Revive security/wpa_supplicant after 6.5 years => version 2.3

This port was retired at version 0.3.8 because wpa_supplicant is
part of FreeBSD base.  However, the last few releases have had a period
of only a few months, so the base is always going to be behind.  DragonFly
is also affected, so I'm bringing the port back at the latest version.

It features the same patches as FreeBSD including the conversion to use
libutil's pidfile routines.  There are some additional patches for
DragonFly support and to fix some bugs from the 9 Oct 2014 release.

The WPA Supplicant build system has been converted to ports options, and
there are dozens of them.  I've set the defaults to match the
configuration in base and verified that it builds with all options
selected at once.

MOVED

@@ -130,7 +130,6 @@ misc/kde3-i18n-id||2008-04-25|Has expired: Distfile no longer available, outdate
 net/dhcp-agent||2008-04-25|Has expired: Dhcp-agent has not been updated since 2003, it does not build with guile-1.8, and it is unmaintained
 net/ocaml-netclient||2008-04-25|Has expired: is part of ocaml-net
 graphics/entice||2008-04-25|Has expired: Broken and unmaintained
-security/wpa_supplicant||2008-04-26|Obsolete, newer version in base
 games/glpuzzle|games/jigzo|2008-04-28|Project renamed
 ftp/greed||2008-04-29|Has expired: No longer maintained
 x11-themes/gnome-industrial-theme||2008-04-29|Has expired: gnome-themes-extras no longer has industrial engine

security/Makefile

@@ -1011,6 +1011,7 @@
     SUBDIR += webshag
     SUBDIR += whatweb
     SUBDIR += wipe
+    SUBDIR += wpa_supplicant
     SUBDIR += xca
     SUBDIR += xinetd
     SUBDIR += xml-security

