initial buildroot for linux 5.15
This commit is contained in:
@@ -0,0 +1,77 @@
|
||||
From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
|
||||
From: Jouni Malinen <j@w1.fi>
|
||||
Date: Thu, 29 Aug 2019 11:52:04 +0300
|
||||
Subject: [PATCH] AP: Silently ignore management frame from unexpected source
|
||||
address
|
||||
|
||||
Do not process any received Management frames with unexpected/invalid SA
|
||||
so that we do not add any state for unexpected STA addresses or end up
|
||||
sending out frames to unexpected destination. This prevents unexpected
|
||||
sequences where an unprotected frame might end up causing the AP to send
|
||||
out a response to another device and that other device processing the
|
||||
unexpected response.
|
||||
|
||||
In particular, this prevents some potential denial of service cases
|
||||
where the unexpected response frame from the AP might result in a
|
||||
connected station dropping its association.
|
||||
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
|
||||
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
||||
[Retrieved from:
|
||||
https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch]
|
||||
---
|
||||
src/ap/drv_callbacks.c | 13 +++++++++++++
|
||||
src/ap/ieee802_11.c | 12 ++++++++++++
|
||||
2 files changed, 25 insertions(+)
|
||||
|
||||
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
|
||||
index 31587685fe3b..34ca379edc3d 100644
|
||||
--- a/src/ap/drv_callbacks.c
|
||||
+++ b/src/ap/drv_callbacks.c
|
||||
@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
|
||||
"hostapd_notif_assoc: Skip event with no address");
|
||||
return -1;
|
||||
}
|
||||
+
|
||||
+ if (is_multicast_ether_addr(addr) ||
|
||||
+ is_zero_ether_addr(addr) ||
|
||||
+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
|
||||
+ /* Do not process any frames with unexpected/invalid SA so that
|
||||
+ * we do not add any state for unexpected STA addresses or end
|
||||
+ * up sending out frames to unexpected destination. */
|
||||
+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
|
||||
+ " in received indication - ignore this indication silently",
|
||||
+ __func__, MAC2STR(addr));
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
random_add_randomness(addr, ETH_ALEN);
|
||||
|
||||
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
|
||||
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
|
||||
index c85a28db44b7..e7065372e158 100644
|
||||
--- a/src/ap/ieee802_11.c
|
||||
+++ b/src/ap/ieee802_11.c
|
||||
@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
|
||||
fc = le_to_host16(mgmt->frame_control);
|
||||
stype = WLAN_FC_GET_STYPE(fc);
|
||||
|
||||
+ if (is_multicast_ether_addr(mgmt->sa) ||
|
||||
+ is_zero_ether_addr(mgmt->sa) ||
|
||||
+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
|
||||
+ /* Do not process any frames with unexpected/invalid SA so that
|
||||
+ * we do not add any state for unexpected STA addresses or end
|
||||
+ * up sending out frames to unexpected destination. */
|
||||
+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
|
||||
+ " in received frame - ignore this frame silently",
|
||||
+ MAC2STR(mgmt->sa));
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
if (stype == WLAN_FC_STYPE_BEACON) {
|
||||
handle_beacon(hapd, mgmt, len, fi);
|
||||
return 1;
|
||||
--
|
||||
2.20.1
|
||||
|
||||
@@ -0,0 +1,116 @@
|
||||
From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001
|
||||
From: Jouni Malinen <j@w1.fi>
|
||||
Date: Sat, 13 Mar 2021 18:19:31 +0200
|
||||
Subject: [PATCH] ASN.1: Validate DigestAlgorithmIdentifier parameters
|
||||
|
||||
The supported hash algorithms do not use AlgorithmIdentifier parameters.
|
||||
However, there are implementations that include NULL parameters in
|
||||
addition to ones that omit the parameters. Previous implementation did
|
||||
not check the parameters value at all which supported both these cases,
|
||||
but did not reject any other unexpected information.
|
||||
|
||||
Use strict validation of digest algorithm parameters and reject any
|
||||
unexpected value when validating a signature. This is needed to prevent
|
||||
potential forging attacks.
