hostapd: bump to 2024-03-09

This brings many changes, including fixes for a couple of memory leaks,
and improved interoperability with 802.11r.  There are also many changes
related to 802.11be, which is not enabled at this time.

Fixed upstream:
 - 022-hostapd-fix-use-of-uninitialized-stack-variables.patch
 - 180-driver_nl80211-fix-setting-QoS-map-on-secondary-BSSs.patch
 - 993-2023-10-28-ACS-Fix-typo-in-bw_40-frequency-array.patch

Switch PKG_SOURCE_URL to https, since http is not currently working.

Signed-off-by: Eneas U de Queiroz <[email protected]>
Tested-by: Ilya Katsnelson <[email protected]>
Tested by: Andrew Sim <[email protected]>

package/network/services/hostapd/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
-PKG_RELEASE:=6
+PKG_RELEASE:=1
 
-PKG_SOURCE_URL:=http://w1.fi/hostap.git
+PKG_SOURCE_URL:=https://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2023-09-08
-PKG_SOURCE_VERSION:=e5ccbfc69ecf297590341ae8b461edba9d8e964c
-PKG_MIRROR_HASH:=8be806f6c88e736fff920e0d3e2cde7188fbf640fef47e9aeaad504674bfc0f3
+PKG_SOURCE_DATE:=2024-03-09
+PKG_SOURCE_VERSION:=695277a5b3da08b9a8a4e7117b933deb8b4950a7
+PKG_MIRROR_HASH:=8d6cb89be101bb3dcd84e7eb29484111dfeeeadf49eae85594b08011ba0ed62e
 
 PKG_MAINTAINER:=Felix Fietkau <[email protected]>
 PKG_LICENSE:=BSD-3-Clause

package/network/services/hostapd/patches/001-wolfssl-init-RNG-with-ECC-key.patch

@@ -1,43 +0,0 @@
-From 21ce83b4ae2b9563175fdb4fc4312096cc399cf8 Mon Sep 17 00:00:00 2001
-From: David Bauer <[email protected]>
-Date: Wed, 5 May 2021 00:44:34 +0200
-Subject: [PATCH] wolfssl: add RNG to EC key
-
-Since upstream commit 6467de5a8840 ("Randomize z ordinates in
-scalar mult when timing resistant") WolfSSL requires a RNG for
-the EC key when built hardened which is the default.
-
-Set the RNG for the EC key to fix connections for OWE clients.
-
-Signed-off-by: David Bauer <[email protected]>
----
- src/crypto/crypto_wolfssl.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
---- a/src/crypto/crypto_wolfssl.c
-+++ b/src/crypto/crypto_wolfssl.c
-@@ -1340,6 +1340,7 @@ int ecc_projective_add_point(ecc_point *
- 
- struct crypto_ec {
- 	ecc_key key;
-+	WC_RNG rng;
- 	mp_int a;
- 	mp_int prime;
- 	mp_int order;
-@@ -1394,6 +1395,8 @@ struct crypto_ec * crypto_ec_init(int gr
- 		return NULL;
- 
- 	if (wc_ecc_init(&e->key) != 0 ||
-+	    wc_InitRng(&e->rng) != 0 ||
-+	    wc_ecc_set_rng(&e->key, &e->rng) != 0 ||
- 	    wc_ecc_set_curve(&e->key, 0, curve_id) != 0 ||
- 	    mp_init(&e->a) != MP_OKAY ||
- 	    mp_init(&e->prime) != MP_OKAY ||
-@@ -1425,6 +1428,7 @@ void crypto_ec_deinit(struct crypto_ec*
- 	mp_clear(&e->order);
- 	mp_clear(&e->prime);
- 	mp_clear(&e->a);
-+	wc_FreeRng(&e->rng);
- 	wc_ecc_free(&e->key);
- 	os_free(e);
- }

package/network/services/hostapd/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch

@@ -9,12 +9,12 @@ Note: DFS is assumed to be usable if a country code has been set
 Signed-off-by: Benjamin Berg <[email protected]>
 Signed-off-by: Peter Oh <[email protected]>
 ---
- wpa_supplicant/wpa_supplicant.c | 25 +++++++++++++++++++------
- 1 file changed, 19 insertions(+), 6 deletions(-)
+ wpa_supplicant/wpa_supplicant.c | 38 ++++++++++++++++++++++-----------
+ 1 file changed, 25 insertions(+), 13 deletions(-)
 
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2638,7 +2638,7 @@ static int drv_supports_vht(struct wpa_s
+@@ -2698,7 +2698,7 @@ static int drv_supports_vht(struct wpa_s
  }
  
  
@@ -23,7 +23,7 @@ Signed-off-by: Peter Oh <[email protected]>
  {
  	int i;
  
-@@ -2647,7 +2647,10 @@ static bool ibss_mesh_is_80mhz_avail(int
+@@ -2707,7 +2707,10 @@ static bool ibss_mesh_is_80mhz_avail(int
  
  		chan = hw_get_channel_chan(mode, i, NULL);
  		if (!chan ||
@@ -35,7 +35,7 @@ Signed-off-by: Peter Oh <[email protected]>
  			return false;
  	}
  
-@@ -2774,7 +2777,7 @@ static void ibss_mesh_select_40mhz(struc
+@@ -2834,7 +2837,7 @@ static void ibss_mesh_select_40mhz(struc
  				   const struct wpa_ssid *ssid,
  				   struct hostapd_hw_modes *mode,
  				   struct hostapd_freq_params *freq,
@@ -44,7 +44,7 @@ Signed-off-by: Peter Oh <[email protected]>
  	int chan_idx;
  	struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
  	int i, res;
-@@ -2798,8 +2801,11 @@ static void ibss_mesh_select_40mhz(struc
+@@ -2858,8 +2861,11 @@ static void ibss_mesh_select_40mhz(struc
  		return;
  
  	/* Check primary channel flags */
@@ -57,7 +57,7 @@ Signed-off-by: Peter Oh <[email protected]>
  
  #ifdef CONFIG_HT_OVERRIDES
  	if (ssid->disable_ht40)
-@@ -2825,8 +2831,11 @@ static void ibss_mesh_select_40mhz(struc
+@@ -2885,8 +2891,11 @@ static void ibss_mesh_select_40mhz(struc
  		return;
  
  	/* Check secondary channel flags */
@@ -70,7 +70,7 @@ Signed-off-by: Peter Oh <[email protected]>
  
  	if (ht40 == -1) {
  		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
-@@ -2880,7 +2889,7 @@ static bool ibss_mesh_select_80_160mhz(s
+@@ -2940,7 +2949,7 @@ static bool ibss_mesh_select_80_160mhz(s
  				       const struct wpa_ssid *ssid,
  				       struct hostapd_hw_modes *mode,
  				       struct hostapd_freq_params *freq,
@@ -79,7 +79,7 @@ Signed-off-by: Peter Oh <[email protected]>
  	static const int bw80[] = {
  		5180, 5260, 5500, 5580, 5660, 5745, 5825,
  		5955, 6035, 6115, 6195, 6275, 6355, 6435,
-@@ -2925,7 +2934,7 @@ static bool ibss_mesh_select_80_160mhz(s
+@@ -2985,7 +2994,7 @@ static bool ibss_mesh_select_80_160mhz(s
  		goto skip_80mhz;
  
  	/* Use 40 MHz if channel not usable */
@@ -88,7 +88,7 @@ Signed-off-by: Peter Oh <[email protected]>
  		goto skip_80mhz;
  
  	chwidth = CONF_OPER_CHWIDTH_80MHZ;
-@@ -2939,7 +2948,7 @@ static bool ibss_mesh_select_80_160mhz(s
+@@ -2999,7 +3008,7 @@ static bool ibss_mesh_select_80_160mhz(s
  	if ((mode->he_capab[ieee80211_mode].phy_cap[
  		     HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
  	     HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G) && is_6ghz &&
@@ -97,7 +97,7 @@ Signed-off-by: Peter Oh <[email protected]>
  		for (j = 0; j < ARRAY_SIZE(bw160); j++) {
  			if (freq->freq == bw160[j]) {
  				chwidth = CONF_OPER_CHWIDTH_160MHZ;
-@@ -2967,10 +2976,12 @@ static bool ibss_mesh_select_80_160mhz(s
+@@ -3027,10 +3036,12 @@ static bool ibss_mesh_select_80_160mhz(s
  				if (!chan)
  					continue;
  
@@ -113,15 +113,15 @@ Signed-off-by: Peter Oh <[email protected]>
  
  				/* Found a suitable second segment for 80+80 */
  				chwidth = CONF_OPER_CHWIDTH_80P80MHZ;
-@@ -3025,6 +3036,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -3085,6 +3096,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
  	int i, obss_scan = 1;
  	u8 channel;
- 	bool is_6ghz;
+ 	bool is_6ghz, is_24ghz;
 +	bool dfs_enabled = wpa_s->conf->country[0] && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR);
  
  	freq->freq = ssid->frequency;
  
-@@ -3070,9 +3082,9 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -3133,9 +3145,9 @@ void ibss_mesh_setup_freq(struct wpa_sup
  	freq->channel = channel;
  	/* Setup higher BW only for 5 GHz */
  	if (mode->mode == HOSTAPD_MODE_IEEE80211A) {

package/network/services/hostapd/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch

@@ -64,11 +64,11 @@ Signed-off-by: Markus Theil <[email protected]>
  		return NULL;
 +
  	chan_idx = _rand % num_available_chandefs;
- 	dfs_find_channel(iface, &chan, chan_idx, type);
- 	if (!chan) {
+ 	wpa_printf(MSG_DEBUG, "DFS: Picked random entry from the list: %d/%d",
+ 		   chan_idx, num_available_chandefs);
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -11017,6 +11017,10 @@ static int nl80211_switch_channel(void *
+@@ -11195,6 +11195,10 @@ static int nl80211_switch_channel(void *
  	if (ret)
  		goto error;
  

package/network/services/hostapd/patches/021-fix-sta-add-after-previous-connection.patch

@@ -1,6 +1,6 @@
 --- a/src/ap/ieee802_11.c
 +++ b/src/ap/ieee802_11.c
-@@ -4621,6 +4621,13 @@ static int add_associated_sta(struct hos
+@@ -4659,6 +4659,13 @@ static int add_associated_sta(struct hos
  	 * drivers to accept the STA parameter configuration. Since this is
  	 * after a new FT-over-DS exchange, a new TK has been derived, so key
  	 * reinstallation is not a concern for this case.
@@ -14,7 +14,7 @@
  	 */
  	wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
  		   " (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
-@@ -4634,7 +4641,8 @@ static int add_associated_sta(struct hos
+@@ -4672,7 +4679,8 @@ static int add_associated_sta(struct hos
  	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
  	     (reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
  	     (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&

package/network/services/hostapd/patches/022-hostapd-fix-use-of-uninitialized-stack-variables.patch

@@ -1,25 +0,0 @@
-From: Felix Fietkau <[email protected]>
-Date: Thu, 8 Jul 2021 16:33:03 +0200
-Subject: [PATCH] hostapd: fix use of uninitialized stack variables
-
-When a CSA is performed on an 80 MHz channel, hostapd_change_config_freq
-unconditionally calls hostapd_set_oper_centr_freq_seg0/1_idx with seg0/1
-filled by ieee80211_freq_to_chan.
-However, if ieee80211_freq_to_chan fails (because the freq is 0 or invalid),
-seg0/1 remains uninitialized and filled with stack garbage, causing errors
-such as "hostapd: 80 MHz: center segment 1 configured"
-
-Signed-off-by: Felix Fietkau <[email protected]>
----
-
---- a/src/ap/hostapd.c
-+++ b/src/ap/hostapd.c
-@@ -3764,7 +3764,7 @@ static int hostapd_change_config_freq(st
- 				      struct hostapd_freq_params *old_params)
- {
- 	int channel;
--	u8 seg0, seg1;
-+	u8 seg0 = 0, seg1 = 0;
- 	struct hostapd_hw_modes *mode;
- 
- 	if (!params->channel) {

package/network/services/hostapd/patches/030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch

@@ -10,17 +10,17 @@ Signed-off-by: Felix Fietkau <[email protected]>
 
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -16,9 +16,6 @@
- #include <net/if.h>
+@@ -18,9 +18,6 @@
  #include <netlink/genl/genl.h>
  #include <netlink/genl/ctrl.h>
+ #include <netlink/genl/family.h>
 -#ifdef CONFIG_LIBNL3_ROUTE
 -#include <netlink/route/neighbour.h>
 -#endif /* CONFIG_LIBNL3_ROUTE */
  #include <linux/rtnetlink.h>
  #include <netpacket/packet.h>
  #include <linux/errqueue.h>
-@@ -5783,26 +5780,29 @@ fail:
+@@ -5859,26 +5856,29 @@ fail:
  
  static void rtnl_neigh_delete_fdb_entry(struct i802_bss *bss, const u8 *addr)
  {
@@ -64,7 +64,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
  	if (err < 0) {
  		wpa_printf(MSG_DEBUG, "nl80211: bridge FDB entry delete for "
  			   MACSTR " ifindex=%d failed: %s", MAC2STR(addr),
-@@ -5812,9 +5812,8 @@ static void rtnl_neigh_delete_fdb_entry(
+@@ -5888,9 +5888,8 @@ static void rtnl_neigh_delete_fdb_entry(
  			   MACSTR, MAC2STR(addr));
  	}
  
@@ -76,7 +76,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
  }
  
  
-@@ -8492,7 +8491,6 @@ static void *i802_init(struct hostapd_da
+@@ -8615,7 +8614,6 @@ static void *i802_init(struct hostapd_da
  	    (params->num_bridge == 0 || !params->bridge[0]))
  		add_ifidx(drv, br_ifindex, drv->ifindex);
  
@@ -84,7 +84,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
  	if (bss->added_if_into_bridge || bss->already_in_bridge) {
  		int err;
  
-@@ -8509,7 +8507,6 @@ static void *i802_init(struct hostapd_da
+@@ -8632,7 +8630,6 @@ static void *i802_init(struct hostapd_da
  			goto failed;
  		}
  	}
@@ -92,7 +92,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
  
  	if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) {
  		wpa_printf(MSG_DEBUG,
-@@ -11883,13 +11880,14 @@ static int wpa_driver_br_add_ip_neigh(vo
+@@ -12071,13 +12068,14 @@ static int wpa_driver_br_add_ip_neigh(vo
  				      const u8 *ipaddr, int prefixlen,
  				      const u8 *addr)
  {
@@ -112,7 +112,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
  	int res;
  
  	if (!ipaddr || prefixlen == 0 || !addr)
-@@ -11908,85 +11906,66 @@ static int wpa_driver_br_add_ip_neigh(vo
+@@ -12096,85 +12094,66 @@ static int wpa_driver_br_add_ip_neigh(vo
  	}
  
  	if (version == 4) {
@@ -220,7 +220,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
  		addrsize = 16;
  	} else {
  		return -EINVAL;
-@@ -12004,41 +11983,30 @@ static int wpa_driver_br_delete_ip_neigh
+@@ -12192,41 +12171,30 @@ static int wpa_driver_br_delete_ip_neigh
  		return -1;
  	}
  

package/network/services/hostapd/patches/040-mesh-allow-processing-authentication-frames-in-block.patch

@@ -16,7 +16,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
 
 --- a/src/ap/ieee802_11.c
 +++ b/src/ap/ieee802_11.c
-@@ -3020,15 +3020,6 @@ static void handle_auth(struct hostapd_d
+@@ -3032,15 +3032,6 @@ static void handle_auth(struct hostapd_d
  				       seq_ctrl);
  			return;
  		}

package/network/services/hostapd/patches/050-build_fix.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/Makefile
 +++ b/hostapd/Makefile
-@@ -324,6 +324,7 @@ ifdef CONFIG_FILS
+@@ -326,6 +326,7 @@ ifdef CONFIG_FILS
  CFLAGS += -DCONFIG_FILS
  OBJS += ../src/ap/fils_hlp.o
  NEED_SHA384=y
@@ -10,7 +10,7 @@
  CFLAGS += -DCONFIG_FILS_SK_PFS
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -331,6 +331,7 @@ endif
+@@ -334,6 +334,7 @@ endif
  ifdef CONFIG_FILS
  CFLAGS += -DCONFIG_FILS
  NEED_SHA384=y

package/network/services/hostapd/patches/110-mbedtls-TLS-crypto-option-initial-port.patch

@@ -21,7 +21,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
 
 --- a/hostapd/Makefile
 +++ b/hostapd/Makefile
-@@ -745,6 +745,40 @@ endif
+@@ -758,6 +758,40 @@ endif
  CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\"
  endif
  
@@ -62,7 +62,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifeq ($(CONFIG_TLS), gnutls)
  ifndef CONFIG_CRYPTO
  # default to libgcrypt
-@@ -924,9 +958,11 @@ endif
+@@ -937,9 +971,11 @@ endif
  
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -74,7 +74,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifdef NEED_AES_EAX
  AESOBJS += ../src/crypto/aes-eax.o
  NEED_AES_CTR=y
-@@ -936,38 +972,48 @@ AESOBJS += ../src/crypto/aes-siv.o
+@@ -949,38 +985,48 @@ AESOBJS += ../src/crypto/aes-siv.o
  NEED_AES_CTR=y
  endif
  ifdef NEED_AES_CTR
@@ -123,7 +123,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifdef NEED_AES_DEC
  ifdef CONFIG_INTERNAL_AES
  AESOBJS += ../src/crypto/aes-internal-dec.o
-@@ -982,12 +1028,16 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -995,12 +1041,16 @@ ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), gnutls)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -140,7 +140,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifdef CONFIG_INTERNAL_SHA1
  SHA1OBJS += ../src/crypto/sha1-internal.o
  ifdef NEED_FIPS186_2_PRF
-@@ -996,16 +1046,22 @@ endif
+@@ -1009,16 +1059,22 @@ endif
  endif
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -163,7 +163,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  
  ifdef NEED_SHA1
  OBJS += $(SHA1OBJS)
-@@ -1015,11 +1071,13 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1028,11 +1084,13 @@ ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), gnutls)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -177,7 +177,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  
  ifdef NEED_MD5
  ifdef CONFIG_INTERNAL_MD5
-@@ -1058,56 +1116,81 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1071,56 +1129,81 @@ ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), gnutls)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -259,7 +259,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  
  ifdef CONFIG_INTERNAL_SHA384
  CFLAGS += -DCONFIG_INTERNAL_SHA384
-@@ -1152,11 +1235,13 @@ HOBJS += $(SHA1OBJS)
+@@ -1165,11 +1248,13 @@ HOBJS += $(SHA1OBJS)
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -273,7 +273,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  
  ifdef CONFIG_RADIUS_SERVER
  CFLAGS += -DRADIUS_SERVER
-@@ -1329,7 +1414,9 @@ NOBJS += ../src/utils/trace.o
+@@ -1342,7 +1427,9 @@ NOBJS += ../src/utils/trace.o
  endif
  
  HOBJS += hlr_auc_gw.o ../src/utils/common.o ../src/utils/wpa_debug.o ../src/utils/os_$(CONFIG_OS).o ../src/utils/wpabuf.o ../src/crypto/milenage.o
@@ -283,7 +283,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifdef CONFIG_INTERNAL_AES
  HOBJS += ../src/crypto/aes-internal.o
  HOBJS += ../src/crypto/aes-internal-enc.o
-@@ -1352,13 +1439,17 @@ SOBJS += ../src/common/sae.o
+@@ -1365,13 +1452,17 @@ SOBJS += ../src/common/sae.o
  SOBJS += ../src/common/sae_pk.o
  SOBJS += ../src/common/dragonfly.o
  SOBJS += $(AESOBJS)
@@ -326,7 +326,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  # Driver interface for Host AP driver
  CONFIG_DRIVER_HOSTAP=y
  
