From patchwork Mon Dec  3 14:46:08 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gustavo Zacarias <gustavo@zacarias.com.ar>
X-Patchwork-Id: 203372
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from hemlock.osuosl.org (hemlock.osuosl.org [140.211.166.133])
	by ozlabs.org (Postfix) with ESMTP id 2C4032C007E
	for <incoming@patchwork.ozlabs.org>;
	Tue,  4 Dec 2012 01:47:26 +1100 (EST)
Received: from localhost (localhost [127.0.0.1])
	by hemlock.osuosl.org (Postfix) with ESMTP id A60C5A018B;
	Mon,  3 Dec 2012 14:47:24 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id itgUWPXJm6hh; Mon,  3 Dec 2012 14:47:18 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by hemlock.osuosl.org (Postfix) with ESMTP id EB73FA017A;
	Mon,  3 Dec 2012 14:47:15 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from whitealder.osuosl.org (whitealder.osuosl.org
	[140.211.166.138])
	by ash.osuosl.org (Postfix) with ESMTP id DB4CC8F74A
	for <buildroot@lists.busybox.net>;
	Mon,  3 Dec 2012 14:47:19 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id B326D898D3
	for <buildroot@lists.busybox.net>;
	Mon,  3 Dec 2012 14:47:14 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Ec7HfZKrBjDz for <buildroot@lists.busybox.net>;
	Mon,  3 Dec 2012 14:47:13 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from loknar.toptech.com.ar (loknar.toptech.com.ar [78.46.79.162])
	by whitealder.osuosl.org (Postfix) with ESMTPS id B24F887A8B
	for <buildroot@busybox.net>; Mon,  3 Dec 2012 14:47:12 +0000 (UTC)
Received: from asgard (host201.201-252-64.telecom.net.ar [201.252.64.201])
	(authenticated bits=0)
	by loknar.toptech.com.ar (8.14.5/8.14.5) with ESMTP id qB3El5KE014782
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Mon, 3 Dec 2012 14:47:08 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=zacarias.com.ar;
	s=dkey; t=1354546030;
	bh=45fM4o4IIDwsjs0xymE5xYbNjMtYrKbJGLuqQS9D0UI=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=rLX2d5Jaqvm4cd/A5UIJABmSFHL6bKIplMiyi83aVY6eYWFIwYYHeNPKg6W99OY+C
	itYFyzOappPhJL9AXtkk0U4UguHGUJruAqXmxt9GqQ1YMnb3sYoUyLhGYEPppGAZY+
	tRHcXoCruTMZjVMXBJHTuRuekAh4otxG/xRspmTQ=
Received: by asgard (sSMTP sendmail emulation);
	Mon, 03 Dec 2012 11:47:05 -0300
From: Gustavo Zacarias <gustavo@zacarias.com.ar>
To: buildroot@busybox.net
Date: Mon,  3 Dec 2012 11:46:08 -0300
Message-Id: <1354545972-26783-10-git-send-email-gustavo@zacarias.com.ar>
X-Mailer: git-send-email 1.7.8.6
In-Reply-To: <1354545972-26783-1-git-send-email-gustavo@zacarias.com.ar>
References: <1354545972-26783-1-git-send-email-gustavo@zacarias.com.ar>
X-Virus-Scanned: clamav-milter 0.97.5 at loknar
X-Virus-Status: Clean
Subject: [Buildroot] [PATCH 10/14] hostapd: bump to version 1.1
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: buildroot-bounces@busybox.net

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/hostapd/hostapd-cve-2012-4445.patch |   49 ------------------------
 package/hostapd/hostapd-openssl-1.0.1.patch |   54 ---------------------------
 package/hostapd/hostapd.mk                  |    4 +-
 3 files changed, 3 insertions(+), 104 deletions(-)
 delete mode 100644 package/hostapd/hostapd-cve-2012-4445.patch
 delete mode 100644 package/hostapd/hostapd-openssl-1.0.1.patch

