hostapd: Update to version 2.9 (2019-08-08)

The size of the ipkgs increase a bit (between 0.7% and 1.1%):

old 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk

new 2019-08-08 (2.9):
290217 wpad-basic_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
258745 wpad-mini_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
431732 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
427641 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

package/network/services/hostapd/Makefile

@@ -11,9 +11,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2019-04-21
-PKG_SOURCE_VERSION:=63962824309bb428e5f73d9caae08fcb949fbe36
-PKG_MIRROR_HASH:=b31e09b22284785f84ee4d2dfc2b8fa94cad5d7375d957bf2862a50cb5bc1475
+PKG_SOURCE_DATE:=2019-08-08
+PKG_SOURCE_VERSION:=ca8c2bd28ad53f431d6ee60ef754e98cfdb4c17b
+PKG_MIRROR_HASH:=9d9f1c60afa5324ee17219bd3ec61c1a6fa4043b4187da9bb44e59025d3ed31d
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_LICENSE:=BSD-3-Clause

package/network/services/hostapd/files/hostapd-basic.config

@@ -108,11 +108,18 @@ CONFIG_RSN_PREAUTH=y
 #CONFIG_EAP_GPSK_SHA256=y
 
 # EAP-FAST for the integrated EAP server
-# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
-# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
-# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
 #CONFIG_EAP_FAST=y
 
+# EAP-TEAP for the integrated EAP server
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
 # Wi-Fi Protected Setup (WPS)
 #CONFIG_WPS=y
 # Enable UPnP support for external WPS Registrars
@@ -376,6 +383,9 @@ CONFIG_TLS=internal
 # Experimental implementation of draft-harkins-owe-07.txt
 #CONFIG_OWE=y
 
+# Airtime policy support
+#CONFIG_AIRTIME_POLICY=y
+
 # Override default value for the wpa_disable_eapol_key_retries configuration
 # parameter. See that parameter in hostapd.conf for more details.
 #CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1

package/network/services/hostapd/files/hostapd-full.config

@@ -108,11 +108,18 @@ CONFIG_EAP_TTLS=y
 #CONFIG_EAP_GPSK_SHA256=y
 
 # EAP-FAST for the integrated EAP server
-# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
-# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
-# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
 CONFIG_EAP_FAST=y
 
+# EAP-TEAP for the integrated EAP server
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
 # Wi-Fi Protected Setup (WPS)
 CONFIG_WPS=y
 # Enable UPnP support for external WPS Registrars
@@ -376,6 +383,9 @@ CONFIG_TAXONOMY=y
 # Experimental implementation of draft-harkins-owe-07.txt
 #CONFIG_OWE=y
 
+# Airtime policy support
+#CONFIG_AIRTIME_POLICY=y
+
 # Override default value for the wpa_disable_eapol_key_retries configuration
 # parameter. See that parameter in hostapd.conf for more details.
 #CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1

package/network/services/hostapd/files/hostapd-mini.config

@@ -108,11 +108,18 @@ CONFIG_RSN_PREAUTH=y
 #CONFIG_EAP_GPSK_SHA256=y
 
 # EAP-FAST for the integrated EAP server
-# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
-# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
-# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
 #CONFIG_EAP_FAST=y
 
+# EAP-TEAP for the integrated EAP server
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
 # Wi-Fi Protected Setup (WPS)
 #CONFIG_WPS=y
 # Enable UPnP support for external WPS Registrars
@@ -376,6 +383,9 @@ CONFIG_TLS=internal
 # Experimental implementation of draft-harkins-owe-07.txt
 #CONFIG_OWE=y
 
+# Airtime policy support
+#CONFIG_AIRTIME_POLICY=y
+
 # Override default value for the wpa_disable_eapol_key_retries configuration
 # parameter. See that parameter in hostapd.conf for more details.
 #CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1

package/network/services/hostapd/files/wpa_supplicant-basic.config

@@ -111,6 +111,16 @@ CONFIG_DRIVER_WIRED=y
 # EAP-FAST
 #CONFIG_EAP_FAST=y
 
+# EAP-TEAP
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
 # EAP-GTC
 #CONFIG_EAP_GTC=y
 
