hostapd: Update to version 2.8 (2019-04-21)

This also syncs the configuration files with the default configuration
files, but no extra options are activated or deactivated.

The mesh patches were partially merged into hostapd 2.8, the remaining
patches were extracted from patchwork and are now applied by OpenWrt.
The patches still have open questions which are not fixed by the author.
They were taken from this page:
https://patchwork.ozlabs.org/project/hostap/list/?series=62725&state=*

The changes in 007-mesh-apply-channel-attributes-before-running-Mesh.patch
where first applied to hostapd, but later reverted in hostapd commit
3e949655ccc5 because they caused memory leaks.

The size of the ipkgs increase a bit (between 1.3% and 2.3%):

old 2018-12-02 (2.7):
283337 wpad-basic_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
252857 wpad-mini_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
417473 wpad-openssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
415105 wpad-wolfssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk

new 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>

1 files changed, 0 insertions, 40 deletions

diff --git a/package/network/services/hostapd/patches/064-0012-EAP-pwd-server-Detect-reflection-attacks.patch b/package/network/services/hostapd/patches/064-0012-EAP-pwd-server-Detect-reflection-attacks.patch
deleted file mode 100644
index 44949cb24d..0000000000
--- a/package/network/services/hostapd/patches/064-0012-EAP-pwd-server-Detect-reflection-attacks.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From d63edfa90243e9a7de6ae5c275032f2cc79fef95 Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
-Date: Sun, 31 Mar 2019 17:26:01 +0200
-Subject: [PATCH 12/14] EAP-pwd server: Detect reflection attacks
-
-When processing an EAP-pwd Commit frame, verify that the peer's scalar
-and elliptic curve element differ from the one sent by the server. This
-prevents reflection attacks where the adversary reflects the scalar and
-element sent by the server. (CVE-2019-9497)
-
-The vulnerability allows an adversary to complete the EAP-pwd handshake
-as any user. However, the adversary does not learn the negotiated
-session key, meaning the subsequent 4-way handshake would fail. As a
-result, this cannot be abused to bypass authentication unless EAP-pwd is
-used in non-WLAN cases without any following key exchange that would
-require the attacker to learn the MSK.
-
-Signed-off-by: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
----
- src/eap_server/eap_server_pwd.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
---- a/src/eap_server/eap_server_pwd.c
-+++ b/src/eap_server/eap_server_pwd.c
-@@ -753,6 +753,15 @@ eap_pwd_process_commit_resp(struct eap_s
- 		}
- 	}
- 
-+	/* detect reflection attacks */
-+	if (crypto_bignum_cmp(data->my_scalar, data->peer_scalar) == 0 ||
-+	    crypto_ec_point_cmp(data->grp->group, data->my_element,
-+				data->peer_element) == 0) {
-+		wpa_printf(MSG_INFO,
-+			   "EAP-PWD (server): detected reflection attack!");
-+		goto fin;
-+	}
-+
- 	/* compute the shared key, k */
- 	if ((crypto_ec_point_mul(data->grp->group, data->grp->pwe,
- 				 data->peer_scalar, K) < 0) ||