diff --git a/security/Makefile b/security/Makefile index 06c16a8abb62..44bcadc9ed54 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1,1414 +1,1415 @@ COMMENT = Security tools SUBDIR += 0d1n SUBDIR += 1password-client SUBDIR += 1password-client2 SUBDIR += 1password-client2-beta SUBDIR += 2fa SUBDIR += ADMsmb SUBDIR += ADMsnmp SUBDIR += R-cran-ROAuth SUBDIR += R-cran-askpass SUBDIR += R-cran-credentials SUBDIR += R-cran-digest SUBDIR += R-cran-gitcreds SUBDIR += R-cran-openssl SUBDIR += R-cran-sodium SUBDIR += acme.sh SUBDIR += acmed SUBDIR += acmetool SUBDIR += aescrypt SUBDIR += aespipe SUBDIR += afl++ SUBDIR += afterglow SUBDIR += age SUBDIR += aide SUBDIR += amavisd-milter SUBDIR += amavisd-new SUBDIR += apache-xml-security-c SUBDIR += apg SUBDIR += apkid SUBDIR += archlinux-keyring SUBDIR += arpCounterattack SUBDIR += arti SUBDIR += asignify SUBDIR += assh SUBDIR += authenticator SUBDIR += authoscope SUBDIR += autossh SUBDIR += aws-c-auth SUBDIR += aws-c-cal SUBDIR += aws-iam-authenticator SUBDIR += aws-vault SUBDIR += axc SUBDIR += barnyard2 SUBDIR += barnyard2-sguil SUBDIR += bastillion SUBDIR += bcwipe SUBDIR += bdes SUBDIR += bearssl SUBDIR += beecrypt SUBDIR += beid SUBDIR += beidconnect SUBDIR += belier SUBDIR += bfbtester SUBDIR += binwalk SUBDIR += bitwarden-cli SUBDIR += blst SUBDIR += boringssl SUBDIR += botan2 SUBDIR += botan3 SUBDIR += bruteblock SUBDIR += bsdsfv SUBDIR += bsmtrace SUBDIR += bsmtrace3 SUBDIR += bzrtp SUBDIR += ca_root_nss SUBDIR += caesarcipher SUBDIR += caldera SUBDIR += caldera-ot SUBDIR += caldera4 SUBDIR += calife SUBDIR += cardpeek SUBDIR += cargo-audit SUBDIR += ccrypt SUBDIR += ccsrch SUBDIR += certmgr SUBDIR += certspotter SUBDIR += cfs SUBDIR += cfssl SUBDIR += cfv SUBDIR += chaosreader SUBDIR += checkpassword SUBDIR += checkpassword-pam SUBDIR += chkrootkit SUBDIR += chntpw SUBDIR += chroot_safe SUBDIR += chrootuid SUBDIR += ckpass SUBDIR += cksfv SUBDIR += cl-md5 SUBDIR += cl-md5-sbcl SUBDIR += clamassassin SUBDIR += clamav SUBDIR += clamav-lts SUBDIR += clamav-unofficial-sigs SUBDIR += clamd-stream-client SUBDIR += clamfs SUBDIR += clamsmtp SUBDIR += clamtk SUBDIR += cloak SUBDIR += clusterssh SUBDIR += cops SUBDIR += courier-authlib SUBDIR += courier-authlib-base SUBDIR += courierpassd SUBDIR += courierpasswd SUBDIR += courieruserinfo SUBDIR += cowrie SUBDIR += cpfx SUBDIR += cracklib SUBDIR += crackpkcs12 SUBDIR += create-cert SUBDIR += crlfuzz SUBDIR += crowdsec SUBDIR += crowdsec-blocklist-mirror SUBDIR += crowdsec-firewall-bouncer SUBDIR += cryptlib SUBDIR += cryptopp SUBDIR += ct-submit SUBDIR += cvechecker SUBDIR += cvm SUBDIR += cyberchef SUBDIR += cyrus-sasl2 SUBDIR += cyrus-sasl2-gssapi SUBDIR += cyrus-sasl2-ldapdb SUBDIR += cyrus-sasl2-saslauthd SUBDIR += cyrus-sasl2-sql SUBDIR += cyrus-sasl2-srp SUBDIR += cyrus-sasl2-xoauth2 SUBDIR += d0_blind_id SUBDIR += debian-keyring SUBDIR += dehydrated SUBDIR += denyhosts SUBDIR += destroy SUBDIR += diffcode SUBDIR += digestpp SUBDIR += dirbuster SUBDIR += dirmngr SUBDIR += distcache SUBDIR += diswall SUBDIR += doas SUBDIR += dotdotpwn SUBDIR += dropbear SUBDIR += dsniff SUBDIR += dsvpn SUBDIR += duo SUBDIR += duo_openvpn SUBDIR += easy-rsa SUBDIR += enc SUBDIR += enchive SUBDIR += eschalot SUBDIR += expiretable SUBDIR += fakeident SUBDIR += fakeroot SUBDIR += farmhash SUBDIR += fcrackzip SUBDIR += ffuf SUBDIR += fiked SUBDIR += fizz SUBDIR += flawfinder SUBDIR += flawz SUBDIR += fprint_demo SUBDIR += fprintd SUBDIR += fragroute SUBDIR += fragrouter SUBDIR += fswatch SUBDIR += ftimes SUBDIR += fuzz SUBDIR += fwanalog SUBDIR += fwknop SUBDIR += fwlogwatch SUBDIR += gcr SUBDIR += gef SUBDIR += git-credential-azure SUBDIR += git-credential-gopass SUBDIR += git-credential-oauth SUBDIR += git-crypt SUBDIR += git-remote-gcrypt SUBDIR += git-secret SUBDIR += gitjacker SUBDIR += globalprotect-openconnect SUBDIR += gnome-keyring SUBDIR += gnome-keyring-sharp SUBDIR += gnome-ssh-askpass SUBDIR += gnupg SUBDIR += gnupg-pkcs11-scd SUBDIR += gnupg1 SUBDIR += gnutls SUBDIR += go-cve-dictionary SUBDIR += gokart SUBDIR += gokey SUBDIR += gonepass SUBDIR += gopass SUBDIR += gorilla SUBDIR += gosec SUBDIR += gost-engine SUBDIR += gostsum SUBDIR += gpa SUBDIR += gpg-gui SUBDIR += gpg-tui SUBDIR += gpgdir SUBDIR += gpgme SUBDIR += gpgme-cpp SUBDIR += gpgme-qt SUBDIR += gpgme-qt-headers SUBDIR += gsa SUBDIR += gsad SUBDIR += gsasl SUBDIR += gstreamer1-plugins-dtls SUBDIR += gtkpasman SUBDIR += gvm SUBDIR += gvm-libs SUBDIR += gvmd SUBDIR += hardening-check SUBDIR += hash SUBDIR += hashcat SUBDIR += heaan SUBDIR += headscale SUBDIR += heimdal SUBDIR += heimdal-devel SUBDIR += helib SUBDIR += hexl SUBDIR += highwayhash SUBDIR += hitch SUBDIR += hockeypuck SUBDIR += honeytrap SUBDIR += honggfuzz SUBDIR += horcrux SUBDIR += howdy SUBDIR += hpenc SUBDIR += hs-cryptol SUBDIR += hydra SUBDIR += hyperhotp SUBDIR += i2p SUBDIR += i2pd SUBDIR += iaikpkcs11wrapper SUBDIR += iddawc SUBDIR += idea SUBDIR += identify SUBDIR += imds-filterd SUBDIR += intel-ipsec-mb SUBDIR += ipfmeta SUBDIR += ipguard SUBDIR += ipsec-tools SUBDIR += ipv6toolkit SUBDIR += isal-kmod SUBDIR += ismtp SUBDIR += isnprober SUBDIR += john SUBDIR += kbfsd SUBDIR += kc SUBDIR += kdbxviewer SUBDIR += keepass SUBDIR += keepass-plugin-keepassrpc SUBDIR += keepassxc SUBDIR += keybase SUBDIR += keychain SUBDIR += keyprint SUBDIR += keysmith SUBDIR += kf5-kdesu SUBDIR += kf6-kdesu SUBDIR += kgpg SUBDIR += kickpass SUBDIR += klee SUBDIR += kleopatra SUBDIR += knock SUBDIR += knocker SUBDIR += kpcli SUBDIR += kpkpass SUBDIR += kpmenu SUBDIR += krb5 SUBDIR += krb5-120 SUBDIR += krb5-121 SUBDIR += krb5-devel SUBDIR += kstart SUBDIR += ktls_isa-l_crypto-kmod SUBDIR += kuku SUBDIR += kwalletmanager SUBDIR += l0pht-watch SUBDIR += lasso SUBDIR += lastpass-cli SUBDIR += lego SUBDIR += libargon2 SUBDIR += libassuan SUBDIR += libcaes SUBDIR += libcryptui SUBDIR += libdecaf SUBDIR += libecc SUBDIR += libfido2 SUBDIR += libfprint SUBDIR += libgcrypt SUBDIR += libgnome-keyring SUBDIR += libgpg-error SUBDIR += libgsasl SUBDIR += libhijack SUBDIR += libident SUBDIR += libkleo SUBDIR += libkpass SUBDIR += libksba SUBDIR += libmacaroons SUBDIR += libmcrypt SUBDIR += libnitrokey SUBDIR += libntlm SUBDIR += libomemo SUBDIR += libomemo-c SUBDIR += liboqs SUBDIR += libotr SUBDIR += libotr3 SUBDIR += libp11 SUBDIR += libpki SUBDIR += libprelude SUBDIR += libpreludedb SUBDIR += libpwquality SUBDIR += libressl SUBDIR += libressl-devel SUBDIR += libreswan SUBDIR += libretls SUBDIR += libscep SUBDIR += libscrypt SUBDIR += libsecret SUBDIR += libsectok SUBDIR += libsodium SUBDIR += libssh SUBDIR += libssh2 SUBDIR += libtasn1 SUBDIR += libtatsu SUBDIR += libtomcrypt SUBDIR += libu2f-host SUBDIR += libuecc SUBDIR += libwhisker SUBDIR += libxcrypt SUBDIR += libyubikey SUBDIR += lime SUBDIR += linux-bitwarden-cli SUBDIR += linux-c7-ca-certificates SUBDIR += linux-c7-cyrus-sasl2 SUBDIR += linux-c7-gnutls SUBDIR += linux-c7-libgcrypt SUBDIR += linux-c7-libgpg-error SUBDIR += linux-c7-libssh2 SUBDIR += linux-c7-libtasn1 SUBDIR += linux-c7-nettle SUBDIR += linux-c7-nss SUBDIR += linux-c7-openssl-devel SUBDIR += linux-c7-p11-kit SUBDIR += linux-c7-trousers SUBDIR += linux-rl9-ca-certificates SUBDIR += linux-rl9-cyrus-sasl2 SUBDIR += linux-rl9-gnupg SUBDIR += linux-rl9-gnutls SUBDIR += linux-rl9-libassuan SUBDIR += linux-rl9-libgcrypt SUBDIR += linux-rl9-libgpg-error SUBDIR += linux-rl9-libsecret SUBDIR += linux-rl9-libtasn1 SUBDIR += linux-rl9-libxcrypt SUBDIR += linux-rl9-nettle SUBDIR += linux-rl9-nss SUBDIR += linux-rl9-p11-kit SUBDIR += local-php-security-checker SUBDIR += logcheck SUBDIR += lua-argon2 SUBDIR += lua-bcrypt SUBDIR += lua-resty-hmac SUBDIR += lua-resty-jwt SUBDIR += lua-resty-openidc SUBDIR += lua-resty-openssl SUBDIR += luasec SUBDIR += lxqt-openssh-askpass SUBDIR += lxqt-sudo SUBDIR += lynis SUBDIR += mac-robber SUBDIR += maia SUBDIR += mailzu SUBDIR += makepasswd SUBDIR += maltrail SUBDIR += masscan SUBDIR += mate-pam-helper SUBDIR += mbedtls SUBDIR += mcrypt SUBDIR += md5deep SUBDIR += medusa SUBDIR += meek SUBDIR += metasploit SUBDIR += mhash SUBDIR += mindterm-binary SUBDIR += minisign SUBDIR += mkp224o SUBDIR += modsecurity3 SUBDIR += modsecurity3-nginx SUBDIR += monkeysphere SUBDIR += monocypher SUBDIR += munge SUBDIR += n2n SUBDIR += ncrack SUBDIR += ncrypt SUBDIR += nebula SUBDIR += nettle SUBDIR += nextcloud-end_to_end_encryption SUBDIR += nextcloud-passman SUBDIR += nextcloud-twofactor_admin SUBDIR += nextcloud-twofactor_nextcloud_notification SUBDIR += nextcloud-twofactor_webauthn SUBDIR += nflib SUBDIR += ngrok SUBDIR += nikto SUBDIR += nist-kat SUBDIR += nitrokey-app SUBDIR += nmap SUBDIR += nmap-devel SUBDIR += nss SUBDIR += nss_compat_ossl SUBDIR += nuclei SUBDIR += nyx SUBDIR += oath-toolkit SUBDIR += obfs4proxy-tor SUBDIR += ocaml-cryptgps SUBDIR += ocaml-cryptokit SUBDIR += ocaml-lwt_ssl SUBDIR += ocaml-ssl SUBDIR += oidentd SUBDIR += oinkmaster SUBDIR += olm SUBDIR += onionscan SUBDIR += op SUBDIR += openbsm SUBDIR += openca-ocspd SUBDIR += openconnect SUBDIR += openconnect-freebsd-daemon SUBDIR += openconnect-gui SUBDIR += opencryptoki SUBDIR += openct SUBDIR += opendoas SUBDIR += openfhe SUBDIR += openfortivpn SUBDIR += openiked SUBDIR += openiked-portable SUBDIR += opensaml SUBDIR += opensc SUBDIR += openssh-askpass SUBDIR += openssh-portable SUBDIR += openssl SUBDIR += openssl-agent SUBDIR += openssl-quictls SUBDIR += openssl-unsafe SUBDIR += openssl111 SUBDIR += openssl31 SUBDIR += openssl31-quictls SUBDIR += openssl32 SUBDIR += openssl33 SUBDIR += openvas SUBDIR += openvpn SUBDIR += openvpn-admin SUBDIR += openvpn-auth-ldap SUBDIR += openvpn-auth-radius SUBDIR += openvpn-auth-script SUBDIR += openvpn-devel SUBDIR += ophcrack SUBDIR += opie SUBDIR += ossec-hids SUBDIR += ossec-hids-agent SUBDIR += ossec-hids-agent-config SUBDIR += ossec-hids-local SUBDIR += ossec-hids-local-config SUBDIR += ossec-hids-server SUBDIR += ossec-hids-server-config SUBDIR += osslsigncode SUBDIR += osv-scanner SUBDIR += otpw SUBDIR += owasp-dependency-check SUBDIR += p11-kit SUBDIR += p5-Alt-Crypt-RSA-BigInt SUBDIR += p5-Apache-Htpasswd SUBDIR += p5-App-Acmeman SUBDIR += p5-App-Genpass SUBDIR += p5-App-TLSMe SUBDIR += p5-Auth-YubikeyDecrypter SUBDIR += p5-AuthCAS SUBDIR += p5-Authen-Bitcard SUBDIR += p5-Authen-Captcha SUBDIR += p5-Authen-CyrusSASL SUBDIR += p5-Authen-DecHpwd SUBDIR += p5-Authen-Htpasswd SUBDIR += p5-Authen-Krb5 SUBDIR += p5-Authen-Krb5-Simple SUBDIR += p5-Authen-Libwrap SUBDIR += p5-Authen-NTLM SUBDIR += p5-Authen-OATH SUBDIR += p5-Authen-PAAS SUBDIR += p5-Authen-PAM SUBDIR += p5-Authen-Passphrase SUBDIR += p5-Authen-PluggableCaptcha SUBDIR += p5-Authen-Radius SUBDIR += p5-Authen-SASL SUBDIR += p5-Authen-SASL-Cyrus SUBDIR += p5-Authen-SASL-SASLprep SUBDIR += p5-Authen-SCRAM SUBDIR += p5-Authen-Simple SUBDIR += p5-Authen-Simple-DBI SUBDIR += p5-Authen-Simple-DBM SUBDIR += p5-Authen-Simple-HTTP SUBDIR += p5-Authen-Simple-Kerberos SUBDIR += p5-Authen-Simple-LDAP SUBDIR += p5-Authen-Simple-Net SUBDIR += p5-Authen-Simple-PAM SUBDIR += p5-Authen-Simple-Passwd SUBDIR += p5-Authen-Simple-RADIUS SUBDIR += p5-Authen-Simple-SMB SUBDIR += p5-Authen-Simple-SSH SUBDIR += p5-Authen-Smb SUBDIR += p5-Authen-TacacsPlus SUBDIR += p5-Authen-Ticket SUBDIR += p5-Authen-TypeKey SUBDIR += p5-Business-PayPal-EWP SUBDIR += p5-Bytes-Random-Secure SUBDIR += p5-Bytes-Random-Secure-Tiny SUBDIR += p5-CACertOrg-CA SUBDIR += p5-CPAN-Audit SUBDIR += p5-CSP SUBDIR += p5-Cisco-Hash SUBDIR += p5-Crypt-Anubis SUBDIR += p5-Crypt-AppleTwoFish SUBDIR += p5-Crypt-Argon2 SUBDIR += p5-Crypt-Bcrypt SUBDIR += p5-Crypt-Blowfish SUBDIR += p5-Crypt-Blowfish_PP SUBDIR += p5-Crypt-CAST5 SUBDIR += p5-Crypt-CAST5_PP SUBDIR += p5-Crypt-CBC SUBDIR += p5-Crypt-CBCeasy SUBDIR += p5-Crypt-CFB SUBDIR += p5-Crypt-Caesar SUBDIR += p5-Crypt-Camellia_PP SUBDIR += p5-Crypt-Chimera SUBDIR += p5-Crypt-CipherSaber SUBDIR += p5-Crypt-Cracklib SUBDIR += p5-Crypt-Ctr SUBDIR += p5-Crypt-Curve25519 SUBDIR += p5-Crypt-DES SUBDIR += p5-Crypt-DES_EDE3 SUBDIR += p5-Crypt-DES_PP SUBDIR += p5-Crypt-DH SUBDIR += p5-Crypt-DSA SUBDIR += p5-Crypt-Dining SUBDIR += p5-Crypt-ECB SUBDIR += p5-Crypt-Eksblowfish SUBDIR += p5-Crypt-Enigma SUBDIR += p5-Crypt-Format SUBDIR += p5-Crypt-GCrypt SUBDIR += p5-Crypt-GOST SUBDIR += p5-Crypt-GOST_PP SUBDIR += p5-Crypt-GPG SUBDIR += p5-Crypt-GeneratePassword SUBDIR += p5-Crypt-GpgME SUBDIR += p5-Crypt-HCE_MD5 SUBDIR += p5-Crypt-HCE_SHA SUBDIR += p5-Crypt-HSXKPasswd SUBDIR += p5-Crypt-IDEA SUBDIR += p5-Crypt-Imail SUBDIR += p5-Crypt-JWT SUBDIR += p5-Crypt-Juniper SUBDIR += p5-Crypt-Khazad SUBDIR += p5-Crypt-LE SUBDIR += p5-Crypt-LibSCEP SUBDIR += p5-Crypt-License SUBDIR += p5-Crypt-Lite SUBDIR += p5-Crypt-Loki97 SUBDIR += p5-Crypt-MySQL SUBDIR += p5-Crypt-NULL SUBDIR += p5-Crypt-OFB SUBDIR += p5-Crypt-OTP SUBDIR += p5-Crypt-OpenPGP SUBDIR += p5-Crypt-OpenSSL-AES SUBDIR += p5-Crypt-OpenSSL-Bignum SUBDIR += p5-Crypt-OpenSSL-CA SUBDIR += p5-Crypt-OpenSSL-DSA SUBDIR += p5-Crypt-OpenSSL-EC SUBDIR += p5-Crypt-OpenSSL-ECDSA SUBDIR += p5-Crypt-OpenSSL-Guess SUBDIR += p5-Crypt-OpenSSL-PKCS10 SUBDIR += p5-Crypt-OpenSSL-RSA SUBDIR += p5-Crypt-OpenSSL-Random SUBDIR += p5-Crypt-OpenSSL-Verify SUBDIR += p5-Crypt-OpenSSL-X509 SUBDIR += p5-Crypt-PBKDF2 SUBDIR += p5-Crypt-PKCS10 SUBDIR += p5-Crypt-PWSafe3 SUBDIR += p5-Crypt-PassGen SUBDIR += p5-Crypt-Passwd-XS SUBDIR += p5-Crypt-PasswdMD5 SUBDIR += p5-Crypt-Password-Util SUBDIR += p5-Crypt-Perl SUBDIR += p5-Crypt-Primes SUBDIR += p5-Crypt-RC4 SUBDIR += p5-Crypt-RC5 SUBDIR += p5-Crypt-RC6 SUBDIR += p5-Crypt-RHash SUBDIR += p5-Crypt-RIPEMD160 SUBDIR += p5-Crypt-RSA SUBDIR += p5-Crypt-RSA-Parse SUBDIR += p5-Crypt-RSA-Yandex SUBDIR += p5-Crypt-Rabbit SUBDIR += p5-Crypt-RandPasswd SUBDIR += p5-Crypt-Random SUBDIR += p5-Crypt-Random-Seed SUBDIR += p5-Crypt-Random-Source SUBDIR += p5-Crypt-Random-TESHA2 SUBDIR += p5-Crypt-Rijndael SUBDIR += p5-Crypt-Rijndael_PP SUBDIR += p5-Crypt-SKey SUBDIR += p5-Crypt-SMIME SUBDIR += p5-Crypt-SSLeay SUBDIR += p5-Crypt-SSSS SUBDIR += p5-Crypt-Salt SUBDIR += p5-Crypt-SaltedHash SUBDIR += p5-Crypt-Serpent SUBDIR += p5-Crypt-Shark SUBDIR += p5-Crypt-Simple SUBDIR += p5-Crypt-SmbHash SUBDIR += p5-Crypt-Sodium SUBDIR += p5-Crypt-Solitaire SUBDIR += p5-Crypt-TEA SUBDIR += p5-Crypt-T_e_a SUBDIR += p5-Crypt-Tea_JS SUBDIR += p5-Crypt-TripleDES SUBDIR += p5-Crypt-Twofish SUBDIR += p5-Crypt-Twofish2 SUBDIR += p5-Crypt-Twofish_PP SUBDIR += p5-Crypt-URandom SUBDIR += p5-Crypt-UnixCrypt SUBDIR += p5-Crypt-UnixCrypt_XS SUBDIR += p5-Crypt-X509 SUBDIR += p5-Crypt-X509-CRL SUBDIR += p5-Crypt-XTEA SUBDIR += p5-Crypt-xDBM_File SUBDIR += p5-CryptX SUBDIR += p5-Dancer-Plugin-Auth-Extensible SUBDIR += p5-Dancer-Plugin-Auth-Extensible-Provider-Usergroup SUBDIR += p5-Dancer-Plugin-Passphrase SUBDIR += p5-Dancer2-Plugin-Auth-Extensible SUBDIR += p5-Dancer2-Plugin-Auth-Extensible-Provider-DBIC SUBDIR += p5-Dancer2-Plugin-Auth-Extensible-Provider-Database SUBDIR += p5-Dancer2-Plugin-Auth-Extensible-Provider-IMAP SUBDIR += p5-Dancer2-Plugin-Auth-Extensible-Provider-Usergroup SUBDIR += p5-Dancer2-Plugin-Passphrase SUBDIR += p5-Data-Entropy SUBDIR += p5-Data-Password SUBDIR += p5-Digest SUBDIR += p5-Digest-Adler32 SUBDIR += p5-Digest-Bcrypt SUBDIR += p5-Digest-BubbleBabble SUBDIR += p5-Digest-CRC SUBDIR += p5-Digest-Crc32 SUBDIR += p5-Digest-DJB SUBDIR += p5-Digest-DMAC SUBDIR += p5-Digest-EMAC SUBDIR += p5-Digest-Elf SUBDIR += p5-Digest-FNV SUBDIR += p5-Digest-GOST SUBDIR += p5-Digest-HMAC SUBDIR += p5-Digest-Hashcash SUBDIR += p5-Digest-Haval256 SUBDIR += p5-Digest-JHash SUBDIR += p5-Digest-MD2 SUBDIR += p5-Digest-MD4 SUBDIR += p5-Digest-MD5 SUBDIR += p5-Digest-MD5-File SUBDIR += p5-Digest-MD5-M4p SUBDIR += p5-Digest-MD5-Reverse SUBDIR += p5-Digest-ManberHash SUBDIR += p5-Digest-MurmurHash SUBDIR += p5-Digest-Nilsimsa SUBDIR += p5-Digest-Pearson SUBDIR += p5-Digest-Pearson-PurePerl SUBDIR += p5-Digest-Perl-MD4 SUBDIR += p5-Digest-Perl-MD5 SUBDIR += p5-Digest-SHA SUBDIR += p5-Digest-SHA-PurePerl SUBDIR += p5-Digest-SHA1 SUBDIR += p5-Digest-SHA3 SUBDIR += p5-Digest-SV1 SUBDIR += p5-Digest-Tiger SUBDIR += p5-Digest-Whirlpool SUBDIR += p5-File-KeePass SUBDIR += p5-File-KeePass-Agent SUBDIR += p5-File-Scan SUBDIR += p5-File-Scan-ClamAV SUBDIR += p5-Filter-CBC SUBDIR += p5-Filter-Crypto SUBDIR += p5-GD-SecurityImage SUBDIR += p5-GSSAPI SUBDIR += p5-GnuPG SUBDIR += p5-GnuPG-Interface SUBDIR += p5-HTML-Email-Obfuscate SUBDIR += p5-Heimdal-Kadm5 SUBDIR += p5-IO-Async-SSL SUBDIR += p5-IO-Socket-SSL SUBDIR += p5-MD5 SUBDIR += p5-Mcrypt SUBDIR += p5-Module-Signature SUBDIR += p5-Net-Daemon-SSL SUBDIR += p5-Net-OpenID-Common SUBDIR += p5-Net-OpenID-JanRain SUBDIR += p5-Net-OpenID-Server SUBDIR += p5-Net-Radius-Server SUBDIR += p5-Net-SAML2 SUBDIR += p5-Net-SSH-AuthorizedKeysFile SUBDIR += p5-Net-SSL-ExpireDate SUBDIR += p5-Net-SSLGlue SUBDIR += p5-Net-SSLeay SUBDIR += p5-Net-Server-Mail-ESMTP-AUTH SUBDIR += p5-Net-SinFP SUBDIR += p5-Nmap-Parser SUBDIR += p5-Nmap-Scanner SUBDIR += p5-OpenCA-CRL SUBDIR += p5-OpenCA-CRR SUBDIR += p5-OpenCA-REQ SUBDIR += p5-OpenCA-X509 SUBDIR += p5-PBKDF2-Tiny SUBDIR += p5-PGP SUBDIR += p5-PGP-Sign SUBDIR += p5-POE-Component-SSLify SUBDIR += p5-POE-Filter-SSL SUBDIR += p5-Parse-Snort SUBDIR += p5-PerlCryptLib SUBDIR += p5-SAVI-Perl SUBDIR += p5-SHA SUBDIR += p5-Safe-Hole SUBDIR += p5-Session-Token SUBDIR += p5-Snort-Rule SUBDIR += p5-String-MkPasswd SUBDIR += p5-Sudo SUBDIR += p5-Text-Password-Pronounceable SUBDIR += p5-Tie-EncryptedHash SUBDIR += p5-Tree-Authz SUBDIR += p5-URN-OASIS-SAML2 SUBDIR += p5-Unix-Passwd-File SUBDIR += p5-Unix-setuid SUBDIR += p5-Yahoo-BBAuth SUBDIR += p5-dicewaregen SUBDIR += p5-openxpki SUBDIR += p5-openxpki-i18n SUBDIR += p5-plog SUBDIR += palisade SUBDIR += pam-modules SUBDIR += pam-mysql SUBDIR += pam-pgsql SUBDIR += pam_fprint SUBDIR += pam_google_authenticator SUBDIR += pam_helper SUBDIR += pam_howdy SUBDIR += pam_jail SUBDIR += pam_kde SUBDIR += pam_krb5 SUBDIR += pam_krb5-rh SUBDIR += pam_ldap SUBDIR += pam_mkhomedir SUBDIR += pam_ocra SUBDIR += pam_p11 SUBDIR += pam_pkcs11 SUBDIR += pam_pwdfile SUBDIR += pam_require SUBDIR += pam_rssh SUBDIR += pam_script SUBDIR += pam_search_list SUBDIR += pam_ssh_agent_auth SUBDIR += pam_u2f SUBDIR += pam_yubico SUBDIR += pamtester SUBDIR += paperkey SUBDIR += passh SUBDIR += passivedns SUBDIR += pcsc-tools SUBDIR += pdfcrack SUBDIR += pear-Auth SUBDIR += pear-Auth_HTTP SUBDIR += pear-Auth_PrefManager SUBDIR += pear-Auth_SASL SUBDIR += pear-Auth_SASL2 SUBDIR += pear-Crypt_Blowfish SUBDIR += pear-Crypt_CBC SUBDIR += pear-Crypt_CHAP SUBDIR += pear-Crypt_DiffieHellman SUBDIR += pear-Crypt_GPG SUBDIR += pear-Crypt_HMAC2 SUBDIR += pear-Crypt_MicroID SUBDIR += pear-Crypt_RC4 SUBDIR += pear-Crypt_RSA SUBDIR += pear-Crypt_XXTEA SUBDIR += pear-File_HtAccess SUBDIR += pear-File_Passwd SUBDIR += pear-File_SMBPasswd SUBDIR += pear-HTML_Crypt SUBDIR += pear-Horde_Auth SUBDIR += pear-Horde_Crypt SUBDIR += pear-Horde_Crypt_Blowfish SUBDIR += pear-Horde_Group SUBDIR += pear-Horde_Oauth SUBDIR += pear-Horde_Perms SUBDIR += pear-Horde_Secret SUBDIR += pear-Horde_Share SUBDIR += pear-LiveUser SUBDIR += pear-LiveUser_Admin SUBDIR += pear-Net_Portscan