Port changes:
- Remove patches that have been incorporated upstream
- Add patches for LibreSSL support
Approved by: AMDmi3 (mentor)
Differential Revision: https://reviews.freebsd.org/D8451
A vulnerability was found in how hostapd and wpa_supplicant writes the
configuration file update for the WPA/WPA2 passphrase parameter. If this
parameter has been updated to include control characters either through
a WPS operation (CVE-2016-4476) or through local configuration change
over the wpa_supplicant control interface (CVE-2016-4477), the resulting
configuration file may prevent the hostapd and wpa_supplicant from
starting when the updated file is used. In addition for wpa_supplicant,
it may be possible to load a local library file and execute code from
there with the same privileges under which the wpa_supplicant process
runs.
These patches were developed upstream and published as a response
to the security advisories CVE-2016-4476 and CVE-2016-4477.
PR: 209564
Requested by: Sevan Janiyan
These patches address the following:
CVE-2015-5310
CVE-2015-5314
CVE-2015-5315
CVE-2015-5316
These patches were developed upstream and published as a response
to the security advisories.
PR: 208482
Requested by: Jason Unovitch
There was a vulnerability to the WPS_NFC option which is off by default.
The port is being bumped anyway since people using that option will want
the latest version.
PR: 201432
Submitted by: Jason Unovitch
These are combined upstream patches 2015-2, 2015-3, 2015-4
They address the following security advisories:
* CVE-2015-4141
* CVE-2015-4142
* CVE-2015-4143
* CVE-2015-4144
* CVE-2015-4145
* CVE-2015-4146
These advisories also apply to net/hostapd
PR: 200568
Submitted by: Jason Unovitch
DragonFly adopted it's "new" IEEE 802.11 infrastructure from FreeBSD.
This introduced an additional isr_meshid_len field in the
ieee80211req_scan_result structure. It is necessary to include this
additional offset when calculating the address of the IE data buffer.
Imre Vadasz introduced this fix to DragonFly on 01 Sept 2014, but a
similar fix doesn't appear to be present in FreeBSD's base wpa_supplicant.
It turns out the driver list was only showing "null" for NDIS when -h
(help) or an unknown switch was passed to wpa_supplicant. The cause is
that the NDIS driver is the only that that has to be initialized, and
the initialization wasn't occurring in the above case.
The fix is the move the NDIS driver initialization before the command
switches are examined in case wpa_supplicant aborts to usage early.
The NDIS driver didn't build when privsep option was turned off. Moveover,
it didn't display the driver name correctly, so I figured out a patch
based on base's ndis driver code. Thirdly, when privsep option is turned
off, wpa_priv is not built, so let's handle that condition.
Finally, remove privsep from default options because it removes the
standard list of drivers and replaces it with privsep driver.
This port was retired at version 0.3.8 because wpa_supplicant is
part of FreeBSD base. However, the last few releases have had a period
of only a few months, so the base is always going to be behind. DragonFly
is also affected, so I'm bringing the port back at the latest version.
It features the same patches as FreeBSD including the conversion to use
libutil's pidfile routines. There are some additional patches for
DragonFly support and to fix some bugs from the 9 Oct 2014 release.
The WPA Supplicant build system has been converted to ports options, and
there are dozens of them. I've set the defaults to match the
configuration in base and verified that it builds with all options
selected at once.
linked staticly. This allows it to be used from devd at startup. [1]
Use LIB_DEPENDS instead of BUILD_DEPENDS for the libdnet depend since we
need it to run too. [2]
My changes differ from the submitted fixes.
Submitted by: Darren Pilgrim <dmp at bitfreak dot org> [1]
Pawel Worach <pawel dot worach at gmail dot com> [2]
Also be sure to keep the path null terminated as Stevens does.
While I'm here, take maintainership since I use this and seem to be
making most of the recent commits.
- Install sample config file in etc/wpa_supplication.conf.sample instead
of DOCSDIR.
- Obey PREFIX.
- Follow move of binaries from bin to sbin.
Committed from a laptop running this version against an AP with WPA-PSK
and AES encription.
Submitted by: Yamamoto Shigeru <shigeru at iij dot ad dot jp>
PR: 75609 (by Rong-En Fan <rafan at infor dot org>)
- Remove now unnecessicary DISTNAME
- Add net to CATEGORIES
- Ditch the pkg-plist file in favor of PLIST_FILES, there were only
three lines in the plist
- Make the patch files relative to WRKSRC so we can drop PATCH_ARGS
- Install some documentation
- Bump PORTREVISION for new docs