|
||||
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
||||
---
|
||||
src/tls/pkcs1.c | 21 +++++++++++++++++++++
|
||||
src/tls/x509v3.c | 20 ++++++++++++++++++++
|
||||
2 files changed, 41 insertions(+)
|
||||
|
||||
diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c
|
||||
index bbdb0d72d..5761dfed0 100644
|
||||
--- a/src/tls/pkcs1.c
|
||||
+++ b/src/tls/pkcs1.c
|
||||
@@ -244,6 +244,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
|
||||
os_free(decrypted);
|
||||
return -1;
|
||||
}
|
||||
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo",
|
||||
+ hdr.payload, hdr.length);
|
||||
|
||||
pos = hdr.payload;
|
||||
end = pos + hdr.length;
|
||||
@@ -265,6 +267,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
|
||||
os_free(decrypted);
|
||||
return -1;
|
||||
}
|
||||
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier",
|
||||
+ hdr.payload, hdr.length);
|
||||
da_end = hdr.payload + hdr.length;
|
||||
|
||||
if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
|
||||
@@ -273,6 +277,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
|
||||
os_free(decrypted);
|
||||
return -1;
|
||||
}
|
||||
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters",
|
||||
+ next, da_end - next);
|
||||
+
|
||||
+ /*
|
||||
+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
|
||||
+ * omit the parameters, but there are implementation that encode these
|
||||
+ * as a NULL element. Allow these two cases and reject anything else.
|
||||
+ */
|
||||
+ if (da_end > next &&
|
||||
+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
|
||||
+ !asn1_is_null(&hdr) ||
|
||||
+ hdr.payload + hdr.length != da_end)) {
|
||||
+ wpa_printf(MSG_DEBUG,
|
||||
+ "PKCS #1: Unexpected digest algorithm parameters");
|
||||
+ os_free(decrypted);
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
if (!asn1_oid_equal(&oid, hash_alg)) {
|
||||
char txt[100], txt2[100];
|
||||
diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
|
||||
index a8944dd2f..df337ec4d 100644
|
||||
--- a/src/tls/x509v3.c
|
||||
+++ b/src/tls/x509v3.c
|
||||
@@ -1964,6 +1964,7 @@ int x509_check_signature(struct x509_certificate *issuer,
|
||||
os_free(data);
|
||||
return -1;
|
||||
}
|
||||
+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length);
|
||||
|
||||
pos = hdr.payload;
|
||||
end = pos + hdr.length;
|
||||
@@ -1985,6 +1986,8 @@ int x509_check_signature(struct x509_certificate *issuer,
|
||||
os_free(data);
|
||||
return -1;
|
||||
}
|
||||
+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier",
|
||||
+ hdr.payload, hdr.length);
|
||||
da_end = hdr.payload + hdr.length;
|
||||
|
||||
if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
|
||||
@@ -1992,6 +1995,23 @@ int x509_check_signature(struct x509_certificate *issuer,
|
||||
os_free(data);
|
||||
return -1;
|
||||
}
|
||||
+ wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters",
|
||||
+ next, da_end - next);
|
||||
+
|
||||
+ /*
|
||||
+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
|
||||
+ * omit the parameters, but there are implementation that encode these
|
||||
+ * as a NULL element. Allow these two cases and reject anything else.
|
||||
+ */
|
||||
+ if (da_end > next &&
|
||||
+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
|
||||
+ !asn1_is_null(&hdr) ||
|
||||
+ hdr.payload + hdr.length != da_end)) {
|
||||
+ wpa_printf(MSG_DEBUG,
|
||||
+ "X509: Unexpected digest algorithm parameters");
|
||||
+ os_free(data);
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
if (x509_sha1_oid(&oid)) {
|
||||
if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) {
|
||||
--
|
||||
2.20.1
|
||||
|
||||
@@ -0,0 +1,32 @@
|
||||
From 99cf89555313056d3a8fa54b21d02dc880b363e1 Mon Sep 17 00:00:00 2001
|
||||
From: Jouni Malinen <jouni@codeaurora.org>
|
||||
Date: Mon, 20 Apr 2020 20:29:31 +0300
|
||||
Subject: [PATCH] Include stdbool.h to allow C99 bool to be used
|
||||
|
||||
We have practically started requiring some C99 features, so might as
|
||||
well finally go ahead and bring in the C99 bool as well.