-@@ -278,6 +290,7 @@ CONFIG_IPV6=y
+@@ -281,6 +293,7 @@ CONFIG_IPV6=y
  # openssl = OpenSSL (default)
  # gnutls = GnuTLS
  # internal = Internal TLSv1 implementation (experimental)
@@ -7765,7 +7765,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  CONFIG_SIM_SIMULATOR=y
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -1163,6 +1163,29 @@ endif
+@@ -1230,6 +1230,29 @@ endif
  CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\"
  endif
  
@@ -7795,7 +7795,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifeq ($(CONFIG_TLS), gnutls)
  ifndef CONFIG_CRYPTO
  # default to libgcrypt
-@@ -1355,9 +1378,11 @@ endif
+@@ -1422,9 +1445,11 @@ endif
  
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -7807,7 +7807,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifdef CONFIG_OPENSSL_INTERNAL_AES_WRAP
  # Seems to be needed at least with BoringSSL
  NEED_INTERNAL_AES_WRAP=y
-@@ -1371,9 +1396,11 @@ endif
+@@ -1438,9 +1463,11 @@ endif
  
  ifdef NEED_INTERNAL_AES_WRAP
  ifneq ($(CONFIG_TLS), linux)
@@ -7819,7 +7819,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifdef NEED_AES_EAX
  AESOBJS += ../src/crypto/aes-eax.o
  NEED_AES_CTR=y
-@@ -1383,35 +1410,45 @@ AESOBJS += ../src/crypto/aes-siv.o
+@@ -1450,35 +1477,45 @@ AESOBJS += ../src/crypto/aes-siv.o
  NEED_AES_CTR=y
  endif
  ifdef NEED_AES_CTR
@@ -7865,7 +7865,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifdef NEED_AES_ENC
  ifdef CONFIG_INTERNAL_AES
  AESOBJS += ../src/crypto/aes-internal-enc.o
-@@ -1426,12 +1463,16 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1493,12 +1530,16 @@ ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), gnutls)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -7882,7 +7882,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifdef CONFIG_INTERNAL_SHA1
  SHA1OBJS += ../src/crypto/sha1-internal.o
  ifdef NEED_FIPS186_2_PRF
-@@ -1443,29 +1484,37 @@ CFLAGS += -DCONFIG_NO_PBKDF2
+@@ -1510,29 +1551,37 @@ CFLAGS += -DCONFIG_NO_PBKDF2
  else
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -7920,7 +7920,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifdef NEED_MD5
  ifdef CONFIG_INTERNAL_MD5
  MD5OBJS += ../src/crypto/md5-internal.o
-@@ -1520,12 +1569,17 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1587,12 +1636,17 @@ ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), gnutls)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -7938,7 +7938,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifdef CONFIG_INTERNAL_SHA256
  SHA256OBJS += ../src/crypto/sha256-internal.o
  endif
-@@ -1538,50 +1592,68 @@ CFLAGS += -DCONFIG_INTERNAL_SHA512
+@@ -1605,50 +1659,68 @@ CFLAGS += -DCONFIG_INTERNAL_SHA512
  SHA256OBJS += ../src/crypto/sha512-internal.o
  endif
  ifdef NEED_TLS_PRF_SHA256
@@ -8007,7 +8007,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  
  ifdef NEED_ASN1
  OBJS += ../src/tls/asn1.o
-@@ -1756,10 +1828,12 @@ ifdef CONFIG_FIPS
+@@ -1823,10 +1895,12 @@ ifdef CONFIG_FIPS
  CFLAGS += -DCONFIG_FIPS
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -8041,7 +8041,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  # Driver interface for generic Linux wireless extensions
  # Note: WEXT is deprecated in the current Linux kernel version and no new
  # functionality is added to it. nl80211-based interface is the new
-@@ -326,6 +327,7 @@ CONFIG_BACKEND=file
+@@ -329,6 +330,7 @@ CONFIG_BACKEND=file
  # openssl = OpenSSL (default)
  # gnutls = GnuTLS
  # internal = Internal TLSv1 implementation (experimental)

package/network/services/hostapd/patches/120-mbedtls-fips186_2_prf.patch

@@ -12,7 +12,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
 
 --- a/hostapd/Makefile
 +++ b/hostapd/Makefile
-@@ -759,10 +759,6 @@ endif
+@@ -772,10 +772,6 @@ endif
  OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
  HOBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
  SOBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
@@ -101,7 +101,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -1174,10 +1174,6 @@ endif
+@@ -1241,10 +1241,6 @@ endif
  OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
  OBJS_p += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
  OBJS_priv += ../src/crypto/crypto_$(CONFIG_CRYPTO).o

package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch

@@ -38,15 +38,15 @@ Signed-off-by: Glenn Strauss <[email protected]>
  src/crypto/Makefile                       | 129 ++++++++++++++++++++-
  src/crypto/crypto_module_tests.c          | 134 ++++++++++++++++++++++
  src/tls/Makefile                          |  11 ++
- tests/Makefile                            |  75 +++++++++---
- tests/hwsim/example-hostapd.config        |  11 +-
- tests/hwsim/example-wpa_supplicant.config |  12 +-
+ tests/Makefile                            |  76 +++++++++---
+ tests/hwsim/example-hostapd.config        |  10 +-
+ tests/hwsim/example-wpa_supplicant.config |  11 +-
  tests/hwsim/test_ap_eap.py                | 114 +++++++++++++-----
  tests/hwsim/test_ap_ft.py                 |   4 +-
  tests/hwsim/test_authsrv.py               |   9 +-
  tests/hwsim/test_dpp.py                   |  19 ++-
  tests/hwsim/test_erp.py                   |  16 +--
- tests/hwsim/test_fils.py                  |   5 +-
+ tests/hwsim/test_fils.py                  |   4 +
  tests/hwsim/test_pmksa_cache.py           |   4 +-
  tests/hwsim/test_sae.py                   |   7 ++
  tests/hwsim/test_suite_b.py               |   3 +
@@ -56,12 +56,12 @@ Signed-off-by: Glenn Strauss <[email protected]>
  tests/test-https.c                        |  12 +-
  tests/test-https_server.c                 |  12 +-
  wpa_supplicant/Makefile                   |   6 +
- 22 files changed, 524 insertions(+), 91 deletions(-)
+ 22 files changed, 522 insertions(+), 91 deletions(-)
  create mode 100644 tests/test-crypto_module.c
 
 --- a/hostapd/Makefile
 +++ b/hostapd/Makefile
-@@ -696,6 +696,7 @@ CFLAGS += -DCONFIG_TLSV12
+@@ -709,6 +709,7 @@ CFLAGS += -DCONFIG_TLSV12
  endif
  
  ifeq ($(CONFIG_TLS), wolfssl)
@@ -69,7 +69,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  CONFIG_CRYPTO=wolfssl
  ifdef TLS_FUNCS
  OBJS += ../src/crypto/tls_wolfssl.o
-@@ -716,6 +717,7 @@ endif
+@@ -729,6 +730,7 @@ endif
  endif
  
  ifeq ($(CONFIG_TLS), openssl)
@@ -77,7 +77,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  CFLAGS += -DCRYPTO_RSA_OAEP_SHA256
  CONFIG_CRYPTO=openssl
  ifdef TLS_FUNCS
-@@ -746,6 +748,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF
+@@ -759,6 +761,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF
  endif
  
  ifeq ($(CONFIG_TLS), mbedtls)
@@ -85,7 +85,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifndef CONFIG_CRYPTO
  CONFIG_CRYPTO=mbedtls
  endif
-@@ -776,6 +779,7 @@ endif
+@@ -789,6 +792,7 @@ endif
  endif
  
  ifeq ($(CONFIG_TLS), gnutls)
@@ -93,7 +93,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifndef CONFIG_CRYPTO
  # default to libgcrypt
  CONFIG_CRYPTO=gnutls
-@@ -806,6 +810,7 @@ endif
+@@ -819,6 +823,7 @@ endif
  endif
  
  ifeq ($(CONFIG_TLS), internal)
@@ -101,7 +101,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifndef CONFIG_CRYPTO
  CONFIG_CRYPTO=internal
  endif
-@@ -884,6 +889,7 @@ endif
+@@ -897,6 +902,7 @@ endif
  endif
  
  ifeq ($(CONFIG_TLS), linux)
@@ -271,7 +271,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  endif
 --- a/src/crypto/crypto_module_tests.c
 +++ b/src/crypto/crypto_module_tests.c
-@@ -2469,6 +2469,139 @@ static int test_hpke(void)
+@@ -2470,6 +2470,139 @@ static int test_hpke(void)
  }
  
  
@@ -411,7 +411,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  static int test_ms_funcs(void)
  {
  #ifndef CONFIG_FIPS
-@@ -2590,6 +2723,7 @@ int crypto_module_tests(void)
+@@ -2591,6 +2724,7 @@ int crypto_module_tests(void)
  	    test_fips186_2_prf() ||
  	    test_extract_expand_hkdf() ||
  	    test_hpke() ||
@@ -444,23 +444,25 @@ Signed-off-by: Glenn Strauss <[email protected]>
  include ../lib.rules
 --- a/tests/Makefile
 +++ b/tests/Makefile
-@@ -1,8 +1,10 @@
+@@ -1,10 +1,12 @@
 -ALL=test-base64 test-md4 test-milenage \
 -	test-rsa-sig-ver \
 -	test-sha1 \
 -	test-https test-https_server \
--	test-sha256 test-aes test-x509v3 test-list test-rc4
+-	test-sha256 test-aes test-x509v3 test-list test-rc4 \
 +RUN_TESTS= \
 +	test-list \
 +	test-md4 test-rc4 test-sha1 test-sha256 \
 +	test-milenage test-aes \
-+	test-crypto_module
-+
-+ALL=$(RUN_TESTS) test-base64 test-https test-https_server
++	test-crypto_module \
+ 	test-bss
  
++ALL=$(RUN_TESTS) test-base64 test-https test-https_server
++
  include ../src/build.rules
  
-@@ -24,13 +26,27 @@ CFLAGS += -DCONFIG_IEEE80211R_AP
+ ifdef LIBFUZZER
+@@ -25,13 +27,27 @@ CFLAGS += -DCONFIG_IEEE80211R_AP
  CFLAGS += -DCONFIG_IEEE80211R
  CFLAGS += -DCONFIG_TDLS
  
@@ -490,7 +492,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  
  _OBJS_VAR := LLIBS
  include ../src/objs.mk
-@@ -42,12 +58,43 @@ include ../src/objs.mk
+@@ -43,12 +59,43 @@ include ../src/objs.mk
  LIBS = $(SLIBS) $(DLIBS)
  LLIBS = -Wl,--start-group $(DLIBS) -Wl,--end-group $(SLIBS)
  
@@ -534,8 +536,8 @@ Signed-off-by: Glenn Strauss <[email protected]>
  test-base64: $(call BUILDOBJ,test-base64.o) $(LIBS)
  	$(LDO) $(LDFLAGS) -o $@ $^ $(LLIBS)
  
-@@ -83,17 +130,11 @@ test-x509v3: $(call BUILDOBJ,test-x509v3
- 
+@@ -141,18 +188,11 @@ test-bss: $(call BUILDOBJ,test-bss.o) $(
+ 	$(LDO) $(LDFLAGS) -o $@ $< $(LLIBS) $(WPA_CFLAGS) $(WPA_OBJS) $(LIBS)
  
  run-tests: $(ALL)
 -	./test-aes
@@ -545,6 +547,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
 -	./test-rsa-sig-ver
 -	./test-sha1
 -	./test-sha256
+-	./test-bss
 +	@set -ex; for i in $(RUN_TESTS); do ./$$i; done
  	@echo
  	@echo All tests completed successfully.
@@ -575,14 +578,6 @@ Signed-off-by: Glenn Strauss <[email protected]>
  CONFIG_EAP_EKE=y
  CONFIG_PKCS12=y
  CONFIG_RADIUS_SERVER=y
-@@ -89,6 +81,7 @@ CFLAGS += -DCONFIG_RADIUS_TEST
- CONFIG_MODULE_TESTS=y
- 
- CONFIG_SUITEB=y
-+CONFIG_SUITEB192=$(if $(filter openssl mbedtls,$(CONFIG_TLS)),y,)
- 
- # AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
- # This can be used as a more efficient memory error detector than valgrind
 --- a/tests/hwsim/example-wpa_supplicant.config
 +++ b/tests/hwsim/example-wpa_supplicant.config
 @@ -35,16 +35,7 @@ LIBS += -rdynamic
@@ -603,14 +598,6 @@ Signed-off-by: Glenn Strauss <[email protected]>
  
  CONFIG_USIM_SIMULATOR=y
  CONFIG_SIM_SIMULATOR=y
-@@ -137,6 +128,7 @@ CONFIG_TESTING_OPTIONS=y
- CONFIG_MODULE_TESTS=y
- 
- CONFIG_SUITEB=y
-+CONFIG_SUITEB192=$(if $(filter openssl mbedtls,$(CONFIG_TLS)),y,)
- 
- # AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
- # This can be used as a more efficient memory error detector than valgrind
 --- a/tests/hwsim/test_ap_eap.py
 +++ b/tests/hwsim/test_ap_eap.py
 @@ -42,20 +42,42 @@ def check_eap_capa(dev, method):
@@ -708,10 +695,10 @@ Signed-off-by: Glenn Strauss <[email protected]>
      tls = dev.request("GET tls_library")
 +    if tls.startswith("mbed TLS"):
 +        raise HwsimSkip("TLS v1.3 not supported")
-     if "run=OpenSSL 1.1.1" not in tls and "run=OpenSSL 3.0" not in tls and "wolfSSL" not in tls:
-         raise HwsimSkip("TLS v1.3 not supported")
- 
-@@ -118,11 +157,15 @@ def check_pkcs12_support(dev):
+     ok = ['run=OpenSSL 1.1.1', 'run=OpenSSL 3.0', 'run=OpenSSL 3.1',
+           'run=OpenSSL 3.2', 'wolfSSL']
+     for s in ok:
+@@ -122,11 +161,15 @@ def check_pkcs12_support(dev):
      #    raise HwsimSkip("PKCS#12 not supported with this TLS library: " + tls)
      if tls.startswith("wolfSSL"):
          raise HwsimSkip("PKCS#12 not supported with this TLS library: " + tls)
@@ -727,7 +714,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  
  def check_ec_support(dev):
      tls = dev.request("GET tls_library")
-@@ -1595,7 +1638,7 @@ def test_ap_wpa2_eap_ttls_pap_subject_ma
+@@ -1741,7 +1784,7 @@ def test_ap_wpa2_eap_ttls_pap_subject_ma
      eap_connect(dev[0], hapd, "TTLS", "pap user",
                  anonymous_identity="ttls", password="password",
                  ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
@@ -736,7 +723,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
                  altsubject_match="EMAIL:[email protected];DNS:server.w1.fi;URI:http://example.com/")
      eap_reauth(dev[0], "TTLS")
  
-@@ -2830,6 +2873,7 @@ def test_ap_wpa2_eap_tls_neg_domain_matc
+@@ -2976,6 +3019,7 @@ def test_ap_wpa2_eap_tls_neg_domain_matc
  
  def test_ap_wpa2_eap_tls_neg_subject_match(dev, apdev):
      """WPA2-Enterprise negative test - subject mismatch"""
@@ -744,7 +731,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
      hostapd.add_ap(apdev[0], params)
      dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-@@ -2890,6 +2934,7 @@ def test_ap_wpa2_eap_tls_neg_subject_mat
+@@ -3036,6 +3080,7 @@ def test_ap_wpa2_eap_tls_neg_subject_mat
  
  def test_ap_wpa2_eap_tls_neg_altsubject_match(dev, apdev):
      """WPA2-Enterprise negative test - altsubject mismatch"""
@@ -752,7 +739,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
      hostapd.add_ap(apdev[0], params)
  
-@@ -3430,7 +3475,7 @@ def test_ap_wpa2_eap_ikev2_oom(dev, apde
+@@ -3582,7 +3627,7 @@ def test_ap_wpa2_eap_ikev2_oom(dev, apde
              dev[0].request("REMOVE_NETWORK all")
  
      tls = dev[0].request("GET tls_library")
@@ -761,7 +748,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
          tests = [(1, "os_get_random;dh_init")]
      else:
          tests = [(1, "crypto_dh_init;dh_init")]
-@@ -4744,7 +4789,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
+@@ -4896,7 +4941,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
      params["private_key"] = "auth_serv/iCA-server/server.key"
      hostapd.add_ap(apdev[0], params)
      tls = dev[0].request("GET tls_library")
@@ -770,7 +757,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
          ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
          client_cert = "auth_serv/iCA-user/user_and_ica.pem"
      else:
-@@ -4810,6 +4855,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
+@@ -4962,6 +5007,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
      run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, "-sha1")
  
  def run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, md):
@@ -778,7 +765,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      params = int_eap_server_params()
      params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem"
      params["server_cert"] = "auth_serv/iCA-server/server.pem"
-@@ -4819,7 +4865,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_
+@@ -4971,7 +5017,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_
      try:
          hostapd.add_ap(apdev[0], params)
          tls = dev[0].request("GET tls_library")
@@ -787,7 +774,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
              ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
              client_cert = "auth_serv/iCA-user/user_and_ica.pem"
          else:
-@@ -4855,7 +4901,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_
+@@ -5007,7 +5053,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_
      try:
          hostapd.add_ap(apdev[0], params)
          tls = dev[0].request("GET tls_library")
@@ -796,7 +783,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
              ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
              client_cert = "auth_serv/iCA-user/user_and_ica.pem"
          else:
-@@ -4905,7 +4951,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
+@@ -5057,7 +5103,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
      try:
          hostapd.add_ap(apdev[0], params)
          tls = dev[0].request("GET tls_library")
@@ -805,7 +792,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
              ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
              client_cert = "auth_serv/iCA-user/user_and_ica.pem"
          else:
-@@ -4972,7 +5018,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
+@@ -5124,7 +5170,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
  
          hostapd.add_ap(apdev[0], params)
          tls = dev[0].request("GET tls_library")
@@ -814,7 +801,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
              ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
              client_cert = "auth_serv/iCA-user/user_and_ica.pem"
          else:
-@@ -5230,6 +5276,7 @@ def test_ap_wpa2_eap_ttls_server_cert_ek
+@@ -5382,6 +5428,7 @@ def test_ap_wpa2_eap_ttls_server_cert_ek
  
  def test_ap_wpa2_eap_ttls_server_pkcs12(dev, apdev):
      """WPA2-Enterprise using EAP-TTLS and server PKCS#12 file"""
@@ -822,7 +809,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      skip_with_fips(dev[0])
      params = int_eap_server_params()
      del params["server_cert"]
-@@ -5242,6 +5289,7 @@ def test_ap_wpa2_eap_ttls_server_pkcs12(
+@@ -5394,6 +5441,7 @@ def test_ap_wpa2_eap_ttls_server_pkcs12(
  
