aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCy Schubert <cy@FreeBSD.org>2022-06-19 16:15:44 +0000
committerCy Schubert <cy@FreeBSD.org>2022-06-19 16:20:13 +0000
commit7150a0c9b1014e445a8266c9080d0bf4738dcc9c (patch)
treefdcd340621503708c4ba86a9ae30afba660be53a
parentbcb90c294a01866b504550f162496f5fd3109ebf (diff)
downloadports-7150a0c9b1014e445a8266c9080d0bf4738dcc9c.tar.gz
ports-7150a0c9b1014e445a8266c9080d0bf4738dcc9c.zip
*/*: Bring back wpa_supplicant29 and hostapd29 as new ports
The current wpa_supplicant and hostapd have an issue with AR9285. For the time being bring back wpa_supplicant 2.9 as security/wpa_supplicant29 and hostpd 2.9 as net/hostapd29 for those cases that have an issue with wpa_supplicant/hostpad2.10 (in base and in ports) PR: 264238 MFH: 2022Q2
-rw-r--r--net/Makefile1
-rw-r--r--net/hostapd29/Makefile46
-rw-r--r--net/hostapd29/distinfo9
-rw-r--r--net/hostapd29/files/config316
-rw-r--r--net/hostapd29/files/hostapd.in39
-rw-r--r--net/hostapd29/files/patch-src-l2_packet-l2_packet_freebsd.c14
-rw-r--r--net/hostapd29/files/patch-src_common_dhcp.h25
-rw-r--r--net/hostapd29/files/patch-src_drivers_driver__bsd.c60
-rw-r--r--net/hostapd29/files/patch-src_utils_os.h17
-rw-r--r--net/hostapd29/files/patch-src_utils_os__unix.c18
-rw-r--r--net/hostapd29/files/patch-src_wps_wps__upnp.c20
-rw-r--r--net/hostapd29/pkg-descr12
-rw-r--r--net/hostapd29/pkg-message10
-rw-r--r--security/Makefile1
-rw-r--r--security/wpa_supplicant29/Makefile229
-rw-r--r--security/wpa_supplicant29/distinfo11
-rw-r--r--security/wpa_supplicant29/files/Packet32.c366
-rw-r--r--security/wpa_supplicant29/files/Packet32.h65
-rw-r--r--security/wpa_supplicant29/files/ntddndis.h32
-rw-r--r--security/wpa_supplicant29/files/patch-src_common_dhcp.h25
-rw-r--r--security/wpa_supplicant29/files/patch-src_drivers_driver__bsd.c48
-rw-r--r--security/wpa_supplicant29/files/patch-src_drivers_driver__ndis.c89
-rw-r--r--security/wpa_supplicant29/files/patch-src_l2__packet_l2__packet__freebsd.c12
-rw-r--r--security/wpa_supplicant29/files/patch-src_radius_radius__client.c12
-rw-r--r--security/wpa_supplicant29/files/patch-src_wps_wps__upnp.c34
-rw-r--r--security/wpa_supplicant29/files/patch-wpa__supplicant_Makefile17
-rw-r--r--security/wpa_supplicant29/files/patch-wpa__supplicant_main.c33
-rw-r--r--security/wpa_supplicant29/files/patch-wpa__supplicant_wpa__supplicant.c16
-rw-r--r--security/wpa_supplicant29/files/pkg-message.in11
-rw-r--r--security/wpa_supplicant29/files/wpa_supplicant.in54
-rw-r--r--security/wpa_supplicant29/pkg-descr14
-rw-r--r--security/wpa_supplicant29/pkg-plist5
32 files changed, 1661 insertions, 0 deletions
diff --git a/net/Makefile b/net/Makefile
index 3475d13a59fc..0f567ab0361a 100644
--- a/net/Makefile
+++ b/net/Makefile
@@ -246,6 +246,7 @@
SUBDIR += hlmaster
SUBDIR += honeyd
SUBDIR += hostapd
+ SUBDIR += hostapd29
SUBDIR += hostapd-devel
SUBDIR += hping3
SUBDIR += hsflowd
diff --git a/net/hostapd29/Makefile b/net/hostapd29/Makefile
new file mode 100644
index 000000000000..a87a8ed33515
--- /dev/null
+++ b/net/hostapd29/Makefile
@@ -0,0 +1,46 @@
+# Created by: Craig Leres <leres@FreeBSD.org>
+
+PORTNAME= hostapd
+PORTVERSION= 2.9
+PORTREVISION= 4
+CATEGORIES= net
+MASTER_SITES= https://w1.fi/releases/
+
+PATCH_SITES= https://w1.fi/security/2020-1/
+PATCHFILES= 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch:-p1 \
+ 0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch:-p1 \
+ 0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch:-p1
+
+MAINTAINER= cy@FreeBSD.org
+COMMENT= IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
+
+LICENSE= BSD3CLAUSE
+
+USES= cpe gmake ssl
+CPE_VENDOR= w1.fi
+BUILD_WRKSRC= ${WRKSRC}/hostapd
+CFLAGS+= -I${OPENSSLINC}
+LDFLAGS+= -L${OPENSSLLIB}
+
+PLIST_FILES= sbin/hostapd sbin/hostapd_cli man/man1/hostapd_cli.1.gz \
+ man/man8/hostapd.8.gz
+.if !exists(/etc/rc.d/hostapd)
+USE_RC_SUBR= hostapd
+.endif
+
+post-patch:
+ @${REINPLACE_CMD} -e 's|@$$(E) " CC " $$<|@$$(E) " $$(CC) " $$<|' \
+ ${BUILD_WRKSRC}/Makefile
+ @${SED} -e 's|@PREFIX@|${PREFIX}|g' ${FILESDIR}/config \
+ >> ${WRKSRC}/hostapd/.config
+
+do-install:
+ ${INSTALL_PROGRAM} ${WRKSRC}/hostapd/hostapd ${STAGEDIR}${PREFIX}/sbin
+ ${INSTALL_PROGRAM} ${WRKSRC}/hostapd/hostapd_cli \
+ ${STAGEDIR}${PREFIX}/sbin
+ ${INSTALL_MAN} ${WRKSRC}/hostapd/hostapd_cli.1 \
+ ${STAGEDIR}${MANPREFIX}/man/man1
+ ${INSTALL_MAN} ${WRKSRC}/hostapd/hostapd.8 \
+ ${STAGEDIR}${MANPREFIX}/man/man8
+
+.include <bsd.port.mk>
diff --git a/net/hostapd29/distinfo b/net/hostapd29/distinfo
new file mode 100644
index 000000000000..c6fd159e26c4
--- /dev/null
+++ b/net/hostapd29/distinfo
@@ -0,0 +1,9 @@
+TIMESTAMP = 1591652140
+SHA256 (hostapd-2.9.tar.gz) = 881d7d6a90b2428479288d64233151448f8990ab4958e0ecaca7eeb3c9db2bd7
+SIZE (hostapd-2.9.tar.gz) = 2244312
+SHA256 (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7
+SIZE (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 5909
+SHA256 (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 49feb35a5276279b465f6836d6fa2c6b34d94dc979e8b840d1918865c04260de
+SIZE (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 2284
+SHA256 (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a
+SIZE (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = 1553
diff --git a/net/hostapd29/files/config b/net/hostapd29/files/config
new file mode 100644
index 000000000000..de05f3384a1a
--- /dev/null
+++ b/net/hostapd29/files/config
@@ -0,0 +1,316 @@
+# FreeBSD hostapd build time configuration
+#
+# This file lists the configuration options that are used when building the
+# hostapd binary. All lines starting with # are ignored. Configuration option
+# lines must be commented out complete, if they are not to be included, i.e.,
+# just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cass, these lines should use += in order not
+# to override previous values of the variables.
