notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)

/commits.php is going away

I'm proposing to take /commits.php away - it mainly duplicates the home page. Details in this GitHub issue.
Port details
wpa_supplicant Supplicant (client) for WPA/802.1x protocols
2.9_11 security on this many watch lists=4 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port View this port on Repology. pkg-fallout 2.9_11Version of this port present on the latest quarterly branch.
Maintainer: cy@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2004-12-12 22:27:18
Last Update: 2021-06-14 16:04:00
Commit Hash: ed47e1e
People watching this port, also watch:: firefox, freetype2, sudo
Also Listed In: net
License: BSD3CLAUSE
Description:
SVNWeb : git : Homepage
pkg-plist: as obtained via: make generate-plist
Expand this list (13 items)
Collapse this list.
  1. share/dbus-1/system-services/fi.w1.wpa_supplicant1.service
  2. etc/dbus-1/system.d/dbus-wpa_supplicant.conf
  3. /usr/local/share/licenses/wpa_supplicant-2.9_11/catalog.mk
  4. /usr/local/share/licenses/wpa_supplicant-2.9_11/LICENSE
  5. /usr/local/share/licenses/wpa_supplicant-2.9_11/BSD3CLAUSE
  6. @comment sbin/eapol_test
  7. sbin/wpa_supplicant
  8. sbin/wpa_passphrase
  9. sbin/wpa_cli
  10. @sample etc/wpa_supplicant.conf.sample
  11. @owner
  12. @group
  13. @mode
Collapse this list.
Dependency lines:
  • wpa_supplicant>0:security/wpa_supplicant
To install the port: cd /usr/ports/security/wpa_supplicant/ && make install clean
To add the package, run one of these commands:
  • pkg install security/wpa_supplicant
  • pkg install wpa_supplicant
PKGNAME: wpa_supplicant
Flavors: there is no flavor information for this port.
distinfo:
Packages (timestamps in pop-ups are UTC):
wpa_supplicant
ABIlatestquarterly
FreeBSD:11:aarch642.6_32.9_7
FreeBSD:11:amd642.9_112.9_11
FreeBSD:11:armv62.5_22.9_7
FreeBSD:11:i3862.9_112.9_11
FreeBSD:11:mips--
FreeBSD:11:mips642.5_22.9_7
FreeBSD:12:aarch642.6_32.9_11
FreeBSD:12:amd642.9_112.9_11
FreeBSD:12:armv62.6_32.9_7
FreeBSD:12:armv72.6_32.9_7
FreeBSD:12:i3862.9_112.9_11
FreeBSD:12:mips--
FreeBSD:12:mips642.6_32.9_7
FreeBSD:12:powerpc64-2.9_10
FreeBSD:13:aarch642.9_82.9_11
FreeBSD:13:amd642.9_112.9_11
FreeBSD:13:armv62.9_82.9_10
FreeBSD:13:armv72.9_82.9_10
FreeBSD:13:i3862.9_112.9_11
FreeBSD:13:mips--
FreeBSD:13:mips64--
FreeBSD:13:powerpc642.9_72.9_11
FreeBSD:14:aarch642.9_11-
FreeBSD:14:amd642.9_11-
FreeBSD:14:armv62.9_10-
FreeBSD:14:armv72.9_10-
FreeBSD:14:i3862.9_11-
FreeBSD:14:mips--
FreeBSD:14:mips64--
FreeBSD:14:powerpc642.9_10-
 

Dependencies
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
Build dependencies:
  1. gmake>=4.3 : devel/gmake
  2. pkgconf>=1.3.0_1 : devel/pkgconf
Library dependencies:
  1. libreadline.so.8 : devel/readline
  2. libdbus-1.so : devel/dbus
There are no ports dependent upon this port

Configuration Options:
Options name:

USES:

pkg-message:
If installing:
Master Sites:
Expand this list (1 items)
Collapse this list.
  1. https://w1.fi/releases/
Collapse this list.

Number of commits found: 78

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
14 Jun 2021 16:04:00
 files touched by this commit commit hash:ed47e1ecc5db5576f6a2d4a47e083b2366bd65cc  2.9_11
cy search for other commits by this committer
*/*: Sync hostapd* and wpa_supplicant* with base ce276fe26d92010776

Use IFM_IEEE80211_ADHOC for now on FreeBSD for IBSS operation.

