As of hostap 2.10, WEP is disabled by default. This of course is not a
bad thing but requires some planning and an announcment to remove WEP
support by default. A possible src.conf knob or letting users know they
should use the port instead might different options.
(cherry picked from commit 7999a7f2a8)
Disable P2P in WPS as it is not supported by FreeBSD. Also, it is not
enabled in wpa_supplicant so the WPS P2P code is redundant.
PR: 264238
Reported by: adrian
(cherry picked from commit 3e8eb5c7f4)
When scan_ssid=1 the list of configured SSIDs is available to
eavesdroppers. Note this in the man page.
PR: 194122
Reviewed by: debdrup, Pau Amma
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34576
(cherry picked from commit 4f75af31a8)
This reverts commit a30e8044aa.
WITHOUT_OPENSSL build is a subset of WITHOUT_CRYPT build. It was
incorrect to label this patch as fixing WITHOUT_CRYPT when in fact
it fixes WITHOUT_OPENSSL. The build failure will be addressed in a
fix for WITHOUT_OPENSSL build.
(cherry picked from commit 96e2ac9c48)
Global options are defined in usr.sbin/wpa/Makefile.inc. Those in
usr.sbin/wpa/src/crypto/Makefile are duplicates of those found above.
Remove them.
(cherry picked from commit 3332f1b444)
PASN requires CRYPT and when built WITHOUT_CRYPT buildworld
fails. Only enable PASN when MK_CRYPT is enabled (default).
PR: 259517
Reported by: emaste
Fixes: c1d255d3ff
(cherry picked from commit a30e8044aa)
RSN Preauthentication allows a station autnetnicate to an AP that
it is not associated with yet while associated with a different AP.
This allows athentication to multiple APs simulteneously.
Tested by: philip
(cherry picked from commit bd452dcbed)
Enable WiFi 6 MBO (Multi Band Operation). MBO is a prereq to 802.11ax.
MBO allows the efficient use of multiple frequency bands (channels).
To facilitate MBO, WNM (Wireless Network Monitoring) is a prerequisite.
It is required to build.
Tested by: philip
(cherry picked from commit 3968b47cd9)
ndis_events build was disconnected by the MFC of
25ecdc7d52.
Reconnect it.
This is a direct commit to stable/13.
Reported by: Scott Allendorf <scott-allendorf@uiowa.edu>
Fixes: 13f32ff71e
25ecdc7d52 (MFCed by
13f32ff71e) introduced a link error
causing a SIGSEGV when using EAP/PEAP MSCHAPv2 authentication. It was
subsequently addressed by c1d255d3ff,
discovered by build time link errors not experienced during testing of
25ecdc7d52. This commit MFCs a portion
of c1d255d3ff addressing only the
SIGSEGV. The rest of c1d255d3ff will
be MFCed in November 2021.
This is a direct commit to stable/13.
PR: 258527
Reported by: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
Tested by: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
Though not all include file search directories are presently needed,
add them to the search list. This is required for the next update to
wpa.
No functional change intended.
(cherry picked from commit 81b521d2c0)
Incorrectly linked built-in wpa functions resulted in overwriting
sm->ctx->set_rekey_offload with garbage. It was initialized correctly
however it changed after wpa_supplicant became a daemon.
No SIGBUS violations reported by dhw@ were experienced during testing
of the original commit by msyelf or philip@.
Reported by: dhw
Tested by: dhw
X-MFC with: 25ecdc7d52
(cherry picked from commit 9a0f822853)
The current WPA build assumes a flat namespace. However the latest sources
from w1.fi now have a duplicate config.c, in two separate subdirectories.
The flat namespace will overwrite config.o with the output from the most
recently modified config.c, of which there are two of them.
This commit resolves this problem by building each component in
wpa's src subdirectory tree into its own .a archive, just as the w1.fi
upstream build as used by the port does. The advantages of this approach
are:
1. Duplicate source file names, i.e. config.c in the wpa_supplicant
direcory and another config.c in src/utils in the next wpa
will result in both compiles writing to the same .o file.
