| non port: net/hostapd/Makefile |
|
SVNWeb
|
Number of commits found: 52 |
|
Tue, 12 Sep 2023
|
[ 05:51 Cy Schubert (cy)  Author: R. Christian McDonald ]    33410dc
net/hostapd: wpa: Enable receiving priority tagged (VID 0) frames
Certain internet service providers transmit vlan 0 priority tagged
EAPOL frames from the ONT towards the residential gateway. VID 0
should be ignored, and the frame processed according to the priority
set in the 802.1P bits and the encapsulated EtherType (i.e. EAPOL).
The pcap filter utilized by l2_packet is inadquate for this use case.
Here we modify the pcap filter to accept both unencapsulated and
encapsulated (with VLAN 0) EAPOL EtherTypes. This preserves the
original filter behavior while also matching on encapsulated EAPOL.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Reviewed by: cy
Obtained from: src bb5d6d14d81b
PR: 273696
MFH: 2023Q3
|
[ 05:51 Cy Schubert (cy) ] e7f23d8
net/hostapd: Fix uninitialized packet pointer on error
The packet pointer (called packet) will remain uninitialized when
pcap_next_ex() returns an error. This occurs when the wlan
interface is shut down using ifconfig destroy. Adding a NULL
assignment to packet duplicates what pcap_next() does.
The reason we use pcap_next_ex() in this instance is because with
pacp_next() when we receive a null pointer if there was an error
or if no packets were read. With pcap_next_ex() we can differentiate
between an error and legitimately no packets were received.
PR: 270649, 273696
Obtained from: src 953efa5b200f
Reported by: Robert Morris <rtm@lcs.mit.edu>
MFH: 2023Q3
|
[ 05:50 Cy Schubert (cy) ] 087cebe
net/hostapd: driver_bsd.c: backout upstream IFF_ change and add logging
This reverts the state to our old supplicant logic setting or clearing
IFF_UP if needed. In addition this adds logging for the cases in which
we do (not) change the interface state.
Depending on testing this seems to help bringing WiFi up or not log
any needed changes (which would be the expected wpa_supplicant logic
now). People should look out for ``(changed)`` log entries (at least
if debugging the issue; this way we will at least have data points).
There is a hypothesis still pondered that the entire IFF_UP toggling
only exploits a race in net80211 (see further discssussions for more
debugging and alternative solutions see D38508 and D38753).
That may also explain why the changes to the rc startup script [1] (Only the first 15 lines of the commit message are shown above  )
|
|
Wed, 7 Sep 2022
|
[ 21:10 Stefan Eßer (se) ] b7f0544 (Only the first 10 of 27931 ports in this commit are shown above. )
Add WWW entries to port Makefiles
It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.
Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.
There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.
(Only the first 15 lines of the commit message are shown above )
|
|
Wed, 20 Jul 2022
|
[ 14:22 Tobias C. Berner (tcberner) ] 6a378e5 (Only the first 10 of 1159 ports in this commit are shown above. )
net: remove 'Created by' lines
A big Thank You to the original contributors of these ports:
* <ports@c0decafe.net>
* Aaron Dalton <aaron@FreeBSD.org>
* Aaron Straup Cope <ascope@cpan.org>
* Aaron Zauner <az_mail@gmx.at>
* Adam Jette <jettea46@yahoo.com>
* Adam Weinberger <adamw@FreeBSD.org>
* Alan Eldridge <alane@geeksrus.net>
* Alex Bakhtin <Alex.Bakhtin@gmail.com>
* Alex Deiter <Alex.Deiter@Gmail.COM>
* Alex Dupre <ale@FreeBSD.org>
* Alex Dupre <sysadmin@alexdupre.com> (Only the first 15 lines of the commit message are shown above )
|
|
Sun, 3 Jul 2022
|
[ 21:33 Cy Schubert (cy) Author: J.R. Oldroyd ] b3916c7
wpa_supplicant* hostapd*: Resolve secondary VAP association issue
Association will fail on a secondary open unprotected VAP when the
primary VAP is configured for WPA. Examples of secondary VAPs are,
hotels, universities, and commodity routers' guest networks.
A broadly similar bug was discussed on Red Hat's bugzilla affecting
association to a D-Link DIR-842.
