From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1721717-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id D71F91582EF
	for <garchives@archives.gentoo.org>; Wed, 26 Feb 2025 02:08:30 +0000 (UTC)
Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	(Authenticated sender: relay-lists.gentoo.org@gentoo.org)
	by smtp.gentoo.org (Postfix) with ESMTPSA id BB60E343130
	for <garchives@archives.gentoo.org>; Wed, 26 Feb 2025 02:08:30 +0000 (UTC)
Received: from bobolink.gentoo.org (localhost [127.0.0.1])
	by bobolink.gentoo.org (Postfix) with ESMTP id B9D6F1103AC;
	Wed, 26 Feb 2025 02:08:29 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by bobolink.gentoo.org (Postfix) with ESMTPS id AF2BD1103AC
	for <gentoo-commits@lists.gentoo.org>; Wed, 26 Feb 2025 02:08:29 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 49B8A343130
	for <gentoo-commits@lists.gentoo.org>; Wed, 26 Feb 2025 02:08:29 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 95A5927F5
	for <gentoo-commits@lists.gentoo.org>; Wed, 26 Feb 2025 02:08:27 +0000 (UTC)
From: "orbea" <orbea@riseup.net>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "orbea" <orbea@riseup.net>
Message-ID: <1740535618.b7c8dacc2af70690264029bda51fd82e32c1c9ab.orbea@gentoo>
Subject: [gentoo-commits] repo/proj/libressl:master commit in: net-wireless/hostapd/, net-wireless/hostapd/files/
X-VCS-Repository: repo/proj/libressl
X-VCS-Files: net-wireless/hostapd/Manifest net-wireless/hostapd/files/hostapd-2.11-libressl.patch net-wireless/hostapd/hostapd-2.11.ebuild
X-VCS-Directories: net-wireless/hostapd/files/ net-wireless/hostapd/
X-VCS-Committer: orbea
X-VCS-Committer-Name: orbea
X-VCS-Revision: b7c8dacc2af70690264029bda51fd82e32c1c9ab
X-VCS-Branch: master
Date: Wed, 26 Feb 2025 02:08:27 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 41fe38c4-29de-461f-aa6d-c4e6b53dafa4
X-Archives-Hash: a73ce87eb8a2691b0f810a2075cd9c8e

commit:     b7c8dacc2af70690264029bda51fd82e32c1c9ab
Author:     orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Wed Feb 26 02:06:36 2025 +0000
Commit:     orbea <orbea <AT> riseup <DOT> net>
CommitDate: Wed Feb 26 02:06:58 2025 +0000
URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=b7c8dacc

net-wireless/hostapd: add 2.11

Signed-off-by: orbea <orbea <AT> riseup.net>

 net-wireless/hostapd/Manifest                      |   1 +
 .../hostapd/files/hostapd-2.11-libressl.patch      |  24 ++
 net-wireless/hostapd/hostapd-2.11.ebuild           | 267 +++++++++++++++++++++
 3 files changed, 292 insertions(+)

diff --git a/net-wireless/hostapd/Manifest b/net-wireless/hostapd/Manifest
index c70e377..a94926f 100644
--- a/net-wireless/hostapd/Manifest
+++ b/net-wireless/hostapd/Manifest
@@ -1 +1,2 @@
 DIST hostapd-2.10.tar.gz 2440435 BLAKE2B dbeeae2f62a8ab52df3e2d05ff0467b643cd68349ef3b28814a11dfb67d4b23d14cf2461a3040694706ec614fcd7c2e0fe58f3597e877cf47296cd75e11c792f SHA512 243baa82d621f859d2507d8d5beb0ebda15a75548a62451dc9bca42717dcc8607adac49b354919a41d8257d16d07ac7268203a79750db0cfb34b51f80ff1ce8f
+DIST hostapd-2.11.tar.gz 2708343 BLAKE2B c88d03e148ab8985854b34c9113a894fa24602bfd48e0c7d7880de1de34624351b79b669bab72f5f0bda0f4b1a283a19a4e8b78276b061bd51388ea878def4c9 SHA512 1382af2a243e3a555507b55942f41d1233cc942826d26bc4f4dbe5e75560b3fe22e426948762fe162453e934685a69ef0c05723b7fecef71811fc1987e32b048

