Please test and let me know if there are any problems.
Only in /usr/ports/security/wpa_supplicant: CVS
diff -ur /usr/ports/security/wpa_supplicant/Makefile
/tmp/wpa_supplicant/Makefile
--- /usr/ports/security/wpa_supplicant/Makefile Sun Jan 24 18:11:20 2010
+++ /tmp/wpa_supplicant/Makefile Sun Jan 24 18:16:59 2010
@@ -2,13 +2,13 @@
COMMENT= IEEE 802.1X supplicant
-DISTNAME= wpa_supplicant-0.5.8
+DISTNAME= wpa_supplicant-0.6.10
PKGNAME= ${DISTNAME}p0
CATEGORIES= security net
HOMEPAGE= http://hostap.epitest.fi/wpa_supplicant/
-MAINTAINER= Reyk Floeter <[email protected]>
+MAINTAINER= Jay Reffner <[email protected]>
# Dual BSD/GPL
PERMIT_PACKAGE_CDROM= Yes
@@ -21,6 +21,8 @@
USE_GMAKE= Yes
NO_REGRESS= Yes
+
+WRKBUILD = ${WRKDIR}/${DISTNAME}/wpa_supplicant
MAN5= wpa_supplicant.conf.5
MAN8= wpa_background.8 wpa_cli.8 wpa_passphrase.8 wpa_supplicant.8
diff -ur /usr/ports/security/wpa_supplicant/distinfo
/tmp/wpa_supplicant/distinfo
--- /usr/ports/security/wpa_supplicant/distinfo Sun Jan 24 18:11:20 2010
+++ /tmp/wpa_supplicant/distinfo Sun Jan 24 18:12:24 2010
@@ -1,5 +1,5 @@
-MD5 (wpa_supplicant-0.5.8.tar.gz) = e7IvK83u1Us/tUB9bYvJuw==
-RMD160 (wpa_supplicant-0.5.8.tar.gz) = MizVy6iv/+g0O9jFdOiUH9WV260=
-SHA1 (wpa_supplicant-0.5.8.tar.gz) = Q0VF+vR1gERin1dNgpOVEb6N6ws=
-SHA256 (wpa_supplicant-0.5.8.tar.gz) =
L5dV4uP5bSY4CFfvlb53Zebidva1MZTHBjPAJ0hdZ/A=
-SIZE (wpa_supplicant-0.5.8.tar.gz) = 714467
+MD5 (wpa_supplicant-0.6.10.tar.gz) = iYWxAw11Pl90+Kz8NOWRuw==
+RMD160 (wpa_supplicant-0.6.10.tar.gz) = PCtSaf0mG6aVonYgQIhYinmSwAI=
+SHA1 (wpa_supplicant-0.6.10.tar.gz) = 0sk3WGB94lCo3aetyPizBNCgdM4=
+SHA256 (wpa_supplicant-0.6.10.tar.gz) =
rCfGnCbj9OBvuhPg3I4cftewASqVJjvPzw85voBZ8v0=
+SIZE (wpa_supplicant-0.6.10.tar.gz) = 1190391
Only in /usr/ports/security/wpa_supplicant/files: CVS
diff -ur /usr/ports/security/wpa_supplicant/files/wpa_supplicant.conf
/tmp/wpa_supplicant/files/wpa_supplicant.conf
--- /usr/ports/security/wpa_supplicant/files/wpa_supplicant.conf Sun Jan
24 18:11:20 2010
+++ /tmp/wpa_supplicant/files/wpa_supplicant.conf Sun Jan 24 18:12:24 2010
@@ -3,7 +3,7 @@
# port authentication. See wpa_supplicant.conf(5).
ctrl_interface=/var/run/wpa_supplicant
-ctrl_interface_group=wheel
+ctrl_interface_group=_dot1x
ap_scan=0
network={
@@ -12,4 +12,136 @@
identity="user"
password="password"
eapol_flags=0
+}
+
+#
+#WPA-Personal (PSK) as home network and WPA-Enterprise with EAP-TLS as work
+# network
+# allow frontend (e.g., wpa_cli) to be used by all users in '_dot1x' group
+#
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=_dot1x
+#
+# home network; allow all valid ciphers
+#
+network={
+ ssid="home"
+ scan_ssid=1
+ key_mgmt=WPA-PSK
+ psk="secret passphrase"
+}
+
+#
+# work network; use EAP-TLS with WPA; allow only CCMP and TKIP ciphers
+#
+network={
+ ssid="work"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ pairwise=CCMP TKIP
+ group=CCMP TKIP
+ eap=TLS
+ identity="[email protected]"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+}
+
+#
+# PEAP/RADIUS Configuration Example
+#
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=_dot1x
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ eap=PEAP
+ identity="[email protected]"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase1="peaplabel=0"
+ phase2="auth=MSCHAPV2"
+}
+
+#
+#EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for the
+# unencrypted use. Real identity is sent only within an encrypted TLS tunnel.
