From owner-freebsd-ports-bugs@FreeBSD.ORG Sat Jan 19 20:00:01 2013 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 286C4AE0 for ; Sat, 19 Jan 2013 20:00:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 0B7D7E4D for ; Sat, 19 Jan 2013 20:00:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r0JK00Sr089248 for ; Sat, 19 Jan 2013 20:00:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r0JK00Ja089244; Sat, 19 Jan 2013 20:00:00 GMT (envelope-from gnats) Resent-Date: Sat, 19 Jan 2013 20:00:00 GMT Resent-Message-Id: <201301192000.r0JK00Ja089244@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Craig Leres Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 08717A8A for ; Sat, 19 Jan 2013 19:50:21 +0000 (UTC) (envelope-from leres@ee.lbl.gov) Received: from fun.ee.lbl.gov (fun.ee.lbl.gov [IPv6:2620:83:8000:102::ca]) by mx1.freebsd.org (Postfix) with ESMTP id DBC45E1C for ; Sat, 19 Jan 2013 19:50:20 +0000 (UTC) Received: from fun.ee.lbl.gov (localhost [127.0.0.1]) by fun.ee.lbl.gov (8.14.6/8.14.6) with ESMTP id r0JJoIxv096002 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 19 Jan 2013 11:50:18 -0800 (PST) Received: (from leres@localhost) by fun.ee.lbl.gov (8.14.6/8.14.5/Submit) id r0JJoI7q096001; Sat, 19 Jan 2013 11:50:18 -0800 (PST) Message-Id: <201301191950.r0JJoI7q096001@fun.ee.lbl.gov> Date: Sat, 19 Jan 2013 11:50:18 -0800 (PST) From: Craig Leres To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: ports/175438: [PATCH] net/hostapd: Update to 2.0 Cc: leres@ee.lbl.gov X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Craig Leres List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Jan 2013 20:00:01 -0000 >Number: 175438 >Category: ports >Synopsis: [PATCH] net/hostapd: Update to 2.0 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sat Jan 19 20:00:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Craig Leres >Release: FreeBSD 9.1-RELEASE amd64 >Organization: Lawrence Berkeley National Laboratory >Environment: System: FreeBSD fun.ee.lbl.gov 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r4: Tue Jan 1 16:20:22 PST 2013 leres@b64.ee.lbl.gov:/sys/amd64/compile/LBL amd64 >Description: Update to 2.0. >How-To-Repeat: >Fix: Please see attached patch. --- patch.txt begins here --- --- Makefile.orig 2012-11-17 13:04:57.000000000 -0800 +++ Makefile 2013-01-19 11:44:31.000000000 -0800 @@ -1,12 +1,8 @@ -# New ports collection makefile for: hostapd -# Date created: 05 February 2011 -# Whom: leres@ee.lbl.gov -# +# Created by: Craig Leres # $FreeBSD: head/net/hostapd/Makefile 300897 2012-07-14 14:29:18Z beat $ -# PORTNAME= hostapd -PORTVERSION= 1.0 +PORTVERSION= 2.0 CATEGORIES= net MASTER_SITES= http://hostap.epitest.fi/releases/ --- distinfo.orig 2012-11-17 13:04:57.000000000 -0800 +++ distinfo 2013-01-19 11:44:31.000000000 -0800 @@ -1,2 +1,2 @@ -SHA256 (hostapd-1.0.tar.gz) = 002e9dcb7e46cf82b5900a2fcf92b30fc8cdfd32a72d7fd4488588f1c013dfcc -SIZE (hostapd-1.0.tar.gz) = 1327943 +SHA256 (hostapd-2.0.tar.gz) = 262ce394b930bccc3d65fb99ee380f28d36444978f524c845a98e8e29f4e9d35 +SIZE (hostapd-2.0.tar.gz) = 1376203 --- files/config.orig 2012-11-17 13:04:57.000000000 -0800 +++ files/config 2013-01-19 11:44:31.000000000 -0800 @@ -90,6 +90,9 @@ # EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) #CONFIG_EAP_PSK=y +# EAP-pwd for the integrated EAP server (secure authentication with a password) +#CONFIG_EAP_PWD=y + # EAP-SAKE for the integrated EAP server #CONFIG_EAP_SAKE=y @@ -107,8 +110,12 @@ # Wi-Fi Protected Setup (WPS) #CONFIG_WPS=y +# Enable WSC 2.0 support +#CONFIG_WPS2=y # Enable UPnP support for external WPS Registrars #CONFIG_WPS_UPNP=y +# Enable WPS support with NFC config method +#CONFIG_WPS_NFC=y # EAP-IKEv2 #CONFIG_EAP_IKEV2=y @@ -137,11 +144,22 @@ # IEEE 802.11n (High Throughput) support #CONFIG_IEEE80211N=y +# Wireless Network Management (IEEE Std 802.11v-2011) +# Note: This is experimental and not complete implementation. +#CONFIG_WNM=y + +# IEEE 802.11ac (Very High Throughput) support +#CONFIG_IEEE80211AC=y + # Remove debugging code that is printing