security/wpa_supplicant/Makefile

@@ -0,0 +1,159 @@
+# $FreeBSD$
+
+PORTNAME=	wpa_supplicant
+PORTVERSION=	2.3
+CATEGORIES=	security net
+MASTER_SITES=	http://w1.fi/releases/
+
+MAINTAINER=	marino@FreeBSD.org
+COMMENT=	Supplicant (client) for WPA/802.1x protocols
+
+USES=		gmake readline
+USE_OPENSSL=	yes
+BUILD_WRKSRC=	${WRKSRC}/wpa_supplicant
+INSTALL_WRKSRC=	${WRKSRC}/src
+LDFLAGS=	-lutil
+
+SUB_FILES=	pkg-message
+PLIST_FILES=	sbin/wpa_supplicant \
+		sbin/wpa_passphrase \
+		sbin/wpa_cli \
+		sbin/wpa_priv \
+		"@sample etc/wpa_supplicant.conf.sample"
+PORTDOCS=	README ChangeLog
+
+CFG=		${BUILD_WRKSRC}/.config
+
+OPTIONS_MULTI=		DRV EAP
+OPTIONS_MULTI_DRV=	BSD WIRED NDIS TEST NONE #ROBOSWITCH
+OPTIONS_MULTI_EAP=	TLS PEAP TTLS MD5 MSCHAPv2 GTC LEAP OTP PSK FAST \
+			SIM PWD PAX AKA AKA_PRIME SAKE GPSK TNC IKEv2 EKE
+OPTIONS_DEFINE=		WPS WPS_ER WPS_NOREG WPS_NFC PKCS12 SMARTCARD \
+			HT_OVERRIDES VHT_OVERRIDES TLSV12 IEEE80211W \
+			IEEE80211R DEBUG_FILE DEBUG_SYSLOG PRIVSEP \
+			DELAYED_MIC IEEE80211N IEEE80211AC INTERWORKING \
+			HS20 NO_ROAMING P2P TDLS
+OPTIONS_DEFAULT=	BSD WIRED NDIS \
+			TLS PEAP TTLS MD5 MSCHAPv2 GTC LEAP OTP PSK \
+			WPS PKCS12 SMARTCARD IEEE80211R DEBUG_SYSLOG PRIVSEP \
+			INTERWORKING HS20
+
+WPS_DESC=		Wi-Fi Protected Setup
+WPS_ER_DESC=		Enable WPS External Registrar
+WPS_NOREG_DESC=		Disable open network credentials when registrar
+WPS_NFC_DESC=		Near Field Communication (NFC) configuration
+PKCS12_DESC=		PKCS\#12 (PFS) support
+SMARTCARD_DESC=		Private key on smartcard support
+HT_OVERRIDES_DESC=	Disable HT/HT40, mask MCS rates, etc
+VHT_OVERRIDES_DESC=	Disable VHT, mask MCS rates, etc
+TLSV12_DESC=		Build with TLS v1.2 instead of TLS v1.0
+IEEE80211AC_DESC=	Very High Throughput, AP mode (IEEE 802.11ac)
+IEEE80211N_DESC=	High Throughput, AP mode (IEEE 802.11n)
+IEEE80211R_DESC=	Fast BSS Transition (IEEE 802.11r-2008)
+IEEE80211W_DESC=	Management Frame Protection (IEEE 802.11w)
+DEBUG_FILE_DESC=	Support for writing debug log to a file
+DEBUG_SYSLOG_DESC=	Send debug messages to syslog instead of stdout
+PRIVSEP_DESC=		Privilege separation
+DELAYED_MIC_DESC=	Mitigate TKIP attack, random delay on MIC errors
+INTERWORKING_DESC=	Improve ext. network interworking (IEEE 802.11u)
+HS20_DESC=		Hotspot 2.0
+NO_ROAMING_DESC=	Disable roaming
+P2P_DESC=		Peer-to-Peer support
+TDLS_DESC=		Tunneled Direct Link Setup
+
+DRV_DESC=		Driver options
+BSD_DESC=		BSD net80211 interface
+NDIS_DESC=		Windows NDIS interface
+WIRED_DESC=		Wired ethernet interface
+ROBOSWITCH_DESC=	Broadcom Roboswitch interface
+TEST_DESC=		Development testing interface
+NONE_DESC=		The 'no driver' interface, e.g. WPS ER only
+
+EAP_DESC=		Extensible Authentication Protocols
+TLS_DESC=		Transport Layer Security
+PEAP_DESC=		Protected Extensible Authentication Protocol
+TTLS_DESC=		Tunneled Transport Layer Security
+MD5_DESC=		MD5 hash (deprecated, no key generation)
+MSCHAPv2_DESC=		Microsoft CHAP version 2 (RFC 2759)