  def test_ap_wpa2_eap_ttls_server_pkcs12_extra(dev, apdev):
      """EAP-TTLS and server PKCS#12 file with extra certs"""
@@ -830,7 +817,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      skip_with_fips(dev[0])
      params = int_eap_server_params()
      del params["server_cert"]
-@@ -5264,6 +5312,7 @@ def test_ap_wpa2_eap_ttls_dh_params_serv
+@@ -5416,6 +5464,7 @@ def test_ap_wpa2_eap_ttls_dh_params_serv
  
  def test_ap_wpa2_eap_ttls_dh_params_dsa_server(dev, apdev):
      """WPA2-Enterprise using EAP-TTLS and alternative server dhparams (DSA)"""
@@ -838,7 +825,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      params = int_eap_server_params()
      params["dh_file"] = "auth_serv/dsaparam.pem"
      hapd = hostapd.add_ap(apdev[0], params)
-@@ -5575,8 +5624,8 @@ def test_ap_wpa2_eap_non_ascii_identity2
+@@ -5727,8 +5776,8 @@ def test_ap_wpa2_eap_non_ascii_identity2
  def test_openssl_cipher_suite_config_wpas(dev, apdev):
      """OpenSSL cipher suite configuration on wpa_supplicant"""
      tls = dev[0].request("GET tls_library")
@@ -849,7 +836,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
      hapd = hostapd.add_ap(apdev[0], params)
      eap_connect(dev[0], hapd, "TTLS", "pap user",
-@@ -5602,14 +5651,14 @@ def test_openssl_cipher_suite_config_wpa
+@@ -5754,14 +5803,14 @@ def test_openssl_cipher_suite_config_wpa
  def test_openssl_cipher_suite_config_hapd(dev, apdev):
      """OpenSSL cipher suite configuration on hostapd"""
      tls = dev[0].request("GET tls_library")
@@ -868,7 +855,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      eap_connect(dev[0], hapd, "TTLS", "pap user",
                  anonymous_identity="ttls", password="password",
                  ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
-@@ -6051,13 +6100,17 @@ def test_ap_wpa2_eap_tls_versions(dev, a
+@@ -6207,13 +6256,17 @@ def test_ap_wpa2_eap_tls_versions(dev, a
              check_tls_ver(dev[0], hapd,
                            "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1",
                            "TLSv1.2")
@@ -888,10 +875,10 @@ Signed-off-by: Glenn Strauss <[email protected]>
 +                      "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=0 tls_disable_tlsv1_2=1", "TLSv1.1")
 +        check_tls_ver(dev[2], hapd,
 +                      "tls_disable_tlsv1_0=0 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1", "TLSv1")
-     if "run=OpenSSL 1.1.1" in tls or "run=OpenSSL 3.0" in tls:
+     if "run=OpenSSL 1.1.1" in tls or "run=OpenSSL 3." in tls:
          check_tls_ver(dev[0], hapd,
                        "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0", "TLSv1.3")
-@@ -6079,6 +6132,11 @@ def test_ap_wpa2_eap_tls_versions_server
+@@ -6235,6 +6288,11 @@ def test_ap_wpa2_eap_tls_versions_server
      tests = [("TLSv1", "[ENABLE-TLSv1.0][DISABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"),
               ("TLSv1.1", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"),
               ("TLSv1.2", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][ENABLE-TLSv1.2][DISABLE-TLSv1.3]")]
@@ -903,7 +890,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      for exp, flags in tests:
          hapd.disable()
          hapd.set("tls_flags", flags)
-@@ -7138,6 +7196,7 @@ def test_ap_wpa2_eap_assoc_rsn(dev, apde
+@@ -7305,6 +7363,7 @@ def test_ap_wpa2_eap_assoc_rsn(dev, apde
  def test_eap_tls_ext_cert_check(dev, apdev):
      """EAP-TLS and external server certification validation"""
      # With internal server certificate chain validation
@@ -911,7 +898,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
                          identity="tls user",
                          ca_cert="auth_serv/ca.pem",
-@@ -7150,6 +7209,7 @@ def test_eap_tls_ext_cert_check(dev, apd
+@@ -7317,6 +7376,7 @@ def test_eap_tls_ext_cert_check(dev, apd
  def test_eap_ttls_ext_cert_check(dev, apdev):
      """EAP-TTLS and external server certification validation"""
      # Without internal server certificate chain validation
@@ -919,7 +906,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
                          identity="pap user", anonymous_identity="ttls",
                          password="password", phase2="auth=PAP",
-@@ -7160,6 +7220,7 @@ def test_eap_ttls_ext_cert_check(dev, ap
+@@ -7327,6 +7387,7 @@ def test_eap_ttls_ext_cert_check(dev, ap
  def test_eap_peap_ext_cert_check(dev, apdev):
      """EAP-PEAP and external server certification validation"""
      # With internal server certificate chain validation
@@ -927,7 +914,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PEAP",
                          identity="user", anonymous_identity="peap",
                          ca_cert="auth_serv/ca.pem",
-@@ -7170,6 +7231,7 @@ def test_eap_peap_ext_cert_check(dev, ap
+@@ -7337,6 +7398,7 @@ def test_eap_peap_ext_cert_check(dev, ap
  
  def test_eap_fast_ext_cert_check(dev, apdev):
      """EAP-FAST and external server certification validation"""
@@ -935,7 +922,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      check_eap_capa(dev[0], "FAST")
      # With internal server certificate chain validation
      dev[0].request("SET blob fast_pac_auth_ext ")
-@@ -7184,10 +7246,6 @@ def test_eap_fast_ext_cert_check(dev, ap
+@@ -7351,10 +7413,6 @@ def test_eap_fast_ext_cert_check(dev, ap
      run_ext_cert_check(dev, apdev, id)
  
  def run_ext_cert_check(dev, apdev, net_id):
@@ -948,7 +935,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  
 --- a/tests/hwsim/test_ap_ft.py
 +++ b/tests/hwsim/test_ap_ft.py
-@@ -2474,11 +2474,11 @@ def test_ap_ft_ap_oom5(dev, apdev):
+@@ -2486,11 +2486,11 @@ def test_ap_ft_ap_oom5(dev, apdev):
          # This will fail to roam
          dev[0].roam(bssid1, check_bssid=False)
  
@@ -992,7 +979,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
              raise HwsimSkip("Crypto library does not support Brainpool curves: " + tls)
      capa = dev.request("GET_CAPABILITY dpp")
      ver = 1
-@@ -3892,6 +3893,9 @@ def test_dpp_proto_auth_req_no_i_proto_k
+@@ -3902,6 +3903,9 @@ def test_dpp_proto_auth_req_no_i_proto_k
  
  def test_dpp_proto_auth_req_invalid_i_proto_key(dev, apdev):
      """DPP protocol testing - invalid I-proto key in Auth Req"""
@@ -1002,7 +989,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      run_dpp_proto_auth_req_missing(dev, 66, "Invalid Initiator Protocol Key")
  
  def test_dpp_proto_auth_req_no_i_nonce(dev, apdev):
-@@ -3987,7 +3991,12 @@ def test_dpp_proto_auth_resp_no_r_proto_
+@@ -3997,7 +4001,12 @@ def test_dpp_proto_auth_resp_no_r_proto_
  
  def test_dpp_proto_auth_resp_invalid_r_proto_key(dev, apdev):
      """DPP protocol testing - invalid R-Proto Key in Auth Resp"""
@@ -1016,7 +1003,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  
  def test_dpp_proto_auth_resp_no_r_nonce(dev, apdev):
      """DPP protocol testing - no R-nonce in Auth Resp"""
-@@ -4349,11 +4358,17 @@ def test_dpp_proto_pkex_exchange_resp_in
+@@ -4359,11 +4368,17 @@ def test_dpp_proto_pkex_exchange_resp_in
  
  def test_dpp_proto_pkex_cr_req_invalid_bootstrap_key(dev, apdev):
      """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Request"""
@@ -1092,21 +1079,20 @@ Signed-off-by: Glenn Strauss <[email protected]>
              dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
 --- a/tests/hwsim/test_fils.py
 +++ b/tests/hwsim/test_fils.py
-@@ -1422,7 +1422,10 @@ def run_fils_sk_pfs(dev, apdev, group, p
-     check_erp_capa(dev[0])
- 
-     tls = dev[0].request("GET tls_library")
--    if not tls.startswith("wolfSSL"):
-+    if tls.startswith("mbed TLS"):
+@@ -1472,6 +1472,10 @@ def check_ec_group(dev, group):
+     tls = dev.request("GET tls_library")
+     if tls.startswith("wolfSSL"):
+         return
++    elif tls.startswith("mbed TLS"):
 +        if int(group) == 27:
 +            raise HwsimSkip("Brainpool EC group 27 not supported by mbed TLS")
-+    elif not tls.startswith("wolfSSL"):
-         if int(group) in [25]:
-             if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3.0" in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3.0" in tls)):
-                 raise HwsimSkip("EC group not supported")
++        return
+     if int(group) in [25]:
+         if not (tls.startswith("OpenSSL") and ("build=OpenSSL 1.0.2" in tls or "build=OpenSSL 1.1" in tls or "build=OpenSSL 3." in tls) and ("run=OpenSSL 1.0.2" in tls or "run=OpenSSL 1.1" in tls or "run=OpenSSL 3." in tls)):
+             raise HwsimSkip("EC group not supported")
 --- a/tests/hwsim/test_pmksa_cache.py
 +++ b/tests/hwsim/test_pmksa_cache.py
-@@ -955,7 +955,7 @@ def test_pmksa_cache_preauth_wpas_oom(de
+@@ -958,7 +958,7 @@ def test_pmksa_cache_preauth_wpas_oom(de
      eap_connect(dev[0], hapd, "PAX", "[email protected]",
                  password_hex="0123456789abcdef0123456789abcdef",
                  bssid=apdev[0]['bssid'])
@@ -1115,7 +1101,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
          with alloc_fail(dev[0], i, "rsn_preauth_init"):
              res = dev[0].request("PREAUTH f2:11:22:33:44:55").strip()
              logger.info("Iteration %d - PREAUTH command results: %s" % (i, res))
-@@ -963,7 +963,7 @@ def test_pmksa_cache_preauth_wpas_oom(de
+@@ -966,7 +966,7 @@ def test_pmksa_cache_preauth_wpas_oom(de
                  state = dev[0].request('GET_ALLOC_FAIL')
                  if state.startswith('0:'):
                      break
@@ -1126,7 +1112,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      """PMKSA cache control interface operations"""
 --- a/tests/hwsim/test_sae.py
 +++ b/tests/hwsim/test_sae.py
-@@ -177,6 +177,11 @@ def test_sae_groups(dev, apdev):
+@@ -178,6 +178,11 @@ def test_sae_groups(dev, apdev):
      if tls.startswith("OpenSSL") and "run=OpenSSL 1." in tls:
          logger.info("Add Brainpool EC groups since OpenSSL is new enough")
          sae_groups += [27, 28, 29, 30]
@@ -1138,7 +1124,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      heavy_groups = [14, 15, 16]
      suitable_groups = [15, 16, 17, 18, 19, 20, 21]
      groups = [str(g) for g in sae_groups]
-@@ -2193,6 +2198,8 @@ def run_sae_pwe_group(dev, apdev, group)
+@@ -2194,6 +2199,8 @@ def run_sae_pwe_group(dev, apdev, group)
              logger.info("Add Brainpool EC groups since OpenSSL is new enough")
          elif tls.startswith("wolfSSL"):
              logger.info("Make sure Brainpool EC groups were enabled when compiling wolfSSL")
@@ -1179,7 +1165,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
              res = dev[0].request(cmd)
 --- a/tests/hwsim/utils.py
 +++ b/tests/hwsim/utils.py
-@@ -141,7 +141,13 @@ def check_imsi_privacy_support(dev):
+@@ -145,7 +145,13 @@ def check_imsi_privacy_support(dev):
  
  def check_tls_tod(dev):
      tls = dev.request("GET tls_library")
@@ -1308,7 +1294,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  		if (need_more_data) {
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -1122,6 +1122,7 @@ CFLAGS += -DCONFIG_TLSV12
+@@ -1189,6 +1189,7 @@ TLS_FUNCS=y
  endif
  
  ifeq ($(CONFIG_TLS), wolfssl)
@@ -1316,7 +1302,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifdef TLS_FUNCS
  CFLAGS += -DWOLFSSL_DER_LOAD
  OBJS += ../src/crypto/tls_wolfssl.o
-@@ -1137,6 +1138,7 @@ LIBS_p += -lwolfssl -lm
+@@ -1204,6 +1205,7 @@ LIBS_p += -lwolfssl -lm
  endif
  
  ifeq ($(CONFIG_TLS), openssl)
@@ -1324,7 +1310,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  CFLAGS += -DCRYPTO_RSA_OAEP_SHA256
  ifdef TLS_FUNCS
  CFLAGS += -DEAP_TLS_OPENSSL
-@@ -1164,6 +1166,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF
+@@ -1231,6 +1233,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF
  endif
  
  ifeq ($(CONFIG_TLS), mbedtls)
@@ -1332,7 +1318,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifndef CONFIG_CRYPTO
  CONFIG_CRYPTO=mbedtls
  endif
-@@ -1183,6 +1186,7 @@ endif
+@@ -1250,6 +1253,7 @@ endif
  endif
  
  ifeq ($(CONFIG_TLS), gnutls)
@@ -1340,7 +1326,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifndef CONFIG_CRYPTO
  # default to libgcrypt
  CONFIG_CRYPTO=gnutls
-@@ -1213,6 +1217,7 @@ endif
+@@ -1280,6 +1284,7 @@ endif
  endif
  
  ifeq ($(CONFIG_TLS), internal)
@@ -1348,7 +1334,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifndef CONFIG_CRYPTO
  CONFIG_CRYPTO=internal
  endif
-@@ -1293,6 +1298,7 @@ endif
+@@ -1360,6 +1365,7 @@ endif
  endif
  
  ifeq ($(CONFIG_TLS), linux)

package/network/services/hostapd/patches/170-hostapd-update-cfs0-and-cfs1-for-160MHz.patch

@@ -21,15 +21,15 @@ operation information element instead.
 Signed-off-by: P Praneesh <[email protected]>
 ---
  hostapd/config_file.c           |  2 ++
- src/ap/ieee802_11_ht.c          |  7 +++++++
- src/ap/ieee802_11_vht.c         | 16 ++++++++++++++++
+ src/ap/ieee802_11_ht.c          |  9 +++++++++
+ src/ap/ieee802_11_vht.c         | 17 +++++++++++++++++
  src/common/hw_features_common.c |  1 +
- src/common/ieee802_11_defs.h    |  1 +
- 5 files changed, 27 insertions(+)
+ src/common/ieee802_11_defs.h    |  2 ++
+ 5 files changed, 31 insertions(+)
 
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -1153,6 +1153,8 @@ static int hostapd_config_vht_capab(stru
+@@ -1229,6 +1229,8 @@ static int hostapd_config_vht_capab(stru
  		conf->vht_capab |= VHT_CAP_RX_ANTENNA_PATTERN;
  	if (os_strstr(capab, "[TX-ANTENNA-PATTERN]"))
  		conf->vht_capab |= VHT_CAP_TX_ANTENNA_PATTERN;
@@ -66,7 +66,7 @@ Signed-off-by: P Praneesh <[email protected]>
  	return pos;
 --- a/src/ap/ieee802_11_vht.c
 +++ b/src/ap/ieee802_11_vht.c
-@@ -25,6 +25,7 @@ u8 * hostapd_eid_vht_capabilities(struct
+@@ -26,6 +26,7 @@ u8 * hostapd_eid_vht_capabilities(struct
  	struct ieee80211_vht_capabilities *cap;
  	struct hostapd_hw_modes *mode = hapd->iface->current_mode;
  	u8 *pos = eid;
@@ -74,7 +74,7 @@ Signed-off-by: P Praneesh <[email protected]>
  
  	if (!mode || is_6ghz_op_class(hapd->iconf->op_class))
  		return eid;
-@@ -62,6 +63,17 @@ u8 * hostapd_eid_vht_capabilities(struct
+@@ -63,6 +64,17 @@ u8 * hostapd_eid_vht_capabilities(struct
  			host_to_le32(nsts << VHT_CAP_BEAMFORMEE_STS_OFFSET);
  	}
  
@@ -92,7 +92,7 @@ Signed-off-by: P Praneesh <[email protected]>
  	/* Supported MCS set comes from hw */
  	os_memcpy(&cap->vht_supported_mcs_set, mode->vht_mcs_set, 8);
  
-@@ -74,6 +86,7 @@ u8 * hostapd_eid_vht_capabilities(struct
+@@ -75,6 +87,7 @@ u8 * hostapd_eid_vht_capabilities(struct
  u8 * hostapd_eid_vht_operation(struct hostapd_data *hapd, u8 *eid)
  {
  	struct ieee80211_vht_operation *oper;
@@ -100,7 +100,7 @@ Signed-off-by: P Praneesh <[email protected]>
  	u8 *pos = eid;
  	enum oper_chan_width oper_chwidth =
  		hostapd_get_oper_chwidth(hapd->iconf);
-@@ -106,6 +119,7 @@ u8 * hostapd_eid_vht_operation(struct ho
+@@ -110,6 +123,7 @@ u8 * hostapd_eid_vht_operation(struct ho
  	oper->vht_op_info_chan_center_freq_seg1_idx = seg1;
  
  	oper->vht_op_info_chwidth = oper_chwidth;
@@ -108,7 +108,7 @@ Signed-off-by: P Praneesh <[email protected]>
  	if (oper_chwidth == CONF_OPER_CHWIDTH_160MHZ) {
  		/*
  		 * Convert 160 MHz channel width to new style as interop
-@@ -119,6 +133,9 @@ u8 * hostapd_eid_vht_operation(struct ho
+@@ -123,6 +137,9 @@ u8 * hostapd_eid_vht_operation(struct ho
  			oper->vht_op_info_chan_center_freq_seg0_idx -= 8;
  		else
  			oper->vht_op_info_chan_center_freq_seg0_idx += 8;
@@ -120,7 +120,7 @@ Signed-off-by: P Praneesh <[email protected]>
  		 * Convert 80+80 MHz channel width to new style as interop
 --- a/src/common/hw_features_common.c
 +++ b/src/common/hw_features_common.c
-@@ -811,6 +811,7 @@ int ieee80211ac_cap_check(u32 hw, u32 co
+@@ -898,6 +898,7 @@ int ieee80211ac_cap_check(u32 hw, u32 co
  	VHT_CAP_CHECK(VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB);
  	VHT_CAP_CHECK(VHT_CAP_RX_ANTENNA_PATTERN);
  	VHT_CAP_CHECK(VHT_CAP_TX_ANTENNA_PATTERN);
@@ -130,7 +130,7 @@ Signed-off-by: P Praneesh <[email protected]>
  #undef VHT_CAP_CHECK_MAX
 --- a/src/common/ieee802_11_defs.h
 +++ b/src/common/ieee802_11_defs.h
-@@ -1349,6 +1349,8 @@ struct ieee80211_ampe_ie {
+@@ -1397,6 +1397,8 @@ struct ieee80211_ampe_ie {
  #define VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB     ((u32) BIT(26) | BIT(27))
  #define VHT_CAP_RX_ANTENNA_PATTERN                  ((u32) BIT(28))
  #define VHT_CAP_TX_ANTENNA_PATTERN                  ((u32) BIT(29))

package/network/services/hostapd/patches/180-driver_nl80211-fix-setting-QoS-map-on-secondary-BSSs.patch