Base commit by adrian@ on Nov 26, 2015.

This commit syncs ports with base.

PR:		203086
Submitted by:	avos
MFH:		2020Q2
07 Apr 2021 08:09:01
 files touched by this commit commit hash:cf118ccf875508b9a1c570044c93cfcc82bd455c  2.9_10
mat search for other commits by this committer
One more small cleanup, forgotten yesterday.
Reported by:	lwhsu
06 Apr 2021 14:31:13
 files touched by this commit commit hash:135fdeebb99c3569e42d8162b265e15d29bd937d  2.9_10
mat search for other commits by this committer
all: Remove all other $FreeBSD keywords.
06 Apr 2021 14:31:07
 files touched by this commit commit hash:305f148f482daf30dcf728039d03d019f88344eb  2.9_10
mat search for other commits by this committer
Remove # $FreeBSD$ from Makefiles.
17 Mar 2021 02:32:50
Original commit files touched by this commit Revision:568629  2.9_10
cy search for other commits by this committer
security/wpa_supplicant: fix for P2P provision vulnerability

Latest version available from: https://w1.fi/security/2021-1/

Vulnerability

A vulnerability was discovered in how wpa_supplicant processes P2P
(Wi-Fi Direct) provision discovery requests. Under a corner case
condition, an invalid Provision Discovery Request frame could end up
reaching a state where the oldest peer entry needs to be removed. With
a suitably constructed invalid frame, this could result in use
(read+write) of freed memory. This can result in an attacker within
radio range of the device running P2P discovery being able to cause
unexpected behavior, including termination of the wpa_supplicant process
and potentially code execution.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
26 Jan 2021 20:15:28
Original commit files touched by this commit Revision:562996  2.9_9
cy search for other commits by this committer
Disable NDIS by default.

From src/bfc99943b04b46a6c1c885ce7bcc6f235b7422aa (brooks):

    nids(4) was a clever idea in the early 2000's when the market was
    flooded with 10/100 NICs with Windows-only drivers, but that hasn't
    been the case for ages and the driver has had no meaningful maintenance
    in ages. It only supports Windows-XP era drivers.

Therefore NDIS has been removed from 14-CURRENT. Those who still want or
need NDIS on older supported versions of FreeBSD can still enable the
options and rebuild the port.
20 Jan 2021 17:14:16
Original commit files touched by this commit Revision:562150  2.9_8
cy search for other commits by this committer
This is the ports version of src commit
d70886d063166786ded0007af8cdcbf57b7b4827.

wpa_supplicant uses PF_ROUTE to return the routing table in order to
determine the length of the routing table buffer. As of 81728a538d24
wpa_supplicant is started before the routing table has been populated
resulting in the length of zero to be returned. This causes
wpa_supplicant to loop endlessly. (The workaround is to kill and restart
wpa_supplicant as by the time it is restarted the routing table is
populated.)

(Personally, I was not able to reproduce this unless wlan0 was a member of
lagg0. However, others experienced this problem on standalone wlan0.)

PR:		252844
Submitted by:	shu <ankohuu _ outlook.com>
Reported by:	shu <ankohuu _ outlook.com>
Reviewed by:	cy
Differential Revision:	https://reviews.freebsd.org/D28249
12 Jan 2021 04:27:16
Original commit files touched by this commit Revision:561297  2.9_7
cy search for other commits by this committer
Fix build on llvm10 and gcc.

PR:		252577
Reported by:	David Sieborger <drs-freebsd _ sieborger.nom.za>
MFH:		2021Q1
30 Dec 2020 05:38:19
Original commit files touched by this commit Revision:559640  2.9_7
cy search for other commits by this committer
Add SIM_SIMULATOR and USIM_SIMULATOR options.

SIM_SIMULATOR and USIM_SIMULATOR options enable features that are used for
testing EAP-AKA and EAP-SIM authentication.

PR:		252276
Submitted by:	Terry Burton <tez _ terryburton.co.uk>
30 Dec 2020 05:38:16
Original commit files touched by this commit Revision:559639  2.9_7
cy search for other commits by this committer
Fix LLVM11 build.