diff --git a/net-wireless/hostapd/files/hostapd-2.11-libressl.patch b/net-wireless/hostapd/files/hostapd-2.11-libressl.patch
new file mode 100644
index 0000000..450946c
--- /dev/null
+++ b/net-wireless/hostapd/files/hostapd-2.11-libressl.patch
@@ -0,0 +1,24 @@
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -3203,6 +3203,7 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
+ 	/* Start with defaults from BoringSSL */
+ 	SSL_CTX_set_verify_algorithm_prefs(conn->ssl_ctx, NULL, 0);
+ #endif /* OPENSSL_IS_BORINGSSL */
++#ifndef LIBRESSL_VERSION_NUMBER
+ 	if (flags & TLS_CONN_SUITEB_NO_ECDH) {
+ 		const char *ciphers = "DHE-RSA-AES256-GCM-SHA384";
+ 
+@@ -3298,6 +3299,13 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
+ 		SSL_set_options(ssl, SSL_OP_NO_TLSv1_1);
+ 		SSL_set_cert_cb(ssl, suiteb_cert_cb, conn);
+ 	}
++#else /* LIBRESSL_VERSION_NUMBER */
++	if (flags & (TLS_CONN_SUITEB | TLS_CONN_SUITEB_NO_ECDH)) {
++		wpa_printf(MSG_ERROR,
++			"OpenSSL: Suite B RSA case not supported with this OpenSSL version");
++		return -1;
++	}
++#endif /* LIBRESSL_VERSION_NUMBER */
+ 
+ #ifdef OPENSSL_IS_BORINGSSL
+ 	if (openssl_ciphers && os_strcmp(openssl_ciphers, "SUITEB192") == 0) {