@@ -1,20 +0,0 @@
-From: Felix Fietkau <[email protected]>
-Date: Thu, 14 Sep 2023 10:53:50 +0200
-Subject: [PATCH] driver_nl80211: fix setting QoS map on secondary BSSs
-
-The setting is per-BSS, not per PHY
-
-Signed-off-by: Felix Fietkau <[email protected]>
----
-
---- a/src/drivers/driver_nl80211.c
-+++ b/src/drivers/driver_nl80211.c
-@@ -11341,7 +11341,7 @@ static int nl80211_set_qos_map(void *pri
- 	wpa_hexdump(MSG_DEBUG, "nl80211: Setting QoS Map",
- 		    qos_map_set, qos_map_set_len);
- 
--	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_QOS_MAP)) ||
-+	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_QOS_MAP)) ||
- 	    nla_put(msg, NL80211_ATTR_QOS_MAP, qos_map_set_len, qos_map_set)) {
- 		nlmsg_free(msg);
- 		return -ENOBUFS;

package/network/services/hostapd/patches/181-driver_nl80211-update-drv-ifindex-on-removing-the-fi.patch

@@ -8,7 +8,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
 
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -8867,6 +8867,7 @@ static int wpa_driver_nl80211_if_remove(
+@@ -8985,6 +8985,7 @@ static int wpa_driver_nl80211_if_remove(
  		if (drv->first_bss->next) {
  			drv->first_bss = drv->first_bss->next;
  			drv->ctx = drv->first_bss->ctx;

package/network/services/hostapd/patches/182-nl80211-move-nl80211_put_freq_params-call-outside-of.patch

@@ -12,7 +12,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
 
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -5226,6 +5226,9 @@ static int wpa_driver_nl80211_set_ap(voi
+@@ -5315,6 +5315,9 @@ static int wpa_driver_nl80211_set_ap(voi
  		nla_nest_end(msg, ftm);
  	}
  
@@ -22,13 +22,13 @@ Signed-off-by: Felix Fietkau <[email protected]>
  #ifdef CONFIG_IEEE80211AX
  	if (params->he_spr_ctrl) {
  		struct nlattr *spr;
-@@ -5260,9 +5263,6 @@ static int wpa_driver_nl80211_set_ap(voi
+@@ -5349,9 +5352,6 @@ static int wpa_driver_nl80211_set_ap(voi
  		nla_nest_end(msg, spr);
  	}
  
 -	if (params->freq && nl80211_put_freq_params(msg, params->freq) < 0)
 -		goto fail;
 -
- 	if (params->freq && params->freq->he_enabled) {
+ 	if (params->freq && params->freq->he_enabled &&
+ 	    nl80211_attr_supported(drv, NL80211_ATTR_HE_BSS_COLOR)) {
  		struct nlattr *bss_color;
- 

package/network/services/hostapd/patches/183-hostapd-cancel-channel_list_update_timeout-in-hostap.patch

@@ -10,7 +10,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
 
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -569,6 +569,7 @@ static void sta_track_deinit(struct host
+@@ -656,6 +656,7 @@ static void sta_track_deinit(struct host
  void hostapd_cleanup_iface_partial(struct hostapd_iface *iface)
  {
  	wpa_printf(MSG_DEBUG, "%s(%p)", __func__, iface);
@@ -18,7 +18,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
  #ifdef NEED_AP_MLME
  	hostapd_stop_setup_timers(iface);
  #endif /* NEED_AP_MLME */
-@@ -598,7 +599,6 @@ void hostapd_cleanup_iface_partial(struc
+@@ -685,7 +686,6 @@ void hostapd_cleanup_iface_partial(struc
  static void hostapd_cleanup_iface(struct hostapd_iface *iface)
  {
  	wpa_printf(MSG_DEBUG, "%s(%p)", __func__, iface);

package/network/services/hostapd/patches/200-multicall.patch

@@ -18,7 +18,7 @@
  OBJS += ../src/ap/vlan_init.o
  OBJS += ../src/ap/vlan_ifconfig.o
  OBJS += ../src/ap/vlan.o
-@@ -357,10 +359,14 @@ CFLAGS += -DCONFIG_MBO
+@@ -359,10 +361,14 @@ CFLAGS += -DCONFIG_MBO
  OBJS += ../src/ap/mbo_ap.o
  endif
  
@@ -36,7 +36,7 @@
  LIBS += $(DRV_AP_LIBS)
  
  ifdef CONFIG_L2_PACKET
-@@ -1380,6 +1386,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
+@@ -1393,6 +1399,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
  _OBJS_VAR := OBJS
  include ../src/objs.mk
  
@@ -49,7 +49,7 @@
  hostapd: $(OBJS)
  	$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
  	@$(E) "  LD " $@
-@@ -1460,6 +1472,12 @@ include ../src/objs.mk
+@@ -1473,6 +1485,12 @@ include ../src/objs.mk
  _OBJS_VAR := SOBJS
  include ../src/objs.mk
  
@@ -72,7 +72,7 @@
  include ../src/build.rules
  
  ifdef CONFIG_BUILD_PASN_SO
-@@ -382,7 +383,9 @@ endif
+@@ -389,7 +390,9 @@ endif
  ifdef CONFIG_IBSS_RSN
  NEED_RSN_AUTHENTICATOR=y
  CFLAGS += -DCONFIG_IBSS_RSN
@@ -82,7 +82,7 @@
  OBJS += ibss_rsn.o
  endif
  
-@@ -924,6 +927,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
+@@ -981,6 +984,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
  CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
  LIBS += -ldl -rdynamic
  endif
@@ -93,7 +93,7 @@
  endif
  
  ifdef CONFIG_AP
-@@ -931,9 +938,11 @@ NEED_EAP_COMMON=y
+@@ -988,9 +995,11 @@ NEED_EAP_COMMON=y
  NEED_RSN_AUTHENTICATOR=y
  CFLAGS += -DCONFIG_AP
  OBJS += ap.o
@@ -105,7 +105,7 @@
  OBJS += ../src/ap/hostapd.o
  OBJS += ../src/ap/wpa_auth_glue.o
  OBJS += ../src/ap/utils.o
-@@ -1022,6 +1031,12 @@ endif
+@@ -1081,6 +1090,12 @@ endif
  ifdef CONFIG_HS20
  OBJS += ../src/ap/hs20.o
  endif
@@ -118,7 +118,7 @@
  endif
  
  ifdef CONFIG_MBO
-@@ -1030,7 +1045,9 @@ CFLAGS += -DCONFIG_MBO
+@@ -1090,7 +1105,9 @@ NEED_GAS=y
  endif
  
  ifdef NEED_RSN_AUTHENTICATOR
@@ -128,7 +128,7 @@
  NEED_AES_WRAP=y
  OBJS += ../src/ap/wpa_auth.o
  OBJS += ../src/ap/wpa_auth_ie.o
-@@ -2010,6 +2027,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
+@@ -2080,6 +2097,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
  
  _OBJS_VAR := OBJS
  include ../src/objs.mk
@@ -141,7 +141,7 @@
  wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
  	$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
  	@$(E) "  LD " $@
-@@ -2142,6 +2165,12 @@ eap_gpsk.so: $(SRC_EAP_GPSK)
+@@ -2212,6 +2235,12 @@ eap_gpsk.so: $(SRC_EAP_GPSK)
  	$(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@
  	@$(E) "  sed" $<
  
@@ -156,7 +156,7 @@
  wpa_cli.exe: wpa_cli
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -6667,8 +6667,8 @@ union wpa_event_data {
+@@ -6760,8 +6760,8 @@ union wpa_event_data {
   * Driver wrapper code should call this function whenever an event is received
   * from the driver.
   */
@@ -167,7 +167,7 @@
  
  /**
   * wpa_supplicant_event_global - Report a driver event for wpa_supplicant
-@@ -6680,7 +6680,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -6773,7 +6773,7 @@ void wpa_supplicant_event(void *ctx, enu
   * Same as wpa_supplicant_event(), but we search for the interface in
   * wpa_global.
   */
@@ -178,7 +178,7 @@
  /*
 --- a/src/ap/drv_callbacks.c
 +++ b/src/ap/drv_callbacks.c
-@@ -2184,8 +2184,8 @@ err:
+@@ -2341,8 +2341,8 @@ err:
  #endif /* CONFIG_OWE */
  
  
@@ -188,8 +188,8 @@
 +		       union wpa_event_data *data)
  {
  	struct hostapd_data *hapd = ctx;
- #ifndef CONFIG_NO_STDOUT_DEBUG
-@@ -2489,7 +2489,7 @@ void wpa_supplicant_event(void *ctx, enu
+ 	struct sta_info *sta;
+@@ -2674,7 +2674,7 @@ void wpa_supplicant_event(void *ctx, enu
  }
  
  
@@ -231,7 +231,7 @@
  	os_memset(&global, 0, sizeof(global));
 --- a/wpa_supplicant/events.c
 +++ b/wpa_supplicant/events.c
-@@ -5353,8 +5353,8 @@ static void wpas_link_reconfig(struct wp
+@@ -5919,8 +5919,8 @@ static void wpas_link_reconfig(struct wp
  }
  
  
@@ -242,7 +242,7 @@
  {
  	struct wpa_supplicant *wpa_s = ctx;
  	int resched;
-@@ -6272,7 +6272,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -6872,7 +6872,7 @@ void wpa_supplicant_event(void *ctx, enu
  }
  
  
@@ -253,7 +253,7 @@
  	struct wpa_supplicant *wpa_s;
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -7462,7 +7462,6 @@ struct wpa_interface * wpa_supplicant_ma
+@@ -7583,7 +7583,6 @@ struct wpa_interface * wpa_supplicant_ma
  	return NULL;
  }
  
@@ -261,7 +261,7 @@
  /**
   * wpa_supplicant_match_existing - Match existing interfaces
   * @global: Pointer to global data from wpa_supplicant_init()
-@@ -7497,6 +7496,11 @@ static int wpa_supplicant_match_existing
+@@ -7618,6 +7617,11 @@ static int wpa_supplicant_match_existing
  
  #endif /* CONFIG_MATCH_IFACE */
  
@@ -273,7 +273,7 @@
  
  /**
   * wpa_supplicant_add_iface - Add a new network interface
-@@ -7753,6 +7757,8 @@ struct wpa_global * wpa_supplicant_init(
+@@ -7874,6 +7878,8 @@ struct wpa_global * wpa_supplicant_init(
  #ifndef CONFIG_NO_WPA_MSG
  	wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
  #endif /* CONFIG_NO_WPA_MSG */
@@ -284,7 +284,7 @@
  		wpa_debug_open_file(params->wpa_debug_file_path);
 --- a/hostapd/main.c
 +++ b/hostapd/main.c
-@@ -698,6 +698,11 @@ fail:
+@@ -705,6 +705,11 @@ fail:
  	return -1;
  }
  
@@ -296,7 +296,7 @@
  
  #ifdef CONFIG_WPS
  static int gen_uuid(const char *txt_addr)
-@@ -791,6 +796,8 @@ int main(int argc, char *argv[])
+@@ -798,6 +803,8 @@ int main(int argc, char *argv[])
  		return -1;
  #endif /* CONFIG_DPP */
  
@@ -333,7 +333,7 @@
  
  const struct wpa_driver_ops *const wpa_drivers[] = { NULL };
  
-@@ -1303,6 +1308,10 @@ static void usage(void)
+@@ -1325,6 +1330,10 @@ static void usage(void)
  	       "option several times.\n");
  }
  
@@ -344,7 +344,7 @@
  
  int main(int argc, char *argv[])
  {
-@@ -1323,6 +1332,8 @@ int main(int argc, char *argv[])
+@@ -1348,6 +1357,8 @@ int main(int argc, char *argv[])
  	if (os_program_init())
  		return -1;
  

package/network/services/hostapd/patches/300-noscan.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -3448,6 +3448,10 @@ static int hostapd_config_fill(struct ho
+@@ -3656,6 +3656,10 @@ static int hostapd_config_fill(struct ho
  		if (bss->ocv && !bss->ieee80211w)
  			bss->ieee80211w = 1;
  #endif /* CONFIG_OCV */
@@ -13,7 +13,7 @@
  	} else if (os_strcmp(buf, "ht_capab") == 0) {
 --- a/src/ap/ap_config.h
 +++ b/src/ap/ap_config.h
-@@ -1075,6 +1075,8 @@ struct hostapd_config {
+@@ -1093,6 +1093,8 @@ struct hostapd_config {
  
  	int ht_op_mode_fixed;
  	u16 ht_capab;
@@ -24,7 +24,7 @@
  	int no_pri_sec_switch;
 --- a/src/ap/hw_features.c
 +++ b/src/ap/hw_features.c
-@@ -546,7 +546,8 @@ static int ieee80211n_check_40mhz(struct
+@@ -544,7 +544,8 @@ static int ieee80211n_check_40mhz(struct
  	int ret;
  
  	/* Check that HT40 is used and PRI / SEC switch is allowed */

package/network/services/hostapd/patches/301-mesh-noscan.patch

@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/config.c
 +++ b/wpa_supplicant/config.c
-@@ -2600,6 +2600,7 @@ static const struct parse_data ssid_fiel
+@@ -2639,6 +2639,7 @@ static const struct parse_data ssid_fiel
  #else /* CONFIG_MESH */
  	{ INT_RANGE(mode, 0, 4) },
  #endif /* CONFIG_MESH */
@@ -31,7 +31,7 @@
  		/*
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2710,7 +2710,7 @@ static bool ibss_mesh_can_use_vht(struct
+@@ -2770,7 +2770,7 @@ static bool ibss_mesh_can_use_vht(struct
  				  const struct wpa_ssid *ssid,
  				  struct hostapd_hw_modes *mode)
  {
@@ -40,25 +40,25 @@
  		return false;
  
  	if (!drv_supports_vht(wpa_s, ssid))
-@@ -2783,7 +2783,7 @@ static void ibss_mesh_select_40mhz(struc
+@@ -2843,7 +2843,7 @@ static void ibss_mesh_select_40mhz(struc
  	int i, res;
  	unsigned int j;
  	static const int ht40plus[] = {
--		36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157, 165, 173,
-+		1, 2, 3, 4, 5, 6, 7, 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157, 165, 173,
- 		184, 192
+-		36, 44, 52, 60, 100, 108, 116, 124, 132, 140,
++		1, 2, 3, 4, 5, 6, 7, 36, 44, 52, 60, 100, 108, 116, 124, 132, 140,
+ 		149, 157, 165, 173, 184, 192
  	};
  	int ht40 = -1;
-@@ -3033,7 +3033,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -3093,7 +3093,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
  	int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
  	enum hostapd_hw_mode hw_mode;
  	struct hostapd_hw_modes *mode = NULL;
 -	int i, obss_scan = 1;
 +	int i, obss_scan = !(ssid->noscan);
  	u8 channel;
- 	bool is_6ghz;
+ 	bool is_6ghz, is_24ghz;
  	bool dfs_enabled = wpa_s->conf->country[0] && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR);
-@@ -3080,6 +3080,8 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -3143,6 +3143,8 @@ void ibss_mesh_setup_freq(struct wpa_sup
  		freq->he_enabled = ibss_mesh_can_use_he(wpa_s, ssid, mode,
  							ieee80211_mode);
  	freq->channel = channel;

package/network/services/hostapd/patches/310-rescan_immediately.patch

@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -5769,7 +5769,7 @@ wpa_supplicant_alloc(struct wpa_supplica
+@@ -5870,7 +5870,7 @@ wpa_supplicant_alloc(struct wpa_supplica
  	if (wpa_s == NULL)
  		return NULL;
  	wpa_s->scan_req = INITIAL_SCAN_REQ;

package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch

@@ -1,6 +1,6 @@
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -5407,7 +5407,7 @@ static int nl80211_set_channel(struct i8
+@@ -5483,7 +5483,7 @@ static int nl80211_set_channel(struct i8
  		   freq->he_enabled, freq->eht_enabled, freq->bandwidth,
  		   freq->center_freq1, freq->center_freq2);
  

package/network/services/hostapd/patches/341-mesh-ctrl-iface-channel-switch.patch

@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/ap.c
 +++ b/wpa_supplicant/ap.c
-@@ -1825,15 +1825,35 @@ int ap_switch_channel(struct wpa_supplic
+@@ -1846,17 +1846,37 @@ int ap_switch_channel(struct wpa_supplic
  
  
  #ifdef CONFIG_CTRL_IFACE
@@ -24,15 +24,19 @@
  	struct csa_settings settings;
  	int ret = hostapd_parse_csa_settings(pos, &settings);
  
+-	if (ret)
+-		return ret;
 +	if (!(wpa_s->ap_iface && wpa_s->ap_iface->bss[0]) &&
 +	    !(wpa_s->ifmsh && wpa_s->ifmsh->bss[0]))
 +		return -1;
-+
-+	ret = __ap_ctrl_iface_chanswitch(wpa_s->ap_iface, &settings);
- 	if (ret)
- 		return ret;
+ 
+ 	settings.link_id = -1;
  
 -	return ap_switch_channel(wpa_s, &settings);
++	ret = __ap_ctrl_iface_chanswitch(wpa_s->ap_iface, &settings);
++	if (ret)
++		return ret;
++
 +	return __ap_ctrl_iface_chanswitch(wpa_s->ifmsh, &settings);
  }
  #endif /* CONFIG_CTRL_IFACE */

package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch

@@ -1,6 +1,6 @@
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -3008,12 +3008,12 @@ static int wpa_driver_nl80211_del_beacon
+@@ -3075,12 +3075,12 @@ static int wpa_driver_nl80211_del_beacon
  		return 0;
  
  	wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)",
@@ -15,16 +15,17 @@
  	if (!msg)
  		return -ENOBUFS;
  
-@@ -6100,7 +6100,7 @@ static void nl80211_teardown_ap(struct i
+@@ -6176,8 +6176,7 @@ static void nl80211_teardown_ap(struct i
  		nl80211_mgmt_unsubscribe(bss, "AP teardown");
  
  	nl80211_put_wiphy_data_ap(bss);
--	bss->flink->beacon_set = 0;
+-	if (bss->flink)
+-		bss->flink->beacon_set = 0;
 +	wpa_driver_nl80211_del_beacon_all(bss);
  }
  
  
-@@ -8859,8 +8859,6 @@ static int wpa_driver_nl80211_if_remove(
+@@ -8977,8 +8976,6 @@ static int wpa_driver_nl80211_if_remove(
  	} else {
  		wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
  		nl80211_teardown_ap(bss);

package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch

@@ -12,7 +12,7 @@
  else
 --- a/hostapd/ctrl_iface.c
 +++ b/hostapd/ctrl_iface.c
-@@ -3314,6 +3314,7 @@ static int hostapd_ctrl_iface_receive_pr
+@@ -3897,6 +3897,7 @@ static int hostapd_ctrl_iface_receive_pr
  						      reply_size);
  	} else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
  		reply_len = hostapd_drv_status(hapd, reply, reply_size);
@@ -20,7 +20,7 @@
  	} else if (os_strcmp(buf, "MIB") == 0) {
  		reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
  		if (reply_len >= 0) {
-@@ -3355,6 +3356,7 @@ static int hostapd_ctrl_iface_receive_pr
+@@ -3938,6 +3939,7 @@ static int hostapd_ctrl_iface_receive_pr
  	} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
  		reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
  							reply_size);
@@ -30,7 +30,7 @@
  			reply_len = -1;
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -983,6 +983,9 @@ ifdef CONFIG_FILS
+@@ -1039,6 +1039,9 @@ ifdef CONFIG_FILS
  OBJS += ../src/ap/fils_hlp.o
  endif
  ifdef CONFIG_CTRL_IFACE
@@ -42,7 +42,7 @@
  