+
+# Driver interface for Host AP driver
+#CONFIG_DRIVER_HOSTAP=y
+
+# Driver interface for wired authenticator
+#CONFIG_DRIVER_WIRED=y
+
+# Driver interface for madwifi driver
+#CONFIG_DRIVER_MADWIFI=y
+#CFLAGS += -I../../madwifi # change to the madwifi source directory
+
+# Driver interface for drivers using the nl80211 kernel interface
+#CONFIG_DRIVER_NL80211=y
+
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+#CONFIG_LIBNL32=y
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+CONFIG_DRIVER_BSD=y
+CFLAGS += -I@PREFIX@/include
+LIBS += -L@PREFIX@/lib
+LIBS_p += -L@PREFIX@/lib
+LIBS_c += -L@PREFIX@/lib
+
+# Driver interface for no driver (e.g., RADIUS server only)
+#CONFIG_DRIVER_NONE=y
+
+# IEEE 802.11F/IAPP
+#CONFIG_IAPP=y
+
+# WPA2/IEEE 802.11i RSN pre-authentication
+CONFIG_RSN_PREAUTH=y
+
+# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
+#CONFIG_PEERKEY=y
+
+# IEEE 802.11w (management frame protection)
+#CONFIG_IEEE80211W=y
+
+# Integrated EAP server
+CONFIG_EAP=y
+
+# EAP-MD5 for the integrated EAP server
+CONFIG_EAP_MD5=y
+
+# EAP-TLS for the integrated EAP server
+CONFIG_EAP_TLS=y
+
+# EAP-MSCHAPv2 for the integrated EAP server
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-PEAP for the integrated EAP server
+CONFIG_EAP_PEAP=y
+
+# EAP-GTC for the integrated EAP server
+CONFIG_EAP_GTC=y
+
+# EAP-TTLS for the integrated EAP server
+CONFIG_EAP_TTLS=y
+
+# EAP-SIM for the integrated EAP server
+#CONFIG_EAP_SIM=y
+
+# EAP-AKA for the integrated EAP server
+#CONFIG_EAP_AKA=y
+
+# EAP-AKA' for the integrated EAP server
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+
+# EAP-PAX for the integrated EAP server
+#CONFIG_EAP_PAX=y
+
+# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-pwd for the integrated EAP server (secure authentication with a password)
+#CONFIG_EAP_PWD=y
+
+# EAP-SAKE for the integrated EAP server
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK for the integrated EAP server
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-FAST for the integrated EAP server
+# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
+# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
+# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
+#CONFIG_EAP_FAST=y
+
+# Wi-Fi Protected Setup (WPS)
+#CONFIG_WPS=y
+# Enable UPnP support for external WPS Registrars
+#CONFIG_WPS_UPNP=y
+# Enable WPS support with NFC config method
+#CONFIG_WPS_NFC=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# Trusted Network Connect (EAP-TNC)
+#CONFIG_EAP_TNC=y
+
+# EAP-EKE for the integrated EAP server
+#CONFIG_EAP_EKE=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# RADIUS authentication server. This provides access to the integrated EAP
+# server from external hosts using RADIUS.
+#CONFIG_RADIUS_SERVER=y
+
+# Build IPv6 support for RADIUS operations
+CONFIG_IPV6=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition)
+#CONFIG_IEEE80211R=y
+
+# Use the hostapd's IEEE 802.11 authentication (ACL), but without
+# the IEEE 802.11 Management capability (e.g., madwifi or FreeBSD/net80211)
+CONFIG_DRIVER_RADIUS_ACL=y
+
+# IEEE 802.11n (High Throughput) support
+#CONFIG_IEEE80211N=y
+
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+#CONFIG_WNM=y
+
+# IEEE 802.11ac (Very High Throughput) support
+#CONFIG_IEEE80211AC=y
+
+# Remove debugging code that is printing out debug messages to stdout.
+# This can be used to reduce the size of the hostapd considerably if debugging
+# code is not needed.
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Add support for writing debug log to a file: -f /tmp/hostapd.log
+# Disabled by default.
+#CONFIG_DEBUG_FILE=y
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Remove support for RADIUS accounting
+#CONFIG_NO_ACCOUNTING=y
+
+# Remove support for RADIUS
+#CONFIG_NO_RADIUS=y
+
+# Remove support for VLANs
+#CONFIG_NO_VLAN=y
+
+# Enable support for fully dynamic VLANs. This enables hostapd to
+# automatically create bridge and VLAN interfaces if necessary.
+#CONFIG_FULL_DYNAMIC_VLAN=y
+
+# Use netlink-based kernel API for VLAN operations instead of ioctl()
+# Note: This requires libnl 3.1 or newer.
+#CONFIG_VLAN_NETLINK=y
+
+# Remove support for dumping internal state through control interface commands
+# This can be used to reduce binary size at the cost of disabling a debugging
+# option.
+#CONFIG_NO_DUMP_STATE=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, comment out these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, comment out these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+# hostapd depends on strong random number generation being available from the
+# operating system. os_get_random() function is used to fetch random data when
+# needed, e.g., for key generation. On Linux and BSD systems, this works by
+# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
+# properly initialized before hostapd is started. This is important especially
+# on embedded devices that do not have a hardware random number generator and
+# may by default start up with minimal entropy available for random number
+# generation.
+#
+# As a safety net, hostapd is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data
+# fetched from the OS. This by itself is not considered to be very strong, but
+# it may help in cases where the system pool is not initialized properly.
+# However, it is very strongly recommended that the system pool is initialized
+# with enough entropy either by using hardware assisted random number
+# generator or by storing state over device reboots.
+#
+# hostapd can be configured to maintain its own entropy store over restarts to
+# enhance random number generation. This is not perfect, but it is much more
+# secure than using the same sequence of random numbers after every reboot.
+# This can be enabled with -e<entropy file> command line option. The specified
+# file needs to be readable and writable by hostapd.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal hostapd random pool can be disabled.
+# This will save some in binary size and CPU use. However, this should only be
+# considered for builds that are known to be used on devices that meet the
+# requirements described above.
+#CONFIG_NO_RANDOM_POOL=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# none = Empty template
+#CONFIG_TLS=openssl
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used.
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms.
+#CONFIG_TLSV12=y
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks.
+#CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+#CONFIG_HS20=y
+
+# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
+#CONFIG_SQLITE=y
+
+# Testing options
+# This can be used to enable some testing options (see also the example
+# configuration file) that are really useful only for testing clients that
+# connect to this hostapd. These options allow, for example, to drop a
+# certain percentage of probe requests or auth/(re)assoc frames.
+#
+#CONFIG_TESTING_OPTIONS=y
+
+# Automatic Channel Selection
+# This will allow hostapd to pick the channel automatically when channel is set
+# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# You can customize the ACS survey algorithm with the hostapd.conf variable
+# acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# http://wireless.kernel.org/en/users/Documentation/acs
+#
+#CONFIG_ACS=y
diff --git a/net/hostapd29/files/hostapd.in b/net/hostapd29/files/hostapd.in
new file mode 100644
index 000000000000..b6e717098472
--- /dev/null
+++ b/net/hostapd29/files/hostapd.in
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# PROVIDE: hostapd
+# REQUIRE: mountcritremote
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="hostapd"
+desc="Authenticator for IEEE 802.11 networks"
+#
+# This portion of this rc.script is different from base.
+case ${command} in
+/usr/sbin/hostapd) # Assume user does not want base hostapd because
+ # user specified WITHOUT_WIRELESS in make.conf
+ # and /etc/defaults/rc.conf contains this value.
+ unset command;;
+esac
+command=${hostapd_program:-%%PREFIX%%/sbin/hostapd}
+# End of differences from base. The rest of the file should remain the same.
+
+ifn="$2"
+if [ -z "$ifn" ]; then
+ rcvar="hostapd_enable"
+ conf_file="/etc/${name}.conf"
+ pidfile="/var/run/${name}.pid"
+else
+ rcvar=
+ conf_file="/etc/${name}-${ifn}.conf"
+ pidfile="/var/run/${name}-${ifn}.pid"
+fi
+
+command_args="-P ${pidfile} -B ${conf_file}"
+required_files="${conf_file}"
+required_modules="wlan_xauth wlan_wep wlan_tkip wlan_ccmp"
+extra_commands="reload"
+
+load_rc_config ${name}
+run_rc_command "$1"
diff --git a/net/hostapd29/files/patch-src-l2_packet-l2_packet_freebsd.c b/net/hostapd29/files/patch-src-l2_packet-l2_packet_freebsd.c
new file mode 100644
index 000000000000..8b34e0fbdd89
--- /dev/null
+++ b/net/hostapd29/files/patch-src-l2_packet-l2_packet_freebsd.c
@@ -0,0 +1,14 @@
+--- src/l2_packet/l2_packet_freebsd.c.orig 2014-06-04 13:26:14 UTC
++++ src/l2_packet/l2_packet_freebsd.c
+@@ -8,7 +8,10 @@
+ */
+
+ #include "includes.h"
+-#if defined(__APPLE__) || defined(__GLIBC__)
++#if defined(__FreeBSD__) \
++ || defined(__DragonFly__) \
++ || defined(__APPLE__) \
++ || defined(__GLIBC__)
+ #include <net/bpf.h>
+ #endif /* __APPLE__ */
+ #include <pcap.h>
diff --git a/net/hostapd29/files/patch-src_common_dhcp.h b/net/hostapd29/files/patch-src_common_dhcp.h
new file mode 100644
index 000000000000..f88d1921a380
--- /dev/null
+++ b/net/hostapd29/files/patch-src_common_dhcp.h
@@ -0,0 +1,25 @@
+--- src/common/dhcp.h.orig 2018-12-02 11:34:59.000000000 -0800
++++ src/common/dhcp.h 2018-12-06 00:01:11.429254000 -0800
+@@ -9,6 +9,22 @@
+ #ifndef DHCP_H
+ #define DHCP_H
+
++/*
++ * Translate Linux to FreeBSD
++ */
++#define iphdr ip
++#define ihl ip_hl
++#define verson ip_v
++#define tos ip_tos
++#define tot_len ip_len
++#define id ip_id
++#define frag_off ip_off
++#define ttl ip_ttl
++#define protocol ip_p
++#define check ip_sum
++#define saddr ip_src
++#define daddr ip_dst
++
+ #include <netinet/ip.h>
+ #if __FAVOR_BSD
+ #include <netinet/udp.h>
diff --git a/net/hostapd29/files/patch-src_drivers_driver__bsd.c b/net/hostapd29/files/patch-src_drivers_driver__bsd.c
new file mode 100644
index 000000000000..fe3064586710
--- /dev/null
+++ b/net/hostapd29/files/patch-src_drivers_driver__bsd.c
@@ -0,0 +1,60 @@
+--- src/drivers/driver_bsd.c.orig 2019-08-07 06:25:25.000000000 -0700
++++ src/drivers/driver_bsd.c 2021-06-13 23:10:12.570253000 -0700
+@@ -649,7 +649,7 @@
+ len = 2048;
+ }
+
+- return len;
++ return (len == 0) ? 2048 : len;
+ }
+
+ #ifdef HOSTAPD
+@@ -665,7 +665,11 @@
+ static int bsd_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
+ u16 reason_code);
+
++#ifdef __DragonFly__
++const char *
++#else
+ static const char *
++#endif
+ ether_sprintf(const u8 *addr)
+ {
+ static char buf[sizeof(MACSTR)];
+@@ -1080,7 +1084,14 @@
+ mode = 0 /* STA */;
+ break;
+ case IEEE80211_MODE_IBSS:
++ /*
++ * Ref bin/203086 - FreeBSD's net80211 currently uses
++ * IFM_IEEE80211_ADHOC.
