From nobody Mon Jun 20 15:12:35 2022 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id E3427867A5A; Mon, 20 Jun 2022 15:12:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LRY6W5wj0z4h5d; Mon, 20 Jun 2022 15:12:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1655737955; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3p2rq9I0XQLoZIPwlZenmdV1qZQf5k7WLPalkFHvRio=; b=aESZ35D/YGTJ9iWLeCw54uxAMtxXRdpDOSUwzTCad2kMZ0m6+frkFKLoN8QtPyEQVbrIeQ eNTawCWIXAXYyDzunPEZONzgxQ4mDBWDoPNW6OeP/xkU5B3AmyfghMa/AMrRT1Y/mgVkaK yxisN3MgNWPEp2/Bj2d/pfo/Zxa1xWIy8cJLw1NGfqDob3MUyYF6NSAyhu3IsKqZY3lx7p yNC8RX9s4JIbLN1gpFjMYk8rYGMDI+GFtkmNCatPCZhKyuioQd6e0tXwIahPeoh2jNbVSE wboVaKOKepNQ07vBu3+8ONBamx34wIGyY4obMPxC5uUjZsNApveI1oSvtfneVg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AAF991FAD7; Mon, 20 Jun 2022 15:12:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 25KFCZLt003587; Mon, 20 Jun 2022 15:12:35 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 25KFCZV0003586; Mon, 20 Jun 2022 15:12:35 GMT (envelope-from git) Date: Mon, 20 Jun 2022 15:12:35 GMT Message-Id: <202206201512.25KFCZV0003586@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org From: Cy Schubert Subject: git: c82d2efea691 - 2022Q2 - */*: Bring back wpa_supplicant29 and hostapd29 as new ports List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: ports X-Git-Refname: refs/heads/2022Q2 X-Git-Reftype: branch X-Git-Commit: c82d2efea691ec4d8eac6a875eb0fe182106bf99 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1655737955; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3p2rq9I0XQLoZIPwlZenmdV1qZQf5k7WLPalkFHvRio=; b=FSd4Z1/7BjDwrnxccXmfeb7G4EigIGIm08gj5KUziodyKuiC1CpiSx+5/7HNro+Em0C98z p6+urtENtPY9YQF5l3psuxuGjN9YBQoc2373er5buLUXdpizWUp3SnUsdJVGTOmhAsapbJ H8Cs/iWLWZ9eR1gL2lGKFpWPDW1Fx/BDV/c4H8jI66ivppeX+tta3k9UrMtolPJrfbr6Si sW/YsKeBRjqaD5nhdfqaTEd73dB4qnZdqdNu8L5hvpQGYzz6308jLft7wvWogs6oeITIzW 21O/rebkCcctAAx/Ed3GSC78C/etipPg6EQvy+gak72pfRZZEXrlhSfYAFDFoA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1655737955; a=rsa-sha256; cv=none; b=VnP6mP9Mz6AkG1RrSUT9le/Xdz2UoTAAhu5JT//gHVtNcwvyvLY59DGMYqdhUJPpeu5u7V wTfw624GLaOXiQcn4OIvK2GPe3WuYBhmxSVn0AVE7vya6QYZIiXFE5oSu2/z/bMlOzc3H7 K1wijiY5uKM0xHNKjYAzkvVg7h7UtD5SlUgMwwvnucuWDjdD1JtFesssS/pD4xBOfihTFv ZrDgczfMufcwOSEf/Ky+jnozM8ABLZL89uzF8nnwUb/9i10LkNTFALxiOx13gHK2WjnbNE YjFwlWFGKzdb3E7qpC3TCszqft5Pq90M2S2tn5A7YjOj79Zo7IR564j5tCIeyQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch 2022Q2 has been updated by cy: URL: https://cgit.FreeBSD.org/ports/commit/?id=c82d2efea691ec4d8eac6a875eb0fe182106bf99 commit c82d2efea691ec4d8eac6a875eb0fe182106bf99 Author: Cy Schubert AuthorDate: 2022-06-19 16:15:44 +0000 Commit: Cy Schubert CommitDate: 2022-06-20 15:11:55 +0000 */*: Bring back wpa_supplicant29 and hostapd29 as new ports The current wpa_supplicant and hostapd have an issue with AR9285. For the time being bring back wpa_supplicant 2.9 as security/wpa_supplicant29 and hostpd 2.9 as net/hostapd29 for those cases that have an issue with wpa_supplicant/hostpad2.10 (in base and in ports) PR: 264238 (cherry picked from commit 7150a0c9b1014e445a8266c9080d0bf4738dcc9c) --- net/Makefile | 1 + net/hostapd29/Makefile | 46 +++ net/hostapd29/distinfo | 9 + net/hostapd29/files/config | 316 ++++++++++++++++++ net/hostapd29/files/hostapd.in | 39 +++ .../files/patch-src-l2_packet-l2_packet_freebsd.c | 14 + net/hostapd29/files/patch-src_common_dhcp.h | 25 ++ .../files/patch-src_drivers_driver__bsd.c | 60 ++++ net/hostapd29/files/patch-src_utils_os.h | 17 + net/hostapd29/files/patch-src_utils_os__unix.c | 18 + net/hostapd29/files/patch-src_wps_wps__upnp.c | 20 ++ net/hostapd29/pkg-descr | 12 + net/hostapd29/pkg-message | 10 + security/Makefile | 1 + security/wpa_supplicant29/Makefile | 229 +++++++++++++ security/wpa_supplicant29/distinfo | 11 + security/wpa_supplicant29/files/Packet32.c | 366 +++++++++++++++++++++ security/wpa_supplicant29/files/Packet32.h | 65 ++++ security/wpa_supplicant29/files/ntddndis.h | 32 ++ .../wpa_supplicant29/files/patch-src_common_dhcp.h | 25 ++ .../files/patch-src_drivers_driver__bsd.c | 48 +++ .../files/patch-src_drivers_driver__ndis.c | 89 +++++ .../patch-src_l2__packet_l2__packet__freebsd.c | 12 + .../files/patch-src_radius_radius__client.c | 12 + .../files/patch-src_wps_wps__upnp.c | 34 ++ .../files/patch-wpa__supplicant_Makefile | 17 + .../files/patch-wpa__supplicant_main.c | 33 ++ .../files/patch-wpa__supplicant_wpa__supplicant.c | 16 + security/wpa_supplicant29/files/pkg-message.in | 11 + security/wpa_supplicant29/files/wpa_supplicant.in | 54 +++ security/wpa_supplicant29/pkg-descr | 14 + security/wpa_supplicant29/pkg-plist | 5 + 32 files changed, 1661 insertions(+) diff --git a/net/Makefile b/net/Makefile index 501e316e38d6..544d5137d2c8 100644 --- a/net/Makefile +++ b/net/Makefile @@ -248,6 +248,7 @@ SUBDIR += hlmaster SUBDIR += honeyd SUBDIR += hostapd + SUBDIR += hostapd29 SUBDIR += hostapd-devel SUBDIR += hping3 SUBDIR += hsflowd diff --git a/net/hostapd29/Makefile b/net/hostapd29/Makefile new file mode 100644 index 000000000000..a87a8ed33515 --- /dev/null +++ b/net/hostapd29/Makefile @@ -0,0 +1,46 @@ +# Created by: Craig Leres + +PORTNAME= hostapd +PORTVERSION= 2.9 +PORTREVISION= 4 +CATEGORIES= net +MASTER_SITES= https://w1.fi/releases/ + +PATCH_SITES= https://w1.fi/security/2020-1/ +PATCHFILES= 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch:-p1 \ + 0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch:-p1 \ + 0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch:-p1 + +MAINTAINER= cy@FreeBSD.org +COMMENT= IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator + +LICENSE= BSD3CLAUSE + +USES= cpe gmake ssl +CPE_VENDOR= w1.fi +BUILD_WRKSRC= ${WRKSRC}/hostapd +CFLAGS+= -I${OPENSSLINC} +LDFLAGS+= -L${OPENSSLLIB} + +PLIST_FILES= sbin/hostapd sbin/hostapd_cli man/man1/hostapd_cli.1.gz \ + man/man8/hostapd.8.gz +.if !exists(/etc/rc.d/hostapd) +USE_RC_SUBR= hostapd +.endif + +post-patch: + @${REINPLACE_CMD} -e 's|@$$(E) " CC " $$<|@$$(E) " $$(CC) " $$<|' \ + ${BUILD_WRKSRC}/Makefile + @${SED} -e 's|@PREFIX@|${PREFIX}|g' ${FILESDIR}/config \ + >> ${WRKSRC}/hostapd/.config + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/hostapd/hostapd ${STAGEDIR}${PREFIX}/sbin + ${INSTALL_PROGRAM} ${WRKSRC}/hostapd/hostapd_cli \ + ${STAGEDIR}${PREFIX}/sbin + ${INSTALL_MAN} ${WRKSRC}/hostapd/hostapd_cli.1 \ + ${STAGEDIR}${MANPREFIX}/man/man1 + ${INSTALL_MAN} ${WRKSRC}/hostapd/hostapd.8 \ + ${STAGEDIR}${MANPREFIX}/man/man8 + +.include diff --git a/net/hostapd29/distinfo b/net/hostapd29/distinfo new file mode 100644 index 000000000000..c6fd159e26c4 --- /dev/null +++ b/net/hostapd29/distinfo @@ -0,0 +1,9 @@ +TIMESTAMP = 1591652140 +SHA256 (hostapd-2.9.tar.gz) = 881d7d6a90b2428479288d64233151448f8990ab4958e0ecaca7eeb3c9db2bd7 +SIZE (hostapd-2.9.tar.gz) = 2244312 +SHA256 (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7 +SIZE (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 5909 +SHA256 (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 49feb35a5276279b465f6836d6fa2c6b34d94dc979e8b840d1918865c04260de +SIZE (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 2284 +SHA256 (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a +SIZE (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = 1553 diff --git a/net/hostapd29/files/config b/net/hostapd29/files/config new file mode 100644 index 000000000000..de05f3384a1a --- /dev/null +++ b/net/hostapd29/files/config @@ -0,0 +1,316 @@ +# FreeBSD hostapd build time configuration +# +# This file lists the configuration options that are used when building the +# hostapd binary. All lines starting with # are ignored. Configuration option +# lines must be commented out complete, if they are not to be included, i.e., +# just setting VARIABLE=n is not disabling that variable. +# +# This file is included in Makefile, so variables like CFLAGS and LIBS can also +# be modified from here. In most cass, these lines should use += in order not +# to override previous values of the variables. + +# Driver interface for Host AP driver +#CONFIG_DRIVER_HOSTAP=y + +# Driver interface for wired authenticator +#CONFIG_DRIVER_WIRED=y + +# Driver interface for madwifi driver +#CONFIG_DRIVER_MADWIFI=y +#CFLAGS += -I../../madwifi # change to the madwifi source directory + +# Driver interface for drivers using the nl80211 kernel interface +#CONFIG_DRIVER_NL80211=y + +# driver_nl80211.c requires libnl. If you are compiling it yourself +# you may need to point hostapd to your version of libnl. +# +#CFLAGS += -I$ +#LIBS += -L$ + +# Use libnl v2.0 (or 3.0) libraries. +#CONFIG_LIBNL20=y + +# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) +#CONFIG_LIBNL32=y + +# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) +CONFIG_DRIVER_BSD=y +CFLAGS += -I@PREFIX@/include +LIBS += -L@PREFIX@/lib +LIBS_p += -L@PREFIX@/lib +LIBS_c += -L@PREFIX@/lib + +# Driver interface for no driver (e.g., RADIUS server only) +#CONFIG_DRIVER_NONE=y + +# IEEE 802.11F/IAPP +#CONFIG_IAPP=y + +# WPA2/IEEE 802.11i RSN pre-authentication +CONFIG_RSN_PREAUTH=y + +# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) +#CONFIG_PEERKEY=y + +# IEEE 802.11w (management frame protection) +#CONFIG_IEEE80211W=y + +# Integrated EAP server +CONFIG_EAP=y + +# EAP-MD5 for the integrated EAP server +CONFIG_EAP_MD5=y + +# EAP-TLS for the integrated EAP server +CONFIG_EAP_TLS=y + +# EAP-MSCHAPv2 for the integrated EAP server +CONFIG_EAP_MSCHAPV2=y + +# EAP-PEAP for the integrated EAP server +CONFIG_EAP_PEAP=y + +# EAP-GTC for the integrated EAP server +CONFIG_EAP_GTC=y + +# EAP-TTLS for the integrated EAP server +CONFIG_EAP_TTLS=y + +# EAP-SIM for the integrated EAP server +#CONFIG_EAP_SIM=y + +# EAP-AKA for the integrated EAP server +#CONFIG_EAP_AKA=y + +# EAP-AKA' for the integrated EAP server +# This requires CONFIG_EAP_AKA to be enabled, too. +#CONFIG_EAP_AKA_PRIME=y + +# EAP-PAX for the integrated EAP server +#CONFIG_EAP_PAX=y + +# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) +#CONFIG_EAP_PSK=y + +# EAP-pwd for the integrated EAP server (secure authentication with a password) +#CONFIG_EAP_PWD=y + +# EAP-SAKE for the integrated EAP server +#CONFIG_EAP_SAKE=y + +# EAP-GPSK for the integrated EAP server +#CONFIG_EAP_GPSK=y +# Include support for optional SHA256 cipher suite in EAP-GPSK +#CONFIG_EAP_GPSK_SHA256=y + +# EAP-FAST for the integrated EAP server +# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed +# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., +# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. +#CONFIG_EAP_FAST=y + +# Wi-Fi Protected Setup (WPS) +#CONFIG_WPS=y +# Enable UPnP support for external WPS Registrars +#CONFIG_WPS_UPNP=y +# Enable WPS support with NFC config method +#CONFIG_WPS_NFC=y + +# EAP-IKEv2 +#CONFIG_EAP_IKEV2=y + +# Trusted Network Connect (EAP-TNC) +#CONFIG_EAP_TNC=y + +# EAP-EKE for the integrated EAP server +#CONFIG_EAP_EKE=y + +# PKCS#12 (PFX) support (used to read private key and certificate file from +# a file that usually has extension .p12 or .pfx) +CONFIG_PKCS12=y + +# RADIUS authentication server. This provides access to the integrated EAP +# server