hostapd: bump to 2024-03-09

This is the current git HEAD.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>

package/network/services/hostapd/Makefile

@@ -9,9 +9,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=https://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2024-02-03
-PKG_SOURCE_VERSION:=8270afcdeeccd7a5ce904bacf45801a5b3cf4f0e
-PKG_MIRROR_HASH:=3c223f519970f7f9b03dbfd859d307043c4d20e160292e709c3cce8c8107cce8
+PKG_SOURCE_DATE:=2024-03-09
+PKG_SOURCE_VERSION:=695277a5b3da08b9a8a4e7117b933deb8b4950a7
+PKG_MIRROR_HASH:=9ce00a45d0c8ea499263ccf6c8574477d36d0fb9d10bb34cc72972eb584a697d
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_LICENSE:=BSD-3-Clause

package/network/services/hostapd/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch

@@ -14,7 +14,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2690,7 +2690,7 @@ static int drv_supports_vht(struct wpa_s
+@@ -2698,7 +2698,7 @@ static int drv_supports_vht(struct wpa_s
  }
 
 
@@ -23,7 +23,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  {
  	int i;
 
-@@ -2699,7 +2699,10 @@ static bool ibss_mesh_is_80mhz_avail(int
+@@ -2707,7 +2707,10 @@ static bool ibss_mesh_is_80mhz_avail(int
 
  		chan = hw_get_channel_chan(mode, i, NULL);
  		if (!chan ||
@@ -35,7 +35,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  			return false;
  	}
 
-@@ -2826,7 +2829,7 @@ static void ibss_mesh_select_40mhz(struc
+@@ -2834,7 +2837,7 @@ static void ibss_mesh_select_40mhz(struc
  				   const struct wpa_ssid *ssid,
  				   struct hostapd_hw_modes *mode,
  				   struct hostapd_freq_params *freq,
@@ -44,7 +44,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  	int chan_idx;
  	struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
  	int i, res;
-@@ -2850,8 +2853,11 @@ static void ibss_mesh_select_40mhz(struc
+@@ -2858,8 +2861,11 @@ static void ibss_mesh_select_40mhz(struc
  		return;
 
  	/* Check primary channel flags */
@@ -57,7 +57,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 
  #ifdef CONFIG_HT_OVERRIDES
  	if (ssid->disable_ht40)
-@@ -2877,8 +2883,11 @@ static void ibss_mesh_select_40mhz(struc
+@@ -2885,8 +2891,11 @@ static void ibss_mesh_select_40mhz(struc
  		return;
 
  	/* Check secondary channel flags */
@@ -70,7 +70,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 
  	if (ht40 == -1) {
  		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
-@@ -2932,7 +2941,7 @@ static bool ibss_mesh_select_80_160mhz(s
+@@ -2940,7 +2949,7 @@ static bool ibss_mesh_select_80_160mhz(s
  				       const struct wpa_ssid *ssid,
  				       struct hostapd_hw_modes *mode,
  				       struct hostapd_freq_params *freq,
@@ -79,7 +79,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  	static const int bw80[] = {
  		5180, 5260, 5500, 5580, 5660, 5745, 5825,
  		5955, 6035, 6115, 6195, 6275, 6355, 6435,
-@@ -2977,7 +2986,7 @@ static bool ibss_mesh_select_80_160mhz(s
+@@ -2985,7 +2994,7 @@ static bool ibss_mesh_select_80_160mhz(s
  		goto skip_80mhz;
 
  	/* Use 40 MHz if channel not usable */
@@ -88,7 +88,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  		goto skip_80mhz;
 
  	chwidth = CONF_OPER_CHWIDTH_80MHZ;
-@@ -2991,7 +3000,7 @@ static bool ibss_mesh_select_80_160mhz(s
+@@ -2999,7 +3008,7 @@ static bool ibss_mesh_select_80_160mhz(s
  	if ((mode->he_capab[ieee80211_mode].phy_cap[
  		     HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
  	     HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G) && is_6ghz &&
@@ -97,7 +97,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  		for (j = 0; j < ARRAY_SIZE(bw160); j++) {
  			if (freq->freq == bw160[j]) {
  				chwidth = CONF_OPER_CHWIDTH_160MHZ;
-@@ -3019,10 +3028,12 @@ static bool ibss_mesh_select_80_160mhz(s
+@@ -3027,10 +3036,12 @@ static bool ibss_mesh_select_80_160mhz(s
  				if (!chan)
  					continue;
 