SUBDIR += pear-Text_Password SUBDIR += pecl-crypto SUBDIR += pecl-gnupg SUBDIR += pecl-krb5 SUBDIR += pecl-libsodium SUBDIR += pecl-mcrypt SUBDIR += pecl-pam SUBDIR += pecl-pkcs11 SUBDIR += pecl-scrypt SUBDIR += pecl-ssh2 SUBDIR += pecl-xxtea SUBDIR += peda SUBDIR += pev SUBDIR += pgpdump SUBDIR += pgpgpg SUBDIR += pgpin SUBDIR += php81-filter SUBDIR += php81-sodium SUBDIR += php82-filter SUBDIR += php82-sodium SUBDIR += php83-filter SUBDIR += php83-sodium SUBDIR += picocrypt SUBDIR += picosha2 SUBDIR += pidgin-encryption SUBDIR += pidgin-otr SUBDIR += pinentry SUBDIR += pinentry-curses SUBDIR += pinentry-efl SUBDIR += pinentry-fltk SUBDIR += pinentry-gnome SUBDIR += pinentry-gtk2 SUBDIR += pinentry-qt5 SUBDIR += pinentry-qt6 SUBDIR += pinentry-tty SUBDIR += pixiewps SUBDIR += pkcrack SUBDIR += pkcs11-dump SUBDIR += pkcs11-gateway SUBDIR += pkcs11-helper SUBDIR += pkcs11-tools SUBDIR += pkesh SUBDIR += pks SUBDIR += plasma5-kscreenlocker SUBDIR += plasma5-ksshaskpass SUBDIR += plasma5-kwallet-pam SUBDIR += plasma6-kscreenlocker SUBDIR += plasma6-ksshaskpass SUBDIR += plasma6-kwallet-pam SUBDIR += please SUBDIR += portacl-rc SUBDIR += proftpd-mod_clamav SUBDIR += proxycheck SUBDIR += proxytunnel SUBDIR += pssh SUBDIR += pulledpork SUBDIR += pure-sfv SUBDIR += putty SUBDIR += putty-nogtk SUBDIR += pvk SUBDIR += pwauth SUBDIR += pwman SUBDIR += pwned-check SUBDIR += py-RestrictedPython SUBDIR += py-SecretStorage SUBDIR += py-YubiOTP SUBDIR += py-acme SUBDIR += py-acme-tiny SUBDIR += py-ailment SUBDIR += py-aiohttp-security SUBDIR += py-angr SUBDIR += py-argon2-cffi SUBDIR += py-argon2-cffi-bindings SUBDIR += py-artifacts SUBDIR += py-asyncssh SUBDIR += py-authlib SUBDIR += py-azure-keyvault-certificates SUBDIR += py-azure-keyvault-keys SUBDIR += py-azure-keyvault-secrets SUBDIR += py-badkeys SUBDIR += py-base58 SUBDIR += py-bcrypt SUBDIR += py-bitbox02 SUBDIR += py-btchip-python SUBDIR += py-cerealizer SUBDIR += py-cert-human SUBDIR += py-certbot SUBDIR += py-certbot-apache SUBDIR += py-certbot-dns-cloudflare SUBDIR += py-certbot-dns-cpanel SUBDIR += py-certbot-dns-digitalocean SUBDIR += py-certbot-dns-dnsimple SUBDIR += py-certbot-dns-dnsmadeeasy SUBDIR += py-certbot-dns-gandi SUBDIR += py-certbot-dns-gehirn SUBDIR += py-certbot-dns-google SUBDIR += py-certbot-dns-linode SUBDIR += py-certbot-dns-luadns SUBDIR += py-certbot-dns-nsone SUBDIR += py-certbot-dns-ovh SUBDIR += py-certbot-dns-powerdns SUBDIR += py-certbot-dns-rfc2136 SUBDIR += py-certbot-dns-route53 SUBDIR += py-certbot-dns-sakuracloud SUBDIR += py-certbot-dns-standalone SUBDIR += py-certbot-nginx SUBDIR += py-certifi SUBDIR += py-certomancer SUBDIR += py-certstream SUBDIR += py-ckcc-protocol SUBDIR += py-coincurve SUBDIR += py-cpe SUBDIR += py-cryptography SUBDIR += py-cryptography-legacy SUBDIR += py-cryptography-vectors SUBDIR += py-ctypescrypto SUBDIR += py-cybox SUBDIR += py-detect-secrets SUBDIR += py-dfdatetime SUBDIR += py-dfvfs SUBDIR += py-dfwinreg SUBDIR += py-dirhash SUBDIR += py-django-auth-kerberos SUBDIR += py-docker-pycreds SUBDIR += py-ecdsa SUBDIR += py-ed25519ll SUBDIR += py-exscript SUBDIR += py-fail2ban SUBDIR += py-fido2 SUBDIR += py-first-server SUBDIR += py-flask-bcrypt SUBDIR += py-flask-httpauth SUBDIR += py-flask-kerberos SUBDIR += py-flask-saml SUBDIR += py-gixy SUBDIR += py-gnupg SUBDIR += py-gnutls SUBDIR += py-google-auth SUBDIR += py-google-auth-httplib2 SUBDIR += py-google-auth-oauthlib SUBDIR += py-gpgme SUBDIR += py-gpsoauth SUBDIR += py-greenbone-feed-sync SUBDIR += py-gssapi SUBDIR += py-gvm-tools SUBDIR += py-hkdf SUBDIR += py-htpasswd SUBDIR += py-httpx-auth SUBDIR += py-iris-check-module SUBDIR += py-iris-client SUBDIR += py-iris-evtx-module SUBDIR += py-iris-intelowl-module SUBDIR += py-iris-misp-module SUBDIR += py-iris-module-interface SUBDIR += py-iris-vt-module SUBDIR += py-iris-webhooks-module SUBDIR += py-itsdangerous SUBDIR += py-josepy SUBDIR += py-joserfc SUBDIR += py-jwcrypto SUBDIR += py-keepkey SUBDIR += py-kerberos SUBDIR += py-keyring SUBDIR += py-keyrings.alt SUBDIR += py-krb5 SUBDIR += py-libnacl SUBDIR += py-liboqs-python SUBDIR += py-m2crypto SUBDIR += py-maec SUBDIR += py-merkletools SUBDIR += py-mixbox SUBDIR += py-mkpasswd SUBDIR += py-mnemonic SUBDIR += py-msoffcrypto-tool SUBDIR += py-muacrypt SUBDIR += py-netbox-secrets SUBDIR += py-netmiko SUBDIR += py-noiseprotocol SUBDIR += py-notus-scanner SUBDIR += py-ntlm-auth SUBDIR += py-oauth2client SUBDIR += py-oauthlib SUBDIR += py-omemo-dr SUBDIR += py-onlykey SUBDIR += py-openssl SUBDIR += py-oscrypto SUBDIR += py-ospd-openvas SUBDIR += py-paramiko SUBDIR += py-pass-audit SUBDIR += py-pass-git-helper SUBDIR += py-passlib SUBDIR += py-pbkdf2 SUBDIR += py-pem SUBDIR += py-pgpdump SUBDIR += py-pgpy SUBDIR += py-plaso SUBDIR += py-pnu-certwatch SUBDIR += py-pnu-vuxml SUBDIR += py-potr SUBDIR += py-pwntools SUBDIR += py-pyaes SUBDIR += py-pyaff4 SUBDIR += py-pyaxo SUBDIR += py-pyclamd SUBDIR += py-pycryptodome SUBDIR += py-pycryptodome-test-vectors SUBDIR += py-pycryptodomex SUBDIR += py-pyelliptic SUBDIR += py-pyhanko SUBDIR += py-pyhanko-certvalidator SUBDIR += py-pylibacl SUBDIR += py-pymacaroons SUBDIR += py-pynacl SUBDIR += py-pyotp SUBDIR += py-pyotp2289 SUBDIR += py-pysaml2 SUBDIR += py-pysaml26 SUBDIR += py-pyscard SUBDIR += py-pysodium SUBDIR += py-pyspnego SUBDIR += py-python-axolotl SUBDIR += py-python-axolotl-curve25519 SUBDIR += py-python-cas SUBDIR += py-python-gnupg SUBDIR += py-python-gvm SUBDIR += py-python-jose SUBDIR += py-python-nss SUBDIR += py-python-openid SUBDIR += py-python-pam SUBDIR += py-python-pkcs11 SUBDIR += py-python-registry SUBDIR += py-python3-openid SUBDIR += py-python3-saml SUBDIR += py-pyvex SUBDIR += py-pywinrm SUBDIR += py-requests-credssp SUBDIR += py-requests-kerberos SUBDIR += py-ropgadget SUBDIR += py-ropper SUBDIR += py-rsa SUBDIR += py-safe SUBDIR += py-scp SUBDIR += py-scramp SUBDIR += py-scrypt SUBDIR += py-secure SUBDIR += py-securesystemslib SUBDIR += py-service-identity SUBDIR += py-signedjson SUBDIR += py-social-auth-core SUBDIR += py-spake2 SUBDIR += py-ssh-audit SUBDIR += py-sshpubkeys SUBDIR += py-stem SUBDIR += py-stix SUBDIR += py-stix2 SUBDIR += py-stix2-patterns SUBDIR += py-taxii2-client SUBDIR += py-tinyaes SUBDIR += py-tls-parser SUBDIR += py-tlslite SUBDIR += py-tlslite-ng SUBDIR += py-trezor SUBDIR += py-trustme SUBDIR += py-truststore SUBDIR += py-tuf SUBDIR += py-txtorcon SUBDIR += py-uhashring SUBDIR += py-vici SUBDIR += py-virustotal-api SUBDIR += py-volatility3 SUBDIR += py-vpn-slice SUBDIR += py-vulndb SUBDIR += py-webauthn SUBDIR += py-xkcdpass SUBDIR += py-xmlsec SUBDIR += py-yara SUBDIR += py-yara-python-dex SUBDIR += py-yubikey-manager SUBDIR += py-zkg SUBDIR += py-zope.password SUBDIR += py-zxcvbn SUBDIR += pygost SUBDIR += qtkeychain SUBDIR += quantis-kmod SUBDIR += racoon2 SUBDIR += rage-encryption SUBDIR += ratify SUBDIR += ratproxy SUBDIR += rats SUBDIR += rcracki_mt SUBDIR += reop SUBDIR += rhash SUBDIR += rhonabwy SUBDIR += ridl SUBDIR += rifiuti2 SUBDIR += rkhunter SUBDIR += rndpassw SUBDIR += rnp SUBDIR += rotate SUBDIR += rpm-sequoia SUBDIR += rubygem-acme-client SUBDIR += rubygem-aes_key_wrap SUBDIR += rubygem-airbrussh SUBDIR += rubygem-android_key_attestation SUBDIR += rubygem-attr_encrypted SUBDIR += rubygem-attr_encrypted3 SUBDIR += rubygem-bcrypt SUBDIR += rubygem-bcrypt-ruby SUBDIR += rubygem-bcrypt_pbkdf SUBDIR += rubygem-cancancan SUBDIR += rubygem-cose SUBDIR += rubygem-cvss-suite SUBDIR += rubygem-declarative_policy SUBDIR += rubygem-devise-two-factor SUBDIR += rubygem-devise-two-factor-rails5 SUBDIR += rubygem-devise-two-factor-rails70 SUBDIR += rubygem-devise-two-factor41-rails70 SUBDIR += rubygem-devise_pam_authenticatable2 SUBDIR += rubygem-devise_pam_authenticatable2-rails61 SUBDIR += rubygem-digest SUBDIR += rubygem-digest-crc SUBDIR += rubygem-doorkeeper SUBDIR += rubygem-doorkeeper-openid_connect SUBDIR += rubygem-doorkeeper-rails5 SUBDIR += rubygem-doorkeeper-rails50 SUBDIR += rubygem-doorkeeper-rails61 SUBDIR += rubygem-doorkeeper-rails70 SUBDIR += rubygem-duo_api SUBDIR += rubygem-ed25519 SUBDIR += rubygem-encryptor SUBDIR += rubygem-ezcrypto SUBDIR += rubygem-googleauth SUBDIR += rubygem-gpgme SUBDIR += rubygem-gpgr SUBDIR += rubygem-gssapi SUBDIR += rubygem-haiti-hash SUBDIR += rubygem-hkdf SUBDIR += rubygem-hkdf0 SUBDIR += rubygem-hrr_rb_ssh SUBDIR += rubygem-hrr_rb_ssh-ed25519 SUBDIR += rubygem-lockbox SUBDIR += rubygem-metasploit-concern SUBDIR += rubygem-metasploit-credential SUBDIR += rubygem-metasploit-model SUBDIR += rubygem-metasploit-payloads SUBDIR += rubygem-metasploit_data_models SUBDIR += rubygem-metasploit_payloads-mettle SUBDIR += rubygem-nessus_rest SUBDIR += rubygem-net-scp SUBDIR += rubygem-net-scp1 SUBDIR += rubygem-net-sftp SUBDIR += rubygem-net-ssh SUBDIR += rubygem-net-ssh-gateway SUBDIR += rubygem-net-ssh-krb SUBDIR += rubygem-net-ssh-multi SUBDIR += rubygem-net-ssh5 SUBDIR += rubygem-net-ssh6 SUBDIR += rubygem-net-telnet SUBDIR += rubygem-nexpose SUBDIR += rubygem-nmap-parser SUBDIR += rubygem-omniauth SUBDIR += rubygem-omniauth-alicloud SUBDIR += rubygem-omniauth-atlassian-oauth2 SUBDIR += rubygem-omniauth-bitbucket SUBDIR += rubygem-omniauth-cas SUBDIR += rubygem-omniauth-dingtalk-oauth2 SUBDIR += rubygem-omniauth-gitlab SUBDIR += rubygem-omniauth-jwt SUBDIR += rubygem-omniauth-multipassword SUBDIR += rubygem-omniauth-oauth2-generic SUBDIR += rubygem-omniauth-rails_csrf_protection SUBDIR += rubygem-omniauth-saml SUBDIR += rubygem-omniauth-saml1 SUBDIR += rubygem-omniauth-shibboleth SUBDIR += rubygem-omniauth-shibboleth-redux