diff --git a/package/hostapd/hostapd-cve-2012-4445.patch b/package/hostapd/hostapd-cve-2012-4445.patch
deleted file mode 100644
index 034a458..0000000
--- a/package/hostapd/hostapd-cve-2012-4445.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 567bacefd73782508bfe72d3624df495f0df4cd1 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 7 Oct 2012 20:06:29 +0300
-Subject: [PATCH] EAP-TLS server: Fix TLS Message Length validation
-
-EAP-TLS/PEAP/TTLS/FAST server implementation did not validate TLS
-Message Length value properly and could end up trying to store more
-information into the message buffer than the allocated size if the first
-fragment is longer than the indicated size. This could result in hostapd
-process terminating in wpabuf length validation. Fix this by rejecting
-messages that have invalid TLS Message Length value.
-
-This would affect cases that use the internal EAP authentication server
-in hostapd either directly with IEEE 802.1X or when using hostapd as a
-RADIUS authentication server and when receiving an incorrectly
-constructed EAP-TLS message. Cases where hostapd uses an external
-authentication are not affected.
-
-Thanks to Timo Warns for finding and reporting this issue.
-
-Signed-hostap: Jouni Malinen <j@w1.fi>
-intended-for: hostap-1
-(cherry picked from commit 586c446e0ff42ae00315b014924ec669023bd8de)
----
- src/eap_server/eap_server_tls_common.c |    8 ++++++++
- 1 files changed, 8 insertions(+), 0 deletions(-)
-
-diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
-index e149ee3..2cbe700 100644
---- a/src/eap_server/eap_server_tls_common.c
-+++ b/src/eap_server/eap_server_tls_common.c
-@@ -224,6 +224,14 @@ static int eap_server_tls_process_fragment(struct eap_ssl_data *data,
- 			return -1;
- 		}
- 
-+		if (len > message_length) {
-+			wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in "
-+				   "first fragment of frame (TLS Message "
-+				   "Length %d bytes)",
-+				   (int) len, (int) message_length);
-+			return -1;
-+		}
-+
- 		data->tls_in = wpabuf_alloc(message_length);
- 		if (data->tls_in == NULL) {
- 			wpa_printf(MSG_DEBUG, "SSL: No memory for message");
--- 
-1.7.4-rc1
-
diff --git a/package/hostapd/hostapd-openssl-1.0.1.patch b/package/hostapd/hostapd-openssl-1.0.1.patch
deleted file mode 100644
index 2e110f4..0000000
--- a/package/hostapd/hostapd-openssl-1.0.1.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From e6e243d97795306aeb604948e7101f9f14e8b8ca Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 17 Aug 2012 23:55:14 +0300
-Subject: [PATCH] Fix EAP-FAST with OpenSSL 1.0.1
-
-The mechanism to figure out key block size based on ssl->read_hash
-does not seem to work with OpenSSL 1.0.1, so add an alternative
-mechanism to figure out the NAC key size that seems to work at
-least with the current OpenSSL 1.0.1 releases.
-
-Signed-hostap: Jouni Malinen <j@w1.fi>
-intended-for: hostap-1
-(cherry picked from commit 7f996409e7e5aa0bb066257906e87ab3294d4fd0)
----
- src/crypto/tls_openssl.c |   14 +++++++++++++-
- 1 files changed, 13 insertions(+), 1 deletions(-)
-
-diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
-index 6380ce0..c4a76be 100644
---- a/src/crypto/tls_openssl.c
-+++ b/src/crypto/tls_openssl.c
-@@ -2785,6 +2785,7 @@ int tls_connection_get_keyblock_size(void *tls_ctx,
- {
- 	const EVP_CIPHER *c;
- 	const EVP_MD *h;
-+	int md_size;
- 
- 	if (conn == NULL || conn->ssl == NULL ||
- 	    conn->ssl->enc_read_ctx == NULL ||
-@@ -2798,9 +2799,20 @@ int tls_connection_get_keyblock_size(void *tls_ctx,
- #else
- 	h = conn->ssl->read_hash;
- #endif
-+	if (h)
-+		md_size = EVP_MD_size(h);
-+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
-+	else if (conn->ssl->s3)
-+		md_size = conn->ssl->s3->tmp.new_mac_secret_size;
-+#endif
-+	else
-+		return -1;
- 
-+	wpa_printf(MSG_DEBUG, "OpenSSL: keyblock size: key_len=%d MD_size=%d "
-+		   "IV_len=%d", EVP_CIPHER_key_length(c), md_size,
-+		   EVP_CIPHER_iv_length(c));
- 	return 2 * (EVP_CIPHER_key_length(c) +
--		    EVP_MD_size(h) +
-+		    md_size +
- 		    EVP_CIPHER_iv_length(c));
- }
- 
--- 
-1.7.4-rc1
-
diff --git a/package/hostapd/hostapd.mk b/package/hostapd/hostapd.mk
index 82d6231..45a93fc 100644
--- a/package/hostapd/hostapd.mk
+++ b/package/hostapd/hostapd.mk
@@ -4,13 +4,15 @@
 #
 #############################################################
 
-HOSTAPD_VERSION = 1.0
+HOSTAPD_VERSION = 1.1
 HOSTAPD_SITE = http://hostap.epitest.fi/releases
 HOSTAPD_SUBDIR = hostapd
 HOSTAPD_CONFIG = $(HOSTAPD_DIR)/$(HOSTAPD_SUBDIR)/.config
 HOSTAPD_DEPENDENCIES = libnl
 HOSTAPD_CFLAGS = $(TARGET_CFLAGS) -I$(STAGING_DIR)/usr/include/libnl3/
 HOSTAPD_LDFLAGS = $(TARGET_LDFLAGS)
+HOSTAPD_LICENSE = GPLv2/BSD-3c
+HOSTAPD_LICENSE_FILES = README
 
 # libnl needs -lm (for rint) if linking statically
 ifeq ($(BR2_PREFER_STATIC_LIB),y)