pkgname.confd"
29
options="!check" #no testsuite
30
builddir="$srcdir"/$pkgname-$pkgver/hostapd
Natanael Copa's avatar
Natanael Copa committed
31

32
# secfixes:
33 34
#   2.6-r6:
#     - CVE-2019-16275
35 36
#   2.6-r5:
#     - CVE-2019-9496
37 38
#   2.6-r4:
#     - CVE-2019-11555
39 40 41 42 43 44 45 46 47 48 49
#   2.6-r2:
#     - CVE-2017-13077
#     - CVE-2017-13078
#     - CVE-2017-13079
#     - CVE-2017-13080
#     - CVE-2017-13081
#     - CVE-2017-13082
#     - CVE-2017-13086
#     - CVE-2017-13087
#     - CVE-2017-13088

Natanael Copa's avatar
Natanael Copa committed
50
prepare() {
51
	local conf="$builddir/.config"
Natanael Copa's avatar
Natanael Copa committed
52

53
	cd "$builddir"/..
54 55
	for i in $patches; do
		msg $i
tmpfile's avatar
tmpfile committed
56
		patch -p1 -i "$srcdir"/$i
57 58
	done

59
	cd "$builddir"
Natanael Copa's avatar
Natanael Copa committed
60 61 62 63
	sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \
		hostapd.conf

	# toolchain setup
Natanael Copa's avatar
Natanael Copa committed
64 65 66 67 68 69 70 71 72 73
	sed \
		-e '/^#CONFIG_DRIVER_NL80211=y/s/^#//' \
		-e '/^#CONFIG_RADIUS_SERVER=y/s/^#//' \
		-e '/^#CONFIG_DRIVER_WIRED=y/s/^#//' \
		-e '/^#CONFIG_DRIVER_NONE=y/s/^#//' \
		-e '/^#CONFIG_IEEE80211N=y/s/^#//' \
		-e '/^#CONFIG_IEEE80211R=y/s/^#//' \
		-e '/^#CONFIG_IEEE80211AC=y/s/^#//' \
		-e '/^#CONFIG_FULL_DYNAMIC_VLAN=y/s/^#//' \
		-e '/^#CONFIG_LIBNL32=y/s/^#//' \
74
		-e '/^#CONFIG_ACS=y/s/^#//' \
Natanael Copa's avatar
Natanael Copa committed
75 76 77 78
		defconfig >> .config
	echo "CC ?= ${CC:-gcc}" >> .config
	echo "CFLAGS += -I/usr/include/libnl3" >> .config
	echo "LIBS += -L/usr/lib" >> .config
Natanael Copa's avatar
Natanael Copa committed
79 80 81
}

build() {
82
	cd "$builddir"
tmpfile's avatar
tmpfile committed
83
	make
Natanael Copa's avatar
Natanael Copa committed
84
	msg "nt_password_hash"
tmpfile's avatar
tmpfile committed
85
	make nt_password_hash
Natanael Copa's avatar
Natanael Copa committed
86 87 88
}

package() {
89
	cd "$builddir"
Natanael Copa's avatar
Natanael Copa committed
90 91 92
	install -d "$pkgdir"/etc/hostapd
	install hostapd.conf hostapd.accept hostapd.deny hostapd.eap_user \
		hostapd.radius_clients hostapd.sim_db hostapd.wpa_psk \
tmpfile's avatar
tmpfile committed
93
		"$pkgdir"/etc/hostapd/
Natanael Copa's avatar
Natanael Copa committed
94 95 96 97 98 99 100 101 102 103 104 105

