kumquat-buildroot/package/iwd/iwd.mk
Fabrice Fontaine e2bcdcdd10 package/iwd: security bump to version 2.16
Fix CVE-2023-52161: The Access Point functionality in
eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before
2.14 allows attackers to gain unauthorized access to a protected Wi-Fi
network. An attacker can complete the EAPOL handshake by skipping Msg2/4
and instead sending Msg4/4 with an all-zero key.

https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/ChangeLog?h=2.16

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2024-03-06 08:24:16 +01:00

82 lines
2.5 KiB
Makefile

################################################################################
#
# iwd
#
################################################################################
IWD_VERSION = 2.16
IWD_SOURCE = iwd-$(IWD_VERSION).tar.xz
IWD_SITE = $(BR2_KERNEL_MIRROR)/linux/network/wireless
IWD_LICENSE = LGPL-2.1+
IWD_LICENSE_FILES = COPYING
IWD_CPE_ID_VENDOR = intel
IWD_CPE_ID_PRODUCT = inet_wireless_daemon
IWD_SELINUX_MODULES = networkmanager
IWD_CONF_OPTS = \
--disable-manual-pages \
--enable-external-ell \
--enable-dbus-policy
IWD_DEPENDENCIES = dbus ell
ifeq ($(BR2_PACKAGE_READLINE),y)
# iwd client depends on readline (GPL-3.0+)
IWD_LICENSE += , GPL-3.0+ (client)
IWD_CONF_OPTS += --enable-client
IWD_DEPENDENCIES += readline
else
IWD_CONF_OPTS += --disable-client
endif
ifeq ($(BR2_PACKAGE_SYSTEMD),y)
IWD_CONF_OPTS += --enable-systemd-service
IWD_DEPENDENCIES += systemd
else
IWD_CONF_OPTS += --disable-systemd-service
endif
ifeq ($(BR2_PACKAGE_SYSTEMD_RESOLVED),y)
IWD_RESOLV_SERVICE = systemd
else
IWD_RESOLV_SERVICE = resolvconf
endif
define IWD_INSTALL_CONFIG_FILE
$(INSTALL) -D -m 644 package/iwd/main.conf $(TARGET_DIR)/etc/iwd/main.conf
$(SED) 's,__RESOLV_SERVICE__,$(IWD_RESOLV_SERVICE),' $(TARGET_DIR)/etc/iwd/main.conf
endef
IWD_POST_INSTALL_TARGET_HOOKS += IWD_INSTALL_CONFIG_FILE
define IWD_INSTALL_INIT_SYSV
$(INSTALL) -m 0755 -D package/iwd/S40iwd \
$(TARGET_DIR)/etc/init.d/S40iwd
mkdir -p $(TARGET_DIR)/var/lib/iwd
ln -sf /tmp/iwd/hotspot $(TARGET_DIR)/var/lib/iwd/hotspot
endef
define IWD_LINUX_CONFIG_FIXUPS
$(call KCONFIG_ENABLE_OPT,CONFIG_ASYMMETRIC_KEY_TYPE)
$(call KCONFIG_ENABLE_OPT,CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE)
$(call KCONFIG_ENABLE_OPT,CONFIG_CRYPTO_AES)
$(call KCONFIG_ENABLE_OPT,CONFIG_CRYPTO_CBC)
$(call KCONFIG_ENABLE_OPT,CONFIG_CRYPTO_CMAC)
$(call KCONFIG_ENABLE_OPT,CONFIG_CRYPTO_DES)
$(call KCONFIG_ENABLE_OPT,CONFIG_CRYPTO_ECB)
$(call KCONFIG_ENABLE_OPT,CONFIG_CRYPTO_HMAC)
$(call KCONFIG_ENABLE_OPT,CONFIG_CRYPTO_MD4)
$(call KCONFIG_ENABLE_OPT,CONFIG_CRYPTO_MD5)
$(call KCONFIG_ENABLE_OPT,CONFIG_CRYPTO_SHA1)
$(call KCONFIG_ENABLE_OPT,CONFIG_CRYPTO_SHA256)
$(call KCONFIG_ENABLE_OPT,CONFIG_CRYPTO_SHA512)
$(call KCONFIG_ENABLE_OPT,CONFIG_CRYPTO_USER_API_HASH)
$(call KCONFIG_ENABLE_OPT,CONFIG_CRYPTO_USER_API_SKCIPHER)
$(call KCONFIG_ENABLE_OPT,CONFIG_KEYS)
$(call KCONFIG_ENABLE_OPT,CONFIG_KEY_DH_OPERATIONS)
$(call KCONFIG_ENABLE_OPT,CONFIG_PKCS7_MESSAGE_PARSER)
$(call KCONFIG_ENABLE_OPT,CONFIG_PKCS8_PRIVATE_KEY_PARSER)
$(call KCONFIG_ENABLE_OPT,CONFIG_X509_CERTIFICATE_PARSER)
endef
$(eval $(autotools-package))