@@ -120,6 +130,9 @@ CONFIG_DRIVER_WIRED=y
 # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
 #CONFIG_EAP_SIM=y
 
+# Enable SIM simulator (Milenage) for EAP-SIM
+#CONFIG_SIM_SIMULATOR=y
+
 # EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
 #CONFIG_EAP_PSK=y
 

package/network/services/hostapd/files/wpa_supplicant-full.config

@@ -111,6 +111,16 @@ CONFIG_EAP_TTLS=y
 # EAP-FAST
 CONFIG_EAP_FAST=y
 
+# EAP-TEAP
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
 # EAP-GTC
 CONFIG_EAP_GTC=y
 
@@ -120,6 +130,9 @@ CONFIG_EAP_OTP=y
 # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
 #CONFIG_EAP_SIM=y
 
+# Enable SIM simulator (Milenage) for EAP-SIM
+#CONFIG_SIM_SIMULATOR=y
+
 # EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
 #CONFIG_EAP_PSK=y
 

package/network/services/hostapd/files/wpa_supplicant-mini.config

@@ -111,6 +111,16 @@ CONFIG_DRIVER_WIRED=y
 # EAP-FAST
 #CONFIG_EAP_FAST=y
 
+# EAP-TEAP
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
 # EAP-GTC
 #CONFIG_EAP_GTC=y
 
@@ -120,6 +130,9 @@ CONFIG_DRIVER_WIRED=y
 # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
 #CONFIG_EAP_SIM=y
 
+# Enable SIM simulator (Milenage) for EAP-SIM
+#CONFIG_SIM_SIMULATOR=y
+
 # EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
 #CONFIG_EAP_PSK=y
 

package/network/services/hostapd/files/wpa_supplicant-p2p.config

@@ -111,6 +111,16 @@ CONFIG_EAP_TTLS=y
 # EAP-FAST
 CONFIG_EAP_FAST=y
 
+# EAP-TEAP
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
 # EAP-GTC
 CONFIG_EAP_GTC=y
 
@@ -120,6 +130,9 @@ CONFIG_EAP_OTP=y
 # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
 #CONFIG_EAP_SIM=y
 
+# Enable SIM simulator (Milenage) for EAP-SIM
+#CONFIG_SIM_SIMULATOR=y
+
 # EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
 #CONFIG_EAP_PSK=y
 

package/network/services/hostapd/patches/004-mesh-use-setup-completion-callback-to-complete-mesh-.patch

@@ -25,7 +25,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -414,6 +414,8 @@ static void hostapd_free_hapd_data(struc
+@@ -423,6 +423,8 @@ static void hostapd_free_hapd_data(struc
  #ifdef CONFIG_MESH
  	wpabuf_free(hapd->mesh_pending_auth);
  	hapd->mesh_pending_auth = NULL;
@@ -34,7 +34,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  #endif /* CONFIG_MESH */
  
  	hostapd_clean_rrm(hapd);
-@@ -1980,6 +1982,13 @@ dfs_offload:
+@@ -2049,6 +2051,13 @@ dfs_offload:
  	if (hapd->setup_complete_cb)
  		hapd->setup_complete_cb(hapd->setup_complete_cb_ctx);
  
