From 5630ca5ea82126d044afbb773766ed34619875e2 Mon Sep 17 00:00:00 2001 From: "John W. Linville" Date: Wed, 16 Dec 2020 14:47:58 -0500 Subject: [PATCH] Borrow hostapd.conf.5 man page from OpenBSD --- hostapd.conf.5 | 831 +++++++++++++++++++++++++++++++++++++++++++++++++ hostapd.spec | 15 +- 2 files changed, 842 insertions(+), 4 deletions(-) create mode 100644 hostapd.conf.5 diff --git a/hostapd.conf.5 b/hostapd.conf.5 new file mode 100644 index 0000000..aacfeba --- /dev/null +++ b/hostapd.conf.5 @@ -0,0 +1,831 @@ +.\" $OpenBSD: hostapd.conf.5,v 1.48 2020/04/23 21:10:53 jmc Exp $ +.\" +.\" Copyright (c) 2004, 2005, 2006 Reyk Floeter +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 23 2020 $ +.Dt HOSTAPD.CONF 5 +.Os +.Sh NAME +.Nm hostapd.conf +.Nd configuration file for the Host Access Point daemon +.Sh DESCRIPTION +.Nm +is the configuration file for the +.Xr hostapd 8 +daemon. +.Pp +The +.Nm +file is divided into the following main sections: +.Bl -tag -width xxxx +.It Sy Macros +User-defined variables may be defined and used later, simplifying the +configuration file. +.It Sy Tables +Tables provide a mechanism to handle a large number of link layer +addresses easily, with increased performance and flexibility. +.It Sy Global Configuration +Global runtime settings for +.Xr hostapd 8 . +.It Sy Event Rules +Event rules provide a powerful mechanism to trigger certain actions +when receiving specified IEEE 802.11 frames. +.It Sy IP Roaming +The concepts and details about the optional IP based roaming in +.Xr hostapd 8 . +.El +.Pp +The current line can be extended over multiple lines using a backslash +.Pq Sq \e . +Comments can be put anywhere in the file using a hash mark +.Pq Sq # , +and extend to the end of the current line. +Care should be taken when commenting out multi-line text: +the comment is effective until the end of the entire block. +.Pp +Argument names not beginning with a letter, digit, or underscore +must be quoted. +.Pp +Additional configuration files can be included with the +.Ic include +keyword, for example: +.Bd -literal -offset indent +include "/etc/hostapd.conf.local" +.Ed +.Sh MACROS +Macros can be defined that will later be expanded in context. +Macro names must start with a letter, digit, or underscore, +and may contain any of those characters. +Macro names may not be reserved words (for example, +.Ic set , +.Ic interface , +or +.Ic hostap ) . +Macros are not expanded inside quotes. +.Pp +For example: +.Bd -literal -offset indent +wlan="ath0" +set iapp handle subtype { ! add notify, radiotap } +set iapp interface $wlan +.Ed +.Sh TABLES +Tables are named structures which can hold a collection of link layer +addresses, masked address ranges, and link layer to IP address +assignments. +Lookups against tables in +.Xr hostapd 8 +are relatively fast, making a single rule with tables much more +efficient, in terms of processor usage and memory consumption, than a +large number of rules which differ only in link layer addresses. +.Pp +Tables are used for +.Xr hostapd 8 +.Em event rules +to match specified IEEE 802.11 link layer addresses and address ranges, +and the capability to assign link layer to IP addresses and an option netmask +is a requirement for advanced IAPP functionality. +.Pp +Table options may be presented after the table name declaration. +The following options are supported: +.Bl -tag -width const +.It Ic const +The table is constant and cannot be later changed from its original +definition. +.El +.Pp +For example: +.Bd -literal -offset indent +cisco="00:40:06:ff:ff:ff & ff:ff:ff:00:00:00" + +table { $cisco, 00:0d:60:ff:f1:2a } +table const { + 00:00:24:c3:40:18 -> 10.195.64.24, + 00:00:24:c3:40:19 -> 10.195.64.25, + 00:00:24:c3:40:1a -> 10.195.64.26 +} +table const { + 00:05:4e:45:d4:b9 -> 172.23.5.1/30 +} +.Ed +.Sh GLOBAL CONFIGURATION +The following configuration settings are understood: +.Bl -tag -width Ds +.It Xo +.Ic set hostap interface +.Ar interface | +.Brq Ar interface0 , interface1 , ... +.Xc +Specify the wireless interface running in Host AP mode. +This option could be omitted to use +.Xr