|
||||
|
||||
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
|
||||
[geomatsi@gmail.com: backport from upstream]
|
||||
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
|
||||
[yann.morin.1998@free.fr: keep upstream sha1 in header, drop numbering]
|
||||
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
|
||||
---
|
||||
src/utils/includes.h | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/utils/includes.h b/src/utils/includes.h
|
||||
index 75513fc8c..741fc9c14 100644
|
||||
--- a/src/utils/includes.h
|
||||
+++ b/src/utils/includes.h
|
||||
@@ -18,6 +18,7 @@
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <stddef.h>
|
||||
+#include <stdbool.h>
|
||||
#include <stdio.h>
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
--
|
||||
2.25.1
|
||||
|
||||
@@ -0,0 +1,37 @@
|
||||
From 9a990e8c4eb92dd64e0ec483599820e45c35ac23 Mon Sep 17 00:00:00 2001
|
||||
From: Jouni Malinen <j@w1.fi>
|
||||
Date: Sat, 13 Mar 2021 23:14:23 +0200
|
||||
Subject: [PATCH] ASN.1: Add helper functions for recognizing tag values
|
||||
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
[geomatsi@gmail.com: backport asn1_is_null() from upstream 9a990e8c4eb9]
|
||||
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
|
||||
[yann.morin.1998@free.fr:
|
||||
- reformat, keep the upstream sha1 and title,
|
||||
- drop numbering
|
||||
]
|
||||
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
|
||||
---
|
||||
src/tls/asn1.h | 102 +++++++++++++++++++++++++++++++++++++++++++++++++
|
||||
1 file changed, 102 insertions(+)
|
||||
|
||||
diff --git a/src/tls/asn1.h b/src/tls/asn1.h
|
||||
index de3430adb..a4d1be473 100644
|
||||
--- a/src/tls/asn1.h
|
||||
+++ b/src/tls/asn1.h
|
||||
@@ -66,6 +66,12 @@ struct wpabuf * asn1_build_alg_id(const struct asn1_oid *oid,
|
||||
unsigned long asn1_bit_string_to_long(const u8 *buf, size_t len);
|
||||
int asn1_oid_equal(const struct asn1_oid *a, const struct asn1_oid *b);
|
||||
|
||||
+static inline bool asn1_is_null(const struct asn1_hdr *hdr)
|
||||
+{
|
||||
+ return hdr->class == ASN1_CLASS_UNIVERSAL &&
|
||||
+ hdr->tag == ASN1_TAG_NULL;
|
||||
+}
|
||||
+
|
||||
extern struct asn1_oid asn1_sha1_oid;
|
||||
extern struct asn1_oid asn1_sha256_oid;
|
||||
|
||||
--
|
||||
2.25.1
|
||||
|
||||
@@ -0,0 +1,116 @@
|
||||
config BR2_PACKAGE_HOSTAPD
|
||||
bool "hostapd"
|
||||
depends on BR2_USE_MMU # fork()
|
||||
select BR2_PACKAGE_LIBOPENSSL_ENABLE_DES if BR2_PACKAGE_LIBOPENSSL
|
||||
select BR2_PACKAGE_LIBOPENSSL_ENABLE_MD4 if BR2_PACKAGE_LIBOPENSSL
|
||||
help
|
||||
User space daemon for wireless access points.
|
||||
|
||||
It implements IEEE 802.11 access point management,
|
||||
IEEE 802.1X/WPA/WPA2/EAP authenticators, RADIUS client,
|
||||
EAP server and RADIUS authentication server.
|
||||
|
||||
http://w1.fi/hostapd/
|
||||
|
||||
if BR2_PACKAGE_HOSTAPD
|
||||
|
||||
config BR2_PACKAGE_HOSTAPD_DRIVER_HOSTAP
|
||||
bool "Enable hostap driver"
|
||||
default y
|
||||
select BR2_PACKAGE_HOSTAPD_HAS_WIFI_DRIVERS
|
||||
help
|
||||
Enable support for Host AP driver.
|
||||
|
||||
config BR2_PACKAGE_HOSTAPD_DRIVER_NL80211
|
||||
bool "Enable nl80211 driver"
|
||||
default y
|
||||
depends on BR2_TOOLCHAIN_HAS_THREADS # libnl
|
||||
select BR2_PACKAGE_LIBNL
|
||||
select BR2_PACKAGE_HOSTAPD_HAS_WIFI_DRIVERS
|
||||
help
|
||||
Enable support for drivers using the nl80211 kernel interface.
|
||||
|
||||
comment "nl80211 driver needs a toolchain w/ threads"
|
||||
depends on !BR2_TOOLCHAIN_HAS_THREADS
|
||||
|
||||
config BR2_PACKAGE_HOSTAPD_DRIVER_WIRED
|
||||
bool "Enable wired driver"
|
||||
help
|
||||
Enable support for wired authenticator.