This suggests that as IEs were added to the 802.11 protocol the old code
was increasingly inadaquate to handle the additional IEs, not only a
secondary VAP.
This duplcates src commit 775611ea11db here in ports.
PR: 264238
Reported by: Jaskie <jiangjun12321@gmail.com>
"J.R. Oldroyd" <fbsd@opal.com>
Submitted by: "J.R. Oldroyd" <fbsd@opal.com>
MFH: 2022Q3
|
|
Mon, 20 Jun 2022
|
[ 14:29 Cy Schubert (cy) ] 05a849e
*/*: Restore a missing wpa BSD driver patch
These patches were removed to sync with base where in fact base was
missing these patches and base should have been synced with the ports.
PR: 264238
Fixes: b8477825c2dc42f6c595697a36f593c71f39fbad
c86f32d652eb9dd023049122d8ca37cb13ed07b6
MFH: 2022Q2
|
|
Thu, 9 Jun 2022
|
[ 21:58 Cy Schubert (cy) ] c86f32d
*/*: Restore non-IBSS part of wpa patches
b8477825c2dc42f6c595697a36f593c71f39fbad removed some non-IBSS patches.
Restore them. We only want to remove the patches that make IBSS use
ADHOC mode.
Fixes: b8477825c2dc42f6c595697a36f593c71f39fbad
|
[ 20:41 Cy Schubert (cy) ] b847782
*/*: FreeBSD's WPA does support IBSS mode
FreeBSD's WPA does support IBSS mode. Remove the hack that forces ADHOC
mode when IBSS is requested.
|
|
Sat, 16 Apr 2022
|
[ 15:55 Cy Schubert (cy) ] c586ac0
*/{wpa_supplicant*,hostapd*}: Fix wpa 100% CPU when USB wlan NIC removed
hostapd calls pcap_next(3) to read the next packet off the wlan interface.
pcap_next() returns a pointer to the packet header but does not indicate
success or failure. Unfortunately this results in an infinite loop (100%
CPU) when the wlan device disappears, i.e. when a USB wlan device is
manually removed or a USB error results in the device removal. However
pcap_next_ex(3) does return success or failure. To resolve this we use
pcap_next_ex(), forcing hostapd to exit when the error is encountered.
An error message is printed to syslog or stderr when debugging (-d flag)
is enabled. Unfortunately wpa_printf() only works when debugging is enabled.
PR: 253608
Reported by: Damjan Jovanovic <damjan.jov@gmail.com>,
bz (privately)
MFH: 2022Q2
|
|
Mon, 17 Jan 2022
|
[ 17:00 Cy Schubert (cy) ] f5e549a
net/hostapd: Update to 2.10
The long awaited hostapd 2.10 is finally here.
|
|
Tue, 14 Sep 2021
|
[ 10:55 Bernhard Froehlich (decke) ] af1b44d
net/hostapd: Fix CPE information because current one is deprecated
Approved by: portmgr (blanket)
|
|
Mon, 14 Jun 2021
|
[ 16:04 Cy Schubert (cy) ] ed47e1e
*/*: Sync hostapd* and wpa_supplicant* with base ce276fe26d92010776
Use IFM_IEEE80211_ADHOC for now on FreeBSD for IBSS operation.
Base commit by adrian@ on Nov 26, 2015.
This commit syncs ports with base.
PR: 203086
Submitted by: avos
MFH: 2020Q2
|
|
Tue, 6 Apr 2021
|
[ 14:31 Mathieu Arnold (mat) ] 305f148 (Only the first 10 of 29333 ports in this commit are shown above. )
Remove # $FreeBSD$ from Makefiles.
|
|
Wed, 20 Jan 2021
|
[ 17:14 cy ]  
This is the ports version of src commit
d70886d063166786ded0007af8cdcbf57b7b4827.
wpa_supplicant uses PF_ROUTE to return the routing table in order to
determine the length of the routing table buffer. As of 81728a538d24
wpa_supplicant is started before the routing table has been populated
resulting in the length of zero to be returned. This causes
wpa_supplicant to loop endlessly. (The workaround is to kill and restart
wpa_supplicant as by the time it is restarted the routing table is
populated.)