hostapd 8 +to log received IAPP messages. +Multiple hostap interfaces may be specified +as a comma-separated list, +surrounded by curly braces. +.It Ic set hostap mode Ar mode +Specify the Host AP capture mode. +The supported modes are: +.Pp +.Bl -tag -width radiotap -offset indent -compact +.It Ic radiotap +Capture IEEE 802.11 frames with additional radiotap headers. +They will provide optional but useful information like received frame +signal levels. +.It Ic pcap +Capture plain IEEE 802.11 frames. +.El +.It Xo +.Ic set hostap hopper interface +.Ar interface | +.Brq Ar interface0 , interface1 , ... +.Xc +Enable a channel hopper on the selected wireless interface. +Multiple hostap interfaces may be specified as a comma-separated list, +surrounded by curly braces. +.It Ic set hostap hopper delay Ar number +Set the delay in milliseconds for the channel hopper before hopping to +the next available channel. +The default value is 800 milliseconds. +.It Ic set iapp interface Ar interface +Specify the mandatory Inter-Access-Point (IAPP) interface. +It is important that the IAPP interface is on a trusted +network because there is no authentication and an attacker could force +disassociation of selected stations on all listening access points. +.It Xo +.Ic set iapp +.Op Ic address | route +.Ic roaming table +.Pf < Ar table Ns > +.Xc +Specify a table used for +.Em IP Roaming +lookups of link layer address to IP address or subnet assignments. +.It Xo +.Ic set iapp handle subtype +.Ar subtype | +.Brq Ar subtype0 , subtype1 , ... +.Xc +Specify the IAPP subtypes to use: +.Pp +.Bl -tag -width broadcast -offset indent -compact +.It Xo +.Op Ic not +.Ic add notify +.Xc +Send and receive +.Em ADD.notify +messages. +This option is enabled by default. +.It Xo +.Op Ic not +.Ic radiotap +.Xc +Receive +.Em radiotap +messages. +This option is enabled by default. +.It Xo +.Op Ic not +.Op Ic address |\ route +.Ic roaming +.Xc +Enable dynamic roaming of IP addresses or routes. +These options are disabled by default. +.El +.It Ic set iapp mode Ar mode +Specify the IAPP mode. +The supported modes are: +.Pp +.Bl -tag -width broadcast -offset indent -compact +.It Xo +.Ic multicast +.Op Ic address Ar ipv4addr +.Op Ic port Ar number +.Op Ic ttl Ar number +.Xc +Use +.Xr multicast 4 +frames. +A multicast time-to-live (TTL) of 2 or higher is required to allow +multicast forwarding, for example for use with +.Xr mrouted 8 . +.It Xo +.Ic broadcast +.Op Ic port Ar number +.Xc +Use broadcast frames. +.El +.Pp +The default is multicast using the multicast address 224.0.1.178 and +port 3517 with a TTL limited to 1 hop. +Some access point vendors still use broadcast with the pre-standard +IAPP port 2313. +.El +.Sh EVENT RULES +Event rules provide a powerful way to trigger a certain action when +receiving specified IEEE 802.11 frames on the +.Em hostap interface . +The rules are handled in sequential order, from first to last. +Rules are handled without a state: +each rule is processed independently from the others and from +any previous actions. +This behaviour is somewhat different to that of packet filter rules +specified in +.Xr pf.conf 5 . +.Pp +All +.Xr hostapd 8 +event rules are single line statements beginning with +the mandatory +.Ic hostap handle +keywords and optional rule options, interface, frame matching, +a specified action, a limit, and a minimal rate: +.Bd -filled -offset indent +.Ic hostap handle +.Op Ar option +.Op Ar interface +.Op Ar frame +.Op Ar action +.Op Ar limit +.Op Ar rate +.Ed +.Pp +Some rule statements support the optional keyword +.Ic not , +also represented by the +.Ic !