From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 0E6F71382C5 for ; Fri, 8 Jan 2021 01:06:14 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2C0B6E084A; Fri, 8 Jan 2021 01:06:11 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 0706AE084A for ; Fri, 8 Jan 2021 01:06:09 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id D4500341402 for ; Fri, 8 Jan 2021 01:05:58 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 717824C for ; Fri, 8 Jan 2021 01:05:57 +0000 (UTC) From: "Ben Kohler" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Ben Kohler" Message-ID: <1610067754.ee2f492c617ac4cc8f8c1d4b01563cc170a803c8.bkohler@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-wireless/iwd/, net-wireless/iwd/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-wireless/iwd/Manifest net-wireless/iwd/files/iwd-1.8-eapol-prevent-key-reinstallation.patch net-wireless/iwd/iwd-1.8-r3.ebuild net-wireless/iwd/iwd-1.9-r1.ebuild X-VCS-Directories: net-wireless/iwd/ net-wireless/iwd/files/ X-VCS-Committer: bkohler X-VCS-Committer-Name: Ben Kohler X-VCS-Revision: ee2f492c617ac4cc8f8c1d4b01563cc170a803c8 X-VCS-Branch: master Date: Fri, 8 Jan 2021 01:05:57 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 2b3ff5e0-e849-4a57-af21-c7c805a29c7a X-Archives-Hash: 5ad1053aeeb243050493c1c0f89908a2 commit: ee2f492c617ac4cc8f8c1d4b01563cc170a803c8 Author: Ben Kohler gentoo org> AuthorDate: Fri Jan 8 01:01:58 2021 +0000 Commit: Ben Kohler gentoo org> CommitDate: Fri Jan 8 01:02:34 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee2f492c net-wireless/iwd: drop old Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Ben Kohler gentoo.org> net-wireless/iwd/Manifest | 2 - .../iwd-1.8-eapol-prevent-key-reinstallation.patch | 73 --------- net-wireless/iwd/iwd-1.8-r3.ebuild | 160 ------------------ net-wireless/iwd/iwd-1.9-r1.ebuild | 180 --------------------- 4 files changed, 415 deletions(-) diff --git a/net-wireless/iwd/Manifest b/net-wireless/iwd/Manifest index 69ff7417b70..c483850244a 100644 --- a/net-wireless/iwd/Manifest +++ b/net-wireless/iwd/Manifest @@ -1,4 +1,2 @@ DIST iwd-1.10.tar.xz 897928 BLAKE2B 1589300201c835b2b14c34a9adefb525173cc2f9c8154f0a5f12da64a1da3d383acf328c5138bb8d4903ff08f339b7d55f02e215896af90aa75d244f61c3de1f SHA512 c128ec764e9d727b4ae1157717826b3219c5d368746f7709a01cb816f077afaa32083052ee2a4ecd09a7fbd36c03ea9ba6bd1a84c2a33210398dd060e9020db5 DIST iwd-1.11.tar.xz 907020 BLAKE2B 3b2c0922745c699ba01a2f46061246fbad6e2c7ea1a2f58cd13b5bf2169e9517652740f2dd872b5a274d74a5b8f1962c8e4696eabe5481a0c4783f202217599e SHA512 09c5e5e105b6107d88eff4238bf023f7bf1a408f522b9f84fac890c123bff2e124b937b81e1559db7fe0720f0ac423dc7d37c1b6d502fc4a7b7403fcd798e01d -DIST iwd-1.8.tar.xz 865668 BLAKE2B ba1be5c1658df950fe28deca6b8c3c9482eda260fbd05f721cb34cadcb2852768086e65e7c74940bc6ddd345d1438624b59bdfe4b6a5323dd122a0cd397008d7 SHA512 f1caa330b3ff18b4598efec596a4b9a22887833218a90d19d59717503679eff71fdb990cb63bd74b8f1523197a366cd803d799259e8002e5cde2745b03d51d8e -DIST iwd-1.9.tar.xz 883616 BLAKE2B 57dd4a6e00d73bcfb752e1bd3661e97251d1dab4c05638d148ae7031bff35d606063f79e575ed4d3d3a60ff5514eb3fc340e1eec4c2e7074bf8d6d4b79832f6d SHA512 