+GTC_DESC=		Generic Token Card
+LEAP_DESC=		Lightweight Extensible Authentication Protocol
+OTP_DESC=		One-Time Password
+PSK_DESC=		Pre-Shared key
+FAST_DESC=		Flexible Authentication via Secure Tunneling
+AKA_DESC=		Autentication and Key Agreement (UMTS)
+AKA_PRIME_DESC=		AKA Prime variant (RFC 5448)
+EKE_DESC=		Encrypted Key Exchange
+SIM_DESC=		Subscriber Identity Module
+IKEv2_DESC=		Internet Key Exchange version 2
+PWD_DESC=		Shared password (RFC 5931)
+PAX_DESC=		Password Authenticated Exchange
+SAKE_DESC=		Shared-Secret Authentication & Key Establishment
+GPSK_DESC=		Generalized Pre-Shared Key
+TNC_DESC=		Trusted Network Connect
+
+.include <bsd.port.options.mk>
+
+.if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME}
+LIB_DEPENDS+=	libpcsclite.so:${PORTSDIR}/devel/pcsc-lite
+CFLAGS+=	-I${LOCALBASE}/include/PCSC
+LDFLAGS+=	-L${LOCALBASE}/lib
+.endif
+
+post-patch:
+	${CP} ${FILESDIR}/Packet32.[ch] ${FILESDIR}/ntddndis.h \
+		${WRKSRC}/src/utils
+	# Set driver(s)
+.for item in BSD NDIS WIRED ROBOSWITCH TEST NONE
+.  if ${PORT_OPTIONS:M${item}}
+	@${ECHO} CONFIG_DRIVER_${item}=y >> ${CFG}
+.  endif
+.endfor
+	# Set EAP protocol(s)
+.for item in MD5 MSCHAPv2 TLS PEAP TTLS FAST GTC OTP PSK PWD PAX LEAP SIM \
+	AKA AKA_PRIME SAKE GPSK TNC IKEv2 EKE
+.  if ${PORT_OPTIONS:M${item}}
+	@${ECHO} CONFIG_EAP_${item:tu}=y >> ${CFG}
+.  endif
+.endfor
+.if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME}
+	@${ECHO} CONFIG_PCSC=y >> ${CFG}
+.endif
+.for simple in WPS WPS_ER WPS_NFC PKCS12 SMARTCARD HT_OVERRIDES \
+	VHT_OVERRIDES TLSV12 IEEE80211AC IEEE80211N IEEE80211R IEEE80211W \
+	INTERWORKING DEBUG_FILE DEBUG_SYSLOG HS20 NO_ROAMING PRIVSEP P2P TDLS
+.  if ${PORT_OPTIONS:M${simple}}
+	@${ECHO} CONFIG_${simple}=y >> ${CFG}
+.  endif
+.endfor
+.for item in READLINE PEERKEY
+	@${ECHO} CONFIG_${item}=y >> ${CFG}
+.endfor
+.if ${PORT_OPTIONS:MIEEE80211AC} || ${PORT_OPTIONS:MIEEE80211N}
+	@${ECHO} CONFIG_AP=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MGPSK}
+	# GPSK desired, assume highest SHA desired too
+	@${ECHO} CONFIG_EAP_GPSK_SHA256=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MWPS_NOREG}
+	@${ECHO} CONFIG_WPS_REG_DISABLE_OPEN=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MDELAYED_MIC}
+	@${ECHO} CONFIG_DELAYED_MIC_ERROR_REPORT=y >> ${CFG}
+.endif
+	@${ECHO} CONFIG_OS=unix >> ${CFG}
+	@${ECHO} CONFIG_CTRL_IFACE=unix >> ${CFG}
+	@${ECHO} CONFIG_BACKEND=file >> ${CFG}
+	@${ECHO} CONFIG_L2_PACKET=freebsd >> ${CFG}
+	@${ECHO} CONFIG_TLS=openssl >> ${CFG}
+
+do-install:
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	(cd ${BUILD_WRKSRC} && ${INSTALL_PROGRAM} wpa_supplicant wpa_cli \
+		wpa_passphrase wpa_priv ${STAGEDIR}${PREFIX}/sbin)
+	${INSTALL_DATA} ${BUILD_WRKSRC}/wpa_supplicant.conf \
+		${STAGEDIR}${PREFIX}/etc/wpa_supplicant.conf.sample
+	(cd ${BUILD_WRKSRC} && \
+		${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR})
+
+.include <bsd.port.mk>