 --- a/wpa_supplicant/ctrl_iface.c
 +++ b/wpa_supplicant/ctrl_iface.c
-@@ -2326,7 +2326,7 @@ static int wpa_supplicant_ctrl_iface_sta
+@@ -2355,7 +2355,7 @@ static int wpa_supplicant_ctrl_iface_sta
  			pos += ret;
  		}
  
@@ -51,7 +51,7 @@
  		if (wpa_s->ap_iface) {
  			pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos,
  							    end - pos,
-@@ -12087,6 +12087,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -12542,6 +12542,7 @@ char * wpa_supplicant_ctrl_iface_process
  			reply_len = -1;
  	} else if (os_strncmp(buf, "NOTE ", 5) == 0) {
  		wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
@@ -59,7 +59,7 @@
  	} else if (os_strcmp(buf, "MIB") == 0) {
  		reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
  		if (reply_len >= 0) {
-@@ -12099,6 +12100,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -12554,6 +12555,7 @@ char * wpa_supplicant_ctrl_iface_process
  				reply_size - reply_len);
  #endif /* CONFIG_MACSEC */
  		}
@@ -67,7 +67,7 @@
  	} else if (os_strncmp(buf, "STATUS", 6) == 0) {
  		reply_len = wpa_supplicant_ctrl_iface_status(
  			wpa_s, buf + 6, reply, reply_size);
-@@ -12587,6 +12589,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -13042,6 +13044,7 @@ char * wpa_supplicant_ctrl_iface_process
  		reply_len = wpa_supplicant_ctrl_iface_bss(
  			wpa_s, buf + 4, reply, reply_size);
  #ifdef CONFIG_AP
@@ -75,7 +75,7 @@
  	} else if (os_strcmp(buf, "STA-FIRST") == 0) {
  		reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size);
  	} else if (os_strncmp(buf, "STA ", 4) == 0) {
-@@ -12595,12 +12598,15 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -13050,12 +13053,15 @@ char * wpa_supplicant_ctrl_iface_process
  	} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
  		reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
  						   reply_size);
@@ -147,7 +147,7 @@
  static int hostapd_ctrl_iface_sta_mib(struct hostapd_data *hapd,
  				      struct sta_info *sta,
  				      char *buf, size_t buflen)
-@@ -493,6 +493,7 @@ int hostapd_ctrl_iface_sta_next(struct h
+@@ -539,6 +539,7 @@ int hostapd_ctrl_iface_sta_next(struct h
  	return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen);
  }
  
@@ -155,7 +155,7 @@
  
  #ifdef CONFIG_P2P_MANAGER
  static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
-@@ -884,12 +885,12 @@ int hostapd_ctrl_iface_status(struct hos
+@@ -951,12 +952,12 @@ int hostapd_ctrl_iface_status(struct hos
  			return len;
  		len += ret;
  	}
@@ -172,7 +172,7 @@
  		if (os_snprintf_error(buflen - len, ret))
 --- a/src/ap/ieee802_1x.c
 +++ b/src/ap/ieee802_1x.c
-@@ -2834,6 +2834,7 @@ static const char * bool_txt(bool val)
+@@ -2837,6 +2837,7 @@ static const char * bool_txt(bool val)
  	return val ? "TRUE" : "FALSE";
  }
  
@@ -180,7 +180,7 @@
  
  int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
  {
-@@ -3020,6 +3021,7 @@ int ieee802_1x_get_mib_sta(struct hostap
+@@ -3023,6 +3024,7 @@ int ieee802_1x_get_mib_sta(struct hostap
  	return len;
  }
  
@@ -190,7 +190,7 @@
  static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)
 --- a/src/ap/wpa_auth.c
 +++ b/src/ap/wpa_auth.c
-@@ -5328,6 +5328,7 @@ static const char * wpa_bool_txt(int val
+@@ -5583,6 +5583,7 @@ static const char * wpa_bool_txt(int val
  	return val ? "TRUE" : "FALSE";
  }
  
@@ -198,7 +198,7 @@
  
  #define RSN_SUITE "%02x-%02x-%02x-%d"
  #define RSN_SUITE_ARG(s) \
-@@ -5480,7 +5481,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
+@@ -5735,7 +5736,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
  
  	return len;
  }
@@ -209,7 +209,7 @@
  {
 --- a/src/rsn_supp/wpa.c
 +++ b/src/rsn_supp/wpa.c
-@@ -3834,6 +3834,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
+@@ -3943,6 +3943,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
  }
  
  
@@ -218,7 +218,7 @@
  #define RSN_SUITE "%02x-%02x-%02x-%d"
  #define RSN_SUITE_ARG(s) \
  ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
-@@ -3915,6 +3917,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
+@@ -4024,6 +4026,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
  
  	return (int) len;
  }
@@ -228,7 +228,7 @@
  
 --- a/wpa_supplicant/ap.c
 +++ b/wpa_supplicant/ap.c
-@@ -1499,7 +1499,7 @@ int wpas_ap_wps_nfc_report_handover(stru
+@@ -1520,7 +1520,7 @@ int wpas_ap_wps_nfc_report_handover(stru
  #endif /* CONFIG_WPS */
  
  

package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch

@@ -1,6 +1,6 @@
 --- a/src/common/wpa_common.c
 +++ b/src/common/wpa_common.c
-@@ -2841,6 +2841,31 @@ u32 wpa_akm_to_suite(int akm)
+@@ -2856,6 +2856,31 @@ u32 wpa_akm_to_suite(int akm)
  }
  
  
@@ -32,7 +32,7 @@
  int wpa_compare_rsn_ie(int ft_initial_assoc,
  		       const u8 *ie1, size_t ie1len,
  		       const u8 *ie2, size_t ie2len)
-@@ -2848,8 +2873,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
+@@ -2863,8 +2888,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
  	if (ie1 == NULL || ie2 == NULL)
  		return -1;
  

package/network/services/hostapd/patches/420-indicate-features.patch

@@ -9,7 +9,7 @@
  
  struct hapd_global {
  	void **drv_priv;
-@@ -799,7 +799,7 @@ int main(int argc, char *argv[])
+@@ -806,7 +806,7 @@ int main(int argc, char *argv[])
  	wpa_supplicant_event = hostapd_wpa_event;
  	wpa_supplicant_event_global = hostapd_wpa_event_global;
  	for (;;) {
@@ -18,7 +18,7 @@
  		if (c < 0)
  			break;
  		switch (c) {
-@@ -836,6 +836,8 @@ int main(int argc, char *argv[])
+@@ -843,6 +843,8 @@ int main(int argc, char *argv[])
  			break;
  #endif /* CONFIG_DEBUG_LINUX_TRACING */
  		case 'v':

package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch

@@ -32,7 +32,7 @@
  
  
  static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc,
-@@ -1610,13 +1606,10 @@ static const struct hostapd_cli_cmd host
+@@ -1670,13 +1666,10 @@ static const struct hostapd_cli_cmd host
  	{ "disassociate", hostapd_cli_cmd_disassociate,
  	  hostapd_complete_stations,
  	  "<addr> = disassociate a station" },
@@ -46,7 +46,7 @@
  	{ "wps_pin", hostapd_cli_cmd_wps_pin, NULL,
  	  "<uuid> <pin> [timeout] [addr] = add WPS Enrollee PIN" },
  	{ "wps_check_pin", hostapd_cli_cmd_wps_check_pin, NULL,
-@@ -1641,7 +1634,6 @@ static const struct hostapd_cli_cmd host
+@@ -1701,7 +1694,6 @@ static const struct hostapd_cli_cmd host
  	  "<SSID> <auth> <encr> <key> = configure AP" },
  	{ "wps_get_status", hostapd_cli_cmd_wps_get_status, NULL,
  	  "= show current WPS status" },

package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch

@@ -22,7 +22,7 @@ Signed-hostap: Antonio Quartulli <[email protected]>
  #include "common/defs.h"
  #include "common/ieee802_11_defs.h"
  #include "common/wpa_common.h"
-@@ -953,6 +954,9 @@ struct wpa_driver_associate_params {
+@@ -971,6 +972,9 @@ struct wpa_driver_associate_params {
  	 * responsible for selecting with which BSS to associate. */
  	const u8 *bssid;
  
@@ -42,7 +42,7 @@ Signed-hostap: Antonio Quartulli <[email protected]>
  #include "config.h"
  
  
-@@ -2389,6 +2390,97 @@ static char * wpa_config_write_mac_value
+@@ -2421,6 +2422,97 @@ static char * wpa_config_write_mac_value
  #endif /* NO_CONFIG_WRITE */
  
  
@@ -140,7 +140,7 @@ Signed-hostap: Antonio Quartulli <[email protected]>
  /* Helper macros for network block parser */
  
  #ifdef OFFSET
-@@ -2674,6 +2766,8 @@ static const struct parse_data ssid_fiel
+@@ -2713,6 +2805,8 @@ static const struct parse_data ssid_fiel
  	{ INT(ap_max_inactivity) },
  	{ INT(dtim_period) },
  	{ INT(beacon_int) },
@@ -174,7 +174,7 @@ Signed-hostap: Antonio Quartulli <[email protected]>
  	 * macsec_policy - Determines the policy for MACsec secure session
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -4177,6 +4177,12 @@ static void wpas_start_assoc_cb(struct w
+@@ -4249,6 +4249,12 @@ static void wpas_start_assoc_cb(struct w
  			params.beacon_int = ssid->beacon_int;
  		else
  			params.beacon_int = wpa_s->conf->beacon_int;

package/network/services/hostapd/patches/461-Move-definition-of-WLAN_SUPP_RATES_MAX-to-defs.h.patch

@@ -0,0 +1,76 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <[email protected]>
+Date: Mon, 12 Feb 2024 14:18:24 -0300
+Subject: [PATCH] Move definition of WLAN_SUPP_RATES_MAX to defs.h
+
+Patch 460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
+("wpa_supplicant: add new config params to be used with the ibss join
+command") adds the definition of unsigned char
+rates[WLAN_SUPP_RATES_MAX] to driver.h, which needs to have
+WLAN_SUPP_RATES_MAX defined.  So it includes sta_info.h to get the
+definition.
+
+Commit c74739250a ("AP MLD: Use a helper function to check if a STA is a
+non-AP MLD") makes sta_info.h include driver.h before
+it defines WLAN_SUPP_RATES_MAX, causing an error:
+
+src/drivers/driver.h:969:29: error: 'WLAN_SUPP_RATES_MAX' undeclared here (not in a function)
+
+Move the definition of WLAN_SUPP_RATES_MAX to defs.h to ensure it gets
+defined before other headers are included.  The inclusion of sta_info.h
+in driver.h can be reverted as well.
+
+Signed-off-by: Eneas U de Queiroz <[email protected]>
+---
+ src/ap/sta_info.h            | 4 ----
+ src/common/defs.h            | 4 ++++
+ src/drivers/driver.h         | 1 -
+ wpa_supplicant/config_ssid.h | 1 -
+ 4 files changed, 4 insertions(+), 6 deletions(-)
+
+--- a/src/ap/sta_info.h
++++ b/src/ap/sta_info.h
+@@ -49,10 +49,6 @@
+ #define WLAN_STA_PENDING_DEAUTH_CB BIT(30)
+ #define WLAN_STA_NONERP BIT(31)
+ 
+-/* Maximum number of supported rates (from both Supported Rates and Extended
+- * Supported Rates IEs). */
+-#define WLAN_SUPP_RATES_MAX 32
+-
+ struct hostapd_data;
+ 
+ struct mbo_non_pref_chan_info {
+--- a/src/common/defs.h
++++ b/src/common/defs.h
+@@ -63,6 +63,10 @@
+ 			 WPA_KEY_MGMT_FT_FILS_SHA256 | \
+ 			 WPA_KEY_MGMT_FT_FILS_SHA384)
+ 
++/* Maximum number of supported rates (from both Supported Rates and Extended
++ * Supported Rates IEs). */
++#define WLAN_SUPP_RATES_MAX 32
++
+ static inline int wpa_key_mgmt_wpa_ieee8021x(int akm)
+ {
+ 	return !!(akm & (WPA_KEY_MGMT_IEEE8021X |
+--- a/src/drivers/driver.h
++++ b/src/drivers/driver.h
+@@ -19,7 +19,6 @@
+ 
+ #define WPA_SUPPLICANT_DRIVER_VERSION 4
+ 
+-#include "ap/sta_info.h"
+ #include "common/defs.h"
+ #include "common/ieee802_11_defs.h"
+ #include "common/wpa_common.h"
+--- a/wpa_supplicant/config_ssid.h
++++ b/wpa_supplicant/config_ssid.h
+@@ -10,7 +10,6 @@
+ #define CONFIG_SSID_H
+ 
+ #include "common/defs.h"
+-#include "ap/sta_info.h"
+ #include "utils/list.h"
+ #include "eap_peer/eap_config.h"
+ #include "drivers/nl80211_copy.h"

package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch

@@ -19,7 +19,7 @@ Tested-by: Simon Wunderlich <[email protected]>
 
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -1827,6 +1827,7 @@ struct wpa_driver_mesh_join_params {
+@@ -1876,6 +1876,7 @@ struct wpa_driver_mesh_join_params {
  #define WPA_DRIVER_MESH_FLAG_AMPE	0x00000008
  	unsigned int flags;
  	bool handle_dfs;
@@ -29,7 +29,7 @@ Tested-by: Simon Wunderlich <[email protected]>
  struct wpa_driver_set_key_params {
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -11667,6 +11667,18 @@ static int nl80211_put_mesh_id(struct nl
+@@ -11850,6 +11850,18 @@ static int nl80211_put_mesh_id(struct nl
  }
  
  
@@ -48,7 +48,7 @@ Tested-by: Simon Wunderlich <[email protected]>
  static int nl80211_put_mesh_config(struct nl_msg *msg,
  				   struct wpa_driver_mesh_bss_params *params)
  {
-@@ -11728,6 +11740,7 @@ static int nl80211_join_mesh(struct i802
+@@ -11911,6 +11923,7 @@ static int nl80211_join_mesh(struct i802
  	    nl80211_put_basic_rates(msg, params->basic_rates) ||
  	    nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) ||
  	    nl80211_put_beacon_int(msg, params->beacon_int) ||

package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch

@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -3040,6 +3040,10 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -3100,6 +3100,10 @@ void ibss_mesh_setup_freq(struct wpa_sup
  
  	freq->freq = ssid->frequency;
  

package/network/services/hostapd/patches/465-hostapd-config-support-random-BSS-color.patch

@@ -13,7 +13,7 @@ Signed-off-by: David Bauer <[email protected]>
 
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -3500,6 +3500,8 @@ static int hostapd_config_fill(struct ho
+@@ -3708,6 +3708,8 @@ static int hostapd_config_fill(struct ho
  	} else if (os_strcmp(buf, "he_bss_color") == 0) {
  		conf->he_op.he_bss_color = atoi(pos) & 0x3f;
  		conf->he_op.he_bss_color_disabled = 0;

package/network/services/hostapd/patches/470-survey_data_fallback.patch

@@ -1,6 +1,6 @@
 --- a/src/ap/acs.c
 +++ b/src/ap/acs.c
-@@ -455,17 +455,17 @@ static int acs_get_bw_center_chan(int fr
+@@ -467,17 +467,17 @@ static int acs_get_bw_center_chan(int fr
  static int acs_survey_is_sufficient(struct freq_survey *survey)
  {
  	if (!(survey->filled & SURVEY_HAS_NF)) {
@@ -20,7 +20,7 @@
  	}
  
  	if (!(survey->filled & SURVEY_HAS_CHAN_TIME_BUSY) &&
-@@ -473,7 +473,6 @@ static int acs_survey_is_sufficient(stru
+@@ -485,7 +485,6 @@ static int acs_survey_is_sufficient(stru
  		wpa_printf(MSG_INFO,
  			   "ACS: Survey for freq %d is missing RX and busy time (at least one is required)",
  			   survey->freq);

package/network/services/hostapd/patches/500-lto-jobserver-support.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/Makefile
 +++ b/hostapd/Makefile
-@@ -1396,7 +1396,7 @@ hostapd_multi.a: $(BCHECK) $(OBJS)
+@@ -1409,7 +1409,7 @@ hostapd_multi.a: $(BCHECK) $(OBJS)
  	@$(AR) cr $@ hostapd_multi.o $(OBJS)
  
  hostapd: $(OBJS)
@@ -9,7 +9,7 @@
  	@$(E) "  LD " $@
  
  ifdef CONFIG_WPA_TRACE
-@@ -1407,7 +1407,7 @@ _OBJS_VAR := OBJS_c
+@@ -1420,7 +1420,7 @@ _OBJS_VAR := OBJS_c
  include ../src/objs.mk
  
  hostapd_cli: $(OBJS_c)
@@ -20,7 +20,7 @@
  NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS)
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -2037,31 +2037,31 @@ wpa_supplicant_multi.a: .config $(BCHECK
+@@ -2107,31 +2107,31 @@ wpa_supplicant_multi.a: .config $(BCHECK
  	@$(AR) cr $@ wpa_supplicant_multi.o $(OBJS)
  
  wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)

package/network/services/hostapd/patches/590-rrm-wnm-statistics.patch

@@ -34,7 +34,7 @@
  #define STA_HASH_SIZE 256
 --- a/src/ap/wnm_ap.c
 +++ b/src/ap/wnm_ap.c
-@@ -386,6 +386,7 @@ static int ieee802_11_send_bss_trans_mgm
+@@ -410,6 +410,7 @@ static int ieee802_11_send_bss_trans_mgm
  	mgmt->u.action.u.bss_tm_req.validity_interval = 1;
  	pos = mgmt->u.action.u.bss_tm_req.variable;
  
@@ -42,7 +42,7 @@
  	wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request to "
  		   MACSTR " dialog_token=%u req_mode=0x%x disassoc_timer=%u "
  		   "validity_interval=%u",
-@@ -790,10 +791,12 @@ int ieee802_11_rx_wnm_action_ap(struct h
+@@ -814,10 +815,12 @@ int ieee802_11_rx_wnm_action_ap(struct h
  					       plen);
  		return 0;
  	case WNM_BSS_TRANS_MGMT_QUERY:
@@ -55,7 +55,7 @@
  		ieee802_11_rx_bss_trans_mgmt_resp(hapd, mgmt->sa, payload,
  						  plen);
  		return 0;
-@@ -840,6 +843,7 @@ int wnm_send_disassoc_imminent(struct ho
+@@ -865,6 +868,7 @@ int wnm_send_disassoc_imminent(struct ho
  
  	pos = mgmt->u.action.u.bss_tm_req.variable;
  
@@ -63,7 +63,7 @@
  	wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request frame to indicate imminent disassociation (disassoc_timer=%d) to "
  		   MACSTR, disassoc_timer, MAC2STR(sta->addr));
  	if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0, NULL, 0, 0) < 0) {
-@@ -921,6 +925,7 @@ int wnm_send_ess_disassoc_imminent(struc
+@@ -947,6 +951,7 @@ int wnm_send_ess_disassoc_imminent(struc
  		return -1;
  	}
  