@@ -113,15 +113,15 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 
  				/* Found a suitable second segment for 80+80 */
  				chwidth = CONF_OPER_CHWIDTH_80P80MHZ;
-@@ -3077,6 +3088,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -3085,6 +3096,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
  	int i, obss_scan = 1;
  	u8 channel;
  	bool is_6ghz, is_24ghz;
 +	bool dfs_enabled = wpa_s->conf->country[0] && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR);
 
  	freq->freq = ssid->frequency;
 
-@@ -3125,9 +3137,9 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -3133,9 +3145,9 @@ void ibss_mesh_setup_freq(struct wpa_sup
  	freq->channel = channel;
  	/* Setup higher BW only for 5 GHz */
  	if (mode->mode == HOSTAPD_MODE_IEEE80211A) {

package/network/services/hostapd/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch

@@ -68,7 +68,7 @@ Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
  		   chan_idx, num_available_chandefs);
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -11254,6 +11254,10 @@ static int nl80211_switch_channel(void *
+@@ -11195,6 +11195,10 @@ static int nl80211_switch_channel(void *
  	if (ret)
  		goto error;
 

package/network/services/hostapd/patches/021-fix-sta-add-after-previous-connection.patch

@@ -4,7 +4,7 @@ Subject: [PATCH] fix adding back stations after a missed deauth/disassoc
 
 --- a/src/ap/ieee802_11.c
 +++ b/src/ap/ieee802_11.c
-@@ -4653,6 +4653,13 @@ static int add_associated_sta(struct hos
+@@ -4659,6 +4659,13 @@ static int add_associated_sta(struct hos
  	 * drivers to accept the STA parameter configuration. Since this is
  	 * after a new FT-over-DS exchange, a new TK has been derived, so key
  	 * reinstallation is not a concern for this case.
@@ -18,7 +18,7 @@ Subject: [PATCH] fix adding back stations after a missed deauth/disassoc
  	 */
  	wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
  		   " (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
-@@ -4666,7 +4673,8 @@ static int add_associated_sta(struct hos
+@@ -4672,7 +4679,8 @@ static int add_associated_sta(struct hos
  	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
  	     (reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
  	     (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&

package/network/services/hostapd/patches/030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch

@@ -20,7 +20,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  #include <linux/rtnetlink.h>
  #include <netpacket/packet.h>
  #include <linux/errqueue.h>
-@@ -5883,26 +5880,29 @@ fail:
+@@ -5859,26 +5856,29 @@ fail:
 
  static void rtnl_neigh_delete_fdb_entry(struct i802_bss *bss, const u8 *addr)
  {
@@ -64,7 +64,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	if (err < 0) {
  		wpa_printf(MSG_DEBUG, "nl80211: bridge FDB entry delete for "
  			   MACSTR " ifindex=%d failed: %s", MAC2STR(addr),
-@@ -5912,9 +5912,8 @@ static void rtnl_neigh_delete_fdb_entry(
+@@ -5888,9 +5888,8 @@ static void rtnl_neigh_delete_fdb_entry(
  			   MACSTR, MAC2STR(addr));
  	}
 
@@ -76,23 +76,23 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  }
 
 
-@@ -8667,7 +8666,6 @@ static void *i802_init(struct hostapd_da
+@@ -8615,7 +8614,6 @@ static void *i802_init(struct hostapd_da
  	    (params->num_bridge == 0 || !params->bridge[0]))
  		add_ifidx(drv, br_ifindex, drv->ifindex);
 
 -#ifdef CONFIG_LIBNL3_ROUTE
  	if (bss->added_if_into_bridge || bss->already_in_bridge) {
  		int err;
 