SUBDIR += rubygem-omniauth1 SUBDIR += rubygem-openssl SUBDIR += rubygem-openssl-ccm SUBDIR += rubygem-openssl-cmac SUBDIR += rubygem-openssl-signature_algorithm SUBDIR += rubygem-openvas-omp SUBDIR += rubygem-origami SUBDIR += rubygem-pbkdf2-ruby SUBDIR += rubygem-pundit SUBDIR += rubygem-pundit61 SUBDIR += rubygem-pwned SUBDIR += rubygem-pyu-ruby-sasl SUBDIR += rubygem-rack-oauth2 SUBDIR += rubygem-rack-oauth21 SUBDIR += rubygem-rasn1 SUBDIR += rubygem-razorback-scriptNugget SUBDIR += rubygem-rbnacl SUBDIR += rubygem-rbnacl-libsodium SUBDIR += rubygem-recog SUBDIR += rubygem-rex-arch SUBDIR += rubygem-rex-bin_tools SUBDIR += rubygem-rex-core SUBDIR += rubygem-rex-encoder SUBDIR += rubygem-rex-exploitation SUBDIR += rubygem-rex-java SUBDIR += rubygem-rex-mime SUBDIR += rubygem-rex-nop SUBDIR += rubygem-rex-ole SUBDIR += rubygem-rex-powershell SUBDIR += rubygem-rex-random_identifier SUBDIR += rubygem-rex-registry SUBDIR += rubygem-rex-rop_builder SUBDIR += rubygem-rex-socket SUBDIR += rubygem-rex-sslscan SUBDIR += rubygem-rex-struct2 SUBDIR += rubygem-rex-text SUBDIR += rubygem-rex-zip SUBDIR += rubygem-roauth SUBDIR += rubygem-rpam2 SUBDIR += rubygem-ruby-hmac SUBDIR += rubygem-ruby-rc4 SUBDIR += rubygem-ruby-saml SUBDIR += rubygem-ruby-saml115 SUBDIR += rubygem-safety_net_attestation SUBDIR += rubygem-scrypt SUBDIR += rubygem-securecompare SUBDIR += rubygem-securerandom SUBDIR += rubygem-signet SUBDIR += rubygem-six SUBDIR += rubygem-ssh_data SUBDIR += rubygem-sshkey SUBDIR += rubygem-sshkit SUBDIR += rubygem-sslshake SUBDIR += rubygem-ssrf_filter SUBDIR += rubygem-timfel-krb5 SUBDIR += rubygem-tpm-key_attestation SUBDIR += rubygem-twitter_oauth SUBDIR += rubygem-unix-crypt SUBDIR += rubygem-vault SUBDIR += rubygem-webauthn SUBDIR += rubygem-webpush SUBDIR += rustls-ffi SUBDIR += rustscan SUBDIR += s2n-tls SUBDIR += safesh SUBDIR += samhain SUBDIR += samhain-client SUBDIR += samhain-server SUBDIR += sasp SUBDIR += scanlogd SUBDIR += scrypt SUBDIR += seahorse SUBDIR += seal SUBDIR += seccure SUBDIR += seclists SUBDIR += secpanel SUBDIR += sectok SUBDIR += secure_delete SUBDIR += sedutil SUBDIR += sequoia SUBDIR += sequoia-sq SUBDIR += setaudit SUBDIR += sha1collisiondetection SUBDIR += sha2wordlist SUBDIR += shibboleth-idp SUBDIR += shibboleth-sp SUBDIR += sig2dot SUBDIR += signify SUBDIR += signing-party SUBDIR += silktools SUBDIR += smurflog SUBDIR += sniffglue SUBDIR += snoopy SUBDIR += snort SUBDIR += snort-rep SUBDIR += snort2pfcd SUBDIR += snort3 SUBDIR += snortsam SUBDIR += snortsnarf SUBDIR += snowflake-tor SUBDIR += snuffleupagus SUBDIR += softether SUBDIR += softether-devel SUBDIR += softether5 SUBDIR += softhsm2 SUBDIR += solana SUBDIR += sops SUBDIR += spass SUBDIR += spass-qt5 SUBDIR += spectre-meltdown-checker SUBDIR += spm SUBDIR += sqlmap SUBDIR += sqlninja SUBDIR += srm SUBDIR += ssb SUBDIR += ssdeep SUBDIR += ssh-import-id SUBDIR += ssh-multiadd SUBDIR += ssh-tools SUBDIR += ssh-vault SUBDIR += sshguard SUBDIR += sshpass SUBDIR += ssl-admin SUBDIR += ssllabs-scan SUBDIR += sslproxy SUBDIR += sslscan SUBDIR += sslsplit SUBDIR += sssd SUBDIR += sssd2 SUBDIR += ssss SUBDIR += sst SUBDIR += starttls SUBDIR += steghide SUBDIR += stegify SUBDIR += step-certificates SUBDIR += step-cli SUBDIR += stoken SUBDIR += strongswan SUBDIR += stunnel SUBDIR += su-exec SUBDIR += subversion-gnome-keyring SUBDIR += sudo SUBDIR += sudoscript SUBDIR += super SUBDIR += suricata SUBDIR += swatchdog SUBDIR += tailscale SUBDIR += tang SUBDIR += tclsasl SUBDIR += tcpcrypt SUBDIR += teleport SUBDIR += testssl.sh SUBDIR += tfhe SUBDIR += tfsec SUBDIR += theonionbox SUBDIR += tinc SUBDIR += tinc-devel SUBDIR += tinyca SUBDIR += tls-check SUBDIR += tlsc SUBDIR += tor SUBDIR += totp-cli SUBDIR += tpm-quote-tools SUBDIR += tpm-tools SUBDIR += tpm2-abrmd SUBDIR += tpm2-pkcs11 SUBDIR += tpm2-tools SUBDIR += tpm2-tss SUBDIR += transcrypt SUBDIR += trezord SUBDIR += tripwire SUBDIR += trivy SUBDIR += trousers SUBDIR += trufflehog SUBDIR += tthsum SUBDIR += u2f-devd SUBDIR += uacme SUBDIR += ubuntu-keyring SUBDIR += unhide SUBDIR += unix-selfauth-helper SUBDIR += vanguards-tor SUBDIR += vault SUBDIR += vaultwarden SUBDIR += veracrypt SUBDIR += vigenere SUBDIR += vlock SUBDIR += vm-to-tor SUBDIR += vouch-proxy SUBDIR += vpnc SUBDIR += vuls SUBDIR += vulsrepo SUBDIR += vuxml SUBDIR += vxquery SUBDIR += wapiti SUBDIR += wazuh-agent SUBDIR += wazuh-dashboard SUBDIR += wazuh-indexer SUBDIR += wazuh-manager SUBDIR += wazuh-server SUBDIR += webfwlog SUBDIR += webtunnel-tor SUBDIR += weggli SUBDIR += whatweb SUBDIR += wipe SUBDIR += wolfssh SUBDIR += wolfssl SUBDIR += wpa_supplicant SUBDIR += wpa_supplicant-devel + SUBDIR += wpa_supplicant210 SUBDIR += wpa_supplicant29 SUBDIR += xca SUBDIR += xhash SUBDIR += xinetd SUBDIR += xml-security SUBDIR += xmlsec1 SUBDIR += xorsearch SUBDIR += xray-core SUBDIR += yafic SUBDIR += yapet SUBDIR += yara SUBDIR += yersinia SUBDIR += ykclient SUBDIR += ykpers SUBDIR += ylva SUBDIR += yubico-piv-tool SUBDIR += yubikey-agent SUBDIR += yubikey-manager-qt SUBDIR += yubikey-personalization-gui SUBDIR += yubioath-desktop SUBDIR += zaproxy SUBDIR += zeek SUBDIR += zeronet SUBDIR += zlint SUBDIR += zzuf .include diff --git a/security/wpa_supplicant210/Makefile b/security/wpa_supplicant210/Makefile new file mode 100644 index 000000000000..64c26a652871 --- /dev/null +++ b/security/wpa_supplicant210/Makefile @@ -0,0 +1,226 @@ +PORTNAME= wpa_supplicant +PORTVERSION= 2.10 +PORTREVISION= 10 +CATEGORIES= security net +MASTER_SITES= https://w1.fi/releases/ +PKGNAMESUFFIX= 210 + +MAINTAINER= cy@FreeBSD.org +COMMENT= Supplicant (client) for WPA/802.1x protocols +WWW= https://w1.fi/wpa_supplicant/ + +LICENSE= BSD3CLAUSE +LICENSE_FILE= ${WRKSRC}/README + +USES= cpe gmake pkgconfig:build readline ssl +BUILD_WRKSRC= ${WRKSRC}/wpa_supplicant +INSTALL_WRKSRC= ${WRKSRC}/src +CFLAGS+= ${CPPFLAGS} # USES=readline only augments CPPFLAGS and LDFLAGS +CFLAGS+= -I${OPENSSLINC} +CFLAGS+= -Wno-deprecated-declarations +LDFLAGS+= -L${OPENSSLLIB} -lutil +MAKE_ENV= V=1 + +SUB_FILES= pkg-message +PORTDOCS= README ChangeLog + +CFG= ${BUILD_WRKSRC}/.config + +.if !exists(/etc/rc.d/wpa_supplicant) +USE_RC_SUBR= wpa_supplicant +.endif + +OPTIONS_MULTI= DRV EAP +OPTIONS_MULTI_DRV= BSD WIRED NDIS TEST NONE #ROBOSWITCH +OPTIONS_MULTI_EAP= TLS PEAP TTLS MD5 MSCHAPV2 GTC LEAP OTP PSK FAST \ + SIM PWD PAX AKA AKA_PRIME SAKE GPSK TNC IKEV2 EKE +OPTIONS_DEFINE= WPS WPS_ER WPS_NOREG WPS_NFC WPS_UPNP PKCS12 SMARTCARD \ + HT_OVERRIDES VHT_OVERRIDES TLSV12 IEEE80211W \ + IEEE80211R DEBUG_FILE DEBUG_SYSLOG PRIVSEP \ + DELAYED_MIC IEEE80211N IEEE80211AC INTERWORKING \ + IEEE8021X_EAPOL EAPOL_TEST \ + HS20 NO_ROAMING P2P TDLS DBUS MATCH DOCS \ + SIM_SIMULATOR USIM_SIMULATOR WEP +OPTIONS_DEFAULT= BSD WIRED \ + TLS PEAP TTLS MD5 MSCHAPV2 GTC LEAP OTP PSK \ + WPS PKCS12 SMARTCARD IEEE80211R DEBUG_SYSLOG \ + INTERWORKING HS20 DBUS MATCH IEEE80211R IEEE80211W \ + IEEE8021X_EAPOL WPS_ER WPS_NFC WPS_UPNP \ + FAST PWD PAX SAKE GPSK TNC IKEV2 EKE WEP +OPTIONS_SUB= + +WPS_DESC= Wi-Fi Protected Setup +WPS_ER_DESC= Enable WPS External Registrar +WPS_NOREG_DESC= Disable open network credentials when registrar +WPS_NFC_DESC= Near Field Communication (NFC) configuration +WPS_UPNP_DESC= Universal Plug and Play support +PKCS12_DESC= PKCS\#12 (PFS) support +SMARTCARD_DESC= Private key on smartcard support +HT_OVERRIDES_DESC= Disable HT/HT40, mask MCS rates, etc +VHT_OVERRIDES_DESC= Disable VHT, mask MCS rates, etc +TLSV12_DESC= Build with TLS v1.2 instead of TLS v1.0 +IEEE80211AC_DESC= Very High Throughput, AP mode (IEEE 802.11ac) +IEEE80211N_DESC= High Throughput, AP mode (IEEE 802.11n) +IEEE80211R_DESC= Fast BSS Transition (IEEE 802.11r-2008) +IEEE80211W_DESC= Management Frame Protection (IEEE 802.11w) +IEEE8021X_EAPOL_DESC= EAP over LAN support +EAPOL_TEST_DESC= Development testing +DEBUG_FILE_DESC= Support for writing debug log to a file +DEBUG_SYSLOG_DESC= Send debug messages to syslog instead of stdout +PRIVSEP_DESC= Privilege separation +DELAYED_MIC_DESC= Mitigate TKIP attack, random delay on MIC errors +INTERWORKING_DESC= Improve ext. network interworking (IEEE 802.11u) +HS20_DESC= Hotspot 2.0 +NO_ROAMING_DESC= Disable roaming +P2P_DESC= Peer-to-Peer support +TDLS_DESC= Tunneled Direct Link Setup +MATCH_DESC= Interface match mode + +DRV_DESC= Driver options +BSD_DESC= BSD net80211 interface +NDIS_DESC= Windows NDIS interface +WIRED_DESC= Wired ethernet interface +ROBOSWITCH_DESC= Broadcom Roboswitch interface +TEST_DESC= Development testing interface +NONE_DESC= The 'no driver' interface, e.g. WPS ER only + +EAP_DESC= Extensible Authentication Protocols +TLS_DESC= Transport Layer Security +PEAP_DESC= Protected Extensible Authentication Protocol +TTLS_DESC= Tunneled Transport Layer Security +MD5_DESC= MD5 hash (deprecated, no key generation) +MSCHAPV2_DESC= Microsoft CHAP version 2 (RFC 2759) +GTC_DESC= Generic Token Card +LEAP_DESC= Lightweight Extensible Authentication Protocol +OTP_DESC= One-Time Password +PSK_DESC= Pre-Shared key +FAST_DESC= Flexible Authentication via Secure Tunneling +AKA_DESC= Autentication and Key Agreement (UMTS) +AKA_PRIME_DESC= AKA Prime variant (RFC 5448) +EKE_DESC= Encrypted Key Exchange +WEP_DESC= WEP support +SIM_DESC= Subscriber Identity Module +SIM_SIMULATOR_DESC= SIM simulator (Milenage) for EAP-SIM +USIM_SIMULATOR_DESC= SIM simulator (Milenage) for EAP-AKA +IKEV2_DESC= Internet Key Exchange version 2 +PWD_DESC= Shared password (RFC 5931) +PAX_DESC= Password Authenticated Exchange +SAKE_DESC= Shared-Secret Authentication & Key Establishment +GPSK_DESC= Generalized Pre-Shared Key +TNC_DESC= Trusted Network Connect + +PRIVSEP_PLIST_FILES= sbin/wpa_priv +DBUS_PLIST_FILES= share/dbus-1/system-services/fi.w1.wpa_supplicant1.service \ + etc/dbus-1/system.d/dbus-wpa_supplicant.conf + +.include + +.if ${PORT_OPTIONS:MNDIS} && ${PORT_OPTIONS:MPRIVSEP} +BROKEN= Fails to compile with both NDIS and PRIVSEP +.endif + +.if ${PORT_OPTIONS:MIEEE80211AC} && ${PORT_OPTIONS:MIEEE80211N} +BROKEN= Fails to compile with both IEEE80211AC and IEEE80211N +.endif + +.if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME} +LIB_DEPENDS+= libpcsclite.so:devel/pcsc-lite +CFLAGS+= -I${LOCALBASE}/include/PCSC +LDFLAGS+= -L${LOCALBASE}/lib +.endif + +.if ${PORT_OPTIONS:MDBUS} +LIB_DEPENDS+= libdbus-1.so:devel/dbus +.endif + +post-patch: + @${CP} ${FILESDIR}/Packet32.