git: b3916c7a8d25 - main - wpa_supplicant* hostapd*: Resolve secondary VAP association issue
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 03 Jul 2022 21:37:18 UTC
The branch main has been updated by cy:
URL: https://cgit.FreeBSD.org/ports/commit/?id=b3916c7a8d2599e99fabdc1735b095ff5a9f9381
commit b3916c7a8d2599e99fabdc1735b095ff5a9f9381
Author: J.R. Oldroyd <fbsd@opal.com>
AuthorDate: 2022-07-03 21:18:40 +0000
Commit: Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-07-03 21:33:18 +0000
wpa_supplicant* hostapd*: Resolve secondary VAP association issue
Association will fail on a secondary open unprotected VAP when the
primary VAP is configured for WPA. Examples of secondary VAPs are,
hotels, universities, and commodity routers' guest networks.
A broadly similar bug was discussed on Red Hat's bugzilla affecting
association to a D-Link DIR-842.
This suggests that as IEs were added to the 802.11 protocol the old code
was increasingly inadaquate to handle the additional IEs, not only a
secondary VAP.
This duplcates src commit 775611ea11db here in ports.
PR: 264238
Reported by: Jaskie <jiangjun12321@gmail.com>
"J.R. Oldroyd" <fbsd@opal.com>
Submitted by: "J.R. Oldroyd" <fbsd@opal.com>
MFH: 2022Q3
---
net/hostapd-devel/Makefile | 1 +
.../files/patch-src_drivers_driver__bsd.c | 109 ++++++++++++++++++---
net/hostapd/Makefile | 2 +-
net/hostapd/files/patch-src_drivers_driver__bsd.c | 107 +++++++++++++++++---
security/wpa_supplicant-devel/Makefile | 1 +
.../files/patch-src_drivers_driver__bsd.c | 109 ++++++++++++++++++---
security/wpa_supplicant/Makefile | 2 +-
.../files/patch-src_drivers_driver__bsd.c | 107 +++++++++++++++++---
8 files changed, 390 insertions(+), 48 deletions(-)
diff --git a/net/hostapd-devel/Makefile b/net/hostapd-devel/Makefile
index 6cc447a6a92b..59298e7651ee 100644
--- a/net/hostapd-devel/Makefile
+++ b/net/hostapd-devel/Makefile
@@ -2,6 +2,7 @@
PORTNAME= hostapd
PORTVERSION= ${COMMIT_DATE}
+PORTREVISION= 1
CATEGORIES= net
PKGNAMESUFFIX= -devel
diff --git a/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c b/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c
index dda055f26664..db2f4291d682 100644
--- a/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c
+++ b/net/hostapd-devel/files/patch-src_drivers_driver__bsd.c
@@ -1,6 +1,14 @@
---- src/drivers/driver_bsd.c.orig 2022-05-24 13:30:39.000000000 -0700
-+++ src/drivers/driver_bsd.c 2022-06-20 07:18:14.191871000 -0700
-@@ -853,14 +853,18 @@
+--- src/drivers/driver_bsd.c.orig 2022-06-20 04:39:26.000000000 -0700
++++ src/drivers/driver_bsd.c 2022-07-03 14:14:25.865828000 -0700
+@@ -14,6 +14,7 @@
+ #include "driver.h"
+ #include "eloop.h"
+ #include "common/ieee802_11_defs.h"
++#include "common/ieee802_11_common.h"
+ #include "common/wpa_common.h"
+
+ #include <ifaddrs.h>
+@@ -853,14 +854,18 @@
drv = bsd_get_drvindex(global, ifm->ifm_index);
if (drv == NULL)
return;
@@ -22,7 +30,50 @@
wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
drv->ifname);
wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
-@@ -1220,7 +1224,10 @@
+@@ -1197,13 +1202,41 @@
+ }
+
+ static int
++wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv,
++ struct wpa_driver_associate_params *params, const u8 *ie)
++{
++ int privacy;
++ size_t ie_len = ie[1] ? ie[1] + 2 : 0;
++
++ /* XXX error handling is wrong but unclear what to do... */
++ if (wpa_driver_bsd_set_wpa_ie(drv, ie, ie_len) < 0)
++ return -1;
++
++ privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
++ params->group_suite == WPA_CIPHER_NONE &&
++ params->key_mgmt_suite == WPA_KEY_MGMT_NONE);
++ wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__,
++ privacy);
++
++ if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
++ return -1;
++
++ if (ie_len &&
++ set80211param(drv, IEEE80211_IOC_WPA,
++ ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
++ return -1;
++
++ return 0;
++}
++
++static int
+ wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params)
+ {
+ struct bsd_driver_data *drv = priv;
+ struct ieee80211req_mlme mlme;
+ u32 mode;
+- int privacy;
+ int ret = 0;
++ const u8 *wpa_ie, *rsn_ie;
+
+ wpa_printf(MSG_DEBUG,
+ "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u"
+@@ -1220,7 +1253,10 @@