(Personally, I was not able to reproduce this unless wlan0 was a member of
lagg0. However, others experienced this problem on standalone wlan0.)
PR: 252844
Submitted by: shu <ankohuu _ outlook.com>
Reported by: shu <ankohuu _ outlook.com>
Reviewed by: cy
Differential Revision: https://reviews.freebsd.org/D28249
|
|
Tue, 9 Jun 2020
|
[ 05:48 cy ]
UPnP SUBSCRIBE misbehavior in hostapd WPS AP
As published by our hostapd upstream
Vulnerability
General security vulnerability in the way the callback URLs in the UPnP
SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695).
Some of the described issues may be applicable to the use of UPnP in WPS
AP mode functionality for supporting external registrars.
Such issues could allow a device connected to the local network (i.e., a
device that has been authorized to transmit packets in the network in
which the AP is located) could trigger the AP to initiate a HTTP
(TCP/IP) connection to an arbitrary URL, including connections to (Only the first 15 lines of the commit message are shown above )
|
|
Wed, 20 May 2020
|
[ 04:20 cy ]
Chase src r361272:
Silence the once per second CTRL-EVENT-SCAN-FAILED errors when the WiFi
radio is disabled through the communication device toggle key (also known
as the RF raidio kill button). Only the CTRL-EVENT-DISCONNECTED will be
issued.
Submitted by: avg
Reported by: avg
MFH: 2020Q2
|
|
Thu, 22 Aug 2019
|
[ 03:33 cy ]
Update 2.8 --> 2.9
|
|
Mon, 17 Jun 2019
|
[ 20:15 cy ]
For users who build and install FreeBSD using WITHOUT_WIRELESS
simply altering /etc/rc.conf isn't enough to make use of the ports
versions of hostapd and wpa_supplicant. This is because the rc.d
scripts are not installed when WITHOUT_WIRELESS is specified as a
build option. This patch checks for the rc scripts existence and
if they do not exist, installs the ports versions of the same
scripts, which are added by this revision.
This patch does not change the package in any way and there is no way
to enable this outside of removal of hostapd or wpa_supplicant
(depending on the port). Users who build their own world using the
WITHOUT_WIRELESS flag will almost always not use binary packages. Hence
the automatic detection and install of the rc scripts. Making this an
option would IMO increase the number of bug reports due to people
inadvertently setting or not setting an option.
To enable this a person must:
1. buildworld and installworld -DWITHOUT_WIRELESS
2. Build and install the desired wpa_supplicant and/or hostapd port
on servers one wishes to install them on.
PR: 238571
|
|
Mon, 22 Apr 2019
|
[ 15:56 cy ]
Update wpa_supplicant/hostapd 2.7 --> 2.8
|
|
Tue, 5 Mar 2019
|
[ 03:56 cy ]
Also document usage in pkg-message for binary package users.
PR: 236230
Reported by: mt@markoturk.info
MFH: 2019Q1
|
|
Thu, 6 Dec 2018
|
[ 20:11 cy ]
Update 2.6 --> 2.7
|
|
Fri, 17 Aug 2018
|
[ 02:18 cy ]
Pet portlint.
|
[ 02:12 cy ]
leres@ suggested in D16718 and offline that I assume maintainership
of net/hostapd.
Suggested by: leres@
Approved by: leres@
|
[ 02:12 cy ]
Chase net/wpa_supplicant r477202 and base contrib/wpa r337819.
WPA: Ignore unauthenticated encrypted EAPOL-Key data
Though hostapd is technically not vulnerable, the mitigation for
CVE-2018-14526 does apply cleanly, therefore it is applied to maintain
consistency with net/wpa_supplicant and wpa in base.
Approved by: leres@
MFH: 2018Q3
Differential Revision: https://reviews.freebsd.org/D16718
|
[ 02:12 cy ]
In preparation for applying security patches, switch to grouping of
patches per site as suggested by mat@.
Suggested by: mat@
Differential Revision: https://reviews.freebsd.org/D16718
|
|
Tue, 17 Oct 2017
|
[ 01:30 cy ]
Add patch set 2017-1.