++ */
++#if 0
+ mode = IFM_IEEE80211_IBSS;
++#endif
++ mode = IFM_IEEE80211_ADHOC;
+ break;
+ case IEEE80211_MODE_AP:
+ mode = IFM_IEEE80211_HOSTAP;
+@@ -1336,14 +1347,18 @@
+ drv = bsd_get_drvindex(global, ifm->ifm_index);
+ if (drv == NULL)
+ return;
+- if ((ifm->ifm_flags & IFF_UP) == 0 &&
+- (drv->flags & IFF_UP) != 0) {
++ if (((ifm->ifm_flags & IFF_UP) == 0 ||
++ (ifm->ifm_flags & IFF_RUNNING) == 0) &&
++ (drv->flags & IFF_UP) != 0 &&
++ (drv->flags & IFF_RUNNING) != 0) {
+ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN",
+ drv->ifname);
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED,
+ NULL);
+ } else if ((ifm->ifm_flags & IFF_UP) != 0 &&
+- (drv->flags & IFF_UP) == 0) {
++ (ifm->ifm_flags & IFF_RUNNING) != 0 &&
++ ((drv->flags & IFF_UP) == 0 ||
++ (drv->flags & IFF_RUNNING) == 0)) {
+ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
+ drv->ifname);
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
diff --git a/net/hostapd29/files/patch-src_utils_os.h b/net/hostapd29/files/patch-src_utils_os.h
new file mode 100644
index 000000000000..e92661256d5f
--- /dev/null
+++ b/net/hostapd29/files/patch-src_utils_os.h
@@ -0,0 +1,17 @@
+--- src/utils/os.h.orig 2016-09-17 20:36:13 UTC
++++ src/utils/os.h
+@@ -246,12 +246,14 @@ char * os_readfile(const char *name, siz
+ */
+ int os_file_exists(const char *fname);
+
++#if !defined __FreeBSD__ && !defined __DragonFly__
+ /**
+ * os_fdatasync - Sync a file's (for a given stream) state with storage device
+ * @stream: the stream to be flushed
+ * Returns: 0 if the operation succeeded or -1 on failure
+ */
+ int os_fdatasync(FILE *stream);
++#endif
+
+ /**
+ * os_zalloc - Allocate and zero memory
diff --git a/net/hostapd29/files/patch-src_utils_os__unix.c b/net/hostapd29/files/patch-src_utils_os__unix.c
new file mode 100644
index 000000000000..c56eee136a44
--- /dev/null
+++ b/net/hostapd29/files/patch-src_utils_os__unix.c
@@ -0,0 +1,18 @@
+--- src/utils/os_unix.c.orig 2015-09-27 19:02:05 UTC
++++ src/utils/os_unix.c
+@@ -442,6 +442,7 @@ int os_file_exists(const char *fname)
+ }
+
+
++#if !defined __FreeBSD__ && !defined __DragonFly__
+ int os_fdatasync(FILE *stream)
+ {
+ if (!fflush(stream)) {
+@@ -459,6 +460,7 @@ int os_fdatasync(FILE *stream)
+
+ return -1;
+ }
++#endif
+
+
+ #ifndef WPA_TRACE
diff --git a/net/hostapd29/files/patch-src_wps_wps__upnp.c b/net/hostapd29/files/patch-src_wps_wps__upnp.c
new file mode 100644
index 000000000000..1e3651d33162
--- /dev/null
+++ b/net/hostapd29/files/patch-src_wps_wps__upnp.c
@@ -0,0 +1,20 @@
+--- src/wps/wps_upnp.c.orig 2015-03-15 17:30:39 UTC
++++ src/wps/wps_upnp.c
+@@ -837,7 +837,7 @@ fail:
+ }
+
+
+-#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
++#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__)
+ #include <sys/sysctl.h>
+ #include <net/route.h>
+ #include <net/if_dl.h>
+@@ -924,7 +924,7 @@ int get_netif_info(const char *net_if, u
+ goto fail;
+ }
+ os_memcpy(mac, req.ifr_addr.sa_data, 6);
+-#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
++#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__DragonFly__)
+ if (eth_get(net_if, mac) < 0) {
+ wpa_printf(MSG_ERROR, "WPS UPnP: Failed to get MAC address");
+ goto fail;
diff --git a/net/hostapd29/pkg-descr b/net/hostapd29/pkg-descr
new file mode 100644
index 000000000000..a3c019c9df0e
--- /dev/null
+++ b/net/hostapd29/pkg-descr
@@ -0,0 +1,12 @@
+hostapd is a user space daemon for access point and authentication
+servers. It implements IEEE 802.11 access point management, IEEE
+802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and
+RADIUS authentication server. The current version supports Linux
+(Host AP, madwifi, mac80211-based drivers) and FreeBSD (net80211).
+
+Add the following to /etc/rc.conf to use the ports version instead
+of the base version:
+
+ hostapd_program="/usr/local/sbin/hostapd"
+
+WWW: https://w1.fi/hostapd/
diff --git a/net/hostapd29/pkg-message b/net/hostapd29/pkg-message
new file mode 100644
index 000000000000..43d22d9a1e7d
--- /dev/null
+++ b/net/hostapd29/pkg-message
@@ -0,0 +1,10 @@
+[
+{ type: install
+ message: <<EOM
+Add the following to /etc/rc.conf to use the ports version instead
+of the base version:
+
+ hostapd_program="/usr/local/sbin/hostapd"
+EOM
+}
+]
diff --git a/security/Makefile b/security/Makefile
index 9a3e3b6a1ced..738f303c4861 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1275,6 +1275,7 @@
SUBDIR += wolfssh
SUBDIR += wolfssl
SUBDIR += wpa_supplicant
+ SUBDIR += wpa_supplicant29
SUBDIR += wpa_supplicant-devel
SUBDIR += xca
SUBDIR += xinetd
diff --git a/security/wpa_supplicant29/Makefile b/security/wpa_supplicant29/Makefile
new file mode 100644
index 000000000000..7b23c34cd7cb
--- /dev/null
+++ b/security/wpa_supplicant29/Makefile
@@ -0,0 +1,229 @@
+PORTNAME= wpa_supplicant
+PORTVERSION= 2.9
+PORTREVISION= 11
+CATEGORIES= security net
+MASTER_SITES= https://w1.fi/releases/
+
+PATCH_SITES= https://w1.fi/security/2020-1/ \
+ https://w1.fi/security/2021-1/
+PATCHFILES= 0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch:-p1 \
+ 0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch:-p1 \
+ 0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch:-p1 \
+ 0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch:-p1
+
+MAINTAINER= cy@FreeBSD.org
+COMMENT= Supplicant (client) for WPA/802.1x protocols
+
+LICENSE= BSD3CLAUSE
+LICENSE_FILE= ${WRKSRC}/README
+
+USES= cpe gmake pkgconfig:build readline ssl
+BUILD_WRKSRC= ${WRKSRC}/wpa_supplicant
+INSTALL_WRKSRC= ${WRKSRC}/src
+CFLAGS+= ${CPPFLAGS} # USES=readline only augments CPPFLAGS and LDFLAGS
+CFLAGS+= -I${OPENSSLINC}
+LDFLAGS+= -L${OPENSSLLIB} -lutil
+MAKE_ENV= V=1
+
+SUB_FILES= pkg-message
+PORTDOCS= README ChangeLog
+
+CFG= ${BUILD_WRKSRC}/.config
+
+.if !exists(/etc/rc.d/wpa_supplicant)
+USE_RC_SUBR= wpa_supplicant
+.endif
+
+OPTIONS_MULTI= DRV EAP
+OPTIONS_MULTI_DRV= BSD WIRED NDIS TEST NONE #ROBOSWITCH
+OPTIONS_MULTI_EAP= TLS PEAP TTLS MD5 MSCHAPV2 GTC LEAP OTP PSK FAST \
+ SIM PWD PAX AKA AKA_PRIME SAKE GPSK TNC IKEV2 EKE
+OPTIONS_DEFINE= WPS WPS_ER WPS_NOREG WPS_NFC WPS_UPNP PKCS12 SMARTCARD \
+ HT_OVERRIDES VHT_OVERRIDES TLSV12 IEEE80211W \
+ IEEE80211R DEBUG_FILE DEBUG_SYSLOG PRIVSEP \
+ DELAYED_MIC IEEE80211N IEEE80211AC INTERWORKING \
+ IEEE8021X_EAPOL EAPOL_TEST \