[ch] ${FILESDIR}/ntddndis.h \ + ${WRKSRC}/src/utils + # Set driver(s) +.for item in BSD NDIS WIRED ROBOSWITCH TEST NONE +. if ${PORT_OPTIONS:M${item}} + @${ECHO_CMD} CONFIG_DRIVER_${item}=y >> ${CFG} +. endif +.endfor + # Set EAP protocol(s) +.for item in MD5 MSCHAPV2 TLS PEAP TTLS FAST GTC OTP PSK PWD PAX LEAP SIM \ + AKA AKA_PRIME SAKE GPSK TNC IKEV2 EKE WEP +. if ${PORT_OPTIONS:M${item}} + @${ECHO_CMD} CONFIG_EAP_${item:tu}=y >> ${CFG} +. endif +.endfor +.if ${PORT_OPTIONS:MSIM} || ${PORT_OPTIONS:MAKA} || ${PORT_OPTIONS:MAKA_PRIME} + @${ECHO_CMD} CONFIG_PCSC=y >> ${CFG} +.endif +.for simple in WPS WPS_ER WPS_NFC WPS_UPNP PKCS12 SMARTCARD HT_OVERRIDES \ + VHT_OVERRIDES TLSV12 IEEE80211AC IEEE80211N IEEE80211R IEEE80211W \ + IEEE8021X_EAPOL EAPOL_TEST \ + INTERWORKING DEBUG_FILE DEBUG_SYSLOG HS20 NO_ROAMING PRIVSEP P2P TDLS +. if ${PORT_OPTIONS:M${simple}} + @${ECHO_CMD} CONFIG_${simple}=y >> ${CFG} +. endif +.endfor +.for item in READLINE PEERKEY + @${ECHO_CMD} CONFIG_${item}=y >> ${CFG} +.endfor +.if ${PORT_OPTIONS:MIEEE80211AC} || ${PORT_OPTIONS:MIEEE80211N} + @${ECHO_CMD} CONFIG_AP=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MGPSK} + # GPSK desired, assume highest SHA desired too + @${ECHO_CMD} CONFIG_EAP_GPSK_SHA256=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MWPS_NOREG} + @${ECHO_CMD} CONFIG_WPS_REG_DISABLE_OPEN=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MDELAYED_MIC} + @${ECHO_CMD} CONFIG_DELAYED_MIC_ERROR_REPORT=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MDBUS} + @${ECHO_CMD} CONFIG_CTRL_IFACE_DBUS_NEW=y >> ${CFG} + @${ECHO_CMD} CONFIG_CTRL_IFACE_DBUS_INTRO=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MMATCH} + @${ECHO_CMD} CONFIG_MATCH_IFACE=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MUSIM_SIMULATOR} + @${ECHO_CMD} CONFIG_USIM_SIMULATOR=y >> ${CFG} +.endif +.if ${PORT_OPTIONS:MSIM_SIMULATOR} + @${ECHO_CMD} CONFIG_SIM_SIMULATOR=y >> ${CFG} +.endif + @${ECHO_CMD} CONFIG_OS=unix >> ${CFG} + @${ECHO_CMD} CONFIG_CTRL_IFACE=unix >> ${CFG} + @${ECHO_CMD} CONFIG_BACKEND=file >> ${CFG} + @${ECHO_CMD} CONFIG_L2_PACKET=freebsd >> ${CFG} + @${ECHO_CMD} CONFIG_TLS=openssl >> ${CFG} + +post-build-EAPOL_TEST-on: + cd ${BUILD_WRKSRC} && ${GMAKE} eapol_test + +do-install: + (cd ${BUILD_WRKSRC} && ${INSTALL_PROGRAM} wpa_supplicant wpa_cli \ + wpa_passphrase ${STAGEDIR}${PREFIX}/sbin) + ${INSTALL_DATA} ${BUILD_WRKSRC}/wpa_supplicant.conf \ + ${STAGEDIR}${PREFIX}/etc/wpa_supplicant.conf.sample + +do-install-EAPOL_TEST-on: + ${INSTALL_PROGRAM} ${BUILD_WRKSRC}/eapol_test ${STAGEDIR}${PREFIX}/sbin + +do-install-DOCS-on: + @${MKDIR} ${STAGEDIR}${DOCSDIR} + (cd ${BUILD_WRKSRC} && \ + ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR}) + +do-install-PRIVSEP-on: + ${INSTALL_PROGRAM} ${BUILD_WRKSRC}/wpa_priv ${STAGEDIR}${PREFIX}/sbin + +do-install-DBUS-on: + @${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/ + @${MKDIR} ${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/ + ${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/fi.w1.wpa_supplicant1.service \ + ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/ + ${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/dbus-wpa_supplicant.conf \ + ${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/ + +.include diff --git a/security/wpa_supplicant210/distinfo b/security/wpa_supplicant210/distinfo new file mode 100644 index 000000000000..5cdea91002ec --- /dev/null +++ b/security/wpa_supplicant210/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1642435837 +SHA256 (wpa_supplicant-2.10.tar.gz) = 20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f +SIZE (wpa_supplicant-2.10.tar.gz) = 3511622 diff --git a/security/wpa_supplicant210/files/Packet32.c b/security/wpa_supplicant210/files/Packet32.c new file mode 100644 index 000000000000..95cae8c5c975 --- /dev/null +++ b/security/wpa_supplicant210/files/Packet32.c @@ -0,0 +1,366 @@ +/*- + * Copyright (c) 2005 + * Bill Paul . All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Bill Paul. + * 4. Neither the name of the author nor the names of any co-contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + * THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This file implements a small portion of the Winpcap API for the + * Windows NDIS interface in wpa_supplicant. It provides just enough + * routines to fool wpa_supplicant into thinking it's really running + * in a Windows environment. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#ifdef __FreeBSD__ +#include +#endif +#ifdef __DragonFly__ +#include +#endif + +#include +#include +#include +#include +#include + +#include "Packet32.h" + +#define OID_802_11_ADD_KEY 0x0d01011D + +typedef ULONGLONG NDIS_802_11_KEY_RSC; +typedef UCHAR NDIS_802_11_MAC_ADDRESS[6]; + +typedef struct NDIS_802_11_KEY { + ULONG Length; + ULONG KeyIndex; + ULONG KeyLength; + NDIS_802_11_MAC_ADDRESS BSSID; + NDIS_802_11_KEY_RSC KeyRSC; + UCHAR KeyMaterial[1]; +} NDIS_802_11_KEY; + +typedef struct NDIS_802_11_KEY_COMPAT { + ULONG Length; + ULONG KeyIndex; + ULONG KeyLength; + NDIS_802_11_MAC_ADDRESS BSSID; + UCHAR Pad[6]; /* Make struct layout match Windows. */ + NDIS_802_11_KEY_RSC KeyRSC; +#ifdef notdef + UCHAR KeyMaterial[1]; +#endif +} NDIS_802_11_KEY_COMPAT; + +#define TRUE 1 +#define FALSE 0 + +struct adapter { + int socket; + char name[IFNAMSIZ]; + int prev_roaming; +}; + +PCHAR +PacketGetVersion(void) +{ + return("FreeBSD WinPcap compatibility shim v1.0"); +} + +void * +PacketOpenAdapter(CHAR *iface) +{ + struct adapter *a; + int s; + int ifflags; + struct ifreq ifr; + struct ieee80211req ireq; + + s = socket(PF_INET, SOCK_DGRAM, 0); + + if (s == -1) + return(NULL); + + a = malloc(sizeof(struct adapter)); + if (a == NULL) + return(NULL); + + a->socket = s; + if (strncmp(iface, "\\Device\\NPF_", 12) == 0) + iface += 12; + else if (strncmp(iface, "\\DEVICE\\", 8) == 0) + iface += 8; + snprintf(a->name, IFNAMSIZ, "%s", iface); + + /* Turn off net80211 roaming */ + bzero((char *)&ireq, sizeof(ireq)); + strncpy(ireq.i_name, iface, sizeof (ifr.ifr_name)); + ireq.i_type = IEEE80211_IOC_ROAMING; + if (ioctl(a->socket, SIOCG80211, &ireq) == 0) { + a->prev_roaming = ireq.i_val; + ireq.i_val = IEEE80211_ROAMING_MANUAL; + if (ioctl(a->socket, SIOCS80211, &ireq) < 0) + fprintf(stderr, + "Could not set IEEE80211_ROAMING_MANUAL\n"); + } + + bzero((char *)&ifr, sizeof(ifr)); + strncpy(ifr.ifr_name, iface, sizeof (ifr.ifr_name)); + if (ioctl(a->socket, SIOCGIFFLAGS, (caddr_t)&ifr) < 0) { + free(a); + close(s); + return(NULL); + } + ifr.ifr_flags |= IFF_UP; + if (ioctl(a->socket, SIOCSIFFLAGS, (caddr_t)&ifr) < 0) { + free(a); + close(s); + return(NULL); + } + + return(a); +} + +int +PacketRequest(void *iface, BOOLEAN set, PACKET_OID_DATA *oid) +{ + struct adapter *a; + uint32_t retval; + struct ifreq ifr; + NDIS_802_11_KEY *old; + NDIS_802_11_KEY_COMPAT *new; + PACKET_OID_DATA *o = NULL; + + if (iface == NULL) + return(-1); + + a = iface; + bzero((char *)&ifr, sizeof(ifr)); + + /* + * This hack is necessary to work around a difference + * betwee the GNU C and Microsoft C compilers. The NDIS_802_11_KEY + * structure has a uint64_t in it, right after an array of + * chars. The Microsoft compiler inserts padding right before + * the 64-bit value to align it on a 64-bit boundary, but + * GCC only aligns it on a 32-bit boundary. Trying to pass + * the GCC-formatted structure to an NDIS binary driver + * fails because some of the fields appear to be at the + * wrong offsets. + * + * To get around this, if we detect someone is trying to do + * a set operation on OID_802_11_ADD_KEY, we shuffle the data + * into a properly padded structure and pass that into the + * driver instead. This allows the driver_ndis.c code supplied + * with wpa_supplicant to work unmodified. + */ + + if (set == TRUE && oid->Oid == OID_802_11_ADD_KEY) { + old = (NDIS_802_11_KEY *)&oid->Data; + o = malloc(sizeof(PACKET_OID_DATA) + + sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength); + if (o == NULL) + return(0); + bzero((char *)o, sizeof(PACKET_OID_DATA) + + sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength); + o->Oid = oid->Oid; + o->Length = sizeof(NDIS_802_11_KEY_COMPAT) + old->KeyLength; + new = (NDIS_802_11_KEY_COMPAT *)&o->Data; + new->KeyRSC = old->KeyRSC; + new->Length = o->Length; + new->KeyIndex = old->KeyIndex; + new->KeyLength = old->KeyLength; + bcopy(old->BSSID, new->BSSID, sizeof(NDIS_802_11_MAC_ADDRESS)); + bcopy(old->KeyMaterial, (char *)new + + sizeof(NDIS_802_11_KEY_COMPAT), new->KeyLength); + ifr.ifr_data = (caddr_t)o; + } else + ifr.ifr_data = (caddr_t)oid; + + strlcpy(ifr.ifr_name, a->name, sizeof(ifr.ifr_name)); + + if (set == TRUE) + retval = ioctl(a->socket, SIOCSDRVSPEC, &ifr); + else + retval = ioctl(a->socket, SIOCGDRVSPEC, &ifr); + + if (o != NULL) + free(o); + + if (retval) + return(0); + + return(1); +} + +int +PacketGetAdapterNames(CHAR *namelist, ULONG *len) +{ + int mib[6]; + size_t needed; + struct if_msghdr *ifm; + struct sockaddr_dl *sdl; + char *buf, *lim, *next; + char *plist; + int spc; + int i, ifcnt = 0; + + plist = namelist; + spc = 0; + + bzero(plist, *len); + + needed = 0; + mib[0] = CTL_NET; + mib[1] = PF_ROUTE; + mib[2] = 0; /* protocol */ + mib[3] = 0; /* wildcard address family */ + mib[4] = NET_RT_IFLIST; + mib[5] = 0; /* no flags */ + + if (sysctl (mib, 6, NULL, &needed, NULL, 0) < 0) + return(FALSE); + + buf = malloc (needed); + if (buf == NULL) + return(FALSE); + + if (sysctl (mib, 6, buf, &needed, NULL, 0) < 0) { + free(buf); + return(FALSE); + } + + lim = buf + needed; + + /* Generate interface name list. */ + + next = buf; + while (next < lim) { + ifm = (struct if_msghdr *)next; + if (ifm->ifm_type == RTM_IFINFO) { + sdl = (struct sockaddr_dl *)(ifm + 1); + if (strnstr(sdl->sdl_data, "wlan", sdl->sdl_nlen)) { + if ((spc + sdl->sdl_nlen) > *len) { + free(buf); + return(FALSE); + } + strncpy(plist, sdl->sdl_data, sdl->sdl_nlen); + plist += (sdl->sdl_nlen + 1); + spc += (sdl->sdl_nlen + 1); + ifcnt++; + } + } + next += ifm->ifm_msglen; + } + + + /* Insert an extra "" as a spacer */ + + plist++; + spc++; + + /* + * Now generate the interface description list. There + * must be a unique description for each interface, and + * they have to match what the ndis_events program will + * feed in later. To keep this simple, we just repeat + * the interface list over again. + */ + + next = buf; + while (next < lim) { + ifm = (struct if_msghdr *)next; + if (ifm->ifm_type == RTM_IFINFO) { + sdl = (struct sockaddr_dl *)(ifm + 1); + if (strnstr(sdl->sdl_data, "wlan", sdl->sdl_nlen)) { + if ((spc + sdl->sdl_nlen) > *len) { + free(buf); + return(FALSE); + } + strncpy(plist, sdl->sdl_data, sdl->sdl_nlen); + plist += (sdl->sdl_nlen + 1); + spc += (sdl->sdl_nlen + 1); + ifcnt++; + } + } + next += ifm->ifm_msglen; + } + + free (buf); + + *len = spc + 1; + + return(TRUE); +} + +void +PacketCloseAdapter(void *iface) +{ + struct adapter *a; + struct ifreq ifr; + struct ieee80211req ireq; + + if (iface == NULL) + return; + + a = iface; + + /* Reset net80211 roaming */ + bzero((char *)&ireq, sizeof(ireq)); + strncpy(ireq.i_name, a->name, sizeof (ifr.ifr_name)); + ireq.i_type = IEEE80211_IOC_ROAMING; + ireq.i_val = a->prev_roaming; + ioctl(a->socket, SIOCS80211, &ireq); + + bzero((char *)&ifr, sizeof(ifr)); + strncpy(ifr.ifr_name, a->name, sizeof (ifr.ifr_name)); + ioctl(a->socket, SIOCGIFFLAGS, (caddr_t)&ifr); + ifr.ifr_flags &= ~IFF_UP; + ioctl(a->socket, SIOCSIFFLAGS, (caddr_t)&ifr); + close(a->socket); + free(a); + + return; +} diff --git a/security/wpa_supplicant210/files/Packet32.h b/security/wpa_supplicant210/files/Packet32.h new file mode 100644 index 000000000000..c75e5f9dfe91 --- /dev/null +++ b/security/wpa_supplicant210/files/Packet32.h @@ -0,0 +1,65 @@ +/*- + * Copyright (c) 2005 + * Bill Paul . All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Bill Paul. + * 4. Neither the name of the author nor the names of any co-contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + * THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _PACKET32_H_ +#define _PACKET32_H_ + +#include +#include + +struct PACKET_OID_DATA { + uint32_t Oid; + uint32_t Length; + uint8_t Data[1]; +}; + + +typedef struct PACKET_OID_DATA PACKET_OID_DATA; + +extern PCHAR PacketGetVersion(void); +extern void *PacketOpenAdapter(CHAR *); +extern int PacketRequest(void *, BOOLEAN, PACKET_OID_DATA *); +extern int PacketGetAdapterNames(CHAR *, ULONG *); +extern void PacketCloseAdapter(void *); + +/* + * This is for backwards compatibility on FreeBSD 5. + */ + +#ifndef SIOCGDRVSPEC +#define SIOCSDRVSPEC _IOW('i', 123, struct ifreq) /* set driver-specific + parameters */ +#define SIOCGDRVSPEC _IOWR('i', 123, struct ifreq) /* get driver-specific + parameters */ +#endif + +#endif /* _PACKET32_H_ */ diff --git a/security/wpa_supplicant210/files/ntddndis.h b/security/wpa_supplicant210/files/ntddndis.h new file mode 100644 index 000000000000..0af0ce858b03 --- /dev/null +++ b/security/wpa_supplicant210/files/ntddndis.h @@ -0,0 +1,32 @@ +#ifndef _NTDDNDIS_H_ +#define _NTDDNDIS_H_ + +/* + * Fake up some of the Windows type definitions so that the NDIS + * interface module in wpa_supplicant will build. + */ + +#define ULONG uint32_t +#define USHORT uint16_t +#define UCHAR uint8_t +#define LONG int32_t +#define SHORT int16_t +#if __FreeBSD__ +#define CHAR char +#else +#define CHAR int8_t +#endif +#define ULONGLONG uint64_t +#define LONGLONG int64_t +#define BOOLEAN uint8_t +typedef void * LPADAPTER; +typedef char * PTSTR; +typedef char * PCHAR; + +#define TRUE 1 +#define FALSE 0 + +#define OID_802_3_CURRENT_ADDRESS 0x01010102 +#define OID_802_3_MULTICAST_LIST 0x01010103 + +#endif /* _NTDDNDIS_H_ */ diff --git a/security/wpa_supplicant210/files/patch-src_common_dhcp.h b/security/wpa_supplicant210/files/patch-src_common_dhcp.h new file mode 100644 index 000000000000..f88d1921a380 --- /dev/null +++ b/security/wpa_supplicant210/files/patch-src_common_dhcp.h @@ -0,0 +1,25 @@ +--- src/common/dhcp.h.orig 2018-12-02 11:34:59.000000000 -0800 ++++ src/common/dhcp.h 2018-12-06 00:01:11.429254000 -0800 +@@ -9,6 +9,22 @@ + #ifndef DHCP_H + #define DHCP_H + ++/* ++ * Translate Linux to FreeBSD ++ */ ++#define iphdr ip ++#define ihl ip_hl ++#define verson ip_v ++#define tos ip_tos ++#define tot_len ip_len ++#define id ip_id ++#define frag_off ip_off ++#define ttl ip_ttl ++#define protocol ip_p ++#define check ip_sum ++#define saddr ip_src ++#define daddr ip_dst ++ + #include + #if __FAVOR_BSD + #include diff --git a/security/wpa_supplicant210/files/patch-src_drivers_driver__bsd.c b/security/wpa_supplicant210/files/patch-src_drivers_driver__bsd.c new file mode 100644 index 000000000000..dd72e1710cbd --- /dev/null +++ b/security/wpa_supplicant210/files/patch-src_drivers_driver__bsd.c @@ -0,0 +1,281 @@ +--- src/drivers/driver_bsd.c.orig 2022-01-16 12:51:29.000000000 -0800 ++++ src/drivers/driver_bsd.c 2023-09-10 23:07:12.329586000 -0700 +@@ -14,6 +14,7 @@ + #include "driver.h" + #include "eloop.h" + #include "common/ieee802_11_defs.h" ++#include "common/ieee802_11_common.h" + #include "common/wpa_common.h" + + #include +@@ -293,8 +294,9 @@ + } + + static int +-bsd_get_iface_flags(struct bsd_driver_data *drv) ++bsd_ctrl_iface(void *priv, int enable) + { ++ struct bsd_driver_data *drv = priv; + struct ifreq ifr; + + os_memset(&ifr, 0, sizeof(ifr)); +@@ -306,7 +308,34 @@ + return -1; + } + drv->flags = ifr.ifr_flags; ++ ++ ++ if (enable) { ++ if (ifr.ifr_flags & IFF_UP) ++ goto nochange; ++ ifr.ifr_flags |= IFF_UP; ++ } else { ++ if (!(ifr.ifr_flags & IFF_UP)) ++ goto nochange; ++ ifr.ifr_flags &= ~IFF_UP; ++ } ++ ++ if (ioctl(drv->global->sock, SIOCSIFFLAGS, &ifr) < 0) { ++ wpa_printf(MSG_ERROR, "ioctl[SIOCSIFFLAGS]: %s", ++ strerror(errno)); ++ return -1; ++ } ++ ++ wpa_printf(MSG_DEBUG, "%s: if %s (changed) enable %d IFF_UP %d ", ++ __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0)); ++ ++ drv->flags = ifr.ifr_flags; + return 0; ++ ++nochange: ++ wpa_printf(MSG_DEBUG, "%s: if %s (no change) enable %d IFF_UP %d ", ++ __func__, drv->ifname, enable, ((ifr.ifr_flags & IFF_UP) != 0)); ++ return 0; + } + + static int +@@ -525,7 +554,7 @@ + __func__); + return -1; + } +- return 0; ++ return bsd_ctrl_iface(priv, 1); + } + + static void +@@ -853,14 +882,18 @@ + drv = bsd_get_drvindex(global, ifm->ifm_index); + if (drv == NULL) + return; +- if ((ifm->ifm_flags & IFF_UP) == 0 && +- (drv->flags & IFF_UP) != 0) { ++ if (((ifm->ifm_flags & IFF_UP) == 0 || ++ (ifm->ifm_flags & IFF_RUNNING) == 0) && ++ (drv->flags & IFF_UP) != 0 && ++ (drv->flags & IFF_RUNNING) != 0) { + wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' DOWN", + drv->ifname); + wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, + NULL); + } else if ((ifm->ifm_flags & IFF_UP) != 0 && +- (drv->flags & IFF_UP) == 0) { ++ (ifm->ifm_flags & IFF_RUNNING) != 0 && ++ ((drv->flags & IFF_UP) == 0 || ++ (drv->flags & IFF_RUNNING) == 0)) { + wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP", + drv->ifname); + wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, +@@ -1025,7 +1058,8 @@ + if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr)) + goto bad; + +- if (bsd_get_iface_flags(drv) < 0) ++ /* mark down during setup */ ++ if (bsd_ctrl_iface(drv, 0) < 0) + goto bad; + + if (bsd_set_mediaopt(drv, IFM_OMASK, IFM_IEEE80211_HOSTAP) < 0) { +@@ -1050,12 +1084,13 @@ + { + struct bsd_driver_data *drv = priv; + ++ if (drv->ifindex != 0) ++ bsd_ctrl_iface(drv, 0); + if (drv->sock_xmit != NULL) + l2_packet_deinit(drv->sock_xmit); + os_free(drv); + } + +- + static int + bsd_set_sta_authorized(void *priv, const u8 *addr, + unsigned int total_flags, unsigned int flags_or, +@@ -1197,13 +1232,41 @@ + } + + static int ++wpa_driver_bsd_set_rsn_wpa_ie(struct bsd_driver_data * drv, ++ struct wpa_driver_associate_params *params, const u8 *ie) ++{ ++ int privacy; ++ size_t ie_len = ie[1] ? ie[1] + 2 : 0; ++ ++ /* XXX error handling is wrong but unclear what to do... */ ++ if (wpa_driver_bsd_set_wpa_ie(drv, ie, ie_len) < 0) ++ return -1; ++ ++ privacy = !