@@ -48,7 +48,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  	wpa_printf(MSG_DEBUG, "%s: Setup of interface done.",
  		   iface->bss[0]->conf->iface);
  	if (iface->interfaces && iface->interfaces->terminate_on_error > 0)
-@@ -2123,7 +2132,7 @@ int hostapd_setup_interface(struct hosta
+@@ -2192,7 +2201,7 @@ int hostapd_setup_interface(struct hosta
  	ret = setup_interface(iface);
  	if (ret) {
  		wpa_printf(MSG_ERROR, "%s: Unable to setup interface.",
@@ -79,16 +79,16 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  	}
  
  	if (ifmsh->mconf->security != MESH_CONF_SEC_NONE &&
-@@ -208,7 +209,7 @@ static int wpas_mesh_complete(struct wpa
- 		wpa_printf(MSG_ERROR,
+@@ -209,7 +210,7 @@ static int wpas_mesh_complete(struct wpa
  			   "mesh: RSN initialization failed - deinit mesh");
  		wpa_supplicant_mesh_deinit(wpa_s);
+ 		wpa_drv_leave_mesh(wpa_s);
 -		return -1;
 +		return;
  	}
  
  	if (ssid->key_mgmt & WPA_KEY_MGMT_SAE) {
-@@ -234,8 +235,6 @@ static int wpas_mesh_complete(struct wpa
+@@ -235,8 +236,6 @@ static int wpas_mesh_complete(struct wpa
  
  	if (!ret)
  		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
@@ -97,7 +97,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  }
  
  
-@@ -262,6 +261,7 @@ static int wpa_supplicant_mesh_init(stru
+@@ -263,6 +262,7 @@ static int wpa_supplicant_mesh_init(stru
  	if (!ifmsh)
  		return -ENOMEM;
  
@@ -105,7 +105,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  	ifmsh->drv_flags = wpa_s->drv_flags;
  	ifmsh->num_bss = 1;
  	ifmsh->bss = os_calloc(wpa_s->ifmsh->num_bss,
-@@ -279,6 +279,8 @@ static int wpa_supplicant_mesh_init(stru
+@@ -280,6 +280,8 @@ static int wpa_supplicant_mesh_init(stru
  	bss->drv_priv = wpa_s->drv_priv;
  	bss->iface = ifmsh;
  	bss->mesh_sta_free_cb = mesh_mpm_free_sta;
@@ -114,7 +114,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  	frequency = ssid->frequency;
  	if (frequency != freq->freq &&
  	    frequency == freq->freq + freq->sec_channel_offset * 20) {
-@@ -517,7 +519,6 @@ int wpa_supplicant_join_mesh(struct wpa_
+@@ -521,7 +523,6 @@ int wpa_supplicant_join_mesh(struct wpa_
  		goto out;
  	}
  

package/network/services/hostapd/patches/005-mesh-update-ssid-frequency-as-pri-sec-channel-switch.patch

@@ -16,7 +16,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 
 --- a/wpa_supplicant/mesh.c
 +++ b/wpa_supplicant/mesh.c
-@@ -286,6 +286,7 @@ static int wpa_supplicant_mesh_init(stru
+@@ -287,6 +287,7 @@ static int wpa_supplicant_mesh_init(stru
  	    frequency == freq->freq + freq->sec_channel_offset * 20) {
  		wpa_printf(MSG_DEBUG, "mesh: pri/sec channels switched");
  		frequency = freq->freq;

package/network/services/hostapd/patches/006-mesh-inform-kernel-driver-DFS-handler-in-userspace.patch

@@ -16,7 +16,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -1436,6 +1436,7 @@ struct wpa_driver_mesh_join_params {
+@@ -1477,6 +1477,7 @@ struct wpa_driver_mesh_join_params {
  #define WPA_DRIVER_MESH_FLAG_SAE_AUTH	0x00000004
  #define WPA_DRIVER_MESH_FLAG_AMPE	0x00000008
  	unsigned int flags;
@@ -26,7 +26,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  /**
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -9544,6 +9544,9 @@ static int nl80211_join_mesh(struct i802
+@@ -9624,6 +9624,9 @@ static int nl80211_join_mesh(struct i802
  
  	wpa_printf(MSG_DEBUG, "  * flags=%08X", params->flags);
  
