hostapd: update to 2023-03-29

Add patches:
- 170-wpa_supplicant-fix-compiling-without-IEEE8021X_EAPOL.patch

Remove upstreamed:
- 170-DPP-fix-memleak-of-intro.peer_key.patch
- 461-driver_nl80211-use-new-parameters-during-ibss-join.patch
- 800-acs-don-t-select-indoor-channel-on-outdoor-operation.patch
- 992-openssl-include-rsa.patch

Automatically refreshed:
- 011-mesh-use-deterministic-channel-on-channel-switch.patch
- 021-fix-sta-add-after-previous-connection.patch
- 022-hostapd-fix-use-of-uninitialized-stack-variables.patch
- 030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch
- 040-mesh-allow-processing-authentication-frames-in-block.patch
- 050-build_fix.patch
- 110-mbedtls-TLS-crypto-option-initial-port.patch
- 120-mbedtls-fips186_2_prf.patch
- 140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch
- 150-add-NULL-checks-encountered-during-tests-hwsim.patch
- 160-dpp_pkex-EC-point-mul-w-value-prime.patch
- 200-multicall.patch
- 300-noscan.patch
- 310-rescan_immediately.patch
- 330-nl80211_fix_set_freq.patch
- 341-mesh-ctrl-iface-channel-switch.patch
- 360-ctrl_iface_reload.patch
- 381-hostapd_cli_UNKNOWN-COMMAND.patch
- 390-wpa_ie_cap_workaround.patch
- 410-limit_debug_messages.patch
- 420-indicate-features.patch
- 430-hostapd_cli_ifdef.patch
- 450-scan_wait.patch
- 460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
- 463-add-mcast_rate-to-11s.patch
- 465-hostapd-config-support-random-BSS-color.patch
- 500-lto-jobserver-support.patch
- 590-rrm-wnm-statistics.patch
- 710-vlan_no_bridge.patch
- 720-iface_max_num_sta.patch
- 730-ft_iface.patch
- 750-qos_map_set_without_interworking.patch
- 751-qos_map_ignore_when_unsupported.patch
- 760-dynamic_own_ip.patch
- 761-shared_das_port.patch
- 990-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch

Manually refresh:
- 010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch
- 301-mesh-noscan.patch
- 340-reload_freq_change.patch
- 350-nl80211_del_beacon_bss.patch
- 370-ap_sta_support.patch
- 380-disable_ctrl_iface_mib.patch
- 464-fix-mesh-obss-check.patch
- 470-survey_data_fallback.patch
- 600-ubus_support.patch
- 700-wifi-reload.patch
- 711-wds_bridge_force.patch
- 740-snoop_iface.patch

Tested-by: Packet Please <[email protected]> [Fritzbox 4040 (ipq40xx),
           EAP225-Outdoor (ath79); 802.11s, WPA3 OWE, and WPA3 PSK]
Tested-by: Andrew Sim <[email protected]> [mediatek/filogic]
Signed-off-by: Nick Hainke <[email protected]>

package/network/services/hostapd/Makefile

@@ -9,9 +9,9 @@ PKG_RELEASE:=$(AUTORELEASE).2
 
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2022-07-29
-PKG_SOURCE_VERSION:=b704dc72ef824dfdd96674b90179b274d1d38105
-PKG_MIRROR_HASH:=6c9dd359ef5a4595b6576e07928566d6864957c4af6466d641d6c3f7717f4689
+PKG_SOURCE_DATE:=2023-03-29
+PKG_SOURCE_VERSION:=bb945b98fefc64887dffb40773a19d77585cee42
+PKG_MIRROR_HASH:=1da8a39c7c81ce257994874402a86d00080a6145b5eb5c5fc44b2fae1853fe8d
 
 PKG_MAINTAINER:=Felix Fietkau <[email protected]>
 PKG_LICENSE:=BSD-3-Clause

package/network/services/hostapd/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch

@@ -14,7 +14,7 @@ Signed-off-by: Peter Oh <[email protected]>
 
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2436,7 +2436,7 @@ static int drv_supports_vht(struct wpa_s
+@@ -2621,7 +2621,7 @@ static int drv_supports_vht(struct wpa_s
  }
  
  
@@ -23,7 +23,7 @@ Signed-off-by: Peter Oh <[email protected]>
  {
  	int i;
  
-@@ -2445,7 +2445,10 @@ static bool ibss_mesh_is_80mhz_avail(int
+@@ -2630,7 +2630,10 @@ static bool ibss_mesh_is_80mhz_avail(int
  
  		chan = hw_get_channel_chan(mode, i, NULL);
  		if (!chan ||
@@ -35,16 +35,16 @@ Signed-off-by: Peter Oh <[email protected]>
  			return false;
  	}
  
-@@ -2474,6 +2477,8 @@ void ibss_mesh_setup_freq(struct wpa_sup
- 	int chwidth, seg0, seg1;
- 	u32 vht_caps = 0;
- 	bool is_24ghz, is_6ghz;
-+	bool dfs_enabled = wpa_s->conf->country[0] &&
-+			   (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR);
- 
- 	freq->freq = ssid->frequency;
- 
-@@ -2570,8 +2575,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -2757,7 +2760,7 @@ static void ibss_mesh_select_40mhz(struc
+ 				   const struct wpa_ssid *ssid,
+ 				   struct hostapd_hw_modes *mode,
+ 				   struct hostapd_freq_params *freq,
+-				   int obss_scan) {
++				   int obss_scan, bool dfs_enabled) {
+ 	int chan_idx;
+ 	struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
+ 	int i, res;
+@@ -2781,8 +2784,11 @@ static void ibss_mesh_select_40mhz(struc
  		return;
  
  	/* Check primary channel flags */
@@ -55,9 +55,9 @@ Signed-off-by: Peter Oh <[email protected]>
 +		if (!dfs_enabled)
 +			return;
  
- 	freq->channel = pri_chan->chan;
- 
-@@ -2604,8 +2612,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ #ifdef CONFIG_HT_OVERRIDES
+ 	if (ssid->disable_ht40)
+@@ -2808,8 +2814,11 @@ static void ibss_mesh_select_40mhz(struc
  		return;
  
  	/* Check secondary channel flags */
@@ -70,25 +70,34 @@ Signed-off-by: Peter Oh <[email protected]>
  
  	if (ht40 == -1) {
  		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
-@@ -2694,7 +2705,7 @@ skip_to_6ghz:
- 		return;
- 
- 	/* Back to HT configuration if channel not usable */
+@@ -2863,7 +2872,7 @@ static bool ibss_mesh_select_80_160mhz(s
+ 				       const struct wpa_ssid *ssid,
+ 				       struct hostapd_hw_modes *mode,
+ 				       struct hostapd_freq_params *freq,
+-				       int ieee80211_mode, bool is_6ghz) {
++				       int ieee80211_mode, bool is_6ghz, bool dfs_enabled) {
+ 	static const int bw80[] = {
+ 		5180, 5260, 5500, 5580, 5660, 5745, 5825,
+ 		5955, 6035, 6115, 6195, 6275, 6355, 6435,
+@@ -2908,7 +2917,7 @@ static bool ibss_mesh_select_80_160mhz(s
+ 		goto skip_80mhz;
+ 
+ 	/* Use 40 MHz if channel not usable */
 -	if (!ibss_mesh_is_80mhz_avail(channel, mode))
 +	if (!ibss_mesh_is_80mhz_avail(channel, mode, dfs_enabled))
- 		return;
+ 		goto skip_80mhz;
  
  	chwidth = CONF_OPER_CHWIDTH_80MHZ;
-@@ -2708,7 +2719,7 @@ skip_to_6ghz:
- 		 * above; check the remaining four 20 MHz channels for the total
- 		 * of 160 MHz bandwidth.
- 		 */
--		if (!ibss_mesh_is_80mhz_avail(channel + 16, mode))
-+		if (!ibss_mesh_is_80mhz_avail(channel + 16, mode, dfs_enabled))
- 			return;
- 
+@@ -2922,7 +2931,7 @@ static bool ibss_mesh_select_80_160mhz(s
+ 	if ((mode->he_capab[ieee80211_mode].phy_cap[
+ 		     HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
+ 	     HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G) && is_6ghz &&
+-	    ibss_mesh_is_80mhz_avail(channel + 16, mode)) {
++	    ibss_mesh_is_80mhz_avail(channel + 16, mode, dfs_enabled)) {
  		for (j = 0; j < ARRAY_SIZE(bw160); j++) {
-@@ -2738,10 +2749,12 @@ skip_to_6ghz:
+ 			if (freq->freq == bw160[j]) {
+ 				chwidth = CONF_OPER_CHWIDTH_160MHZ;
+@@ -2950,10 +2959,12 @@ static bool ibss_mesh_select_80_160mhz(s
  				if (!chan)
  					continue;
  
@@ -104,3 +113,23 @@ Signed-off-by: Peter Oh <[email protected]>
  
  				/* Found a suitable second segment for 80+80 */
  				chwidth = CONF_OPER_CHWIDTH_80P80MHZ;
+@@ -3008,6 +3019,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ 	int i, obss_scan = 1;
+ 	u8 channel;
+ 	bool is_6ghz;
++	bool dfs_enabled = wpa_s->conf->country[0] && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR);
+ 
+ 	freq->freq = ssid->frequency;
+ 
+@@ -3053,9 +3065,9 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ 	freq->channel = channel;
+ 	/* Setup higher BW only for 5 GHz */
+ 	if (mode->mode == HOSTAPD_MODE_IEEE80211A) {
+-		ibss_mesh_select_40mhz(wpa_s, ssid, mode, freq, obss_scan);
++		ibss_mesh_select_40mhz(wpa_s, ssid, mode, freq, obss_scan, dfs_enabled);
+ 		if (!ibss_mesh_select_80_160mhz(wpa_s, ssid, mode, freq,
+-						ieee80211_mode, is_6ghz))
++						ieee80211_mode, is_6ghz, dfs_enabled))
+ 			freq->he_enabled = freq->vht_enabled = false;
+ 	}
+ 

package/network/services/hostapd/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch

@@ -29,7 +29,7 @@ Signed-off-by: Markus Theil <[email protected]>
  
  
  enum dfs_channel_type {
-@@ -515,9 +516,14 @@ dfs_get_valid_channel(struct hostapd_ifa
+@@ -521,9 +522,14 @@ dfs_get_valid_channel(struct hostapd_ifa
  	int num_available_chandefs;
  	int chan_idx, chan_idx2;
  	int sec_chan_idx_80p80 = -1;
@@ -44,7 +44,7 @@ Signed-off-by: Markus Theil <[email protected]>
  	wpa_printf(MSG_DEBUG, "DFS: Selecting random channel");
  	*secondary_channel = 0;
  	*oper_centr_freq_seg0_idx = 0;
-@@ -537,8 +543,20 @@ dfs_get_valid_channel(struct hostapd_ifa
+@@ -543,8 +549,20 @@ dfs_get_valid_channel(struct hostapd_ifa
  	if (num_available_chandefs == 0)
  		return NULL;
  
@@ -68,7 +68,7 @@ Signed-off-by: Markus Theil <[email protected]>
  	if (!chan) {
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -9948,6 +9948,10 @@ static int nl80211_switch_channel(void *
+@@ -10739,6 +10739,10 @@ static int nl80211_switch_channel(void *
  	if (ret)
  		goto error;
  

package/network/services/hostapd/patches/021-fix-sta-add-after-previous-connection.patch

@@ -1,6 +1,6 @@
 --- a/src/ap/ieee802_11.c
 +++ b/src/ap/ieee802_11.c
-@@ -4963,6 +4963,13 @@ static int add_associated_sta(struct hos
+@@ -4168,6 +4168,13 @@ static int add_associated_sta(struct hos
  	 * drivers to accept the STA parameter configuration. Since this is
  	 * after a new FT-over-DS exchange, a new TK has been derived, so key
  	 * reinstallation is not a concern for this case.
@@ -14,7 +14,7 @@
  	 */
  	wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
  		   " (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
-@@ -4976,7 +4983,8 @@ static int add_associated_sta(struct hos
+@@ -4181,7 +4188,8 @@ static int add_associated_sta(struct hos
  	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
  	     (reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
  	     (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&

package/network/services/hostapd/patches/022-hostapd-fix-use-of-uninitialized-stack-variables.patch

@@ -14,7 +14,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
 
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -3453,7 +3453,7 @@ static int hostapd_change_config_freq(st
+@@ -3562,7 +3562,7 @@ static int hostapd_change_config_freq(st
  				      struct hostapd_freq_params *old_params)
  {
  	int channel;

package/network/services/hostapd/patches/030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch

@@ -20,7 +20,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
  #include <linux/rtnetlink.h>
  #include <netpacket/packet.h>
  #include <linux/errqueue.h>
-@@ -5344,26 +5341,29 @@ fail:
+@@ -5590,26 +5587,29 @@ fail:
  
  static void rtnl_neigh_delete_fdb_entry(struct i802_bss *bss, const u8 *addr)
  {
@@ -64,7 +64,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
  	if (err < 0) {
  		wpa_printf(MSG_DEBUG, "nl80211: bridge FDB entry delete for "
  			   MACSTR " ifindex=%d failed: %s", MAC2STR(addr),
-@@ -5373,9 +5373,8 @@ static void rtnl_neigh_delete_fdb_entry(
+@@ -5619,9 +5619,8 @@ static void rtnl_neigh_delete_fdb_entry(
  			   MACSTR, MAC2STR(addr));
  	}
  
@@ -76,7 +76,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
  }
  
  
-@@ -7763,7 +7762,6 @@ static void *i802_init(struct hostapd_da
+@@ -8275,7 +8274,6 @@ static void *i802_init(struct hostapd_da
  	    (params->num_bridge == 0 || !params->bridge[0]))
  		add_ifidx(drv, br_ifindex, drv->ifindex);
  
@@ -84,7 +84,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
  	if (bss->added_if_into_bridge || bss->already_in_bridge) {
  		int err;
  
