initial buildroot for linux 5.15

This commit is contained in:
Huan.Feng
2021-12-06 14:12:13 +08:00
parent d7767d594e
commit 7b6fc358fa
12736 changed files with 508822 additions and 0 deletions
@@ -0,0 +1,77 @@
From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Thu, 29 Aug 2019 11:52:04 +0300
Subject: [PATCH] AP: Silently ignore management frame from unexpected source
address
Do not process any received Management frames with unexpected/invalid SA
so that we do not add any state for unexpected STA addresses or end up
sending out frames to unexpected destination. This prevents unexpected
sequences where an unprotected frame might end up causing the AP to send
out a response to another device and that other device processing the
unexpected response.
In particular, this prevents some potential denial of service cases
where the unexpected response frame from the AP might result in a
connected station dropping its association.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Retrieved from:
https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch]
---
src/ap/drv_callbacks.c | 13 +++++++++++++
src/ap/ieee802_11.c | 12 ++++++++++++
2 files changed, 25 insertions(+)
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 31587685fe3b..34ca379edc3d 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
"hostapd_notif_assoc: Skip event with no address");
return -1;
}
+
+ if (is_multicast_ether_addr(addr) ||
+ is_zero_ether_addr(addr) ||
+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
+ " in received indication - ignore this indication silently",
+ __func__, MAC2STR(addr));
+ return 0;
+ }
+
random_add_randomness(addr, ETH_ALEN);
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index c85a28db44b7..e7065372e158 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
fc = le_to_host16(mgmt->frame_control);
stype = WLAN_FC_GET_STYPE(fc);
+ if (is_multicast_ether_addr(mgmt->sa) ||
+ is_zero_ether_addr(mgmt->sa) ||
+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
+ " in received frame - ignore this frame silently",
+ MAC2STR(mgmt->sa));
+ return 0;
+ }
+
if (stype == WLAN_FC_STYPE_BEACON) {
handle_beacon(hapd, mgmt, len, fi);
return 1;
--
2.20.1
@@ -0,0 +1,116 @@
From a0541334a6394f8237a4393b7372693cd7e96f15 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 13 Mar 2021 18:19:31 +0200
Subject: [PATCH] ASN.1: Validate DigestAlgorithmIdentifier parameters
The supported hash algorithms do not use AlgorithmIdentifier parameters.
However, there are implementations that include NULL parameters in
addition to ones that omit the parameters. Previous implementation did
not check the parameters value at all which supported both these cases,
but did not reject any other unexpected information.
Use strict validation of digest algorithm parameters and reject any
unexpected value when validating a signature. This is needed to prevent
potential forging attacks.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/tls/pkcs1.c | 21 +++++++++++++++++++++
src/tls/x509v3.c | 20 ++++++++++++++++++++
2 files changed, 41 insertions(+)
diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c
index bbdb0d72d..5761dfed0 100644
--- a/src/tls/pkcs1.c
+++ b/src/tls/pkcs1.c
@@ -244,6 +244,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
os_free(decrypted);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestInfo",
+ hdr.payload, hdr.length);
pos = hdr.payload;
end = pos + hdr.length;
@@ -265,6 +267,8 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
os_free(decrypted);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: DigestAlgorithmIdentifier",
+ hdr.payload, hdr.length);
da_end = hdr.payload + hdr.length;
if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
@@ -273,6 +277,23 @@ int pkcs1_v15_sig_ver(struct crypto_public_key *pk,
os_free(decrypted);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "PKCS #1: Digest algorithm parameters",
+ next, da_end - next);
+
+ /*
+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
+ * omit the parameters, but there are implementation that encode these
+ * as a NULL element. Allow these two cases and reject anything else.
