mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
6c6959694a
- Update from version 2_10 to 2_11
- Update of rootfile not required
- Update of patches to latest source tarball
- Changelog
2_11
* Wi-Fi Easy Connect
- add support for DPP release 3
- allow Configurator parameters to be provided during config exchange
* HE/IEEE 802.11ax/Wi-Fi 6
- various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
- add preliminary support
* SAE: add support for fetching the password from a RADIUS server
* support OpenSSL 3.0 API changes
* support background radar detection and CAC with some additional
drivers
* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
* EAP-SIM/AKA: support IMSI privacy
* improve 4-way handshake operations
- use Secure=1 in message 3 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* extend PASN support for secure ranging
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
- this is based on additional details being added in the IEEE 802.11
standard
- the new implementation is not backwards compatible
* improved ACS to cover additional channel types/bandwidths
* extended Multiple BSSID support
* fix beacon protection with FT protocol (incorrect BIGTK was provided)
* support unsynchronized service discovery (USD)
* add preliminary support for RADIUS/TLS
* add support for explicit SSID protection in 4-way handshake
(a mitigation for CVE-2023-52424; disabled by default for now, can be
enabled with ssid_protection=1)
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* use stricter validation for some RADIUS messages
* a large number of other fixes, cleanup, and extensions
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
104 lines
4.1 KiB
Plaintext
104 lines
4.1 KiB
Plaintext
###############################################################################
|
|
# #
|
|
# IPFire.org - A linux based firewall #
|
|
# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
|
|
# #
|
|
# This program is free software: you can redistribute it and/or modify #
|
|
# it under the terms of the GNU General Public License as published by #
|
|
# the Free Software Foundation, either version 3 of the License, or #
|
|
# (at your option) any later version. #
|
|
# #
|
|
# This program is distributed in the hope that it will be useful, #
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
|
|
# GNU General Public License for more details. #
|
|
# #
|
|
# You should have received a copy of the GNU General Public License #
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
|
|
# #
|
|
###############################################################################
|
|
|
|
###############################################################################
|
|
# Definitions
|
|
###############################################################################
|
|
|
|
include Config
|
|
|
|
SUMMARY = Daemon for running a WPA capable Access Point
|
|
VER = 2_11
|
|
|
|
THISAPP = hostap_$(VER)
|
|
DL_FILE = $(THISAPP).tar.bz2
|
|
DL_FROM = $(URL_IPFIRE)
|
|
DIR_APP = $(DIR_SRC)/$(THISAPP)
|
|
TARGET = $(DIR_INFO)/$(THISAPP)
|
|
PROG = hostapd
|
|
PAK_VER = 64
|
|
|
|
DEPS =
|
|
|
|
SERVICES = hostapd
|
|
|
|
###############################################################################
|
|
# Top-level Rules
|
|
###############################################################################
|
|
|
|
objects = $(DL_FILE)
|
|
|
|
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
|
|
|
|
$(DL_FILE)_BLAKE2 = de98a3634ff937b0068329219e4fa5dece34c9eeb27fa81a9e7de689d5dd2936ceb0ea43923a0e994e0a7bfcd71709b5f739df2f3efdd7c6ec5c765171711a19
|
|
|
|
install : $(TARGET)
|
|
|
|
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
|
|
|
|
download :$(patsubst %,$(DIR_DL)/%,$(objects))
|
|
|
|
b2 : $(subst %,%_BLAKE2,$(objects))
|
|
|
|
dist:
|
|
@$(PAK)
|
|
|
|
###############################################################################
|
|
# Downloading, checking, b2sum
|
|
###############################################################################
|
|
|
|
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
|
|
@$(CHECK)
|
|
|
|
$(patsubst %,$(DIR_DL)/%,$(objects)) :
|
|
@$(LOAD)
|
|
|
|
$(subst %,%_BLAKE2,$(objects)) :
|
|
@$(B2SUM)
|
|
|
|
###############################################################################
|
|
# Installation Details
|
|
###############################################################################
|
|
|
|
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
|
|
@$(PREBUILD)
|
|
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
|
|
|
|
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/hostapd/hostapd-2.11-increase_EAPOL-timeouts.patch
|
|
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/hostapd/hostapd-2.11-noscan.patch
|
|
|
|
cd $(DIR_APP)/hostapd && cp $(DIR_SRC)/config/hostapd/config ./.config
|
|
cd $(DIR_APP)/hostapd && sed -e "s@/usr/local@/usr@g" -i Makefile
|
|
cd $(DIR_APP)/hostapd && make $(MAKETUNING) $(EXTRA_MAKE)
|
|
cd $(DIR_APP)/hostapd && make install
|
|
install -v -m 644 $(DIR_SRC)/config/backup/includes/hostapd /var/ipfire/backup/addons/includes/hostapd
|
|
# install initscript
|
|
$(call INSTALL_INITSCRIPTS,$(SERVICES))
|
|
mkdir -p /var/ipfire/wlanap
|
|
touch /var/ipfire/wlanap/settings
|
|
cp -vrf $(DIR_SRC)/config/hostapd/hostapd.conf /var/ipfire/wlanap/hostapd.conf
|
|
touch /var/ipfire/wlanap/hostapd.accept
|
|
touch /var/ipfire/wlanap/hostapd.deny
|
|
cp -vrf /var/ipfire/wlanap/hostapd.* /etc/
|
|
chown nobody:nobody /var/ipfire/wlanap/*
|
|
chmod 644 /var/ipfire/wlanap/*
|
|
@rm -rf $(DIR_APP)
|
|
@$(POSTBUILD)
|