git: c82d2efea691 - 2022Q2 - */*: Bring back wpa_supplicant29 and hostapd29 as new ports
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 20 Jun 2022 15:12:35 UTC
The branch 2022Q2 has been updated by cy:
URL: https://cgit.FreeBSD.org/ports/commit/?id=c82d2efea691ec4d8eac6a875eb0fe182106bf99
commit c82d2efea691ec4d8eac6a875eb0fe182106bf99
Author: Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-06-19 16:15:44 +0000
Commit: Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-06-20 15:11:55 +0000
*/*: Bring back wpa_supplicant29 and hostapd29 as new ports
The current wpa_supplicant and hostapd have an issue with AR9285.
For the time being bring back wpa_supplicant 2.9 as
security/wpa_supplicant29 and hostpd 2.9 as net/hostapd29 for those
cases that have an issue with wpa_supplicant/hostpad2.10 (in base and
in ports)
PR: 264238
(cherry picked from commit 7150a0c9b1014e445a8266c9080d0bf4738dcc9c)
---
net/Makefile | 1 +
net/hostapd29/Makefile | 46 +++
net/hostapd29/distinfo | 9 +
net/hostapd29/files/config | 316 ++++++++++++++++++
net/hostapd29/files/hostapd.in | 39 +++
.../files/patch-src-l2_packet-l2_packet_freebsd.c | 14 +
net/hostapd29/files/patch-src_common_dhcp.h | 25 ++
.../files/patch-src_drivers_driver__bsd.c | 60 ++++
net/hostapd29/files/patch-src_utils_os.h | 17 +
net/hostapd29/files/patch-src_utils_os__unix.c | 18 +
net/hostapd29/files/patch-src_wps_wps__upnp.c | 20 ++
net/hostapd29/pkg-descr | 12 +
net/hostapd29/pkg-message | 10 +
security/Makefile | 1 +
security/wpa_supplicant29/Makefile | 229 +++++++++++++
security/wpa_supplicant29/distinfo | 11 +
security/wpa_supplicant29/files/Packet32.c | 366 +++++++++++++++++++++
security/wpa_supplicant29/files/Packet32.h | 65 ++++
security/wpa_supplicant29/files/ntddndis.h | 32 ++
.../wpa_supplicant29/files/patch-src_common_dhcp.h | 25 ++
.../files/patch-src_drivers_driver__bsd.c | 48 +++
.../files/patch-src_drivers_driver__ndis.c | 89 +++++
.../patch-src_l2__packet_l2__packet__freebsd.c | 12 +
.../files/patch-src_radius_radius__client.c | 12 +
.../files/patch-src_wps_wps__upnp.c | 34 ++
.../files/patch-wpa__supplicant_Makefile | 17 +
.../files/patch-wpa__supplicant_main.c | 33 ++
.../files/patch-wpa__supplicant_wpa__supplicant.c | 16 +
security/wpa_supplicant29/files/pkg-message.in | 11 +
security/wpa_supplicant29/files/wpa_supplicant.in | 54 +++
security/wpa_supplicant29/pkg-descr | 14 +
security/wpa_supplicant29/pkg-plist | 5 +
32 files changed, 1661 insertions(+)
diff --git a/net/Makefile b/net/Makefile
index 501e316e38d6..544d5137d2c8 100644
--- a/net/Makefile
+++ b/net/Makefile
@@ -248,6 +248,7 @@
SUBDIR += hlmaster
SUBDIR += honeyd
SUBDIR += hostapd
+ SUBDIR += hostapd29
SUBDIR += hostapd-devel
SUBDIR += hping3
SUBDIR += hsflowd
diff --git a/net/hostapd29/Makefile b/net/hostapd29/Makefile
new file mode 100644
index 000000000000..a87a8ed33515
--- /dev/null
+++ b/net/hostapd29/Makefile
@@ -0,0 +1,46 @@
+# Created by: Craig Leres <leres@FreeBSD.org>
+
+PORTNAME= hostapd
+PORTVERSION= 2.9
+PORTREVISION= 4
+CATEGORIES= net
+MASTER_SITES= https://w1.fi/releases/
+
+PATCH_SITES= https://w1.fi/security/2020-1/
+PATCHFILES= 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch:-p1 \
+ 0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch:-p1 \
+ 0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch:-p1
+
+MAINTAINER= cy@FreeBSD.org
+COMMENT= IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
+
+LICENSE= BSD3CLAUSE
+
+USES= cpe gmake ssl
+CPE_VENDOR= w1.fi
+BUILD_WRKSRC= ${WRKSRC}/hostapd
+CFLAGS+= -I${OPENSSLINC}
+LDFLAGS+= -L${OPENSSLLIB}
+
+PLIST_FILES= sbin/hostapd sbin/hostapd_cli man/man1/hostapd_cli.1.gz \
+ man/man8/hostapd.8.gz
+.if !exists(/etc/rc.d/hostapd)
+USE_RC_SUBR= hostapd
+.endif
+
+post-patch:
+ @${REINPLACE_CMD} -e 's|@$$(E) " CC " $$<|@$$(E) " $$(CC) " $$<|' \
+ ${BUILD_WRKSRC}/Makefile
+ @${SED} -e 's|@PREFIX@|${PREFIX}|g' ${FILESDIR}/config \
+ >> ${WRKSRC}/hostapd/.config
+
+do-install:
+ ${INSTALL_PROGRAM} ${WRKSRC}/hostapd/hostapd ${STAGEDIR}${PREFIX}/sbin
+ ${INSTALL_PROGRAM} ${WRKSRC}/hostapd/hostapd_cli \
+ ${STAGEDIR}${PREFIX}/sbin
+ ${INSTALL_MAN} ${WRKSRC}/hostapd/hostapd_cli.1 \
+ ${STAGEDIR}${MANPREFIX}/man/man1
+ ${INSTALL_MAN} ${WRKSRC}/hostapd/hostapd.8 \