According to https://reviews.llvm.org/D75758, some software may require
a pragma.
26 Jun 2020 01:33:19
Original commit files touched by this commit Revision:540412  2.9_7
cy search for other commits by this committer
add MATCH option for CONFIG_MATCH_IFACE.

PR:		247177
Submitted by:	greg@unrelenting.technology
Reported by:	greg@unrelenting.technology
Tested by:	swills
09 Jun 2020 05:48:26
Original commit files touched by this commit Revision:538281  2.9_6
cy search for other commits by this committer
UPnP SUBSCRIBE misbehavior in hostapd WPS AP

As published by our hostapd  upstream

Vulnerability

General security vulnerability in the way the callback URLs in the UPnP
SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695).
Some of the described issues may be applicable to the use of UPnP in WPS
AP mode functionality for supporting external registrars.

Such issues could allow a device connected to the local network (i.e., a
device that has been authorized to transmit packets in the network in
which the AP is located) could trigger the AP to initiate a HTTP
(TCP/IP) connection to an arbitrary URL, including connections to
(Only the first 15 lines of the commit message are shown above View all of this commit message)
20 May 2020 04:20:02
Original commit files touched by this commit Revision:535967  2.9_5
cy search for other commits by this committer
Chase src r361272:

Silence the once per second CTRL-EVENT-SCAN-FAILED errors when the WiFi
radio is disabled through the communication device toggle key (also known
as the RF raidio kill button). Only the CTRL-EVENT-DISCONNECTED will be
issued.

Submitted by:	avg
Reported by:	avg
MFH:		2020Q2
22 Apr 2020 19:54:39
Original commit files touched by this commit Revision:532510  2.9_4
leres search for other commits by this committer
security/wpa_supplicant: Simplify @comment logic by using OPTIONS_SUB

PR:		245809
Approved by:	cy (maintainer)
22 Apr 2020 03:37:45
Original commit files touched by this commit Revision:532442  2.9_4
leres search for other commits by this committer
security/wpa_supplicant: Add EAPOL_TEST option

Add an option option to builds and installs the eapol_test program.
Update/patch to solve new compilation errors that result with the
option enabled.

Note: Leaving the changes to Packet32.c out of the PR patch set as
it is not needed.

PR:		245809
Approved by:	cy (maintainer)
01 Apr 2020 01:02:12
Original commit files touched by this commit Revision:530188  2.9_3
cy search for other commits by this committer
Fix poudriere builds.
30 Mar 2020 02:29:10
Original commit files touched by this commit Revision:529854  2.9_2
cy search for other commits by this committer
All other non-exclusive options should be default.

PR:		245099
Reported by:	koobs
30 Mar 2020 02:29:04
Original commit files touched by this commit Revision:529853  2.9_1
cy search for other commits by this committer
Add DBUS option.

PR:		245099
Submitted by:	greg at unrelenting.technology
22 Jan 2020 05:11:38
Original commit files touched by this commit Revision:523762  2.9
cy search for other commits by this committer
Add two new selectable options which allow the user to build
wpa_supplicant to parity with the same in base. The new options,
which are enabled in base are:

WPS_UPNP_DESC:		Universal Plug and Play
IEEE8021X_EAPOL_DESC:	EAP over LAN support
22 Aug 2019 03:33:52
Original commit files touched by this commit Revision:509576  2.9
cy search for other commits by this committer
Update 2.8 --> 2.9
14 Aug 2019 12:16:13
Original commit files touched by this commit Revision:508909  2.8
mat search for other commits by this committer
Convert to UCL & cleanup pkg-message (categories s)
17 Jun 2019 20:15:41
Original commit files touched by this commit Revision:504433  2.8
cy search for other commits by this committer
For users who build and install FreeBSD using WITHOUT_WIRELESS
simply altering /etc/rc.conf isn't enough to make use of the ports
versions of hostapd and wpa_supplicant. This is because the rc.d
scripts are not installed when WITHOUT_WIRELESS is specified as a
build option. This patch checks for the rc scripts existence and
if they do not exist, installs the ports versions of the same
scripts, which are added by this revision.