+ */
+ if (da_end > next &&
+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
+ !asn1_is_null(&hdr) ||
+ hdr.payload + hdr.length != da_end)) {
+ wpa_printf(MSG_DEBUG,
+ "PKCS #1: Unexpected digest algorithm parameters");
+ os_free(decrypted);
+ return -1;
+ }
if (!asn1_oid_equal(&oid, hash_alg)) {
char txt[100], txt2[100];
diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index a8944dd2f..df337ec4d 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -1964,6 +1964,7 @@ int x509_check_signature(struct x509_certificate *issuer,
os_free(data);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestInfo", hdr.payload, hdr.length);
pos = hdr.payload;
end = pos + hdr.length;
@@ -1985,6 +1986,8 @@ int x509_check_signature(struct x509_certificate *issuer,
os_free(data);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "X509: DigestAlgorithmIdentifier",
+ hdr.payload, hdr.length);
da_end = hdr.payload + hdr.length;
if (asn1_get_oid(hdr.payload, hdr.length, &oid, &next)) {
@@ -1992,6 +1995,23 @@ int x509_check_signature(struct x509_certificate *issuer,
os_free(data);
return -1;
}
+ wpa_hexdump(MSG_MSGDUMP, "X509: Digest algorithm parameters",
+ next, da_end - next);
+
+ /*
+ * RFC 5754: The correct encoding for the SHA2 algorithms would be to
+ * omit the parameters, but there are implementation that encode these
+ * as a NULL element. Allow these two cases and reject anything else.
+ */
+ if (da_end > next &&
+ (asn1_get_next(next, da_end - next, &hdr) < 0 ||
+ !asn1_is_null(&hdr) ||
+ hdr.payload + hdr.length != da_end)) {
+ wpa_printf(MSG_DEBUG,
+ "X509: Unexpected digest algorithm parameters");
+ os_free(data);
+ return -1;
+ }
if (x509_sha1_oid(&oid)) {
if (signature->oid.oid[6] != 5 /* sha-1WithRSAEncryption */) {
--
2.20.1
@@ -0,0 +1,32 @@
From 99cf89555313056d3a8fa54b21d02dc880b363e1 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Mon, 20 Apr 2020 20:29:31 +0300
Subject: [PATCH] Include stdbool.h to allow C99 bool to be used
We have practically started requiring some C99 features, so might as
well finally go ahead and bring in the C99 bool as well.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
[geomatsi@gmail.com: backport from upstream]
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[yann.morin.1998@free.fr: keep upstream sha1 in header, drop numbering]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---
src/utils/includes.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/utils/includes.h b/src/utils/includes.h
index 75513fc8c..741fc9c14 100644
--- a/src/utils/includes.h
+++ b/src/utils/includes.h
@@ -18,6 +18,7 @@
#include <stdlib.h>
#include <stddef.h>
+#include <stdbool.h>
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
--
2.25.1
@@ -0,0 +1,37 @@
From 9a990e8c4eb92dd64e0ec483599820e45c35ac23 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sat, 13 Mar 2021 23:14:23 +0200
Subject: [PATCH] ASN.1: Add helper functions for recognizing tag values
Signed-off-by: Jouni Malinen <j@w1.fi>
[geomatsi@gmail.com: backport asn1_is_null() from upstream 9a990e8c4eb9]
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[yann.morin.1998@free.fr:
- reformat, keep the upstream sha1 and title,
- drop numbering
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---
src/tls/asn1.h | 102 +++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 102 insertions(+)
diff --git a/src/tls/asn1.h b/src/tls/asn1.h
index de3430adb..a4d1be473 100644
--- a/src/tls/asn1.h
+++ b/src/tls/asn1.h
@@ -66,6 +66,12 @@ struct wpabuf * asn1_build_alg_id(const struct asn1_oid *oid,
unsigned long asn1_bit_string_to_long(const u8 *buf, size_t len);
int asn1_oid_equal(const struct asn1_oid *a, const struct asn1_oid *b);
+static inline bool asn1_is_null(const struct asn1_hdr *hdr)
+{
+ return hdr->class == ASN1_CLASS_UNIVERSAL &&
+ hdr->tag == ASN1_TAG_NULL;
+}
+
extern struct asn1_oid asn1_sha1_oid;
extern struct asn1_oid asn1_sha256_oid;
--
2.25.1
+116
View File
@@ -0,0 +1,116 @@
config BR2_PACKAGE_HOSTAPD
bool "hostapd"
depends on BR2_USE_MMU # fork()
select BR2_PACKAGE_LIBOPENSSL_ENABLE_DES if BR2_PACKAGE_LIBOPENSSL
select BR2_PACKAGE_LIBOPENSSL_ENABLE_MD4 if BR2_PACKAGE_LIBOPENSSL
help
User space daemon for wireless access points.