+#
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=_dot1x
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP
+ eap=TTLS
+ identity="[email protected]"
+ anonymous_identity="[email protected]"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ phase2="auth=MD5"
+}
+
+#
+#IEEE 802.1X (i.e., no WPA) with dynamic WEP keys (require both unicast and
+# broadcast); use EAP-TLS for authentication
+#
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=_dot1x
+network={
+ ssid="1x-test"
+ scan_ssid=1
+ key_mgmt=IEEE8021X
+ eap=TLS
+ identity="[email protected]"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ eapol_flags=3
+}
+
+#
+#Catch all example that allows more or less all configuration modes. The
+# configuration options are used based on what security policy is used in the
+# selected SSID. This is mostly for testing and is not recommended for normal
+# use.
+#
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=_dot1x
+network={
+ ssid="example"
+ scan_ssid=1
+ key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
+ pairwise=CCMP TKIP
+ group=CCMP TKIP WEP104 WEP40
+ psk="very secret passphrase"
+ eap=TTLS PEAP TLS
+ identity="[email protected]"
+ password="foobar"
+ ca_cert="/etc/cert/ca.pem"
+ client_cert="/etc/cert/user.pem"
+ private_key="/etc/cert/user.prv"
+ private_key_passwd="password"
+ phase1="peaplabel=0"
+ ca_cert2="/etc/cert/ca2.pem"
+ client_cert2="/etc/cer/user.pem"
+ private_key2="/etc/cer/user.prv"
+ private_key2_passwd="password"
+}
+
+#
+# Authentication for wired Ethernet. This can be used with 'wired' or
+# 'roboswitch' interface (-Dwired or -Droboswitch on command line).
+#
+ctrl_interface=/var/run/wpa_supplicant
+ctrl_interface_group=_dot1x
+ap_scan=0
+network={
+ key_mgmt=IEEE8021X
+ eap=MD5
+ identity="user"
+ password="password"
+ eapol_flags=0
}
Only in /usr/ports/security/wpa_supplicant/patches: CVS
Only in /usr/ports/security/wpa_supplicant/patches: patch-common_h
Only in /usr/ports/security/wpa_supplicant/patches: patch-config
Only in /usr/ports/security/wpa_supplicant/patches: patch-driver_wired_c
Only in /usr/ports/security/wpa_supplicant/patches: patch-os_internal_c
Only in /usr/ports/security/wpa_supplicant/patches: patch-os_unix_c
Only in /tmp/wpa_supplicant/patches: patch-wpa_supplicant_Makefile
Only in /tmp/wpa_supplicant/patches: patch-wpa_supplicant__config
Only in /usr/ports/security/wpa_supplicant/pkg: CVS
diff -ur /usr/ports/security/wpa_supplicant/pkg/DESCR
/tmp/wpa_supplicant/pkg/DESCR
--- /usr/ports/security/wpa_supplicant/pkg/DESCR Sun Jan 24 18:11:20 2010
+++ /tmp/wpa_supplicant/pkg/DESCR Sun Jan 24 18:18:33 2010
@@ -1,3 +1,2 @@
wpa_supplicant is the implementation of an IEEE 802.1X supplicant.
-This port is for wired authentication only (Ethernet PAE) and does not
-support the wireless WPA/WPA2 functionality.
+This port is for wired (EAPOL) and wireless (WPA/WPS) authentication.
Only in /tmp/wpa_supplicant/pkg: MESSAGE
diff -ur /usr/ports/security/wpa_supplicant/pkg/PLIST
/tmp/wpa_supplicant/pkg/PLIST
--- /usr/ports/security/wpa_supplicant/pkg/PLIST Sun Jan 24 18:11:20 2010
+++ /tmp/wpa_supplicant/pkg/PLIST Sun Jan 24 18:12:24 2010
@@ -1,13 +1,15 @@
-...@comment $OpenBSD: PLIST,v 1.1 2007/07/01 19:50:57 reyk Exp $
+...@comment $OpenBSD$
+...@newgroup _dot1x:648
@man man/man5/wpa_supplicant.conf.5
@man man/man8/wpa_background.8
@man man/man8/wpa_cli.8
@man man/man8/wpa_passphrase.8
@man man/man8/wpa_supplicant.8
-sbin/wpa_cli
-sbin/wpa_passphrase
-sbin/wpa_supplicant
+...@group _dot1x
+...@bin sbin/wpa_cli
+...@bin sbin/wpa_passphrase
+...@bin sbin/wpa_priv
+...@bin sbin/wpa_supplicant
share/examples/wpa_supplicant/
share/examples/wpa_supplicant/wpa_supplicant.conf
-...@sample ${SYSCONFDIR}/wpa_supplicant.conf
share/examples/wpa_supplicant/wpa_supplicant.conf.dist
smime.p7s
Description: S/MIME Cryptographic Signature