-@@ -8684,7 +8682,6 @@ static void *i802_init(struct hostapd_da
+@@ -8632,7 +8630,6 @@ static void *i802_init(struct hostapd_da
  			goto failed;
  		}
  	}
 -#endif /* CONFIG_LIBNL3_ROUTE */
 
  	if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) {
  		wpa_printf(MSG_DEBUG,
-@@ -12130,13 +12127,14 @@ static int wpa_driver_br_add_ip_neigh(vo
+@@ -12071,13 +12068,14 @@ static int wpa_driver_br_add_ip_neigh(vo
  				      const u8 *ipaddr, int prefixlen,
  				      const u8 *addr)
  {
@@ -112,7 +112,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	int res;
 
  	if (!ipaddr || prefixlen == 0 || !addr)
-@@ -12155,85 +12153,66 @@ static int wpa_driver_br_add_ip_neigh(vo
+@@ -12096,85 +12094,66 @@ static int wpa_driver_br_add_ip_neigh(vo
  	}
 
  	if (version == 4) {
@@ -220,7 +220,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  		addrsize = 16;
  	} else {
  		return -EINVAL;
-@@ -12251,41 +12230,30 @@ static int wpa_driver_br_delete_ip_neigh
+@@ -12192,41 +12171,30 @@ static int wpa_driver_br_delete_ip_neigh
  		return -1;
  	}
 

package/network/services/hostapd/patches/040-mesh-allow-processing-authentication-frames-in-block.patch

@@ -16,7 +16,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/src/ap/ieee802_11.c
 +++ b/src/ap/ieee802_11.c
-@@ -3031,15 +3031,6 @@ static void handle_auth(struct hostapd_d
+@@ -3032,15 +3032,6 @@ static void handle_auth(struct hostapd_d
  				       seq_ctrl);
  			return;
  		}

package/network/services/hostapd/patches/110-mbedtls-TLS-crypto-option-initial-port.patch

@@ -21,7 +21,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 
 --- a/hostapd/Makefile
 +++ b/hostapd/Makefile
-@@ -746,6 +746,40 @@ endif
+@@ -757,6 +757,40 @@ endif
  CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\"
  endif
 
@@ -62,7 +62,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifeq ($(CONFIG_TLS), gnutls)
  ifndef CONFIG_CRYPTO
  # default to libgcrypt
-@@ -925,9 +959,11 @@ endif
+@@ -936,9 +970,11 @@ endif
 
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -74,7 +74,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef NEED_AES_EAX
  AESOBJS += ../src/crypto/aes-eax.o
  NEED_AES_CTR=y
-@@ -937,38 +973,48 @@ AESOBJS += ../src/crypto/aes-siv.o
+@@ -948,38 +984,48 @@ AESOBJS += ../src/crypto/aes-siv.o
  NEED_AES_CTR=y
  endif
  ifdef NEED_AES_CTR
@@ -123,7 +123,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef NEED_AES_DEC
  ifdef CONFIG_INTERNAL_AES
  AESOBJS += ../src/crypto/aes-internal-dec.o
-@@ -983,12 +1029,16 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -994,12 +1040,16 @@ ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), gnutls)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -140,7 +140,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef CONFIG_INTERNAL_SHA1
  SHA1OBJS += ../src/crypto/sha1-internal.o
  ifdef NEED_FIPS186_2_PRF
-@@ -997,16 +1047,22 @@ endif
+@@ -1008,16 +1058,22 @@ endif
  endif
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -163,7 +163,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 
  ifdef NEED_SHA1
  OBJS += $(SHA1OBJS)
-@@ -1016,11 +1072,13 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1027,11 +1083,13 @@ ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), gnutls)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -177,7 +177,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 
  ifdef NEED_MD5
  ifdef CONFIG_INTERNAL_MD5
-@@ -1059,56 +1117,81 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1070,56 +1128,81 @@ ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), gnutls)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -259,7 +259,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 
  ifdef CONFIG_INTERNAL_SHA384
  CFLAGS += -DCONFIG_INTERNAL_SHA384
-@@ -1153,11 +1236,13 @@ HOBJS += $(SHA1OBJS)
+@@ -1164,11 +1247,13 @@ HOBJS += $(SHA1OBJS)
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -273,7 +273,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 
  ifdef CONFIG_RADIUS_SERVER
  CFLAGS += -DRADIUS_SERVER
-@@ -1330,7 +1415,9 @@ NOBJS += ../src/utils/trace.o
+@@ -1341,7 +1426,9 @@ NOBJS += ../src/utils/trace.o
  endif
 