mode = 0 /* STA */;
break;
case IEEE80211_MODE_IBSS:
@@ -33,21 +84,55 @@
break;
case IEEE80211_MODE_AP:
mode = IFM_IEEE80211_HOSTAP;
-@@ -1267,6 +1274,13 @@
- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
- return -1;
+@@ -1249,24 +1285,33 @@
+ ret = -1;
+ if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0)
+ ret = -1;
+- /* XXX error handling is wrong but unclear what to do... */
+- if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0)
+- return -1;
+
+- privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
+- params->group_suite == WPA_CIPHER_NONE &&
+- params->key_mgmt_suite == WPA_KEY_MGMT_NONE &&
+- params->wpa_ie_len == 0);
+- wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy);
++ if (params->wpa_ie_len) {
++ rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len,
++ WLAN_EID_RSN);
++ if (rsn_ie) {
++ if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params,
++ rsn_ie) < 0)
++ return -1;
++ }
++ else {
++ wpa_ie = get_vendor_ie(params->wpa_ie,
++ params->wpa_ie_len, WPA_IE_VENDOR_TYPE);
++ if (wpa_ie) {
++ if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params,
++ wpa_ie) < 0)
++ return -1;
++ }
++ }
++ }
+- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
+ /*
+ * NB: interface must be marked UP for association
+ * or scanning (ap_scan=2)
+ */
+ if (bsd_get_iface_flags(drv) < 0)
-+ return -1;
-+
+ return -1;
+
+- if (params->wpa_ie_len &&
+- set80211param(drv, IEEE80211_IOC_WPA,
+- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
+- return -1;
+-
os_memset(&mlme, 0, sizeof(mlme));
mlme.im_op = IEEE80211_MLME_ASSOC;
if (params->ssid != NULL)
-@@ -1485,6 +1499,17 @@
+@@ -1485,6 +1530,17 @@
if (devcaps.dc_drivercaps & IEEE80211_C_WPA2)
drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
@@ -65,7 +150,7 @@
if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_WEP)
drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
-@@ -1493,6 +1518,7 @@
+@@ -1493,6 +1549,7 @@
drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM)
drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
@@ -73,7 +158,7 @@
if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP)
drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
-@@ -1545,6 +1571,8 @@
+@@ -1545,6 +1602,8 @@
}
if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP)
return IEEE80211_M_HOSTAP;
diff --git a/net/hostapd/Makefile b/net/hostapd/Makefile
index 114041a960bb..ff3f148c9dd6 100644
--- a/net/hostapd/Makefile
+++ b/net/hostapd/Makefile
@@ -2,7 +2,7 @@
PORTNAME= hostapd
PORTVERSION= 2.10
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= net
MASTER_SITES= https://w1.fi/releases/
diff --git a/net/hostapd/files/patch-src_drivers_driver__bsd.c b/net/hostapd/files/patch-src_drivers_driver__bsd.c
index 2c49538712af..112a8230671c 100644
--- a/net/hostapd/files/patch-src_drivers_driver__bsd.c
+++ b/net/hostapd/files/patch-src_drivers_driver__bsd.c
@@ -1,6 +1,14 @@
--- src/drivers/driver_bsd.c.orig 2022-01-16 12:51:29.000000000 -0800
-+++ src/drivers/driver_bsd.c 2022-06-20 07:14:50.617305000 -0700
-@@ -853,14 +853,18 @@
++++ src/drivers/driver_bsd.c 2022-07-03 14:12:06.167581000 -0700
+@@ -14,6 +14,7 @@
+ #include "driver.h"
+ #include "eloop.h"
+ #include "common/ieee802_11_defs.h"
++#include "common/ieee802_11_common.h"
+ #include "common/wpa_common.h"
+
+ #include <ifaddrs.h>
+@@ -853,14 +854,18 @@
drv = bsd_get_drvindex(global, ifm->ifm_index);
if (drv == NULL)
return;
@@ -22,7 +30,50 @@
wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
drv->ifname);
wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
-@@ -1220,7 +1224,10 @@
+@@ -1197,13 +1202,41 @@
+ }
+
+ static int
++wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv,
++ struct wpa_driver_associate_params *params, const u8 *ie)
++{
++ int privacy;
++ size_t ie_len = ie[1] ? ie[1] + 2 : 0;
++
++ /* XXX error handling is wrong but unclear what to do... */
++ if (wpa_driver_bsd_set_wpa_ie(drv, ie, ie_len) < 0)
++ return -1;
++
++ privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
++ params->group_suite == WPA_CIPHER_NONE &&
++ params->key_mgmt_suite == WPA_KEY_MGMT_NONE);
++ wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__,
++ privacy);
++