(params->pairwise_suite == WPA_CIPHER_NONE && ++ params->group_suite == WPA_CIPHER_NONE && ++ params->key_mgmt_suite == WPA_KEY_MGMT_NONE); ++ wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, ++ privacy); ++ ++ if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) ++ return -1; ++ ++ if (ie_len && ++ set80211param(drv, IEEE80211_IOC_WPA, ++ ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) ++ return -1; ++ ++ return 0; ++} ++ ++static int + wpa_driver_bsd_associate(void *priv, struct wpa_driver_associate_params *params) + { + struct bsd_driver_data *drv = priv; + struct ieee80211req_mlme mlme; + u32 mode; +- int privacy; + int ret = 0; ++ const u8 *wpa_ie, *rsn_ie; + + wpa_printf(MSG_DEBUG, + "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u" +@@ -1220,7 +1283,10 @@ + mode = 0 /* STA */; + break; + case IEEE80211_MODE_IBSS: ++#if 0 + mode = IFM_IEEE80211_IBSS; ++#endif ++ mode = IFM_IEEE80211_ADHOC; + break; + case IEEE80211_MODE_AP: + mode = IFM_IEEE80211_HOSTAP; +@@ -1249,24 +1315,33 @@ + ret = -1; + if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0) + ret = -1; +- /* XXX error handling is wrong but unclear what to do... */ +- if (wpa_driver_bsd_set_wpa_ie(drv, params->wpa_ie, params->wpa_ie_len) < 0) +- return -1; + +- privacy = !(params->pairwise_suite == WPA_CIPHER_NONE && +- params->group_suite == WPA_CIPHER_NONE && +- params->key_mgmt_suite == WPA_KEY_MGMT_NONE && +- params->wpa_ie_len == 0); +- wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy); ++ if (params->wpa_ie_len) { ++ rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len, ++ WLAN_EID_RSN); ++ if (rsn_ie) { ++ if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params, ++ rsn_ie) < 0) ++ return -1; ++ } ++ else { ++ wpa_ie = get_vendor_ie(params->wpa_ie, ++ params->wpa_ie_len, WPA_IE_VENDOR_TYPE); ++ if (wpa_ie) { ++ if (wpa_driver_bsd_set_rsn_wpa_ie(drv, params, ++ wpa_ie) < 0) ++ return -1; ++ } ++ } ++ } + +- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) ++ /* ++ * NB: interface must be marked UP for association ++ * or scanning (ap_scan=2) ++ */ ++ if (bsd_ctrl_iface(drv, 1) < 0) + return -1; + +- if (params->wpa_ie_len && +- set80211param(drv, IEEE80211_IOC_WPA, +- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) +- return -1; +- + os_memset(&mlme, 0, sizeof(mlme)); + mlme.im_op = IEEE80211_MLME_ASSOC; + if (params->ssid != NULL) +@@ -1309,11 +1384,8 @@ + } + + /* NB: interface must be marked UP to do a scan */ +- if (!(drv->flags & IFF_UP)) { +- wpa_printf(MSG_DEBUG, "%s: interface is not up, cannot scan", +- __func__); ++ if (bsd_ctrl_iface(drv, 1) < 0) + return -1; +- } + + #ifdef IEEE80211_IOC_SCAN_MAX_SSID + os_memset(&sr, 0, sizeof(sr)); +@@ -1485,6 +1557,17 @@ + if (devcaps.dc_drivercaps & IEEE80211_C_WPA2) + drv->capa.key_mgmt = WPA_DRIVER_CAPA_KEY_MGMT_WPA2 | + WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK; ++#ifdef __FreeBSD__ ++ drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 | ++ WPA_DRIVER_CAPA_ENC_WEP104 | ++ WPA_DRIVER_CAPA_ENC_TKIP | ++ WPA_DRIVER_CAPA_ENC_CCMP; ++#else ++ /* ++ * XXX ++ * FreeBSD exports hardware cryptocaps. These have no meaning for wpa ++ * since net80211 performs software crypto. ++ */ + + if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_WEP) + drv->capa.enc |= WPA_DRIVER_CAPA_ENC_WEP40 | +@@ -1493,6 +1576,7 @@ + drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; + if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM) + drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; ++#endif + + if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP) + drv->capa.flags |= WPA_DRIVER_FLAGS_AP; +@@ -1545,6 +1629,8 @@ + } + if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP) + return IEEE80211_M_HOSTAP; ++ if (ifmr.ifm_current & IFM_IEEE80211_IBSS) ++ return IEEE80211_M_IBSS; + if (ifmr.ifm_current & IFM_IEEE80211_MONITOR) + return IEEE80211_M_MONITOR; + #ifdef IEEE80211_M_MBSS +@@ -1605,7 +1691,7 @@ + drv->capa.key_mgmt_iftype[i] = drv->capa.key_mgmt; + + /* Down interface during setup. */ +- if (bsd_get_iface_flags(drv) < 0) ++ if (bsd_ctrl_iface(drv, 0) < 0) + goto fail; + + /* Proven to work, lets go! */ +@@ -1628,6 +1714,9 @@ + + if (drv->ifindex != 0 && !drv->if_removed) { + wpa_driver_bsd_set_wpa(drv, 0); ++ ++ /* NB: mark interface down */ ++ bsd_ctrl_iface(drv, 0); + + wpa_driver_bsd_set_wpa_internal(drv, drv->prev_wpa, + drv->prev_privacy); diff --git a/security/wpa_supplicant210/files/patch-src_drivers_driver__ndis.c b/security/wpa_supplicant210/files/patch-src_drivers_driver__ndis.c new file mode 100644 index 000000000000..5c58337c4b3d --- /dev/null +++ b/security/wpa_supplicant210/files/patch-src_drivers_driver__ndis.c @@ -0,0 +1,89 @@ +--- src/drivers/driver_ndis.c.orig 2019-08-07 13:25:25 UTC ++++ src/drivers/driver_ndis.c +@@ -504,13 +504,13 @@ static int ndis_get_oid(struct wpa_drive + o->Length = len; + + if (!PacketRequest(drv->adapter, FALSE, o)) { +- wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%d) failed", ++ wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%lu) failed", + __func__, oid, len); + os_free(buf); + return -1; + } + if (o->Length > len) { +- wpa_printf(MSG_DEBUG, "%s: oid=0x%x Length (%d) > len (%d)", ++ wpa_printf(MSG_DEBUG, "%s: oid=0x%x Length (%d) > len (%lu)", + __func__, oid, (unsigned int) o->Length, len); + os_free(buf); + return -1; +@@ -573,7 +573,7 @@ static int ndis_set_oid(struct wpa_drive + os_memcpy(o->Data, data, len); + + if (!PacketRequest(drv->adapter, TRUE, o)) { +- wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%d) failed", ++ wpa_printf(MSG_DEBUG, "%s: oid=0x%x len (%lu) failed", + __func__, oid, len); + os_free(buf); + return -1; +@@ -1531,7 +1531,7 @@ static void wpa_driver_ndis_event_auth(s + + if (data_len < sizeof(*req)) { + wpa_printf(MSG_DEBUG, "NDIS: Too short Authentication Request " +- "Event (len=%d)", data_len); ++ "Event (len=%lu)", data_len); + return; + } + req = (NDIS_802_11_AUTHENTICATION_REQUEST *) data; +@@ -1565,7 +1565,7 @@ static void wpa_driver_ndis_event_pmkid( + + if (data_len < 8) { + wpa_printf(MSG_DEBUG, "NDIS: Too short PMKID Candidate List " +- "Event (len=%d)", data_len); ++ "Event (len=%lu)", data_len); + return; + } + pmkid = (NDIS_802_11_PMKID_CANDIDATE_LIST *) data; +@@ -1587,7 +1587,7 @@ static void wpa_driver_ndis_event_pmkid( + os_memset(&event, 0, sizeof(event)); + for (i = 0; i < pmkid->NumCandidates; i++) { + PMKID_CANDIDATE *p = &pmkid->CandidateList[i]; +- wpa_printf(MSG_DEBUG, "NDIS: %d: " MACSTR " Flags 0x%x", ++ wpa_printf(MSG_DEBUG, "NDIS: %lu: " MACSTR " Flags 0x%x", + i, MAC2STR(p->BSSID), (int) p->Flags); + os_memcpy(event.pmkid_candidate.bssid, p->BSSID, ETH_ALEN); + event.pmkid_candidate.index = i; +@@ -1778,7 +1778,7 @@ static void wpa_driver_ndis_get_capabili + "overflow"); + break; + } +- wpa_printf(MSG_MSGDUMP, "NDIS: %d - auth %d encr %d", ++ wpa_printf(MSG_MSGDUMP, "NDIS: %lu - auth %d encr %d", + i, (int) ae->AuthModeSupported, + (int) ae->EncryptStatusSupported); + switch (ae->AuthModeSupported) { +@@ -2106,7 +2106,11 @@ static int wpa_driver_ndis_get_names(str + dlen = dpos - desc; + else + dlen = os_strlen(desc); +- drv->adapter_desc = dup_binstr(desc, dlen); ++ drv->adapter_desc = os_malloc(dlen + 1); ++ if (drv->adapter_desc) { ++ os_memcpy(drv->adapter_desc, desc, dlen); ++ drv->adapter_desc[dlen] = '\0'; ++ } + os_free(b); + if (drv->adapter_desc == NULL) + return -1; +@@ -2274,7 +2278,11 @@ static int wpa_driver_ndis_get_names(str + } else { + dlen = os_strlen(desc[i]); + } +- drv->adapter_desc = dup_binstr(desc[i], dlen); ++ drv->adapter_desc = os_malloc(dlen + 1); ++ if (drv->adapter_desc) { ++ os_memcpy(drv->adapter_desc, desc[i], dlen); ++ drv->adapter_desc[dlen] = '\0'; ++ } + os_free(names); + if (drv->adapter_desc == NULL) + return -1; diff --git a/security/wpa_supplicant210/files/patch-src_l2__packet_l2__packet__freebsd.c b/security/wpa_supplicant210/files/patch-src_l2__packet_l2__packet__freebsd.c new file mode 100644 index 000000000000..1575ae69bd85 --- /dev/null +++ b/security/wpa_supplicant210/files/patch-src_l2__packet_l2__packet__freebsd.c @@ -0,0 +1,72 @@ +--- src/l2_packet/l2_packet_freebsd.c.orig 2022-01-16 12:51:29.000000000 -0800 ++++ src/l2_packet/l2_packet_freebsd.c 2023-09-11 22:19:01.713695000 -0700 +@@ -8,7 +8,8 @@ + */ + + #include "includes.h" +-#if defined(__APPLE__) || defined(__GLIBC__) ++#include ++#if defined(__APPLE__) || defined(__GLIBC__) || defined(__FreeBSD_version) + #include + #endif /* __APPLE__ */ + #include +@@ -20,6 +21,7 @@ + #include + #endif /* __sun__ */ + ++#include + #include + #include + #include +@@ -76,24 +78,33 @@ + { + struct l2_packet_data *l2 = eloop_ctx; + pcap_t *pcap = sock_ctx; +- struct pcap_pkthdr hdr; ++ struct pcap_pkthdr *hdr; + const u_char *packet; + struct l2_ethhdr *ethhdr; + unsigned char *buf; + size_t len; + +- packet = pcap_next(pcap, &hdr); ++ if (pcap_next_ex(pcap, &hdr, &packet) == -1) { ++ wpa_printf(MSG_ERROR, "Error reading packet, has device disappeared?"); ++ packet = NULL; ++ eloop_terminate(); ++ } + +- if (!l2->rx_callback || !packet || hdr.caplen < sizeof(*ethhdr)) ++ if (!l2->rx_callback || !packet || hdr->caplen < sizeof(*ethhdr)) + return; + + ethhdr = (struct l2_ethhdr *) packet; + if (l2->l2_hdr) { + buf = (unsigned char *) ethhdr; +- len = hdr.caplen; ++ len = hdr->caplen; + } else { + buf = (unsigned char *) (ethhdr + 1); +- len = hdr.caplen - sizeof(*ethhdr); ++ len = hdr->caplen - sizeof(*ethhdr); ++ /* handle 8021Q encapsulated frames */ ++ if (ethhdr->h_proto == htons(ETH_P_8021Q)) { ++ buf += ETHER_VLAN_ENCAP_LEN; ++ len -= ETHER_VLAN_ENCAP_LEN; ++ } + } + l2->rx_callback(l2->rx_callback_ctx, ethhdr->h_source, buf, len); + } +@@ -122,10 +133,10 @@ + os_snprintf(pcap_filter, sizeof(pcap_filter), + "not ether src " MACSTR " and " + "( ether dst " MACSTR " or ether dst " MACSTR " ) and " +- "ether proto 0x%x", ++ "( ether proto 0x%x or ( vlan 0 and ether proto 0x%x ) )", + MAC2STR(l2->own_addr), /* do not receive own packets */ + MAC2STR(l2->own_addr), MAC2STR(pae_group_addr), +- protocol); ++ protocol, protocol); + if (pcap_compile(l2->pcap, &pcap_fp, pcap_filter, 1, pcap_netp) < 0) { + fprintf(stderr, "pcap_compile: %s\n", pcap_geterr(l2->pcap)); + return -1; diff --git a/security/wpa_supplicant210/files/patch-src_utils_os__unix.c b/security/wpa_supplicant210/files/patch-src_utils_os__unix.c new file mode 100644 index 000000000000..612df647489e --- /dev/null +++ b/security/wpa_supplicant210/files/patch-src_utils_os__unix.c @@ -0,0 +1,15 @@ +--- src/utils/os_unix.c.orig 2022-01-16 12:51:29.000000000 -0800 ++++ src/utils/os_unix.c 2024-06-01 22:03:18.774245000 -0700 +@@ -103,10 +103,12 @@ + break; + #endif + #ifdef CLOCK_MONOTONIC ++#if !