  HOBJS += hlr_auc_gw.o ../src/utils/common.o ../src/utils/wpa_debug.o ../src/utils/os_$(CONFIG_OS).o ../src/utils/wpabuf.o ../src/crypto/milenage.o
@@ -283,7 +283,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef CONFIG_INTERNAL_AES
  HOBJS += ../src/crypto/aes-internal.o
  HOBJS += ../src/crypto/aes-internal-enc.o
-@@ -1353,13 +1440,17 @@ SOBJS += ../src/common/sae.o
+@@ -1364,13 +1451,17 @@ SOBJS += ../src/common/sae.o
  SOBJS += ../src/common/sae_pk.o
  SOBJS += ../src/common/dragonfly.o
  SOBJS += $(AESOBJS)
@@ -326,7 +326,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  # Driver interface for Host AP driver
  CONFIG_DRIVER_HOSTAP=y
 
-@@ -278,6 +290,7 @@ CONFIG_IPV6=y
+@@ -281,6 +293,7 @@ CONFIG_IPV6=y
  # openssl = OpenSSL (default)
  # gnutls = GnuTLS
  # internal = Internal TLSv1 implementation (experimental)
@@ -7765,7 +7765,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  CONFIG_SIM_SIMULATOR=y
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -1216,6 +1216,29 @@ endif
+@@ -1229,6 +1229,29 @@ endif
  CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\"
  endif
 
@@ -7795,7 +7795,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifeq ($(CONFIG_TLS), gnutls)
  ifndef CONFIG_CRYPTO
  # default to libgcrypt
-@@ -1408,9 +1431,11 @@ endif
+@@ -1421,9 +1444,11 @@ endif
 
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -7807,7 +7807,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef CONFIG_OPENSSL_INTERNAL_AES_WRAP
  # Seems to be needed at least with BoringSSL
  NEED_INTERNAL_AES_WRAP=y
-@@ -1424,9 +1449,11 @@ endif
+@@ -1437,9 +1462,11 @@ endif
 
  ifdef NEED_INTERNAL_AES_WRAP
  ifneq ($(CONFIG_TLS), linux)
@@ -7819,7 +7819,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef NEED_AES_EAX
  AESOBJS += ../src/crypto/aes-eax.o
  NEED_AES_CTR=y
-@@ -1436,35 +1463,45 @@ AESOBJS += ../src/crypto/aes-siv.o
+@@ -1449,35 +1476,45 @@ AESOBJS += ../src/crypto/aes-siv.o
  NEED_AES_CTR=y
  endif
  ifdef NEED_AES_CTR
@@ -7865,7 +7865,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef NEED_AES_ENC
  ifdef CONFIG_INTERNAL_AES
  AESOBJS += ../src/crypto/aes-internal-enc.o
-@@ -1479,12 +1516,16 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1492,12 +1529,16 @@ ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), gnutls)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -7882,7 +7882,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef CONFIG_INTERNAL_SHA1
  SHA1OBJS += ../src/crypto/sha1-internal.o
  ifdef NEED_FIPS186_2_PRF
-@@ -1496,29 +1537,37 @@ CFLAGS += -DCONFIG_NO_PBKDF2
+@@ -1509,29 +1550,37 @@ CFLAGS += -DCONFIG_NO_PBKDF2
  else
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -7920,7 +7920,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef NEED_MD5
  ifdef CONFIG_INTERNAL_MD5
  MD5OBJS += ../src/crypto/md5-internal.o
-@@ -1573,12 +1622,17 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1586,12 +1635,17 @@ ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), gnutls)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -7938,7 +7938,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  ifdef CONFIG_INTERNAL_SHA256
  SHA256OBJS += ../src/crypto/sha256-internal.o
  endif
-@@ -1591,50 +1645,68 @@ CFLAGS += -DCONFIG_INTERNAL_SHA512
+@@ -1604,50 +1658,68 @@ CFLAGS += -DCONFIG_INTERNAL_SHA512
  SHA256OBJS += ../src/crypto/sha512-internal.o
  endif
  ifdef NEED_TLS_PRF_SHA256
@@ -8007,7 +8007,7 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 
  ifdef NEED_ASN1
  OBJS += ../src/tls/asn1.o
-@@ -1809,10 +1881,12 @@ ifdef CONFIG_FIPS
+@@ -1822,10 +1894,12 @@ ifdef CONFIG_FIPS
  CFLAGS += -DCONFIG_FIPS
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), wolfssl)