++ if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
++ return -1;
++
++ if (ie_len &&
++ set80211param(drv, IEEE80211_IOC_WPA,
++ ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
++ return -1;
++
++ return 0;
++}
++
++static int
+ wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params)
+ {
+ struct bsd_driver_data *drv = priv;
+ struct ieee80211req_mlme mlme;
+ u32 mode;
+- int privacy;
+ int ret = 0;
++ const u8 *wpa_ie, *rsn_ie;
+
+ wpa_printf(MSG_DEBUG,
+ "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u"
+@@ -1220,7 +1253,10 @@
mode = 0 /* STA */;
break;
case IEEE80211_MODE_IBSS:
@@ -33,21 +84,55 @@
break;
case IEEE80211_MODE_AP:
mode = IFM_IEEE80211_HOSTAP;
-@@ -1267,6 +1274,13 @@
- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
- return -1;
+@@ -1249,24 +1285,33 @@
+ ret = -1;
+ if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0)
+ ret = -1;
+- /* XXX error handling is wrong but unclear what to do... */
+- if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0)
+- return -1;
+
+- privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
+- params->group_suite == WPA_CIPHER_NONE &&
+- params->key_mgmt_suite == WPA_KEY_MGMT_NONE &&
+- params->wpa_ie_len == 0);
+- wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy);
++ if (params->wpa_ie_len) {
++ rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len,
++ WLAN_EID_RSN);
++ if (rsn_ie) {
++ if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params,
++ rsn_ie) < 0)
++ return -1;
++ }
++ else {
++ wpa_ie = get_vendor_ie(params->wpa_ie,
++ params->wpa_ie_len, WPA_IE_VENDOR_TYPE);
++ if (wpa_ie) {
++ if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params,
++ wpa_ie) < 0)
++ return -1;
++ }
++ }
++ }
+- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
+ /*
+ * NB: interface must be marked UP for association
+ * or scanning (ap_scan=2)
+ */
+ if (bsd_get_iface_flags(drv) < 0)
-+ return -1;
-+
+ return -1;
+
+- if (params->wpa_ie_len &&
+- set80211param(drv, IEEE80211_IOC_WPA,
+- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
+- return -1;
+-
os_memset(&mlme, 0, sizeof(mlme));
mlme.im_op = IEEE80211_MLME_ASSOC;
if (params->ssid != NULL)
-@@ -1485,6 +1499,17 @@
+@@ -1485,6 +1530,17 @@
if (devcaps.dc_drivercaps & IEEE80211_C_WPA2)
drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
@@ -65,7 +150,7 @@
if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_WEP)
drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
-@@ -1493,6 +1518,7 @@
+@@ -1493,6 +1549,7 @@
drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM)
drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
@@ -73,7 +158,7 @@
if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP)
drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
-@@ -1545,6 +1571,8 @@
+@@ -1545,6 +1602,8 @@
}
if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP)
return IEEE80211_M_HOSTAP;
diff --git a/security/wpa_supplicant-devel/Makefile b/security/wpa_supplicant-devel/Makefile
index 7beb397b67a2..efae4a6c5792 100644
--- a/security/wpa_supplicant-devel/Makefile
+++ b/security/wpa_supplicant-devel/Makefile
@@ -1,5 +1,6 @@
PORTNAME= wpa_supplicant
PORTVERSION= ${COMMIT_DATE}
+PORTREVISION= 1
CATEGORIES= security net
PKGNAMESUFFIX= -devel
diff --git a/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c b/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c
index 6a400fd174c2..19470678ef08 100644
--- a/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c
+++ b/security/wpa_supplicant-devel/files/patch-src_drivers_driver__bsd.c
@@ -1,6 +1,14 @@
---- src/drivers/driver_bsd.c.orig 2022-05-24 13:30:39.000000000 -0700
-+++ src/drivers/driver_bsd.c 2022-06-20 07:13:36.571991000 -0700
-@@ -853,14 +853,18 @@
+--- src/drivers/driver_bsd.c.orig 2022-06-20 04:39:26.000000000 -0700
++++ src/drivers/driver_bsd.c 2022-07-03 14:15:42.260043000 -0700
+@@ -14,6 +14,7 @@
+ #include "driver.h"
+ #include "eloop.h"
+ #include "common/ieee802_11_defs.h"
++#include "common/ieee802_11_common.h"
+ #include "common/wpa_common.h"
+
+ #include <ifaddrs.h>
+@@ -853,14 +854,18 @@
drv = bsd_get_drvindex(global, ifm->ifm_index);
if (drv == NULL)
return;
@@ -22,7 +30,50 @@
wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
