Date: Sat, 19 Jan 2013 11:50:18 -0800 (PST) From: Craig Leres <leres@ee.lbl.gov> To: FreeBSD-gnats-submit@freebsd.org Cc: leres@ee.lbl.gov Subject: ports/175438: [PATCH] net/hostapd: Update to 2.0 Message-ID: <201301191950.r0JJoI7q096001@fun.ee.lbl.gov> Resent-Message-ID: <201301192000.r0JK00Ja089244@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 175438 >Category: ports >Synopsis: [PATCH] net/hostapd: Update to 2.0 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sat Jan 19 20:00:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Craig Leres >Release: FreeBSD 9.1-RELEASE amd64 >Organization: Lawrence Berkeley National Laboratory >Environment: System: FreeBSD fun.ee.lbl.gov 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r4: Tue Jan 1 16:20:22 PST 2013 leres@b64.ee.lbl.gov:/sys/amd64/compile/LBL amd64 >Description: Update to 2.0. >How-To-Repeat: >Fix: Please see attached patch. --- patch.txt begins here --- --- Makefile.orig 2012-11-17 13:04:57.000000000 -0800 +++ Makefile 2013-01-19 11:44:31.000000000 -0800 @@ -1,12 +1,8 @@ -# New ports collection makefile for: hostapd -# Date created: 05 February 2011 -# Whom: leres@ee.lbl.gov -# +# Created by: Craig Leres <leres@ee.lbl.gov> # $FreeBSD: head/net/hostapd/Makefile 300897 2012-07-14 14:29:18Z beat $ -# PORTNAME= hostapd -PORTVERSION= 1.0 +PORTVERSION= 2.0 CATEGORIES= net MASTER_SITES= http://hostap.epitest.fi/releases/ --- distinfo.orig 2012-11-17 13:04:57.000000000 -0800 +++ distinfo 2013-01-19 11:44:31.000000000 -0800 @@ -1,2 +1,2 @@ -SHA256 (hostapd-1.0.tar.gz) = 002e9dcb7e46cf82b5900a2fcf92b30fc8cdfd32a72d7fd4488588f1c013dfcc -SIZE (hostapd-1.0.tar.gz) = 1327943 +SHA256 (hostapd-2.0.tar.gz) = 262ce394b930bccc3d65fb99ee380f28d36444978f524c845a98e8e29f4e9d35 +SIZE (hostapd-2.0.tar.gz) = 1376203 --- files/config.orig 2012-11-17 13:04:57.000000000 -0800 +++ files/config 2013-01-19 11:44:31.000000000 -0800 @@ -90,6 +90,9 @@ # EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) #CONFIG_EAP_PSK=y +# EAP-pwd for the integrated EAP server (secure authentication with a password) +#CONFIG_EAP_PWD=y + # EAP-SAKE for the integrated EAP server #CONFIG_EAP_SAKE=y @@ -107,8 +110,12 @@ # Wi-Fi Protected Setup (WPS) #CONFIG_WPS=y +# Enable WSC 2.0 support +#CONFIG_WPS2=y # Enable UPnP support for external WPS Registrars #CONFIG_WPS_UPNP=y +# Enable WPS support with NFC config method +#CONFIG_WPS_NFC=y # EAP-IKEv2 #CONFIG_EAP_IKEV2=y @@ -137,11 +144,22 @@ # IEEE 802.11n (High Throughput) support #CONFIG_IEEE80211N=y +# Wireless Network Management (IEEE Std 802.11v-2011) +# Note: This is experimental and not complete implementation. +#CONFIG_WNM=y + +# IEEE 802.11ac (Very High Throughput) support +#CONFIG_IEEE80211AC=y + # Remove debugging code that is printing out debug messages to stdout. # This can be used to reduce the size of the hostapd considerably if debugging # code is not needed. #CONFIG_NO_STDOUT_DEBUG=y +# Add support for writing debug log to a file: -f /tmp/hostapd.log +# Disabled by default. +#CONFIG_DEBUG_FILE=y + # Remove support for RADIUS accounting #CONFIG_NO_ACCOUNTING=y @@ -151,6 +169,14 @@ # Remove support for VLANs #CONFIG_NO_VLAN=y +# Enable support for fully dynamic VLANs. This enables hostapd to +# automatically create bridge and VLAN interfaces if necessary. +#CONFIG_FULL_DYNAMIC_VLAN=y + +# Use netlink-based kernel API for VLAN operations instead of ioctl() +# Note: This requires libnl 3.1 or newer. +#CONFIG_VLAN_NETLINK=y + # Remove support for dumping state into a file on SIGUSR1 signal # This can be used to reduce binary size at the cost of disabling a debugging # option. @@ -173,3 +199,77 @@ #LIBS += -lbfd -liberty -lz #LIBS_p += -lbfd -liberty -lz #LIBS_c += -lbfd -liberty -lz + +# hostapd depends on strong random number generation being available from the +# operating system. os_get_random() function is used to fetch random data when +# needed, e.g., for key generation. On Linux and BSD systems, this works by +# reading /dev/urandom. It should be noted that the OS entropy pool needs to be +# properly initialized before hostapd is started. This is important especially +# on embedded devices that do not have a hardware random number generator and +# may by default start up with minimal entropy available for random number +# generation. +# +# As a safety net, hostapd is by default trying to internally collect +# additional entropy for generating random data to mix in with the data +# fetched from the OS. This by itself is not considered to be very strong, but +# it may help in cases where the system pool is not initialized properly. +# However, it is very strongly recommended that the system pool is initialized +# with enough entropy either by using hardware assisted random number +# generator or by storing state over device reboots. +# +# hostapd can be configured to maintain its own entropy store over restarts to +# enhance random number generation. This is not perfect, but it is much more +# secure than using the same sequence of random numbers after every reboot. +# This can be enabled with -e<entropy file> command line option. The specified +# file needs to be readable and writable by hostapd. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal hostapd random pool can be disabled. +# This will save some in binary size and CPU use. However, this should only be +# considered for builds that are known to be used on devices that meet the +# requirements described above. +#CONFIG_NO_RANDOM_POOL=y + +# Select TLS implementation +# openssl = OpenSSL (default) +# gnutls = GnuTLS +# internal = Internal TLSv1 implementation (experimental) +# none = Empty template +#CONFIG_TLS=openssl + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. +#CONFIG_TLSV11=y + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) +# can be enabled to enable use of stronger crypto algorithms. +#CONFIG_TLSV12=y + +# If CONFIG_TLS=internal is used, additional library and include paths are +# needed for LibTomMath. Alternatively, an integrated, minimal version of +# LibTomMath can be used. See beginning of libtommath.c for details on benefits +# and drawbacks of this option. +#CONFIG_INTERNAL_LIBTOMMATH=y +#ifndef CONFIG_INTERNAL_LIBTOMMATH +#LTM_PATH=/usr/src/libtommath-0.39 +#CFLAGS += -I$(LTM_PATH) +#LIBS += -L$(LTM_PATH) +#LIBS_p += -L$(LTM_PATH) +#endif +# At the cost of about 4 kB of additional binary size, the internal LibTomMath +# can be configured to include faster routines for exptmod, sqr, and div to +# speed up DH and RSA calculation considerably +#CONFIG_INTERNAL_LIBTOMMATH_FAST=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks. +#CONFIG_INTERWORKING=y + +# Hotspot 2.0 +#CONFIG_HS20=y + +# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file +#CONFIG_SQLITE=y --- patch.txt ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201301191950.r0JJoI7q096001>