|
||||
|
||||
config BR2_PACKAGE_HOSTAPD_DRIVER_NONE
|
||||
bool
|
||||
default y
|
||||
depends on !BR2_PACKAGE_HOSTAPD_DRIVER_HOSTAP
|
||||
depends on !BR2_PACKAGE_HOSTAPD_DRIVER_NL80211
|
||||
depends on !BR2_PACKAGE_HOSTAPD_DRIVER_WIRED
|
||||
|
||||
config BR2_PACKAGE_HOSTAPD_HAS_WIFI_DRIVERS
|
||||
bool
|
||||
|
||||
config BR2_PACKAGE_HOSTAPD_ACS
|
||||
bool "Enable ACS"
|
||||
default y
|
||||
depends on BR2_PACKAGE_HOSTAPD_DRIVER_NL80211
|
||||
help
|
||||
Enable support for standard ACS (Automatic Channel Selection).
|
||||
Some propietary drivers use a custom algorithm which requires
|
||||
channel to be set to '0' (which enables ACS in the config),
|
||||
causing hostapd to use the standard one which doesn't work
|
||||
for those cases.
|
||||
|
||||
comment "ACS is currently only supported through the nl80211 driver"
|
||||
depends on !BR2_PACKAGE_HOSTAPD_DRIVER_NL80211
|
||||
|
||||
config BR2_PACKAGE_HOSTAPD_EAP
|
||||
bool "Enable EAP"
|
||||
depends on !BR2_STATIC_LIBS
|
||||
help
|
||||
Enable support for EAP and RADIUS.
|
||||
|
||||
comment "hostapd EAP needs a toolchain w/ dynamic library"
|
||||
depends on BR2_STATIC_LIBS
|
||||
|
||||
config BR2_PACKAGE_HOSTAPD_WPS
|
||||
bool "Enable WPS"
|
||||
help
|
||||
Enable support for Wi-Fi Protected Setup.
|
||||
|
||||
config BR2_PACKAGE_HOSTAPD_WPA3
|
||||
bool "Enable WPA3 support"
|
||||
select BR2_PACKAGE_OPENSSL
|
||||
select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL
|
||||
help
|
||||
Enable WPA3 support including OWE, SAE, DPP
|
||||
|
||||
config BR2_PACKAGE_HOSTAPD_VLAN
|
||||
bool "Enable VLAN support"
|
||||
default y
|
||||
help
|
||||
Enable support for VLANs.
|
||||
|
||||
if BR2_PACKAGE_HOSTAPD_VLAN
|
||||
|
||||
config BR2_PACKAGE_HOSTAPD_VLAN_DYNAMIC
|
||||
bool "Enable dynamic VLAN support"
|
||||
default y
|
||||
help
|
||||
Enable support for fully dynamic VLANs.
|
||||
This enables hostapd to automatically create
|
||||
bridge and VLAN interfaces if necessary.
|
||||
|
||||
config BR2_PACKAGE_HOSTAPD_VLAN_NETLINK
|
||||
bool "Use netlink-based API for VLAN operations"
|
||||
default y
|
||||
depends on BR2_TOOLCHAIN_HAS_THREADS # libnl
|
||||
select BR2_PACKAGE_LIBNL
|
||||
help
|
||||
Use netlink-based kernel API for VLAN operations
|
||||
instead of ioctl().