+ ${STAGEDIR}${MANPREFIX}/man/man8
+
+.include <bsd.port.mk>
diff --git a/net/hostapd29/distinfo b/net/hostapd29/distinfo
new file mode 100644
index 000000000000..c6fd159e26c4
--- /dev/null
+++ b/net/hostapd29/distinfo
@@ -0,0 +1,9 @@
+TIMESTAMP = 1591652140
+SHA256 (hostapd-2.9.tar.gz) = 881d7d6a90b2428479288d64233151448f8990ab4958e0ecaca7eeb3c9db2bd7
+SIZE (hostapd-2.9.tar.gz) = 2244312
+SHA256 (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7
+SIZE (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 5909
+SHA256 (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 49feb35a5276279b465f6836d6fa2c6b34d94dc979e8b840d1918865c04260de
+SIZE (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 2284
+SHA256 (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a
+SIZE (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = 1553
diff --git a/net/hostapd29/files/config b/net/hostapd29/files/config
new file mode 100644
index 000000000000..de05f3384a1a
--- /dev/null
+++ b/net/hostapd29/files/config
@@ -0,0 +1,316 @@
+# FreeBSD hostapd build time configuration
+#
+# This file lists the configuration options that are used when building the
+# hostapd binary. All lines starting with # are ignored. Configuration option
+# lines must be commented out complete, if they are not to be included, i.e.,
+# just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cass, these lines should use += in order not
+# to override previous values of the variables.
+
+# Driver interface for Host AP driver
+#CONFIG_DRIVER_HOSTAP=y
+
+# Driver interface for wired authenticator
+#CONFIG_DRIVER_WIRED=y
+
+# Driver interface for madwifi driver
+#CONFIG_DRIVER_MADWIFI=y
+#CFLAGS += -I../../madwifi # change to the madwifi source directory
+
+# Driver interface for drivers using the nl80211 kernel interface
+#CONFIG_DRIVER_NL80211=y
+
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+#CONFIG_LIBNL32=y
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+CONFIG_DRIVER_BSD=y
+CFLAGS += -I@PREFIX@/include
+LIBS += -L@PREFIX@/lib
+LIBS_p += -L@PREFIX@/lib
+LIBS_c += -L@PREFIX@/lib
+
+# Driver interface for no driver (e.g., RADIUS server only)
+#CONFIG_DRIVER_NONE=y
+
+# IEEE 802.11F/IAPP
+#CONFIG_IAPP=y
+
+# WPA2/IEEE 802.11i RSN pre-authentication
+CONFIG_RSN_PREAUTH=y
+
+# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
+#CONFIG_PEERKEY=y
+
+# IEEE 802.11w (management frame protection)
+#CONFIG_IEEE80211W=y
+
+# Integrated EAP server
+CONFIG_EAP=y
+
+# EAP-MD5 for the integrated EAP server
+CONFIG_EAP_MD5=y
+
+# EAP-TLS for the integrated EAP server
+CONFIG_EAP_TLS=y
+
+# EAP-MSCHAPv2 for the integrated EAP server
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-PEAP for the integrated EAP server
+CONFIG_EAP_PEAP=y
+
+# EAP-GTC for the integrated EAP server
+CONFIG_EAP_GTC=y
+
+# EAP-TTLS for the integrated EAP server
+CONFIG_EAP_TTLS=y
+
+# EAP-SIM for the integrated EAP server
+#CONFIG_EAP_SIM=y
+
+# EAP-AKA for the integrated EAP server
+#CONFIG_EAP_AKA=y
+
+# EAP-AKA' for the integrated EAP server
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+
+# EAP-PAX for the integrated EAP server
+#CONFIG_EAP_PAX=y
+
+# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-pwd for the integrated EAP server (secure authentication with a password)
+#CONFIG_EAP_PWD=y
+
+# EAP-SAKE for the integrated EAP server
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK for the integrated EAP server
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-FAST for the integrated EAP server
+# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
+# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
+# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
+#CONFIG_EAP_FAST=y
+
+# Wi-Fi Protected Setup (WPS)
+#CONFIG_WPS=y
+# Enable UPnP support for external WPS Registrars
+#CONFIG_WPS_UPNP=y
+# Enable WPS support with NFC config method
+#CONFIG_WPS_NFC=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# Trusted Network Connect (EAP-TNC)
+#CONFIG_EAP_TNC=y
+
+# EAP-EKE for the integrated EAP server
+#CONFIG_EAP_EKE=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# RADIUS authentication server. This provides access to the integrated EAP
+# server from external hosts using RADIUS.