A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys. Such
reinstallation of the encryption key can result in two different types
of vulnerabilities: disabling replay protection and significantly
reducing the security of encryption to the point of allowing frames to
be decrypted or some parts of the keys to be determined by an attacker
depending on which cipher is used.
Approved by: leres (maintainer)
Security: https://w1.fi/security/2017-1/ \
wpa-packet-number-reuse-with-replayed-messages.txt
Security: https://www.krackattacks.com/
MFH: 2017Q4
Differential Revision: D12691
|
[ 01:30 cy ]
Use https site.
Approved by: leres (maintainer)
MFH: 2017Q4
Differential Revision: D12691 (part of)
|
|
Fri, 15 Sep 2017
|
[ 18:18 leres ] (Only the first 10 of 13 ports in this commit are shown above. )
Update MAINTAINER on my ports and "Created by" on the ones I created
to use my @FreeBSD.org email address.
- devel/arduino
- devel/arduino-glcd
- devel/arduino-irremote
- devel/arduino-mk
- devel/arduino-sevseg
- net/hostapd
- net/py-pcap
- security/bro
- security/broccoli
- security/create-cert
- sysutils/lbl-cf
- sysutils/lbl-hf
- www/mini_httpd
Reviewed by: ler (mentor)
Approved by: ler (mentor)
Differential Revision: https://reviews.freebsd.org/D12374
|
|
Tue, 21 Mar 2017
|
[ 17:50 krion ]
Update net/hostapd to 2.6 and fix multiple vulnerabilities
PR: 217907
Submitted by: maintainer
Approved by: mat (mentor)
Differential Revision: https://reviews.freebsd.org/D10051
|
|
Fri, 30 Sep 2016
|
[ 17:29 marino ]
net/hostapd: Fix build on DragonFly and with LibreSSL
1. Return the driver_bsd.c patch, it's still required for DF
2. Modify the os_unix.c patch to include exception for DF
3. Add patch to fix build with LibreSSL (originates from OpenBSD)
4. There's no configure set, so replace ineffective configure arg
with CFLAGS and LDFLAGS for non-base SSL library
Approved by: SSL blanket and DF blanket
|
|
Fri, 23 Sep 2016
|
[ 18:20 madpilot ]
Update to 2.5
PR: 212779
Submitted by: leres at ee.lbl.gov (maintainer)
|
|
Tue, 13 Sep 2016
|
[ 05:01 marino ]
net/hostapd: Remove PORTS_SSL option and use SSL_DEFAULT
The port is now configured depending on the SSL base specified by the
SSL_DEFAULT variable. Before it would break by default if SSL_DEFAULT
was set to non-base. This changes puts hostapd in line with the rest
of the ports tree.
Approved by: SSL blanket
|
|
Thu, 16 Jun 2016
|
[ 13:23 mat ] (Only the first 10 of 35 ports in this commit are shown above. )
Fix usage of WITH_OPENSSL_BASE, WITH_OPENSSL_PORT and OPENSSL_PORT.
WITH_OPENSSL_* can't be set after bsd.port.pre.mk.
Fold all other usage into using SSL_DEFAULT == foo
PR: 210149
Submitted by: mat
Exp-run by: antoine
Sponsored by: The FreeBSD Foundation, Absolight
Differential Revision: https://reviews.freebsd.org/D6577
|
|
Sun, 6 Sep 2015
|
[ 17:15 danfe ]
Remove BROKEN_* statements, the port builds fine everywhere.