-@@ -7780,7 +7778,6 @@ static void *i802_init(struct hostapd_da
+@@ -8292,7 +8290,6 @@ static void *i802_init(struct hostapd_da
  			goto failed;
  		}
  	}
@@ -92,7 +92,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
  
  	if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) {
  		wpa_printf(MSG_DEBUG,
-@@ -10813,13 +10810,14 @@ static int wpa_driver_br_add_ip_neigh(vo
+@@ -11605,13 +11602,14 @@ static int wpa_driver_br_add_ip_neigh(vo
  				      const u8 *ipaddr, int prefixlen,
  				      const u8 *addr)
  {
@@ -112,7 +112,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
  	int res;
  
  	if (!ipaddr || prefixlen == 0 || !addr)
-@@ -10838,85 +10836,66 @@ static int wpa_driver_br_add_ip_neigh(vo
+@@ -11630,85 +11628,66 @@ static int wpa_driver_br_add_ip_neigh(vo
  	}
  
  	if (version == 4) {
@@ -220,7 +220,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
  		addrsize = 16;
  	} else {
  		return -EINVAL;
-@@ -10934,41 +10913,30 @@ static int wpa_driver_br_delete_ip_neigh
+@@ -11726,41 +11705,30 @@ static int wpa_driver_br_delete_ip_neigh
  		return -1;
  	}
  

package/network/services/hostapd/patches/040-mesh-allow-processing-authentication-frames-in-block.patch

@@ -16,7 +16,7 @@ Signed-off-by: Felix Fietkau <[email protected]>
 
 --- a/src/ap/ieee802_11.c
 +++ b/src/ap/ieee802_11.c
-@@ -3781,15 +3781,6 @@ static void handle_auth(struct hostapd_d
+@@ -2948,15 +2948,6 @@ static void handle_auth(struct hostapd_d
  				       seq_ctrl);
  			return;
  		}

package/network/services/hostapd/patches/050-build_fix.patch

@@ -10,7 +10,7 @@
  CFLAGS += -DCONFIG_FILS_SK_PFS
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -320,6 +320,7 @@ endif
+@@ -331,6 +331,7 @@ endif
  ifdef CONFIG_FILS
  CFLAGS += -DCONFIG_FILS
  NEED_SHA384=y

package/network/services/hostapd/patches/110-mbedtls-TLS-crypto-option-initial-port.patch

@@ -273,7 +273,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  
  ifdef CONFIG_RADIUS_SERVER
  CFLAGS += -DRADIUS_SERVER
-@@ -1327,7 +1412,9 @@ NOBJS += ../src/utils/trace.o
+@@ -1329,7 +1414,9 @@ NOBJS += ../src/utils/trace.o
  endif
  
  HOBJS += hlr_auc_gw.o ../src/utils/common.o ../src/utils/wpa_debug.o ../src/utils/os_$(CONFIG_OS).o ../src/utils/wpabuf.o ../src/crypto/milenage.o
@@ -283,7 +283,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifdef CONFIG_INTERNAL_AES
  HOBJS += ../src/crypto/aes-internal.o
  HOBJS += ../src/crypto/aes-internal-enc.o
-@@ -1350,13 +1437,17 @@ SOBJS += ../src/common/sae.o
+@@ -1352,13 +1439,17 @@ SOBJS += ../src/common/sae.o
  SOBJS += ../src/common/sae_pk.o
  SOBJS += ../src/common/dragonfly.o
  SOBJS += $(AESOBJS)
@@ -7765,7 +7765,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  CONFIG_SIM_SIMULATOR=y
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -1149,6 +1149,29 @@ endif
+@@ -1163,6 +1163,29 @@ endif
  CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\"
  endif
  
@@ -7795,7 +7795,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifeq ($(CONFIG_TLS), gnutls)
  ifndef CONFIG_CRYPTO
  # default to libgcrypt
-@@ -1341,9 +1364,11 @@ endif
+@@ -1355,9 +1378,11 @@ endif
  
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -7807,7 +7807,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifdef CONFIG_OPENSSL_INTERNAL_AES_WRAP
  # Seems to be needed at least with BoringSSL
  NEED_INTERNAL_AES_WRAP=y
-@@ -1357,9 +1382,11 @@ endif
+@@ -1371,9 +1396,11 @@ endif
  
  ifdef NEED_INTERNAL_AES_WRAP
  ifneq ($(CONFIG_TLS), linux)
@@ -7819,7 +7819,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifdef NEED_AES_EAX
  AESOBJS += ../src/crypto/aes-eax.o
  NEED_AES_CTR=y
-@@ -1369,35 +1396,45 @@ AESOBJS += ../src/crypto/aes-siv.o
+@@ -1383,35 +1410,45 @@ AESOBJS += ../src/crypto/aes-siv.o
  NEED_AES_CTR=y
  endif
  ifdef NEED_AES_CTR
@@ -7865,7 +7865,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifdef NEED_AES_ENC
  ifdef CONFIG_INTERNAL_AES
  AESOBJS += ../src/crypto/aes-internal-enc.o
-@@ -1412,12 +1449,16 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1426,12 +1463,16 @@ ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), gnutls)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -7882,7 +7882,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifdef CONFIG_INTERNAL_SHA1
  SHA1OBJS += ../src/crypto/sha1-internal.o
  ifdef NEED_FIPS186_2_PRF
-@@ -1429,29 +1470,37 @@ CFLAGS += -DCONFIG_NO_PBKDF2
+@@ -1443,29 +1484,37 @@ CFLAGS += -DCONFIG_NO_PBKDF2
  else
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -7920,7 +7920,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifdef NEED_MD5
  ifdef CONFIG_INTERNAL_MD5
  MD5OBJS += ../src/crypto/md5-internal.o
-@@ -1506,12 +1555,17 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1520,12 +1569,17 @@ ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), linux)
  ifneq ($(CONFIG_TLS), gnutls)
  ifneq ($(CONFIG_TLS), wolfssl)
@@ -7938,7 +7938,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifdef CONFIG_INTERNAL_SHA256
  SHA256OBJS += ../src/crypto/sha256-internal.o
  endif
-@@ -1524,50 +1578,68 @@ CFLAGS += -DCONFIG_INTERNAL_SHA512
+@@ -1538,50 +1592,68 @@ CFLAGS += -DCONFIG_INTERNAL_SHA512
  SHA256OBJS += ../src/crypto/sha512-internal.o
  endif
  ifdef NEED_TLS_PRF_SHA256
@@ -8007,7 +8007,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  
  ifdef NEED_ASN1
  OBJS += ../src/tls/asn1.o
-@@ -1742,10 +1814,12 @@ ifdef CONFIG_FIPS
+@@ -1756,10 +1828,12 @@ ifdef CONFIG_FIPS
  CFLAGS += -DCONFIG_FIPS
  ifneq ($(CONFIG_TLS), openssl)
  ifneq ($(CONFIG_TLS), wolfssl)

package/network/services/hostapd/patches/120-mbedtls-fips186_2_prf.patch

@@ -101,7 +101,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -1160,10 +1160,6 @@ endif
+@@ -1174,10 +1174,6 @@ endif
  OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
  OBJS_p += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
  OBJS_priv += ../src/crypto/crypto_$(CONFIG_CRYPTO).o

package/network/services/hostapd/patches/140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch

@@ -727,7 +727,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  
  def check_ec_support(dev):
      tls = dev.request("GET tls_library")
-@@ -1625,7 +1668,7 @@ def test_ap_wpa2_eap_ttls_pap_subject_ma
+@@ -1595,7 +1638,7 @@ def test_ap_wpa2_eap_ttls_pap_subject_ma
      eap_connect(dev[0], hapd, "TTLS", "pap user",
                  anonymous_identity="ttls", password="password",
                  ca_cert="auth_serv/ca.pem", phase2="auth=PAP",
@@ -736,7 +736,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
                  altsubject_match="EMAIL:[email protected];DNS:server.w1.fi;URI:http://example.com/")
      eap_reauth(dev[0], "TTLS")
  
-@@ -2860,6 +2903,7 @@ def test_ap_wpa2_eap_tls_neg_domain_matc
+@@ -2830,6 +2873,7 @@ def test_ap_wpa2_eap_tls_neg_domain_matc
  
  def test_ap_wpa2_eap_tls_neg_subject_match(dev, apdev):
      """WPA2-Enterprise negative test - subject mismatch"""
@@ -744,7 +744,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
      hostapd.add_ap(apdev[0], params)
      dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
-@@ -2920,6 +2964,7 @@ def test_ap_wpa2_eap_tls_neg_subject_mat
+@@ -2890,6 +2934,7 @@ def test_ap_wpa2_eap_tls_neg_subject_mat
  
  def test_ap_wpa2_eap_tls_neg_altsubject_match(dev, apdev):
      """WPA2-Enterprise negative test - altsubject mismatch"""
@@ -752,7 +752,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
      hostapd.add_ap(apdev[0], params)
  
-@@ -3460,7 +3505,7 @@ def test_ap_wpa2_eap_ikev2_oom(dev, apde
+@@ -3430,7 +3475,7 @@ def test_ap_wpa2_eap_ikev2_oom(dev, apde
              dev[0].request("REMOVE_NETWORK all")
  
      tls = dev[0].request("GET tls_library")
@@ -761,7 +761,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
          tests = [(1, "os_get_random;dh_init")]
      else:
          tests = [(1, "crypto_dh_init;dh_init")]
-@@ -4774,7 +4819,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
+@@ -4744,7 +4789,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
      params["private_key"] = "auth_serv/iCA-server/server.key"
      hostapd.add_ap(apdev[0], params)
      tls = dev[0].request("GET tls_library")
@@ -770,7 +770,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
          ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
          client_cert = "auth_serv/iCA-user/user_and_ica.pem"
      else:
-@@ -4840,6 +4885,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
+@@ -4810,6 +4855,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
      run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, "-sha1")
  
  def run_ap_wpa2_eap_tls_intermediate_ca_ocsp(dev, apdev, params, md):
@@ -778,7 +778,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      params = int_eap_server_params()
      params["ca_cert"] = "auth_serv/iCA-server/ca-and-root.pem"
      params["server_cert"] = "auth_serv/iCA-server/server.pem"
-@@ -4849,7 +4895,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_
+@@ -4819,7 +4865,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_
      try:
          hostapd.add_ap(apdev[0], params)
          tls = dev[0].request("GET tls_library")
@@ -787,7 +787,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
              ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
              client_cert = "auth_serv/iCA-user/user_and_ica.pem"
          else:
-@@ -4885,7 +4931,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_
+@@ -4855,7 +4901,7 @@ def run_ap_wpa2_eap_tls_intermediate_ca_
      try:
          hostapd.add_ap(apdev[0], params)
          tls = dev[0].request("GET tls_library")
@@ -796,7 +796,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
              ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
              client_cert = "auth_serv/iCA-user/user_and_ica.pem"
          else:
-@@ -4935,7 +4981,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
+@@ -4905,7 +4951,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
      try:
          hostapd.add_ap(apdev[0], params)
          tls = dev[0].request("GET tls_library")
@@ -805,7 +805,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
              ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
              client_cert = "auth_serv/iCA-user/user_and_ica.pem"
          else:
-@@ -5002,7 +5048,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
+@@ -4972,7 +5018,7 @@ def test_ap_wpa2_eap_tls_intermediate_ca
  
          hostapd.add_ap(apdev[0], params)
          tls = dev[0].request("GET tls_library")
@@ -814,7 +814,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
              ca_cert = "auth_serv/iCA-user/ca-and-root.pem"
              client_cert = "auth_serv/iCA-user/user_and_ica.pem"
          else:
-@@ -5260,6 +5306,7 @@ def test_ap_wpa2_eap_ttls_server_cert_ek
+@@ -5230,6 +5276,7 @@ def test_ap_wpa2_eap_ttls_server_cert_ek
  
  def test_ap_wpa2_eap_ttls_server_pkcs12(dev, apdev):
      """WPA2-Enterprise using EAP-TTLS and server PKCS#12 file"""
@@ -822,7 +822,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      skip_with_fips(dev[0])
      params = int_eap_server_params()
      del params["server_cert"]
-@@ -5272,6 +5319,7 @@ def test_ap_wpa2_eap_ttls_server_pkcs12(
+@@ -5242,6 +5289,7 @@ def test_ap_wpa2_eap_ttls_server_pkcs12(
  
  def test_ap_wpa2_eap_ttls_server_pkcs12_extra(dev, apdev):
      """EAP-TTLS and server PKCS#12 file with extra certs"""
@@ -830,7 +830,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      skip_with_fips(dev[0])
      params = int_eap_server_params()
      del params["server_cert"]
-@@ -5294,6 +5342,7 @@ def test_ap_wpa2_eap_ttls_dh_params_serv
+@@ -5264,6 +5312,7 @@ def test_ap_wpa2_eap_ttls_dh_params_serv
  