+ HS20 NO_ROAMING P2P TDLS DBUS MATCH DOCS \
+ SIM_SIMULATOR USIM_SIMULATOR
+OPTIONS_DEFAULT= BSD WIRED \
+ TLS PEAP TTLS MD5 MSCHAPV2 GTC LEAP OTP PSK \
+ WPS PKCS12 SMARTCARD IEEE80211R DEBUG_SYSLOG \
+ INTERWORKING HS20 DBUS MATCH IEEE80211R IEEE80211W \
+ IEEE8021X_EAPOL WPS_ER WPS_NFC WPS_UPNP \
+ FAST PWD PAX SAKE GPSK TNC IKEV2 EKE
+OPTIONS_SUB=
+
+WPS_DESC= Wi-Fi Protected Setup
+WPS_ER_DESC= Enable WPS External Registrar
+WPS_NOREG_DESC= Disable open network credentials when registrar
+WPS_NFC_DESC= Near Field Communication (NFC) configuration
+WPS_UPNP_DESC= Universal Plug and Play support
+PKCS12_DESC= PKCS\#12 (PFS) support
+SMARTCARD_DESC= Private key on smartcard support
+HT_OVERRIDES_DESC= Disable HT/HT40, mask MCS rates, etc
+VHT_OVERRIDES_DESC= Disable VHT, mask MCS rates, etc
+TLSV12_DESC= Build with TLS v1.2 instead of TLS v1.0
+IEEE80211AC_DESC= Very High Throughput, AP mode (IEEE 802.11ac)
+IEEE80211N_DESC= High Throughput, AP mode (IEEE 802.11n)
+IEEE80211R_DESC= Fast BSS Transition (IEEE 802.11r-2008)
+IEEE80211W_DESC= Management Frame Protection (IEEE 802.11w)
+IEEE8021X_EAPOL_DESC= EAP over LAN support
+EAPOL_TEST_DESC= Development testing
+DEBUG_FILE_DESC= Support for writing debug log to a file
+DEBUG_SYSLOG_DESC= Send debug messages to syslog instead of stdout
+PRIVSEP_DESC= Privilege separation
+DELAYED_MIC_DESC= Mitigate TKIP attack, random delay on MIC errors
+INTERWORKING_DESC= Improve ext. network interworking (IEEE 802.11u)
+HS20_DESC= Hotspot 2.0
+NO_ROAMING_DESC= Disable roaming
+P2P_DESC= Peer-to-Peer support
+TDLS_DESC= Tunneled Direct Link Setup
+MATCH_DESC= Interface match mode
+
+DRV_DESC= Driver options
+BSD_DESC= BSD net80211 interface
+NDIS_DESC= Windows NDIS interface
+WIRED_DESC= Wired ethernet interface
+ROBOSWITCH_DESC= Broadcom Roboswitch interface
+TEST_DESC= Development testing interface
+NONE_DESC= The 'no driver' interface, e.g. WPS ER only
+
+EAP_DESC= Extensible Authentication Protocols
+TLS_DESC= Transport Layer Security
+PEAP_DESC= Protected Extensible Authentication Protocol
+TTLS_DESC= Tunneled Transport Layer Security
+MD5_DESC= MD5 hash (deprecated, no key generation)
+MSCHAPV2_DESC= Microsoft CHAP version 2 (RFC 2759)
+GTC_DESC= Generic Token Card
+LEAP_DESC= Lightweight Extensible Authentication Protocol
+OTP_DESC= One-Time Password
+PSK_DESC= Pre-Shared key
+FAST_DESC= Flexible Authentication via Secure Tunneling
+AKA_DESC= Autentication and Key Agreement (UMTS)
+AKA_PRIME_DESC= AKA Prime variant (RFC 5448)
+EKE_DESC= Encrypted Key Exchange
+SIM_DESC= Subscriber Identity Module
+SIM_SIMULATOR_DESC= SIM simulator (Milenage) for EAP-SIM
+USIM_SIMULATOR_DESC= SIM simulator (Milenage) for EAP-AKA
+IKEV2_DESC= Internet Key Exchange version 2
+PWD_DESC= Shared password (RFC 5931)
+PAX_DESC= Password Authenticated Exchange
+SAKE_DESC= Shared-Secret Authentication & Key Establishment
+GPSK_DESC= Generalized Pre-Shared Key
+TNC_DESC= Trusted Network Connect
+
+PRIVSEP_PLIST_FILES= sbin/wpa_priv
+DBUS_PLIST_FILES= share/dbus-1/system-services/fi.w1.wpa_supplicant1.service \
+ etc/dbus-1/system.d/dbus-wpa_supplicant.conf
+
+.include <bsd.port.pre.mk>
+
+.if ${PORT_OPTIONS:MNDIS} && ${PORT_OPTIONS:MPRIVSEP}
+BROKEN= Fails to compile with both NDIS and PRIVSEP
+.endif
+
+.if ${PORT_OPTIONS:MIEEE80211AC} && ${PORT_OPTIONS:MIEEE80211N}
+BROKEN= Fails to compile with both IEEE80211AC and IEEE80211N
+.endif
+
+.if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME}
+LIB_DEPENDS+= libpcsclite.so:devel/pcsc-lite
+CFLAGS+= -I${LOCALBASE}/include/PCSC
+LDFLAGS+= -L${LOCALBASE}/lib
+.endif
+
+.if ${PORT_OPTIONS:MDBUS}
+LIB_DEPENDS+= libdbus-1.so:devel/dbus
+.endif
+
+post-patch:
+ @${CP} ${FILESDIR}/Packet32.[ch] ${FILESDIR}/ntddndis.h \
+ ${WRKSRC}/src/utils
+ # Set driver(s)
+.for item in BSD NDIS WIRED ROBOSWITCH TEST NONE
+. if ${PORT_OPTIONS:M${item}}
+ @${ECHO_CMD} CONFIG_DRIVER_${item}=y >> ${CFG}
+. endif
+.endfor
+ # Set EAP protocol(s)
+.for item in MD5 MSCHAPV2 TLS PEAP TTLS FAST GTC OTP PSK PWD PAX LEAP SIM \
+ AKA AKA_PRIME SAKE GPSK TNC IKEV2 EKE
+. if ${PORT_OPTIONS:M${item}}
+ @${ECHO_CMD} CONFIG_EAP_${item:tu}=y >> ${CFG}
+. endif
+.endfor
+.if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME}
+ @${ECHO_CMD} CONFIG_PCSC=y >> ${CFG}
+.endif
+.for simple in WPS WPS_ER WPS_NFC WPS_UPNP PKCS12 SMARTCARD HT_OVERRIDES \
+ VHT_OVERRIDES TLSV12 IEEE80211AC IEEE80211N IEEE80211R IEEE80211W \
+ IEEE8021X_EAPOL EAPOL_TEST \
+ INTERWORKING DEBUG_FILE DEBUG_SYSLOG HS20 NO_ROAMING PRIVSEP P2P TDLS
+. if ${PORT_OPTIONS:M${simple}}
+ @${ECHO_CMD} CONFIG_${simple}=y >> ${CFG}
+. endif
+.endfor
+.for item in READLINE PEERKEY
+ @${ECHO_CMD} CONFIG_${item}=y >> ${CFG}
+.endfor
+.if ${PORT_OPTIONS:MIEEE80211AC} || ${PORT_OPTIONS:MIEEE80211N}
+ @${ECHO_CMD} CONFIG_AP=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MGPSK}
+ # GPSK desired, assume highest SHA desired too
+ @${ECHO_CMD} CONFIG_EAP_GPSK_SHA256=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MWPS_NOREG}
+ @${ECHO_CMD} CONFIG_WPS_REG_DISABLE_OPEN=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MDELAYED_MIC}
+ @${ECHO_CMD} CONFIG_DELAYED_MIC_ERROR_REPORT=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MDBUS}
+ @${ECHO_CMD} CONFIG_CTRL_IFACE_DBUS_NEW=y >> ${CFG}
+ @${ECHO_CMD} CONFIG_CTRL_IFACE_DBUS_INTRO=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MMATCH}
+ @${ECHO_CMD} CONFIG_MATCH_IFACE=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MUSIM_SIMULATOR}
+ @${ECHO_CMD} CONFIG_USIM_SIMULATOR=y >> ${CFG}
+.endif
+.if ${PORT_OPTIONS:MSIM_SIMULATOR}
+ @${ECHO_CMD} CONFIG_SIM_SIMULATOR=y >> ${CFG}
+.endif
+ @${ECHO_CMD} CONFIG_OS=unix >> ${CFG}
+ @${ECHO_CMD} CONFIG_CTRL_IFACE=unix >> ${CFG}
+ @${ECHO_CMD} CONFIG_BACKEND=file >> ${CFG}
+ @${ECHO_CMD} CONFIG_L2_PACKET=freebsd >> ${CFG}
+ @${ECHO_CMD} CONFIG_TLS=openssl >> ${CFG}
+
+post-build-EAPOL_TEST-on:
+ cd ${BUILD_WRKSRC} && ${GMAKE} eapol_test
+
+do-install:
+ (cd ${BUILD_WRKSRC} && ${INSTALL_PROGRAM} wpa_supplicant wpa_cli \
+ wpa_passphrase ${STAGEDIR}${PREFIX}/sbin)
+ ${INSTALL_DATA} ${BUILD_WRKSRC}/wpa_supplicant.conf \
+ ${STAGEDIR}${PREFIX}/etc/wpa_supplicant.conf.sample
+
+do-install-EAPOL_TEST-on:
+ ${INSTALL_PROGRAM} ${BUILD_WRKSRC}/eapol_test ${STAGEDIR}${PREFIX}/sbin