+#CONFIG_RADIUS_SERVER=y
+
+# Build IPv6 support for RADIUS operations
+CONFIG_IPV6=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition)
+#CONFIG_IEEE80211R=y
+
+# Use the hostapd's IEEE 802.11 authentication (ACL), but without
+# the IEEE 802.11 Management capability (e.g., madwifi or FreeBSD/net80211)
+CONFIG_DRIVER_RADIUS_ACL=y
+
+# IEEE 802.11n (High Throughput) support
+#CONFIG_IEEE80211N=y
+
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+#CONFIG_WNM=y
+
+# IEEE 802.11ac (Very High Throughput) support
+#CONFIG_IEEE80211AC=y
+
+# Remove debugging code that is printing out debug messages to stdout.
+# This can be used to reduce the size of the hostapd considerably if debugging
+# code is not needed.
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Add support for writing debug log to a file: -f /tmp/hostapd.log
+# Disabled by default.
+#CONFIG_DEBUG_FILE=y
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Remove support for RADIUS accounting
+#CONFIG_NO_ACCOUNTING=y
+
+# Remove support for RADIUS
+#CONFIG_NO_RADIUS=y
+
+# Remove support for VLANs
+#CONFIG_NO_VLAN=y
+
+# Enable support for fully dynamic VLANs. This enables hostapd to
+# automatically create bridge and VLAN interfaces if necessary.
+#CONFIG_FULL_DYNAMIC_VLAN=y
+
+# Use netlink-based kernel API for VLAN operations instead of ioctl()
+# Note: This requires libnl 3.1 or newer.
+#CONFIG_VLAN_NETLINK=y
+
+# Remove support for dumping internal state through control interface commands
+# This can be used to reduce binary size at the cost of disabling a debugging
+# option.
+#CONFIG_NO_DUMP_STATE=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, comment out these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, comment out these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+# hostapd depends on strong random number generation being available from the
+# operating system. os_get_random() function is used to fetch random data when
+# needed, e.g., for key generation. On Linux and BSD systems, this works by
+# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
+# properly initialized before hostapd is started. This is important especially
+# on embedded devices that do not have a hardware random number generator and
+# may by default start up with minimal entropy available for random number
+# generation.
+#
+# As a safety net, hostapd is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data
+# fetched from the OS. This by itself is not considered to be very strong, but
+# it may help in cases where the system pool is not initialized properly.
+# However, it is very strongly recommended that the system pool is initialized
+# with enough entropy either by using hardware assisted random number
+# generator or by storing state over device reboots.
+#
+# hostapd can be configured to maintain its own entropy store over restarts to
+# enhance random number generation. This is not perfect, but it is much more
+# secure than using the same sequence of random numbers after every reboot.
+# This can be enabled with -e<entropy file> command line option. The specified
+# file needs to be readable and writable by hostapd.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal hostapd random pool can be disabled.
+# This will save some in binary size and CPU use. However, this should only be
+# considered for builds that are known to be used on devices that meet the
+# requirements described above.
+#CONFIG_NO_RANDOM_POOL=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# none = Empty template
+#CONFIG_TLS=openssl
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used.
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms.
+#CONFIG_TLSV12=y
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks.
+#CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+#CONFIG_HS20=y
+
+# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
+#CONFIG_SQLITE=y
+
+# Testing options
+# This can be used to enable some testing options (see also the example
+# configuration file) that are really useful only for testing clients that
+# connect to this hostapd. These options allow, for example, to drop a
+# certain percentage of probe requests or auth/(re)assoc frames.
+#
+#CONFIG_TESTING_OPTIONS=y
+
+# Automatic Channel Selection
+# This will allow hostapd to pick the channel automatically when channel is set
+# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# You can customize the ACS survey algorithm with the hostapd.conf variable
+# acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# http://wireless.kernel.org/en/users/Documentation/acs
+#
+#CONFIG_ACS=y
diff --git a/net/hostapd29/files/hostapd.in b/net/hostapd29/files/hostapd.in
new file mode 100644
index 000000000000..b6e717098472
--- /dev/null
+++ b/net/hostapd29/files/hostapd.in
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# PROVIDE: hostapd
+# REQUIRE: mountcritremote
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="hostapd"
+desc="Authenticator for IEEE 802.11 networks"
+#
+# This portion of this rc.script is different from base.