\& +operator, +for inverse matching. +.Pp +The optional parts are defined below. +.Ss Rule Option +The rule +.Ar option +will modify the behaviour of handling the statement. +There are two possible options, +.Ic quick +and +.Ic skip . +If either the keyword +.Ic quick +or the keyword +.Ic skip +is specified, no further event rules will be handled for this frame +after processing this rule successfully. +The keyword +.Ic skip +additionally skips any further IAPP processing of the frame, +which is normally done after handling the event rules. +.Ss Rule Interface +The rule +.Ar interface +specifies the hostap interface the rule is matched on. +The available interface list is specified by the global +.Ic set hostap interface +configuration setting. +.Bd -filled -offset indent +.Ic on +.Op Ic not +.Ar interface +.Ed +.Pp +If not given, +the event rule is matched on all available hostap interfaces. +.Ss Rule Frame +The +.Ar frame +description specifies a mechanism to match IEEE 802.11 frames. +.Bl -tag -width Ds +.It Ic any +Match all frames. +.It Xo +.Ic frame +.Op Ar type +.Op Ar dir +.Op Ar from +.Op Ar to +.Op Ar bssid +.Op Ar radiotap +.Xc +Apply rules to frames matching the given parameters. +The parameters are explained below. +.Pp +The +.Ar type +parameter specifies the frame type to match on. +The frame type may be specified in the following ways: +.Bl -tag -width Ds +.It Ic type any +Match all frame types. +.It Xo +.Ic type +.Op Ic not +.Ic data +.Xc +Match data frames. +Presence of the +.Ic not +keyword negates the match and will match all non-data frames. +.It Xo +.Ic type +.Op Ic not +.Ic management +.Oo Op Ic not +.Ar subtype Oc +.Xc +Match management frames. +The +.Ar subtype +argument may be specified to optionally match management frames of the +given subtype. +The subtype match may be negated by specifying the +.Ic not +keyword. +See the +.Sx Management Frame Subtypes +section below for available subtypes specifications. +.El +.Pp +The +.Ar dir +parameter specifies the direction the frame is being sent. +The direction may be specified in the following ways: +.Bl -tag -width Ds +.It Ic dir any +Match all directions. +.It Ic dir Ar framedir +Match frames with the given direction +.Ar framedir . +See the +.Sx Frame Directions +section below for available direction specifications. +.El +.Pp +The +.Ar radiotap +rules allow parsing and matching of the extra information reported by +the radiotap header. +Support for the specified radiotap headers is optional and the +specific parameters depend on the radiotap elements reported +by the wireless interface. +Support for the radiotap data link type can be verified with the +.Xr tcpdump 8 +command. +These rules require +.Ic hostap mode radiotap +in the global configuration. +.Bl -tag -width Ds +.It Xo +.Ic signal +.Op Ic operator +.Ar percentage Ic % +.Xc +Match the signal quality of the received frame. +.It Xo +.Ic freq +.Op Ic operator +.Ar value Ic ( GHz | MHz ) +.Xc +Match the transmit rate of the received frame. +.It Xo +.Ic txrate +.Op Ic operator +.Ar rate Ic Mb +.Xc +Match the frequency of the received frame, +in Mbps. +.El +.Pp +The radiotap rules support the following operators. +If omitted, the specified value will be checked if it is equal or not. +.Bd -literal -offset indent += (equal) +!= (not equal) +< (less than) +<= (less than or equal) +> (greater than) +>= (greater than or equal) +.Ed +.Pp +The +.Ar from , to , +and +.Ar bssid +parameters specify the IEEE 802.11 address fields to match on. +They can be specified in the following ways: +.Bl -tag -width Ds +.It Xo +.Ic ( from | to | bssid ) Ic any +.Xc +Allow all addresses for the specified address field. +.It Xo +.Ic ( from | to | bssid ) +.Op Ic not +.Pf < Ar table Ns > +.Xc +Allow allow addresses from the given +.Ar table +(see +.Sx Tables +above) +for the specified address field. +.It Xo +.Ic ( from | to | bssid ) +.Op Ic not +.Ar lladdr +.Xc +Allow the given address +.Ar lladdr +for the specified address field. +.El +.El +.Ss Rule Action +An optional +.Ar action +is triggered if a received IEEE 802.11 frame matches the frame +description. +The following actions are supported: +.Bl -tag -width Ds +.It Xo +.Ic with frame Ar type +.Op Ar dir +.Ar from to bssid +.Xc +Send an arbitrary constructed frame to the wireless network. +The arguments are as follows. +.Pp +The +.Ar type +describes the IEEE 802.11 frame type to send, specified in the +frame control header. +The following frames types are supported at present: +.Bl -tag -width Ds +.It Ic type data +Send a data frame. +This is normally