@@ -38,7 +38,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  		goto fail;
 --- a/wpa_supplicant/mesh.c
 +++ b/wpa_supplicant/mesh.c
-@@ -308,6 +308,7 @@ static int wpa_supplicant_mesh_init(stru
+@@ -309,6 +309,7 @@ static int wpa_supplicant_mesh_init(stru
  		conf->country[0] = wpa_s->conf->country[0];
  		conf->country[1] = wpa_s->conf->country[1];
  		conf->country[2] = ' ';

package/network/services/hostapd/patches/007-mesh-apply-channel-attributes-before-running-Mesh.patch

@@ -13,7 +13,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 
 --- a/wpa_supplicant/mesh.c
 +++ b/wpa_supplicant/mesh.c
-@@ -248,7 +248,7 @@ static int wpa_supplicant_mesh_init(stru
+@@ -249,7 +249,7 @@ static int wpa_supplicant_mesh_init(stru
  	struct mesh_conf *mconf;
  	int basic_rates_erp[] = { 10, 20, 55, 60, 110, 120, 240, -1 };
  	int rate_len;
@@ -22,7 +22,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  
  	if (!wpa_s->conf->user_mpm) {
  		/* not much for us to do here */
-@@ -385,6 +385,13 @@ static int wpa_supplicant_mesh_init(stru
+@@ -386,6 +386,13 @@ static int wpa_supplicant_mesh_init(stru
  		conf->basic_rates[rate_len] = -1;
  	}
  
@@ -36,7 +36,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  	if (wpa_drv_init_mesh(wpa_s)) {
  		wpa_msg(wpa_s, MSG_ERROR, "Failed to init mesh in driver");
  		return -1;
-@@ -396,8 +403,6 @@ static int wpa_supplicant_mesh_init(stru
+@@ -397,8 +404,6 @@ static int wpa_supplicant_mesh_init(stru
  		return -1;
  	}
  

package/network/services/hostapd/patches/011-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch

@@ -13,7 +13,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2148,6 +2148,8 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -2153,6 +2153,8 @@ void ibss_mesh_setup_freq(struct wpa_sup
  	struct hostapd_freq_params vht_freq;
  	int chwidth, seg0, seg1;
  	u32 vht_caps = 0;
@@ -22,7 +22,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  
  	freq->freq = ssid->frequency;
  
-@@ -2224,8 +2226,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -2232,8 +2234,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
  		return;
  
  	/* Check primary channel flags */
@@ -35,7 +35,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  
  	freq->channel = pri_chan->chan;
  
-@@ -2256,8 +2261,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -2264,8 +2269,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
  		return;
  
  	/* Check secondary channel flags */
@@ -48,7 +48,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  
  	if (ht40 == -1) {
  		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
-@@ -2348,8 +2356,11 @@ skip_ht40:
+@@ -2356,8 +2364,11 @@ skip_ht40:
  			return;
  
  		/* Back to HT configuration if channel not usable */
@@ -60,8 +60,8 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 +				return;
  	}
  
- 	chwidth = VHT_CHANWIDTH_80MHZ;
-@@ -2369,10 +2380,11 @@ skip_ht40:
+ 	chwidth = CHANWIDTH_80MHZ;
+@@ -2377,10 +2388,11 @@ skip_ht40:
  				if (!chan)
  					continue;
  
@@ -75,4 +75,4 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 +						continue;
  
  				/* Found a suitable second segment for 80+80 */
- 				chwidth = VHT_CHANWIDTH_80P80MHZ;
+ 				chwidth = CHANWIDTH_80P80MHZ;

package/network/services/hostapd/patches/013-mesh-do-not-allow-pri-sec-channel-switch.patch

@@ -19,7 +19,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 
 --- a/wpa_supplicant/mesh.c
 +++ b/wpa_supplicant/mesh.c
-@@ -385,6 +385,7 @@ static int wpa_supplicant_mesh_init(stru
+@@ -386,6 +386,7 @@ static int wpa_supplicant_mesh_init(stru
  		conf->basic_rates[rate_len] = -1;
  	}
  

package/network/services/hostapd/patches/015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch

@@ -17,7 +17,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -7411,6 +7411,10 @@ static int wpa_driver_nl80211_send_actio
+@@ -7462,6 +7462,10 @@ static int wpa_driver_nl80211_send_actio
  	int ret = -1;
  	u8 *buf;
  	struct ieee80211_hdr *hdr;
@@ -28,7 +28,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  
  	wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, "
  		   "freq=%u MHz wait=%d ms no_cck=%d)",
-@@ -7435,6 +7439,21 @@ static int wpa_driver_nl80211_send_actio
+@@ -7486,6 +7490,21 @@ static int wpa_driver_nl80211_send_actio
  		os_memset(bss->rand_addr, 0, ETH_ALEN);
  	}
  
@@ -50,7 +50,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  	if (is_ap_interface(drv->nlmode) &&
  	    (!(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) ||
  	     (int) freq == bss->freq || drv->device_ap_sme ||
-@@ -7446,7 +7465,7 @@ static int wpa_driver_nl80211_send_actio
+@@ -7497,7 +7516,7 @@ static int wpa_driver_nl80211_send_actio
  		ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf,
  					     24 + data_len,
  					     &drv->send_action_cookie,

package/network/services/hostapd/patches/016-mesh-fix-channel-switch-error-during-CAC.patch

@@ -24,7 +24,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  #include "ap/sta_info.h"
  #include "ap/hostapd.h"
  #include "ap/ieee802_11.h"
-@@ -204,6 +205,30 @@ static void wpas_mesh_complete_cb(void *
+@@ -204,6 +205,32 @@ static void wpas_mesh_complete_cb(void *
  		return;
  	}
  
@@ -41,11 +41,13 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 +				ifmsh->conf->channel,
 +				ifmsh->conf->ieee80211n,
 +				ifmsh->conf->ieee80211ac,
++				ifmsh->conf->ieee80211ax,
 +				ifmsh->conf->secondary_channel,
-+				ifmsh->conf->vht_oper_chwidth,
-+				ifmsh->conf->vht_oper_centr_freq_seg0_idx,
-+				ifmsh->conf->vht_oper_centr_freq_seg1_idx,
-+				ifmsh->conf->vht_capab)) {
++				hostapd_get_oper_chwidth(ifmsh->conf),
++				hostapd_get_oper_centr_freq_seg0_idx(ifmsh->conf),
++				hostapd_get_oper_centr_freq_seg1_idx(ifmsh->conf),
++				ifmsh->current_mode->vht_capab,
++				&ifmsh->current_mode->he_capab[IEEE80211_MODE_AP])) {
 +			wpa_printf(MSG_ERROR, "Error updating mesh frequency params.");
 +			wpa_supplicant_mesh_deinit(wpa_s);
 +			return;

package/network/services/hostapd/patches/018-mesh-make-forwarding-configurable.patch

@@ -23,7 +23,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 
 --- a/src/ap/ap_config.h
 +++ b/src/ap/ap_config.h
-@@ -50,6 +50,7 @@ struct mesh_conf {
+@@ -51,6 +51,7 @@ struct mesh_conf {
  	int dot11MeshRetryTimeout; /* msec */
  	int dot11MeshConfirmTimeout; /* msec */
  	int dot11MeshHoldingTimeout; /* msec */
@@ -31,7 +31,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  };
  
  #define MAX_STA_COUNT 2007
-@@ -645,6 +646,7 @@ struct hostapd_bss_config {
+@@ -666,6 +667,7 @@ struct hostapd_bss_config {
  