This patch does not change the package in any way and there is no way
to enable this outside of removal of hostapd or wpa_supplicant
(depending on the port). Users who build their own world using the
WITHOUT_WIRELESS flag will almost always not use binary packages. Hence
the automatic detection and install of the rc scripts. Making this an
option would IMO increase the number of bug reports due to people
inadvertently setting or not setting an option.

To enable this a person must:

1. buildworld and installworld -DWITHOUT_WIRELESS
2. Build and install the desired wpa_supplicant and/or hostapd port
   on servers one wishes to install them on.

PR:		238571
16 May 2019 02:54:56
Original commit files touched by this commit Revision:501765  2.8
cy search for other commits by this committer
Completely remove a "nullfied" ifdef rather than making the code
unreachable. Though this is only a cosmetic change it syncs the port
with base commit r347642, making it easier to compare the two when
diagnosing problems in one or the other.

This was discovered tonight while reviewing some code following my
discussion regarding an issue lwhsu@ was having earlier today.
16 May 2019 02:41:29
Original commit files touched by this commit Revision:501764  2.8
cy search for other commits by this committer
Remove the gratuitous redefinition of MIN to MINAB. This brings the
port in greater sync with base.
16 May 2019 02:41:27
Original commit files touched by this commit Revision:501763  2.8
cy search for other commits by this committer
Resolve the following error discovered in DEVELOPER mode.

These options name have characters outside of [-_A-Z0-9]:

IKEv2 MSCHAPv2
16 May 2019 02:41:24
Original commit files touched by this commit Revision:501762  2.8
cy search for other commits by this committer
Remove the pleonastic initialization and test for eloop_initialized.
This change has no functional effect on the resulting package therefore
a PORTREVISION bump is not necessary.

Discovered while discussing wpa_supplicant with lwhsu@ today.
22 Apr 2019 15:56:59
Original commit files touched by this commit Revision:499654  2.8
cy search for other commits by this committer
Update wpa_supplicant/hostapd 2.7 --> 2.8
09 Apr 2019 14:04:50
Original commit files touched by this commit Revision:498476  2.7_1 This port version is marked as vulnerable.
sunpoet search for other commits by this committer
Update devel/readline to 8.0

- Bump PORTREVISION of dependent ports for shlib change

Changes:	https://tiswww.case.edu/php/chet/readline/CHANGES
PR:		236156
Exp-run by:	antoine
06 Dec 2018 20:33:31
Original commit files touched by this commit Revision:486801  2.7 This port version is marked as vulnerable.
cy search for other commits by this committer
Add missing file that should have been in r486779.
06 Dec 2018 20:11:21
Original commit files touched by this commit Revision:486779  2.7 This port version is marked as vulnerable.
cy search for other commits by this committer
Update 2.6 --> 2.7
17 Aug 2018 02:18:42
Original commit files touched by this commit Revision:477405  2.6_3 This port version is marked as vulnerable.
cy search for other commits by this committer
Pet portlint.
17 Aug 2018 02:12:01
Original commit files touched by this commit Revision:477401  2.6_3 This port version is marked as vulnerable.
cy search for other commits by this committer
Switch to grouping of patches per site as suggested by mat@ in D16718.

Reported by:	mat@
14 Aug 2018 20:21:58
Original commit files touched by this commit Revision:477202  2.6_3 This port version is marked as vulnerable.
cy search for other commits by this committer
WPA: Ignore unauthenticated encrypted EAPOL-Key data

Ignore unauthenticated encrypted EAPOL-Key data in supplicant
processing. When using WPA2, these are frames that have the Encrypted
flag set, but not the MIC flag.

When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
not the MIC flag, had their data field decrypted without first verifying
the MIC. In case the data field was encrypted using RC4 (i.e., when
negotiating TKIP as the pairwise cipher), this meant that
unauthenticated but decrypted data would then be processed. An adversary
could abuse this as a decryption oracle to recover sensitive information
in the data field of EAPOL-Key messages (e.g., the group key).
(CVE-2018-14526)

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>

Security:	CVE-2018-14526
Security:	VuXML: 6bedc863-9fbe-11e8-945f-206a8a720317
01 Apr 2018 13:36:57
Original commit files touched by this commit Revision:466153  2.6_2 This port version is marked as vulnerable.
cy search for other commits by this committer
Fix build with LibreSSL 2.7

PR:		227173
Submitted by:	brnrd@
MFH:		2018Q3
17 Oct 2017 05:33:03
Original commit files touched by this commit Revision:452263  2.6_2 This port version is marked as vulnerable.
cy search for other commits by this committer
Fix "make -s" by replacing ECHO with ECHO_CMD.