  def test_ap_wpa2_eap_ttls_dh_params_dsa_server(dev, apdev):
      """WPA2-Enterprise using EAP-TTLS and alternative server dhparams (DSA)"""
@@ -838,7 +838,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      params = int_eap_server_params()
      params["dh_file"] = "auth_serv/dsaparam.pem"
      hapd = hostapd.add_ap(apdev[0], params)
-@@ -5605,8 +5654,8 @@ def test_ap_wpa2_eap_non_ascii_identity2
+@@ -5575,8 +5624,8 @@ def test_ap_wpa2_eap_non_ascii_identity2
  def test_openssl_cipher_suite_config_wpas(dev, apdev):
      """OpenSSL cipher suite configuration on wpa_supplicant"""
      tls = dev[0].request("GET tls_library")
@@ -849,7 +849,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      params = hostapd.wpa2_eap_params(ssid="test-wpa2-eap")
      hapd = hostapd.add_ap(apdev[0], params)
      eap_connect(dev[0], hapd, "TTLS", "pap user",
-@@ -5632,14 +5681,14 @@ def test_openssl_cipher_suite_config_wpa
+@@ -5602,14 +5651,14 @@ def test_openssl_cipher_suite_config_wpa
  def test_openssl_cipher_suite_config_hapd(dev, apdev):
      """OpenSSL cipher suite configuration on hostapd"""
      tls = dev[0].request("GET tls_library")
@@ -868,7 +868,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      eap_connect(dev[0], hapd, "TTLS", "pap user",
                  anonymous_identity="ttls", password="password",
                  ca_cert="auth_serv/ca.pem", phase2="auth=PAP")
-@@ -6081,13 +6130,17 @@ def test_ap_wpa2_eap_tls_versions(dev, a
+@@ -6051,13 +6100,17 @@ def test_ap_wpa2_eap_tls_versions(dev, a
              check_tls_ver(dev[0], hapd,
                            "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1",
                            "TLSv1.2")
@@ -891,7 +891,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      if "run=OpenSSL 1.1.1" in tls or "run=OpenSSL 3.0" in tls:
          check_tls_ver(dev[0], hapd,
                        "tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=0", "TLSv1.3")
-@@ -6109,6 +6162,11 @@ def test_ap_wpa2_eap_tls_versions_server
+@@ -6079,6 +6132,11 @@ def test_ap_wpa2_eap_tls_versions_server
      tests = [("TLSv1", "[ENABLE-TLSv1.0][DISABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"),
               ("TLSv1.1", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][DISABLE-TLSv1.2][DISABLE-TLSv1.3]"),
               ("TLSv1.2", "[ENABLE-TLSv1.0][ENABLE-TLSv1.1][ENABLE-TLSv1.2][DISABLE-TLSv1.3]")]
@@ -903,7 +903,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      for exp, flags in tests:
          hapd.disable()
          hapd.set("tls_flags", flags)
-@@ -7145,6 +7203,7 @@ def test_ap_wpa2_eap_assoc_rsn(dev, apde
+@@ -7115,6 +7173,7 @@ def test_ap_wpa2_eap_assoc_rsn(dev, apde
  def test_eap_tls_ext_cert_check(dev, apdev):
      """EAP-TLS and external server certification validation"""
      # With internal server certificate chain validation
@@ -911,7 +911,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TLS",
                          identity="tls user",
                          ca_cert="auth_serv/ca.pem",
-@@ -7157,6 +7216,7 @@ def test_eap_tls_ext_cert_check(dev, apd
+@@ -7127,6 +7186,7 @@ def test_eap_tls_ext_cert_check(dev, apd
  def test_eap_ttls_ext_cert_check(dev, apdev):
      """EAP-TTLS and external server certification validation"""
      # Without internal server certificate chain validation
@@ -919,7 +919,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="TTLS",
                          identity="pap user", anonymous_identity="ttls",
                          password="password", phase2="auth=PAP",
-@@ -7167,6 +7227,7 @@ def test_eap_ttls_ext_cert_check(dev, ap
+@@ -7137,6 +7197,7 @@ def test_eap_ttls_ext_cert_check(dev, ap
  def test_eap_peap_ext_cert_check(dev, apdev):
      """EAP-PEAP and external server certification validation"""
      # With internal server certificate chain validation
@@ -927,7 +927,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      id = dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", eap="PEAP",
                          identity="user", anonymous_identity="peap",
                          ca_cert="auth_serv/ca.pem",
-@@ -7177,6 +7238,7 @@ def test_eap_peap_ext_cert_check(dev, ap
+@@ -7147,6 +7208,7 @@ def test_eap_peap_ext_cert_check(dev, ap
  
  def test_eap_fast_ext_cert_check(dev, apdev):
      """EAP-FAST and external server certification validation"""
@@ -935,7 +935,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      check_eap_capa(dev[0], "FAST")
      # With internal server certificate chain validation
      dev[0].request("SET blob fast_pac_auth_ext ")
-@@ -7191,10 +7253,6 @@ def test_eap_fast_ext_cert_check(dev, ap
+@@ -7161,10 +7223,6 @@ def test_eap_fast_ext_cert_check(dev, ap
      run_ext_cert_check(dev, apdev, id)
  
  def run_ext_cert_check(dev, apdev, net_id):
@@ -948,7 +948,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  
 --- a/tests/hwsim/test_ap_ft.py
 +++ b/tests/hwsim/test_ap_ft.py
-@@ -2347,11 +2347,11 @@ def test_ap_ft_ap_oom5(dev, apdev):
+@@ -2471,11 +2471,11 @@ def test_ap_ft_ap_oom5(dev, apdev):
          # This will fail to roam
          dev[0].roam(bssid1, check_bssid=False)
  
@@ -992,7 +992,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
              raise HwsimSkip("Crypto library does not support Brainpool curves: " + tls)
      capa = dev.request("GET_CAPABILITY dpp")
      ver = 1
-@@ -3621,6 +3622,9 @@ def test_dpp_proto_auth_req_no_i_proto_k
+@@ -3892,6 +3893,9 @@ def test_dpp_proto_auth_req_no_i_proto_k
  
  def test_dpp_proto_auth_req_invalid_i_proto_key(dev, apdev):
      """DPP protocol testing - invalid I-proto key in Auth Req"""
@@ -1002,7 +1002,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      run_dpp_proto_auth_req_missing(dev, 66, "Invalid Initiator Protocol Key")
  
  def test_dpp_proto_auth_req_no_i_nonce(dev, apdev):
-@@ -3716,7 +3720,12 @@ def test_dpp_proto_auth_resp_no_r_proto_
+@@ -3987,7 +3991,12 @@ def test_dpp_proto_auth_resp_no_r_proto_
  
  def test_dpp_proto_auth_resp_invalid_r_proto_key(dev, apdev):
      """DPP protocol testing - invalid R-Proto Key in Auth Resp"""
@@ -1016,7 +1016,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  
  def test_dpp_proto_auth_resp_no_r_nonce(dev, apdev):
      """DPP protocol testing - no R-nonce in Auth Resp"""
-@@ -4078,11 +4087,17 @@ def test_dpp_proto_pkex_exchange_resp_in
+@@ -4349,11 +4358,17 @@ def test_dpp_proto_pkex_exchange_resp_in
  
  def test_dpp_proto_pkex_cr_req_invalid_bootstrap_key(dev, apdev):
      """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Request"""
@@ -1106,7 +1106,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
                  raise HwsimSkip("EC group not supported")
 --- a/tests/hwsim/test_pmksa_cache.py
 +++ b/tests/hwsim/test_pmksa_cache.py
-@@ -954,7 +954,7 @@ def test_pmksa_cache_preauth_wpas_oom(de
+@@ -955,7 +955,7 @@ def test_pmksa_cache_preauth_wpas_oom(de
      eap_connect(dev[0], hapd, "PAX", "[email protected]",
                  password_hex="0123456789abcdef0123456789abcdef",
                  bssid=apdev[0]['bssid'])
@@ -1115,7 +1115,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
          with alloc_fail(dev[0], i, "rsn_preauth_init"):
              res = dev[0].request("PREAUTH f2:11:22:33:44:55").strip()
              logger.info("Iteration %d - PREAUTH command results: %s" % (i, res))
-@@ -962,7 +962,7 @@ def test_pmksa_cache_preauth_wpas_oom(de
+@@ -963,7 +963,7 @@ def test_pmksa_cache_preauth_wpas_oom(de
                  state = dev[0].request('GET_ALLOC_FAIL')
                  if state.startswith('0:'):
                      break
@@ -1138,7 +1138,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      heavy_groups = [14, 15, 16]
      suitable_groups = [15, 16, 17, 18, 19, 20, 21]
      groups = [str(g) for g in sae_groups]
-@@ -2122,6 +2127,8 @@ def run_sae_pwe_group(dev, apdev, group)
+@@ -2188,6 +2193,8 @@ def run_sae_pwe_group(dev, apdev, group)
              logger.info("Add Brainpool EC groups since OpenSSL is new enough")
          elif tls.startswith("wolfSSL"):
              logger.info("Make sure Brainpool EC groups were enabled when compiling wolfSSL")
@@ -1149,7 +1149,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      start_sae_pwe_ap(apdev[0], group, 2)
 --- a/tests/hwsim/test_suite_b.py
 +++ b/tests/hwsim/test_suite_b.py
-@@ -26,6 +26,8 @@ def check_suite_b_tls_lib(dev, dhe=False
+@@ -27,6 +27,8 @@ def check_suite_b_tls_lib(dev, dhe=False
          return
      if tls.startswith("wolfSSL"):
          return
@@ -1158,7 +1158,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
      if not tls.startswith("OpenSSL"):
          raise HwsimSkip("TLS library not supported for Suite B: " + tls)
      supported = False
-@@ -499,6 +501,7 @@ def test_suite_b_192_rsa_insufficient_dh
+@@ -520,6 +522,7 @@ def test_suite_b_192_rsa_insufficient_dh
  
      dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
                     ieee80211w="2",
@@ -1168,7 +1168,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
                     ca_cert="auth_serv/rsa3072-ca.pem",
 --- a/tests/hwsim/test_wpas_ctrl.py
 +++ b/tests/hwsim/test_wpas_ctrl.py
-@@ -1834,7 +1834,7 @@ def _test_wpas_ctrl_oom(dev):
+@@ -1842,7 +1842,7 @@ def _test_wpas_ctrl_oom(dev):
      tls = dev[0].request("GET tls_library")
      if not tls.startswith("internal"):
          tests.append(('NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG', 'FAIL',
@@ -1179,7 +1179,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
              res = dev[0].request(cmd)
 --- a/tests/hwsim/utils.py
 +++ b/tests/hwsim/utils.py
-@@ -135,7 +135,13 @@ def check_fils_sk_pfs_capa(dev):
+@@ -141,7 +141,13 @@ def check_imsi_privacy_support(dev):
  
  def check_tls_tod(dev):
      tls = dev.request("GET tls_library")
@@ -1308,7 +1308,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  		if (need_more_data) {
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -1108,6 +1108,7 @@ CFLAGS += -DCONFIG_TLSV12
+@@ -1122,6 +1122,7 @@ CFLAGS += -DCONFIG_TLSV12
  endif
  
  ifeq ($(CONFIG_TLS), wolfssl)
@@ -1316,7 +1316,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifdef TLS_FUNCS
  CFLAGS += -DWOLFSSL_DER_LOAD
  OBJS += ../src/crypto/tls_wolfssl.o
-@@ -1123,6 +1124,7 @@ LIBS_p += -lwolfssl -lm
+@@ -1137,6 +1138,7 @@ LIBS_p += -lwolfssl -lm
  endif
  
  ifeq ($(CONFIG_TLS), openssl)
@@ -1324,7 +1324,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  CFLAGS += -DCRYPTO_RSA_OAEP_SHA256
  ifdef TLS_FUNCS
  CFLAGS += -DEAP_TLS_OPENSSL
-@@ -1150,6 +1152,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF
+@@ -1164,6 +1166,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF
  endif
  
  ifeq ($(CONFIG_TLS), mbedtls)
@@ -1332,7 +1332,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifndef CONFIG_CRYPTO
  CONFIG_CRYPTO=mbedtls
  endif
-@@ -1169,6 +1172,7 @@ endif
+@@ -1183,6 +1186,7 @@ endif
  endif
  
  ifeq ($(CONFIG_TLS), gnutls)
@@ -1340,7 +1340,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifndef CONFIG_CRYPTO
  # default to libgcrypt
  CONFIG_CRYPTO=gnutls
-@@ -1199,6 +1203,7 @@ endif
+@@ -1213,6 +1217,7 @@ endif
  endif
  
  ifeq ($(CONFIG_TLS), internal)
@@ -1348,7 +1348,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
  ifndef CONFIG_CRYPTO
  CONFIG_CRYPTO=internal
  endif
-@@ -1279,6 +1284,7 @@ endif
+@@ -1293,6 +1298,7 @@ endif
  endif
  
  ifeq ($(CONFIG_TLS), linux)

package/network/services/hostapd/patches/150-add-NULL-checks-encountered-during-tests-hwsim.patch

@@ -14,7 +14,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
 
 --- a/src/common/dpp_crypto.c
 +++ b/src/common/dpp_crypto.c
-@@ -248,6 +248,12 @@ struct crypto_ec_key * dpp_set_pubkey_po
+@@ -269,6 +269,12 @@ int dpp_get_pubkey_hash(struct crypto_ec
  
  struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve)
  {

package/network/services/hostapd/patches/160-dpp_pkex-EC-point-mul-w-value-prime.patch

@@ -13,7 +13,7 @@ Signed-off-by: Glenn Strauss <[email protected]>
 
 --- a/src/common/dpp_crypto.c
 +++ b/src/common/dpp_crypto.c
-@@ -1567,7 +1567,9 @@ dpp_pkex_derive_Qr(const struct dpp_curv
+@@ -1588,7 +1588,9 @@ dpp_pkex_derive_Qr(const struct dpp_curv
  	Pr = crypto_ec_key_get_public_key(Pr_key);
  	Qr = crypto_ec_point_init(ec);
  	hash_bn = crypto_bignum_init_set(hash, curve->hash_len);

package/network/services/hostapd/patches/170-DPP-fix-memleak-of-intro.peer_key.patch

@@ -1,32 +0,0 @@
-From 639bb1bb912029ec4ff110c3ed807b62f583d6bf Mon Sep 17 00:00:00 2001
-From: Glenn Strauss <[email protected]>
-Date: Sun, 9 Oct 2022 04:02:44 -0400
-Subject: [PATCH 7/7] DPP: fix memleak of intro.peer_key
-
-fix memleak of intro.peer_key in wpas_dpp_rx_peer_disc_resp()
-
-Signed-off-by: Glenn Strauss <[email protected]>
----
- wpa_supplicant/dpp_supplicant.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
---- a/wpa_supplicant/dpp_supplicant.c
-+++ b/wpa_supplicant/dpp_supplicant.c
-@@ -2610,6 +2610,8 @@ static void wpas_dpp_rx_peer_disc_resp(s
- 		return;
- 	}
- 
-+	os_memset(&intro, 0, sizeof(intro));
-+
- 	trans_id = dpp_get_attr(buf, len, DPP_ATTR_TRANSACTION_ID,
- 			       &trans_id_len);
- 	if (!trans_id || trans_id_len != 1) {
-@@ -2720,7 +2722,7 @@ static void wpas_dpp_rx_peer_disc_resp(s
- 		wpa_supplicant_req_scan(wpa_s, 0, 0);
- 	}
- fail:
--	os_memset(&intro, 0, sizeof(intro));
-+	dpp_peer_intro_deinit(&intro);
- }
- 
- 

package/network/services/hostapd/patches/170-wpa_supplicant-fix-compiling-without-IEEE8021X_EAPOL.patch