security/wpa_supplicant/distinfo

@@ -0,0 +1,2 @@
+SHA256 (wpa_supplicant-2.3.tar.gz) = eaaa5bf3055270e521b2dff64f2d203ec8040f71958b8588269a82c00c9d7b6a
+SIZE (wpa_supplicant-2.3.tar.gz) = 2398722

security/wpa_supplicant/files/Packet32.c

@@ -0,0 +1,366 @@
+/*-
+ * Copyright (c) 2005
+ *      Bill Paul <wpaul@windriver.com>.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Bill Paul.
+ * 4. Neither the name of the author nor the names of any co-contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file implements a small portion of the Winpcap API for the
+ * Windows NDIS interface in wpa_supplicant. It provides just enough
+ * routines to fool wpa_supplicant into thinking it's really running
+ * in a Windows environment.
+ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <sys/errno.h>
+#include <sys/sysctl.h>
+#include <sys/fcntl.h>
+#include <net/if.h>
+#include <net/if_dl.h>
+#include <net/if_var.h>
+
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <net/route.h>
+
+#ifdef __FreeBSD__
+#include <net80211/ieee80211_ioctl.h>
+#endif
+#ifdef __DragonFly__
+#include <netproto/802_11/ieee80211_ioctl.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <pcap.h>
+
+#include "Packet32.h"
+
+#define OID_802_11_ADD_KEY      0x0d01011D
+
+typedef ULONGLONG NDIS_802_11_KEY_RSC;
+typedef UCHAR NDIS_802_11_MAC_ADDRESS[6];
+
+typedef struct NDIS_802_11_KEY {
+	ULONG Length;
+	ULONG KeyIndex;
+	ULONG KeyLength;
+	NDIS_802_11_MAC_ADDRESS BSSID;
+	NDIS_802_11_KEY_RSC KeyRSC;
+	UCHAR KeyMaterial[1];
+} NDIS_802_11_KEY;
+
+typedef struct NDIS_802_11_KEY_COMPAT {
+	ULONG Length;
+	ULONG KeyIndex;
+	ULONG KeyLength;
+	NDIS_802_11_MAC_ADDRESS BSSID;
+	UCHAR Pad[6]; /* Make struct layout match Windows. */
+	NDIS_802_11_KEY_RSC KeyRSC;
+#ifdef notdef
+	UCHAR KeyMaterial[1];
+#endif
+} NDIS_802_11_KEY_COMPAT;
+
+#define TRUE 1
+#define FALSE 0
+
+struct adapter {
+	int			socket;
+	char			name[IFNAMSIZ];
+	int			prev_roaming;
+};
+
+PCHAR
+PacketGetVersion(void)
+{
+	return("FreeBSD WinPcap compatibility shim v1.0");
+}
+
+void *
+PacketOpenAdapter(CHAR *iface)
+{
+	struct adapter		*a;
+	int			s;
+	int			ifflags;
+	struct ifreq		ifr;
+	struct ieee80211req	ireq;
+
+	s = socket(PF_INET, SOCK_DGRAM, 0);
+
+	if (s == -1)
+		return(NULL);
+
+	a = malloc(sizeof(struct adapter));
+	if (a == NULL)
+		return(NULL);
+
+	a->socket = s;
+	if (strncmp(iface, "\\Device\\NPF_", 12) == 0)
+		iface += 12;
+	else if (strncmp(iface, "\\DEVICE\\", 8) == 0)
+		iface += 8;
+	snprintf(a->name, IFNAMSIZ, "%s", iface);
+
+	/* Turn off net80211 roaming */
+	bzero((char *)&ireq, sizeof(ireq));
+	strncpy(ireq.i_name, iface, sizeof (ifr.ifr_name));
+	ireq.i_type = IEEE80211_IOC_ROAMING;
+	if (ioctl(a->socket, SIOCG80211, &ireq) == 0) {
+		a->prev_roaming = ireq.i_val;
+		ireq.i_val = IEEE80211_ROAMING_MANUAL;
+		if (ioctl(a->socket, SIOCS80211, &ireq) < 0)
+			fprintf(stderr,
+			    "Could not set IEEE80211_ROAMING_MANUAL\n");
+	}
+
+	bzero((char *)&ifr, sizeof(ifr));
+        strncpy(ifr.ifr_name, iface, sizeof (ifr.ifr_name));
+        if (ioctl(a->socket, SIOCGIFFLAGS, (caddr_t)&ifr) < 0) {
+		free(a);
+		close(s);
+		return(NULL);
+        }
+        ifr.ifr_flags |= IFF_UP;
+        if (ioctl(a->socket, SIOCSIFFLAGS, (caddr_t)&ifr) < 0) {
+		free(a);
+		close(s);
+		return(NULL);
+        }
+
+	return(a);
+}
+
+int
+PacketRequest(void *iface, BOOLEAN set, PACKET_OID_DATA *oid)
+{
+	struct adapter		*a;
+	uint32_t		retval;
+	struct ifreq		ifr;
+	NDIS_802_11_KEY		*old;
+	NDIS_802_11_KEY_COMPAT	*new;
+	PACKET_OID_DATA		*o = NULL;
+
+	if (iface == NULL)
+		return(-1);
+
+	a = iface;
+	bzero((char *)&ifr, sizeof(ifr));
+
+	/*
+	 * This hack is necessary to work around a difference
+	 * betwee the GNU C and Microsoft C compilers. The NDIS_802_11_KEY
+	 * structure has a uint64_t in it, right after an array of
+	 * chars. The Microsoft compiler inserts padding right before
+	 * the 64-bit value to align it on a 64-bit boundary, but
+	 * GCC only aligns it on a 32-bit boundary. Trying to pass
+	 * the GCC-formatted structure to an NDIS binary driver
+	 * fails because some of the fields appear to be at the
+	 * wrong offsets.
+	 *
+	 * To get around this, if we detect someone is trying to do