(defined(CLOCK_BOOTTIME) && CLOCK_BOOTTIME == CLOCK_MONOTONIC) + case CLOCK_MONOTONIC: + clock_id = CLOCK_REALTIME; + break; + #endif ++#endif + case CLOCK_REALTIME: + return -1; + } diff --git a/security/wpa_supplicant210/files/patch-src_wps_wps__upnp.c b/security/wpa_supplicant210/files/patch-src_wps_wps__upnp.c new file mode 100644 index 000000000000..ee10b79e48aa --- /dev/null +++ b/security/wpa_supplicant210/files/patch-src_wps_wps__upnp.c @@ -0,0 +1,12 @@ +--- src/wps/wps_upnp.c.orig 2021-03-16 13:50:10.000000000 -0700 ++++ src/wps/wps_upnp.c 2021-03-18 12:49:19.537874000 -0700 +@@ -963,7 +963,8 @@ + goto fail; + } + os_memcpy(mac, req.ifr_addr.sa_data, 6); +-#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__APPLE__) ++#elif defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__APPLE__) \ ++ || defined(__DragonFly__) + if (eth_get(net_if, mac) < 0) { + wpa_printf(MSG_ERROR, "WPS UPnP: Failed to get MAC address"); + goto fail; diff --git a/security/wpa_supplicant210/files/patch-wpa__supplicant_Makefile b/security/wpa_supplicant210/files/patch-wpa__supplicant_Makefile new file mode 100644 index 000000000000..9f1393fb85da --- /dev/null +++ b/security/wpa_supplicant210/files/patch-wpa__supplicant_Makefile @@ -0,0 +1,17 @@ +--- wpa_supplicant/Makefile.orig 2015-03-15 17:30:39 UTC ++++ wpa_supplicant/Makefile +@@ -99,6 +99,14 @@ OBJS += ../src/utils/os_$(CONFIG_OS).o + OBJS_p += ../src/utils/os_$(CONFIG_OS).o + OBJS_c += ../src/utils/os_$(CONFIG_OS).o + ++ifdef CONFIG_DRIVER_NDIS ++OBJS += ../src/utils/Packet32.o ++ifdef CONFIG_PRIVSEP ++OBJS += ../src/drivers/driver_ndis.o ++endif ++OBJS_priv += ../src/utils/Packet32.o ++endif ++ + ifdef CONFIG_WPA_TRACE + CFLAGS += -DWPA_TRACE + OBJS += ../src/utils/trace.o diff --git a/security/wpa_supplicant210/files/patch-wpa__supplicant_ctrl__iface__unix.c b/security/wpa_supplicant210/files/patch-wpa__supplicant_ctrl__iface__unix.c new file mode 100644 index 000000000000..cc73ac35cd35 --- /dev/null +++ b/security/wpa_supplicant210/files/patch-wpa__supplicant_ctrl__iface__unix.c @@ -0,0 +1,36 @@ +--- wpa_supplicant/ctrl_iface_unix.c.orig 2022-01-16 12:51:29.000000000 -0800 ++++ wpa_supplicant/ctrl_iface_unix.c 2023-11-29 08:12:07.843443000 -0800 +@@ -506,6 +506,10 @@ + struct group *grp; + char *endp; + int flags; ++#if defined(__FreeBSD__) ++ int optval, rc; ++ socklen_t optlen; ++#endif + + buf = os_strdup(wpa_s->conf->ctrl_interface); + if (buf == NULL) +@@ -678,6 +682,22 @@ + /* Not fatal, continue on.*/ + } + } ++ ++#if defined(__FreeBSD__) ++ /* Ensure we can send a full length message atomically. */ ++ optval = 0; ++ optlen = sizeof(optval); ++ if (getsockopt(priv->sock, SOL_SOCKET, SO_SNDBUF, &optval, &optlen) == -1) { ++ wpa_printf(MSG_INFO, "failed to get sndbuf for sock=%d: %s", ++ priv->sock, strerror(errno)); ++ } else if (optval < CTRL_IFACE_MAX_LEN) { ++ optval = CTRL_IFACE_MAX_LEN; ++ if (setsockopt(priv->sock, SOL_SOCKET, SO_SNDBUF, &optval, ++ sizeof(optval)) == -1) ++ wpa_printf(MSG_ERROR, "failed to set sndbuf for " ++ "sock=%d: %s", priv->sock, strerror(errno)); ++ } ++#endif + + eloop_register_read_sock(priv->sock, wpa_supplicant_ctrl_iface_receive, + wpa_s, priv); diff --git a/security/wpa_supplicant210/files/patch-wpa__supplicant_main.c b/security/wpa_supplicant210/files/patch-wpa__supplicant_main.c new file mode 100644 index 000000000000..3042768f44d9 --- /dev/null +++ b/security/wpa_supplicant210/files/patch-wpa__supplicant_main.c @@ -0,0 +1,33 @@ +--- wpa_supplicant/main.c.orig 2016-11-05 20:56:30 UTC ++++ wpa_supplicant/main.c +@@ -66,7 +66,7 @@ static void usage(void) + " -c = Configuration file\n" + " -C = ctrl_interface parameter (only used if -c is not)\n" + " -d = increase debugging verbosity (-dd even more)\n" +- " -D = driver name (can be multiple drivers: nl80211,wext)\n" ++ " -D = driver name (can be multiple drivers: bsd,wired)\n" + " -e = entropy file\n" + #ifdef CONFIG_DEBUG_FILE + " -f = log output to debug file instead of stdout\n" +@@ -105,8 +105,7 @@ static void usage(void) + " -W = wait for a control interface monitor before starting\n"); + + printf("example:\n" +- " wpa_supplicant -D%s -iwlan0 -c/etc/wpa_supplicant.conf\n", +- wpa_drivers[0] ? wpa_drivers[0]->name : "nl80211"); ++ " wpa_supplicant -Dbsd -iwlan0 -c/etc/wpa_supplicant.conf\n"); + #endif /* CONFIG_NO_STDOUT_DEBUG */ + } + +@@ -199,6 +198,11 @@ int main(int argc, char *argv[]) + + wpa_supplicant_fd_workaround(1); + ++#ifdef CONFIG_DRIVER_NDIS ++ void driver_ndis_init_ops(void); ++ driver_ndis_init_ops(); ++#endif /* CONFIG_DRIVER_NDIS */ ++ + for (;;) { + c = getopt(argc, argv, + "b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuvW"); diff --git a/security/wpa_supplicant210/files/patch-wpa__supplicant_pasn__supplicant.c b/security/wpa_supplicant210/files/patch-wpa__supplicant_pasn__supplicant.c new file mode 100644 index 000000000000..f8a71213a120 --- /dev/null +++ b/security/wpa_supplicant210/files/patch-wpa__supplicant_pasn__supplicant.c @@ -0,0 +1,14 @@ +--- wpa_supplicant/pasn_supplicant.c.orig 2021-04-10 02:48:08.000000000 -0700 ++++ wpa_supplicant/pasn_supplicant.c 2021-04-12 10:44:14.939212000 -0700 +@@ -1079,7 +1079,11 @@ + pasn->group = group; + pasn->freq = freq; + ++#ifdef CONFIG_TESTING_OPTIONS + if (wpa_s->conf->force_kdk_derivation || ++#else ++ if ( ++#endif + (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF && + ieee802_11_rsnx_capab(beacon_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF))) + pasn->kdk_len = WPA_KDK_MAX_LEN; diff --git a/security/wpa_supplicant210/files/patch-wpa__supplicant_wpa__supplicant.c b/security/wpa_supplicant210/files/patch-wpa__supplicant_wpa__supplicant.c new file mode 100644 index 000000000000..42f150b3595c --- /dev/null +++ b/security/wpa_supplicant210/files/patch-wpa__supplicant_wpa__supplicant.c @@ -0,0 +1,16 @@ +--- wpa_supplicant/wpa_supplicant.c.orig 2019-04-21 03:10:22.000000000 -0400 ++++ wpa_supplicant/wpa_supplicant.c 2019-05-15 22:44:44.919859000 -0400 +@@ -6357,13 +6357,6 @@ + if (params == NULL) + return NULL; + +-#ifdef CONFIG_DRIVER_NDIS +- { +- void driver_ndis_init_ops(void); +- driver_ndis_init_ops(); +- } +-#endif /* CONFIG_DRIVER_NDIS */ +- + #ifndef CONFIG_NO_WPA_MSG + wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb); + #endif /* CONFIG_NO_WPA_MSG */ diff --git a/security/wpa_supplicant210/files/pkg-message.in b/security/wpa_supplicant210/files/pkg-message.in new file mode 100644 index 000000000000..e7b8d25b652d --- /dev/null +++ b/security/wpa_supplicant210/files/pkg-message.in @@ -0,0 +1,11 @@ +[ +{ type: install + message: </dev/null` in + ndis*) true ;; + *) false ;; + esac +} + +if is_wired_interface ${ifn} ; then + driver="wired" +elif is_ndis_interface ${ifn} ; then + driver="ndis" +else + driver="bsd" +fi + +load_rc_config $name + +# +# This portion of this rc.script is different from base. +case ${command} in +/usr/sbin/wpa_supplicant) # Assume user does not want base hostapd because + # user specified WITHOUT_WIRELESS in make.conf + # and /etc/defaults/rc.conf contains this value. + unset command;; +esac +command=${wpa_supplicant_program:-%%PREFIX%%/sbin/wpa_supplicant} +# End of differences from base. The rest of the file should remain the same. + +conf_file=${wpa_supplicant_conf_file} +pidfile="/var/run/${name}/${ifn}.pid" +command_args="-B -i $ifn -c $conf_file -D $driver -P $pidfile" +required_files=$conf_file +required_modules="wlan_wep wlan_tkip wlan_ccmp" + +run_rc_command "$1" diff --git a/security/wpa_supplicant210/pkg-descr b/security/wpa_supplicant210/pkg-descr new file mode 100644 index 000000000000..9ad128da2757 --- /dev/null +++ b/security/wpa_supplicant210/pkg-descr @@ -0,0 +1,12 @@ +wpa_supplicant is a client (supplicant) with support for WPA and WPA2 +(IEEE 802.11i / RSN). It is suitable for both desktop/laptop computers and +embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used +in the client stations. It implements key negotiation with a WPA +Authenticator and it controls the roaming and IEEE 802.11 authentication/ +association of the wlan driver. + +wpa_supplicant is designed to be a "daemon" program that runs in the +background and acts as the backend component controlling the wireless +connection. wpa_supplicant supports separate frontend programs and a +text-based frontend (wpa_cli) and a GUI (wpa_gui) are included with +wpa_supplicant. diff --git a/security/wpa_supplicant210/pkg-plist b/security/wpa_supplicant210/pkg-plist new file mode 100644 index 000000000000..9c7a743d7dea --- /dev/null +++ b/security/wpa_supplicant210/pkg-plist @@ -0,0 +1,5 @@ +%%EAPOL_TEST%%sbin/eapol_test +sbin/wpa_supplicant +sbin/wpa_passphrase +sbin/wpa_cli +@sample etc/wpa_supplicant.conf.sample