@@ -0,0 +1,41 @@
+From c85ce84d942e1eabde33e120b18e5b1f1637b76e Mon Sep 17 00:00:00 2001
+From: Nick Hainke <[email protected]>
+Date: Tue, 14 Mar 2023 21:40:53 +0100
+Subject: [PATCH] wpa_supplicant: fix compiling without IEEE8021X_EAPOL
+
+If IEEE8021X_EAPOL is not defined wpa_supplicant will not compile with
+following error:
+
+  events.c: In function 'wpa_supplicant_connect':
+  events.c:1827:14: warning: implicit declaration of function 'eap_is_wps_pbc_enrollee' [-Wimplicit-function-declaration]
+   1827 |         if ((eap_is_wps_pbc_enrollee(&ssid->eap) &&
+        |              ^~~~~~~~~~~~~~~~~~~~~~~
+  events.c:1827:43: error: 'struct wpa_ssid' has no member named 'eap'
+   1827 |         if ((eap_is_wps_pbc_enrollee(&ssid->eap) &&
+        |                                           ^~
+
+Adding ifdef statements around the calling function fixes the issue.
+
+Signed-off-by: Nick Hainke <[email protected]>
+---
+ wpa_supplicant/events.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/wpa_supplicant/events.c
++++ b/wpa_supplicant/events.c
+@@ -1824,6 +1824,7 @@ int wpa_supplicant_connect(struct wpa_su
+ 			   struct wpa_bss *selected,
+ 			   struct wpa_ssid *ssid)
+ {
++#ifdef IEEE8021X_EAPOL
+ 	if ((eap_is_wps_pbc_enrollee(&ssid->eap) &&
+ 	     wpas_wps_partner_link_overlap_detect(wpa_s)) ||
+ 	    wpas_wps_scan_pbc_overlap(wpa_s, selected, ssid)) {
+@@ -1846,6 +1847,7 @@ int wpa_supplicant_connect(struct wpa_su
+ #endif /* CONFIG_WPS */
+ 		return -1;
+ 	}
++#endif /* IEEE8021X_EAPOL */
+ 
+ 	wpa_msg(wpa_s, MSG_DEBUG,
+ 		"Considering connect request: reassociate: %d  selected: "

package/network/services/hostapd/patches/200-multicall.patch

@@ -36,7 +36,7 @@
  LIBS += $(DRV_AP_LIBS)
  
  ifdef CONFIG_L2_PACKET
-@@ -1378,6 +1384,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
+@@ -1380,6 +1386,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
  _OBJS_VAR := OBJS
  include ../src/objs.mk
  
@@ -49,7 +49,7 @@
  hostapd: $(OBJS)
  	$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
  	@$(E) "  LD " $@
-@@ -1458,6 +1470,12 @@ include ../src/objs.mk
+@@ -1460,6 +1472,12 @@ include ../src/objs.mk
  _OBJS_VAR := SOBJS
  include ../src/objs.mk
  
@@ -71,8 +71,8 @@
 +-include $(if $(MULTICALL),../hostapd/.config)
  include ../src/build.rules
  
- ifdef CONFIG_BUILD_WPA_CLIENT_SO
-@@ -371,7 +372,9 @@ endif
+ ifdef CONFIG_BUILD_PASN_SO
+@@ -382,7 +383,9 @@ endif
  ifdef CONFIG_IBSS_RSN
  NEED_RSN_AUTHENTICATOR=y
  CFLAGS += -DCONFIG_IBSS_RSN
@@ -82,7 +82,7 @@
  OBJS += ibss_rsn.o
  endif
  
-@@ -912,6 +915,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
+@@ -924,6 +927,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
  CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
  LIBS += -ldl -rdynamic
  endif
@@ -93,7 +93,7 @@
  endif
  
  ifdef CONFIG_AP
-@@ -919,9 +926,11 @@ NEED_EAP_COMMON=y
+@@ -931,9 +938,11 @@ NEED_EAP_COMMON=y
  NEED_RSN_AUTHENTICATOR=y
  CFLAGS += -DCONFIG_AP
  OBJS += ap.o
@@ -105,7 +105,7 @@
  OBJS += ../src/ap/hostapd.o
  OBJS += ../src/ap/wpa_auth_glue.o
  OBJS += ../src/ap/utils.o
-@@ -1008,6 +1017,12 @@ endif
+@@ -1022,6 +1031,12 @@ endif
  ifdef CONFIG_HS20
  OBJS += ../src/ap/hs20.o
  endif
@@ -118,7 +118,7 @@
  endif
  
  ifdef CONFIG_MBO
-@@ -1016,7 +1031,9 @@ CFLAGS += -DCONFIG_MBO
+@@ -1030,7 +1045,9 @@ CFLAGS += -DCONFIG_MBO
  endif
  
  ifdef NEED_RSN_AUTHENTICATOR
@@ -128,7 +128,7 @@
  NEED_AES_WRAP=y
  OBJS += ../src/ap/wpa_auth.o
  OBJS += ../src/ap/wpa_auth_ie.o
-@@ -1996,6 +2013,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
+@@ -2010,6 +2027,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
  
  _OBJS_VAR := OBJS
  include ../src/objs.mk
@@ -141,7 +141,7 @@
  wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
  	$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
  	@$(E) "  LD " $@
-@@ -2128,6 +2151,12 @@ eap_gpsk.so: $(SRC_EAP_GPSK)
+@@ -2142,6 +2165,12 @@ eap_gpsk.so: $(SRC_EAP_GPSK)
  	$(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@
  	@$(E) "  sed" $<
  
@@ -156,7 +156,7 @@
  wpa_cli.exe: wpa_cli
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -6171,8 +6171,8 @@ union wpa_event_data {
+@@ -6544,8 +6544,8 @@ union wpa_event_data {
   * Driver wrapper code should call this function whenever an event is received
   * from the driver.
   */
@@ -167,7 +167,7 @@
  
  /**
   * wpa_supplicant_event_global - Report a driver event for wpa_supplicant
-@@ -6184,7 +6184,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -6557,7 +6557,7 @@ void wpa_supplicant_event(void *ctx, enu
   * Same as wpa_supplicant_event(), but we search for the interface in
   * wpa_global.
   */
@@ -178,7 +178,7 @@
  /*
 --- a/src/ap/drv_callbacks.c
 +++ b/src/ap/drv_callbacks.c
-@@ -1872,8 +1872,8 @@ err:
+@@ -1887,8 +1887,8 @@ err:
  #endif /* CONFIG_OWE */
  
  
@@ -189,7 +189,7 @@
  {
  	struct hostapd_data *hapd = ctx;
  #ifndef CONFIG_NO_STDOUT_DEBUG
-@@ -2145,7 +2145,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -2161,7 +2161,7 @@ void wpa_supplicant_event(void *ctx, enu
  }
  
  
@@ -200,7 +200,7 @@
  	struct hapd_interfaces *interfaces = ctx;
 --- a/wpa_supplicant/wpa_priv.c
 +++ b/wpa_supplicant/wpa_priv.c
-@@ -1038,8 +1038,8 @@ static void wpa_priv_send_ft_response(st
+@@ -1039,8 +1039,8 @@ static void wpa_priv_send_ft_response(st
  }
  
  
@@ -211,7 +211,7 @@
  {
  	struct wpa_priv_interface *iface = ctx;
  
-@@ -1102,7 +1102,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -1103,7 +1103,7 @@ void wpa_supplicant_event(void *ctx, enu
  }
  
  
@@ -220,7 +220,7 @@
  				 union wpa_event_data *data)
  {
  	struct wpa_priv_global *global = ctx;
-@@ -1216,6 +1216,8 @@ int main(int argc, char *argv[])
+@@ -1217,6 +1217,8 @@ int main(int argc, char *argv[])
  	if (os_program_init())
  		return -1;
  
@@ -231,7 +231,7 @@
  	os_memset(&global, 0, sizeof(global));
 --- a/wpa_supplicant/events.c
 +++ b/wpa_supplicant/events.c
-@@ -4953,8 +4953,8 @@ static void wpas_event_unprot_beacon(str
+@@ -5237,8 +5237,8 @@ static void wpas_event_unprot_beacon(str
  }
  
  
@@ -242,7 +242,7 @@
  {
  	struct wpa_supplicant *wpa_s = ctx;
  	int resched;
-@@ -5813,7 +5813,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -6149,7 +6149,7 @@ void wpa_supplicant_event(void *ctx, enu
  }
  
  
@@ -253,7 +253,7 @@
  	struct wpa_supplicant *wpa_s;
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -7087,7 +7087,6 @@ struct wpa_interface * wpa_supplicant_ma
+@@ -7408,7 +7408,6 @@ struct wpa_interface * wpa_supplicant_ma
  	return NULL;
  }
  
@@ -261,7 +261,7 @@
  /**
   * wpa_supplicant_match_existing - Match existing interfaces
   * @global: Pointer to global data from wpa_supplicant_init()
-@@ -7122,6 +7121,11 @@ static int wpa_supplicant_match_existing
+@@ -7443,6 +7442,11 @@ static int wpa_supplicant_match_existing
  
  #endif /* CONFIG_MATCH_IFACE */
  
@@ -273,7 +273,7 @@
  
  /**
   * wpa_supplicant_add_iface - Add a new network interface
-@@ -7378,6 +7382,8 @@ struct wpa_global * wpa_supplicant_init(
+@@ -7699,6 +7703,8 @@ struct wpa_global * wpa_supplicant_init(
  #ifndef CONFIG_NO_WPA_MSG
  	wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
  #endif /* CONFIG_NO_WPA_MSG */
@@ -284,7 +284,7 @@
  		wpa_debug_open_file(params->wpa_debug_file_path);
 --- a/hostapd/main.c
 +++ b/hostapd/main.c
-@@ -591,6 +591,11 @@ fail:
+@@ -595,6 +595,11 @@ fail:
  	return -1;
  }
  
@@ -296,7 +296,7 @@
  
  #ifdef CONFIG_WPS
  static int gen_uuid(const char *txt_addr)
-@@ -684,6 +689,8 @@ int main(int argc, char *argv[])
+@@ -688,6 +693,8 @@ int main(int argc, char *argv[])
  		return -1;
  #endif /* CONFIG_DPP */
  

package/network/services/hostapd/patches/300-noscan.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -3439,6 +3439,10 @@ static int hostapd_config_fill(struct ho
+@@ -3446,6 +3446,10 @@ static int hostapd_config_fill(struct ho
  		if (bss->ocv && !bss->ieee80211w)
  			bss->ieee80211w = 1;
  #endif /* CONFIG_OCV */
@@ -13,7 +13,7 @@
  	} else if (os_strcmp(buf, "ht_capab") == 0) {
 --- a/src/ap/ap_config.h
 +++ b/src/ap/ap_config.h
-@@ -1043,6 +1043,8 @@ struct hostapd_config {
+@@ -1061,6 +1061,8 @@ struct hostapd_config {
  
  	int ht_op_mode_fixed;
  	u16 ht_capab;

package/network/services/hostapd/patches/301-mesh-noscan.patch

@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/config.c
 +++ b/wpa_supplicant/config.c
-@@ -2555,6 +2555,7 @@ static const struct parse_data ssid_fiel
+@@ -2599,6 +2599,7 @@ static const struct parse_data ssid_fiel
  #else /* CONFIG_MESH */
  	{ INT_RANGE(mode, 0, 4) },
  #endif /* CONFIG_MESH */
@@ -10,7 +10,7 @@
  	{ STR(id_str) },
 --- a/wpa_supplicant/config_file.c
 +++ b/wpa_supplicant/config_file.c
-@@ -766,6 +766,7 @@ static void wpa_config_write_network(FIL
+@@ -775,6 +775,7 @@ static void wpa_config_write_network(FIL
  #endif /* IEEE8021X_EAPOL */
  	INT(mode);
  	INT(no_auto_peer);
@@ -31,36 +31,36 @@
  		/*
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2463,7 +2463,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -2693,7 +2693,7 @@ static bool ibss_mesh_can_use_vht(struct
+ 				  const struct wpa_ssid *ssid,
+ 				  struct hostapd_hw_modes *mode)
+ {
+-	if (mode->mode != HOSTAPD_MODE_IEEE80211A)
++	if (mode->mode != HOSTAPD_MODE_IEEE80211A && !(ssid->noscan))
+ 		return false;
+ 
+ 	if (!drv_supports_vht(wpa_s, ssid))
+@@ -2766,7 +2766,7 @@ static void ibss_mesh_select_40mhz(struc
+ 	int i, res;
+ 	unsigned int j;
+ 	static const int ht40plus[] = {
+-		36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157, 165, 173,
++		1, 2, 3, 4, 5, 6, 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157, 165, 173,
+ 		184, 192
+ 	};
+ 	int ht40 = -1;
+@@ -3016,7 +3016,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
  	int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
  	enum hostapd_hw_mode hw_mode;
  	struct hostapd_hw_modes *mode = NULL;
--	int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
-+	int ht40plus[] = { 1, 2, 3, 4, 5, 6, 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
- 			   184, 192 };
- 	int bw80[] = { 5180, 5260, 5500, 5580, 5660, 5745, 5955,
- 		       6035, 6115, 6195, 6275, 6355, 6435, 6515,
-@@ -2471,7 +2471,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
- 	int bw160[] = { 5955, 6115, 6275, 6435, 6595, 6755, 6915 };
- 	struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
+-	int i, obss_scan = 1;
++	int i, obss_scan = !(ssid->noscan);
  	u8 channel;
--	int i, chan_idx, ht40 = -1, res, obss_scan = 1;
-+	int i, chan_idx, ht40 = -1, res, obss_scan = !(ssid->noscan);
- 	unsigned int j, k;
- 	struct hostapd_freq_params vht_freq;
- 	int chwidth, seg0, seg1;
-@@ -2562,7 +2562,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
- #endif /* CONFIG_HE_OVERRIDES */
- 
- 	/* Setup higher BW only for 5 GHz */
--	if (mode->mode != HOSTAPD_MODE_IEEE80211A)
-+	if (mode->mode != HOSTAPD_MODE_IEEE80211A && !(ssid->noscan))
- 		return;
- 
- 	for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
+ 	bool is_6ghz;
+ 	bool dfs_enabled = wpa_s->conf->country[0] && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR);
 --- a/wpa_supplicant/config_ssid.h
 +++ b/wpa_supplicant/config_ssid.h
-@@ -981,6 +981,8 @@ struct wpa_ssid {
+@@ -1035,6 +1035,8 @@ struct wpa_ssid {
  	 */
  	int no_auto_peer;
  