+case ${command} in
+/usr/sbin/hostapd) # Assume user does not want base hostapd because
+ # user specified WITHOUT_WIRELESS in make.conf
+ # and /etc/defaults/rc.conf contains this value.
+ unset command;;
+esac
+command=${hostapd_program:-%%PREFIX%%/sbin/hostapd}
+# End of differences from base. The rest of the file should remain the same.
+
+ifn="$2"
+if [ -z "$ifn" ]; then
+ rcvar="hostapd_enable"
+ conf_file="/etc/${name}.conf"
+ pidfile="/var/run/${name}.pid"
+else
+ rcvar=
+ conf_file="/etc/${name}-${ifn}.conf"
+ pidfile="/var/run/${name}-${ifn}.pid"
+fi
+
+command_args="-P ${pidfile} -B ${conf_file}"
+required_files="${conf_file}"
+required_modules="wlan_xauth wlan_wep wlan_tkip wlan_ccmp"
+extra_commands="reload"
+
+load_rc_config ${name}
+run_rc_command "$1"
diff --git a/net/hostapd29/files/patch-src-l2_packet-l2_packet_freebsd.c b/net/hostapd29/files/patch-src-l2_packet-l2_packet_freebsd.c
new file mode 100644
index 000000000000..8b34e0fbdd89
--- /dev/null
+++ b/net/hostapd29/files/patch-src-l2_packet-l2_packet_freebsd.c
@@ -0,0 +1,14 @@
+--- src/l2_packet/l2_packet_freebsd.c.orig 2014-06-04 13:26:14 UTC
++++ src/l2_packet/l2_packet_freebsd.c
+@@ -8,7 +8,10 @@
+ */
+
+ #include "includes.h"
+-#if defined(__APPLE__) || defined(__GLIBC__)
++#if defined(__FreeBSD__) \
++ || defined(__DragonFly__) \
++ || defined(__APPLE__) \
++ || defined(__GLIBC__)
+ #include <net/bpf.h>
+ #endif /* __APPLE__ */
+ #include <pcap.h>
diff --git a/net/hostapd29/files/patch-src_common_dhcp.h b/net/hostapd29/files/patch-src_common_dhcp.h
new file mode 100644
index 000000000000..f88d1921a380
--- /dev/null
+++ b/net/hostapd29/files/patch-src_common_dhcp.h
@@ -0,0 +1,25 @@
+--- src/common/dhcp.h.orig 2018-12-02 11:34:59.000000000 -0800
++++ src/common/dhcp.h 2018-12-06 00:01:11.429254000 -0800
+@@ -9,6 +9,22 @@
+ #ifndef DHCP_H
+ #define DHCP_H
+
++/*
++ * Translate Linux to FreeBSD
++ */
++#define iphdr ip
++#define ihl ip_hl
++#define verson ip_v
++#define tos ip_tos
++#define tot_len ip_len
++#define id ip_id
++#define frag_off ip_off
++#define ttl ip_ttl
++#define protocol ip_p
++#define check ip_sum
++#define saddr ip_src
++#define daddr ip_dst
++
+ #include <netinet/ip.h>
+ #if __FAVOR_BSD
+ #include <netinet/udp.h>
diff --git a/net/hostapd29/files/patch-src_drivers_driver__bsd.c b/net/hostapd29/files/patch-src_drivers_driver__bsd.c
new file mode 100644
index 000000000000..fe3064586710
--- /dev/null
+++ b/net/hostapd29/files/patch-src_drivers_driver__bsd.c
@@ -0,0 +1,60 @@
+--- src/drivers/driver_bsd.c.orig 2019-08-07 06:25:25.000000000 -0700
++++ src/drivers/driver_bsd.c 2021-06-13 23:10:12.570253000 -0700
+@@ -649,7 +649,7 @@
+ len = 2048;
+ }
+
+- return len;
++ return (len == 0) ? 2048 : len;
+ }
+
+ #ifdef HOSTAPD
+@@ -665,7 +665,11 @@
+ static int bsd_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
+ u16 reason_code);
+
++#ifdef __DragonFly__
++const char *
++#else
+ static const char *
++#endif
+ ether_sprintf(const u8 *addr)
+ {
+ static char buf[sizeof(MACSTR)];
+@@ -1080,7 +1084,14 @@
+ mode = 0 /* STA */;
+ break;
+ case IEEE80211_MODE_IBSS:
++ /*
++ * Ref bin/203086 - FreeBSD's net80211 currently uses
++ * IFM_IEEE80211_ADHOC.