d8762495f7f5a342476653c0cf64c31b3b41a3064a05c4fcf49b9faf4394b0d7a5db6aae6324896bdc8f7b104697fb4c4315f7073a4fde4fc87f8f55d932538b diff --git a/net-wireless/iwd/files/iwd-1.8-eapol-prevent-key-reinstallation.patch b/net-wireless/iwd/files/iwd-1.8-eapol-prevent-key-reinstallation.patch deleted file mode 100644 index dceb808297e..00000000000 --- a/net-wireless/iwd/files/iwd-1.8-eapol-prevent-key-reinstallation.patch +++ /dev/null @@ -1,73 +0,0 @@ -From f22ba5aebb569ca54521afd2babdc1f67e3904ea Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef -Date: Wed, 12 Aug 2020 15:17:21 +0400 -Subject: eapol: prevent key reinstallation on retransmitted Msg4/4 - -Currently an adversary can retransmit EAPOL Msg4/4 to make the AP -reinstall the PTK. Against older Linux kernels this can subsequently -be used to decrypt, replay, and possibly decrypt frames. See the -KRACK attacks research at krackattacks.com for attack scenarios. -In this case no machine-in-the-middle position is needed to trigger -the key reinstallation. - -Fix this by using the ptk_complete boolean to track when the 4-way -handshake has completed (similar to its usage for clients). When -receiving a retransmitted Msg4/4 accept this frame but do not reinstall -the PTK. - -Credits to Chris M. Stone, Sam Thomas, and Tom Chothia of Birmingham -University to help discover this issue. ---- - src/eapol.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git a/src/eapol.c b/src/eapol.c -index b0036c10..e3581cfe 100644 ---- a/src/eapol.c -+++ b/src/eapol.c -@@ -1462,7 +1462,6 @@ static void eapol_handle_ptk_2_of_4(struct eapol_sm *sm, - memcpy(sm->handshake->snonce, ek->key_nonce, - sizeof(sm->handshake->snonce)); - sm->handshake->have_snonce = true; -- sm->handshake->ptk_complete = true; - - sm->frame_retry = 0; - -@@ -1782,7 +1781,15 @@ static void eapol_handle_ptk_4_of_4(struct eapol_sm *sm, - l_timeout_remove(sm->timeout); - sm->timeout = NULL; - -- handshake_state_install_ptk(sm->handshake); -+ /* -+ * If ptk_complete is set, then we are receiving Message 4 again. -+ * This might be a retransmission, so accept but don't install -+ * the keys again. -+ */ -+ if (!sm->handshake->ptk_complete) -+ handshake_state_install_ptk(sm->handshake); -+ -+ sm->handshake->ptk_complete = true; - } - - static void eapol_handle_gtk_1_of_2(struct eapol_sm *sm, -@@ -2185,6 +2192,7 @@ static void eapol_auth_key_handle(struct eapol_sm *sm, - size_t frame_len = 4 + L_BE16_TO_CPU(frame->header.packet_len); - const struct eapol_key *ek = eapol_key_validate((const void *) frame, - frame_len, sm->mic_len); -+ uint16_t key_data_len; - - if (!ek) - return; -@@ -2199,7 +2207,8 @@ static void eapol_auth_key_handle(struct eapol_sm *sm, - if (!sm->handshake->have_anonce) - return; /* Not expecting an EAPoL-Key yet */ - -- if (!sm->handshake->ptk_complete) -+ key_data_len = EAPOL_KEY_DATA_LEN(ek, sm->mic_len); -+ if (key_data_len != 0) - eapol_handle_ptk_2_of_4(sm, ek); - else - eapol_handle_ptk_4_of_4(sm, ek); --- -cgit 1.2.3-1.el7 - diff --git a/net-wireless/iwd/iwd-1.8-r3.ebuild b/net-wireless/iwd/iwd-1.8-r3.ebuild deleted file mode 100644 index a8c6fbd6ae4..00000000000 --- a/net-wireless/iwd/iwd-1.8-r3.ebuild +++ /dev/null @@ -1,160 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -inherit