	install -Dm755 hostapd "$pkgdir"/usr/sbin/hostapd \
		&& install -Dm755 hostapd_cli "$pkgdir"/usr/bin/hostapd_cli \
		&& install -Dm755 nt_password_hash \
			"$pkgdir"/usr/bin/nt_password_hash \
		&& install -Dm755 "$srcdir"/hostapd.initd \
			"$pkgdir"/etc/init.d/hostapd \
		&& install -Dm644 "$srcdir"/hostapd.confd \
			"$pkgdir"/etc/conf.d/hostapd \
		&& install -Dm644 hostapd.8 \
			"$pkgdir"/usr/share/man/man8/hostapd.8 \
		&& install -Dm644 hostapd_cli.1 \
tmpfile's avatar
tmpfile committed
106
			"$pkgdir"/usr/share/man/man1/hostapd_cli
Natanael Copa's avatar
Natanael Copa committed
107
}
108
sha512sums="e60baaa092786250b8de9935f5417c7626f5d749210cce9f83d776b65c19fc92a8141f41923389f05c16295d482a15ae8d8b744f4667425040c99e3c2f5b1bda  hostapd-2.6.tar.gz
109
619acce84516dead1e03e5da71657ea4c4b6f3ca8271574409773aeb316cbddc88095b50320804f457f001f4f3fe83053e660c008d8409f59bb4d3bfe058b601  CVE-2012-4445.patch
110
e6428a7fde025550e8d8252a04dd3a9009f95b6cab064c1f76bf4e5c321bc6acba9a21511e25f996fe98f6c9f1c057bc5af7aa9e6dd19e0bbc537b2be67d494f  libressl-compat.patch
111 112 113 114 115 116 117
f855fa792425f175ccc800eb49df42067b1c1f4b52ba2d24160af4dfbb74dcf8e81661b7e6c8d92fa408938b8a559fc74557d1677913e4a751bfd43706c14bb6  0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
b4e413aa815572ea0002d33d24b69cd499aebb5efebed8fcaade8b29324bb5853a5db64e8b1dfdf24478e02c66196238b81a6ec777a7a28610435dce4d2c344e  0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
a6382d8e84b4829be33c46bf2f4c6f3232c9d924a4547a21dfe023bf5be8ee1c635920295f52be285359efaae95bcc1f12b512659cfd1653b871dd0bea7e5ace  0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
51ed806f0d5b3f588e26d4db4dcfc6be2cfb12002e26893a6cedd62c7cad0d0de75aed4a666223c4877fc1854b08dce6ddf6f6c4cfd752a5d8d58ad4a968b553  0004-Prevent-installation-of-an-all-zero-TK.patch
8707a123cd78149dfee9f5bd791761ee1eca605ef96580167044c2339c896920cf0e030b184a5afa9e310f5755afb30bef8ebd4522fc52753f3fbd6acead2cdf  0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
37d050b2e4a3598484912667d8b2705fbe84c5c562267f900d42b0c7b606fb1fed09ddca8b80e2131768baa8f3690aab6ba7a232dee6ff1e66150fdb8816c927  0006-TDLS-Reject-TPK-TK-reconfiguration.patch
fc84edd8b30305cc42053c872554098f3f077292ec980ed6a442f37884087ff2f055738fd55977ed792bef1887dcc8c4626586465d78dd0258edb83dcd50a65a  0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
118
90981a52d6cb2e91f67a9bc830d3db02da6fde4bea0cf512b22111da6c8ab151f5dd171a2f2e409d9ff75e388e72c2314dd023a98fdabf16248b11a950bde881  CVE-2019-9496.patch
119 120
7038044885871271ac724790663d5c0a428db83b41a691747be7a618ae893670a98f3ba52a297937249084296b0e9bcfd791edaa3928548efddb259e1a15f46c  0009-EAP-pwd-server-Fix-reassembly-buffer-handling.patch
99c734fe395b4231aa6a097a08a00e5dab65ea9c37a7c83b1904a37c39307d9e7e95485734b0d483687126f4100c75f8a7b1420f0a2edcbfe07b454a14548822  0010-EAP-pwd-peer-Fix-reassembly-buffer-handling.patch
121
63710cfb0992f2c346a9807d8c97cbeaed032fa376a0e93a2e56f7742ce515e9c4dfadbdb1af03ba272281f639aab832f0178f67634c222a5d99e1d462aa9e38  CVE-2019-16275.patch
122
b54b7c6aa17e5cb86a9b354a516eb2dbefb544df18471339c61d82776de447011a2ac290bea1e6c8beae4b6cebefafb8174683ea42fb773e9e8fe6c679f33ba3  hostapd.initd
Timo Teräs's avatar
Timo Teräs committed
123
0882263bbd7c0b05bf51f51d66e11a23a0b8ca7da2a3b8a30166d2c5f044c0c134e6bccb1d02c9e81819ca8fb0c0fb55c7121a08fe7233ccaa73ff8ab9a238fe  hostapd.confd"