package/network/services/hostapd/patches/310-rescan_immediately.patch

@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -5419,7 +5419,7 @@ wpa_supplicant_alloc(struct wpa_supplica
+@@ -5713,7 +5713,7 @@ wpa_supplicant_alloc(struct wpa_supplica
  	if (wpa_s == NULL)
  		return NULL;
  	wpa_s->scan_req = INITIAL_SCAN_REQ;

package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch

@@ -1,6 +1,6 @@
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -5022,7 +5022,7 @@ static int nl80211_set_channel(struct i8
+@@ -5224,7 +5224,7 @@ static int nl80211_set_channel(struct i8
  		   freq->he_enabled, freq->eht_enabled, freq->bandwidth,
  		   freq->center_freq1, freq->center_freq2);
  

package/network/services/hostapd/patches/340-reload_freq_change.patch

@@ -1,6 +1,6 @@
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -119,6 +119,29 @@ static void hostapd_reload_bss(struct ho
+@@ -142,6 +142,29 @@ static void hostapd_reload_bss(struct ho
  #endif /* CONFIG_NO_RADIUS */
  
  	ssid = &hapd->conf->ssid;
@@ -30,7 +30,7 @@
  	if (!ssid->wpa_psk_set && ssid->wpa_psk && !ssid->wpa_psk->next &&
  	    ssid->wpa_passphrase_set && ssid->wpa_passphrase) {
  		/*
-@@ -220,6 +243,7 @@ int hostapd_reload_config(struct hostapd
+@@ -250,6 +273,7 @@ int hostapd_reload_config(struct hostapd
  	struct hostapd_data *hapd = iface->bss[0];
  	struct hostapd_config *newconf, *oldconf;
  	size_t j;
@@ -38,7 +38,7 @@
  
  	if (iface->config_fname == NULL) {
  		/* Only in-memory config in use - assume it has been updated */
-@@ -270,24 +294,20 @@ int hostapd_reload_config(struct hostapd
+@@ -300,6 +324,17 @@ int hostapd_reload_config(struct hostapd
  	}
  	iface->conf = newconf;
  
@@ -55,6 +55,10 @@
 +
  	for (j = 0; j < iface->num_bss; j++) {
  		hapd = iface->bss[j];
+ 		if (!hapd->conf->config_id || !newconf->bss[j]->config_id ||
+@@ -307,21 +342,6 @@ int hostapd_reload_config(struct hostapd
+ 			      newconf->bss[j]->config_id) != 0)
+ 			hostapd_clear_old_bss(hapd);
  		hapd->iconf = newconf;
 -		hapd->iconf->channel = oldconf->channel;
 -		hapd->iconf->acs = oldconf->acs;

package/network/services/hostapd/patches/341-mesh-ctrl-iface-channel-switch.patch

@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/ap.c
 +++ b/wpa_supplicant/ap.c
-@@ -1803,15 +1803,35 @@ int ap_switch_channel(struct wpa_supplic
+@@ -1825,15 +1825,35 @@ int ap_switch_channel(struct wpa_supplic
  
  
  #ifdef CONFIG_CTRL_IFACE

package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch

@@ -1,34 +1,35 @@
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -2938,11 +2938,11 @@ static int wpa_driver_nl80211_del_beacon
- 	struct wpa_driver_nl80211_data *drv = bss->drv;
+@@ -3006,12 +3006,12 @@ static int wpa_driver_nl80211_del_beacon
+ 		return 0;
  
  	wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)",
 -		   drv->ifindex);
 +		   bss->ifindex);
- 	bss->beacon_set = 0;
- 	bss->freq = 0;
+ 	link->beacon_set = 0;
+ 	link->freq = 0;
+ 
  	nl80211_put_wiphy_data_ap(bss);
 -	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_DEL_BEACON);
 +	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_BEACON);
- 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
- }
+ 	if (!msg)
+ 		return -ENOBUFS;
  
-@@ -5661,7 +5661,7 @@ static void nl80211_teardown_ap(struct i
+@@ -5907,7 +5907,7 @@ static void nl80211_teardown_ap(struct i
  		nl80211_mgmt_unsubscribe(bss, "AP teardown");
  
  	nl80211_put_wiphy_data_ap(bss);
--	bss->beacon_set = 0;
-+	wpa_driver_nl80211_del_beacon(bss);
+-	bss->flink->beacon_set = 0;
++	wpa_driver_nl80211_del_beacon_all(bss);
  }
  
  
-@@ -8120,8 +8120,6 @@ static int wpa_driver_nl80211_if_remove(
+@@ -8642,8 +8642,6 @@ static int wpa_driver_nl80211_if_remove(
  	} else {
  		wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
  		nl80211_teardown_ap(bss);
 -		if (!bss->added_if && !drv->first_bss->next)
--			wpa_driver_nl80211_del_beacon(bss);
+-			wpa_driver_nl80211_del_beacon_all(bss);
  		nl80211_destroy_bss(bss);
  		if (!bss->added_if)
  			i802_set_iface_flags(bss, 0);

package/network/services/hostapd/patches/360-ctrl_iface_reload.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/ctrl_iface.c
 +++ b/hostapd/ctrl_iface.c
-@@ -67,6 +67,7 @@
+@@ -68,6 +68,7 @@
  #include "fst/fst_ctrl_iface.h"
  #include "config_file.h"
  #include "ctrl_iface.h"
@@ -8,7 +8,7 @@
  
  
  #define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256
-@@ -82,6 +83,7 @@ static void hostapd_ctrl_iface_send(stru
+@@ -83,6 +84,7 @@ static void hostapd_ctrl_iface_send(stru
  				    enum wpa_msg_type type,
  				    const char *buf, size_t len);
  
@@ -16,7 +16,7 @@
  
  static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd,
  				     struct sockaddr_storage *from,
-@@ -133,6 +135,61 @@ static int hostapd_ctrl_iface_new_sta(st
+@@ -134,6 +136,61 @@ static int hostapd_ctrl_iface_new_sta(st
  	return 0;
  }
  
@@ -78,7 +78,7 @@
  
  #ifdef NEED_AP_MLME
  static int hostapd_ctrl_iface_sa_query(struct hostapd_data *hapd,
-@@ -3449,6 +3506,8 @@ static int hostapd_ctrl_iface_receive_pr
+@@ -3529,6 +3586,8 @@ static int hostapd_ctrl_iface_receive_pr
  	} else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
  		reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply,
  						      reply_size);
@@ -89,7 +89,7 @@
  #ifdef RADIUS_SERVER
 --- a/src/ap/ctrl_iface_ap.c
 +++ b/src/ap/ctrl_iface_ap.c
-@@ -945,7 +945,13 @@ int hostapd_parse_csa_settings(const cha
+@@ -1008,7 +1008,13 @@ int hostapd_parse_csa_settings(const cha
  
  int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd)
  {

package/network/services/hostapd/patches/370-ap_sta_support.patch

@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -115,6 +115,8 @@ OBJS_c += ../src/utils/common.o
+@@ -126,6 +126,8 @@ OBJS_c += ../src/utils/common.o
  OBJS_c += ../src/common/cli.o
  OBJS += wmm_ac.o
  
@@ -19,7 +19,7 @@
  #include "drivers/driver.h"
  #include "eap_peer/eap.h"
  #include "wpa_supplicant_i.h"
-@@ -282,6 +283,10 @@ void calculate_update_time(const struct
+@@ -283,6 +284,10 @@ void calculate_update_time(const struct
  static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src,
  			     struct os_reltime *fetch_time)
  {
@@ -30,7 +30,7 @@
  	dst->flags = src->flags;
  	os_memcpy(dst->bssid, src->bssid, ETH_ALEN);
  	dst->freq = src->freq;
-@@ -295,6 +300,15 @@ static void wpa_bss_copy_res(struct wpa_
+@@ -296,6 +301,15 @@ static void wpa_bss_copy_res(struct wpa_
  	dst->est_throughput = src->est_throughput;
  	dst->snr = src->snr;
  
@@ -154,7 +154,7 @@
  
  #ifdef CONFIG_WEP
  /* Configure default/group WEP keys for static WEP */
-@@ -1016,6 +1064,8 @@ void wpa_supplicant_set_state(struct wpa
+@@ -1026,6 +1074,8 @@ void wpa_supplicant_set_state(struct wpa
  
  		sme_sched_obss_scan(wpa_s, 1);
  
@@ -163,7 +163,7 @@
  #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
  		if (!fils_hlp_sent && ssid && ssid->eap.erp)
  			update_fils_connect_params = true;
-@@ -1026,6 +1076,8 @@ void wpa_supplicant_set_state(struct wpa
+@@ -1036,6 +1086,8 @@ void wpa_supplicant_set_state(struct wpa
  #endif /* CONFIG_OWE */
  	} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
  		   state == WPA_ASSOCIATED) {
@@ -172,7 +172,7 @@
  		wpa_s->new_connection = 1;
  		wpa_drv_set_operstate(wpa_s, 0);
  #ifndef IEEE8021X_EAPOL
-@@ -2335,6 +2387,8 @@ void wpa_supplicant_associate(struct wpa
+@@ -2520,6 +2572,8 @@ void wpa_supplicant_associate(struct wpa
  			return;
  		}
  		wpa_s->current_bss = bss;
@@ -181,7 +181,7 @@
  #else /* CONFIG_MESH */
  		wpa_msg(wpa_s, MSG_ERROR,
  			"mesh mode support not included in the build");
-@@ -6693,6 +6747,16 @@ static int wpa_supplicant_init_iface(str
+@@ -7010,6 +7064,16 @@ static int wpa_supplicant_init_iface(str
  			   sizeof(wpa_s->bridge_ifname));
  	}
  
@@ -198,7 +198,7 @@
  	/* RSNA Supplicant Key Management - INITIALIZE */
  	eapol_sm_notify_portEnabled(wpa_s->eapol, false);
  	eapol_sm_notify_portValid(wpa_s->eapol, false);
-@@ -7031,6 +7095,11 @@ static void wpa_supplicant_deinit_iface(
+@@ -7352,6 +7416,11 @@ static void wpa_supplicant_deinit_iface(
  	if (terminate)
  		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
  
@@ -212,7 +212,7 @@
  
 --- a/wpa_supplicant/wpa_supplicant_i.h
 +++ b/wpa_supplicant/wpa_supplicant_i.h
-@@ -105,6 +105,11 @@ struct wpa_interface {
+@@ -106,6 +106,11 @@ struct wpa_interface {
  	const char *ifname;
  
  	/**
@@ -224,7 +224,7 @@
  	 * bridge_ifname - Optional bridge interface name
  	 *
  	 * If the driver interface (ifname) is included in a Linux bridge
-@@ -717,6 +722,8 @@ struct wpa_supplicant {
+@@ -665,6 +670,8 @@ struct wpa_supplicant {
  #endif /* CONFIG_CTRL_IFACE_BINDER */
  	char bridge_ifname[16];
  
@@ -235,7 +235,7 @@
  
 --- a/hostapd/ctrl_iface.c
 +++ b/hostapd/ctrl_iface.c
-@@ -2641,6 +2641,12 @@ static int hostapd_ctrl_iface_chan_switc
+@@ -2716,6 +2716,12 @@ static int hostapd_ctrl_iface_chan_switc
  		return 0;
  	}
  
@@ -250,7 +250,7 @@
  		/* Save CHAN_SWITCH VHT, HE, and EHT config */
 --- a/src/ap/beacon.c
 +++ b/src/ap/beacon.c
-@@ -1903,11 +1903,6 @@ static int __ieee802_11_set_beacon(struc
+@@ -2052,11 +2052,6 @@ static int __ieee802_11_set_beacon(struc
  		return -1;
  	}
  
@@ -264,7 +264,7 @@
  	if (ieee802_11_build_ap_params(hapd, &params) < 0)
 --- a/wpa_supplicant/events.c
 +++ b/wpa_supplicant/events.c
-@@ -4953,6 +4953,60 @@ static void wpas_event_unprot_beacon(str
+@@ -5237,6 +5237,60 @@ static void wpas_event_unprot_beacon(str
  }
  
  
@@ -325,7 +325,7 @@
  void supplicant_event(void *ctx, enum wpa_event_type event,
  		      union wpa_event_data *data)
  {
-@@ -5268,8 +5322,10 @@ void supplicant_event(void *ctx, enum wp
+@@ -5586,8 +5640,10 @@ void supplicant_event(void *ctx, enum wp
  			channel_width_to_string(data->ch_switch.ch_width),
  			data->ch_switch.cf1,
  			data->ch_switch.cf2);
@@ -339,7 +339,7 @@
  		wpa_s->current_ssid->frequency = data->ch_switch.freq;
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -5968,6 +5968,7 @@ union wpa_event_data {
+@@ -6324,6 +6324,7 @@ union wpa_event_data {
  