flag-o-matic linux-info systemd - -#Set this variable to the required external ell version -ELL_REQ="0.32" - -if [[ ${PV} == *9999* ]]; then - inherit autotools git-r3 - IWD_EGIT_REPO_URI="https://git.kernel.org/pub/scm/network/wireless/iwd.git" - ELL_EGIT_REPO_URI="https://git.kernel.org/pub/scm/libs/ell/ell.git" -else - SRC_URI="https://www.kernel.org/pub/linux/network/wireless/${P}.tar.xz" - KEYWORDS="~alpha amd64 arm arm64 ~ia64 ppc ppc64 ~sparc x86" -fi - -DESCRIPTION="Wireless daemon for linux" -HOMEPAGE="https://git.kernel.org/pub/scm/network/wireless/iwd.git/" - -LICENSE="GPL-2" -SLOT="0" -IUSE="+client +crda +monitor ofono wired cpu_flags_x86_aes cpu_flags_x86_ssse3" - -COMMON_DEPEND="sys-apps/dbus - client? ( sys-libs/readline:0= )" - -[[ -z "${ELL_REQ}" ]] || COMMON_DEPEND+=" ~dev-libs/ell-${ELL_REQ}" - -RDEPEND="${COMMON_DEPEND} - net-wireless/wireless-regdb - crda? ( net-wireless/crda )" - -DEPEND="${COMMON_DEPEND} - virtual/pkgconfig" - -[[ ${PV} == *9999* ]] && DEPEND+=" dev-python/docutils" - -PATCHES=( "${FILESDIR}"/iwd-1.8-eapol-prevent-key-reinstallation.patch ) - -pkg_setup() { - CONFIG_CHECK=" - ~ASYMMETRIC_KEY_TYPE - ~ASYMMETRIC_PUBLIC_KEY_SUBTYPE - ~CFG80211 - ~CRYPTO_AES - ~CRYPTO_ARC4 - ~CRYPTO_CBC - ~CRYPTO_CMAC - ~CRYPTO_DES - ~CRYPTO_ECB - ~CRYPTO_HMAC - ~CRYPTO_MD4 - ~CRYPTO_MD5 - ~CRYPTO_RSA - ~CRYPTO_SHA1 - ~CRYPTO_SHA256 - ~CRYPTO_SHA512 - ~CRYPTO_USER_API_HASH - ~CRYPTO_USER_API_SKCIPHER - ~KEY_DH_OPERATIONS - ~PKCS7_MESSAGE_PARSER - ~RFKILL - ~X509_CERTIFICATE_PARSER - " - if use crda;then - CONFIG_CHECK="${CONFIG_CHECK} ~CFG80211_CRDA_SUPPORT" - WARNING_CFG80211_CRDA_SUPPORT="REGULATORY DOMAIN PROBLEM: please enable CFG80211_CRDA_SUPPORT for proper regulatory domain support" - fi - - if use amd64;then - CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_DES3_EDE_X86_64" - WARNING_CRYPTO_DES3_EDE_X86_64="CRYPTO_DES3_EDE_X86_64: enable for increased performance" - fi - - if use cpu_flags_x86_aes;then - CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_AES_NI_INTEL" - WARNING_CRYPTO_AES_NI_INTEL="CRYPTO_AES_NI_INTEL: enable for increased performance" - fi - - if use cpu_flags_x86_ssse3 && use amd64; then - CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_SHA1_SSSE3 ~CRYPTO_SHA256_SSSE3 ~CRYPTO_SHA512_SSSE3" - WARNING_CRYPTO_SHA1_SSSE3="CRYPTO_SHA1_SSSE3: enable for increased performance" - WARNING_CRYPTO_SHA256_SSSE3="CRYPTO_SHA256_SSSE3: enable for increased performance" - WARNING_CRYPTO_SHA512_SSSE3="CRYPTO_SHA512_SSSE3: enable for increased performance" - fi - - if use kernel_linux && kernel_is -ge 4 20; then - CONFIG_CHECK="${CONFIG_CHECK} ~PKCS8_PRIVATE_KEY_PARSER" - fi - - check_extra_config - - if ! use crda; then - if use kernel_linux && kernel_is -lt 4 15; then - ewarn "POSSIBLE REGULATORY DOMAIN PROBLEM:" - ewarn "Regulatory domain support for kernels older than 4.15 requires crda." - fi - if linux_config_exists && linux_chkconfig_builtin CFG80211 && - [[ $(linux_chkconfig_string EXTRA_FIRMWARE) != *regulatory.db* ]] - then - ewarn "" - ewarn "REGULATORY DOMAIN PROBLEM:" - ewarn "With CONFIG_CFG80211=y (built-in), the driver won't be able to load regulatory.db from" - ewarn " /lib/firmware, resulting