diff --git a/net-wireless/hostapd/hostapd-2.11.ebuild b/net-wireless/hostapd/hostapd-2.11.ebuild
new file mode 100644
index 0000000..d4f4489
--- /dev/null
+++ b/net-wireless/hostapd/hostapd-2.11.ebuild
@@ -0,0 +1,267 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic systemd savedconfig toolchain-funcs
+
+DESCRIPTION="IEEE 802.11 wireless LAN Host AP daemon"
+HOMEPAGE="https://w1.fi/ https://w1.fi/cgit/hostap/"
+S="${S}/${PN}"
+
+if [[ ${PV} == 9999 ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://w1.fi/hostap.git"
+else
+	if [[ ${PV} =~ ^.*_p[0-9]{8}$ ]]; then
+		SRC_URI+=" https://dev.gentoo.org/~andrey_utkin/distfiles/${P}.tar.xz"
+	else
+		SRC_URI+=" https://w1.fi/releases/${P}.tar.gz"
+	fi
+
+	# Never stabilize snapshot ebuilds please
+	KEYWORDS="~amd64 ~arm ~arm64 ~mips ~ppc ~x86"
+fi
+
+LICENSE="BSD"
+SLOT="0"
+IUSE="internal-tls ipv6 netlink selinux sqlite +suiteb +wps"
+
+DEPEND="
+	internal-tls? ( dev-libs/libtommath )
+	!internal-tls? ( dev-libs/openssl:0=[-bindist(-)] )
+	kernel_linux? (
+		net-wireless/wireless-regdb
+		>=dev-libs/libnl-3.2:3
+	)
+	netlink? ( net-libs/libnfnetlink )
+	sqlite? ( dev-db/sqlite:3 )
+"
+RDEPEND="
+	${DEPEND}
+	selinux? ( sec-policy/selinux-hostapd )
+"
+BDEPEND="virtual/pkgconfig"
+
+PATCHES=( "${FILESDIR}"/${PN}-2.11-libressl.patch )
+
+pkg_pretend() {
+	if use internal-tls; then
+		ewarn "internal-tls implementation is experimental and provides fewer features"
+	fi
+}
+
+src_unpack() {
+	# Override default one because we need the SRC_URI ones even in case of 9999 ebuilds
+	default
+
+	if [[ ${PV} == 9999 ]] ; then
+		git-r3_src_unpack
+	fi
+}
+
+src_prepare() {
+	# Allow users to apply patches to src/drivers for example,
+	# i.e. anything outside ${S}/${PN}
+	pushd ../ >/dev/null || die
+	default
+	popd >/dev/null || die
+
+	sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \
+		"${S}/hostapd.conf" || die
+}
+
+src_configure() {
+	local CONFIG="${S}"/.config
+
+	restore_config "${CONFIG}"
+	if [[ -f "${CONFIG}" ]]; then
+		default
+		return 0
+	fi
+
+	# toolchain setup
+	echo "CC = $(tc-getCC)" > "${CONFIG}" || die
+
+	# EAP authentication methods
+	echo "CONFIG_EAP=y" >> "${CONFIG}" || die
+	echo "CONFIG_ERP=y" >> "${CONFIG}" || die
+	echo "CONFIG_EAP_MD5=y" >> "${CONFIG}" || die
+
+	if use suiteb; then
+		echo "CONFIG_SUITEB=y" >> "${CONFIG}" || die
+		echo "CONFIG_SUITEB192=y" >> "${CONFIG}" || die
+	fi
+
+	if use internal-tls ; then
+		echo "CONFIG_TLS=internal" >> "${CONFIG}" || die
+	else
+		# SSL authentication methods
+		echo "CONFIG_DPP=y" >> "${CONFIG}" || die
+		echo "CONFIG_EAP_FAST=y" >> "${CONFIG}" || die
+		echo "CONFIG_EAP_MSCHAPV2=y" >> "${CONFIG}" || die
+		echo "CONFIG_EAP_PEAP=y" >> "${CONFIG}" || die
+		echo "CONFIG_EAP_PWD=y" >> "${CONFIG}" || die
+		echo "CONFIG_EAP_TLS=y" >> "${CONFIG}" || die
+		echo "CONFIG_EAP_TTLS=y" >> "${CONFIG}" || die
+		echo "CONFIG_OWE=y" >> "${CONFIG}" || die
+		echo "CONFIG_SAE=y" >> "${CONFIG}" || die
+		echo "CONFIG_TLSV11=y" >> "${CONFIG}" || die
+		echo "CONFIG_TLSV12=y" >> "${CONFIG}" || die
+	fi
+
+	if use wps; then
+		# Enable Wi-Fi Protected Setup
+		echo "CONFIG_WPS=y" >> "${CONFIG}" || die
+		echo "CONFIG_WPS2=y" >> "${CONFIG}" || die
+		echo "CONFIG_WPS_UPNP=y" >> "${CONFIG}" || die
+		echo "CONFIG_WPS_NFC=y" >> "${CONFIG}" || die
+		einfo "Enabling Wi-Fi Protected Setup support"
+	fi
+
+	echo "CONFIG_EAP_IKEV2=y" >> "${CONFIG}" || die
+	echo "CONFIG_EAP_TNC=y" >> "${CONFIG}" || die
+	echo "CONFIG_EAP_GTC=y" >> "${CONFIG}" || die
+	echo "CONFIG_EAP_SIM=y" >> "${CONFIG}" || die
+	echo "CONFIG_EAP_AKA=y" >> "${CONFIG}" || die
+	echo "CONFIG_EAP_AKA_PRIME=y" >> "${CONFIG}" || die
+	echo "CONFIG_EAP_EKE=y" >> "${CONFIG}" || die
+	echo "CONFIG_EAP_PAX=y" >> "${CONFIG}" || die
+	echo "CONFIG_EAP_PSK=y" >> "${CONFIG}" || die