PR:		 223056
Submitted by:	Franco Fichtner <franco@opnsense.org>
17 Oct 2017 02:17:29
Original commit files touched by this commit Revision:452258  2.6_2 This port version is marked as vulnerable.
cy search for other commits by this committer
This port is too important to be orphaned.
Take maintainership and provide a good home.
16 Oct 2017 20:08:11
Original commit files touched by this commit Revision:452250  2.6_2 This port version is marked as vulnerable.
cy search for other commits by this committer
Add patch set 2017-1

A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys. Such
reinstallation of the encryption key can result in two different types
of vulnerabilities: disabling replay protection and significantly
reducing the security of encryption to the point of allowing frames to
be decrypted or some parts of the keys to be determined by an attacker
depending on which cipher is used.

Security:	https://w1.fi/security/2017-1/ \
		wpa-packet-number-reuse-with-replayed-messages.txt
Security:	https://www.krackattacks.com/
MFH:		2017Q4
16 Oct 2017 20:05:41
Original commit files touched by this commit Revision:452249  2.6_1 This port version is marked as vulnerable.
cy search for other commits by this committer
Use https site.

MFH:		2017Q4
27 Jun 2017 13:46:53
Original commit files touched by this commit Revision:444463  2.6_1 This port version is marked as vulnerable.
sunpoet search for other commits by this committer
Update devel/readline to 7.0 patch 3

- Bump PORTREVISION for shlib change

Changes:	https://cnswww.cns.cwru.edu/php/chet/readline/CHANGES
		https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00107.html
		https://lists.gnu.org/archive/html/bug-readline/2017-01/msg00002.html
Differential Revision:	https://reviews.freebsd.org/D11172
PR:		219947
Exp-run by:	antoine
01 Jan 2017 03:45:13
Original commit files touched by this commit Revision:430235  2.6 This port version is marked as vulnerable.
sunpoet search for other commits by this committer
Remove BROKEN_FreeBSD_9

Approved by:	portmgr (blanket)
25 Dec 2016 03:15:14
Original commit files touched by this commit Revision:429390  2.6 This port version is marked as vulnerable.
jrm search for other commits by this committer
security/wpa_supplicant: Allow users of FreeBSD 9 with libre- or openssl
from ports to build the port.

FreeBSD 9 is EOL in less than a week.  Now those stragglers still running
9.3 can get online to update in the next few days.

Approved by:	AMDmi3 (mentor) swills (mentor)
Differential Revision:	https://reviews.freebsd.org/D8875
20 Dec 2016 21:41:28
Original commit files touched by this commit Revision:429033  2.6 This port version is marked as vulnerable.
amdmi3 search for other commits by this committer
- Unbreak on 10.x+

Reported by:	marino
19 Dec 2016 14:26:48
Original commit files touched by this commit Revision:428933  2.6 This port version is marked as vulnerable.
amdmi3 search for other commits by this committer
- Mark BROKEN: does not build (undefined reference to `get_ie')
17 Nov 2016 17:43:33
Original commit files touched by this commit Revision:426292  2.6 This port version is marked as vulnerable.
jrm search for other commits by this committer
security/wpa_supplicant: Update to version 2.6 and patch for LibreSSL support

Port changes:
- Remove patches that have been incorporated upstream
- Add patches for LibreSSL support