|
|
Tue, 2 Jun 2015
|
[ 09:52 marino ]
net/hostapd: Address 3 latest security advisories
These are combined upstream patches 2015-2, 2015-3, 2015-4
They address the following security advisories:
* CVE-2015-4141
* CVE-2015-4142
* CVE-2015-4143
* CVE-2015-4144
* CVE-2015-4145
* CVE-2015-4146
These advisories also apply to security/wpa_supplicant
PR: 200567
Submitted by: Jason Unovitch
Approved by: maintainer (Craig Leres)
|
|
Sun, 3 May 2015
|
[ 15:12 amdmi3 ]
- Add CPE info
Approved by: portmgr blanket
|
|
Sun, 29 Mar 2015
|
[ 12:15 marino ]
net/hostapd: Upgrade version 2.3 => 2.4, add PORTS_SSL option
PR: 198889
Submitted by: maintainer (leres - ee.lbl.gov)
|
|
Thu, 15 Jan 2015
|
[ 09:05 tijl ] (Only the first 10 of 102 ports in this commit are shown above. )
Add missing USE_OPENSSL=yes
PR: 195796
|
|
Thu, 16 Oct 2014
|
[ 07:19 marino ]
net/hostapd: Upgrade version 2.2 => 2.3
While upgrading to the latest version released last week:
* Rebase .config file on latest sample versoin
* Support non-default prefixes
* Merge new contents of do-configure target into post-patch target
PR: 194315
Approved by: maintainer: (Craig Leres)
|
|
Sun, 12 Oct 2014
|
[ 10:46 marino ]
net/hostapd: Update WWW + MASTER_SITES and support DragonFly
The domain for hostapd has changed from hostap.epitest.fi to w1.fi
although the former still redirects. Update WWW and MASTER_SITES to
reflect the new name.
Regenerate the l2 packet patch so that hostapd also builds on DragonFly
(no-op for FreeBSD).
While here, rearrange makefile to remove need for <pre> and <post> and
use of $PORTNAME in $WRKSRC which would break if PORTNAME changes.
|
|
Sat, 7 Jun 2014
|
[ 05:26 danilo ]
- Update from 2.1 to 2.2 [1]
- Use just BSD3CLAUSE as LICENSE (according to README)
PR: ports/190726
Submitted by: leres@ee.lbl.gov [1]
|
|
Fri, 4 Apr 2014
|
[ 13:56 bapt ]
s/-script://
|
|
Thu, 13 Mar 2014
|
[ 10:06 pawel ]
Update to version 2.1
PR: ports/187459
Submitted by: maintainer
|
|
Fri, 28 Feb 2014
|
[ 08:42 ehaupt ]
Support staging
|
|
Fri, 20 Sep 2013
|
[ 22:10 bapt ] (Only the first 10 of 1288 ports in this commit are shown above. )
Add NO_STAGE all over the place in preparation for the staging support (cat:
net)
|
|
Wed, 14 Aug 2013
|
[ 22:35 ak ] (Only the first 10 of 1725 ports in this commit are shown above. )
- Remove MAKE_JOBS_SAFE variable
Approved by: portmgr (bdrewery)
|
|
Sat, 2 Feb 2013
|
[ 11:44 pawel ]
Update to version 2.0
PR: ports/175438
Submitted by: Craig Leres <leres@ee.lbl.gov> (maintainer)
|
|
Mon, 18 Jun 2012
|
[ 22:27 jgh ]
- Update to 1.0
- Use ports framework for build:
- Bonus: Now honours CC/CFLAGS/LDFLAGS
- Remove DISTNAME override
- Update LICENSE (GPLv2 not GPLv1)
- Mark MAKE_JOBS_SAFE
- Patch Makefile to see $(CC) not "CC" when not verbose
- Pet portlint (LICENSE order)
- while here shift where arch is tested, and use MAN{1,8}PREFIX
PR: ports/169154 (based on)
Submitted by: koobs.freebsd@gmail.com
Approved by: maintainer, leres@ee.lbl.gov
|
|
Thu, 10 Nov 2011
|
[ 05:38 linimon ] (Only the first 10 of 34 ports in this commit are shown above. )
Mark broken on powerpc as well as sparc64. (In fact, on all the tier-2s.)
Hat: portmgr
|
|
Wed, 10 Aug 2011
|
[ 09:13 linimon ]
Mark as broken on sparc64: does not compile.
|
|
Sat, 12 Feb 2011
|
[ 04:52 miwi ]
hostapd is a user space daemon for access point and authentication
servers. It implements IEEE 802.11 access point management, IEEE
802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and
RADIUS authentication server. The current version supports Linux
(Host AP, madwifi, mac80211-based drivers) and FreeBSD (net80211).
WWW: http://hostap.epitest.fi/hostapd/
PR: ports/154621
Submitted by: leres at ee.lbl.gov
|
Number of commits found: 52 |
As an Amazon Associate I earn from qualifying purchases.