@@ -71,14 +71,14 @@
  	if (disassoc_timer) {
  		/* send disassociation frame after time-out */
  		set_disassoc_timer(hapd, sta, disassoc_timer);
-@@ -1001,6 +1006,7 @@ int wnm_send_bss_tm_req(struct hostapd_d
+@@ -1028,6 +1033,7 @@ int wnm_send_bss_tm_req(struct hostapd_d
  	}
  	os_free(buf);
  
 +	hapd->openwrt_stats.wnm.bss_transition_request_tx++;
  	if (disassoc_timer) {
- 		/* send disassociation frame after time-out */
- 		set_disassoc_timer(hapd, sta, disassoc_timer);
+ #ifdef CONFIG_IEEE80211BE
+ 		if (ap_sta_is_mld(hapd, sta)) {
 --- a/src/ap/rrm.c
 +++ b/src/ap/rrm.c
 @@ -269,6 +269,8 @@ static void hostapd_send_nei_report_resp

package/network/services/hostapd/patches/600-ubus_support.patch

@@ -12,7 +12,7 @@
 +endif
  
  ifdef CONFIG_CODE_COVERAGE
- CFLAGS += -O0 -fprofile-arcs -ftest-coverage
+ CFLAGS += -O0 -fprofile-arcs -ftest-coverage -U_FORTIFY_SOURCE
 --- a/src/ap/hostapd.h
 +++ b/src/ap/hostapd.h
 @@ -18,6 +18,7 @@
@@ -31,7 +31,7 @@
  	int interface_added; /* virtual interface added for this BSS */
  	unsigned int started:1;
  	unsigned int disabled:1;
-@@ -695,6 +697,7 @@ hostapd_alloc_bss_data(struct hostapd_if
+@@ -707,6 +709,7 @@ hostapd_alloc_bss_data(struct hostapd_if
  		       struct hostapd_bss_config *bss);
  int hostapd_setup_interface(struct hostapd_iface *iface);
  int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err);
@@ -41,7 +41,7 @@
  struct hostapd_iface * hostapd_alloc_iface(void);
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -435,6 +435,7 @@ void hostapd_free_hapd_data(struct hosta
+@@ -493,6 +493,7 @@ void hostapd_free_hapd_data(struct hosta
  	hapd->beacon_set_done = 0;
  
  	wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface);
@@ -49,7 +49,7 @@
  	accounting_deinit(hapd);
  	hostapd_deinit_wpa(hapd);
  	vlan_deinit(hapd);
-@@ -1187,6 +1188,8 @@ static int hostapd_start_beacon(struct h
+@@ -1274,6 +1275,8 @@ static int hostapd_start_beacon(struct h
  	if (hapd->driver && hapd->driver->set_operstate)
  		hapd->driver->set_operstate(hapd->drv_priv, 1);
  
@@ -58,7 +58,7 @@
  	return 0;
  }
  
-@@ -2275,6 +2278,7 @@ static int hostapd_setup_interface_compl
+@@ -2367,6 +2370,7 @@ static int hostapd_setup_interface_compl
  	if (err)
  		goto fail;
  
@@ -66,7 +66,7 @@
  	wpa_printf(MSG_DEBUG, "Completing interface initialization");
  	if (iface->freq) {
  #ifdef NEED_AP_MLME
-@@ -2494,6 +2498,7 @@ dfs_offload:
+@@ -2586,6 +2590,7 @@ dfs_offload:
  
  fail:
  	wpa_printf(MSG_ERROR, "Interface initialization failed");
@@ -74,7 +74,7 @@
  
  	if (iface->is_no_ir) {
  		hostapd_set_state(iface, HAPD_IFACE_NO_IR);
-@@ -2984,6 +2989,7 @@ void hostapd_interface_deinit_free(struc
+@@ -3076,6 +3081,7 @@ void hostapd_interface_deinit_free(struc
  		   (unsigned int) iface->conf->num_bss);
  	driver = iface->bss[0]->driver;
  	drv_priv = iface->bss[0]->drv_priv;
@@ -84,7 +84,7 @@
  		   __func__, driver, drv_priv);
 --- a/src/ap/ieee802_11.c
 +++ b/src/ap/ieee802_11.c
-@@ -2786,7 +2786,7 @@ static void handle_auth(struct hostapd_d
+@@ -2798,7 +2798,7 @@ static void handle_auth(struct hostapd_d
  	u16 auth_alg, auth_transaction, status_code;
  	u16 resp = WLAN_STATUS_SUCCESS;
  	struct sta_info *sta = NULL;
@@ -93,7 +93,7 @@
  	u16 fc;
  	const u8 *challenge = NULL;
  	u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
-@@ -2795,6 +2795,11 @@ static void handle_auth(struct hostapd_d
+@@ -2807,6 +2807,11 @@ static void handle_auth(struct hostapd_d
  	struct radius_sta rad_info;
  	const u8 *dst, *sa, *bssid;
  	bool mld_sta = false;
@@ -105,7 +105,7 @@
  
  	if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
  		wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
-@@ -2986,6 +2991,13 @@ static void handle_auth(struct hostapd_d
+@@ -2998,6 +3003,13 @@ static void handle_auth(struct hostapd_d
  		resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
  		goto fail;
  	}
@@ -119,7 +119,7 @@
  	if (res == HOSTAPD_ACL_PENDING)
  		return;
  
-@@ -5161,7 +5173,7 @@ static void handle_assoc(struct hostapd_
+@@ -5242,7 +5254,7 @@ static void handle_assoc(struct hostapd_
  	int resp = WLAN_STATUS_SUCCESS;
  	u16 reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE;
  	const u8 *pos;
@@ -128,7 +128,7 @@
  	struct sta_info *sta;
  	u8 *tmp = NULL;
  #ifdef CONFIG_FILS
-@@ -5374,6 +5386,11 @@ static void handle_assoc(struct hostapd_
+@@ -5484,6 +5496,11 @@ static void handle_assoc(struct hostapd_
  		left = res;
  	}
  #endif /* CONFIG_FILS */
@@ -140,9 +140,9 @@
  
  	/* followed by SSID and Supported rates; and HT capabilities if 802.11n
  	 * is used */
-@@ -5472,6 +5489,13 @@ static void handle_assoc(struct hostapd_
- 	}
- #endif /* CONFIG_FILS */
+@@ -5586,6 +5603,13 @@ static void handle_assoc(struct hostapd_
+ 	if (set_beacon)
+ 		ieee802_11_set_beacons(hapd->iface);
  
 +	ubus_resp = hostapd_ubus_handle_event(hapd, &req);
 +	if (ubus_resp) {
@@ -154,7 +154,7 @@
   fail:
  
  	/*
-@@ -5753,6 +5777,7 @@ static void handle_disassoc(struct hosta
+@@ -5836,6 +5860,7 @@ static void handle_disassoc(struct hosta
  			   (unsigned long) len);
  		return;
  	}
@@ -162,7 +162,7 @@
  
  	sta = ap_get_sta(hapd, mgmt->sa);
  	if (!sta) {
-@@ -5784,6 +5809,8 @@ static void handle_deauth(struct hostapd
+@@ -5867,6 +5892,8 @@ static void handle_deauth(struct hostapd
  	/* Clear the PTKSA cache entries for PASN */
  	ptksa_cache_flush(hapd->ptksa, mgmt->sa, WPA_CIPHER_NONE);
  
@@ -173,10 +173,10 @@
  		wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR
 --- a/src/ap/beacon.c
 +++ b/src/ap/beacon.c
-@@ -1036,6 +1036,12 @@ void handle_probe_req(struct hostapd_dat
- 	u16 csa_offs[2];
- 	size_t csa_offs_len;
- 	struct radius_sta rad_info;
+@@ -1351,6 +1351,12 @@ void handle_probe_req(struct hostapd_dat
+ 	int mld_id;
+ 	u16 links;
+ #endif /* CONFIG_IEEE80211BE */
 +	struct hostapd_ubus_request req = {
 +		.type = HOSTAPD_UBUS_PROBE_REQ,
 +		.mgmt_frame = mgmt,
@@ -186,7 +186,7 @@
  
  	if (hapd->iconf->rssi_ignore_probe_request && ssi_signal &&
  	    ssi_signal < hapd->iconf->rssi_ignore_probe_request)
-@@ -1222,6 +1228,12 @@ void handle_probe_req(struct hostapd_dat
+@@ -1537,6 +1543,12 @@ void handle_probe_req(struct hostapd_dat
  	}
  #endif /* CONFIG_P2P */
  
@@ -201,10 +201,10 @@
  
 --- a/src/ap/drv_callbacks.c
 +++ b/src/ap/drv_callbacks.c
-@@ -260,6 +260,10 @@ int hostapd_notif_assoc(struct hostapd_d
- 	u16 reason = WLAN_REASON_UNSPECIFIED;
- 	int status = WLAN_STATUS_SUCCESS;
- 	const u8 *p2p_dev_addr = NULL;
+@@ -268,6 +268,10 @@ int hostapd_notif_assoc(struct hostapd_d
+ 	struct hostapd_iface *iface = hapd->iface;
+ #endif /* CONFIG_OWE */
+ 	bool updated = false;
 +	struct hostapd_ubus_request req = {
 +		.type = HOSTAPD_UBUS_ASSOC_REQ,
 +		.addr = addr,
@@ -212,7 +212,7 @@
  
  	if (addr == NULL) {
  		/*
-@@ -396,6 +400,12 @@ int hostapd_notif_assoc(struct hostapd_d
+@@ -412,6 +416,12 @@ int hostapd_notif_assoc(struct hostapd_d
  		goto fail;
  	}
  
@@ -227,7 +227,7 @@
  		wpabuf_free(sta->p2p_ie);
 --- a/src/ap/sta_info.c
 +++ b/src/ap/sta_info.c
-@@ -471,6 +471,7 @@ void ap_handle_timer(void *eloop_ctx, vo
+@@ -476,6 +476,7 @@ void ap_handle_timer(void *eloop_ctx, vo
  		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
  			       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
  			       "local deauth request");
@@ -235,7 +235,7 @@
  		ap_free_sta(hapd, sta);
  		return;
  	}
-@@ -626,6 +627,7 @@ skip_poll:
+@@ -631,6 +632,7 @@ skip_poll:
  		mlme_deauthenticate_indication(
  			hapd, sta,
  			WLAN_REASON_PREV_AUTH_NOT_VALID);
@@ -243,8 +243,8 @@
  		ap_free_sta(hapd, sta);
  		break;
  	}
-@@ -1344,15 +1346,28 @@ void ap_sta_set_authorized(struct hostap
- 					sta->addr, authorized, dev_addr);
+@@ -1451,15 +1453,28 @@ void ap_sta_set_authorized_event(struct
+ 		os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr));
  
  	if (authorized) {
 +		static const char * const auth_algs[] = {
@@ -272,7 +272,7 @@
  #ifdef CONFIG_P2P
  		if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) {
  			os_snprintf(ip_addr, sizeof(ip_addr),
-@@ -1362,6 +1377,13 @@ void ap_sta_set_authorized(struct hostap
+@@ -1470,6 +1485,13 @@ void ap_sta_set_authorized_event(struct
  		}
  #endif /* CONFIG_P2P */
  
@@ -286,7 +286,7 @@
  		keyid = ap_sta_wpa_get_keyid(hapd, sta);
  		if (keyid) {
  			os_snprintf(keyid_buf, sizeof(keyid_buf),
-@@ -1380,17 +1402,19 @@ void ap_sta_set_authorized(struct hostap
+@@ -1488,17 +1510,19 @@ void ap_sta_set_authorized_event(struct
  					 dpp_pkhash, SHA256_MAC_LEN);
  		}
  
@@ -312,7 +312,7 @@
  		    hapd->msg_ctx_parent != hapd->msg_ctx)
 --- a/src/ap/wpa_auth_glue.c
 +++ b/src/ap/wpa_auth_glue.c
-@@ -269,6 +269,7 @@ static void hostapd_wpa_auth_psk_failure
+@@ -275,6 +275,7 @@ static void hostapd_wpa_auth_psk_failure
  	struct hostapd_data *hapd = ctx;
  	wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
  		MAC2STR(addr));
@@ -322,7 +322,7 @@
  
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -192,6 +192,13 @@ ifdef CONFIG_EAPOL_TEST
+@@ -189,6 +189,13 @@ ifdef CONFIG_EAPOL_TEST
  CFLAGS += -Werror -DEAPOL_TEST
  endif
  
@@ -334,9 +334,9 @@
 +endif
 +
  ifdef CONFIG_CODE_COVERAGE
- CFLAGS += -O0 -fprofile-arcs -ftest-coverage
+ CFLAGS += -O0 -fprofile-arcs -ftest-coverage -U_FORTIFY_SOURCE
  LIBS += -lgcov
-@@ -987,6 +994,9 @@ ifdef CONFIG_CTRL_IFACE_MIB
+@@ -1043,6 +1050,9 @@ ifdef CONFIG_CTRL_IFACE_MIB
  CFLAGS += -DCONFIG_CTRL_IFACE_MIB
  endif
  OBJS += ../src/ap/ctrl_iface_ap.o
@@ -348,7 +348,7 @@
  CFLAGS += -DEAP_SERVER -DEAP_SERVER_IDENTITY
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -7595,6 +7595,8 @@ struct wpa_supplicant * wpa_supplicant_a
+@@ -7716,6 +7716,8 @@ struct wpa_supplicant * wpa_supplicant_a
  	}
  #endif /* CONFIG_P2P */
  
@@ -357,7 +357,7 @@
  	return wpa_s;
  }
  
-@@ -7621,6 +7623,8 @@ int wpa_supplicant_remove_iface(struct w
+@@ -7742,6 +7744,8 @@ int wpa_supplicant_remove_iface(struct w
  	struct wpa_supplicant *parent = wpa_s->parent;
  #endif /* CONFIG_MESH */
  
@@ -366,7 +366,7 @@
  	/* Remove interface from the global list of interfaces */
  	prev = global->ifaces;
  	if (prev == wpa_s) {
-@@ -7967,8 +7971,12 @@ int wpa_supplicant_run(struct wpa_global
+@@ -8088,8 +8092,12 @@ int wpa_supplicant_run(struct wpa_global
  	eloop_register_signal_terminate(wpa_supplicant_terminate, global);
  	eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
  
@@ -398,7 +398,7 @@
  };
  
  
-@@ -685,6 +688,7 @@ struct wpa_supplicant {
+@@ -693,6 +696,7 @@ struct wpa_supplicant {
  	unsigned char own_addr[ETH_ALEN];
  	unsigned char perm_addr[ETH_ALEN];
  	char ifname[100];
@@ -416,7 +416,7 @@
  
  
  #ifndef WPS_PIN_SCAN_IGNORE_SEL_REG
-@@ -402,6 +403,8 @@ static int wpa_supplicant_wps_cred(void
+@@ -401,6 +402,8 @@ static int wpa_supplicant_wps_cred(void
  	wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",
  			cred->cred_attr, cred->cred_attr_len);
  
@@ -508,7 +508,7 @@
  
 --- a/src/ap/dfs.c
 +++ b/src/ap/dfs.c
-@@ -1216,6 +1216,8 @@ int hostapd_dfs_pre_cac_expired(struct h
+@@ -1225,6 +1225,8 @@ int hostapd_dfs_pre_cac_expired(struct h
  		"freq=%d ht_enabled=%d chan_offset=%d chan_width=%d cf1=%d cf2=%d",
  		freq, ht_enabled, chan_offset, chan_width, cf1, cf2);
  
@@ -550,7 +550,7 @@
  	}
 --- a/src/ap/sta_info.h
 +++ b/src/ap/sta_info.h
-@@ -322,6 +322,7 @@ struct sta_info {
+@@ -319,6 +319,7 @@ struct sta_info {
  #endif /* CONFIG_TESTING_OPTIONS */
  #ifdef CONFIG_AIRTIME_POLICY
  	unsigned int airtime_weight;
@@ -560,7 +560,7 @@
  
 --- a/src/ap/wnm_ap.c
 +++ b/src/ap/wnm_ap.c
-@@ -455,7 +455,8 @@ static void ieee802_11_rx_bss_trans_mgmt
+@@ -479,7 +479,8 @@ static void ieee802_11_rx_bss_trans_mgmt
  		MAC2STR(addr), reason, hex ? " neighbor=" : "", hex);
  	os_free(hex);
  
@@ -570,7 +570,7 @@
  }
  
  
-@@ -477,7 +478,7 @@ static void ieee802_11_rx_bss_trans_mgmt
+@@ -501,7 +502,7 @@ static void ieee802_11_rx_bss_trans_mgmt
  					      size_t len)
  {
  	u8 dialog_token, status_code, bss_termination_delay;
@@ -579,7 +579,7 @@
  	int enabled = hapd->conf->bss_transition;
  	struct sta_info *sta;
  
-@@ -524,6 +525,7 @@ static void ieee802_11_rx_bss_trans_mgmt
+@@ -548,6 +549,7 @@ static void ieee802_11_rx_bss_trans_mgmt
  			wpa_printf(MSG_DEBUG, "WNM: not enough room for Target BSSID field");
  			return;
  		}
@@ -587,7 +587,7 @@
  		sta->agreed_to_steer = 1;
  		eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta);
  		eloop_register_timeout(2, 0, ap_sta_reset_steer_flag_timer,
-@@ -543,6 +545,10 @@ static void ieee802_11_rx_bss_trans_mgmt
+@@ -567,6 +569,10 @@ static void ieee802_11_rx_bss_trans_mgmt
  			MAC2STR(addr), status_code, bss_termination_delay);
  	}
  

package/network/services/hostapd/patches/601-ucode_support.patch

@@ -26,7 +26,7 @@
  ifdef CONFIG_CODE_COVERAGE
 --- a/hostapd/main.c
 +++ b/hostapd/main.c
-@@ -1007,6 +1007,7 @@ int main(int argc, char *argv[])
+@@ -1014,6 +1014,7 @@ int main(int argc, char *argv[])
  	}
  
  	hostapd_global_ctrl_iface_init(&interfaces);
@@ -34,7 +34,7 @@
  
  	if (hostapd_global_run(&interfaces, daemonize, pid_file)) {
  		wpa_printf(MSG_ERROR, "Failed to start eloop");
-@@ -1016,6 +1017,7 @@ int main(int argc, char *argv[])
+@@ -1023,6 +1024,7 @@ int main(int argc, char *argv[])
  	ret = 0;
  
   out:
@@ -71,7 +71,7 @@
  	int interface_added; /* virtual interface added for this BSS */
  	unsigned int started:1;
  	unsigned int disabled:1;
-@@ -506,6 +512,7 @@ struct hostapd_sta_info {
+@@ -518,6 +524,7 @@ struct hostapd_sta_info {
   */
  struct hostapd_iface {
  	struct hapd_interfaces *interfaces;
@@ -79,7 +79,7 @@
  	void *owner;
  	char *config_fname;
  	struct hostapd_config *conf;
-@@ -706,6 +713,8 @@ struct hostapd_iface * hostapd_init(stru
+@@ -718,6 +725,8 @@ struct hostapd_iface * hostapd_init(stru
  struct hostapd_iface *
  hostapd_interface_init_bss(struct hapd_interfaces *interfaces, const char *phy,
  			   const char *config_fname, int debug);
@@ -90,7 +90,7 @@
  void hostapd_interface_deinit_free(struct hostapd_iface *iface);
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -252,6 +252,8 @@ int hostapd_reload_config(struct hostapd
+@@ -255,6 +255,8 @@ int hostapd_reload_config(struct hostapd
  	struct hostapd_config *newconf, *oldconf;
  	size_t j;
  