It implements IEEE 802.11 access point management,
IEEE 802.1X/WPA/WPA2/EAP authenticators, RADIUS client,
EAP server and RADIUS authentication server.
http://w1.fi/hostapd/
if BR2_PACKAGE_HOSTAPD
config BR2_PACKAGE_HOSTAPD_DRIVER_HOSTAP
bool "Enable hostap driver"
default y
select BR2_PACKAGE_HOSTAPD_HAS_WIFI_DRIVERS
help
Enable support for Host AP driver.
config BR2_PACKAGE_HOSTAPD_DRIVER_NL80211
bool "Enable nl80211 driver"
default y
depends on BR2_TOOLCHAIN_HAS_THREADS # libnl
select BR2_PACKAGE_LIBNL
select BR2_PACKAGE_HOSTAPD_HAS_WIFI_DRIVERS
help
Enable support for drivers using the nl80211 kernel interface.
comment "nl80211 driver needs a toolchain w/ threads"
depends on !BR2_TOOLCHAIN_HAS_THREADS
config BR2_PACKAGE_HOSTAPD_DRIVER_WIRED
bool "Enable wired driver"
help
Enable support for wired authenticator.
config BR2_PACKAGE_HOSTAPD_DRIVER_NONE
bool
default y
depends on !BR2_PACKAGE_HOSTAPD_DRIVER_HOSTAP
depends on !BR2_PACKAGE_HOSTAPD_DRIVER_NL80211
depends on !BR2_PACKAGE_HOSTAPD_DRIVER_WIRED
config BR2_PACKAGE_HOSTAPD_HAS_WIFI_DRIVERS
bool
config BR2_PACKAGE_HOSTAPD_ACS
bool "Enable ACS"
default y
depends on BR2_PACKAGE_HOSTAPD_DRIVER_NL80211
help
Enable support for standard ACS (Automatic Channel Selection).
Some propietary drivers use a custom algorithm which requires
channel to be set to '0' (which enables ACS in the config),
causing hostapd to use the standard one which doesn't work
for those cases.
comment "ACS is currently only supported through the nl80211 driver"
depends on !BR2_PACKAGE_HOSTAPD_DRIVER_NL80211
config BR2_PACKAGE_HOSTAPD_EAP
bool "Enable EAP"
depends on !BR2_STATIC_LIBS
help
Enable support for EAP and RADIUS.
comment "hostapd EAP needs a toolchain w/ dynamic library"
depends on BR2_STATIC_LIBS
config BR2_PACKAGE_HOSTAPD_WPS
bool "Enable WPS"
help
Enable support for Wi-Fi Protected Setup.
config BR2_PACKAGE_HOSTAPD_WPA3
bool "Enable WPA3 support"
select BR2_PACKAGE_OPENSSL
select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL
help
Enable WPA3 support including OWE, SAE, DPP
config BR2_PACKAGE_HOSTAPD_VLAN
bool "Enable VLAN support"
default y
help
Enable support for VLANs.
if BR2_PACKAGE_HOSTAPD_VLAN
config BR2_PACKAGE_HOSTAPD_VLAN_DYNAMIC
bool "Enable dynamic VLAN support"
default y
help
Enable support for fully dynamic VLANs.
This enables hostapd to automatically create
bridge and VLAN interfaces if necessary.
config BR2_PACKAGE_HOSTAPD_VLAN_NETLINK
bool "Use netlink-based API for VLAN operations"
default y
depends on BR2_TOOLCHAIN_HAS_THREADS # libnl
select BR2_PACKAGE_LIBNL
help
Use netlink-based kernel API for VLAN operations
instead of ioctl().