drv->ifname);
wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
-@@ -1220,7 +1224,10 @@
+@@ -1197,13 +1202,41 @@
+ }
+
+ static int
++wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv,
++ struct wpa_driver_associate_params *params, const u8 *ie)
++{
++ int privacy;
++ size_t ie_len = ie[1] ? ie[1] + 2 : 0;
++
++ /* XXX error handling is wrong but unclear what to do... */
++ if (wpa_driver_bsd_set_wpa_ie(drv, ie, ie_len) < 0)
++ return -1;
++
++ privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
++ params->group_suite == WPA_CIPHER_NONE &&
++ params->key_mgmt_suite == WPA_KEY_MGMT_NONE);
++ wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__,
++ privacy);
++
++ if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
++ return -1;
++
++ if (ie_len &&
++ set80211param(drv, IEEE80211_IOC_WPA,
++ ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
++ return -1;
++
++ return 0;
++}
++
++static int
+ wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params)
+ {
+ struct bsd_driver_data *drv = priv;
+ struct ieee80211req_mlme mlme;
+ u32 mode;
+- int privacy;
+ int ret = 0;
++ const u8 *wpa_ie, *rsn_ie;
+
+ wpa_printf(MSG_DEBUG,
+ "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u"
+@@ -1220,7 +1253,10 @@
mode = 0 /* STA */;
break;
case IEEE80211_MODE_IBSS:
@@ -33,21 +84,55 @@
break;
case IEEE80211_MODE_AP:
mode = IFM_IEEE80211_HOSTAP;
-@@ -1267,6 +1274,13 @@
- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
- return -1;
+@@ -1249,24 +1285,33 @@
+ ret = -1;
+ if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0)
+ ret = -1;
+- /* XXX error handling is wrong but unclear what to do... */
+- if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0)
+- return -1;
+
+- privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
+- params->group_suite == WPA_CIPHER_NONE &&
+- params->key_mgmt_suite == WPA_KEY_MGMT_NONE &&
+- params->wpa_ie_len == 0);
+- wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy);
++ if (params->wpa_ie_len) {
++ rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len,
++ WLAN_EID_RSN);
++ if (rsn_ie) {
++ if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params,
++ rsn_ie) < 0)
++ return -1;
++ }
++ else {
++ wpa_ie = get_vendor_ie(params->wpa_ie,
++ params->wpa_ie_len, WPA_IE_VENDOR_TYPE);
++ if (wpa_ie) {
++ if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params,
++ wpa_ie) < 0)
++ return -1;
++ }
++ }
++ }
+- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
+ /*
+ * NB: interface must be marked UP for association
+ * or scanning (ap_scan=2)
+ */
+ if (bsd_get_iface_flags(drv) < 0)
-+ return -1;
-+
+ return -1;
+
+- if (params->wpa_ie_len &&
+- set80211param(drv, IEEE80211_IOC_WPA,
+- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
+- return -1;
+-
os_memset(&mlme, 0, sizeof(mlme));
mlme.im_op = IEEE80211_MLME_ASSOC;
if (params->ssid != NULL)
-@@ -1485,6 +1499,17 @@
+@@ -1485,6 +1530,17 @@
if (devcaps.dc_drivercaps & IEEE80211_C_WPA2)
drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
@@ -65,7 +150,7 @@
if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_WEP)
drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
-@@ -1493,6 +1518,7 @@
+@@ -1493,6 +1549,7 @@
drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM)
drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
@@ -73,7 +158,7 @@
if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP)
drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
-@@ -1545,6 +1571,8 @@
+@@ -1545,6 +1602,8 @@
}
if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP)
return IEEE80211_M_HOSTAP;
diff --git a/security/wpa_supplicant/Makefile b/security/wpa_supplicant/Makefile
index 1b3e5889d2c6..d58333174c06 100644
--- a/security/wpa_supplicant/Makefile
+++ b/security/wpa_supplicant/Makefile
@@ -1,6 +1,6 @@
PORTNAME= wpa_supplicant
PORTVERSION= 2.10
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= security net
MASTER_SITES= https://w1.fi/releases/
diff --git a/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c b/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c
index 440233164126..56df017d59d1 100644
--- a/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c
+++ b/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c