from external hosts using RADIUS. +#CONFIG_RADIUS_SERVER=y + +# Build IPv6 support for RADIUS operations +CONFIG_IPV6=y + +# IEEE Std 802.11r-2008 (Fast BSS Transition) +#CONFIG_IEEE80211R=y + +# Use the hostapd's IEEE 802.11 authentication (ACL), but without +# the IEEE 802.11 Management capability (e.g., madwifi or FreeBSD/net80211) +CONFIG_DRIVER_RADIUS_ACL=y + +# IEEE 802.11n (High Throughput) support +#CONFIG_IEEE80211N=y + +# Wireless Network Management (IEEE Std 802.11v-2011) +# Note: This is experimental and not complete implementation. +#CONFIG_WNM=y + +# IEEE 802.11ac (Very High Throughput) support +#CONFIG_IEEE80211AC=y + +# Remove debugging code that is printing out debug messages to stdout. +# This can be used to reduce the size of the hostapd considerably if debugging +# code is not needed. +#CONFIG_NO_STDOUT_DEBUG=y + +# Add support for writing debug log to a file: -f /tmp/hostapd.log +# Disabled by default. +#CONFIG_DEBUG_FILE=y + +# Add support for sending all debug messages (regardless of debug verbosity) +# to the Linux kernel tracing facility. This helps debug the entire stack by +# making it easy to record everything happening from the driver up into the +# same file, e.g., using trace-cmd. +#CONFIG_DEBUG_LINUX_TRACING=y + +# Remove support for RADIUS accounting +#CONFIG_NO_ACCOUNTING=y + +# Remove support for RADIUS +#CONFIG_NO_RADIUS=y + +# Remove support for VLANs +#CONFIG_NO_VLAN=y + +# Enable support for fully dynamic VLANs. This enables hostapd to +# automatically create bridge and VLAN interfaces if necessary. +#CONFIG_FULL_DYNAMIC_VLAN=y + +# Use netlink-based kernel API for VLAN operations instead of ioctl() +# Note: This requires libnl 3.1 or newer. +#CONFIG_VLAN_NETLINK=y + +# Remove support for dumping internal state through control interface commands +# This can be used to reduce binary size at the cost of disabling a debugging +# option. +#CONFIG_NO_DUMP_STATE=y + +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, comment out these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, comment out these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +# hostapd depends on strong random number generation being available from the +# operating system. os_get_random() function is used to fetch random data when +# needed, e.g., for key generation. On Linux and BSD systems, this works by +# reading /dev/urandom. It should be noted that the OS entropy pool needs to be +# properly initialized before hostapd is started. This is important especially +# on embedded devices that do not have a hardware random number generator and +# may by default start up with minimal entropy available for random number +# generation. +# +# As a safety net, hostapd is by default trying to internally collect +# additional entropy for generating random data to mix in with the data +# fetched from the OS. This by itself is not considered to be very strong, but +# it may help in cases where the system pool is not initialized properly. +# However, it is very strongly recommended that the system pool is initialized +# with enough entropy either by using hardware assisted random number +# generator or by storing state over device reboots. +# +# hostapd can be configured to maintain its own entropy store over restarts to +# enhance random number generation. This is not perfect, but it is much more +# secure than using the same sequence of random numbers after every reboot. +# This can be enabled with -e command line option. The specified +# file needs to be readable and writable by hostapd. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal hostapd random pool can be disabled. +# This will save some in binary size and CPU use. However, this should only be +# considered for builds that are known to be used on devices that meet the +# requirements described above. +#CONFIG_NO_RANDOM_POOL=y + +# Select TLS implementation +# openssl = OpenSSL (default) +# gnutls = GnuTLS +# internal = Internal TLSv1 implementation (experimental) +# none = Empty template +#CONFIG_TLS=openssl + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. +#CONFIG_TLSV11=y + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) +# can be enabled to enable use of stronger crypto algorithms. +#CONFIG_TLSV12=y + +# If CONFIG_TLS=internal is used, additional library and include paths are +# needed for LibTomMath. Alternatively, an integrated, minimal version of +# LibTomMath can be used. See beginning of libtommath.c for details on benefits +# and drawbacks of this option. +#CONFIG_INTERNAL_LIBTOMMATH=y +#ifndef CONFIG_INTERNAL_LIBTOMMATH +#LTM_PATH=/usr/src/libtommath-0.39 +#CFLAGS += -I$(LTM_PATH) +#LIBS += -L$(LTM_PATH) +#LIBS_p += -L$(LTM_PATH) +#endif +# At the cost of about 4 kB of additional binary size, the internal LibTomMath +# can be configured to include faster routines for exptmod, sqr, and div to +# speed up DH and RSA calculation considerably +#CONFIG_INTERNAL_LIBTOMMATH_FAST=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks. +#CONFIG_INTERWORKING=y + +# Hotspot 2.0 +#CONFIG_HS20=y + +# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file +#CONFIG_SQLITE=y + +# Testing options +# This can be used to enable some testing options (see also the example +# configuration file) that are really useful only for testing clients that +# connect to this hostapd. These options allow, for example, to drop a +# certain percentage of probe requests or auth/(re)assoc frames. +# +#CONFIG_TESTING_OPTIONS=y + +# Automatic Channel Selection +# This will allow hostapd to pick the channel automatically when channel is set +# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in +# similar way. +# +# Automatic selection is currently only done through initialization, later on +# we hope to do background checks to keep us moving to more ideal channels as +# time goes by. ACS is currently only supported through the nl80211 driver and +# your driver must have survey dump capability that is filled by the driver +# during scanning. +# +# You can customize the ACS survey algorithm with the hostapd.conf variable +# acs_num_scans. +# +# Supported ACS drivers: +# * ath9k +# * ath5k +# * ath10k +# +# For more details refer to: +# http://wireless.kernel.org/en/users/Documentation/acs +# +#CONFIG_ACS=y diff --git a/net/hostapd29/files/hostapd.in b/net/hostapd29/files/hostapd.in new file mode 100644 index 000000000000..b6e717098472 --- /dev/null +++ b/net/hostapd29/files/hostapd.in @@ -0,0 +1,39 @@ +#!/bin/sh + +# PROVIDE: hostapd +# REQUIRE: mountcritremote +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="hostapd" +desc="Authenticator for IEEE 802.11 networks" +# +# This portion of this rc.script is different from base. +case ${command} in +/usr/sbin/hostapd) # Assume user does not want base hostapd because + # user specified WITHOUT_WIRELESS in make.conf + # and /etc/defaults/rc.conf contains this value. + unset command;; +esac +command=${hostapd_program:-%%PREFIX%%/sbin/hostapd} +# End of differences from base. The rest of the file should remain the same. + +ifn="$2" +if [ -z "$ifn" ]; then + rcvar="hostapd_enable" + conf_file="/etc/${name}.conf" + pidfile="/var/run/${name}.pid" +else + rcvar= + conf_file="/etc/${name}-${ifn}.conf" + pidfile="/var/run/${name}-${ifn}.pid" +fi + +command_args="-P ${pidfile} -B ${conf_file}" +required_files="${conf_file}" +required_modules="wlan_xauth wlan_wep wlan_tkip wlan_ccmp" +extra_commands="reload" + +load_rc_config ${name} +run_rc_command "$1" diff --git a/net/hostapd29/files/patch-src-l2_packet-l2_packet_freebsd.c b/net/hostapd29/files/patch-src-l2_packet-l2_packet_freebsd.c new file mode 100644 index 000000000000..8b34e0fbdd89 --- /dev/null +++ b/net/hostapd29/files/patch-src-l2_packet-l2_packet_freebsd.c @@ -0,0 +1,14 @@ +--- src/l2_packet/l2_packet_freebsd.c.orig 2014-06-04 13:26:14 UTC ++++ src/l2_packet/l2_packet_freebsd.c +@@ -8,7 +8,10 @@ + */ + + #include "includes.h" +-#if defined(__APPLE__) || defined(__GLIBC__) ++#if defined(__FreeBSD__) \ ++ || defined(__DragonFly__) \ ++ || defined(__APPLE__) \ ++ || defined(__GLIBC__) + #include + #endif /* __APPLE__ */ + #include diff --git a/net/hostapd29/files/patch-src_common_dhcp.h b/net/hostapd29/files/patch-src_common_dhcp.h new file mode 100644 index 000000000000..f88d1921a380 --- /dev/null +++ b/net/hostapd29/files/patch-src_common_dhcp.h @@ -0,0 +1,25 @@ +--- src/common/dhcp.h.orig 2018-12-02 11:34:59.000000000 -0800 ++++ src/common/dhcp.h 2018-12-06 00:01:11.429254000 -0800 +@@ -9,6 +9,22 @@ + #ifndef DHCP_H + #define DHCP_H + ++/* ++ * Translate Linux to FreeBSD ++ */ ++#define iphdr ip ++#define ihl ip_hl ++#define verson ip_v ++#define tos ip_tos ++#define tot_len ip_len ++#define id ip_id ++#define frag_off ip_off ++#define ttl ip_ttl ++#define protocol ip_p ++#define check ip_sum ++#define saddr ip_src ++#define daddr ip_dst ++ + #include + #if __FAVOR_BSD + #include diff --git a/net/hostapd29/files/patch-src_drivers_driver__bsd.c b/net/hostapd29/files/patch-src_drivers_driver__bsd.c new file mode 100644 index 000000000000..fe3064586710 --- /dev/null +++ b/net/hostapd29/files/patch-src_drivers_driver__bsd.c @@ -0,0 +1,60 @@ +--- src/drivers/driver_bsd.c.orig 2019-08-07 06:25:25.000000000 -0700 ++++ src/drivers/driver_bsd.c 2021-06-13 23:10:12.570253000 -0700 +@@ -649,7 +649,7 @@ + len = 2048; + } + +- return len; ++ return (len == 0) ? 2048 : len; + } + + #ifdef HOSTAPD +@@ -665,7 +665,11 @@ + static int bsd_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr, + u16 reason_code); + ++#ifdef __DragonFly__ ++const char * ++#else + static const char * ++#endif + ether_sprintf(const u8 *addr) + { + static char buf[sizeof(MACSTR)]; +@@ -1080,7 +1084,14 @@ + mode = 0 /* STA */; + break; + case IEEE80211_MODE_IBSS: ++ /* ++ * Ref bin/203086 - FreeBSD's net80211 currently uses ++ * IFM_IEEE80211_ADHOC. ++ */ ++#if 0 + mode = IFM_IEEE80211_IBSS; ++#endif ++ mode = IFM_IEEE80211_ADHOC; + break; + case IEEE80211_MODE_AP: + mode = IFM_IEEE80211_HOSTAP; +@@ -1336,14 +1347,18 @@ + drv = bsd_get_drvindex(global, ifm->ifm_index); + if (drv == NULL) + return; +- if ((ifm->ifm_flags & IFF_UP) == 0 && +- (drv->flags & IFF_UP) != 0) { ++ if (((ifm->ifm_flags & IFF_UP) == 0 || ++ (ifm->ifm_flags & IFF_RUNNING) == 0) && ++ (drv->flags & IFF_UP) != 0 && ++ (drv->flags & IFF_RUNNING) != 0) { + wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN", + drv->ifname); + wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, + NULL); + } else if ((ifm->ifm_flags & IFF_UP) != 0 && +- (drv->flags & IFF_UP) == 0) { ++ (ifm->ifm_flags & IFF_RUNNING) != 0 && ++ ((drv->flags & IFF_UP) == 0 || ++ (drv->flags & IFF_RUNNING) == 0)) { + wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP", + drv->ifname); + wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, diff --git a/net/hostapd29/files/patch-src_utils_os.h b/net/hostapd29/files/patch-src_utils_os.h new file mode 100644 index 000000000000..e92661256d5f --- /dev/null +++ b/net/hostapd29/files/patch-src_utils_os.h @@ -0,0 +1,17 @@ +--- src/utils/os.h.orig 2016-09-17 20:36:13 UTC ++++ src/utils/os.h +@@ -246,12 +246,14 @@ char * os_readfile(const