  #define MESH_ENABLED BIT(0)
  	int mesh;
@@ -41,7 +41,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -1409,6 +1409,7 @@ struct wpa_driver_mesh_bss_params {
+@@ -1450,6 +1450,7 @@ struct wpa_driver_mesh_bss_params {
  #define WPA_DRIVER_MESH_CONF_FLAG_MAX_PEER_LINKS	0x00000004
  #define WPA_DRIVER_MESH_CONF_FLAG_HT_OP_MODE		0x00000008
  #define WPA_DRIVER_MESH_CONF_FLAG_RSSI_THRESHOLD	0x00000010
@@ -49,7 +49,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  	/*
  	 * TODO: Other mesh configuration parameters would go here.
  	 * See NL80211_MESHCONF_* for all the mesh config parameters.
-@@ -1418,6 +1419,7 @@ struct wpa_driver_mesh_bss_params {
+@@ -1459,6 +1460,7 @@ struct wpa_driver_mesh_bss_params {
  	int peer_link_timeout;
  	int max_peer_links;
  	int rssi_threshold;
@@ -59,7 +59,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -9512,6 +9512,9 @@ static int nl80211_put_mesh_config(struc
+@@ -9592,6 +9592,9 @@ static int nl80211_put_mesh_config(struc
  	if (((params->flags & WPA_DRIVER_MESH_CONF_FLAG_AUTO_PLINKS) &&
  	     nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
  			params->auto_plinks)) ||
@@ -79,7 +79,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  	{ INT_RANGE(mesh_rssi_threshold, -255, 1) },
  #else /* CONFIG_MESH */
  	{ INT_RANGE(mode, 0, 4) },
-@@ -2868,6 +2869,7 @@ void wpa_config_set_network_defaults(str
+@@ -2869,6 +2870,7 @@ void wpa_config_set_network_defaults(str
  	ssid->dot11MeshRetryTimeout = DEFAULT_MESH_RETRY_TIMEOUT;
  	ssid->dot11MeshConfirmTimeout = DEFAULT_MESH_CONFIRM_TIMEOUT;
  	ssid->dot11MeshHoldingTimeout = DEFAULT_MESH_HOLDING_TIMEOUT;
@@ -87,7 +87,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  	ssid->mesh_rssi_threshold = DEFAULT_MESH_RSSI_THRESHOLD;
  #endif /* CONFIG_MESH */
  #ifdef CONFIG_HT_OVERRIDES
-@@ -4088,6 +4090,7 @@ struct wpa_config * wpa_config_alloc_emp
+@@ -4089,6 +4091,7 @@ struct wpa_config * wpa_config_alloc_emp
  	config->user_mpm = DEFAULT_USER_MPM;
  	config->max_peer_links = DEFAULT_MAX_PEER_LINKS;
  	config->mesh_max_inactivity = DEFAULT_MESH_MAX_INACTIVITY;
@@ -95,7 +95,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  	config->dot11RSNASAERetransPeriod =
  		DEFAULT_DOT11_RSNA_SAE_RETRANS_PERIOD;
  	config->fast_reauth = DEFAULT_FAST_REAUTH;
-@@ -4725,6 +4728,7 @@ static const struct global_parse_data gl
+@@ -4726,6 +4729,7 @@ static const struct global_parse_data gl
  	{ INT(user_mpm), 0 },
  	{ INT_RANGE(max_peer_links, 0, 255), 0 },
  	{ INT(mesh_max_inactivity), 0 },
@@ -113,7 +113,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  /*
   * The default dot11RSNASAERetransPeriod is defined as 40 ms in the standard,
   * but use 1000 ms in practice to avoid issues on low power CPUs.
-@@ -1326,6 +1327,14 @@ struct wpa_config {
+@@ -1327,6 +1328,14 @@ struct wpa_config {
  	int mesh_max_inactivity;
  
  	/**
@@ -138,7 +138,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  	INT(frequency);
  	INT(fixed_freq);
  #ifdef CONFIG_ACS
-@@ -1471,6 +1472,9 @@ static void wpa_config_write_global(FILE
+@@ -1472,6 +1473,9 @@ static void wpa_config_write_global(FILE
  		fprintf(f, "mesh_max_inactivity=%d\n",
  			config->mesh_max_inactivity);
  