++ */
++#if 0
+ mode = IFM_IEEE80211_IBSS;
++#endif
++ mode = IFM_IEEE80211_ADHOC;
+ break;
+ case IEEE80211_MODE_AP:
+ mode = IFM_IEEE80211_HOSTAP;
+@@ -1336,14 +1347,18 @@
+ drv = bsd_get_drvindex(global, ifm->ifm_index);
+ if (drv == NULL)
+ return;
+- if ((ifm->ifm_flags & IFF_UP) == 0 &&
+- (drv->flags & IFF_UP) != 0) {
++ if (((ifm->ifm_flags & IFF_UP) == 0 ||
++ (ifm->ifm_flags & IFF_RUNNING) == 0) &&
++ (drv->flags & IFF_UP) != 0 &&
++ (drv->flags & IFF_RUNNING) != 0) {
+ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN",
+ drv->ifname);
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED,
+ NULL);
+ } else if ((ifm->ifm_flags & IFF_UP) != 0 &&
+- (drv->flags & IFF_UP) == 0) {
++ (ifm->ifm_flags & IFF_RUNNING) != 0 &&
++ ((drv->flags & IFF_UP) == 0 ||
++ (drv->flags & IFF_RUNNING) == 0)) {
+ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
+ drv->ifname);
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
diff --git a/net/hostapd29/files/patch-src_utils_os.h b/net/hostapd29/files/patch-src_utils_os.h
new file mode 100644
index 000000000000..e92661256d5f
--- /dev/null
+++ b/net/hostapd29/files/patch-src_utils_os.h
@@ -0,0 +1,17 @@
+--- src/utils/os.h.orig 2016-09-17 20:36:13 UTC
++++ src/utils/os.h
+@@ -246,12 +246,14 @@ char * os_readfile(const char *name, siz
+ */
+ int os_file_exists(const char *fname);
+
++#if !defined __FreeBSD__ && !defined __DragonFly__
+ /**
+ * os_fdatasync - Sync a file's (for a given stream) state with storage device
+ * @stream: the stream to be flushed
+ * Returns: 0 if the operation succeeded or -1 on failure
+ */
+ int os_fdatasync(FILE *stream);
++#endif
+
+ /**
+ * os_zalloc - Allocate and zero memory
diff --git a/net/hostapd29/files/patch-src_utils_os__unix.c b/net/hostapd29/files/patch-src_utils_os__unix.c
new file mode 100644
index 000000000000..c56eee136a44
--- /dev/null
+++ b/net/hostapd29/files/patch-src_utils_os__unix.c
@@ -0,0 +1,18 @@
+--- src/utils/os_unix.c.orig 2015-09-27 19:02:05 UTC
++++ src/utils/os_unix.c
+@@ -442,6 +442,7 @@ int os_file_exists(const char *fname)
+ }
+
+
++#if !defined __FreeBSD__ && !defined __DragonFly__
+ int os_fdatasync(FILE *stream)
+ {
+ if (!fflush(stream)) {
+@@ -459,6 +460,7 @@ int os_fdatasync(FILE *stream)
+
+ return -1;
+ }
++#endif
+
+
+ #ifndef WPA_TRACE
diff --git a/net/hostapd29/files/patch-src_wps_wps__upnp.c b/net/hostapd29/files/patch-src_wps_wps__upnp.c
new file mode 100644
index 000000000000..1e3651d33162
--- /dev/null
+++ b/net/hostapd29/files/patch-src_wps_wps__upnp.c
@@ -0,0 +1,20 @@
+--- src/wps/wps_upnp.c.orig 2015-03-15 17:30:39 UTC
++++ src/wps/wps_upnp.c
+@@ -837,7 +837,7 @@ fail:
+ }
+
+
+-#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
++#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__)
+ #include <sys/sysctl.h>
+ #include <net/route.h>
+ #include <net/if_dl.h>
+@@ -924,7 +924,7 @@ int get_netif_info(const char *net_if, u
+ goto fail;
+ }
+ os_memcpy(mac, req.ifr_addr.sa_data, 6);
+-#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
++#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__)
+ if (eth_get(net_if, mac) < 0) {
+ wpa_printf(MSG_ERROR, "WPS UPnP: Failed to get MAC address");
+ goto fail;
diff --git a/net/hostapd29/pkg-descr b/net/hostapd29/pkg-descr
new file mode 100644
index 000000000000..a3c019c9df0e
--- /dev/null
+++ b/net/hostapd29/pkg-descr
@@ -0,0 +1,12 @@
+hostapd is a user space daemon for access point and authentication
+servers. It implements IEEE 802.11 access point management, IEEE
+802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and
+RADIUS authentication server. The current version supports Linux
+(Host AP, madwifi, mac80211-based drivers) and FreeBSD (net80211).