in broken regulatory domain support. Please set CONFIG_CFG80211=m" - ewarn " or add regulatory.db and regulatory.db.p7s to CONFIG_EXTRA_FIRMWARE." - ewarn "" - fi - fi -} - -src_unpack() { - if [[ ${PV} == *9999* ]] ; then - EGIT_REPO_URI=${IWD_EGIT_REPO_URI} git-r3_src_unpack - EGIT_REPO_URI=${ELL_EGIT_REPO_URI} EGIT_CHECKOUT_DIR=${WORKDIR}/ell git-r3_src_unpack - else - default - fi -} - -src_prepare() { - default - if [[ ${PV} == *9999* ]] ; then - eautoreconf - fi -} - -src_configure() { - append-cflags "-fsigned-char" - local myeconfargs=( - --sysconfdir="${EPREFIX}"/etc/iwd --localstatedir="${EPREFIX}"/var - $(use_enable client) - $(use_enable monitor) - $(use_enable ofono) - $(use_enable wired) - --enable-systemd-service - --with-systemd-unitdir="$(systemd_get_systemunitdir)" - --with-systemd-modloaddir="${EPREFIX}/usr/lib/modules-load.d" - --with-systemd-networkdir="$(systemd_get_utildir)/network" - ) - [[ ${PV} == *9999* ]] || myeconfargs+=(--enable-external-ell) - econf "${myeconfargs[@]}" -} - -src_install() { - default - keepdir /var/lib/${PN} - - newinitd "${FILESDIR}/iwd.initd-r1" iwd - - if use wired;then - newinitd "${FILESDIR}/ead.initd" ead - fi - - if [[ ${PV} == *9999* ]] ; then - exeinto /usr/share/iwd/scripts/ - doexe test/* - fi -} diff --git a/net-wireless/iwd/iwd-1.9-r1.ebuild b/net-wireless/iwd/iwd-1.9-r1.ebuild deleted file mode 100644 index c170b16a7f3..00000000000 --- a/net-wireless/iwd/iwd-1.9-r1.ebuild +++ /dev/null @@ -1,180 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -inherit flag-o-matic linux-info systemd - -#Set this variable to the required external ell version -ELL_REQ="0.33" - -if [[ ${PV} == *9999* ]]; then - inherit autotools git-r3 - IWD_EGIT_REPO_URI="https://git.kernel.org/pub/scm/network/wireless/iwd.git" - ELL_EGIT_REPO_URI="https://git.kernel.org/pub/scm/libs/ell/ell.git" -else - SRC_URI="https://www.kernel.org/pub/linux/network/wireless/${P}.tar.xz" - KEYWORDS="~alpha amd64 arm arm64 ~ia64 ppc ~ppc64 ~sparc x86" -fi - -DESCRIPTION="Wireless daemon for linux" -HOMEPAGE="https://git.kernel.org/pub/scm/network/wireless/iwd.git/" - -LICENSE="GPL-2" -SLOT="0" -IUSE="+client +crda +monitor ofono wired cpu_flags_x86_aes cpu_flags_x86_ssse3 -standalone systemd" - -COMMON_DEPEND=" - sys-apps/dbus - client? ( sys-libs/readline:0= ) -" - -[[ -z "${ELL_REQ}" ]] || COMMON_DEPEND+=" ~dev-libs/ell-${ELL_REQ}" - -RDEPEND=" - ${COMMON_DEPEND} - net-wireless/wireless-regdb - crda? ( net-wireless/crda ) - standalone? ( - systemd? ( sys-apps/systemd ) - !systemd? ( virtual/resolvconf ) - ) -" - -DEPEND=" - ${COMMON_DEPEND} - virtual/pkgconfig -" - -[[ ${PV} == *9999* ]] && DEPEND+=" dev-python/docutils" - -pkg_setup() { - CONFIG_CHECK=" - ~ASYMMETRIC_KEY_TYPE - ~ASYMMETRIC_PUBLIC_KEY_SUBTYPE - ~CFG80211 - ~CRYPTO_AES - ~CRYPTO_ARC4 - ~CRYPTO_CBC - ~CRYPTO_CMAC - ~CRYPTO_DES - ~CRYPTO_ECB - ~CRYPTO_HMAC - ~CRYPTO_MD4 - ~CRYPTO_MD5 - ~CRYPTO_RSA - ~CRYPTO_SHA1 - ~CRYPTO_SHA256 - ~CRYPTO_SHA512 - ~CRYPTO_USER_API_HASH - ~CRYPTO_USER_API_SKCIPHER - ~KEY_DH_OPERATIONS - ~PKCS7_MESSAGE_PARSER - ~RFKILL - ~X509_CERTIFICATE_PARSER - " - if use crda;then - CONFIG_CHECK="${CONFIG_CHECK} ~CFG80211_CRDA_SUPPORT" - WARNING_CFG80211_CRDA_SUPPORT="REGULATORY