+	 * a set operation on OID_802_11_ADD_KEY, we shuffle the data
+	 * into a properly padded structure and pass that into the
+	 * driver instead. This allows the driver_ndis.c code supplied
+	 * with wpa_supplicant to work unmodified.
+	 */
+
+	if (set == TRUE && oid->Oid == OID_802_11_ADD_KEY) {
+		old = (NDIS_802_11_KEY *)&oid->Data;
+		o = malloc(sizeof(PACKET_OID_DATA) +
+		    sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength);
+		if (o == NULL)
+			return(0);
+		bzero((char *)o, sizeof(PACKET_OID_DATA) +
+		    sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength);
+		o->Oid = oid->Oid;
+		o->Length = sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength;
+		new = (NDIS_802_11_KEY_COMPAT *)&o->Data;
+		new->KeyRSC = old->KeyRSC;
+		new->Length = o->Length;
+		new->KeyIndex = old->KeyIndex;
+		new->KeyLength = old->KeyLength;
+		bcopy(old->BSSID, new->BSSID, sizeof(NDIS_802_11_MAC_ADDRESS));
+		bcopy(old->KeyMaterial, (char *)new +
+		    sizeof(NDIS_802_11_KEY_COMPAT), new->KeyLength);
+        	ifr.ifr_data = (caddr_t)o;
+	} else
+        	ifr.ifr_data = (caddr_t)oid;
+
+        strlcpy(ifr.ifr_name, a->name, sizeof(ifr.ifr_name));
+
+	if (set == TRUE)
+		retval = ioctl(a->socket, SIOCSDRVSPEC, &ifr);
+	else
+		retval = ioctl(a->socket, SIOCGDRVSPEC, &ifr);
+
+	if (o != NULL)
+		free(o);
+
+	if (retval)
+		return(0);
+
+	return(1);
+}
+
+int
+PacketGetAdapterNames(CHAR *namelist, ULONG *len)
+{
+	int			mib[6];
+	size_t			needed;
+	struct if_msghdr	*ifm;
+	struct sockaddr_dl	*sdl;
+	char			*buf, *lim, *next;
+	char			*plist;
+	int			spc;
+	int			i, ifcnt = 0;
+
+	plist = namelist;
+	spc = 0;
+
+	bzero(plist, *len);
+
+	needed = 0;
+	mib[0] = CTL_NET;
+	mib[1] = PF_ROUTE;
+	mib[2] = 0;             /* protocol */
+	mib[3] = 0;             /* wildcard address family */
+	mib[4] = NET_RT_IFLIST;
+	mib[5] = 0;             /* no flags */
+
+	if (sysctl (mib, 6, NULL, &needed, NULL, 0) < 0)
+		return(FALSE);
+
+	buf = malloc (needed);
+	if (buf == NULL)
+		return(FALSE);
+
+	if (sysctl (mib, 6, buf, &needed, NULL, 0) < 0) {
+		free(buf);
+		return(FALSE);
+	}
+
+	lim = buf + needed;
+
+	/* Generate interface name list. */
+
+	next = buf;
+	while (next < lim) {
+		ifm = (struct if_msghdr *)next;
+		if (ifm->ifm_type == RTM_IFINFO) {
+			sdl = (struct sockaddr_dl *)(ifm + 1);
+			if (strnstr(sdl->sdl_data, "wlan", sdl->sdl_nlen)) {
+				if ((spc + sdl->sdl_nlen) > *len) {
+					free(buf);
+					return(FALSE);
+				}
+				strncpy(plist, sdl->sdl_data, sdl->sdl_nlen);
+				plist += (sdl->sdl_nlen + 1);
+				spc += (sdl->sdl_nlen + 1);
+				ifcnt++;
+			}
+		}
+		next += ifm->ifm_msglen;
+	}
+
+
+	/* Insert an extra "" as a spacer */
+
+	plist++;
+	spc++;
+
+	/*
+	 * Now generate the interface description list. There
+	 * must be a unique description for each interface, and
+	 * they have to match what the ndis_events program will
+	 * feed in later. To keep this simple, we just repeat
+	 * the interface list over again.
+	 */
+
+	next = buf;
+	while (next < lim) {
+		ifm = (struct if_msghdr *)next;
+		if (ifm->ifm_type == RTM_IFINFO) {
+			sdl = (struct sockaddr_dl *)(ifm + 1);
+			if (strnstr(sdl->sdl_data, "wlan", sdl->sdl_nlen)) {
+				if ((spc + sdl->sdl_nlen) > *len) {
+					free(buf);
+					return(FALSE);
+				}
+				strncpy(plist, sdl->sdl_data, sdl->sdl_nlen);
+				plist += (sdl->sdl_nlen + 1);
+				spc += (sdl->sdl_nlen + 1);
+				ifcnt++;
+			}
+		}
+		next += ifm->ifm_msglen;
+	}
+
+	free (buf);
+
+	*len = spc + 1;
+
+	return(TRUE);
+}
+
+void
+PacketCloseAdapter(void *iface)
+{	
+	struct adapter		*a;
+	struct ifreq		ifr;
+	struct ieee80211req	ireq;
+
+	if (iface == NULL)
+		return;
+
+	a = iface;
+
+	/* Reset net80211 roaming */
+	bzero((char *)&ireq, sizeof(ireq));
+	strncpy(ireq.i_name, a->name, sizeof (ifr.ifr_name));
+	ireq.i_type = IEEE80211_IOC_ROAMING;
+	ireq.i_val = a->prev_roaming;
+	ioctl(a->socket, SIOCS80211, &ireq);
+
+	bzero((char *)&ifr, sizeof(ifr));
+        strncpy(ifr.ifr_name, a->name, sizeof (ifr.ifr_name));
+        ioctl(a->socket, SIOCGIFFLAGS, (caddr_t)&ifr);
+        ifr.ifr_flags &= ~IFF_UP;
+        ioctl(a->socket, SIOCSIFFLAGS, (caddr_t)&ifr);
+	close(a->socket);
+	free(a);
+
+	return;
+}