@@ -99,7 +99,7 @@
  	if (iface->config_fname == NULL) {
  		/* Only in-memory config in use - assume it has been updated */
  		hostapd_clear_old(iface);
-@@ -435,6 +437,7 @@ void hostapd_free_hapd_data(struct hosta
+@@ -493,6 +495,7 @@ void hostapd_free_hapd_data(struct hosta
  	hapd->beacon_set_done = 0;
  
  	wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface);
@@ -107,7 +107,7 @@
  	hostapd_ubus_free_bss(hapd);
  	accounting_deinit(hapd);
  	hostapd_deinit_wpa(hapd);
-@@ -600,6 +603,7 @@ void hostapd_cleanup_iface_partial(struc
+@@ -687,6 +690,7 @@ void hostapd_cleanup_iface_partial(struc
  static void hostapd_cleanup_iface(struct hostapd_iface *iface)
  {
  	wpa_printf(MSG_DEBUG, "%s(%p)", __func__, iface);
@@ -115,7 +115,7 @@
  	eloop_cancel_timeout(hostapd_interface_setup_failure_handler, iface,
  			     NULL);
  
-@@ -1189,6 +1193,7 @@ static int hostapd_start_beacon(struct h
+@@ -1276,6 +1280,7 @@ static int hostapd_start_beacon(struct h
  		hapd->driver->set_operstate(hapd->drv_priv, 1);
  
  	hostapd_ubus_add_bss(hapd);
@@ -123,7 +123,7 @@
  
  	return 0;
  }
-@@ -1211,8 +1216,7 @@ static int hostapd_start_beacon(struct h
+@@ -1298,8 +1303,7 @@ static int hostapd_start_beacon(struct h
   * initialized. Most of the modules that are initialized here will be
   * deinitialized in hostapd_cleanup().
   */
@@ -133,7 +133,7 @@
  {
  	struct hostapd_bss_config *conf = hapd->conf;
  	u8 ssid[SSID_MAX_LEN + 1];
-@@ -2698,7 +2702,7 @@ hostapd_alloc_bss_data(struct hostapd_if
+@@ -2790,7 +2794,7 @@ hostapd_alloc_bss_data(struct hostapd_if
  }
  
  
@@ -142,7 +142,7 @@
  {
  	if (!hapd)
  		return;
-@@ -3491,7 +3495,8 @@ int hostapd_remove_iface(struct hapd_int
+@@ -3608,7 +3612,8 @@ int hostapd_remove_iface(struct hapd_int
  		hapd_iface = interfaces->iface[i];
  		if (hapd_iface == NULL)
  			return -1;
@@ -154,7 +154,7 @@
  				!!(hapd_iface->drv_flags &
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -195,8 +195,20 @@ endif
+@@ -192,8 +192,20 @@ endif
  ifdef CONFIG_UBUS
  CFLAGS += -DUBUS_SUPPORT
  OBJS += ubus.o
@@ -176,7 +176,7 @@
  endif
  
  ifdef CONFIG_CODE_COVERAGE
-@@ -997,6 +1009,9 @@ OBJS += ../src/ap/ctrl_iface_ap.o
+@@ -1053,6 +1065,9 @@ OBJS += ../src/ap/ctrl_iface_ap.o
  ifdef CONFIG_UBUS
  OBJS += ../src/ap/ubus.o
  endif
@@ -188,7 +188,7 @@
  CFLAGS += -DEAP_SERVER -DEAP_SERVER_IDENTITY
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -1044,6 +1044,7 @@ void wpa_supplicant_set_state(struct wpa
+@@ -1060,6 +1060,7 @@ void wpa_supplicant_set_state(struct wpa
  		sme_sched_obss_scan(wpa_s, 0);
  	}
  	wpa_s->wpa_state = state;
@@ -196,7 +196,7 @@
  
  #ifdef CONFIG_BGSCAN
  	if (state == WPA_COMPLETED && wpa_s->current_ssid != wpa_s->bgscan_ssid)
-@@ -7594,6 +7595,7 @@ struct wpa_supplicant * wpa_supplicant_a
+@@ -7717,6 +7718,7 @@ struct wpa_supplicant * wpa_supplicant_a
  #endif /* CONFIG_P2P */
  
  	wpas_ubus_add_bss(wpa_s);
@@ -204,7 +204,7 @@
  
  	return wpa_s;
  }
-@@ -7621,6 +7623,7 @@ int wpa_supplicant_remove_iface(struct w
+@@ -7744,6 +7746,7 @@ int wpa_supplicant_remove_iface(struct w
  	struct wpa_supplicant *parent = wpa_s->parent;
  #endif /* CONFIG_MESH */
  
@@ -212,7 +212,7 @@
  	wpas_ubus_free_bss(wpa_s);
  
  	/* Remove interface from the global list of interfaces */
-@@ -7931,6 +7934,7 @@ struct wpa_global * wpa_supplicant_init(
+@@ -8054,6 +8057,7 @@ struct wpa_global * wpa_supplicant_init(
  
  	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
  			       wpas_periodic, global, NULL);
@@ -220,7 +220,7 @@
  
  	return global;
  }
-@@ -7969,12 +7973,8 @@ int wpa_supplicant_run(struct wpa_global
+@@ -8092,12 +8096,8 @@ int wpa_supplicant_run(struct wpa_global
  	eloop_register_signal_terminate(wpa_supplicant_terminate, global);
  	eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
  
@@ -233,7 +233,7 @@
  	return 0;
  }
  
-@@ -8007,6 +8007,8 @@ void wpa_supplicant_deinit(struct wpa_gl
+@@ -8130,6 +8130,8 @@ void wpa_supplicant_deinit(struct wpa_gl
  
  	wpas_notify_supplicant_deinitialized(global);
  
@@ -252,7 +252,7 @@
  
  extern const char *const wpa_supplicant_version;
  extern const char *const wpa_supplicant_license;
-@@ -689,6 +690,7 @@ struct wpa_supplicant {
+@@ -697,6 +698,7 @@ struct wpa_supplicant {
  	unsigned char perm_addr[ETH_ALEN];
  	char ifname[100];
  	struct wpas_ubus_bss ubus;
@@ -262,7 +262,7 @@
  #endif /* CONFIG_MATCH_IFACE */
 --- a/hostapd/ctrl_iface.c
 +++ b/hostapd/ctrl_iface.c
-@@ -4856,6 +4856,7 @@ try_again:
+@@ -5487,6 +5487,7 @@ try_again:
  		return -1;
  	}
  
@@ -270,7 +270,7 @@
  	wpa_msg_register_cb(hostapd_ctrl_iface_msg_cb);
  
  	return 0;
-@@ -4957,6 +4958,7 @@ fail:
+@@ -5588,6 +5589,7 @@ fail:
  	os_free(fname);
  
  	interface->global_ctrl_sock = s;
@@ -280,7 +280,7 @@
  
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -3787,6 +3787,25 @@ struct wpa_driver_ops {
+@@ -3853,6 +3853,25 @@ struct wpa_driver_ops {
  			 const char *ifname);
  
  	/**
@@ -306,7 +306,7 @@
  	 * set_sta_vlan - Bind a station into a specific interface (AP only)
  	 * @priv: Private driver interface data
  	 * @ifname: Interface (main or virtual BSS or VLAN)
-@@ -6440,6 +6459,7 @@ union wpa_event_data {
+@@ -6507,6 +6526,7 @@ union wpa_event_data {
  
  	/**
  	 * struct ch_switch
@@ -314,7 +314,7 @@
  	 * @freq: Frequency of new channel in MHz
  	 * @ht_enabled: Whether this is an HT channel
  	 * @ch_offset: Secondary channel offset
-@@ -6450,6 +6470,7 @@ union wpa_event_data {
+@@ -6517,6 +6537,7 @@ union wpa_event_data {
  	 * @punct_bitmap: Puncturing bitmap
  	 */
  	struct ch_switch {
@@ -324,7 +324,7 @@
  		int ch_offset;
 --- a/src/drivers/driver_nl80211_event.c
 +++ b/src/drivers/driver_nl80211_event.c
-@@ -1202,6 +1202,7 @@ static void mlme_event_ch_switch(struct
+@@ -1196,6 +1196,7 @@ static void mlme_event_ch_switch(struct
  				 struct nlattr *bw, struct nlattr *cf1,
  				 struct nlattr *cf2,
  				 struct nlattr *punct_bitmap,
@@ -332,7 +332,7 @@
  				 int finished)
  {
  	struct i802_bss *bss;
-@@ -1265,6 +1266,8 @@ static void mlme_event_ch_switch(struct
+@@ -1259,6 +1260,8 @@ static void mlme_event_ch_switch(struct
  		data.ch_switch.cf1 = nla_get_u32(cf1);
  	if (cf2)
  		data.ch_switch.cf2 = nla_get_u32(cf2);
@@ -341,7 +341,7 @@
  
  	if (finished)
  		bss->flink->freq = data.ch_switch.freq;
-@@ -3912,6 +3915,7 @@ static void do_process_drv_event(struct
+@@ -3961,6 +3964,7 @@ static void do_process_drv_event(struct
  				     tb[NL80211_ATTR_CENTER_FREQ1],
  				     tb[NL80211_ATTR_CENTER_FREQ2],
  				     tb[NL80211_ATTR_PUNCT_BITMAP],
@@ -349,7 +349,7 @@
  				     0);
  		break;
  	case NL80211_CMD_CH_SWITCH_NOTIFY:
-@@ -3924,6 +3928,7 @@ static void do_process_drv_event(struct
+@@ -3973,6 +3977,7 @@ static void do_process_drv_event(struct
  				     tb[NL80211_ATTR_CENTER_FREQ1],
  				     tb[NL80211_ATTR_CENTER_FREQ2],
  				     tb[NL80211_ATTR_PUNCT_BITMAP],
@@ -359,7 +359,7 @@
  	case NL80211_CMD_DISCONNECT:
 --- a/wpa_supplicant/events.c
 +++ b/wpa_supplicant/events.c
-@@ -5389,6 +5389,7 @@ void supplicant_event(void *ctx, enum wp
+@@ -5955,6 +5955,7 @@ void supplicant_event(void *ctx, enum wp
  		event_to_string(event), event);
  #endif /* CONFIG_NO_STDOUT_DEBUG */
  
@@ -369,8 +369,8 @@
  #ifdef CONFIG_FST
 --- a/src/ap/ap_drv_ops.h
 +++ b/src/ap/ap_drv_ops.h
-@@ -393,6 +393,23 @@ static inline int hostapd_drv_stop_ap(st
- 	return hapd->driver->stop_ap(hapd->drv_priv);
+@@ -399,6 +399,23 @@ static inline int hostapd_drv_stop_ap(st
+ 	return hapd->driver->stop_ap(hapd->drv_priv, link_id);
  }
  
 +static inline int hostapd_drv_if_rename(struct hostapd_data *hapd,
@@ -395,7 +395,7 @@
  {
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -73,6 +73,16 @@ enum nlmsgerr_attrs {
+@@ -75,6 +75,16 @@ enum nlmsgerr_attrs {
  
  #endif /* ANDROID */
  
@@ -412,7 +412,7 @@
  
  static struct nl_sock * nl_create_handle(struct nl_cb *cb, const char *dbg)
  {
-@@ -379,6 +389,11 @@ static int no_seq_check(struct nl_msg *m
+@@ -429,6 +439,11 @@ static int no_seq_check(struct nl_msg *m
  	return NL_OK;
  }
  
@@ -424,23 +424,24 @@
  
  static void nl80211_nlmsg_clear(struct nl_msg *msg)
  {
-@@ -415,6 +430,7 @@ static int send_and_recv(struct nl80211_
+@@ -502,6 +517,8 @@ int send_and_recv(struct nl80211_global
  	if (!msg)
  		return -ENOMEM;
  
 +	handle_nl_debug_hook(msg, 1);
- 	cb = nl_cb_clone(global->nl_cb);
- 	if (!cb)
- 		goto out;
-@@ -443,6 +459,7 @@ static int send_and_recv(struct nl80211_
++
+ 	err.err = -ENOMEM;
  
- 	err = 1;
+ 	s_nl_cb = nl_socket_get_cb(nl_handle);
+@@ -536,6 +553,7 @@ int send_and_recv(struct nl80211_global
+ 	err.orig_msg = msg;
+ 	err.err_info = err_info;
  
 +	nl_cb_set(cb, NL_CB_MSG_IN, NL_CB_CUSTOM, debug_handler, NULL);
  	nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
- 	nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
+ 	nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err.err);
  	if (ack_handler_custom) {
-@@ -919,6 +936,7 @@ nl80211_get_wiphy_data_ap(struct i802_bs
+@@ -939,6 +957,7 @@ nl80211_get_wiphy_data_ap(struct i802_bs
  			os_free(w);
  			return NULL;
  		}
@@ -448,7 +449,7 @@
  		nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
  			  no_seq_check, NULL);
  		nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
-@@ -1333,7 +1351,7 @@ static void wpa_driver_nl80211_event_rtm
+@@ -1353,7 +1372,7 @@ static void wpa_driver_nl80211_event_rtm
  		}
  		wpa_printf(MSG_DEBUG, "nl80211: Interface down (%s/%s)",
  			   namebuf, ifname);
@@ -457,7 +458,7 @@
  			wpa_printf(MSG_DEBUG,
  				   "nl80211: Not the main interface (%s) - do not indicate interface down",
  				   drv->first_bss->ifname);
-@@ -1369,7 +1387,7 @@ static void wpa_driver_nl80211_event_rtm
+@@ -1389,7 +1408,7 @@ static void wpa_driver_nl80211_event_rtm
  		}
  		wpa_printf(MSG_DEBUG, "nl80211: Interface up (%s/%s)",
  			   namebuf, ifname);
@@ -466,15 +467,15 @@
  			wpa_printf(MSG_DEBUG,
  				   "nl80211: Not the main interface (%s) - do not indicate interface up",
  				   drv->first_bss->ifname);
-@@ -1992,6 +2010,7 @@ static int wpa_driver_nl80211_init_nl_gl
- 		/* Continue without vendor events */
- 	}
+@@ -2035,6 +2054,7 @@ static int wpa_driver_nl80211_init_nl_gl
+ 	genl_family_put(family);
+ 	nl_cache_free(cache);
  
 +	nl_cb_set(global->nl_cb, NL_CB_MSG_IN, NL_CB_CUSTOM, debug_handler, NULL);
  	nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
  		  no_seq_check, NULL);
  	nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
-@@ -2160,6 +2179,7 @@ static int nl80211_init_bss(struct i802_
+@@ -2205,6 +2225,7 @@ static int nl80211_init_bss(struct i802_
  	if (!bss->nl_cb)
  		return -1;
  
@@ -482,7 +483,7 @@
  	nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
  		  no_seq_check, NULL);
  	nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
-@@ -8432,6 +8452,7 @@ static void *i802_init(struct hostapd_da
+@@ -8554,6 +8575,7 @@ static void *i802_init(struct hostapd_da
  	char master_ifname[IFNAMSIZ];
  	int ifindex, br_ifindex = 0;
  	int br_added = 0;
@@ -490,7 +491,7 @@
  
  	bss = wpa_driver_nl80211_drv_init(hapd, params->ifname,
  					  params->global_priv, 1,
-@@ -8491,21 +8512,17 @@ static void *i802_init(struct hostapd_da
+@@ -8613,21 +8635,17 @@ static void *i802_init(struct hostapd_da
  	    (params->num_bridge == 0 || !params->bridge[0]))
  		add_ifidx(drv, br_ifindex, drv->ifindex);
  
@@ -522,7 +523,7 @@
  	}
  
  	if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) {
-@@ -8875,6 +8892,50 @@ static int wpa_driver_nl80211_if_remove(
+@@ -8992,6 +9010,50 @@ static int wpa_driver_nl80211_if_remove(
  	return 0;
  }
  
@@ -573,7 +574,7 @@
  
  static int cookie_handler(struct nl_msg *msg, void *arg)
  {
-@@ -10513,6 +10574,37 @@ static int driver_nl80211_if_remove(void
+@@ -10688,6 +10750,37 @@ static int driver_nl80211_if_remove(void
  }
  
  
@@ -611,7 +612,7 @@
  static int driver_nl80211_send_mlme(void *priv, const u8 *data,
  				    size_t data_len, int noack,
  				    unsigned int freq,
-@@ -13697,6 +13789,8 @@ const struct wpa_driver_ops wpa_driver_n
+@@ -13881,6 +13974,8 @@ const struct wpa_driver_ops wpa_driver_n
  	.set_acl = wpa_driver_nl80211_set_acl,
  	.if_add = wpa_driver_nl80211_if_add,
  	.if_remove = driver_nl80211_if_remove,

package/network/services/hostapd/patches/701-reload_config_inline.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -4816,7 +4816,12 @@ struct hostapd_config * hostapd_config_r
+@@ -5065,7 +5065,12 @@ struct hostapd_config * hostapd_config_r
  	int errors = 0;
  	size_t i;
  

package/network/services/hostapd/patches/710-vlan_no_bridge.patch

@@ -30,7 +30,7 @@
  
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -3351,6 +3351,8 @@ static int hostapd_config_fill(struct ho
+@@ -3559,6 +3559,8 @@ static int hostapd_config_fill(struct ho
  #ifndef CONFIG_NO_VLAN
  	} else if (os_strcmp(buf, "dynamic_vlan") == 0) {
  		bss->ssid.dynamic_vlan = atoi(pos);

package/network/services/hostapd/patches/711-wds_bridge_force.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -2318,6 +2318,8 @@ static int hostapd_config_fill(struct ho
+@@ -2447,6 +2447,8 @@ static int hostapd_config_fill(struct ho
  			   sizeof(conf->bss[0]->iface));
  	} else if (os_strcmp(buf, "bridge") == 0) {
  		os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
@@ -11,7 +11,7 @@
  	} else if (os_strcmp(buf, "vlan_bridge") == 0) {
 --- a/src/ap/ap_drv_ops.c
 +++ b/src/ap/ap_drv_ops.c
-@@ -348,8 +348,6 @@ int hostapd_set_wds_sta(struct hostapd_d
+@@ -387,8 +387,6 @@ int hostapd_set_wds_sta(struct hostapd_d
  		return -1;
  	if (hapd->conf->wds_bridge[0])
  		bridge = hapd->conf->wds_bridge;

package/network/services/hostapd/patches/720-iface_max_num_sta.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -2848,6 +2848,14 @@ static int hostapd_config_fill(struct ho
+@@ -3041,6 +3041,14 @@ static int hostapd_config_fill(struct ho
  				   line, bss->max_num_sta, MAX_STA_COUNT);
  			return 1;
  		}
@@ -17,7 +17,7 @@
  	} else if (os_strcmp(buf, "extended_key_id") == 0) {
 --- a/src/ap/hostapd.h
 +++ b/src/ap/hostapd.h
-@@ -742,6 +742,7 @@ void hostapd_cleanup_cs_params(struct ho
+@@ -754,6 +754,7 @@ void hostapd_cleanup_cs_params(struct ho
  void hostapd_periodic_iface(struct hostapd_iface *iface);
  int hostapd_owe_trans_get_info(struct hostapd_data *hapd);
  void hostapd_ocv_check_csa_sa_query(void *eloop_ctx, void *timeout_ctx);
@@ -27,7 +27,7 @@
  void hostapd_cleanup_cca_params(struct hostapd_data *hapd);
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -244,6 +244,29 @@ static int hostapd_iface_conf_changed(st
+@@ -247,6 +247,29 @@ static int hostapd_iface_conf_changed(st
  	return 0;
  }
  