  	/**
  	 * struct ch_switch
@@ -347,8 +347,8 @@
  	 * @freq: Frequency of new channel in MHz
  	 * @ht_enabled: Whether this is an HT channel
  	 * @ch_offset: Secondary channel offset
-@@ -5976,6 +5977,7 @@ union wpa_event_data {
- 	 * @cf2: Center frequency 2
+@@ -6334,6 +6335,7 @@ union wpa_event_data {
+ 	 * @punct_bitmap: Puncturing bitmap
  	 */
  	struct ch_switch {
 +		int count;
@@ -357,16 +357,15 @@
  		int ch_offset;
 --- a/src/drivers/driver_nl80211_event.c
 +++ b/src/drivers/driver_nl80211_event.c
-@@ -694,7 +694,7 @@ static void mlme_event_ch_switch(struct
- 				 struct nlattr *ifindex, struct nlattr *freq,
- 				 struct nlattr *type, struct nlattr *bw,
- 				 struct nlattr *cf1, struct nlattr *cf2,
--				 int finished)
-+				 struct nlattr *count, int finished)
+@@ -997,6 +997,7 @@ static void mlme_event_ch_switch(struct
+ 				 struct nlattr *bw, struct nlattr *cf1,
+ 				 struct nlattr *cf2,
+ 				 struct nlattr *punct_bitmap,
++				 struct nlattr *count,
+ 				 int finished)
  {
  	struct i802_bss *bss;
- 	union wpa_event_data data;
-@@ -755,6 +755,8 @@ static void mlme_event_ch_switch(struct
+@@ -1060,6 +1061,8 @@ static void mlme_event_ch_switch(struct
  		data.ch_switch.cf1 = nla_get_u32(cf1);
  	if (cf2)
  		data.ch_switch.cf2 = nla_get_u32(cf2);
@@ -374,19 +373,19 @@
 +		data.ch_switch.count = nla_get_u32(count);
  
  	if (finished)
- 		bss->freq = data.ch_switch.freq;
-@@ -3113,6 +3115,7 @@ static void do_process_drv_event(struct
- 				     tb[NL80211_ATTR_CHANNEL_WIDTH],
+ 		bss->flink->freq = data.ch_switch.freq;
+@@ -3604,6 +3607,7 @@ static void do_process_drv_event(struct
  				     tb[NL80211_ATTR_CENTER_FREQ1],
  				     tb[NL80211_ATTR_CENTER_FREQ2],
+ 				     tb[NL80211_ATTR_PUNCT_BITMAP],
 +				     tb[NL80211_ATTR_CH_SWITCH_COUNT],
  				     0);
  		break;
  	case NL80211_CMD_CH_SWITCH_NOTIFY:
-@@ -3123,6 +3126,7 @@ static void do_process_drv_event(struct
- 				     tb[NL80211_ATTR_CHANNEL_WIDTH],
+@@ -3616,6 +3620,7 @@ static void do_process_drv_event(struct
  				     tb[NL80211_ATTR_CENTER_FREQ1],
  				     tb[NL80211_ATTR_CENTER_FREQ2],
+ 				     tb[NL80211_ATTR_PUNCT_BITMAP],
 +				     NULL,
  				     1);
  		break;

package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch

@@ -12,7 +12,7 @@
  else
 --- a/hostapd/ctrl_iface.c
 +++ b/hostapd/ctrl_iface.c
-@@ -3265,6 +3265,7 @@ static int hostapd_ctrl_iface_receive_pr
+@@ -3342,6 +3342,7 @@ static int hostapd_ctrl_iface_receive_pr
  						      reply_size);
  	} else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
  		reply_len = hostapd_drv_status(hapd, reply, reply_size);
@@ -20,7 +20,7 @@
  	} else if (os_strcmp(buf, "MIB") == 0) {
  		reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
  		if (reply_len >= 0) {
-@@ -3306,6 +3307,7 @@ static int hostapd_ctrl_iface_receive_pr
+@@ -3383,6 +3384,7 @@ static int hostapd_ctrl_iface_receive_pr
  	} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
  		reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
  							reply_size);
@@ -30,7 +30,7 @@
  			reply_len = -1;
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -973,6 +973,9 @@ ifdef CONFIG_FILS
+@@ -985,6 +985,9 @@ ifdef CONFIG_FILS
  OBJS += ../src/ap/fils_hlp.o
  endif
  ifdef CONFIG_CTRL_IFACE
@@ -42,7 +42,7 @@
  
 --- a/wpa_supplicant/ctrl_iface.c
 +++ b/wpa_supplicant/ctrl_iface.c
-@@ -2325,7 +2325,7 @@ static int wpa_supplicant_ctrl_iface_sta
+@@ -2326,7 +2326,7 @@ static int wpa_supplicant_ctrl_iface_sta
  			pos += ret;
  		}
  
@@ -51,7 +51,7 @@
  		if (wpa_s->ap_iface) {
  			pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos,
  							    end - pos,
-@@ -11565,6 +11565,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -11964,6 +11964,7 @@ char * wpa_supplicant_ctrl_iface_process
  			reply_len = -1;
  	} else if (os_strncmp(buf, "NOTE ", 5) == 0) {
  		wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
@@ -59,7 +59,7 @@
  	} else if (os_strcmp(buf, "MIB") == 0) {
  		reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
  		if (reply_len >= 0) {
-@@ -11577,6 +11578,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -11976,6 +11977,7 @@ char * wpa_supplicant_ctrl_iface_process
  				reply_size - reply_len);
  #endif /* CONFIG_MACSEC */
  		}
@@ -67,7 +67,7 @@
  	} else if (os_strncmp(buf, "STATUS", 6) == 0) {
  		reply_len = wpa_supplicant_ctrl_iface_status(
  			wpa_s, buf + 6, reply, reply_size);
-@@ -12065,6 +12067,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -12464,6 +12466,7 @@ char * wpa_supplicant_ctrl_iface_process
  		reply_len = wpa_supplicant_ctrl_iface_bss(
  			wpa_s, buf + 4, reply, reply_size);
  #ifdef CONFIG_AP
@@ -75,7 +75,7 @@
  	} else if (os_strcmp(buf, "STA-FIRST") == 0) {
  		reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size);
  	} else if (os_strncmp(buf, "STA ", 4) == 0) {
-@@ -12073,12 +12076,15 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -12472,12 +12475,15 @@ char * wpa_supplicant_ctrl_iface_process
  	} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
  		reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
  						   reply_size);
@@ -93,15 +93,61 @@
  			reply_len = -1;
 --- a/src/ap/ctrl_iface_ap.c
 +++ b/src/ap/ctrl_iface_ap.c
-@@ -26,6 +26,7 @@
+@@ -26,6 +26,26 @@
  #include "taxonomy.h"
  #include "wnm_ap.h"
  
++static const char * hw_mode_str(enum hostapd_hw_mode mode)
++{
++	switch (mode) {
++	case HOSTAPD_MODE_IEEE80211B:
++		return "b";
++	case HOSTAPD_MODE_IEEE80211G:
++		return "g";
++	case HOSTAPD_MODE_IEEE80211A:
++		return "a";
++	case HOSTAPD_MODE_IEEE80211AD:
++		return "ad";
++	case HOSTAPD_MODE_IEEE80211ANY:
++		return "any";
++	case NUM_HOSTAPD_MODES:
++		return "invalid";
++	}
++	return "unknown";
++}
++
 +#ifdef CONFIG_CTRL_IFACE_MIB
  
  static size_t hostapd_write_ht_mcs_bitmask(char *buf, size_t buflen,
  					   size_t curr_len, const u8 *mcs_set)
-@@ -460,6 +461,7 @@ int hostapd_ctrl_iface_sta_next(struct h
+@@ -212,26 +232,6 @@ static const char * timeout_next_str(int
+ }
+ 
+ 
+-static const char * hw_mode_str(enum hostapd_hw_mode mode)
+-{
+-	switch (mode) {
+-	case HOSTAPD_MODE_IEEE80211B:
+-		return "b";
+-	case HOSTAPD_MODE_IEEE80211G:
+-		return "g";
+-	case HOSTAPD_MODE_IEEE80211A:
+-		return "a";
+-	case HOSTAPD_MODE_IEEE80211AD:
+-		return "ad";
+-	case HOSTAPD_MODE_IEEE80211ANY:
+-		return "any";
+-	case NUM_HOSTAPD_MODES:
+-		return "invalid";
+-	}
+-	return "unknown";
+-}
+-
+-
+ static int hostapd_ctrl_iface_sta_mib(struct hostapd_data *hapd,
+ 				      struct sta_info *sta,
+ 				      char *buf, size_t buflen)
+@@ -493,6 +493,7 @@ int hostapd_ctrl_iface_sta_next(struct h
  	return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen);
  }
  
@@ -109,7 +155,7 @@
  
  #ifdef CONFIG_P2P_MANAGER
  static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
-@@ -832,12 +834,12 @@ int hostapd_ctrl_iface_status(struct hos
+@@ -884,12 +885,12 @@ int hostapd_ctrl_iface_status(struct hos
  			return len;
  		len += ret;
  	}
@@ -126,7 +172,7 @@
  		if (os_snprintf_error(buflen - len, ret))
 --- a/src/ap/ieee802_1x.c
 +++ b/src/ap/ieee802_1x.c
-@@ -2740,6 +2740,7 @@ static const char * bool_txt(bool val)
+@@ -2753,6 +2753,7 @@ static const char * bool_txt(bool val)
  	return val ? "TRUE" : "FALSE";
  }
  
@@ -134,7 +180,7 @@
  
  int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
  {
-@@ -2926,6 +2927,7 @@ int ieee802_1x_get_mib_sta(struct hostap
+@@ -2939,6 +2940,7 @@ int ieee802_1x_get_mib_sta(struct hostap
  	return len;
  }
  
@@ -144,7 +190,7 @@
  static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)
 --- a/src/ap/wpa_auth.c
 +++ b/src/ap/wpa_auth.c
-@@ -4559,6 +4559,7 @@ static const char * wpa_bool_txt(int val
+@@ -4786,6 +4786,7 @@ static const char * wpa_bool_txt(int val
  	return val ? "TRUE" : "FALSE";
  }
  
@@ -152,7 +198,7 @@
  
  #define RSN_SUITE "%02x-%02x-%02x-%d"
  #define RSN_SUITE_ARG(s) \
-@@ -4709,7 +4710,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
+@@ -4938,7 +4939,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
  
  	return len;
  }
@@ -163,7 +209,7 @@
  {
 --- a/src/rsn_supp/wpa.c
 +++ b/src/rsn_supp/wpa.c
-@@ -2802,6 +2802,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
+@@ -3834,6 +3834,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
  }
  
  
@@ -172,7 +218,7 @@
  #define RSN_SUITE "%02x-%02x-%02x-%d"
  #define RSN_SUITE_ARG(s) \
  ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
-@@ -2883,6 +2885,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
+@@ -3915,6 +3917,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
  
  	return (int) len;
  }
@@ -182,7 +228,7 @@
  
 --- a/wpa_supplicant/ap.c
 +++ b/wpa_supplicant/ap.c
-@@ -1477,7 +1477,7 @@ int wpas_ap_wps_nfc_report_handover(stru
+@@ -1499,7 +1499,7 @@ int wpas_ap_wps_nfc_report_handover(stru
  #endif /* CONFIG_WPS */
  
  

package/network/services/hostapd/patches/381-hostapd_cli_UNKNOWN-COMMAND.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/hostapd_cli.c
 +++ b/hostapd/hostapd_cli.c
-@@ -744,7 +744,7 @@ static int wpa_ctrl_command_sta(struct w
+@@ -757,7 +757,7 @@ static int wpa_ctrl_command_sta(struct w
  	}
  
  	buf[len] = '\0';

package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch

@@ -1,6 +1,6 @@
 --- a/src/common/wpa_common.c
 +++ b/src/common/wpa_common.c
-@@ -2529,6 +2529,31 @@ u32 wpa_akm_to_suite(int akm)
+@@ -2719,6 +2719,31 @@ u32 wpa_akm_to_suite(int akm)
  }
  
  
@@ -32,7 +32,7 @@
  int wpa_compare_rsn_ie(int ft_initial_assoc,
  		       const u8 *ie1, size_t ie1len,
  		       const u8 *ie2, size_t ie2len)
-@@ -2536,8 +2561,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
+@@ -2726,8 +2751,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
  	if (ie1 == NULL || ie2 == NULL)
  		return -1;
  

package/network/services/hostapd/patches/410-limit_debug_messages.patch

@@ -60,7 +60,7 @@
  #ifdef CONFIG_DEBUG_FILE
  static char *last_path = NULL;
  #endif /* CONFIG_DEBUG_FILE */
-@@ -636,7 +610,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_
+@@ -644,7 +618,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_
  }
  
  
@@ -69,7 +69,7 @@
  {
  	va_list ap;
  	char *buf;
-@@ -674,7 +648,7 @@ void wpa_msg(void *ctx, int level, const
+@@ -682,7 +656,7 @@ void wpa_msg(void *ctx, int level, const
  }
  
  
@@ -80,9 +80,9 @@
  	char *buf;
 --- a/src/utils/wpa_debug.h
 +++ b/src/utils/wpa_debug.h
-@@ -50,6 +50,17 @@ int wpa_debug_reopen_file(void);
- void wpa_debug_close_file(void);
+@@ -51,6 +51,17 @@ void wpa_debug_close_file(void);
  void wpa_debug_setup_stdout(void);
+ void wpa_debug_stop_log(void);
  
 +/* internal */
 +void _wpa_hexdump(int level, const char *title, const u8 *buf,
@@ -98,7 +98,7 @@
  /**
   * wpa_debug_printf_timestamp - Print timestamp for debug output
   *
-@@ -70,9 +81,15 @@ void wpa_debug_print_timestamp(void);
+@@ -71,9 +82,15 @@ void wpa_debug_print_timestamp(void);
   *
   * Note: New line '\n' is added to the end of the text when printing to stdout.
   */
@@ -115,7 +115,7 @@
  /**
   * wpa_hexdump - conditional hex dump
   * @level: priority level (MSG_*) of the message
-@@ -84,7 +101,13 @@ PRINTF_FORMAT(2, 3);
+@@ -85,7 +102,13 @@ PRINTF_FORMAT(2, 3);
   * output may be directed to stdout, stderr, and/or syslog based on
   * configuration. The contents of buf is printed out has hex dump.
   */
@@ -130,7 +130,7 @@
  
  static inline void wpa_hexdump_buf(int level, const char *title,
  				   const struct wpabuf *buf)
-@@ -106,7 +129,13 @@ static inline void wpa_hexdump_buf(int l
+@@ -107,7 +130,13 @@ static inline void wpa_hexdump_buf(int l
   * like wpa_hexdump(), but by default, does not include secret keys (passwords,
   * etc.) in debug output.
   */
@@ -145,7 +145,7 @@
  
  static inline void wpa_hexdump_buf_key(int level, const char *title,
  				       const struct wpabuf *buf)
-@@ -128,8 +157,14 @@ static inline void wpa_hexdump_buf_key(i
+@@ -129,8 +158,14 @@ static inline void wpa_hexdump_buf_key(i
   * the hex numbers and ASCII characters (for printable range) are shown. 16
   * bytes per line will be shown.
   */
@@ -162,7 +162,7 @@
  