security/wpa_supplicant/files/Packet32.h

@@ -0,0 +1,65 @@
+/*-
+ * Copyright (c) 2005
+ *      Bill Paul <wpaul@windriver.com>.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Bill Paul.
+ * 4. Neither the name of the author nor the names of any co-contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _PACKET32_H_
+#define _PACKET32_H_
+
+#include <sys/types.h>
+#include <ntddndis.h>
+
+struct PACKET_OID_DATA {
+	uint32_t		Oid;
+	uint32_t		Length;
+	uint8_t			Data[1];
+};
+
+
+typedef struct PACKET_OID_DATA PACKET_OID_DATA;
+
+extern PCHAR PacketGetVersion(void);
+extern void *PacketOpenAdapter(CHAR *);
+extern int PacketRequest(void *, BOOLEAN, PACKET_OID_DATA *);
+extern int PacketGetAdapterNames(CHAR *, ULONG *);
+extern void PacketCloseAdapter(void *);
+
+/*
+ * This is for backwards compatibility on FreeBSD 5.
+ */
+
+#ifndef SIOCGDRVSPEC
+#define SIOCSDRVSPEC	_IOW('i', 123, struct ifreq)	/* set driver-specific
+								parameters */
+#define SIOCGDRVSPEC	_IOWR('i', 123, struct ifreq)	/* get driver-specific
+								parameters */
+#endif
+
+#endif /* _PACKET32_H_ */

security/wpa_supplicant/files/ntddndis.h

@@ -0,0 +1,28 @@
+#ifndef _NTDDNDIS_H_
+#define _NTDDNDIS_H_
+
+/*
+ * Fake up some of the Windows type definitions so that the NDIS
+ * interface module in wpa_supplicant will build.
+ */
+
+#define ULONG uint32_t
+#define USHORT uint16_t
+#define UCHAR uint8_t
+#define LONG int32_t
+#define SHORT int16_t
+#define CHAR int8_t
+#define ULONGLONG uint64_t
+#define LONGLONG int64_t
+#define BOOLEAN uint8_t
+typedef void * LPADAPTER;
+typedef char * PTSTR;
+typedef char * PCHAR;
+
+#define TRUE 1
+#define FALSE 0
+
+#define OID_802_3_CURRENT_ADDRESS               0x01010102
+#define OID_802_3_MULTICAST_LIST                0x01010103
+
+#endif /* _NTDDNDIS_H_ */

security/wpa_supplicant/files/patch-src-l2_packet-l2_packet_freebsd.c

@@ -0,0 +1,14 @@
+--- src/l2_packet/l2_packet_freebsd.c.orig	2014-06-04 13:26:14 UTC
++++ src/l2_packet/l2_packet_freebsd.c
+@@ -8,7 +8,10 @@
+  */
+ 
+ #include "includes.h"
+-#if defined(__APPLE__) || defined(__GLIBC__)
++#if defined(__FreeBSD__) \
++ || defined(__DragonFly__) \
++ || defined(__APPLE__) \
++ || defined(__GLIBC__)
+ #include <net/bpf.h>
+ #endif /* __APPLE__ */
+ #include <pcap.h>

security/wpa_supplicant/files/patch-src_drivers_driver__privsep.c

@@ -0,0 +1,20 @@
+--- src/drivers/driver_privsep.c.orig	2014-10-09 14:41:31 UTC
++++ src/drivers/driver_privsep.c
+@@ -228,7 +228,7 @@ static int wpa_driver_privsep_associate(
+ 
+ 	wpa_printf(MSG_DEBUG, "%s: priv=%p freq=%d pairwise_suite=%d "
+ 		   "group_suite=%d key_mgmt_suite=%d auth_alg=%d mode=%d",
+-		   __func__, priv, params->freq, params->pairwise_suite,
++		   __func__, priv, params->freq.freq, params->pairwise_suite,
+ 		   params->group_suite, params->key_mgmt_suite,
+ 		   params->auth_alg, params->mode);
+ 
+@@ -241,7 +241,7 @@ static int wpa_driver_privsep_associate(
+ 		os_memcpy(data->bssid, params->bssid, ETH_ALEN);
+ 	os_memcpy(data->ssid, params->ssid, params->ssid_len);
+ 	data->ssid_len = params->ssid_len;
+-	data->freq = params->freq;
++	data->freq = params->freq.freq;
+ 	data->pairwise_suite = params->pairwise_suite;
+ 	data->group_suite = params->group_suite;
+ 	data->key_mgmt_suite = params->key_mgmt_suite;