out debug messages to stdout. # This can be used to reduce the size of the hostapd considerably if debugging # code is not needed. #CONFIG_NO_STDOUT_DEBUG=y +# Add support for writing debug log to a file: -f /tmp/hostapd.log +# Disabled by default. +#CONFIG_DEBUG_FILE=y + # Remove support for RADIUS accounting #CONFIG_NO_ACCOUNTING=y @@ -151,6 +169,14 @@ # Remove support for VLANs #CONFIG_NO_VLAN=y +# Enable support for fully dynamic VLANs. This enables hostapd to +# automatically create bridge and VLAN interfaces if necessary. +#CONFIG_FULL_DYNAMIC_VLAN=y + +# Use netlink-based kernel API for VLAN operations instead of ioctl() +# Note: This requires libnl 3.1 or newer. +#CONFIG_VLAN_NETLINK=y + # Remove support for dumping state into a file on SIGUSR1 signal # This can be used to reduce binary size at the cost of disabling a debugging # option. @@ -173,3 +199,77 @@ #LIBS += -lbfd -liberty -lz #LIBS_p += -lbfd -liberty -lz #LIBS_c += -lbfd -liberty -lz + +# hostapd depends on strong random number generation being available from the +# operating system. os_get_random() function is used to fetch random data when +# needed, e.g., for key generation. On Linux and BSD systems, this works by +# reading /dev/urandom. It should be noted that the OS entropy pool needs to be +# properly initialized before hostapd is started. This is important especially +# on embedded devices that do not have a hardware random number generator and +# may by default start up with minimal entropy available for random number +# generation. +# +# As a safety net, hostapd is by default trying to internally collect +# additional entropy for generating random data to mix in with the data +# fetched from the OS. This by itself is not considered to be very strong, but +# it may help in cases where the system pool is not initialized properly. +# However, it is very strongly recommended that the system pool is initialized +# with enough entropy either by using hardware assisted random number +# generator or by storing state over device reboots. +# +# hostapd can be configured to maintain its own entropy store over restarts to +# enhance random number generation. This is not perfect, but it is much more +# secure than using the same sequence of random numbers after every reboot. +# This can be enabled with -e command line option. The specified +# file needs to be readable and writable by hostapd. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal hostapd random pool can be disabled. +# This will save some in binary size and CPU use. However, this should only be +# considered for builds that are known to be used on devices that meet the +# requirements described above. +#CONFIG_NO_RANDOM_POOL=y + +# Select TLS implementation +# openssl = OpenSSL (default) +# gnutls = GnuTLS +# internal = Internal TLSv1 implementation (experimental) +# none = Empty template +#CONFIG_TLS=openssl + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. +#CONFIG_TLSV11=y + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) +# can be enabled to enable use of stronger crypto algorithms. +#CONFIG_TLSV12=y + +# If CONFIG_TLS=internal is used, additional library and include paths are +# needed for LibTomMath. Alternatively, an integrated, minimal version of +# LibTomMath can be used. See beginning of libtommath.c for details on benefits +# and drawbacks of this option. +#CONFIG_INTERNAL_LIBTOMMATH=y +#ifndef CONFIG_INTERNAL_LIBTOMMATH +#LTM_PATH=/usr/src/libtommath-0.39 +#CFLAGS += -I$(LTM_PATH) +#LIBS += -L$(LTM_PATH) +#LIBS_p += -L$(LTM_PATH) +#endif +# At the cost of about 4 kB of additional binary size, the internal LibTomMath +# can be configured to include faster routines for exptmod, sqr, and div to +# speed up DH and RSA calculation considerably +#CONFIG_INTERNAL_LIBTOMMATH_FAST=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks. +#CONFIG_INTERWORKING=y + +# Hotspot 2.0 +#CONFIG_HS20=y + +# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file +#CONFIG_SQLITE=y --- patch.txt ends here --- >Release-Note: >Audit-Trail: >Unformatted: