Move all to deprecated folder.

deprecated/firmware/buildroot/package/hostapd/0001-EAP-pwd-peer-Fix-last-fragment-length-validation.patch

@@ -0,0 +1,54 @@
+From 8057821706784608b828e769ccefbced95591e50 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 1 Nov 2015 18:18:17 +0200
+Subject: [PATCH] EAP-pwd peer: Fix last fragment length validation
+
+All but the last fragment had their length checked against the remaining
+room in the reassembly buffer. This allowed a suitably constructed last
+fragment frame to try to add extra data that would go beyond the buffer.
+The length validation code in wpabuf_put_data() prevents an actual
+buffer write overflow from occurring, but this results in process
+termination. (CVE-2015-5315)
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/eap_peer/eap_pwd.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
+index 1f78544..75ceef1 100644
+--- a/src/eap_peer/eap_pwd.c
++++ b/src/eap_peer/eap_pwd.c
+@@ -903,7 +903,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
+ 	/*
+ 	 * buffer and ACK the fragment
+ 	 */
+-	if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
++	if (EAP_PWD_GET_MORE_BIT(lm_exch) || data->in_frag_pos) {
+ 		data->in_frag_pos += len;
+ 		if (data->in_frag_pos > wpabuf_size(data->inbuf)) {
+ 			wpa_printf(MSG_INFO, "EAP-pwd: Buffer overflow attack "
+@@ -916,7 +916,8 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
+ 			return NULL;
+ 		}
+ 		wpabuf_put_data(data->inbuf, pos, len);
+-
++	}
++	if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
+ 		resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD,
+ 				     EAP_PWD_HDR_SIZE,
+ 				     EAP_CODE_RESPONSE, eap_get_id(reqData));
+@@ -930,10 +931,8 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
+ 	 * we're buffering and this is the last fragment
+ 	 */
+ 	if (data->in_frag_pos) {
+-		wpabuf_put_data(data->inbuf, pos, len);
+ 		wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes",
+ 			   (int) len);
+-		data->in_frag_pos += len;
+ 		pos = wpabuf_head_u8(data->inbuf);
+ 		len = data->in_frag_pos;
+ 	}
+-- 
+1.9.1
+

deprecated/firmware/buildroot/package/hostapd/0002-EAP-pwd-server-Fix-last-fragment-length-validation.patch

@@ -0,0 +1,51 @@
+From bef802ece03f9ae9d52a21f0cf4f1bc2c5a1f8aa Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 1 Nov 2015 18:24:16 +0200
+Subject: [PATCH] EAP-pwd server: Fix last fragment length validation
+
+All but the last fragment had their length checked against the remaining
+room in the reassembly buffer. This allowed a suitably constructed last
+fragment frame to try to add extra data that would go beyond the buffer.
+The length validation code in wpabuf_put_data() prevents an actual
+buffer write overflow from occurring, but this results in process
+termination. (CVE-2015-5314)
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/eap_server/eap_server_pwd.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
+index cb83ff7..9f787ab 100644
+--- a/src/eap_server/eap_server_pwd.c
++++ b/src/eap_server/eap_server_pwd.c
+@@ -970,7 +970,7 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
+ 	/*
+ 	 * the first and all intermediate fragments have the M bit set
+ 	 */
+-	if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
++	if (EAP_PWD_GET_MORE_BIT(lm_exch) || data->in_frag_pos) {
+ 		if ((data->in_frag_pos + len) > wpabuf_size(data->inbuf)) {
+ 			wpa_printf(MSG_DEBUG, "EAP-pwd: Buffer overflow "
+ 				   "attack detected! (%d+%d > %d)",
+@@ -981,6 +981,8 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
+ 		}
+ 		wpabuf_put_data(data->inbuf, pos, len);
+ 		data->in_frag_pos += len;
++	}
++	if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
+ 		wpa_printf(MSG_DEBUG, "EAP-pwd: Got a %d byte fragment",
+ 			   (int) len);
+ 		return;
+@@ -990,8 +992,6 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
+ 	 * buffering fragments so that's how we know it's the last)
+ 	 */
+ 	if (data->in_frag_pos) {
+-		wpabuf_put_data(data->inbuf, pos, len);
+-		data->in_frag_pos += len;
+ 		pos = wpabuf_head_u8(data->inbuf);
+ 		len = data->in_frag_pos;
+ 		wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes",
+-- 
+1.9.1
+

deprecated/firmware/buildroot/package/hostapd/Config.in

@@ -0,0 +1,45 @@
+config BR2_PACKAGE_HOSTAPD
+	bool "hostapd"
+	depends on BR2_TOOLCHAIN_HAS_THREADS # libnl
+	depends on BR2_USE_MMU # fork()
+	select BR2_PACKAGE_LIBNL
+	help
+	  User space daemon for wireless access points.
+
+	  It implements IEEE 802.11 access point management,
+	  IEEE 802.1X/WPA/WPA2/EAP authenticators, RADIUS client,
+	  EAP server and RADIUS authentication server.
+
+	  http://hostap.epitest.fi/
+
+if BR2_PACKAGE_HOSTAPD
+
+config BR2_PACKAGE_HOSTAPD_ACS
+	bool "Enable ACS"
+	default y
+	help
+	  Enable support for standard ACS (Automatic Channel Selection).
+	  Some propietary drivers use a custom algorithm which requires
+	  channel to be set to '0' (which enables ACS in the config),
+	  causing hostapd to use the standard one which doesn't work
+	  for those cases.
+
+config BR2_PACKAGE_HOSTAPD_EAP
+	bool "Enable EAP"
+	depends on !BR2_STATIC_LIBS
+	help
+	  Enable support for EAP and RADIUS.
+
+comment "hostapd EAP needs a toolchain w/ dynamic library"
+	depends on BR2_STATIC_LIBS
+
+config BR2_PACKAGE_HOSTAPD_WPS
+	bool "Enable WPS"
+	help
+	  Enable support for Wi-Fi Protected Setup.
+
+endif
+
+comment "hostapd needs a toolchain w/ threads"
+	depends on !BR2_TOOLCHAIN_HAS_THREADS
+	depends on BR2_USE_MMU

deprecated/firmware/buildroot/package/hostapd/hostapd.hash

@@ -0,0 +1,2 @@
+# Locally calculated
+sha256	8e272d954dc0d7026c264b79b15389ec2b2c555b32970de39f506b9f463ec74a  hostapd-2.5.tar.gz

deprecated/firmware/buildroot/package/hostapd/hostapd.mk

@@ -0,0 +1,91 @@
+################################################################################
+#
+# hostapd
+#
+################################################################################
+
+HOSTAPD_VERSION = 2.5
+HOSTAPD_SITE = http://hostap.epitest.fi/releases
+HOSTAPD_SUBDIR = hostapd
+HOSTAPD_CONFIG = $(HOSTAPD_DIR)/$(HOSTAPD_SUBDIR)/.config
+HOSTAPD_DEPENDENCIES = host-pkgconf libnl
+HOSTAPD_CFLAGS = $(TARGET_CFLAGS) -I$(STAGING_DIR)/usr/include/libnl3/
+HOSTAPD_LICENSE = BSD-3c
+HOSTAPD_LICENSE_FILES = README
+HOSTAPD_CONFIG_SET =
+
+HOSTAPD_CONFIG_ENABLE = \
+	CONFIG_FULL_DYNAMIC_VLAN \
+	CONFIG_HS20 \
+	CONFIG_IEEE80211AC \
+	CONFIG_IEEE80211N \
+	CONFIG_IEEE80211R \
+	CONFIG_INTERNAL_LIBTOMMATH \
+	CONFIG_INTERWORKING \
+	CONFIG_LIBNL32 \
+	CONFIG_VLAN_NETLINK
+
+HOSTAPD_CONFIG_DISABLE =
+
+# libnl-3 needs -lm (for rint) and -lpthread if linking statically
+# And library order matters hence stick -lnl-3 first since it's appended
+# in the hostapd Makefiles as in LIBS+=-lnl-3 ... thus failing
+ifeq ($(BR2_STATIC_LIBS),y)
+HOSTAPD_LIBS += -lnl-3 -lm -lpthread
+endif
+
+# Try to use openssl if it's already available
+ifeq ($(BR2_PACKAGE_OPENSSL),y)
+HOSTAPD_DEPENDENCIES += openssl
+HOSTAPD_LIBS += $(if $(BR2_STATIC_LIBS),-lcrypto -lz)
+HOSTAPD_CONFIG_EDITS += 's/\#\(CONFIG_TLS=openssl\)/\1/'
+else
+HOSTAPD_CONFIG_DISABLE += CONFIG_EAP_PWD
+HOSTAPD_CONFIG_EDITS += 's/\#\(CONFIG_TLS=\).*/\1internal/'
+endif
+
+ifeq ($(BR2_PACKAGE_HOSTAPD_ACS),y)
+HOSTAPD_CONFIG_ENABLE += CONFIG_ACS
+endif
+
+ifeq ($(BR2_PACKAGE_HOSTAPD_EAP),y)
+HOSTAPD_CONFIG_ENABLE += \
+	CONFIG_EAP \
+	CONFIG_RADIUS_SERVER \
+
+# Enable both TLS v1.1 (CONFIG_TLSV11) and v1.2 (CONFIG_TLSV12)
+HOSTAPD_CONFIG_ENABLE += CONFIG_TLSV1
+else
+HOSTAPD_CONFIG_DISABLE += CONFIG_EAP
+HOSTAPD_CONFIG_ENABLE += \
+	CONFIG_NO_ACCOUNTING \
+	CONFIG_NO_RADIUS
+endif
+
+ifeq ($(BR2_PACKAGE_HOSTAPD_WPS),y)
+HOSTAPD_CONFIG_ENABLE += CONFIG_WPS
+endif
+
+define HOSTAPD_CONFIGURE_CMDS
+	cp $(@D)/hostapd/defconfig $(HOSTAPD_CONFIG)
+	sed -i $(patsubst %,-e 's/^#\(%\)/\1/',$(HOSTAPD_CONFIG_ENABLE)) \
+		$(patsubst %,-e 's/^\(%\)/#\1/',$(HOSTAPD_CONFIG_DISABLE)) \
+		$(patsubst %,-e '1i%=y',$(HOSTAPD_CONFIG_SET)) \
+		$(patsubst %,-e %,$(HOSTAPD_CONFIG_EDITS)) \
+		$(HOSTAPD_CONFIG)
+endef
+
+define HOSTAPD_BUILD_CMDS
+	$(TARGET_MAKE_ENV) CFLAGS="$(HOSTAPD_CFLAGS)" \
+		LDFLAGS="$(TARGET_LDFLAGS)" LIBS="$(HOSTAPD_LIBS)" \
+		$(MAKE) CC="$(TARGET_CC)" -C $(@D)/$(HOSTAPD_SUBDIR)
+endef
+
+define HOSTAPD_INSTALL_TARGET_CMDS
+	$(INSTALL) -m 0755 -D $(@D)/$(HOSTAPD_SUBDIR)/hostapd \
+		$(TARGET_DIR)/usr/sbin/hostapd
+	$(INSTALL) -m 0755 -D $(@D)/$(HOSTAPD_SUBDIR)/hostapd_cli \
+		$(TARGET_DIR)/usr/bin/hostapd_cli
+endef
+
+$(eval $(generic-package))