security/wpa_supplicant/files/patch-src_utils_os__unix.c

@@ -0,0 +1,62 @@
+--- src/utils/os_unix.c.orig	2014-10-09 14:41:31 UTC
++++ src/utils/os_unix.c
+@@ -190,17 +190,42 @@ static int os_daemon(int nochdir, int no
+ #define os_daemon daemon
+ #endif /* __APPLE__ */
+ 
++#if defined(__FreeBSD__) || defined(__DragonFly__)
++#define FREE_DRAGON
++#include <err.h>
++#include <libutil.h>
++#include <stdint.h>
++#endif /* __FreeBSD__ || __DragonFly__ */
+ 
+ int os_daemonize(const char *pid_file)
+ {
+ #if defined(__uClinux__) || defined(__sun__)
+ 	return -1;
+ #else /* defined(__uClinux__) || defined(__sun__) */
++#ifdef FREE_DRAGON
++	pid_t otherpid;
++	struct pidfh *pfh;
++
++	pfh = pidfile_open(pid_file, 0600, &otherpid);
++	if (pfh == NULL) {
++		if (errno == EEXIST) {
++			errx(1, "Daemon already running, pid: %jd.",
++			    (intmax_t)otherpid);
++		}
++		warn("Cannot open or create pidfile.");
++	}
++#endif /* FREE_DRAGON */
+ 	if (os_daemon(0, 0)) {
+ 		perror("daemon");
++#ifdef FREE_DRAGON
++		pidfile_remove(pfh);
++#endif /* FREE_DRAGON */
+ 		return -1;
+ 	}
+ 
++#ifdef FREE_DRAGON
++	pidfile_write(pfh);
++#else
+ 	if (pid_file) {
+ 		FILE *f = fopen(pid_file, "w");
+ 		if (f) {
+@@ -208,6 +233,7 @@ int os_daemonize(const char *pid_file)
+ 			fclose(f);
+ 		}
+ 	}
++#endif /* FREE_DRAGON */
+ 
+ 	return -0;
+ #endif /* defined(__uClinux__) || defined(__sun__) */
+@@ -360,7 +386,7 @@ int os_setenv(const char *name, const ch
+ 
+ int os_unsetenv(const char *name)
+ {
+-#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__APPLE__) || \
++#if defined(FREE_DRAGON) || defined(__NetBSD__) || defined(__APPLE__) || \
+     defined(__OpenBSD__)
+ 	unsetenv(name);
+ 	return 0;

security/wpa_supplicant/files/patch-src_wps_wps__upnp.c

@@ -0,0 +1,22 @@
+--- src/wps/wps_upnp.c.orig	2014-10-09 14:41:31 UTC
++++ src/wps/wps_upnp.c
+@@ -829,7 +829,8 @@ fail:
+ }
+ 
+ 
+-#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
++#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
++ || defined(__DragonFly__)
+ #include <sys/sysctl.h>
+ #include <net/route.h>
+ #include <net/if_dl.h>
+@@ -916,7 +917,8 @@ int get_netif_info(const char *net_if, u
+ 		goto fail;
+ 	}
+ 	os_memcpy(mac, req.ifr_addr.sa_data, 6);
+-#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
++#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
++   || defined(__DragonFly__)
+ 	if (eth_get(net_if, mac) < 0) {
+ 		wpa_printf(MSG_ERROR, "WPS UPnP: Failed to get MAC address");
+ 		goto fail;

security/wpa_supplicant/files/patch-wpa__supplicant_Makefile

@@ -0,0 +1,14 @@
+--- wpa_supplicant/Makefile.orig	2014-10-09 14:41:31 UTC
++++ wpa_supplicant/Makefile
+@@ -97,6 +97,11 @@ OBJS += ../src/utils/os_$(CONFIG_OS).o
+ OBJS_p += ../src/utils/os_$(CONFIG_OS).o
+ OBJS_c += ../src/utils/os_$(CONFIG_OS).o
+ 
++ifdef CONFIG_DRIVER_NDIS
++OBJS += ../src/utils/Packet32.o ../src/drivers/driver_ndis.o
++OBJS_priv += ../src/utils/Packet32.o
++endif
++
+ ifdef CONFIG_WPA_TRACE
+ CFLAGS += -DWPA_TRACE
+ OBJS += ../src/utils/trace.o