+
+Add the following to /etc/rc.conf to use the ports version instead
+of the base version:
+
+ hostapd_program="/usr/local/sbin/hostapd"
+
+WWW: https://w1.fi/hostapd/
diff --git a/net/hostapd29/pkg-message b/net/hostapd29/pkg-message
new file mode 100644
index 000000000000..43d22d9a1e7d
--- /dev/null
+++ b/net/hostapd29/pkg-message
@@ -0,0 +1,10 @@
+[
+{ type: install
+ message: <<EOM
+Add the following to /etc/rc.conf to use the ports version instead
+of the base version:
+
+ hostapd_program="/usr/local/sbin/hostapd"
+EOM
+}
+]
diff --git a/security/Makefile b/security/Makefile
index d8393de07c7f..3f898cfbdebe 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1258,6 +1258,7 @@
SUBDIR += wolfssh
SUBDIR += wolfssl
SUBDIR += wpa_supplicant
+ SUBDIR += wpa_supplicant29
SUBDIR += wpa_supplicant-devel
SUBDIR += xca
SUBDIR += xinetd
diff --git a/security/wpa_supplicant29/Makefile b/security/wpa_supplicant29/Makefile
new file mode 100644
index 000000000000..7b23c34cd7cb
--- /dev/null
+++ b/security/wpa_supplicant29/Makefile
@@ -0,0 +1,229 @@
+PORTNAME= wpa_supplicant
+PORTVERSION= 2.9
+PORTREVISION= 11
+CATEGORIES= security net
+MASTER_SITES= https://w1.fi/releases/
+
+PATCH_SITES= https://w1.fi/security/2020-1/ \
+ https://w1.fi/security/2021-1/
+PATCHFILES= 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch:-p1 \
+ 0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch:-p1 \
+ 0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch:-p1 \
+ 0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch:-p1
+
+MAINTAINER= cy@FreeBSD.org
+COMMENT= Supplicant (client) for WPA/802.1x protocols
+
+LICENSE= BSD3CLAUSE
+LICENSE_FILE= ${WRKSRC}/README
+
+USES= cpe gmake pkgconfig:build readline ssl
+BUILD_WRKSRC= ${WRKSRC}/wpa_supplicant
+INSTALL_WRKSRC= ${WRKSRC}/src
+CFLAGS+= ${CPPFLAGS} # USES=readline only augments CPPFLAGS and LDFLAGS
+CFLAGS+= -I${OPENSSLINC}
+LDFLAGS+= -L${OPENSSLLIB} -lutil
+MAKE_ENV= V=1
+
+SUB_FILES= pkg-message
+PORTDOCS= README ChangeLog
+
+CFG= ${BUILD_WRKSRC}/.config
+
+.if !exists(/etc/rc.d/wpa_supplicant)
+USE_RC_SUBR= wpa_supplicant
+.endif
+
+OPTIONS_MULTI= DRV EAP
+OPTIONS_MULTI_DRV= BSD WIRED NDIS TEST NONE #ROBOSWITCH
+OPTIONS_MULTI_EAP= TLS PEAP TTLS MD5 MSCHAPV2 GTC LEAP OTP PSK FAST \
+ SIM PWD PAX AKA AKA_PRIME SAKE GPSK TNC IKEV2 EKE
+OPTIONS_DEFINE= WPS WPS_ER WPS_NOREG WPS_NFC WPS_UPNP PKCS12 SMARTCARD \
+ HT_OVERRIDES VHT_OVERRIDES TLSV12 IEEE80211W \
+ IEEE80211R DEBUG_FILE DEBUG_SYSLOG PRIVSEP \
+ DELAYED_MIC IEEE80211N IEEE80211AC INTERWORKING \
+ IEEE8021X_EAPOL EAPOL_TEST \
+ HS20 NO_ROAMING P2P TDLS DBUS MATCH DOCS \
+ SIM_SIMULATOR USIM_SIMULATOR
+OPTIONS_DEFAULT= BSD WIRED \
+ TLS PEAP TTLS MD5 MSCHAPV2 GTC LEAP OTP PSK \
+ WPS PKCS12 SMARTCARD IEEE80211R DEBUG_SYSLOG \
+ INTERWORKING HS20 DBUS MATCH IEEE80211R IEEE80211W \
+ IEEE8021X_EAPOL WPS_ER WPS_NFC WPS_UPNP \
+ FAST PWD PAX SAKE GPSK TNC IKEV2 EKE
+OPTIONS_SUB=
+
+WPS_DESC= Wi-Fi Protected Setup
+WPS_ER_DESC= Enable WPS External Registrar
+WPS_NOREG_DESC= Disable open network credentials when registrar
+WPS_NFC_DESC= Near Field Communication (NFC) configuration
+WPS_UPNP_DESC= Universal Plug and Play support
+PKCS12_DESC= PKCS\#12 (PFS) support
+SMARTCARD_DESC= Private key on smartcard support
+HT_OVERRIDES_DESC= Disable HT/HT40, mask MCS rates, etc
+VHT_OVERRIDES_DESC= Disable VHT, mask MCS rates, etc
+TLSV12_DESC= Build with TLS v1.2 instead of TLS v1.0
+IEEE80211AC_DESC= Very High Throughput, AP mode (IEEE 802.11ac)