comment "netlink-based VLAN support needs a toolchain w/ threads"
depends on !BR2_TOOLCHAIN_HAS_THREADS
endif # BR2_PACKAGE_HOSTAPD_VLAN
endif
+7
View File
@@ -0,0 +1,7 @@
# Locally calculated
sha256 881d7d6a90b2428479288d64233151448f8990ab4958e0ecaca7eeb3c9db2bd7 hostapd-2.9.tar.gz
sha256 2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
sha256 49feb35a5276279b465f6836d6fa2c6b34d94dc979e8b840d1918865c04260de 0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
sha256 a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a 0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
sha256 7f40cfec5faf5e927ea9028ab9392cd118685bde7229ad24210caf0a8f6e9611 0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
sha256 9da5dd0776da266b180b915e460ff75c6ff729aca1196ab396529510f24f3761 README
+163
View File
@@ -0,0 +1,163 @@
################################################################################
#
# hostapd
#
################################################################################
HOSTAPD_VERSION = 2.9
HOSTAPD_SITE = http://w1.fi/releases
HOSTAPD_SUBDIR = hostapd
HOSTAPD_CONFIG = $(HOSTAPD_DIR)/$(HOSTAPD_SUBDIR)/.config
HOSTAPD_PATCH = \
https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch \
https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch \
https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch \
https://w1.fi/security/2021-1/0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
HOSTAPD_DEPENDENCIES = host-pkgconf
HOSTAPD_CFLAGS = $(TARGET_CFLAGS)
HOSTAPD_LICENSE = BSD-3-Clause
HOSTAPD_LICENSE_FILES = README
# 0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
HOSTAPD_IGNORE_CVES += CVE-2019-16275
# 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
HOSTAPD_IGNORE_CVES += CVE-2020-12695
# 0002-ASN.1-Validate-DigestAlgorithmIdentifier-parameters.patch
HOSTAPD_IGNORE_CVES += CVE-2021-30004
# 0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
HOSTAPD_IGNORE_CVES += CVE-2021-27803
HOSTAPD_CPE_ID_VENDOR = w1.fi
HOSTAPD_SELINUX_MODULES = hostapd
HOSTAPD_CONFIG_SET =
HOSTAPD_CONFIG_ENABLE = \
CONFIG_INTERNAL_LIBTOMMATH \
CONFIG_DEBUG_FILE \
CONFIG_DEBUG_SYSLOG
HOSTAPD_CONFIG_DISABLE =
# Try to use openssl if it's already available
ifeq ($(BR2_PACKAGE_LIBOPENSSL),y)
HOSTAPD_DEPENDENCIES += host-pkgconf libopenssl
HOSTAPD_LIBS += `$(PKG_CONFIG_HOST_BINARY) --libs openssl`
HOSTAPD_CONFIG_EDITS += 's/\#\(CONFIG_TLS=openssl\)/\1/'
else
HOSTAPD_CONFIG_DISABLE += CONFIG_EAP_PWD CONFIG_EAP_TEAP
HOSTAPD_CONFIG_EDITS += 's/\#\(CONFIG_TLS=\).*/\1internal/'
endif
ifeq ($(BR2_PACKAGE_HOSTAPD_DRIVER_HOSTAP),)
HOSTAPD_CONFIG_DISABLE += CONFIG_DRIVER_HOSTAP
endif
ifeq ($(BR2_PACKAGE_HOSTAPD_DRIVER_NL80211),)
HOSTAPD_CONFIG_DISABLE += CONFIG_DRIVER_NL80211