security/wpa_supplicant/files/patch-wpa__supplicant_scan.c

@@ -0,0 +1,31 @@
+--- wpa_supplicant/scan.c.orig	2014-10-09 14:41:31 UTC
++++ wpa_supplicant/scan.c
+@@ -1548,7 +1548,7 @@ struct wpabuf * wpa_scan_get_vendor_ie_m
+ static int wpa_scan_result_compar(const void *a, const void *b)
+ {
+ #define IS_5GHZ(n) (n > 4000)
+-#define MIN(a,b) a < b ? a : b
++#define MINAB(a,b) a < b ? a : b
+ 	struct wpa_scan_res **_wa = (void *) a;
+ 	struct wpa_scan_res **_wb = (void *) b;
+ 	struct wpa_scan_res *wa = *_wa;
+@@ -1577,8 +1577,8 @@ static int wpa_scan_result_compar(const 
+ 
+ 	if ((wa->flags & wb->flags & WPA_SCAN_LEVEL_DBM) &&
+ 	    !((wa->flags | wb->flags) & WPA_SCAN_NOISE_INVALID)) {
+-		snr_a = MIN(wa->level - wa->noise, GREAT_SNR);
+-		snr_b = MIN(wb->level - wb->noise, GREAT_SNR);
++		snr_a = MINAB(wa->level - wa->noise, GREAT_SNR);
++		snr_b = MINAB(wb->level - wb->noise, GREAT_SNR);
+ 	} else {
+ 		/* Not suitable information to calculate SNR, so use level */
+ 		snr_a = wa->level;
+@@ -1604,7 +1604,7 @@ static int wpa_scan_result_compar(const 
+ 	if (snr_b == snr_a)
+ 		return wb->qual - wa->qual;
+ 	return snr_b - snr_a;
+-#undef MIN
++#undef MINAB
+ #undef IS_5GHZ
+ }
+ 

security/wpa_supplicant/files/patch-wpa__supplicant_wpa__priv.c

@@ -0,0 +1,37 @@
+--- wpa_supplicant/wpa_priv.c.orig	2014-10-09 14:41:31 UTC
++++ wpa_supplicant/wpa_priv.c
+@@ -202,7 +202,7 @@ static void wpa_priv_cmd_associate(struc
+ 	if (assoc->ssid_len > 32)
+ 		return;
+ 	params.ssid_len = assoc->ssid_len;
+-	params.freq = assoc->freq;
++	params.freq.freq = assoc->freq;
+ 	if (assoc->wpa_ie_len) {
+ 		params.wpa_ie = (u8 *) (assoc + 1);
+ 		params.wpa_ie_len = assoc->wpa_ie_len;
+@@ -947,6 +947,7 @@ static void usage(void)
+ int main(int argc, char *argv[])
+ {
+ 	int c, i;
++	int eloop_initialized = 0;
+ 	int ret = -1;
+ 	char *pid_file = NULL;
+ 	int daemonize = 0;
+@@ -992,6 +993,7 @@ int main(int argc, char *argv[])
+ 		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
+ 		goto out;
+ 	}
++	else eloop_initialized = 1;
+ 
+ 	for (i = optind; i < argc; i++) {
+ 		wpa_printf(MSG_DEBUG, "Adding driver:interface %s", argv[i]);
+@@ -1018,7 +1020,8 @@ out:
+ 		wpa_priv_interface_deinit(prev);
+ 	}
+ 
+-	eloop_destroy();
++	if (eloop_initialized)
++		eloop_destroy();
+ 
+ 	os_daemonize_terminate(pid_file);
+ 	os_free(pid_file);

security/wpa_supplicant/files/pkg-message.in

@@ -0,0 +1,6 @@
+To use the ports version of WPA Supplicant instead of the base, add:
+
+    hostapd_program="%%PREFIX%%/sbin/wpa_supplicant"
+
+to /etc/rc.conf
+

security/wpa_supplicant/pkg-descr

@@ -0,0 +1,14 @@
+wpa_supplicant is a client (supplicant) with support for WPA and WPA2
+(IEEE 802.11i / RSN). It is suitable for both desktop/laptop computers and
+embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used
+in the client stations. It implements key negotiation with a WPA
+Authenticator and it controls the roaming and IEEE 802.11 authentication/
+association of the wlan driver.
+
+wpa_supplicant is designed to be a "daemon" program that runs in the
+background and acts as the backend component controlling the wireless
+connection. wpa_supplicant supports separate frontend programs and a
+text-based frontend (wpa_cli) and a GUI (wpa_gui) are included with
+wpa_supplicant.
+
+WWW: http://w1.fi/wpa_supplicant/