@@ -1,6 +1,14 @@
--- src/drivers/driver_bsd.c.orig 2022-01-16 12:51:29.000000000 -0800
-+++ src/drivers/driver_bsd.c 2022-06-20 07:11:44.629814000 -0700
-@@ -853,14 +853,18 @@
++++ src/drivers/driver_bsd.c 2022-07-03 14:09:49.672011000 -0700
+@@ -14,6 +14,7 @@
+ #include "driver.h"
+ #include "eloop.h"
+ #include "common/ieee802_11_defs.h"
++#include "common/ieee802_11_common.h"
+ #include "common/wpa_common.h"
+
+ #include <ifaddrs.h>
+@@ -853,14 +854,18 @@
drv = bsd_get_drvindex(global, ifm->ifm_index);
if (drv == NULL)
return;
@@ -22,7 +30,50 @@
wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP",
drv->ifname);
wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
-@@ -1220,7 +1224,10 @@
+@@ -1197,13 +1202,41 @@
+ }
+
+ static int
++wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv,
++ struct wpa_driver_associate_params *params, const u8 *ie)
++{
++ int privacy;
++ size_t ie_len = ie[1] ? ie[1] + 2 : 0;
++
++ /* XXX error handling is wrong but unclear what to do... */
++ if (wpa_driver_bsd_set_wpa_ie(drv, ie, ie_len) < 0)
++ return -1;
++
++ privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
++ params->group_suite == WPA_CIPHER_NONE &&
++ params->key_mgmt_suite == WPA_KEY_MGMT_NONE);
++ wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__,
++ privacy);
++
++ if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
++ return -1;
++
++ if (ie_len &&
++ set80211param(drv, IEEE80211_IOC_WPA,
++ ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
++ return -1;
++
++ return 0;
++}
++
++static int
+ wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params)
+ {
+ struct bsd_driver_data *drv = priv;
+ struct ieee80211req_mlme mlme;
+ u32 mode;
+- int privacy;
+ int ret = 0;
++ const u8 *wpa_ie, *rsn_ie;
+
+ wpa_printf(MSG_DEBUG,
+ "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u"
+@@ -1220,7 +1253,10 @@
mode = 0 /* STA */;
break;
case IEEE80211_MODE_IBSS:
@@ -33,21 +84,55 @@
break;
case IEEE80211_MODE_AP:
mode = IFM_IEEE80211_HOSTAP;
-@@ -1267,6 +1274,13 @@
- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
- return -1;
+@@ -1249,24 +1285,33 @@
+ ret = -1;
+ if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0)
+ ret = -1;
+- /* XXX error handling is wrong but unclear what to do... */
+- if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0)
+- return -1;
+
+- privacy = !(params->pairwise_suite == WPA_CIPHER_NONE &&
+- params->group_suite == WPA_CIPHER_NONE &&
+- params->key_mgmt_suite == WPA_KEY_MGMT_NONE &&
+- params->wpa_ie_len == 0);
+- wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy);
++ if (params->wpa_ie_len) {
++ rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len,
++ WLAN_EID_RSN);
++ if (rsn_ie) {
++ if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params,
++ rsn_ie) < 0)
++ return -1;
++ }
++ else {
++ wpa_ie = get_vendor_ie(params->wpa_ie,
++ params->wpa_ie_len, WPA_IE_VENDOR_TYPE);
++ if (wpa_ie) {
++ if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params,
++ wpa_ie) < 0)
++ return -1;
++ }
++ }
++ }
+- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0)
+ /*
+ * NB: interface must be marked UP for association
+ * or scanning (ap_scan=2)
+ */
+ if (bsd_get_iface_flags(drv) < 0)
-+ return -1;
-+
+ return -1;
+
+- if (params->wpa_ie_len &&
+- set80211param(drv, IEEE80211_IOC_WPA,
+- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0)
+- return -1;
+-
os_memset(&mlme, 0, sizeof(mlme));
mlme.im_op = IEEE80211_MLME_ASSOC;
if (params->ssid != NULL)
-@@ -1485,6 +1499,17 @@
+@@ -1485,6 +1530,17 @@
if (devcaps.dc_drivercaps & IEEE80211_C_WPA2)
drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK;
@@ -65,7 +150,7 @@
if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_WEP)
drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 |
-@@ -1493,6 +1518,7 @@
+@@ -1493,6 +1549,7 @@
drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM)
drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
@@ -73,7 +158,7 @@
if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP)
drv->capa.flags |= WPA_DRIVER_FLAGS_AP;
-@@ -1545,6 +1571,8 @@
+@@ -1545,6 +1602,8 @@
}
if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP)
return IEEE80211_M_HOSTAP;