used to encapsulate ordinary IEEE 802.3 +frames into IEEE 802.11 wireless frames. +.It Ic type management Ar subtype +Send a management frame with the specified subtype. +Management frames are used to control states and to find access points +and IBSS nodes in IEEE 802.11 networks. +See the +.Sx Management Frame Subtypes +section below for available subtypes specifications. +.El +.Pp +The +.Ar dir +describes the direction the IEEE 802.11 frame will be sent. +It has the following syntax: +.Bd -filled -offset indent +.Ic dir Ar framedir +.Ed +.Pp +See the +.Sx Frame Directions +section below for available direction specifications. +.Pp +The +.Ar from , to , +and +.Ar bssid +arguments specify the link layer address fields used in IEEE 802.11 +frames. +All address fields are mandatory in the frame action. +The optional fourth address field used by wireless distribution +systems (WDS) is currently not supported. +Each argument is specified by a keyword of the same name +.Po +.Ic from , to , +or +.Ic bssid +.Pc +followed by one of the following address specifications: +.Bl -tag -width "&refaddr" +.It Ar lladdr +Specify the link layer addresses used in the IEEE 802.11 frame address +field. +The link layer address +.Ql ff:ff:ff:ff:ff:ff +is the IEEE 802.11 broadcast address. +.It Li & Ns Ar refaddr +Fill in a link layer address from the previously matched IEEE 802.11 +frame. +.Ic &from +will use the source link layer address; +.Ic &to +the destination link layer address; and +.Ic &bssid +the BSSID link layer address of the previously matched frame. +.It Ic random +Use a random link layer address in the specified IEEE 802.11 frame +address field. +Multicast and broadcast link layer addresses will be skipped. +.El +.It Ic with iapp type Ar iapp-type +Send a +.Xr hostapd 8 +specific IAPP frame with a raw IEEE 802.11 packet dump of the received +frame to the wired network. +The only supported +.Ar iapp-type +is +.Ic radiotap . +.It Ic with log Op Ic verbose +Write informational messages to the local system log (see +.Xr syslogd 8 ) +or standard error. +If the +.Sx Rule Rate +has been specified, +log will print the actual rate. +.It Ic node add | delete Ar lladdr +Add or remove the specified node from the internal kernel +node table. +.It Ic resend +Resend the received IEEE 802.11 frame. +.El +.Ss Rule Limit +It is possible to limit handling of specific rules with the +.Ic limit +keyword: +.Bd -filled -offset indent +.Ic limit +.Ar number +.Ic sec | usec +.Ed +.Pp +In some cases it is absolutely necessary to use limited matching +to protect +.Xr hostapd 8 +against excessive flooding with IEEE 802.11 frames. +For example, beacon frames will be normally received every 100 ms. +.Ss Rule Rate +It is possible to tell +.Xr hostapd 8 +to trigger the action only after a specific +.Ic rate +of matched frames. +.Bd -filled -offset indent +.Ic rate +.Ar number +.Ar / +.Ar number +.Ic sec +.Ed +.Pp +This will help to detect excessive flooding of IEEE 802.11 frames. +For example, de-auth flooding is a denial of service (DoS) attack +against IEEE 802.11 wireless networks. +.Ss Management Frame Subtypes +The +.Ar subtype +describes the IEEE 802.11 frame subtype, specified in +the frame control header. +The choice of subtypes depends on the used frame type. +.Xr hostapd 8 +currently only supports management frame subtypes. +Most frame subtypes require an additional subtype-specific header +in the frame body, but currently only the +.Ic deauth +and +.Ic disassoc +reason codes are supported: +.Bl -ohang -offset 3n +.It Ic subtype beacon +A beacon frame. +Wireless access points and devices running in +.Em ibss +master or +.Em hostap +mode continuously send beacon frames to indicate their presence, +traffic load, and capabilities. +.It Ic subtype deauth Op Ar reason +A deauthentication frame with an optional reason code. +Deauthenticated stations will lose any IEEE 802.11 operational state. +.It Ic subtype disassoc Op Ar reason +A disassociation frame with an optional reason code. +.It Ic subtype assoc request +An association request frame. +.It Ic subtype assoc