endif
ifeq ($(BR2_PACKAGE_HOSTAPD_DRIVER_WIRED),y)
HOSTAPD_CONFIG_ENABLE += CONFIG_DRIVER_WIRED
endif
ifeq ($(BR2_PACKAGE_HOSTAPD_DRIVER_NONE),y)
HOSTAPD_CONFIG_ENABLE += CONFIG_DRIVER_NONE
endif
# Add options for wireless drivers
ifeq ($(BR2_PACKAGE_HOSTAPD_HAS_WIFI_DRIVERS),y)
HOSTAPD_CONFIG_ENABLE += \
CONFIG_HS20 \
CONFIG_IEEE80211AC \
CONFIG_IEEE80211N \
CONFIG_IEEE80211R \
CONFIG_INTERWORKING
endif
ifeq ($(BR2_PACKAGE_HOSTAPD_ACS),y)
HOSTAPD_CONFIG_ENABLE += CONFIG_ACS
endif
ifeq ($(BR2_PACKAGE_HOSTAPD_EAP),y)
HOSTAPD_CONFIG_ENABLE += \
CONFIG_EAP \
CONFIG_RADIUS_SERVER
# Enable both TLS v1.1 (CONFIG_TLSV11) and v1.2 (CONFIG_TLSV12)
HOSTAPD_CONFIG_ENABLE += CONFIG_TLSV1
else
HOSTAPD_CONFIG_DISABLE += CONFIG_EAP
HOSTAPD_CONFIG_ENABLE += \
CONFIG_NO_ACCOUNTING \
CONFIG_NO_RADIUS
endif
ifeq ($(BR2_PACKAGE_HOSTAPD_WPS),y)
HOSTAPD_CONFIG_ENABLE += CONFIG_WPS
endif
ifeq ($(BR2_PACKAGE_HOSTAPD_WPA3),y)
HOSTAPD_CONFIG_SET += \
CONFIG_DPP \
CONFIG_SAE
HOSTAPD_CONFIG_ENABLE += \
CONFIG_OWE
else
HOSTAPD_CONFIG_DISABLE += \
CONFIG_OWE
endif
ifeq ($(BR2_PACKAGE_HOSTAPD_VLAN),)
HOSTAPD_CONFIG_ENABLE += CONFIG_NO_VLAN
endif
ifeq ($(BR2_PACKAGE_HOSTAPD_VLAN_DYNAMIC),y)
HOSTAPD_CONFIG_ENABLE += CONFIG_FULL_DYNAMIC_VLAN
HOSTAPD_CONFIG_SET += NEED_LINUX_IOCTL
endif
ifeq ($(BR2_PACKAGE_HOSTAPD_VLAN_NETLINK),y)
HOSTAPD_CONFIG_ENABLE += CONFIG_VLAN_NETLINK
endif
# Options for building with libnl
ifeq ($(BR2_PACKAGE_LIBNL),y)
HOSTAPD_DEPENDENCIES += libnl
HOSTAPD_CFLAGS += -I$(STAGING_DIR)/usr/include/libnl3/
HOSTAPD_CONFIG_ENABLE += CONFIG_LIBNL32
# libnl-3 needs -lm (for rint) and -lpthread if linking statically
# And library order matters hence stick -lnl-3 first since it's appended
# in the hostapd Makefiles as in LIBS+=-lnl-3 ... thus failing
ifeq ($(BR2_STATIC_LIBS),y)
HOSTAPD_LIBS += -lnl-3 -lm -lpthread
endif
endif
define HOSTAPD_CONFIGURE_CMDS
cp $(@D)/hostapd/defconfig $(HOSTAPD_CONFIG)
sed -i $(patsubst %,-e 's/^#\(%\)/\1/',$(HOSTAPD_CONFIG_ENABLE)) \
$(patsubst %,-e 's/^\(%\)/#\1/',$(HOSTAPD_CONFIG_DISABLE)) \
$(patsubst %,-e '1i%=y',$(HOSTAPD_CONFIG_SET)) \
$(patsubst %,-e %,$(HOSTAPD_CONFIG_EDITS)) \
$(HOSTAPD_CONFIG)
endef
define HOSTAPD_BUILD_CMDS
$(TARGET_MAKE_ENV) CFLAGS="$(HOSTAPD_CFLAGS)" \
LDFLAGS="$(TARGET_LDFLAGS)" LIBS="$(HOSTAPD_LIBS)" \
$(MAKE) CC="$(TARGET_CC)" -C $(@D)/$(HOSTAPD_SUBDIR)
endef
define HOSTAPD_INSTALL_TARGET_CMDS
$(INSTALL) -m 0755 -D $(@D)/$(HOSTAPD_SUBDIR)/hostapd \
$(TARGET_DIR)/usr/sbin/hostapd
$(INSTALL) -m 0755 -D $(@D)/$(HOSTAPD_SUBDIR)/hostapd_cli \
$(TARGET_DIR)/usr/bin/hostapd_cli
$(INSTALL) -m 0644 -D $(@D)/$(HOSTAPD_SUBDIR)/hostapd.conf \
$(TARGET_DIR)/etc/hostapd.conf
endef
$(eval $(generic-package))