diff options
-rw-r--r-- | network/hostapd/hostapd.SlackBuild | 10 | ||||
-rw-r--r-- | network/hostapd/hostapd.defconfig | 14 | ||||
-rw-r--r-- | network/hostapd/hostapd.info | 6 | ||||
-rw-r--r-- | network/hostapd/patches/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch | 73 |
4 files changed, 13 insertions, 90 deletions
diff --git a/network/hostapd/hostapd.SlackBuild b/network/hostapd/hostapd.SlackBuild index 8dd14ed682bc2..ebfe7e330bc06 100644 --- a/network/hostapd/hostapd.SlackBuild +++ b/network/hostapd/hostapd.SlackBuild @@ -4,7 +4,7 @@ # Copyright 2008-2013 Murat D. Kadirov <banderols@gmail.com> # Copyright 2014-2016 LukenShiro, Italy -# Copyright 2018, 2019 Brenton Earl <brent@exitstatusone.com> +# Copyright 2018-2020 Brenton Earl <brent@exitstatusone.com> # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -27,7 +27,7 @@ # Fixed doinst.sh by Mario Preksavec <mario@slackware.hr> PRGNAM=hostapd -VERSION=${VERSION:-2.7} +VERSION=${VERSION:-2.9} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} @@ -75,11 +75,7 @@ find -L . \ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; -(cd ../src/ -for i in $CWD/patches/*.patch; do - patch -p2 < "$i" -done) - +# Edit the defconfig to enable additional features cat $CWD/hostapd.defconfig > .config CFLAGS+="$SLKCFLAGS" make diff --git a/network/hostapd/hostapd.defconfig b/network/hostapd/hostapd.defconfig index 08005f26b488f..e1bfff1f83db1 100644 --- a/network/hostapd/hostapd.defconfig +++ b/network/hostapd/hostapd.defconfig @@ -19,7 +19,7 @@ CONFIG_DRIVER_WIRED=y CONFIG_DRIVER_NL80211=y # QCA vendor extensions to nl80211 -#CONFIG_DRIVER_NL80211_QCA=y +CONFIG_DRIVER_NL80211_QCA=y # driver_nl80211.c requires libnl. If you are compiling it yourself # you may need to point hostapd to your version of libnl. @@ -97,7 +97,7 @@ CONFIG_EAP_PAX=y CONFIG_EAP_PSK=y # EAP-pwd for the integrated EAP server (secure authentication with a password) -#CONFIG_EAP_PWD=y +CONFIG_EAP_PWD=y # EAP-SAKE for the integrated EAP server CONFIG_EAP_SAKE=y @@ -142,13 +142,13 @@ CONFIG_PKCS12=y # RADIUS authentication server. This provides access to the integrated EAP # server from external hosts using RADIUS. -CONFIG_RADIUS_SERVER=y +#CONFIG_RADIUS_SERVER=y # Build IPv6 support for RADIUS operations CONFIG_IPV6=y # IEEE Std 802.11r-2008 (Fast BSS Transition) -CONFIG_IEEE80211R=y +#CONFIG_IEEE80211R=y # Use the hostapd's IEEE 802.11 authentication (ACL), but without # the IEEE 802.11 Management capability (e.g., FreeBSD/net80211) @@ -162,7 +162,7 @@ CONFIG_IEEE80211N=y #CONFIG_WNM=y # IEEE 802.11ac (Very High Throughput) support -CONFIG_IEEE80211AC=y +#CONFIG_IEEE80211AC=y # IEEE 802.11ax HE support # Note: This is experimental and work in progress. The definitions are still @@ -319,7 +319,7 @@ CONFIG_IEEE80211AC=y #CONFIG_HS20=y # Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file -CONFIG_SQLITE=y +#CONFIG_SQLITE=y # Enable Fast Session Transfer (FST) #CONFIG_FST=y @@ -390,7 +390,7 @@ CONFIG_ACS=y # parameter. See that parameter in hostapd.conf for more details. #CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 -# custom configuration options +# Additional Options CONFIG_MESH=y CONFIG_SAE=y CONFIG_WPS2=y diff --git a/network/hostapd/hostapd.info b/network/hostapd/hostapd.info index c4e87e1a2dc14..120734259aeea 100644 --- a/network/hostapd/hostapd.info +++ b/network/hostapd/hostapd.info @@ -1,8 +1,8 @@ PRGNAM="hostapd" -VERSION="2.7" +VERSION="2.9" HOMEPAGE="https://w1.fi/hostapd/" -DOWNLOAD="https://w1.fi/releases/hostapd-2.7.tar.gz" -MD5SUM="8d3799f3a3c247cff47d41503698721b" +DOWNLOAD="https://w1.fi/releases/hostapd-2.9.tar.gz" +MD5SUM="f188fc53a495fe7af3b6d77d3c31dee8" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="" diff --git a/network/hostapd/patches/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch b/network/hostapd/patches/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch deleted file mode 100644 index d764a9db016c5..0000000000000 --- a/network/hostapd/patches/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <j@w1.fi> -Date: Thu, 29 Aug 2019 11:52:04 +0300 -Subject: [PATCH] AP: Silently ignore management frame from unexpected source - address - -Do not process any received Management frames with unexpected/invalid SA -so that we do not add any state for unexpected STA addresses or end up -sending out frames to unexpected destination. This prevents unexpected -sequences where an unprotected frame might end up causing the AP to send -out a response to another device and that other device processing the -unexpected response. - -In particular, this prevents some potential denial of service cases -where the unexpected response frame from the AP might result in a -connected station dropping its association. - -Signed-off-by: Jouni Malinen <j@w1.fi> ---- - src/ap/drv_callbacks.c | 13 +++++++++++++ - src/ap/ieee802_11.c | 12 ++++++++++++ - 2 files changed, 25 insertions(+) - -diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c -index 31587685fe3b..34ca379edc3d 100644 ---- a/src/ap/drv_callbacks.c -+++ b/src/ap/drv_callbacks.c -@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, - "hostapd_notif_assoc: Skip event with no address"); - return -1; - } -+ -+ if (is_multicast_ether_addr(addr) || -+ is_zero_ether_addr(addr) || -+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) { -+ /* Do not process any frames with unexpected/invalid SA so that -+ * we do not add any state for unexpected STA addresses or end -+ * up sending out frames to unexpected destination. */ -+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR -+ " in received indication - ignore this indication silently", -+ __func__, MAC2STR(addr)); -+ return 0; -+ } -+ - random_add_randomness(addr, ETH_ALEN); - - hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, -diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c -index c85a28db44b7..e7065372e158 100644 ---- a/src/ap/ieee802_11.c -+++ b/src/ap/ieee802_11.c -@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, - fc = le_to_host16(mgmt->frame_control); - stype = WLAN_FC_GET_STYPE(fc); - -+ if (is_multicast_ether_addr(mgmt->sa) || -+ is_zero_ether_addr(mgmt->sa) || -+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { -+ /* Do not process any frames with unexpected/invalid SA so that -+ * we do not add any state for unexpected STA addresses or end -+ * up sending out frames to unexpected destination. */ -+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR -+ " in received frame - ignore this frame silently", -+ MAC2STR(mgmt->sa)); -+ return 0; -+ } -+ - if (stype == WLAN_FC_STYPE_BEACON) { - handle_beacon(hapd, mgmt, len, fi); - return 1; --- -2.20.1 - |