Approved by:	AMDmi3 (mentor)
Differential Revision:	https://reviews.freebsd.org/D8451
11 Nov 2016 17:26:49
Original commit files touched by this commit Revision:425896  2.5_2 This port version is marked as vulnerable.
amdmi3 search for other commits by this committer
- Add LICENSE
- Verbosify build
- Switch to options helpers
15 Sep 2016 01:29:41
Original commit files touched by this commit Revision:422173  2.5_2 This port version is marked as vulnerable.
marino search for other commits by this committer
Release some of my ports back to the heap
11 Sep 2016 17:05:34
Original commit files touched by this commit Revision:421843  2.5_2 This port version is marked as vulnerable.
marino search for other commits by this committer
security/wpa_supplicant: Add support for LibreSSL
19 May 2016 21:12:08
Original commit files touched by this commit Revision:415527  2.5_2 This port version is marked as vulnerable.
marino search for other commits by this committer
security/wpa_supplicant: Add security patch set 2016-1

A vulnerability was found in how hostapd and wpa_supplicant writes the
configuration file update for the WPA/WPA2 passphrase parameter. If this
parameter has been updated to include control characters either through
a WPS operation (CVE-2016-4476) or through local configuration change
over the wpa_supplicant control interface (CVE-2016-4477), the resulting
configuration file may prevent the hostapd and wpa_supplicant from
starting when the updated file is used. In addition for wpa_supplicant,
it may be possible to load a local library file and execute code from
there with the same privileges under which the wpa_supplicant process
runs.

These patches were developed upstream and published as a response
to the security advisories CVE-2016-4476 and CVE-2016-4477.

PR:		209564
Requested by:	Sevan Janiyan
18 Apr 2016 21:05:28
Original commit files touched by this commit Revision:413609  2.5_1 This port version is marked as vulnerable.
marino search for other commits by this committer
security/wpa_supplicant: patch 4 CVE security advisories

These patches address the following:
  CVE-2015-5310
  CVE-2015-5314
  CVE-2015-5315
  CVE-2015-5316

These patches were developed upstream and published as a response
to the security advisories.

PR:		208482
Requested by:	Jason Unovitch
01 Apr 2016 14:25:18
Original commit files touched by this commit Revision:412349  2.5 This port version is marked as vulnerable.
mat search for other commits by this committer
Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.

With hat:	portmgr
Sponsored by:	Absolight
11 Oct 2015 22:52:59
Original commit files touched by this commit Revision:399108  2.5 This port version is marked as vulnerable.
marino search for other commits by this committer
security/wpa_supplicant: Upgrade version 2.4 => 2.5
12 Jul 2015 11:22:11
Original commit files touched by this commit Revision:391779  2.4_4 This port version is marked as vulnerable.
marino search for other commits by this committer
security/wpa_supplicant: Address security issue (2015-5)

There was a vulnerability to the WPS_NFC option which is off by default.
The port is being bumped anyway since people using that option will want
the latest version.

PR:		201432
Submitted by:	Jason Unovitch
02 Jun 2015 09:35:24
Original commit files touched by this commit Revision:388312  2.4_3 This port version is marked as vulnerable.
marino search for other commits by this committer
security/wpa_supplicant: Address 3 latest security advisories

These are combined upstream patches 2015-2, 2015-3, 2015-4
They address the following security advisories:

  * CVE-2015-4141
  * CVE-2015-4142
  * CVE-2015-4143
  * CVE-2015-4144
  * CVE-2015-4145
  * CVE-2015-4146

These advisories also apply to net/hostapd

PR:		200568
Submitted by:	Jason Unovitch
25 Apr 2015 14:02:13
Original commit files touched by this commit Revision:384729  2.4_2 This port version is marked as vulnerable.
marino search for other commits by this committer
security/wpa_supplicant: Add USES=CPE

I just released that I fixed a CVE bug but WPA Supllicant was never
provided any CPE information.  Fix, bump, and reference previous PR.