|
||||
|
||||
comment "netlink-based VLAN support needs a toolchain w/ threads"
|
||||
depends on !BR2_TOOLCHAIN_HAS_THREADS
|
||||
|
||||
endif # BR2_PACKAGE_HOSTAPD_VLAN
|
||||
|
||||
endif
|
||||
@@ -0,0 +1,7 @@
|
||||
# Locally calculated
|
||||
sha256 881d7d6a90b2428479288d64233151448f8990ab4958e0ecaca7eeb3c9db2bd7 hostapd-2.9.tar.gz
|
||||
sha256 2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
|
||||
sha256 49feb35a5276279b465f6836d6fa2c6b34d94dc979e8b840d1918865c04260de 0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
|
||||
sha256 a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a 0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
|
||||
sha256 7f40cfec5faf5e927ea9028ab9392cd118685bde7229ad24210caf0a8f6e9611 0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
|
||||
sha256 9da5dd0776da266b180b915e460ff75c6ff729aca1196ab396529510f24f3761 README
|
||||
@@ -0,0 +1,163 @@
|
||||
################################################################################
|
||||
#
|
||||
# hostapd
|
||||
#
|
||||
################################################################################
|
||||
|
||||
HOSTAPD_VERSION = 2.9
|
||||
HOSTAPD_SITE = http://w1.fi/releases
|
||||
HOSTAPD_SUBDIR = hostapd
|
||||
HOSTAPD_CONFIG = $(HOSTAPD_DIR)/$(HOSTAPD_SUBDIR)/.config
|
||||
HOSTAPD_PATCH = \
|
||||
https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch \
|
||||
https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch \
|
||||
https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch \
|
||||
https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
|
||||
HOSTAPD_DEPENDENCIES = host-pkgconf
|
||||
HOSTAPD_CFLAGS = $(TARGET_CFLAGS)
|
||||
HOSTAPD_LICENSE = BSD-3-Clause
|
||||
HOSTAPD_LICENSE_FILES = README
|
||||
|
||||
# 0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
|
||||
HOSTAPD_IGNORE_CVES += CVE-2019-16275
|
||||
|
||||
# 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
|
||||
HOSTAPD_IGNORE_CVES += CVE-2020-12695
|
||||
|
||||
# 0002-ASN.1-Validate-DigestAlgorithmIdentifier-parameters.patch
|
||||
HOSTAPD_IGNORE_CVES += CVE-2021-30004
|
||||
|
||||
# 0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
|
||||
HOSTAPD_IGNORE_CVES += CVE-2021-27803
|
||||
|
||||
HOSTAPD_CPE_ID_VENDOR = w1.fi
|
||||
HOSTAPD_SELINUX_MODULES = hostapd
|
||||
HOSTAPD_CONFIG_SET =
|
||||
|
||||
HOSTAPD_CONFIG_ENABLE = \
|
||||
CONFIG_INTERNAL_LIBTOMMATH \
|
||||
CONFIG_DEBUG_FILE \
|
||||
CONFIG_DEBUG_SYSLOG
|
||||
|
||||
HOSTAPD_CONFIG_DISABLE =
|
||||
|
||||
# Try to use openssl if it's already available
|
||||
ifeq ($(BR2_PACKAGE_LIBOPENSSL),y)
|
||||
HOSTAPD_DEPENDENCIES += host-pkgconf libopenssl
|
||||
HOSTAPD_LIBS += `$(PKG_CONFIG_HOST_BINARY) --libs openssl`
|
||||
HOSTAPD_CONFIG_EDITS += 's/\#\(CONFIG_TLS=openssl\)/\1/'
|
||||
else
|
||||
HOSTAPD_CONFIG_DISABLE += CONFIG_EAP_PWD CONFIG_EAP_TEAP
|
||||
HOSTAPD_CONFIG_EDITS += 's/\#\(CONFIG_TLS=\).*/\1internal/'
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_HOSTAPD_DRIVER_HOSTAP),)
|
||||
HOSTAPD_CONFIG_DISABLE += CONFIG_DRIVER_HOSTAP
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_HOSTAPD_DRIVER_NL80211),)
|
||||
HOSTAPD_CONFIG_DISABLE += CONFIG_DRIVER_NL80211
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_HOSTAPD_DRIVER_WIRED),y)
|
||||
HOSTAPD_CONFIG_ENABLE += CONFIG_DRIVER_WIRED