+	echo "CONFIG_EAP_SAKE=y" >> "${CONFIG}" || die
+	echo "CONFIG_EAP_GPSK=y" >> "${CONFIG}" || die
+	echo "CONFIG_EAP_GPSK_SHA256=y" >> "${CONFIG}" || die
+
+	einfo "Enabling drivers: "
+
+	# drivers
+	echo "CONFIG_DRIVER_HOSTAP=y" >> "${CONFIG}" || die
+	einfo "  HostAP driver enabled"
+	echo "CONFIG_DRIVER_WIRED=y" >> "${CONFIG}" || die
+	einfo "  Wired driver enabled"
+	echo "CONFIG_DRIVER_NONE=y" >> "${CONFIG}" || die
+	einfo "  None driver enabled"
+
+	einfo "  nl80211 driver enabled"
+	echo "CONFIG_DRIVER_NL80211=y" >> "${CONFIG}" || die
+
+	# epoll
+	echo "CONFIG_ELOOP_EPOLL=y" >> "${CONFIG}" || die
+
+	# misc
+	echo "CONFIG_DEBUG_FILE=y" >> "${CONFIG}" || die
+	echo "CONFIG_PKCS12=y" >> "${CONFIG}" || die
+	echo "CONFIG_RADIUS_SERVER=y" >> "${CONFIG}" || die
+	echo "CONFIG_IAPP=y" >> "${CONFIG}" || die
+	echo "CONFIG_IEEE80211R=y" >> "${CONFIG}" || die
+	echo "CONFIG_IEEE80211W=y" >> "${CONFIG}" || die
+	echo "CONFIG_IEEE80211N=y" >> "${CONFIG}" || die
+	echo "CONFIG_IEEE80211AC=y" >> "${CONFIG}" || die
+	echo "CONFIG_IEEE80211AX=y" >> "${CONFIG}" || die
+	echo "CONFIG_IEEE80211BE=y" >> "${CONFIG}" || die
+	echo "CONFIG_OCV=y" >> "${CONFIG}" || die
+	echo "CONFIG_PEERKEY=y" >> "${CONFIG}" || die
+	echo "CONFIG_RSN_PREAUTH=y" >> "${CONFIG}" || die
+	echo "CONFIG_INTERWORKING=y" >> "${CONFIG}" || die
+	echo "CONFIG_FULL_DYNAMIC_VLAN=y" >> "${CONFIG}" || die
+	echo "CONFIG_HS20=y" >> "${CONFIG}" || die
+	echo "CONFIG_WNM=y" >> "${CONFIG}" || die
+	echo "CONFIG_FST=y" >> "${CONFIG}" || die
+	echo "CONFIG_FST_TEST=y" >> "${CONFIG}" || die
+	echo "CONFIG_ACS=y" >> "${CONFIG}" || die
+
+	if use netlink; then
+		# Netlink support
+		echo "CONFIG_VLAN_NETLINK=y" >> "${CONFIG}" || die
+	fi
+
+	if use ipv6; then
+		# IPv6 support
+		echo "CONFIG_IPV6=y" >> "${CONFIG}" || die
+	fi
+
+	if use sqlite; then
+		# Sqlite support
+		echo "CONFIG_SQLITE=y" >> "${CONFIG}" || die
+	fi
+
+	if use kernel_linux; then
+		echo "CONFIG_LIBNL32=y" >> "${CONFIG}" || die
+		append-cflags "$($(tc-getPKG_CONFIG) --cflags libnl-3.0)"
+	fi
+
+	# TODO: Add support for BSD drivers
+
+	default
+}
+
+src_compile() {
+	emake V=1
+
+	if ! use internal-tls; then
+		emake V=1 nt_password_hash
+		emake V=1 hlr_auc_gw
+	fi
+}
+
+src_install() {
+	insinto /etc/${PN}
+	doins ${PN}.{conf,accept,deny,eap_user,radius_clients,sim_db,wpa_psk}
+
+	fperms -R 600 /etc/${PN}
+
+	dosbin ${PN}
+	dobin ${PN}_cli
+
+	if ! use internal-tls; then
+		dobin nt_password_hash hlr_auc_gw
+	fi
+
+	newinitd "${FILESDIR}/${PN}-init.d" ${PN}
+	newconfd "${FILESDIR}/${PN}-conf.d" ${PN}
+	systemd_dounit "${FILESDIR}/${PN}.service"
+
+	doman ${PN}{.8,_cli.1}
+
+	dodoc ChangeLog README
+	use wps && dodoc README-WPS
+
+	docinto examples
+	dodoc wired.conf
+
+	insinto /etc/log.d/conf/services/
+	doins logwatch/${PN}.conf
+
+	exeinto /etc/log.d/scripts/services/
+	doexe logwatch/${PN}
+
+	save_config .config
+}
+
+pkg_postinst() {
+	einfo
+	einfo "If you are running OpenRC you need to follow this instructions:"
+	einfo "In order to use ${PN} you need to set up your wireless card"
+	einfo "for master mode in /etc/conf.d/net and then start"
+	einfo "/etc/init.d/${PN}."
+	einfo
+	einfo "Example configuration:"
+	einfo
+	einfo "config_wlan0=( \"192.168.1.1/24\" )"
+	einfo "channel_wlan0=\"6\""
+	einfo "essid_wlan0=\"test\""
+	einfo "mode_wlan0=\"master\""
+	einfo
+
+	#if [[ -e "${KV_DIR}"/net/mac80211 ]]; then
+	#	einfo "This package now compiles against the headers installed by"
+	#	einfo "the kernel source for the mac80211 driver. You should "
+	#	einfo "re-emerge ${PN} after upgrading your kernel source."
+	#fi
+
+	if use wps; then
+		einfo "You have enabled Wi-Fi Protected Setup support, please"
+		einfo "read the README-WPS file in /usr/share/doc/${PF}"
+		einfo "for info on how to use WPS"
+	fi
+}