PR:		199678
25 Apr 2015 06:19:17
Original commit files touched by this commit Revision:384705  2.4_1 This port version is marked as vulnerable.
marino search for other commits by this committer
security/wpa_supplicant: Fix CVE-2015-1863

PR:		199678
Submitted by:	Jason Unovitch
Approved by:	maintainer (marino)
16 Mar 2015 20:45:17
Original commit files touched by this commit Revision:381444  2.4 This port version is marked as vulnerable.
marino search for other commits by this committer
security/wpa_supplicant: Upgrade version 2.3 => 2.4

See http://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog for list
of changes since version 2.3.
19 Oct 2014 09:33:05
Original commit files touched by this commit Revision:371174  2.3_3 This port version is marked as vulnerable.
marino search for other commits by this committer
security/wpa_supplicant: Fix build on FreeBSD 11

On FreeBSD 11, the wpa_supplicant couldn't find the readline headers.
It turns out that Mk/Uses/readline.mk only augments LDFLAGS and CPPFLAGS,
but wpa_supplicant needs -I${LOCALBASE}/include add to CFLAGS.  To fix
FreeBSD build, augment CFLAGS with value of CPPFLAGS in the makefile.

This wasn't an issue on DragonFly.  Apparently wpa_supplicant found the
readline compatibility headers of libedit and used those instead.

reported by:	pkg-fallout
13 Oct 2014 19:34:48
Original commit files touched by this commit Revision:370817  2.3_3 This port version is marked as vulnerable.
marino search for other commits by this committer
security/wpa_supplicant: Fix mis-information in pkg-message
13 Oct 2014 13:49:56
Original commit files touched by this commit Revision:370776  2.3_3 This port version is marked as vulnerable.
marino search for other commits by this committer
security/wpa_supplicant: Bring in BSD driver fix from DragonFly BSD

DragonFly adopted it's "new" IEEE 802.11 infrastructure from FreeBSD.
This introduced an additional isr_meshid_len field in the
ieee80211req_scan_result structure.  It is necessary to include this
additional offset when calculating the address of the IE data buffer.

Imre Vadasz introduced this fix to DragonFly on 01 Sept 2014, but a
similar fix doesn't appear to be present in FreeBSD's base wpa_supplicant.
13 Oct 2014 12:56:05
Original commit files touched by this commit Revision:370769  2.3_2 This port version is marked as vulnerable.
marino search for other commits by this committer
wpa/supplicant: Fix driver list with NDIS, take 2

It turns out the driver list was only showing "null" for NDIS when -h
(help) or an unknown switch was passed to wpa_supplicant.  The cause is
that the NDIS driver is the only that that has to be initialized, and
the initialization wasn't occurring in the above case.

The fix is the move the NDIS driver initialization before the command
switches are examined in case wpa_supplicant aborts to usage early.
13 Oct 2014 09:33:08
Original commit files touched by this commit Revision:370760  2.3_1 This port version is marked as vulnerable.
marino search for other commits by this committer
security/wpa_supplicant: Fix NDIS driver, privsep no longer default

The NDIS driver didn't build when privsep option was turned off.  Moveover,
it didn't display the driver name correctly, so I figured out a patch
based on base's ndis driver code.  Thirdly, when privsep option is turned
off, wpa_priv is not built, so let's handle that condition.

Finally, remove privsep from default options because it removes the
standard list of drivers and replaces it with privsep driver.
12 Oct 2014 21:20:25
Original commit files touched by this commit Revision:370742  2.3 This port version is marked as vulnerable.
marino search for other commits by this committer
Revive security/wpa_supplicant after 6.5 years => version 2.3

This port was retired at version 0.3.8 because wpa_supplicant is
part of FreeBSD base.  However, the last few releases have had a period
of only a few months, so the base is always going to be behind.  DragonFly
is also affected, so I'm bringing the port back at the latest version.

It features the same patches as FreeBSD including the conversion to use
libutil's pidfile routines.  There are some additional patches for
DragonFly support and to fix some bugs from the 9 Oct 2014 release.

The WPA Supplicant build system has been converted to ports options, and
there are dozens of them.  I've set the defaults to match the
configuration in base and verified that it builds with all options
selected at once.
25 Apr 2008 23:21:09
Original commit files touched by this commit   0.3.8_2 This port version is marked as vulnerable.
pav search for other commits by this committer
- Remove, it's ancient and newer version is included in base of all supported
  releases

Suggested by:   sam
03 Feb 2007 01:55:47
Original commit files touched by this commit   0.3.8_2 This port version is marked as vulnerable.
markus search for other commits by this committer
Utilize PORTDOCS
14 Sep 2006 17:37:55
Original commit files touched by this commit   0.3.8_2 This port version is marked as vulnerable.
brooks search for other commits by this committer
Drop maintainership.  I'm not really interested in this now that we've
got it in the base.
14 Sep 2006 17:37:05
Original commit files touched by this commit   0.3.8_2 This port version is marked as vulnerable.
brooks search for other commits by this committer
Fix build with openssl 0.9.8b.