  /**
   * wpa_hexdump_ascii_key - conditional hex dump, hide keys
-@@ -145,8 +180,14 @@ void wpa_hexdump_ascii(int level, const
+@@ -146,8 +181,14 @@ void wpa_hexdump_ascii(int level, const
   * bytes per line will be shown. This works like wpa_hexdump_ascii(), but by
   * default, does not include secret keys (passwords, etc.) in debug output.
   */
@@ -179,7 +179,7 @@
  
  /*
   * wpa_dbg() behaves like wpa_msg(), but it can be removed from build to reduce
-@@ -183,7 +224,12 @@ void wpa_hexdump_ascii_key(int level, co
+@@ -184,7 +225,12 @@ void wpa_hexdump_ascii_key(int level, co
   *
   * Note: New line '\n' is added to the end of the text when printing to stdout.
   */
@@ -193,7 +193,7 @@
  
  /**
   * wpa_msg_ctrl - Conditional printf for ctrl_iface monitors
-@@ -197,8 +243,13 @@ void wpa_msg(void *ctx, int level, const
+@@ -198,8 +244,13 @@ void wpa_msg(void *ctx, int level, const
   * attached ctrl_iface monitors. In other words, it can be used for frequent
   * events that do not need to be sent to syslog.
   */

package/network/services/hostapd/patches/420-indicate-features.patch

@@ -9,7 +9,7 @@
  
  struct hapd_global {
  	void **drv_priv;
-@@ -692,7 +692,7 @@ int main(int argc, char *argv[])
+@@ -696,7 +696,7 @@ int main(int argc, char *argv[])
  	wpa_supplicant_event = hostapd_wpa_event;
  	wpa_supplicant_event_global = hostapd_wpa_event_global;
  	for (;;) {
@@ -18,7 +18,7 @@
  		if (c < 0)
  			break;
  		switch (c) {
-@@ -729,6 +729,8 @@ int main(int argc, char *argv[])
+@@ -733,6 +733,8 @@ int main(int argc, char *argv[])
  			break;
  #endif /* CONFIG_DEBUG_LINUX_TRACING */
  		case 'v':

package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/hostapd_cli.c
 +++ b/hostapd/hostapd_cli.c
-@@ -388,7 +388,6 @@ static int hostapd_cli_cmd_disassociate(
+@@ -401,7 +401,6 @@ static int hostapd_cli_cmd_disassociate(
  }
  
  
@@ -8,7 +8,7 @@
  static int hostapd_cli_cmd_signature(struct wpa_ctrl *ctrl, int argc,
  				     char *argv[])
  {
-@@ -401,7 +400,6 @@ static int hostapd_cli_cmd_signature(str
+@@ -414,7 +413,6 @@ static int hostapd_cli_cmd_signature(str
  	os_snprintf(buf, sizeof(buf), "SIGNATURE %s", argv[0]);
  	return wpa_ctrl_command(ctrl, buf);
  }
@@ -16,7 +16,7 @@
  
  
  static int hostapd_cli_cmd_sa_query(struct wpa_ctrl *ctrl, int argc,
-@@ -418,7 +416,6 @@ static int hostapd_cli_cmd_sa_query(stru
+@@ -431,7 +429,6 @@ static int hostapd_cli_cmd_sa_query(stru
  }
  
  
@@ -24,7 +24,7 @@
  static int hostapd_cli_cmd_wps_pin(struct wpa_ctrl *ctrl, int argc,
  				   char *argv[])
  {
-@@ -644,7 +641,6 @@ static int hostapd_cli_cmd_wps_config(st
+@@ -657,7 +654,6 @@ static int hostapd_cli_cmd_wps_config(st
  			 ssid_hex, argv[1]);
  	return wpa_ctrl_command(ctrl, buf);
  }
@@ -32,7 +32,7 @@
  
  
  static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc,
-@@ -1588,13 +1584,10 @@ static const struct hostapd_cli_cmd host
+@@ -1610,13 +1606,10 @@ static const struct hostapd_cli_cmd host
  	{ "disassociate", hostapd_cli_cmd_disassociate,
  	  hostapd_complete_stations,
  	  "<addr> = disassociate a station" },
@@ -46,7 +46,7 @@
  	{ "wps_pin", hostapd_cli_cmd_wps_pin, NULL,
  	  "<uuid> <pin> [timeout] [addr] = add WPS Enrollee PIN" },
  	{ "wps_check_pin", hostapd_cli_cmd_wps_check_pin, NULL,
-@@ -1619,7 +1612,6 @@ static const struct hostapd_cli_cmd host
+@@ -1641,7 +1634,6 @@ static const struct hostapd_cli_cmd host
  	  "<SSID> <auth> <encr> <key> = configure AP" },
  	{ "wps_get_status", hostapd_cli_cmd_wps_get_status, NULL,
  	  "= show current WPS status" },

package/network/services/hostapd/patches/450-scan_wait.patch

@@ -33,7 +33,7 @@
  	/* Initialize the driver interface */
  	if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5]))
  		b = NULL;
-@@ -404,8 +416,6 @@ static void hostapd_global_deinit(const
+@@ -407,8 +419,6 @@ static void hostapd_global_deinit(const
  #endif /* CONFIG_NATIVE_WINDOWS */
  
  	eap_server_unregister_methods();
@@ -42,7 +42,7 @@
  }
  
  
-@@ -431,18 +441,6 @@ static int hostapd_global_run(struct hap
+@@ -434,18 +444,6 @@ static int hostapd_global_run(struct hap
  	}
  #endif /* EAP_SERVER_TNC */
  
@@ -61,7 +61,7 @@
  	eloop_run();
  
  	return 0;
-@@ -645,8 +643,7 @@ int main(int argc, char *argv[])
+@@ -649,8 +647,7 @@ int main(int argc, char *argv[])
  	struct hapd_interfaces interfaces;
  	int ret = 1;
  	size_t i, j;

package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch

@@ -22,7 +22,7 @@ Signed-hostap: Antonio Quartulli <[email protected]>
  #include "common/defs.h"
  #include "common/ieee802_11_defs.h"
  #include "common/wpa_common.h"
-@@ -894,6 +895,9 @@ struct wpa_driver_associate_params {
+@@ -936,6 +937,9 @@ struct wpa_driver_associate_params {
  	 * responsible for selecting with which BSS to associate. */
  	const u8 *bssid;
  
@@ -42,7 +42,7 @@ Signed-hostap: Antonio Quartulli <[email protected]>
  #include "config.h"
  
  
-@@ -2345,6 +2346,97 @@ static char * wpa_config_write_peerkey(c
+@@ -2389,6 +2390,97 @@ static char * wpa_config_write_mac_value
  #endif /* NO_CONFIG_WRITE */
  
  
@@ -140,7 +140,7 @@ Signed-hostap: Antonio Quartulli <[email protected]>
  /* Helper macros for network block parser */
  
  #ifdef OFFSET
-@@ -2629,6 +2721,8 @@ static const struct parse_data ssid_fiel
+@@ -2673,6 +2765,8 @@ static const struct parse_data ssid_fiel
  	{ INT(ap_max_inactivity) },
  	{ INT(dtim_period) },
  	{ INT(beacon_int) },
@@ -162,7 +162,7 @@ Signed-hostap: Antonio Quartulli <[email protected]>
  
  
  #define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
-@@ -846,6 +848,9 @@ struct wpa_ssid {
+@@ -879,6 +881,9 @@ struct wpa_ssid {
  	 */
  	void *parent_cred;
  
@@ -174,7 +174,7 @@ Signed-hostap: Antonio Quartulli <[email protected]>
  	 * macsec_policy - Determines the policy for MACsec secure session
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -3899,6 +3899,12 @@ static void wpas_start_assoc_cb(struct w
+@@ -4177,6 +4177,12 @@ static void wpas_start_assoc_cb(struct w
  			params.beacon_int = ssid->beacon_int;
  		else
  			params.beacon_int = wpa_s->conf->beacon_int;

package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch

@@ -1,59 +0,0 @@
-From ffc4445958a3ed4064f2e1bf73fa478a61c5cf7b Mon Sep 17 00:00:00 2001
-From: Antonio Quartulli <[email protected]>
-Date: Sun, 3 Jun 2012 18:42:25 +0200
-Subject: [PATCHv2 602/602] driver_nl80211: use new parameters during ibss join
-
-Signed-hostap: Antonio Quartulli <[email protected]>
----
- src/drivers/driver_nl80211.c |   33 ++++++++++++++++++++++++++++++++-
- 1 file changed, 32 insertions(+), 1 deletion(-)
-
---- a/src/drivers/driver_nl80211.c
-+++ b/src/drivers/driver_nl80211.c
-@@ -6005,7 +6005,7 @@ static int wpa_driver_nl80211_ibss(struc
- 				   struct wpa_driver_associate_params *params)
- {
- 	struct nl_msg *msg;
--	int ret = -1;
-+	int ret = -1, i;
- 	int count = 0;
- 
- 	wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
-@@ -6032,6 +6032,37 @@ retry:
- 	    nl80211_put_beacon_int(msg, params->beacon_int))
- 		goto fail;
- 
-+	if (params->fixed_freq) {
-+		wpa_printf(MSG_DEBUG, "  * fixed_freq");
-+		nla_put_flag(msg, NL80211_ATTR_FREQ_FIXED);
-+	}
-+
-+	if (params->beacon_int > 0) {
-+		wpa_printf(MSG_DEBUG, "  * beacon_int=%d",
-+			   params->beacon_int);
-+		nla_put_u32(msg, NL80211_ATTR_BEACON_INTERVAL,
-+			    params->beacon_int);
-+	}
-+
-+	if (params->rates[0] > 0) {
-+		wpa_printf(MSG_DEBUG, "  * basic_rates:");
-+		i = 0;
-+		while (i < NL80211_MAX_SUPP_RATES &&
-+		       params->rates[i] > 0) {
-+			wpa_printf(MSG_DEBUG, "    %.1f",
-+				   (double)params->rates[i] / 2);
-+			i++;
-+		}
-+		nla_put(msg, NL80211_ATTR_BSS_BASIC_RATES, i,
-+			params->rates);
-+	}
-+
-+	if (params->mcast_rate > 0) {
-+		wpa_printf(MSG_DEBUG, "  * mcast_rate=%.1f",
-+			   (double)params->mcast_rate / 10);
-+		nla_put_u32(msg, NL80211_ATTR_MCAST_RATE, params->mcast_rate);
-+	}
-+
- 	ret = nl80211_set_conn_keys(params, msg);
- 	if (ret)
- 		goto fail;

package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch

@@ -19,7 +19,7 @@ Tested-by: Simon Wunderlich <[email protected]>
 
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -1661,6 +1661,7 @@ struct wpa_driver_mesh_join_params {
+@@ -1768,6 +1768,7 @@ struct wpa_driver_mesh_join_params {
  #define WPA_DRIVER_MESH_FLAG_AMPE	0x00000008
  	unsigned int flags;
  	bool handle_dfs;
@@ -29,7 +29,7 @@ Tested-by: Simon Wunderlich <[email protected]>
  struct wpa_driver_set_key_params {
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -10627,6 +10627,18 @@ static int nl80211_put_mesh_id(struct nl
+@@ -11388,6 +11388,18 @@ static int nl80211_put_mesh_id(struct nl
  }
  
  
@@ -48,7 +48,7 @@ Tested-by: Simon Wunderlich <[email protected]>
  static int nl80211_put_mesh_config(struct nl_msg *msg,
  				   struct wpa_driver_mesh_bss_params *params)
  {
-@@ -10688,6 +10700,7 @@ static int nl80211_join_mesh(struct i802
+@@ -11449,6 +11461,7 @@ static int nl80211_join_mesh(struct i802
  	    nl80211_put_basic_rates(msg, params->basic_rates) ||
  	    nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) ||
  	    nl80211_put_beacon_int(msg, params->beacon_int) ||

package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch

@@ -1,19 +1,13 @@
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2539,11 +2539,13 @@ void ibss_mesh_setup_freq(struct wpa_sup
- 	for (j = 0; j < wpa_s->last_scan_res_used; j++) {
- 		struct wpa_bss *bss = wpa_s->last_scan_res[j];
+@@ -3077,6 +3077,10 @@ void ibss_mesh_setup_freq(struct wpa_sup
  
--		if (ssid->mode != WPAS_MODE_IBSS)
-+		/* Don't adjust control freq in case of fixed_freq */
-+		if (ssid->fixed_freq) {
-+			obss_scan = 0;
- 			break;
-+		}
+ 	freq->freq = ssid->frequency;
  
--		/* Don't adjust control freq in case of fixed_freq */
--		if (ssid->fixed_freq)
-+		if (ssid->mode != WPAS_MODE_IBSS)
- 			break;
++	if (ssid->fixed_freq) {
++		obss_scan = 0;
++	}
++
+ 	if (ssid->mode == WPAS_MODE_IBSS && !ssid->fixed_freq) {
+ 		struct wpa_bss *bss = ibss_find_existing_bss(wpa_s, ssid);
  
- 		if (!bss_is_ibss(bss))

package/network/services/hostapd/patches/465-hostapd-config-support-random-BSS-color.patch