2. This restructure simplifies maintanence. A develper needs only to add
new files as identified by git status in the vendor branch to the
appropriate Makefile within the usr.sbin/wpa tree. This also reduces
time required to prepare a new import and should reduce error.
3. The new wpa build structure more closely represents the build as
performed by the upstream tarball.
This is in preparation for the next wpa update from w1.fi.
Reviewed by: philip
Tested by: philip
Differential Revision: https://reviews.freebsd.org/D30372
(cherry picked from commit 25ecdc7d52)
is enabled.
This builds wpa_supplicant / hostpad using internal encryption routines
rather than using libcrypt.
This has been supported in wpa for years now, however since we use
local makefiles for this, we bitrotted dependencies and configuration
options.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D27958
The current default is provided in various Makefile.inc in some top-level
directories and covers a good portion of the tree, but doesn't cover parts
of the build a little deeper (e.g. libcasper).
Provide a default in src.sys.mk and set WARNS to it in bsd.sys.mk if that
variable is defined. This lets us relatively cleanly provide a default WARNS
no matter where you're building in the src tree without breaking things
outside of the tree.
Crunchgen has been updated as a bootstrap tool to work on this change
because it needs r365605 at a minimum to succeed. The cleanup necessary to
successfully walk over this change on WITHOUT_CLEAN builds has been added.
There is a supplemental project to this to list all of the warnings that are
encountered when the environment has WARNS=6 NO_WERROR=yes:
https://warns.kevans.dev -- this project will hopefully eventually go away
in favor of CI doing a much better job than it.
Reviewed by: emaste, brooks, ngie (all earlier version)
Reviewed by: emaste, arichardson (depend-cleanup.sh change)
Differential Revision: https://reviews.freebsd.org/D26455
If the interfaces on which wpa_supplicant is to run are not known or do
not exist, wpa_supplicant can match an interface when it arrives. Each
matched interface is separated with -M argument and the -i argument now
allows for pattern matching.
As an example, the following command would start wpa_supplicant for a
specific wired interface called lan0, any interface starting with wlan
and lastly any other interface. Each match has its own configuration
file, and for the wired interface a specific driver has also been given.
wpa_supplicant \
-M -c wpa_wired.conf -ilan0 -D wired \
-M -c wpa1.conf -iwlan* \
-M -c wpa2.conf
PR: 247177
Reported by: greg@unrelenting.technology
MFC after: 1 month
Related to: ports r540412
The build failure was discoved by Michael Dexter's recent Build Options
Survey run, at https://callfortesting.org/results/bos-2020-01-16/\
WITHOUT_WPA_SUPPLICANT_EAPOL-small.txt.
Reported by: Michael Dexter <editor@callfortesting.org> via emaste
MFC after: 2 weeks
Leaf directories that have dependencies impacted
by options need a Makefile.depend.options file
to avoid churn in Makefile.depend
DIRDEPS for cases such as OPENSSL, TCP_WRAPPERS etc
can be set in local.dirdeps-options.mk
which can add to those set in Makefile.depend.options
See share/mk/dirdeps-options.mk
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D22469
Move the hostapd related files from FreeBSD-runtime to a new package n
FreeBSD-hostapd
The FreeBSD runtime is only intended to have everything for a working
FreeBSD installation and hostapd isn't needed for that.
Reviewed by: bapt, gjb
Differential Revision: https://reviews.freebsd.org/D20958
Move the wpa related files from FreeBSD-runtime to a new package named
FreeBSD-wpa
The FreeBSD runtime is only intended to have everything for a working
FreeBSD installation and wpa isn't needed for that.
Reviewed by: bapt, gjb
Differential Revision: https://reviews.freebsd.org/D20957
Since these things are more completely controlled by the MK_OPENSSL knob, remove
RELEASE_CRUNCH here. It's no longer needed for the release and other users can
use the more proper knob if they so desire.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
Initially, only tag files that use BSD 4-Clause "Original" license.
RelNotes: yes
Differential Revision: https://reviews.freebsd.org/D13133