+IEEE80211N_DESC= High Throughput, AP mode (IEEE 802.11n)
+IEEE80211R_DESC= Fast BSS Transition (IEEE 802.11r-2008)
+IEEE80211W_DESC= Management Frame Protection (IEEE 802.11w)
+IEEE8021X_EAPOL_DESC= EAP over LAN support
+EAPOL_TEST_DESC= Development testing
+DEBUG_FILE_DESC= Support for writing debug log to a file
+DEBUG_SYSLOG_DESC= Send debug messages to syslog instead of stdout
+PRIVSEP_DESC= Privilege separation
+DELAYED_MIC_DESC= Mitigate TKIP attack, random delay on MIC errors
+INTERWORKING_DESC= Improve ext. network interworking (IEEE 802.11u)
+HS20_DESC= Hotspot 2.0
+NO_ROAMING_DESC= Disable roaming
+P2P_DESC= Peer-to-Peer support
+TDLS_DESC= Tunneled Direct Link Setup
+MATCH_DESC= Interface match mode
+
+DRV_DESC= Driver options
+BSD_DESC= BSD net80211 interface
+NDIS_DESC= Windows NDIS interface
+WIRED_DESC= Wired ethernet interface
+ROBOSWITCH_DESC= Broadcom Roboswitch interface
+TEST_DESC= Development testing interface
+NONE_DESC= The 'no driver' interface, e.g. WPS ER only
+
+EAP_DESC= Extensible Authentication Protocols
+TLS_DESC= Transport Layer Security
+PEAP_DESC= Protected Extensible Authentication Protocol
+TTLS_DESC= Tunneled Transport Layer Security
+MD5_DESC= MD5 hash (deprecated, no key generation)
+MSCHAPV2_DESC= Microsoft CHAP version 2 (RFC 2759)
+GTC_DESC= Generic Token Card
+LEAP_DESC= Lightweight Extensible Authentication Protocol
+OTP_DESC= One-Time Password
+PSK_DESC= Pre-Shared key
+FAST_DESC= Flexible Authentication via Secure Tunneling
+AKA_DESC= Autentication and Key Agreement (UMTS)
+AKA_PRIME_DESC= AKA Prime variant (RFC 5448)
+EKE_DESC= Encrypted Key Exchange
+SIM_DESC= Subscriber Identity Module
+SIM_SIMULATOR_DESC= SIM simulator (Milenage) for EAP-SIM
+USIM_SIMULATOR_DESC= SIM simulator (Milenage) for EAP-AKA
+IKEV2_DESC= Internet Key Exchange version 2
+PWD_DESC= Shared password (RFC 5931)
+PAX_DESC= Password Authenticated Exchange
+SAKE_DESC= Shared-Secret Authentication & Key Establishment
+GPSK_DESC= Generalized Pre-Shared Key
+TNC_DESC= Trusted Network Connect
+
+PRIVSEP_PLIST_FILES= sbin/wpa_priv
+DBUS_PLIST_FILES= share/dbus-1/system-services/fi.w1.wpa_supplicant1.service \
+ etc/dbus-1/system.d/dbus-wpa_supplicant.conf
+
+.include <bsd.port.pre.mk>
+
+.if ${PORT_OPTIONS:MNDIS} && ${PORT_OPTIONS:MPRIVSEP}
+BROKEN= Fails to compile with both NDIS and PRIVSEP
+.endif
+
+.if ${PORT_OPTIONS:MIEEE80211AC} && ${PORT_OPTIONS:MIEEE80211N}
+BROKEN= Fails to compile with both IEEE80211AC and IEEE80211N
+.endif
+
+.if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME}
+LIB_DEPENDS+= libpcsclite.so:devel/pcsc-lite
+CFLAGS+= -I${LOCALBASE}/include/PCSC
+LDFLAGS+= -L${LOCALBASE}/lib
+.endif
+
+.if ${PORT_OPTIONS:MDBUS}
+LIB_DEPENDS+= libdbus-1.so:devel/dbus
+.endif
+
+post-patch:
+ @${CP} ${FILESDIR}/Packet32.[ch] ${FILESDIR}/ntddndis.h \
+ ${WRKSRC}/src/utils
+ # Set driver(s)
+.for item in BSD NDIS WIRED ROBOSWITCH TEST NONE
+. if ${PORT_OPTIONS:M${item}}
+ @${ECHO_CMD} CONFIG_DRIVER_${item}=y >> ${CFG}
+. endif
+.endfor
+ # Set EAP protocol(s)
+.for item in MD5 MSCHAPV2 TLS PEAP TTLS FAST GTC OTP PSK PWD PAX LEAP SIM \
+ AKA AKA_PRIME SAKE GPSK TNC IKEV2 EKE
+. if ${PORT_OPTIONS:M${item}}
+ @${ECHO_CMD} CONFIG_EAP_${item:tu}=y >> ${CFG}
+. endif
+.endfor
+.if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME}
+ @${ECHO_CMD} CONFIG_PCSC=y >> ${CFG}
+.endif
+.for simple in WPS WPS_ER WPS_NFC WPS_UPNP PKCS12 SMARTCARD HT_OVERRIDES \