@@ -150,7 +150,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  		fprintf(f, "dot11RSNASAERetransPeriod=%d\n",
 --- a/wpa_supplicant/config_ssid.h
 +++ b/wpa_supplicant/config_ssid.h
-@@ -514,6 +514,11 @@ struct wpa_ssid {
+@@ -516,6 +516,11 @@ struct wpa_ssid {
  	int dot11MeshConfirmTimeout; /* msec */
  	int dot11MeshHoldingTimeout; /* msec */
  
@@ -172,7 +172,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  	conf->dot11MeshMaxRetries = ssid->dot11MeshMaxRetries;
  	conf->dot11MeshRetryTimeout = ssid->dot11MeshRetryTimeout;
  	conf->dot11MeshConfirmTimeout = ssid->dot11MeshConfirmTimeout;
-@@ -325,6 +326,7 @@ static int wpa_supplicant_mesh_init(stru
+@@ -328,6 +329,7 @@ static int wpa_supplicant_mesh_init(stru
  	bss->conf->start_disabled = 1;
  	bss->conf->mesh = MESH_ENABLED;
  	bss->conf->ap_max_inactivity = wpa_s->conf->mesh_max_inactivity;
@@ -180,7 +180,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  
  	if (ieee80211_is_dfs(ssid->frequency, wpa_s->hw.modes,
  			     wpa_s->hw.num_modes) && wpa_s->conf->country[0]) {
-@@ -543,6 +545,10 @@ int wpa_supplicant_join_mesh(struct wpa_
+@@ -549,6 +551,10 @@ int wpa_supplicant_join_mesh(struct wpa_
  	}
  	params->conf.peer_link_timeout = wpa_s->conf->mesh_max_inactivity;
  
@@ -193,7 +193,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  	if (wpa_supplicant_mesh_init(wpa_s, ssid, &params->freq)) {
 --- a/wpa_supplicant/mesh_mpm.c
 +++ b/wpa_supplicant/mesh_mpm.c
-@@ -295,9 +295,9 @@ static void mesh_mpm_send_plink_action(s
+@@ -305,9 +305,9 @@ static void mesh_mpm_send_plink_action(s
  		info = (bss->num_plinks > 63 ? 63 : bss->num_plinks) << 1;
  		/* TODO: Add Connected to Mesh Gate/AS subfields */
  		wpabuf_put_u8(buf, info);

package/network/services/hostapd/patches/051-wpa_supplicant-fix-race-condition-in-mesh-mpm-new-pe.patch

@@ -14,7 +14,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/wpa_supplicant/mesh_mpm.c
 +++ b/wpa_supplicant/mesh_mpm.c
-@@ -685,11 +685,12 @@ static struct sta_info * mesh_mpm_add_pe
+@@ -710,11 +710,12 @@ static struct sta_info * mesh_mpm_add_pe
  	}
  
  	sta = ap_get_sta(data, addr);

package/network/services/hostapd/patches/066-0001-SAE-Use-const_time_memcmp-for-pwd_value-prime-compar.patch

-From e43f08991f00820c1f711ca254021d5f83b5cd7d Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@codeaurora.org>
-Date: Thu, 25 Apr 2019 18:52:34 +0300
-Subject: [PATCH 1/6] SAE: Use const_time_memcmp() for pwd_value >= prime
- comparison
-
-This reduces timing and memory access pattern differences for an
-operation that could depend on the used password.
-
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-(cherry picked from commit 8e14b030e558d23f65d761895c07089404e61cf1)
----
- src/common/sae.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/src/common/sae.c
-+++ b/src/common/sae.c
-@@ -317,7 +317,7 @@ static int sae_test_pwd_seed_ecc(struct
- 	wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-value",
- 			pwd_value, sae->tmp->prime_len);
- 
--	if (os_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0)
-+	if (const_time_memcmp(pwd_value, prime, sae->tmp->prime_len) >= 0)
- 		return 0;
- 
- 	x_cand = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len);

package/network/services/hostapd/patches/066-0002-EAP-pwd-Use-const_time_memcmp-for-pwd_value-prime-co.patch