char *name, siz + */ + int os_file_exists(const char *fname); + ++#if !defined __FreeBSD__ && !defined __DragonFly__ + /** + * os_fdatasync - Sync a file's (for a given stream) state with storage device + * @stream: the stream to be flushed + * Returns: 0 if the operation succeeded or -1 on failure + */ + int os_fdatasync(FILE *stream); ++#endif + + /** + * os_zalloc - Allocate and zero memory diff --git a/net/hostapd29/files/patch-src_utils_os__unix.c b/net/hostapd29/files/patch-src_utils_os__unix.c new file mode 100644 index 000000000000..c56eee136a44 --- /dev/null +++ b/net/hostapd29/files/patch-src_utils_os__unix.c @@ -0,0 +1,18 @@ +--- src/utils/os_unix.c.orig 2015-09-27 19:02:05 UTC ++++ src/utils/os_unix.c +@@ -442,6 +442,7 @@ int os_file_exists(const char *fname) + } + + ++#if !defined __FreeBSD__ && !defined __DragonFly__ + int os_fdatasync(FILE *stream) + { + if (!fflush(stream)) { +@@ -459,6 +460,7 @@ int os_fdatasync(FILE *stream) + + return -1; + } ++#endif + + + #ifndef WPA_TRACE diff --git a/net/hostapd29/files/patch-src_wps_wps__upnp.c b/net/hostapd29/files/patch-src_wps_wps__upnp.c new file mode 100644 index 000000000000..1e3651d33162 --- /dev/null +++ b/net/hostapd29/files/patch-src_wps_wps__upnp.c @@ -0,0 +1,20 @@ +--- src/wps/wps_upnp.c.orig 2015-03-15 17:30:39 UTC ++++ src/wps/wps_upnp.c +@@ -837,7 +837,7 @@ fail: + } + + +-#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) ++#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__) + #include + #include + #include +@@ -924,7 +924,7 @@ int get_netif_info(const char *net_if, u + goto fail; + } + os_memcpy(mac, req.ifr_addr.sa_data, 6); +-#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) ++#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__) + if (eth_get(net_if, mac) < 0) { + wpa_printf(MSG_ERROR, "WPS UPnP: Failed to get MAC address"); + goto fail; diff --git a/net/hostapd29/pkg-descr b/net/hostapd29/pkg-descr new file mode 100644 index 000000000000..a3c019c9df0e --- /dev/null +++ b/net/hostapd29/pkg-descr @@ -0,0 +1,12 @@ +hostapd is a user space daemon for access point and authentication +servers. It implements IEEE 802.11 access point management, IEEE +802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and +RADIUS authentication server. The current version supports Linux +(Host AP, madwifi, mac80211-based drivers) and FreeBSD (net80211). + +Add the following to /etc/rc.conf to use the ports version instead +of the base version: + + hostapd_program="/usr/local/sbin/hostapd" + +WWW: https://w1.fi/hostapd/ diff --git a/net/hostapd29/pkg-message b/net/hostapd29/pkg-message new file mode 100644 index 000000000000..43d22d9a1e7d --- /dev/null +++ b/net/hostapd29/pkg-message @@ -0,0 +1,10 @@ +[ +{ type: install + message: < + +.if ${PORT_OPTIONS:MNDIS} && ${PORT_OPTIONS:MPRIVSEP} +BROKEN= Fails to compile with both NDIS and PRIVSEP +.endif + +.if ${PORT_OPTIONS:MIEEE80211AC} && ${PORT_OPTIONS:MIEEE80211N} +BROKEN= Fails to compile with both IEEE80211AC and IEEE80211N +.endif + +.if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME} +LIB_DEPENDS+= libpcsclite.so:devel/pcsc-lite +CFLAGS+= -I${LOCALBASE}/include/PCSC +LDFLAGS+= -L${LOCALBASE}/lib +.endif + +.if ${PORT_OPTIONS:MDBUS} +LIB_DEPENDS+= libdbus-1.so:devel/dbus +.endif + +post-patch: + @${CP} ${FILESDIR}/Packet32.