DOMAIN PROBLEM: please enable CFG80211_CRDA_SUPPORT for proper regulatory domain support" - fi - - if use amd64;then - CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_DES3_EDE_X86_64" - WARNING_CRYPTO_DES3_EDE_X86_64="CRYPTO_DES3_EDE_X86_64: enable for increased performance" - fi - - if use cpu_flags_x86_aes;then - CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_AES_NI_INTEL" - WARNING_CRYPTO_AES_NI_INTEL="CRYPTO_AES_NI_INTEL: enable for increased performance" - fi - - if use cpu_flags_x86_ssse3 && use amd64; then - CONFIG_CHECK="${CONFIG_CHECK} ~CRYPTO_SHA1_SSSE3 ~CRYPTO_SHA256_SSSE3 ~CRYPTO_SHA512_SSSE3" - WARNING_CRYPTO_SHA1_SSSE3="CRYPTO_SHA1_SSSE3: enable for increased performance" - WARNING_CRYPTO_SHA256_SSSE3="CRYPTO_SHA256_SSSE3: enable for increased performance" - WARNING_CRYPTO_SHA512_SSSE3="CRYPTO_SHA512_SSSE3: enable for increased performance" - fi - - if use kernel_linux && kernel_is -ge 4 20; then - CONFIG_CHECK="${CONFIG_CHECK} ~PKCS8_PRIVATE_KEY_PARSER" - fi - - check_extra_config - - if ! use crda; then - if use kernel_linux && kernel_is -lt 4 15; then - ewarn "POSSIBLE REGULATORY DOMAIN PROBLEM:" - ewarn "Regulatory domain support for kernels older than 4.15 requires crda." - fi - if linux_config_exists && linux_chkconfig_builtin CFG80211 && - [[ $(linux_chkconfig_string EXTRA_FIRMWARE) != *regulatory.db* ]] - then - ewarn "" - ewarn "REGULATORY DOMAIN PROBLEM:" - ewarn "With CONFIG_CFG80211=y (built-in), the driver won't be able to load regulatory.db from" - ewarn " /lib/firmware, resulting in broken regulatory domain support. Please set CONFIG_CFG80211=m" - ewarn " or add regulatory.db and regulatory.db.p7s to CONFIG_EXTRA_FIRMWARE." - ewarn "" - fi - fi -} - -src_unpack() { - if [[ ${PV} == *9999* ]] ; then - EGIT_REPO_URI=${IWD_EGIT_REPO_URI} git-r3_src_unpack - EGIT_REPO_URI=${ELL_EGIT_REPO_URI} EGIT_CHECKOUT_DIR=${WORKDIR}/ell git-r3_src_unpack - else - default - fi -} - -src_prepare() { - default - if [[ ${PV} == *9999* ]] ; then - eautoreconf - fi -} - -src_configure() { - append-cflags "-fsigned-char" - local myeconfargs=( - --sysconfdir="${EPREFIX}"/etc/iwd --localstatedir="${EPREFIX}"/var - $(use_enable client) - $(use_enable monitor) - $(use_enable ofono) - $(use_enable wired) - --enable-systemd-service - --with-systemd-unitdir="$(systemd_get_systemunitdir)" - --with-systemd-modloaddir="${EPREFIX}/usr/lib/modules-load.d" - --with-systemd-networkdir="$(systemd_get_utildir)/network" - ) - [[ ${PV} == *9999* ]] || myeconfargs+=(--enable-external-ell) - econf "${myeconfargs[@]}" -} - -src_install() { - default - keepdir /var/lib/${PN} - - newinitd "${FILESDIR}/iwd.initd-r1" iwd - - if use wired;then - newinitd "${FILESDIR}/ead.initd" ead - fi - - if [[ ${PV} == *9999* ]] ; then - exeinto /usr/share/iwd/scripts/ - doexe test/* - fi - - if use standalone ; then - local iwdconf="${ED}/etc/iwd/main.conf" - dodir /etc/iwd - echo "[General]" > "${iwdconf}" - echo "EnableNetworkConfiguration=true" >> "${iwdconf}" - echo "[Network]" >> "${iwdconf}" - echo "NameResolvingService=$(usex systemd systemd resolvconf)" >> "${iwdconf}" - dodir /etc/conf.d - echo "rc_provide=\"net\"" > ${ED}/etc/conf.d/iwd - fi -}