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_HOSTAPD_DRIVER_NONE),y)
|
||||
HOSTAPD_CONFIG_ENABLE += CONFIG_DRIVER_NONE
|
||||
endif
|
||||
|
||||
# Add options for wireless drivers
|
||||
ifeq ($(BR2_PACKAGE_HOSTAPD_HAS_WIFI_DRIVERS),y)
|
||||
HOSTAPD_CONFIG_ENABLE += \
|
||||
CONFIG_HS20 \
|
||||
CONFIG_IEEE80211AC \
|
||||
CONFIG_IEEE80211N \
|
||||
CONFIG_IEEE80211R \
|
||||
CONFIG_INTERWORKING
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_HOSTAPD_ACS),y)
|
||||
HOSTAPD_CONFIG_ENABLE += CONFIG_ACS
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_HOSTAPD_EAP),y)
|
||||
HOSTAPD_CONFIG_ENABLE += \
|
||||
CONFIG_EAP \
|
||||
CONFIG_RADIUS_SERVER
|
||||
|
||||
# Enable both TLS v1.1 (CONFIG_TLSV11) and v1.2 (CONFIG_TLSV12)
|
||||
HOSTAPD_CONFIG_ENABLE += CONFIG_TLSV1
|
||||
else
|
||||
HOSTAPD_CONFIG_DISABLE += CONFIG_EAP
|
||||
HOSTAPD_CONFIG_ENABLE += \
|
||||
CONFIG_NO_ACCOUNTING \
|
||||
CONFIG_NO_RADIUS
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_HOSTAPD_WPS),y)
|
||||
HOSTAPD_CONFIG_ENABLE += CONFIG_WPS
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_HOSTAPD_WPA3),y)
|
||||
HOSTAPD_CONFIG_SET += \
|
||||
CONFIG_DPP \
|
||||
CONFIG_SAE
|
||||
HOSTAPD_CONFIG_ENABLE += \
|
||||
CONFIG_OWE
|
||||
else
|
||||
HOSTAPD_CONFIG_DISABLE += \
|
||||
CONFIG_OWE
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_HOSTAPD_VLAN),)
|
||||
HOSTAPD_CONFIG_ENABLE += CONFIG_NO_VLAN
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_HOSTAPD_VLAN_DYNAMIC),y)
|
||||
HOSTAPD_CONFIG_ENABLE += CONFIG_FULL_DYNAMIC_VLAN
|
||||
HOSTAPD_CONFIG_SET += NEED_LINUX_IOCTL
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_HOSTAPD_VLAN_NETLINK),y)
|
||||
HOSTAPD_CONFIG_ENABLE += CONFIG_VLAN_NETLINK
|
||||
endif
|
||||
|
||||
# Options for building with libnl
|
||||
ifeq ($(BR2_PACKAGE_LIBNL),y)
|
||||
HOSTAPD_DEPENDENCIES += libnl
|
||||
HOSTAPD_CFLAGS += -I$(STAGING_DIR)/usr/include/libnl3/
|
||||
HOSTAPD_CONFIG_ENABLE += CONFIG_LIBNL32
|
||||
# libnl-3 needs -lm (for rint) and -lpthread if linking statically
|
||||
# And library order matters hence stick -lnl-3 first since it's appended
|
||||
# in the hostapd Makefiles as in LIBS+=-lnl-3 ... thus failing
|
||||
ifeq ($(BR2_STATIC_LIBS),y)
|
||||
HOSTAPD_LIBS += -lnl-3 -lm -lpthread
|
||||
endif
|
||||
endif
|
||||
|
||||
define HOSTAPD_CONFIGURE_CMDS
|
||||
cp $(@D)/hostapd/defconfig $(HOSTAPD_CONFIG)
|
||||
sed -i $(patsubst %,-e 's/^#\(%\)/\1/',$(HOSTAPD_CONFIG_ENABLE)) \
|
||||
$(patsubst %,-e 's/^\(%\)/#\1/',$(HOSTAPD_CONFIG_DISABLE)) \
|
||||
$(patsubst %,-e '1i%=y',$(HOSTAPD_CONFIG_SET)) \
|
||||
$(patsubst %,-e %,$(HOSTAPD_CONFIG_EDITS)) \
|
||||
$(HOSTAPD_CONFIG)
|
||||
endef
|
||||
|
||||
define HOSTAPD_BUILD_CMDS
|
||||
$(TARGET_MAKE_ENV) CFLAGS="$(HOSTAPD_CFLAGS)" \
|
||||
LDFLAGS="$(TARGET_LDFLAGS)" LIBS="$(HOSTAPD_LIBS)" \
|
||||
$(MAKE) CC="$(TARGET_CC)" -C $(@D)/$(HOSTAPD_SUBDIR)
|
||||
endef
|
||||
|
||||
define HOSTAPD_INSTALL_TARGET_CMDS
|
||||
$(INSTALL) -m 0755 -D $(@D)/$(HOSTAPD_SUBDIR)/hostapd \
|
||||
$(TARGET_DIR)/usr/sbin/hostapd
|
||||
$(INSTALL) -m 0755 -D $(@D)/$(HOSTAPD_SUBDIR)/hostapd_cli \
|
||||
$(TARGET_DIR)/usr/bin/hostapd_cli
|
||||
$(INSTALL) -m 0644 -D $(@D)/$(HOSTAPD_SUBDIR)/hostapd.conf \
|
||||
$(TARGET_DIR)/etc/hostapd.conf
|
||||
endef
|
||||
|
||||
$(eval $(generic-package))
|
||||
Reference in New Issue
Block a user