[ch] ${FILESDIR}/ntddndis.h \ + ${WRKSRC}/src/utils + # Set driver(s) +.for item in BSD NDIS WIRED ROBOSWITCH TEST NONE +. if ${PORT_OPTIONS:M${item}} + @${ECHO_CMD} CONFIG_DRIVER_${item}=y >> ${CFG} +. endif +.endfor + # Set EAP protocol(s) +.for item in MD5 MSCHAPV2 TLS PEAP TTLS FAST GTC OTP PSK PWD PAX LEAP SIM \ + AKA AKA_PRIME SAKE GPSK TNC IKEV2 EKE +. if ${PORT_OPTIONS:M${item}} + @${ECHO_CMD} CONFIG_EAP_${item:tu}=y >> ${CFG} +. endif +.endfor +.if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME} + @${ECHO_CMD} CONFIG_PCSC=y >> ${CFG} +.endif +.for simple in WPS WPS_ER WPS_NFC WPS_UPNP PKCS12 SMARTCARD HT_OVERRIDES \ + VHT_OVERRIDES TLSV12 IEEE80211AC IEEE80211N IEEE80211R IEEE80211W \ + IEEE8021X_EAPOL EAPOL_TEST \ + INTERWORKING DEBUG_FILE DEBUG_SYSLOG HS20 NO_ROAMING PRIVSEP P2P TDLS +. if ${PORT_OPTIONS:M${simple}} + @${ECHO_CMD} CONFIG_${simple}=y >> ${CFG} +. endif +.endfor +.for item in READLINE PEERKEY + @${ECHO_CMD} CONFIG_${item}=y >> ${CFG} +.endfor +.if ${PORT_OPTIONS:MIEEE80211AC} || ${PORT_OPTIONS:MIEEE80211N} + @${ECHO_CMD} CONFIG_AP=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MGPSK} + # GPSK desired, assume highest SHA desired too + @${ECHO_CMD} CONFIG_EAP_GPSK_SHA256=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MWPS_NOREG} + @${ECHO_CMD} CONFIG_WPS_REG_DISABLE_OPEN=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MDELAYED_MIC} + @${ECHO_CMD} CONFIG_DELAYED_MIC_ERROR_REPORT=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MDBUS} + @${ECHO_CMD} CONFIG_CTRL_IFACE_DBUS_NEW=y >> ${CFG} + @${ECHO_CMD} CONFIG_CTRL_IFACE_DBUS_INTRO=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MMATCH} + @${ECHO_CMD} CONFIG_MATCH_IFACE=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MUSIM_SIMULATOR} + @${ECHO_CMD} CONFIG_USIM_SIMULATOR=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MSIM_SIMULATOR} + @${ECHO_CMD} CONFIG_SIM_SIMULATOR=y >> ${CFG} +.endif + @${ECHO_CMD} CONFIG_OS=unix >> ${CFG} + @${ECHO_CMD} CONFIG_CTRL_IFACE=unix >> ${CFG} + @${ECHO_CMD} CONFIG_BACKEND=file >> ${CFG} + @${ECHO_CMD} CONFIG_L2_PACKET=freebsd >> ${CFG} + @${ECHO_CMD} CONFIG_TLS=openssl >> ${CFG} + +post-build-EAPOL_TEST-on: + cd ${BUILD_WRKSRC} && ${GMAKE} eapol_test + +do-install: + (cd ${BUILD_WRKSRC} && ${INSTALL_PROGRAM} wpa_supplicant wpa_cli \ + wpa_passphrase ${STAGEDIR}${PREFIX}/sbin) + ${INSTALL_DATA} ${BUILD_WRKSRC}/wpa_supplicant.conf \ + ${STAGEDIR}${PREFIX}/etc/wpa_supplicant.conf.sample + +do-install-EAPOL_TEST-on: + ${INSTALL_PROGRAM} ${BUILD_WRKSRC}/eapol_test ${STAGEDIR}${PREFIX}/sbin + +do-install-DOCS-on: + @${MKDIR} ${STAGEDIR}${DOCSDIR} + (cd ${BUILD_WRKSRC} && \ + ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR}) + +do-install-PRIVSEP-on: + ${INSTALL_PROGRAM} ${BUILD_WRKSRC}/wpa_priv ${STAGEDIR}${PREFIX}/sbin + +do-install-DBUS-on: + @${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/ + @${MKDIR} ${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/ + ${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/fi.w1.wpa_supplicant1.service \ + ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/ + ${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/dbus-wpa_supplicant.conf \ + ${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/ + +.include diff --git a/security/wpa_supplicant29/distinfo b/security/wpa_supplicant29/distinfo new file mode 100644 index 000000000000..ecea4c5cfca6 --- /dev/null +++ b/security/wpa_supplicant29/distinfo @@ -0,0 +1,11 @@ +TIMESTAMP = 1615939959 +SHA256 (wpa_supplicant-2.9.tar.gz) = fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17 +SIZE (wpa_supplicant-2.9.tar.gz) = 3231785 +SHA256 (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7 +SIZE (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 5909 +SHA256 (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 49feb35a5276279b465f6836d6fa2c6b34d94dc979e8b840d1918865c04260de +SIZE (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 2284 +SHA256 (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a +SIZE (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = 1553 *** 931 LINES SKIPPED ***