+ VHT_OVERRIDES TLSV12 IEEE80211AC IEEE80211N IEEE80211R IEEE80211W \
+ IEEE8021X_EAPOL EAPOL_TEST \
+ INTERWORKING DEBUG_FILE DEBUG_SYSLOG HS20 NO_ROAMING PRIVSEP P2P TDLS
+. if ${PORT_OPTIONS:M${simple}}
+ @${ECHO_CMD} CONFIG_${simple}=y >> ${CFG}
+. endif
+.endfor
+.for item in READLINE PEERKEY
+ @${ECHO_CMD} CONFIG_${item}=y >> ${CFG}
+.endfor
+.if ${PORT_OPTIONS:MIEEE80211AC} || ${PORT_OPTIONS:MIEEE80211N}
+ @${ECHO_CMD} CONFIG_AP=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MGPSK}
+ # GPSK desired, assume highest SHA desired too
+ @${ECHO_CMD} CONFIG_EAP_GPSK_SHA256=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MWPS_NOREG}
+ @${ECHO_CMD} CONFIG_WPS_REG_DISABLE_OPEN=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MDELAYED_MIC}
+ @${ECHO_CMD} CONFIG_DELAYED_MIC_ERROR_REPORT=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MDBUS}
+ @${ECHO_CMD} CONFIG_CTRL_IFACE_DBUS_NEW=y >> ${CFG}
+ @${ECHO_CMD} CONFIG_CTRL_IFACE_DBUS_INTRO=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MMATCH}
+ @${ECHO_CMD} CONFIG_MATCH_IFACE=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MUSIM_SIMULATOR}
+ @${ECHO_CMD} CONFIG_USIM_SIMULATOR=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MSIM_SIMULATOR}
+ @${ECHO_CMD} CONFIG_SIM_SIMULATOR=y >> ${CFG}
+.endif
+ @${ECHO_CMD} CONFIG_OS=unix >> ${CFG}
+ @${ECHO_CMD} CONFIG_CTRL_IFACE=unix >> ${CFG}
+ @${ECHO_CMD} CONFIG_BACKEND=file >> ${CFG}
+ @${ECHO_CMD} CONFIG_L2_PACKET=freebsd >> ${CFG}
+ @${ECHO_CMD} CONFIG_TLS=openssl >> ${CFG}
+
+post-build-EAPOL_TEST-on:
+ cd ${BUILD_WRKSRC} && ${GMAKE} eapol_test
+
+do-install:
+ (cd ${BUILD_WRKSRC} && ${INSTALL_PROGRAM} wpa_supplicant wpa_cli \
+ wpa_passphrase ${STAGEDIR}${PREFIX}/sbin)
+ ${INSTALL_DATA} ${BUILD_WRKSRC}/wpa_supplicant.conf \
+ ${STAGEDIR}${PREFIX}/etc/wpa_supplicant.conf.sample
+
+do-install-EAPOL_TEST-on:
+ ${INSTALL_PROGRAM} ${BUILD_WRKSRC}/eapol_test ${STAGEDIR}${PREFIX}/sbin
+
+do-install-DOCS-on:
+ @${MKDIR} ${STAGEDIR}${DOCSDIR}
+ (cd ${BUILD_WRKSRC} && \
+ ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR})
+
+do-install-PRIVSEP-on:
+ ${INSTALL_PROGRAM} ${BUILD_WRKSRC}/wpa_priv ${STAGEDIR}${PREFIX}/sbin
+
+do-install-DBUS-on:
+ @${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/
+ @${MKDIR} ${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/
+ ${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/fi.w1.wpa_supplicant1.service \
+ ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/
+ ${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/dbus-wpa_supplicant.conf \
+ ${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/
+
+.include <bsd.port.post.mk>
diff --git a/security/wpa_supplicant29/distinfo b/security/wpa_supplicant29/distinfo
new file mode 100644
index 000000000000..ecea4c5cfca6
--- /dev/null
+++ b/security/wpa_supplicant29/distinfo
@@ -0,0 +1,11 @@
+TIMESTAMP = 1615939959
+SHA256 (wpa_supplicant-2.9.tar.gz) = fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17
+SIZE (wpa_supplicant-2.9.tar.gz) = 3231785
+SHA256 (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7
+SIZE (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 5909
+SHA256 (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 49feb35a5276279b465f6836d6fa2c6b34d94dc979e8b840d1918865c04260de
+SIZE (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 2284
+SHA256 (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a
+SIZE (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = 1553
*** 931 LINES SKIPPED ***