response +An association response frame. +.It Ic subtype atim +An announcement traffic indication message (ATIM frame). +.It Xo +.Ic subtype auth Op Ic open request | response +.Xc +An authentication frame. +.It Ic subtype probe request +A probe request frame. +Probe requests are used to probe for access points and IBSS nodes. +.It Ic subtype probe response +A probe response frame. +.It Ic subtype reassoc request +A re-association request frame. +.It Ic subtype reassoc response +A re-association response frame. +.El +.Pp +The +.Ar reason +defines a descriptive reason for the actual +.Em deauthentication +or +.Em disassociation +of a station: +.Bl -ohang -offset 3n +.It Ic reason assoc expire +Disassociated due to inactivity. +.It Ic reason assoc leave +Disassociated because the sending station is leaving or has left the +wireless network. +.It Ic reason assoc toomany +Disassociated because the access point has reached its limit of +associated stations. +.It Ic reason auth expire +Previous authentication no longer valid. +.It Ic reason auth leave +Deauthenticated because the sending station is leaving or has left the +wireless network. +.It Ic reason ie invalid +IEEE 802.11i extension. +.It Ic reason mic failure +IEEE 802.11i extension. +.It Ic reason not authed +Frame received from unauthenticated station. +.It Ic reason assoc not authed +Frame received from an associated but unauthenticated station. +.It Ic reason not assoced +Frame received from unassociated station. +.It Ic reason rsn required +IEEE 802.11i extension. +.It Ic reason rsn inconsistent +IEEE 802.11i extension. +.It Ic reason unspecified +Unspecified reason. +.El +.Ss Frame Directions +The direction a frame is being transmitted +.Pq Ar framedir +can be specified in the following ways: +.Bl -ohang -offset 3n +.It Ic dir no ds +No distribution system direction is used for management frames. +.It Ic dir to ds +A frame sent from a station to the distribution system, the access point. +.It Ic dir from ds +A frame from the distribution system, the access point, to a station. +.It Ic dir ds to ds +A frame direction used by wireless distribution systems (WDS) for +wireless access point to access point communication. +.El +.Sh EVENT RULE EXAMPLES +.Bd -literal +# Log probe requests locally +hostap handle type management subtype probe request \e + with log + +# Detect flooding of management frames except beacons. +# This will detect some possible denial of service attacks +# against the IEEE 802.11 protocol. +hostap handle skip type management subtype ! beacon \e + with log \e + rate 100 / 10 sec + +# Log rogue access points via IAPP, limited to every second, +# and skip further IAPP processing. +hostap handle skip type management subtype beacon bssid ! \e + with iapp type radiotap limit 1 sec + +# Send deauthentication frames to stations associated to rogue APs +hostap handle type data bssid ! with frame type management \e + subtype deauth reason auth expire \e + from &bssid to &from bssid &bssid + +# Send authentication requests from random station addresses to +# rogue access points. This is a common way to test the quality of +# various hostap implementations. +hostap handle skip type management subtype beacon bssid \e + with frame type management subtype auth \e + from random to &bssid bssid &bssid + +# Re-inject a received IEEE 802.11 frame on the interface ath0 +hostap handle on ath0 type management subtype auth with resend + +# Remove a blacklisted node from the kernel node tree +hostap handle type management subtype auth from \e + with node delete &from + +# Log rogue access points with a strong signal quality on +# channel 3 (2.422GHz) transmitting frames with 1Mbps. +hostap handle type management subtype beacon bssid ! \e + signal >= 50% txrate 1Mb freq 2.422GHz \e + with log +.Ed +.Sh IP ROAMING +In a traditional wireless network, multiple access points are +members of a single layer 3 broadcast domain. +The traffic is bridged between physical collision domains, +as with the +.Xr bridge 4 +interface in +.Ox . +This may cause problems in large wireless networks with a