+
+do-install-DOCS-on:
+ @${MKDIR} ${STAGEDIR}${DOCSDIR}
+ (cd ${BUILD_WRKSRC} && \
+ ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR})
+
+do-install-PRIVSEP-on:
+ ${INSTALL_PROGRAM} ${BUILD_WRKSRC}/wpa_priv ${STAGEDIR}${PREFIX}/sbin
+
+do-install-DBUS-on:
+ @${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/
+ @${MKDIR} ${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/
+ ${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/fi.w1.wpa_supplicant1.service \
+ ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/
+ ${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/dbus-wpa_supplicant.conf \
+ ${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/
+
+.include <bsd.port.post.mk>
diff --git a/security/wpa_supplicant29/distinfo b/security/wpa_supplicant29/distinfo
new file mode 100644
index 000000000000..ecea4c5cfca6
--- /dev/null
+++ b/security/wpa_supplicant29/distinfo
@@ -0,0 +1,11 @@
+TIMESTAMP = 1615939959
+SHA256 (wpa_supplicant-2.9.tar.gz) = fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17
+SIZE (wpa_supplicant-2.9.tar.gz) = 3231785
+SHA256 (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 2d9a5b9d616f1b4aa4a22b967cee866e2f69b798b0b46803a7928c8559842bd7
+SIZE (0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch) = 5909
+SHA256 (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 49feb35a5276279b465f6836d6fa2c6b34d94dc979e8b840d1918865c04260de
+SIZE (0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch) = 2284
+SHA256 (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = a8212a2d89a5bab2824d22b6047e7740553df163114fcec94832bfa9c5c5d78a
+SIZE (0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch) = 1553
+SHA256 (0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch) = 7f40cfec5faf5e927ea9028ab9392cd118685bde7229ad24210caf0a8f6e9611
+SIZE (0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch) = 1751
diff --git a/security/wpa_supplicant29/files/Packet32.c b/security/wpa_supplicant29/files/Packet32.c
new file mode 100644
index 000000000000..95cae8c5c975
--- /dev/null
+++ b/security/wpa_supplicant29/files/Packet32.c
@@ -0,0 +1,366 @@
+/*-
+ * Copyright (c) 2005
+ * Bill Paul <wpaul@windriver.com>. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Bill Paul.
+ * 4. Neither the name of the author nor the names of any co-contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This file implements a small portion of the Winpcap API for the
+ * Windows NDIS interface in wpa_supplicant. It provides just enough
+ * routines to fool wpa_supplicant into thinking it's really running
+ * in a Windows environment.
+ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <sys/errno.h>
+#include <sys/sysctl.h>
+#include <sys/fcntl.h>
+#include <net/if.h>
+#include <net/if_dl.h>
+#include <net/if_var.h>
+
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#include <net/route.h>
+
+#ifdef __FreeBSD__
+#include <net80211/ieee80211_ioctl.h>
+#endif
+#ifdef __DragonFly__
+#include <netproto/802_11/ieee80211_ioctl.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <pcap.h>
+
+#include "Packet32.h"
+
+#define OID_802_11_ADD_KEY 0x0d01011D
+
+typedef ULONGLONG NDIS_802_11_KEY_RSC;
+typedef UCHAR NDIS_802_11_MAC_ADDRESS[6];
+
+typedef struct NDIS_802_11_KEY {
+ ULONG Length;
+ ULONG KeyIndex;
+ ULONG KeyLength;
+ NDIS_802_11_MAC_ADDRESS BSSID;
+ NDIS_802_11_KEY_RSC KeyRSC;
+ UCHAR KeyMaterial[1];
+} NDIS_802_11_KEY;
+
+typedef struct NDIS_802_11_KEY_COMPAT {
+ ULONG Length;
+ ULONG KeyIndex;
+ ULONG KeyLength;
+ NDIS_802_11_MAC_ADDRESS BSSID;
+ UCHAR Pad[6]; /* Make struct layout match Windows. */
+ NDIS_802_11_KEY_RSC KeyRSC;
+#ifdef notdef
+ UCHAR KeyMaterial[1];
+#endif
+} NDIS_802_11_KEY_COMPAT;
+
+#define TRUE 1
+#define FALSE 0
+
+struct adapter {
+ int socket;
+ char name[IFNAMSIZ];
+ int prev_roaming;
+};
+
+PCHAR
+PacketGetVersion(void)
+{
+ return("FreeBSD WinPcap compatibility shim v1.0");
+}
+
+void *
+PacketOpenAdapter(CHAR *iface)
+{
+ struct adapter *a;
+ int s;
+ int ifflags;
+ struct ifreq ifr;
+ struct ieee80211req ireq;
+
+ s = socket(PF_INET, SOCK_DGRAM, 0);
+
+ if (s == -1)
+ return(NULL);
+
+ a = malloc(sizeof(struct adapter));
+ if (a == NULL)
+ return(NULL);
+
+ a->socket = s;
+ if (strncmp(iface, "\\Device\\NPF_", 12) == 0)
+ iface += 12;
+ else if (strncmp(iface, "\\DEVICE\\", 8) == 0)
+ iface += 8;
+ snprintf(a->name, IFNAMSIZ, "%s", iface);
+
+ /* Turn off net80211 roaming */
+ bzero((char *)&ireq, sizeof(ireq));
+ strncpy(ireq.i_name, iface, sizeof (ifr.ifr_name));
+ ireq.i_type = IEEE80211_IOC_ROAMING;
+ if (ioctl(a->socket, SIOCG80211, &ireq) == 0) {
+ a->prev_roaming = ireq.i_val;
+ ireq.i_val = IEEE80211_ROAMING_MANUAL;
+ if (ioctl(a->socket, SIOCS80211, &ireq) < 0)
+ fprintf(stderr,
+ "Could not set IEEE80211_ROAMING_MANUAL\n");
+ }
+
+ bzero((char *)&ifr, sizeof(ifr));
+ strncpy(ifr.ifr_name, iface, sizeof (ifr.ifr_name));
+ if (ioctl(a->socket, SIOCGIFFLAGS, (caddr_t)&ifr) < 0) {
+ free(a);
+ close(s);
+ return(NULL);
+ }
+ ifr.ifr_flags |= IFF_UP;
+ if (ioctl(a->socket, SIOCSIFFLAGS, (caddr_t)&ifr) < 0) {
+ free(a);
+ close(s);
+ return(NULL);
+ }
+
+ return(a);
+}
+
+int
+PacketRequest(void *iface, BOOLEAN set, PACKET_OID_DATA *oid)
+{
+ struct adapter *a;
+ uint32_t retval;
+ struct ifreq ifr;
+ NDIS_802_11_KEY *old;
+ NDIS_802_11_KEY_COMPAT *new;
+ PACKET_OID_DATA *o = NULL;
+
+ if (iface == NULL)
+ return(-1);
+
+ a = iface;
+ bzero((char *)&ifr, sizeof(ifr));
+
+ /*
+ * This hack is necessary to work around a difference
+ * betwee the GNU C and Microsoft C compilers. The NDIS_802_11_KEY
+ * structure has a uint64_t in it, right after an array of
+ * chars. The Microsoft compiler inserts padding right before
+ * the 64-bit value to align it on a 64-bit boundary, but
+ * GCC only aligns it on a 32-bit boundary. Trying to pass
+ * the GCC-formatted structure to an NDIS binary driver
+ * fails because some of the fields appear to be at the
+ * wrong offsets.
+ *
+ * To get around this, if we detect someone is trying to do
+ * a set operation on OID_802_11_ADD_KEY, we shuffle the data
+ * into a properly padded structure and pass that into the
+ * driver instead. This allows the driver_ndis.c code supplied
+ * with wpa_supplicant to work unmodified.