PR:             ports/102822
Submitted by:   simon
10 Sep 2006 23:32:56
Original commit files touched by this commit   0.3.8_2 This port version is marked as vulnerable.
kris search for other commits by this committer
Change IGNORE to BROKEN in previous
10 Sep 2006 23:31:58
Original commit files touched by this commit   0.3.8_2 This port version is marked as vulnerable.
kris search for other commits by this committer
BROKEN on 7.x: Does not compile
13 May 2006 04:15:53
Original commit files touched by this commit   0.3.8_2 This port version is marked as vulnerable.
edwin search for other commits by this committer
Remove USE_REINPLACE from all categories starting with S
11 Nov 2005 19:03:22
Original commit files touched by this commit   0.3.8_2 This port version is marked as vulnerable.
brooks search for other commits by this committer
add SHA256
27 May 2005 01:10:30
Original commit files touched by this commit   0.3.8_2 This port version is marked as vulnerable.
brooks search for other commits by this committer
Add a new variable WITH_STATIC_SUPPLICANT to cause wpa_supplicant to be
linked staticly.  This allows it to be used from devd at startup. [1]

Use LIB_DEPENDS instead of BUILD_DEPENDS for the libdnet depend since we
need it to run too. [2]

My changes differ from the submitted fixes.

Submitted by:   Darren Pilgrim <dmp at bitfreak dot org> [1]
                Pawel Worach <pawel dot worach at gmail dot com> [2]
23 Apr 2005 03:29:45
Original commit files touched by this commit   0.3.8_1 This port version is marked as vulnerable.
brooks search for other commits by this committer
Fix wpa_cli.  You need to pass all of the sockaddr, not just part of it.
Also be sure to keep the path null terminated as Stevens does.

While I'm here, take maintainership since I use this and seem to be
making most of the recent commits.
16 Feb 2005 07:03:32
Original commit files touched by this commit   0.3.8 This port version is marked as vulnerable.
brooks search for other commits by this committer
- Update to 0.3.8.  See ChangeLog for details.
- Install sample config file in etc/wpa_supplication.conf.sample instead
  of DOCSDIR.
- Obey PREFIX.
- Follow move of binaries from bin to sbin.

Committed from a laptop running this version against an AP with WPA-PSK
and AES encription.

Submitted by:   Yamamoto Shigeru <shigeru at iij dot ad dot jp>
PR:             75609 (by Rong-En Fan <rafan at infor dot org>)
08 Jan 2005 19:06:48
Original commit files touched by this commit   0.3.0_1 This port version is marked as vulnerable.
brooks search for other commits by this committer
- Spell wpa_supplicant with two 'p's in PORTNAME
- Remove now unnecessicary DISTNAME
- Add net to CATEGORIES
- Ditch the pkg-plist file in favor of PLIST_FILES, there were only
  three lines in the plist
- Make the patch files relative to WRKSRC so we can drop PATCH_ARGS
- Install some documentation
- Bump PORTREVISION for new docs
13 Dec 2004 00:19:20
Original commit files touched by this commit   0.3.0 This port version is marked as vulnerable.
imp search for other commits by this committer
Add support for EAP.  It might not work only in 802.1x mode, but should
work in WPA+802.1x.

Submitted by: sam
12 Dec 2004 22:59:36
Original commit files touched by this commit   0.3.0 This port version is marked as vulnerable.
imp search for other commits by this committer
Fix grammatical error Kris pointed out.

Submitted by: kris
12 Dec 2004 22:41:06
Original commit files touched by this commit   0.3.0 This port version is marked as vulnerable.
imp search for other commits by this committer
wpa_supplicant is only for current.
12 Dec 2004 22:23:07
Original commit files touched by this commit   0.3.0 This port version is marked as vulnerable.
imp search for other commits by this committer
WPA supplicant daemon for 802.11 networks.

Submitted by: sam

Number of commits found: 78