-From 20d7bd83c43fb24c4cf84d3045254d3ee1957166 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@codeaurora.org>
-Date: Thu, 25 Apr 2019 19:07:05 +0300
-Subject: [PATCH 2/6] EAP-pwd: Use const_time_memcmp() for pwd_value >= prime
- comparison
-
-This reduces timing and memory access pattern differences for an
-operation that could depend on the used password.
-
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-(cherry picked from commit 7958223fdcfe82479e6ed71019a84f6d4cbf799c)
----
- src/eap_common/eap_pwd_common.c | 13 ++++++++-----
- 1 file changed, 8 insertions(+), 5 deletions(-)
-
---- a/src/eap_common/eap_pwd_common.c
-+++ b/src/eap_common/eap_pwd_common.c
-@@ -144,6 +144,7 @@ int compute_password_element(EAP_PWD_gro
- 	u8 qnr_bin[MAX_ECC_PRIME_LEN];
- 	u8 qr_or_qnr_bin[MAX_ECC_PRIME_LEN];
- 	u8 x_bin[MAX_ECC_PRIME_LEN];
-+	u8 prime_bin[MAX_ECC_PRIME_LEN];
- 	struct crypto_bignum *tmp1 = NULL, *tmp2 = NULL, *pm1 = NULL;
- 	struct crypto_hash *hash;
- 	unsigned char pwe_digest[SHA256_MAC_LEN], *prfbuf = NULL, ctr;
-@@ -161,6 +162,11 @@ int compute_password_element(EAP_PWD_gro
- 	os_memset(x_bin, 0, sizeof(x_bin));
- 
- 	prime = crypto_ec_get_prime(grp->group);
-+	primebitlen = crypto_ec_prime_len_bits(grp->group);
-+	primebytelen = crypto_ec_prime_len(grp->group);
-+	if (crypto_bignum_to_bin(prime, prime_bin, sizeof(prime_bin),
-+				 primebytelen) < 0)
-+		return -1;
- 	grp->pwe = crypto_ec_point_init(grp->group);
- 	tmp1 = crypto_bignum_init();
- 	pm1 = crypto_bignum_init();
-@@ -170,8 +176,6 @@ int compute_password_element(EAP_PWD_gro
- 		goto fail;
- 	}
- 
--	primebitlen = crypto_ec_prime_len_bits(grp->group);
--	primebytelen = crypto_ec_prime_len(grp->group);
- 	if ((prfbuf = os_malloc(primebytelen)) == NULL) {
- 		wpa_printf(MSG_INFO, "EAP-pwd: unable to malloc space for prf "
- 			   "buffer");
-@@ -237,6 +241,8 @@ int compute_password_element(EAP_PWD_gro
- 		if (primebitlen % 8)
- 			buf_shift_right(prfbuf, primebytelen,
- 					8 - primebitlen % 8);
-+		if (const_time_memcmp(prfbuf, prime_bin, primebytelen) >= 0)
-+			continue;
- 
- 		crypto_bignum_deinit(x_candidate, 1);
- 		x_candidate = crypto_bignum_init_set(prfbuf, primebytelen);
-@@ -246,9 +252,6 @@ int compute_password_element(EAP_PWD_gro
- 			goto fail;
- 		}
- 
--		if (crypto_bignum_cmp(x_candidate, prime) >= 0)
--			continue;
--
- 		wpa_hexdump_key(MSG_DEBUG, "EAP-pwd: x_candidate",
- 				prfbuf, primebytelen);
- 		const_time_select_bin(found, x_bin, prfbuf, primebytelen,