+ */
+
+ if (set == TRUE && oid->Oid == OID_802_11_ADD_KEY) {
+ old = (NDIS_802_11_KEY *)&oid->Data;
+ o = malloc(sizeof(PACKET_OID_DATA) +
+ sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength);
+ if (o == NULL)
+ return(0);
+ bzero((char *)o, sizeof(PACKET_OID_DATA) +
+ sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength);
+ o->Oid = oid->Oid;
+ o->Length = sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength;
+ new = (NDIS_802_11_KEY_COMPAT *)&o->Data;
+ new->KeyRSC = old->KeyRSC;
+ new->Length = o->Length;
+ new->KeyIndex = old->KeyIndex;
+ new->KeyLength = old->KeyLength;
+ bcopy(old->BSSID, new->BSSID, sizeof(NDIS_802_11_MAC_ADDRESS));
+ bcopy(old->KeyMaterial, (char *)new +
+ sizeof(NDIS_802_11_KEY_COMPAT), new->KeyLength);
+ ifr.ifr_data = (caddr_t)o;
+ } else
+ ifr.ifr_data = (caddr_t)oid;
+
+ strlcpy(ifr.ifr_name, a->name, sizeof(ifr.ifr_name));
+
+ if (set == TRUE)
+ retval = ioctl(a->socket, SIOCSDRVSPEC, &ifr);
+ else
+ retval = ioctl(a->socket, SIOCGDRVSPEC, &ifr);
+
+ if (o != NULL)
+ free(o);
+
+ if (retval)
+ return(0);
+
+ return(1);
+}
+
+int
+PacketGetAdapterNames(CHAR *namelist, ULONG *len)
+{
+ int mib[6];
+ size_t needed;
+ struct if_msghdr *ifm;
+ struct sockaddr_dl *sdl;
+ char *buf, *lim, *next;
+ char *plist;
+ int spc;
+ int i, ifcnt = 0;
+
+ plist = namelist;
+ spc = 0;
+
+ bzero(plist, *len);
+
+ needed = 0;
+ mib[0] = CTL_NET;
+ mib[1] = PF_ROUTE;
+ mib[2] = 0; /* protocol */
+ mib[3] = 0; /* wildcard address family */
+ mib[4] = NET_RT_IFLIST;
+ mib[5] = 0; /* no flags */
+
+ if (sysctl (mib, 6, NULL, &needed, NULL, 0) < 0)
+ return(FALSE);
+
+ buf = malloc (needed);
+ if (buf == NULL)
+ return(FALSE);
+
+ if (sysctl (mib, 6, buf, &needed, NULL, 0) < 0) {
+ free(buf);
+ return(FALSE);
+ }
+
+ lim = buf + needed;
+
+ /* Generate interface name list. */
+
+ next = buf;
+ while (next < lim) {
+ ifm = (struct if_msghdr *)next;
+ if (ifm->ifm_type == RTM_IFINFO) {
+ sdl = (struct sockaddr_dl *)(ifm + 1);
+ if (strnstr(sdl->sdl_data, "wlan", sdl->sdl_nlen)) {
+ if ((spc + sdl->sdl_nlen) > *len) {
+ free(buf);
+ return(FALSE);
+ }
+ strncpy(plist, sdl->sdl_data, sdl->sdl_nlen);
+ plist += (sdl->sdl_nlen + 1);
+ spc += (sdl->sdl_nlen + 1);
+ ifcnt++;
+ }
+ }
+ next += ifm->ifm_msglen;
+ }
+
+
+ /* Insert an extra "" as a spacer */
+
+ plist++;
+ spc++;
+
+ /*
+ * Now generate the interface description list. There
+ * must be a unique description for each interface, and
+ * they have to match what the ndis_events program will
+ * feed in later. To keep this simple, we just repeat
+ * the interface list over again.
+ */
+
+ next = buf;
+ while (next < lim) {
+ ifm = (struct if_msghdr *)next;
+ if (ifm->ifm_type == RTM_IFINFO) {
+ sdl = (struct sockaddr_dl *)(ifm + 1);
+ if (strnstr(sdl->sdl_data, "wlan", sdl->sdl_nlen)) {
+ if ((spc + sdl->sdl_nlen) > *len) {
+ free(buf);
+ return(FALSE);
+ }
+ strncpy(plist, sdl->sdl_data, sdl->sdl_nlen);
+ plist += (sdl->sdl_nlen + 1);
+ spc += (sdl->sdl_nlen + 1);
+ ifcnt++;
+ }
+ }
+ next += ifm->ifm_msglen;
+ }
+
+ free (buf);
+
+ *len = spc + 1;
+
+ return(TRUE);
+}
+
+void
+PacketCloseAdapter(void *iface)
+{
+ struct adapter *a;
+ struct ifreq ifr;
+ struct ieee80211req ireq;
+
+ if (iface == NULL)
+ return;
+
+ a = iface;
+
+ /* Reset net80211 roaming */
+ bzero((char *)&ireq, sizeof(ireq));
+ strncpy(ireq.i_name, a->name, sizeof (ifr.ifr_name));
+ ireq.i_type = IEEE80211_IOC_ROAMING;
+ ireq.i_val = a->prev_roaming;
+ ioctl(a->socket, SIOCS80211, &ireq);
+
+ bzero((char *)&ifr, sizeof(ifr));
+ strncpy(ifr.ifr_name, a->name, sizeof (ifr.ifr_name));
+ ioctl(a->socket, SIOCGIFFLAGS, (caddr_t)&ifr);
+ ifr.ifr_flags &= ~IFF_UP;
+ ioctl(a->socket, SIOCSIFFLAGS, (caddr_t)&ifr);
+ close(a->socket);
+ free(a);
+
+ return;
+}
diff --git a/security/wpa_supplicant29/files/Packet32.h b/security/wpa_supplicant29/files/Packet32.h
new file mode 100644
index 000000000000..c75e5f9dfe91
--- /dev/null
+++ b/security/wpa_supplicant29/files/Packet32.h
@@ -0,0 +1,65 @@
+/*-
+ * Copyright (c) 2005
+ * Bill Paul <wpaul@windriver.com>. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Bill Paul.
+ * 4. Neither the name of the author nor the names of any co-contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _PACKET32_H_
+#define _PACKET32_H_
+
+#include <sys/types.h>
+#include <ntddndis.h>
+
+struct PACKET_OID_DATA {
+ uint32_t Oid;
+ uint32_t Length;
+ uint8_t Data[1];
+};
+
+
+typedef struct PACKET_OID_DATA PACKET_OID_DATA;
+
+extern PCHAR PacketGetVersion(void);
+extern void *PacketOpenAdapter(CHAR *);
+extern int PacketRequest(void *, BOOLEAN, PACKET_OID_DATA *);
+extern int PacketGetAdapterNames(CHAR *, ULONG *);
+extern void PacketCloseAdapter(void *);
+
+/*
+ * This is for backwards compatibility on FreeBSD 5.
+ */
+
+#ifndef SIOCGDRVSPEC
+#define SIOCSDRVSPEC _IOW('i', 123, struct ifreq) /* set driver-specific
+ parameters */
+#define SIOCGDRVSPEC _IOWR('i', 123, struct ifreq) /* get driver-specific
+ parameters */
+#endif
+
+#endif /* _PACKET32_H_ */
diff --git a/security/wpa_supplicant29/files/ntddndis.h b/security/wpa_supplicant29/files/ntddndis.h
new file mode 100644
index 000000000000..0af0ce858b03
--- /dev/null
+++ b/security/wpa_supplicant29/files/ntddndis.h
@@ -0,0 +1,32 @@
+#ifndef _NTDDNDIS_H_
+#define _NTDDNDIS_H_
+
+/*
+ * Fake up some of the Windows type definitions so that the NDIS
+ * interface module in wpa_supplicant will build.
+ */
+
+#define ULONG uint32_t
+#define USHORT uint16_t
+#define UCHAR uint8_t
+#define LONG int32_t
+#define SHORT int16_t
+#if __FreeBSD__
+#define CHAR char
+#else
+#define CHAR int8_t
+#endif
+#define ULONGLONG uint64_t
+#define LONGLONG int64_t
+#define BOOLEAN uint8_t
+typedef void * LPADAPTER;
+typedef char * PTSTR;
+typedef char * PCHAR;
+
+#define TRUE 1
+#define FALSE 0
+
+#define OID_802_3_CURRENT_ADDRESS 0x01010102
+#define OID_802_3_MULTICAST_LIST 0x01010103
+
+#endif /* _NTDDNDIS_H_ */
diff --git a/security/wpa_supplicant29/files/patch-src_common_dhcp.h b/security/wpa_supplicant29/files/patch-src_common_dhcp.h
new file mode 100644
index 000000000000..f88d1921a380
--- /dev/null
+++ b/security/wpa_supplicant29/files/patch-src_common_dhcp.h
@@ -0,0 +1,25 @@
+--- src/common/dhcp.h.orig 2018-12-02 11:34:59.000000000 -0800
++++ src/common/dhcp.h 2018-12-06 00:01:11.429254000 -0800
+@@ -9,6 +9,22 @@
+ #ifndef DHCP_H
+ #define DHCP_H
+
++/*
++ * Translate Linux to FreeBSD
++ */
++#define iphdr ip
++#define ihl ip_hl
++#define verson ip_v
++#define tos ip_tos
++#define tot_len ip_len
++#define id ip_id
++#define frag_off ip_off
++#define ttl ip_ttl
++#define protocol ip_p
++#define check ip_sum
++#define saddr ip_src
++#define daddr ip_dst
++
+ #include <netinet/ip.h>
+ #if __FAVOR_BSD
+ #include <netinet/udp.h>
diff --git a/security/wpa_supplicant29/files/patch-src_drivers_driver__bsd.c b/security/wpa_supplicant29/files/patch-src_drivers_driver__bsd.c
new file mode 100644
index 000000000000..7c452ece7476
--- /dev/null
+++ b/security/wpa_supplicant29/files/patch-src_drivers_driver__bsd.c
@@ -0,0 +1,48 @@
+--- src/drivers/driver_bsd.c.orig 2019-08-07 06:25:25.000000000 -0700
++++ src/drivers/driver_bsd.c 2021-06-13 23:07:14.016849000 -0700
+@@ -649,7 +649,7 @@
+ len = 2048;
+ }
+
+- return len;
++ return (len == 0) ? 2048 : len;
+ }
+
+ #ifdef HOSTAPD
+@@ -1080,7 +1080,14 @@
+ mode = 0 /* STA */;
+ break;
+ case IEEE80211_MODE_IBSS:
++ /*
++ * Ref bin/203086 - FreeBSD's net80211 currently uses
++ * IFM_IEEE80211_ADHOC.