@@ -59,7 +59,7 @@
  {
 --- a/src/ap/beacon.c
 +++ b/src/ap/beacon.c
-@@ -1252,7 +1252,7 @@ void handle_probe_req(struct hostapd_dat
+@@ -1567,7 +1567,7 @@ void handle_probe_req(struct hostapd_dat
  	if (hapd->conf->no_probe_resp_if_max_sta &&
  	    is_multicast_ether_addr(mgmt->da) &&
  	    is_multicast_ether_addr(mgmt->bssid) &&
@@ -70,7 +70,7 @@
  			   " since no room for additional STA",
 --- a/src/ap/ap_config.h
 +++ b/src/ap/ap_config.h
-@@ -1039,6 +1039,8 @@ struct hostapd_config {
+@@ -1057,6 +1057,8 @@ struct hostapd_config {
  	unsigned int track_sta_max_num;
  	unsigned int track_sta_max_age;
  

package/network/services/hostapd/patches/730-ft_iface.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -3007,6 +3007,8 @@ static int hostapd_config_fill(struct ho
+@@ -3200,6 +3200,8 @@ static int hostapd_config_fill(struct ho
  		wpa_printf(MSG_INFO,
  			   "Line %d: Obsolete peerkey parameter ignored", line);
  #ifdef CONFIG_IEEE80211R_AP
@@ -21,7 +21,7 @@
  	int bridge_hairpin; /* hairpin_mode on bridge members */
 --- a/src/ap/wpa_auth_glue.c
 +++ b/src/ap/wpa_auth_glue.c
-@@ -1727,8 +1727,12 @@ int hostapd_setup_wpa(struct hostapd_dat
+@@ -1777,8 +1777,12 @@ int hostapd_setup_wpa(struct hostapd_dat
  	    wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) {
  		const char *ft_iface;
  

package/network/services/hostapd/patches/740-snoop_iface.patch

@@ -76,7 +76,7 @@
  	hapd->x_snoop_initialized = false;
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -2322,6 +2322,8 @@ static int hostapd_config_fill(struct ho
+@@ -2451,6 +2451,8 @@ static int hostapd_config_fill(struct ho
  			os_strlcpy(bss->wds_bridge, pos, sizeof(bss->wds_bridge));
  	} else if (os_strcmp(buf, "bridge_hairpin") == 0) {
  		bss->bridge_hairpin = atoi(pos);
@@ -104,7 +104,7 @@
  static inline int hostapd_drv_vendor_cmd(struct hostapd_data *hapd,
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -4209,7 +4209,7 @@ struct wpa_driver_ops {
+@@ -4275,7 +4275,7 @@ struct wpa_driver_ops {
  	 * Returns: 0 on success, negative (<0) on failure
  	 */
  	int (*br_set_net_param)(void *priv, enum drv_br_net_param param,
@@ -115,7 +115,7 @@
  	 * get_wowlan - Get wake-on-wireless status
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -12168,7 +12168,7 @@ static const char * drv_br_net_param_str
+@@ -12376,7 +12376,7 @@ static const char * drv_br_net_param_str
  
  
  static int wpa_driver_br_set_net_param(void *priv, enum drv_br_net_param param,
@@ -124,7 +124,7 @@
  {
  	struct i802_bss *bss = priv;
  	char path[128];
-@@ -12194,8 +12194,11 @@ static int wpa_driver_br_set_net_param(v
+@@ -12402,8 +12402,11 @@ static int wpa_driver_br_set_net_param(v
  			return -EINVAL;
  	}
  

package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -1604,6 +1604,8 @@ static int parse_anqp_elem(struct hostap
+@@ -1680,6 +1680,8 @@ static int parse_anqp_elem(struct hostap
  	return 0;
  }
  
@@ -9,7 +9,7 @@
  
  static int parse_qos_map_set(struct hostapd_bss_config *bss,
  			     char *buf, int line)
-@@ -1645,8 +1647,6 @@ static int parse_qos_map_set(struct host
+@@ -1721,8 +1723,6 @@ static int parse_qos_map_set(struct host
  	return 0;
  }
  
@@ -18,7 +18,7 @@
  
  #ifdef CONFIG_HS20
  static int hs20_parse_conn_capab(struct hostapd_bss_config *bss, char *buf,
-@@ -4062,10 +4062,10 @@ static int hostapd_config_fill(struct ho
+@@ -4282,10 +4282,10 @@ static int hostapd_config_fill(struct ho
  		bss->gas_frag_limit = val;
  	} else if (os_strcmp(buf, "gas_comeback_delay") == 0) {
  		bss->gas_comeback_delay = atoi(pos);
@@ -32,7 +32,7 @@
  		os_free(bss->dump_msk_file);
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -1486,6 +1486,7 @@ int hostapd_setup_bss(struct hostapd_dat
+@@ -1578,6 +1578,7 @@ int hostapd_setup_bss(struct hostapd_dat
  		wpa_printf(MSG_ERROR, "GAS server initialization failed");
  		return -1;
  	}
@@ -40,7 +40,7 @@
  
  	if (conf->qos_map_set_len &&
  	    hostapd_drv_set_qos_map(hapd, conf->qos_map_set,
-@@ -1493,7 +1494,6 @@ int hostapd_setup_bss(struct hostapd_dat
+@@ -1585,7 +1586,6 @@ int hostapd_setup_bss(struct hostapd_dat
  		wpa_printf(MSG_ERROR, "Failed to initialize QoS Map");
  		return -1;
  	}
@@ -50,7 +50,7 @@
  		wpa_printf(MSG_ERROR, "BSS Load initialization failed");
 --- a/wpa_supplicant/events.c
 +++ b/wpa_supplicant/events.c
-@@ -2683,8 +2683,6 @@ void wnm_bss_keep_alive_deinit(struct wp
+@@ -2935,8 +2935,6 @@ void wnm_bss_keep_alive_deinit(struct wp
  }
  
  
@@ -59,7 +59,7 @@
  static int wpas_qos_map_set(struct wpa_supplicant *wpa_s, const u8 *qos_map,
  			    size_t len)
  {
-@@ -2717,8 +2715,6 @@ static void interworking_process_assoc_r
+@@ -2969,8 +2967,6 @@ static void interworking_process_assoc_r
  	}
  }
  
@@ -68,7 +68,7 @@
  
  static void wpa_supplicant_set_4addr_mode(struct wpa_supplicant *wpa_s)
  {
-@@ -3098,10 +3094,8 @@ static int wpa_supplicant_event_associnf
+@@ -3350,10 +3346,8 @@ static int wpa_supplicant_event_associnf
  		wnm_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
  				       data->assoc_info.resp_ies_len);
  #endif /* CONFIG_WNM */
@@ -81,7 +81,7 @@
  			   data->assoc_info.resp_ies_len, WLAN_EID_VHT_CAP))
 --- a/src/ap/ieee802_11_shared.c
 +++ b/src/ap/ieee802_11_shared.c
-@@ -1116,13 +1116,11 @@ u8 * hostapd_eid_rsnxe(struct hostapd_da
+@@ -1138,13 +1138,11 @@ u8 * hostapd_eid_rsnxe(struct hostapd_da
  u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta,
  		    const u8 *ext_capab_ie, size_t ext_capab_ie_len)
  {

package/network/services/hostapd/patches/751-qos_map_ignore_when_unsupported.patch

@@ -1,6 +1,6 @@
 --- a/src/ap/ap_drv_ops.c
 +++ b/src/ap/ap_drv_ops.c
-@@ -927,7 +927,8 @@ int hostapd_start_dfs_cac(struct hostapd
+@@ -998,7 +998,8 @@ int hostapd_start_dfs_cac(struct hostapd
  int hostapd_drv_set_qos_map(struct hostapd_data *hapd,
  			    const u8 *qos_map_set, u8 qos_map_set_len)
  {

package/network/services/hostapd/patches/760-dynamic_own_ip.patch

@@ -10,7 +10,7 @@
  	int acct_interim_interval;
 --- a/src/radius/radius_client.c
 +++ b/src/radius/radius_client.c
-@@ -163,6 +163,8 @@ struct radius_client_data {
+@@ -165,6 +165,8 @@ struct radius_client_data {
  	 */
  	void *ctx;
  
@@ -19,7 +19,7 @@
  	/**
  	 * conf - RADIUS client configuration (list of RADIUS servers to use)
  	 */
-@@ -720,6 +722,30 @@ static void radius_client_list_add(struc
+@@ -819,6 +821,30 @@ static void radius_close_acct_socket(str
  
  
  /**
@@ -50,7 +50,7 @@
   * radius_client_send - Send a RADIUS request
   * @radius: RADIUS client context from radius_client_init()
   * @msg: RADIUS message to be sent
-@@ -1238,6 +1264,10 @@ radius_change_server(struct radius_clien
+@@ -1711,6 +1737,10 @@ radius_change_server(struct radius_clien
  			wpa_printf(MSG_DEBUG, "RADIUS local address: %s:%u",
  				   inet_ntoa(claddr.sin_addr),
  				   ntohs(claddr.sin_port));
@@ -61,7 +61,7 @@
  		}
  		break;
  #ifdef CONFIG_IPV6
-@@ -1249,6 +1279,10 @@ radius_change_server(struct radius_clien
+@@ -1722,6 +1752,10 @@ radius_change_server(struct radius_clien
  				   inet_ntop(AF_INET6, &claddr6.sin6_addr,
  					     abuf, sizeof(abuf)),
  				   ntohs(claddr6.sin6_port));
@@ -74,7 +74,7 @@
  	}
 --- a/src/radius/radius_client.h
 +++ b/src/radius/radius_client.h
-@@ -249,6 +249,8 @@ int radius_client_register(struct radius
+@@ -274,6 +274,8 @@ int radius_client_register(struct radius
  void radius_client_set_interim_error_cb(struct radius_client_data *radius,
  					void (*cb)(const u8 *addr, void *ctx),
  					void *ctx);
@@ -85,7 +85,7 @@
  		       RadiusType msg_type, const u8 *addr);
 --- a/src/ap/ieee802_1x.c
 +++ b/src/ap/ieee802_1x.c
-@@ -598,6 +598,10 @@ int add_common_radius_attr(struct hostap
+@@ -601,6 +601,10 @@ int add_common_radius_attr(struct hostap
  	struct hostapd_radius_attr *attr;
  	int len;
  
@@ -98,7 +98,7 @@
  	    hapd->conf->own_ip_addr.af == AF_INET &&
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -2688,6 +2688,8 @@ static int hostapd_config_fill(struct ho
+@@ -2819,6 +2819,8 @@ static int hostapd_config_fill(struct ho
  	} else if (os_strcmp(buf, "iapp_interface") == 0) {
  		wpa_printf(MSG_INFO, "DEPRECATED: iapp_interface not used");
  #endif /* CONFIG_IAPP */

package/network/services/hostapd/patches/761-shared_das_port.patch

@@ -10,7 +10,7 @@
  	unsigned int time_window;
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -1423,6 +1423,7 @@ int hostapd_setup_bss(struct hostapd_dat
+@@ -1510,6 +1510,7 @@ int hostapd_setup_bss(struct hostapd_dat
  
  			os_memset(&das_conf, 0, sizeof(das_conf));
  			das_conf.port = conf->radius_das_port;

package/network/services/hostapd/patches/770-radius_server.patch

@@ -21,7 +21,7 @@
  
  #ifndef CONFIG_NO_HOSTAPD_LOGGER
  static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module,
-@@ -771,6 +772,11 @@ int main(int argc, char *argv[])
+@@ -778,6 +779,11 @@ int main(int argc, char *argv[])
  	if (os_program_init())
  		return -1;
  

package/network/services/hostapd/patches/990-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch

@@ -13,7 +13,7 @@ Signed-off-by: David Bauer <[email protected]>
 
 --- a/wpa_supplicant/ctrl_iface.c
 +++ b/wpa_supplicant/ctrl_iface.c
-@@ -12763,7 +12763,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -13220,7 +13220,7 @@ char * wpa_supplicant_ctrl_iface_process
  		if (wpas_ctrl_iface_coloc_intf_report(wpa_s, buf + 18))
  			reply_len = -1;
  #endif /* CONFIG_WNM */
@@ -22,7 +22,7 @@ Signed-off-by: David Bauer <[email protected]>
  	} else if (os_strncmp(buf, "DISASSOC_IMMINENT ", 18) == 0) {
  		if (ap_ctrl_iface_disassoc_imminent(wpa_s, buf + 18))
  			reply_len = -1;
-@@ -12773,7 +12773,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -13230,7 +13230,7 @@ char * wpa_supplicant_ctrl_iface_process
  	} else if (os_strncmp(buf, "BSS_TM_REQ ", 11) == 0) {
  		if (ap_ctrl_iface_bss_tm_req(wpa_s, buf + 11))
  			reply_len = -1;

package/network/services/hostapd/patches/991-Fix-OpenWrt-13156.patch

@@ -20,7 +20,7 @@ Signed-off-by: Stijn Tintel <[email protected]>
 
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -3564,6 +3564,8 @@ int hostapd_remove_iface(struct hapd_int
+@@ -3681,6 +3681,8 @@ int hostapd_remove_iface(struct hapd_int
  void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
  			   int reassoc)
  {
@@ -29,14 +29,14 @@ Signed-off-by: Stijn Tintel <[email protected]>
  	if (hapd->tkip_countermeasures) {
  		hostapd_drv_sta_deauth(hapd, sta->addr,
  				       WLAN_REASON_MICHAEL_MIC_FAILURE);
-@@ -3571,10 +3573,16 @@ void hostapd_new_assoc_sta(struct hostap
+@@ -3688,10 +3690,16 @@ void hostapd_new_assoc_sta(struct hostap
  	}
  
  #ifdef CONFIG_IEEE80211BE
--	if (hapd->conf->mld_ap && sta->mld_info.mld_sta &&
+-	if (ap_sta_is_mld(hapd, sta) &&
 -	    sta->mld_assoc_link_id != hapd->mld_link_id)
 -		return;
-+	if (hapd->conf->mld_ap && sta->mld_info.mld_sta) {
++	if (ap_sta_is_mld(hapd, sta)) {
 +		if (sta->mld_assoc_link_id == hapd->mld_link_id) {
 +			mld_assoc_link_id = sta->mld_assoc_link_id;
 +		} else {
@@ -51,7 +51,7 @@ Signed-off-by: Stijn Tintel <[email protected]>
  	sta->post_csa_sa_query = 0;
 --- a/src/ap/sta_info.c
 +++ b/src/ap/sta_info.c
-@@ -1318,9 +1318,6 @@ void ap_sta_set_authorized(struct hostap
+@@ -1414,9 +1414,6 @@ bool ap_sta_set_authorized_flag(struct h
  				mld_assoc_link_id = -2;
  		}
  #endif /* CONFIG_IEEE80211BE */

package/network/services/hostapd/patches/992-nl80211-add-extra-ies-only-if-allowed-by-driver.patch

@@ -26,7 +26,7 @@ Signed-off-by: David Bauer <[email protected]>
 
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -2283,6 +2283,9 @@ struct wpa_driver_capa {
+@@ -2344,6 +2344,9 @@ struct wpa_driver_capa {
  	/** Maximum number of iterations in a single scan plan */
  	u32 max_sched_scan_plan_iterations;
  
@@ -38,7 +38,7 @@ Signed-off-by: David Bauer <[email protected]>
  
 --- a/src/drivers/driver_nl80211_capa.c
 +++ b/src/drivers/driver_nl80211_capa.c
-@@ -949,6 +949,10 @@ static int wiphy_info_handler(struct nl_
+@@ -972,6 +972,10 @@ static int wiphy_info_handler(struct nl_
  			nla_get_u32(tb[NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS]);
  	}
  
@@ -51,7 +51,7 @@ Signed-off-by: David Bauer <[email protected]>
  			nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]);
 --- a/src/drivers/driver_nl80211_scan.c
 +++ b/src/drivers/driver_nl80211_scan.c
-@@ -222,7 +222,7 @@ nl80211_scan_common(struct i802_bss *bss
+@@ -221,7 +221,7 @@ nl80211_scan_common(struct i802_bss *bss
  		wpa_printf(MSG_DEBUG, "nl80211: Passive scan requested");
  	}
  

package/network/services/hostapd/patches/993-2023-10-28-ACS-Fix-typo-in-bw_40-frequency-array.patch

@@ -1,25 +0,0 @@
-From 7a733993211ad46cf3032038c1e7e6bdc2322336 Mon Sep 17 00:00:00 2001
-From: Michael-CY Lee <[email protected]>
-Date: Tue, 5 Sep 2023 09:43:25 +0800
-Subject: [PATCH] ACS: Fix typo in bw_40 frequency array
-
-The range for the 5 GHz channel 118 was encoded with an incorrect
-channel number.
-
-Fixes: ed8e13decc71 (ACS: Extract bw40/80/160 freqs out of acs_usable_bwXXX_chan())
-Signed-off-by: Michael Lee <[email protected]>
----
- src/ap/acs.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/src/ap/acs.c
-+++ b/src/ap/acs.c
-@@ -256,7 +256,7 @@ struct bw_item {
- static const struct bw_item bw_40[] = {
- 	{ 5180, 5200, 38 }, { 5220, 5240, 46 }, { 5260, 5280, 54 },
- 	{ 5300, 5320, 62 }, { 5500, 5520, 102 }, { 5540, 5560, 110 },
--	{ 5580, 5600, 110 }, { 5620, 5640, 126}, { 5660, 5680, 134 },
-+	{ 5580, 5600, 118 }, { 5620, 5640, 126 }, { 5660, 5680, 134 },
- 	{ 5700, 5720, 142 }, { 5745, 5765, 151 }, { 5785, 5805, 159 },
- 	{ 5825, 5845, 167 }, { 5865, 5885, 175 },
- 	{ 5955, 5975, 3 }, { 5995, 6015, 11 }, { 6035, 6055, 19 },

package/network/services/hostapd/src/src/ap/ubus.c

@@ -774,7 +774,8 @@ hostapd_switch_chan(struct ubus_context *ctx, struct ubus_object *obj,
 				mode ? &mode->he_capab[IEEE80211_MODE_AP] :
 				NULL,
 				mode ? &mode->eht_capab[IEEE80211_MODE_AP] :
-				NULL);
+				NULL,
+				hostapd_get_punct_bitmap(hapd));
 
 	for (i = 0; i < hapd->iface->num_bss; i++) {
 		struct hostapd_data *bss = hapd->iface->bss[i];

package/network/services/hostapd/src/src/ap/ubus.h

@@ -8,6 +8,8 @@
 #ifndef __HOSTAPD_UBUS_H
 #define __HOSTAPD_UBUS_H
 
+#include "sta_info.h"
+
 enum hostapd_ubus_event_type {
 	HOSTAPD_UBUS_PROBE_REQ,
 	HOSTAPD_UBUS_AUTH_REQ,
@@ -27,6 +29,7 @@ struct hostapd_iface;
 struct hostapd_data;
 struct hapd_interfaces;
 struct rrm_measurement_beacon_report;
+struct sta_info;
 
 #ifdef UBUS_SUPPORT