heavy load +of broadcast traffic, like broadcasted ARP, DHCP or ICMP requests. +.Pp +.Xr hostapd 8 +implements IP based roaming to build wireless networks +without the requirement of a single broadcast domain. +This works as follows: +.Pp +.Bl -enum -compact +.It +Every access point running +.Xr hostapd 8 +is a router to an individual internal broadcast domain, +.Em without +using the +.Xr bridge 4 +interface. +.It +An increased multicast TTL is used for IAPP communication +between access points in multiple network segments. +Multicast routing is required in the network infrastructure, +like an +.Ox +router running +.Xr mrouted 8 . +.It +The configuration file +.Nm +is used to assign IP subnets to link layer addresses. +If a station with the specified link layer address successfully +associates to the access point, +.Xr hostapd 8 +will configure the specified IP address and subnet on +the wireless interface. +.It +The +IAPP +.Em ADD.notify +message is used to notify other access points running +.Xr hostapd 8 +to remove the station and any assigned IP addresses or subnets from +the wireless interface. +.It +A dynamic routing daemon like +.Xr ospfd 8 +or +.Xr bgpd 8 +running on the access point will be used to announce the +new IP route to the internal network and routers. +.El +.Pp +For example: +.Bd -literal -offset indent +# Assign IP addresses to layer 2 addresses +table { + 00:02:6f:42:d0:01 -> 172.23.5.1/30, + 00:05:4e:45:d3:b8 -> 172.23.5.4/30, + 00:04:2e:12:03:e0 -> 172.23.5.8/30 +} + +# Global options +set hostap interface ath0 +set hostap mode radiotap +set iapp interface sis0 +set iapp address roaming table +set iapp handle subtype address roaming +set iapp mode multicast ttl 2 +.Ed +.Sh FILES +.Bl -tag -width /etc/examples/hostapd.conf -compact +.It Pa /etc/hostapd.conf +Default location of the configuration file. +.It Pa /etc/examples/hostapd.conf +Example configuration file. +.El +.Sh SEE ALSO +.Xr hostapd 8 +.Sh AUTHORS +The +.Xr hostapd 8 +program was written by +.An Reyk Floeter Aq Mt reyk@openbsd.org . +.Sh CAVEATS +.Em IP Roaming +requires statically assigned IP addresses of stations and does +not support DHCP at present. diff --git a/hostapd.spec b/hostapd.spec index be84ec3..386d352 100644 --- a/hostapd.spec +++ b/hostapd.spec @@ -2,7 +2,7 @@ Name: hostapd Version: 2.9 -Release: 6%{?dist} +Release: 7%{?dist} Summary: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator License: BSD URL: http://w1.fi/hostapd @@ -12,6 +12,8 @@ Source1: %{name}.service Source2: %{name}.conf Source3: %{name}.sysconfig Source4: %{name}.init +# https://github.com/openbsd/src/blob/master/usr.sbin/hostapd/hostapd.conf.5 +Source5: %{name}.conf.5 # https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt Patch1: https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch @@ -125,8 +127,9 @@ install -pm 0755 %{name}/%{name} %{buildroot}%{_sbindir}/%{name} install -pm 0755 %{name}/%{name}_cli %{buildroot}%{_sbindir}/%{name}_cli # man pages -install -d %{buildroot}%{_mandir}/man{1,8} +install -d %{buildroot}%{_mandir}/man{1,5,8} install -pm 0644 %{name}/%{name}_cli.1 %{buildroot}%{_mandir}/man1 +install -pm 0644 %{SOURCE5} %{buildroot}%{_mandir}/man5 install -pm 0644 %{name}/%{name}.8 %{buildroot}%{_mandir}/man8 # prepare docs @@ -178,6 +181,7 @@ fi %{_sbindir}/%{name}_cli %dir %{_sysconfdir}/%{name} %{_mandir}/man1/* +%{_mandir}/man5/* %{_mandir}/man8/* %if 0%{?fedora} || 0%{?rhel} >= 7 %{_unitdir}/%{name}.service @@ -191,13 +195,16 @@ fi %{_sysconfdir}/logwatch/scripts/services/%{name} %changelog -* Thu Dec 10 2020 Johwn W. Linville - 2.9-6 +* Thu Dec 16 2020 John W. Linville - 2.9-7 +- Borrow hostapd.conf.5 man page from OpenBSD + +* Thu Dec 10 2020 John W. Linville - 2.9-6 - Enable environment file in hostapd service definition * Tue Jul 28 2020 Fedora Release Engineering - 2.9-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -* Wed Jun 24 2020 Johwn W. Linville - 2.9-4 +* Wed Jun 24 2020 John W. Linville - 2.9-4 - Fix CVE-2020-12695 (UPnP SUBSCRIBE misbehavior in hostapd WPS AP) * Wed Jan 29 2020 Fedora Release Engineering - 2.9-3