++ */
++#if 0
+ mode = IFM_IEEE80211_IBSS;
++#endif
++ mode = IFM_IEEE80211_ADHOC;
+ break;
+ case IEEE80211_MODE_AP:
+ mode = IFM_IEEE80211_HOSTAP;
+@@ -1336,14 +1343,18 @@
+ drv = bsd_get_drvindex(global, ifm->ifm_index);
+ if (drv == NULL)
+ return;
+- if ((ifm->ifm_flags & IFF_UP) == 0 &&
+- (drv->flags & IFF_UP) != 0) {
++ if (((ifm->ifm_flags & IFF_UP) == 0 ||
++ (ifm->ifm_flags & IFF_RUNNING) == 0) &&
++ (drv->flags & IFF_UP) != 0 &&
++ (drv->flags & IFF_RUNNING) != 0) {
+ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN",
+ drv->ifname);
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED,
+ NULL);
+ } else if ((ifm->ifm_flags & IFF_UP) != 0 &&
+- (drv->flags & IFF_UP) == 0) {
++ (ifm->ifm_flags & IFF_RUNNING) != 0 &&
++ ((drv->flags & IFF_UP) == 0 ||
++ (drv->flags & IFF_RUNNING) == 0)) {
+ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
+ drv->ifname);
+ wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
diff --git a/security/wpa_supplicant29/files/patch-src_drivers_driver__ndis.c b/security/wpa_supplicant29/files/patch-src_drivers_driver__ndis.c
new file mode 100644
index 000000000000..5c58337c4b3d
--- /dev/null
+++ b/security/wpa_supplicant29/files/patch-src_drivers_driver__ndis.c
@@ -0,0 +1,89 @@
+--- src/drivers/driver_ndis.c.orig 2019-08-07 13:25:25 UTC
++++ src/drivers/driver_ndis.c
+@@ -504,13 +504,13 @@ static int ndis_get_oid(struct wpa_drive
+ o->Length = len;
+
+ if (!PacketRequest(drv->adapter, FALSE, o)) {
+- wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%d) failed",
++ wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%lu) failed",
+ __func__, oid, len);
+ os_free(buf);
+ return -1;
+ }
+ if (o->Length > len) {
+- wpa_printf(MSG_DEBUG, "%s: oid=0x%x Length (%d) > len (%d)",
++ wpa_printf(MSG_DEBUG, "%s: oid=0x%x Length (%d) > len (%lu)",
+ __func__, oid, (unsigned int) o->Length, len);
+ os_free(buf);
+ return -1;
+@@ -573,7 +573,7 @@ static int ndis_set_oid(struct wpa_drive
+ os_memcpy(o->Data, data, len);
+
+ if (!PacketRequest(drv->adapter, TRUE, o)) {
+- wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%d) failed",
++ wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%lu) failed",
+ __func__, oid, len);
+ os_free(buf);
+ return -1;
+@@ -1531,7 +1531,7 @@ static void wpa_driver_ndis_event_auth(s
+
+ if (data_len < sizeof(*req)) {
+ wpa_printf(MSG_DEBUG, "NDIS: Too short Authentication Request "
+- "Event (len=%d)", data_len);
++ "Event (len=%lu)", data_len);
+ return;
+ }
+ req = (NDIS_802_11_AUTHENTICATION_REQUEST *) data;
+@@ -1565,7 +1565,7 @@ static void wpa_driver_ndis_event_pmkid(
+
+ if (data_len < 8) {
+ wpa_printf(MSG_DEBUG, "NDIS: Too short PMKID Candidate List "
+- "Event (len=%d)", data_len);
++ "Event (len=%lu)", data_len);
+ return;
+ }
+ pmkid = (NDIS_802_11_PMKID_CANDIDATE_LIST *) data;
+@@ -1587,7 +1587,7 @@ static void wpa_driver_ndis_event_pmkid(
+ os_memset(&event, 0, sizeof(event));
+ for (i = 0; i < pmkid->NumCandidates; i++) {
+ PMKID_CANDIDATE *p = &pmkid->CandidateList[i];
+- wpa_printf(MSG_DEBUG, "NDIS: %d: " MACSTR " Flags 0x%x",
++ wpa_printf(MSG_DEBUG, "NDIS: %lu: " MACSTR " Flags 0x%x",
+ i, MAC2STR(p->BSSID), (int) p->Flags);
+ os_memcpy(event.pmkid_candidate.bssid, p->BSSID, ETH_ALEN);
+ event.pmkid_candidate.index = i;
+@@ -1778,7 +1778,7 @@ static void wpa_driver_ndis_get_capabili
+ "overflow");
+ break;
+ }
+- wpa_printf(MSG_MSGDUMP, "NDIS: %d - auth %d encr %d",
++ wpa_printf(MSG_MSGDUMP, "NDIS: %lu - auth %d encr %d",
+ i, (int) ae->AuthModeSupported,
+ (int) ae->EncryptStatusSupported);
+ switch (ae->AuthModeSupported) {
+@@ -2106,7 +2106,11 @@ static int wpa_driver_ndis_get_names(str
+ dlen = dpos - desc;
+ else
+ dlen = os_strlen(desc);
+- drv->adapter_desc = dup_binstr(desc, dlen);
++ drv->adapter_desc = os_malloc(dlen + 1);
++ if (drv->adapter_desc) {
++ os_memcpy(drv->adapter_desc, desc, dlen);
++ drv->adapter_desc[dlen] = '\0';
++ }
+ os_free(b);
+ if (drv->adapter_desc == NULL)
+ return -1;
+@@ -2274,7 +2278,11 @@ static int wpa_driver_ndis_get_names(str
+ } else {
+ dlen = os_strlen(desc[i]);
+ }
+- drv->adapter_desc = dup_binstr(desc[i], dlen);
++ drv->adapter_desc = os_malloc(dlen + 1);
++ if (drv->adapter_desc) {
++ os_memcpy(drv->adapter_desc, desc[i], dlen);
++ drv->adapter_desc[dlen] = '\0';
++ }
+ os_free(names);
+ if (drv->adapter_desc == NULL)
+ return -1;
diff --git a/security/wpa_supplicant29/files/patch-src_l2__packet_l2__packet__freebsd.c b/security/wpa_supplicant29/files/patch-src_l2__packet_l2__packet__freebsd.c
new file mode 100644
index 000000000000..5bce58b36950
--- /dev/null
+++ b/security/wpa_supplicant29/files/patch-src_l2__packet_l2__packet__freebsd.c
@@ -0,0 +1,12 @@
+--- src/l2_packet/l2_packet_freebsd.c.orig 2018-12-02 11:34:59.000000000 -0800
++++ src/l2_packet/l2_packet_freebsd.c 2018-12-05 23:18:27.612433000 -0800
+@@ -8,7 +8,8 @@
+ */
+
+ #include "includes.h"
+-#if defined(__APPLE__) || defined(__GLIBC__)
++#include <sys/param.h>
++#if defined(__APPLE__) || defined(__GLIBC__) || defined(__FreeBSD_version)
+ #include <net/bpf.h>
+ #endif /* __APPLE__ */
+ #include <pcap.h>
diff --git a/security/wpa_supplicant29/files/patch-src_radius_radius__client.c b/security/wpa_supplicant29/files/patch-src_radius_radius__client.c
new file mode 100644
index 000000000000..de86947f57b2
--- /dev/null
+++ b/security/wpa_supplicant29/files/patch-src_radius_radius__client.c
@@ -0,0 +1,12 @@
+--- src/radius/radius_client.c.orig 2019-08-07 06:25:25.000000000 -0700
++++ src/radius/radius_client.c 2021-01-11 08:35:20.860835000 -0800
+@@ -814,6 +814,9 @@
+ {
+ struct radius_client_data *radius = eloop_ctx;
+ struct hostapd_radius_servers *conf = radius->conf;
++#if defined(__clang_major__) && __clang_major__ >= 11
++#pragma GCC diagnostic ignored "-Wvoid-pointer-to-enum-cast"
++#endif
+ RadiusType msg_type = (RadiusType) sock_ctx;
+ int len, roundtrip;
+ unsigned char buf[3000];
diff --git a/security/wpa_supplicant29/files/patch-src_wps_wps__upnp.c b/security/wpa_supplicant29/files/patch-src_wps_wps__upnp.c
new file mode 100644
index 000000000000..1c7035e9a77d
--- /dev/null
+++ b/security/wpa_supplicant29/files/patch-src_wps_wps__upnp.c
@@ -0,0 +1,34 @@
+--- src/wps/wps_upnp.c.orig 2020-06-08 14:40:50.402529000 -0700
++++ src/wps/wps_upnp.c 2020-06-08 15:48:08.294830000 -0700
+@@ -861,7 +861,8 @@
+ }
+
+
+-#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
++#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
++ || defined(__DragonFly__)
+ #include <sys/sysctl.h>
+ #include <net/route.h>
+ #include <net/if_dl.h>
+@@ -950,7 +951,11 @@
+ errno, strerror(errno));
+ goto fail;
+ }
++#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
++ addr = (struct sockaddr_in *) &req.ifr_addr;
++#else
+ addr = (struct sockaddr_in *) &req.ifr_netmask;
++#endif
+ netmask->s_addr = addr->sin_addr.s_addr;
+ }
+
+@@ -962,7 +967,8 @@
+ goto fail;
+ }
+ os_memcpy(mac, req.ifr_addr.sa_data, 6);
+-#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
++#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) \
++ || defined(__DragonFly__)
+ if (eth_get(net_if, mac) < 0) {
+ wpa_printf(MSG_ERROR, "WPS UPnP: Failed to get MAC address");
+ goto fail;
diff --git a/security/wpa_supplicant29/files/patch-wpa__supplicant_Makefile b/security/wpa_supplicant29/files/patch-wpa__supplicant_Makefile
new file mode 100644
index 000000000000..9f1393fb85da
--- /dev/null
+++ b/security/wpa_supplicant29/files/patch-wpa__supplicant_Makefile
@@ -0,0 +1,17 @@
+--- wpa_supplicant/Makefile.orig 2015-03-15 17:30:39 UTC
++++ wpa_supplicant/Makefile
+@@ -99,6 +99,14 @@ OBJS += ../src/utils/os_$(CONFIG_OS).o
+ OBJS_p += ../src/utils/os_$(CONFIG_OS).o
+ OBJS_c += ../src/utils/os_$(CONFIG_OS).o
+
++ifdef CONFIG_DRIVER_NDIS
++OBJS += ../src/utils/Packet32.o
++ifdef CONFIG_PRIVSEP
++OBJS += ../src/drivers/driver_ndis.o
++endif
++OBJS_priv += ../src/utils/Packet32.o
++endif
++
+ ifdef CONFIG_WPA_TRACE
+ CFLAGS += -DWPA_TRACE
+ OBJS += ../src/utils/trace.o
diff --git a/security/wpa_supplicant29/files/patch-wpa__supplicant_main.c b/security/wpa_supplicant29/files/patch-wpa__supplicant_main.c
new file mode 100644
index 000000000000..3042768f44d9
--- /dev/null
+++ b/security/wpa_supplicant29/files/patch-wpa__supplicant_main.c
@@ -0,0 +1,33 @@
+--- wpa_supplicant/main.c.orig 2016-11-05 20:56:30 UTC
++++ wpa_supplicant/main.c
+@@ -66,7 +66,7 @@ static void usage(void)
+ " -c = Configuration file\n"
+ " -C = ctrl_interface parameter (only used if -c is not)\n"
+ " -d = increase debugging verbosity (-dd even more)\n"
+- " -D = driver name (can be multiple drivers: nl80211,wext)\n"
++ " -D = driver name (can be multiple drivers: bsd,wired)\n"
+ " -e = entropy file\n"
+ #ifdef CONFIG_DEBUG_FILE
+ " -f = log output to debug file instead of stdout\n"
+@@ -105,8 +105,7 @@ static void usage(void)
+ " -W = wait for a control interface monitor before starting\n");
+
+ printf("example:\n"
+- " wpa_supplicant -D%s -iwlan0 -c/etc/wpa_supplicant.conf\n",
+- wpa_drivers[0] ? wpa_drivers[0]->name : "nl80211");
++ " wpa_supplicant -Dbsd -iwlan0 -c/etc/wpa_supplicant.conf\n");
+ #endif /* CONFIG_NO_STDOUT_DEBUG */
+ }
+
+@@ -199,6 +198,11 @@ int main(int argc, char *argv[])
+
+ wpa_supplicant_fd_workaround(1);
+
++#ifdef CONFIG_DRIVER_NDIS
++ void driver_ndis_init_ops(void);
++ driver_ndis_init_ops();
++#endif /* CONFIG_DRIVER_NDIS */
++
+ for (;;) {
+ c = getopt(argc, argv,
+ "b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuvW");
diff --git a/security/wpa_supplicant29/files/patch-wpa__supplicant_wpa__supplicant.c b/security/wpa_supplicant29/files/patch-wpa__supplicant_wpa__supplicant.c
new file mode 100644
index 000000000000..42f150b3595c
--- /dev/null
+++ b/security/wpa_supplicant29/files/patch-wpa__supplicant_wpa__supplicant.c
@@ -0,0 +1,16 @@
+--- wpa_supplicant/wpa_supplicant.c.orig 2019-04-21 03:10:22.000000000 -0400
++++ wpa_supplicant/wpa_supplicant.c 2019-05-15 22:44:44.919859000 -0400
+@@ -6357,13 +6357,6 @@
+ if (params == NULL)
+ return NULL;
+
+-#ifdef CONFIG_DRIVER_NDIS
+- {
+- void driver_ndis_init_ops(void);
+- driver_ndis_init_ops();
+- }
+-#endif /* CONFIG_DRIVER_NDIS */
+-
+ #ifndef CONFIG_NO_WPA_MSG
+ wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
+ #endif /* CONFIG_NO_WPA_MSG */
diff --git a/security/wpa_supplicant29/files/pkg-message.in b/security/wpa_supplicant29/files/pkg-message.in
new file mode 100644
index 000000000000..e7b8d25b652d
--- /dev/null
+++ b/security/wpa_supplicant29/files/pkg-message.in
@@ -0,0 +1,11 @@
+[
+{ type: install
+ message: <<EOM
+To use the ports version of WPA Supplicant instead of the base, add:
+
+ wpa_supplicant_program="%%PREFIX%%/sbin/wpa_supplicant"
+
+to /etc/rc.conf
+EOM
+}
+]
diff --git a/security/wpa_supplicant29/files/wpa_supplicant.in b/security/wpa_supplicant29/files/wpa_supplicant.in
new file mode 100644
index 000000000000..c79c7ee119a9
--- /dev/null
+++ b/security/wpa_supplicant29/files/wpa_supplicant.in
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+# PROVIDE: wpa_supplicant
+# REQUIRE: mountcritremote
+# KEYWORD: nojail nostart
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="wpa_supplicant"
+desc="WPA/802.11i Supplicant for wireless network devices"
+rcvar=
+
+ifn="$2"
+if [ -z "$ifn" ]; then
+ return 1
+fi
+
+is_ndis_interface()
+{
+ case `sysctl -n net.wlan.${1#wlan}.%parent 2>/dev/null` in
+ ndis*) true ;;
+ *) false ;;
+ esac
+}
+
+if is_wired_interface ${ifn} ; then
+ driver="wired"
+elif is_ndis_interface ${ifn} ; then
+ driver="ndis"
+else
+ driver="bsd"
+fi
+
+load_rc_config $name
+
+#
+# This portion of this rc.script is different from base.
+case ${command} in
+/usr/sbin/wpa_supplicant) # Assume user does not want base hostapd because
+ # user specified WITHOUT_WIRELESS in make.conf
+ # and /etc/defaults/rc.conf contains this value.
+ unset command;;
+esac
+command=${wpa_supplicant_program:-%%PREFIX%%/sbin/wpa_supplicant}
+# End of differences from base. The rest of the file should remain the same.
+
+conf_file=${wpa_supplicant_conf_file}
+pidfile="/var/run/${name}/${ifn}.pid"
+command_args="-B -i $ifn -c $conf_file -D $driver -P $pidfile"
+required_files=$conf_file
+required_modules="wlan_wep wlan_tkip wlan_ccmp"
+
+run_rc_command "$1"
diff --git a/security/wpa_supplicant29/pkg-descr b/security/wpa_supplicant29/pkg-descr
new file mode 100644
index 000000000000..9eb5f45eea94
--- /dev/null
+++ b/security/wpa_supplicant29/pkg-descr
@@ -0,0 +1,14 @@
+wpa_supplicant is a client (supplicant) with support for WPA and WPA2
+(IEEE 802.11i / RSN). It is suitable for both desktop/laptop computers and
+embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used
+in the client stations. It implements key negotiation with a WPA
+Authenticator and it controls the roaming and IEEE 802.11 authentication/
+association of the wlan driver.
+
+wpa_supplicant is designed to be a "daemon" program that runs in the
+background and acts as the backend component controlling the wireless
+connection. wpa_supplicant supports separate frontend programs and a
+text-based frontend (wpa_cli) and a GUI (wpa_gui) are included with
+wpa_supplicant.
+
+WWW: http://w1.fi/wpa_supplicant/
diff --git a/security/wpa_supplicant29/pkg-plist b/security/wpa_supplicant29/pkg-plist
new file mode 100644
index 000000000000..9c7a743d7dea
--- /dev/null
+++ b/security/wpa_supplicant29/pkg-plist
@@ -0,0 +1,5 @@
+%%EAPOL_TEST%%sbin/eapol_test
+sbin/wpa_supplicant
+sbin/wpa_passphrase
+sbin/wpa_cli
+@sample etc/wpa_supplicant.conf.sample