@@ -13,7 +13,7 @@ Signed-off-by: David Bauer <[email protected]>
 
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -3489,6 +3489,8 @@ static int hostapd_config_fill(struct ho
+@@ -3498,6 +3498,8 @@ static int hostapd_config_fill(struct ho
  	} else if (os_strcmp(buf, "he_bss_color") == 0) {
  		conf->he_op.he_bss_color = atoi(pos) & 0x3f;
  		conf->he_op.he_bss_color_disabled = 0;

package/network/services/hostapd/patches/470-survey_data_fallback.patch

@@ -1,24 +1,29 @@
 --- a/src/ap/acs.c
 +++ b/src/ap/acs.c
-@@ -420,20 +420,19 @@ static int acs_usable_bw160_chan(const s
+@@ -455,17 +455,17 @@ static int acs_get_bw_center_chan(int fr
  static int acs_survey_is_sufficient(struct freq_survey *survey)
  {
  	if (!(survey->filled & SURVEY_HAS_NF)) {
 +		survey->nf = -95;
- 		wpa_printf(MSG_INFO, "ACS: Survey is missing noise floor");
+ 		wpa_printf(MSG_INFO,
+ 			   "ACS: Survey for freq %d is missing noise floor",
+ 			   survey->freq);
 -		return 0;
  	}
  
  	if (!(survey->filled & SURVEY_HAS_CHAN_TIME)) {
 +		survey->channel_time = 0;
- 		wpa_printf(MSG_INFO, "ACS: Survey is missing channel time");
+ 		wpa_printf(MSG_INFO,
+ 			   "ACS: Survey for freq %d is missing channel time",
+ 			   survey->freq);
 -		return 0;
  	}
  
  	if (!(survey->filled & SURVEY_HAS_CHAN_TIME_BUSY) &&
- 	    !(survey->filled & SURVEY_HAS_CHAN_TIME_RX)) {
+@@ -473,7 +473,6 @@ static int acs_survey_is_sufficient(stru
  		wpa_printf(MSG_INFO,
- 			   "ACS: Survey is missing RX and busy time (at least one is required)");
+ 			   "ACS: Survey for freq %d is missing RX and busy time (at least one is required)",
+ 			   survey->freq);
 -		return 0;
  	}
  

package/network/services/hostapd/patches/500-lto-jobserver-support.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/Makefile
 +++ b/hostapd/Makefile
-@@ -1394,7 +1394,7 @@ hostapd_multi.a: $(BCHECK) $(OBJS)
+@@ -1396,7 +1396,7 @@ hostapd_multi.a: $(BCHECK) $(OBJS)
  	@$(AR) cr $@ hostapd_multi.o $(OBJS)
  
  hostapd: $(OBJS)
@@ -9,7 +9,7 @@
  	@$(E) "  LD " $@
  
  ifdef CONFIG_WPA_TRACE
-@@ -1405,7 +1405,7 @@ _OBJS_VAR := OBJS_c
+@@ -1407,7 +1407,7 @@ _OBJS_VAR := OBJS_c
  include ../src/objs.mk
  
  hostapd_cli: $(OBJS_c)
@@ -20,7 +20,7 @@
  NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS)
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -2025,31 +2025,31 @@ wpa_supplicant_multi.a: .config $(BCHECK
+@@ -2039,31 +2039,31 @@ wpa_supplicant_multi.a: .config $(BCHECK
  	@$(AR) cr $@ wpa_supplicant_multi.o $(OBJS)
  
  wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)

package/network/services/hostapd/patches/590-rrm-wnm-statistics.patch

@@ -42,9 +42,9 @@
  	wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request to "
  		   MACSTR " dialog_token=%u req_mode=0x%x disassoc_timer=%u "
  		   "validity_interval=%u",
-@@ -659,10 +660,12 @@ int ieee802_11_rx_wnm_action_ap(struct h
- 
- 	switch (action) {
+@@ -790,10 +791,12 @@ int ieee802_11_rx_wnm_action_ap(struct h
+ 					       plen);
+ 		return 0;
  	case WNM_BSS_TRANS_MGMT_QUERY:
 +		hapd->openwrt_stats.wnm.bss_transition_query_rx++;
  		ieee802_11_rx_bss_trans_mgmt_query(hapd, mgmt->sa, payload,
@@ -55,7 +55,7 @@
  		ieee802_11_rx_bss_trans_mgmt_resp(hapd, mgmt->sa, payload,
  						  plen);
  		return 0;
-@@ -709,6 +712,7 @@ int wnm_send_disassoc_imminent(struct ho
+@@ -840,6 +843,7 @@ int wnm_send_disassoc_imminent(struct ho
  
  	pos = mgmt->u.action.u.bss_tm_req.variable;
  
@@ -63,7 +63,7 @@
  	wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request frame to indicate imminent disassociation (disassoc_timer=%d) to "
  		   MACSTR, disassoc_timer, MAC2STR(sta->addr));
  	if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0, NULL, 0, 0) < 0) {
-@@ -790,6 +794,7 @@ int wnm_send_ess_disassoc_imminent(struc
+@@ -921,6 +925,7 @@ int wnm_send_ess_disassoc_imminent(struc
  		return -1;
  	}
  
@@ -71,7 +71,7 @@
  	if (disassoc_timer) {
  		/* send disassociation frame after time-out */
  		set_disassoc_timer(hapd, sta, disassoc_timer);
-@@ -870,6 +875,7 @@ int wnm_send_bss_tm_req(struct hostapd_d
+@@ -1001,6 +1006,7 @@ int wnm_send_bss_tm_req(struct hostapd_d
  	}
  	os_free(buf);
  

package/network/services/hostapd/patches/600-ubus_support.patch

@@ -39,7 +39,7 @@
  	int interface_added; /* virtual interface added for this BSS */
  	unsigned int started:1;
  	unsigned int disabled:1;
-@@ -673,6 +675,7 @@ hostapd_alloc_bss_data(struct hostapd_if
+@@ -682,6 +684,7 @@ hostapd_alloc_bss_data(struct hostapd_if
  		       struct hostapd_bss_config *bss);
  int hostapd_setup_interface(struct hostapd_iface *iface);
  int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err);
@@ -49,7 +49,7 @@
  struct hostapd_iface * hostapd_alloc_iface(void);
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -401,6 +401,7 @@ void hostapd_free_hapd_data(struct hosta
+@@ -435,6 +435,7 @@ void hostapd_free_hapd_data(struct hosta
  	hapd->beacon_set_done = 0;
  
  	wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface);
@@ -57,7 +57,7 @@
  	accounting_deinit(hapd);
  	hostapd_deinit_wpa(hapd);
  	vlan_deinit(hapd);
-@@ -1431,6 +1432,8 @@ static int hostapd_setup_bss(struct host
+@@ -1185,6 +1186,8 @@ static int hostapd_start_beacon(struct h
  	if (hapd->driver && hapd->driver->set_operstate)
  		hapd->driver->set_operstate(hapd->drv_priv, 1);
  
@@ -66,7 +66,7 @@
  	return 0;
  }
  
-@@ -2050,6 +2053,7 @@ static int hostapd_setup_interface_compl
+@@ -2126,6 +2129,7 @@ static int hostapd_setup_interface_compl
  	if (err)
  		goto fail;
  
@@ -74,7 +74,7 @@
  	wpa_printf(MSG_DEBUG, "Completing interface initialization");
  	if (iface->freq) {
  #ifdef NEED_AP_MLME
-@@ -2248,6 +2252,7 @@ dfs_offload:
+@@ -2342,6 +2346,7 @@ dfs_offload:
  
  fail:
  	wpa_printf(MSG_ERROR, "Interface initialization failed");
@@ -82,7 +82,7 @@
  	hostapd_set_state(iface, HAPD_IFACE_DISABLED);
  	wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED);
  #ifdef CONFIG_FST
-@@ -2723,6 +2728,7 @@ void hostapd_interface_deinit_free(struc
+@@ -2817,6 +2822,7 @@ void hostapd_interface_deinit_free(struc
  		   (unsigned int) iface->conf->num_bss);
  	driver = iface->bss[0]->driver;
  	drv_priv = iface->bss[0]->drv_priv;
@@ -92,7 +92,7 @@
  		   __func__, driver, drv_priv);
 --- a/src/ap/ieee802_11.c
 +++ b/src/ap/ieee802_11.c
-@@ -3573,13 +3573,18 @@ static void handle_auth(struct hostapd_d
+@@ -2740,13 +2740,18 @@ static void handle_auth(struct hostapd_d
  	u16 auth_alg, auth_transaction, status_code;
  	u16 resp = WLAN_STATUS_SUCCESS;
  	struct sta_info *sta = NULL;
@@ -112,7 +112,7 @@
  
  	if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
  		wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
-@@ -3747,6 +3752,13 @@ static void handle_auth(struct hostapd_d
+@@ -2914,6 +2919,13 @@ static void handle_auth(struct hostapd_d
  		resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
  		goto fail;
  	}
@@ -126,7 +126,7 @@
  	if (res == HOSTAPD_ACL_PENDING)
  		return;
  
-@@ -5488,7 +5500,7 @@ static void handle_assoc(struct hostapd_
+@@ -4695,7 +4707,7 @@ static void handle_assoc(struct hostapd_
  	int resp = WLAN_STATUS_SUCCESS;
  	u16 reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE;
  	const u8 *pos;
@@ -135,7 +135,7 @@
  	struct sta_info *sta;
  	u8 *tmp = NULL;
  #ifdef CONFIG_FILS
-@@ -5701,6 +5713,11 @@ static void handle_assoc(struct hostapd_
+@@ -4908,6 +4920,11 @@ static void handle_assoc(struct hostapd_
  		left = res;
  	}
  #endif /* CONFIG_FILS */
@@ -147,7 +147,7 @@
  
  	/* followed by SSID and Supported rates; and HT capabilities if 802.11n
  	 * is used */
-@@ -5799,6 +5816,13 @@ static void handle_assoc(struct hostapd_
+@@ -5006,6 +5023,13 @@ static void handle_assoc(struct hostapd_
  	}
  #endif /* CONFIG_FILS */
  
@@ -161,7 +161,7 @@
   fail:
  
  	/*
-@@ -5892,6 +5916,7 @@ static void handle_disassoc(struct hosta
+@@ -5099,6 +5123,7 @@ static void handle_disassoc(struct hosta
  	wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
  		   MAC2STR(mgmt->sa),
  		   le_to_host16(mgmt->u.disassoc.reason_code));
@@ -169,7 +169,7 @@
  
  	sta = ap_get_sta(hapd, mgmt->sa);
  	if (sta == NULL) {
-@@ -5961,6 +5986,8 @@ static void handle_deauth(struct hostapd
+@@ -5168,6 +5193,8 @@ static void handle_deauth(struct hostapd
  	/* Clear the PTKSA cache entries for PASN */
  	ptksa_cache_flush(hapd->ptksa, mgmt->sa, WPA_CIPHER_NONE);
  
@@ -180,7 +180,7 @@
  		wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
 --- a/src/ap/beacon.c
 +++ b/src/ap/beacon.c
-@@ -919,6 +919,12 @@ void handle_probe_req(struct hostapd_dat
+@@ -1006,6 +1006,12 @@ void handle_probe_req(struct hostapd_dat
  	u16 csa_offs[2];
  	size_t csa_offs_len;
  	struct radius_sta rad_info;
@@ -193,7 +193,7 @@
  
  	if (hapd->iconf->rssi_ignore_probe_request && ssi_signal &&
  	    ssi_signal < hapd->iconf->rssi_ignore_probe_request)
-@@ -1105,6 +1111,12 @@ void handle_probe_req(struct hostapd_dat
+@@ -1192,6 +1198,12 @@ void handle_probe_req(struct hostapd_dat
  	}
  #endif /* CONFIG_P2P */
  
@@ -250,7 +250,7 @@
  		ap_free_sta(hapd, sta);
  		break;
  	}
-@@ -1298,12 +1300,25 @@ void ap_sta_set_authorized(struct hostap
+@@ -1305,15 +1307,28 @@ void ap_sta_set_authorized(struct hostap
  					sta->addr, authorized, dev_addr);
  
  	if (authorized) {
@@ -265,18 +265,21 @@
 +			[WLAN_AUTH_PASN] = "pasn",
 +		};
 +		const char *auth_alg = NULL;
+ 		const u8 *dpp_pkhash;
  		const char *keyid;
+ 		char dpp_pkhash_buf[100];
  		char keyid_buf[100];
  		char ip_addr[100];
 +		char alg_buf[100];
  
+ 		dpp_pkhash_buf[0] = '\0';
  		keyid_buf[0] = '\0';
  		ip_addr[0] = '\0';
 +		alg_buf[0] = '\0';
  #ifdef CONFIG_P2P
  		if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) {
  			os_snprintf(ip_addr, sizeof(ip_addr),
-@@ -1313,22 +1328,31 @@ void ap_sta_set_authorized(struct hostap
+@@ -1323,6 +1338,13 @@ void ap_sta_set_authorized(struct hostap
  		}
  #endif /* CONFIG_P2P */
  
@@ -285,27 +288,29 @@
 +
 +		if (auth_alg)
 +			os_snprintf(alg_buf, sizeof(alg_buf),
-+				    " auth_alg=%s", auth_alg);
++				" auth_alg=%s", auth_alg);
 +
  		keyid = ap_sta_wpa_get_keyid(hapd, sta);
  		if (keyid) {
  			os_snprintf(keyid_buf, sizeof(keyid_buf),
- 				    " keyid=%s", keyid);
+@@ -1341,17 +1363,19 @@ void ap_sta_set_authorized(struct hostap
+ 					 dpp_pkhash, SHA256_MAC_LEN);
  		}
  
--		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s",
--			buf, ip_addr, keyid_buf);
+-		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s",
+-			buf, ip_addr, keyid_buf, dpp_pkhash_buf);
 +		hostapd_ubus_notify_authorized(hapd, sta, auth_alg);
-+		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s",
-+			buf, ip_addr, keyid_buf, alg_buf);
++		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s%s",
++			buf, ip_addr, keyid_buf, dpp_pkhash_buf, alg_buf);
  
  		if (hapd->msg_ctx_parent &&
  		    hapd->msg_ctx_parent != hapd->msg_ctx)
  			wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
--					  AP_STA_CONNECTED "%s%s%s",
--					  buf, ip_addr, keyid_buf);
-+					  AP_STA_CONNECTED "%s%s%s%s",
-+					  buf, ip_addr, keyid_buf, alg_buf);
+-					  AP_STA_CONNECTED "%s%s%s%s",
++					  AP_STA_CONNECTED "%s%s%s%s%s",
+ 					  buf, ip_addr, keyid_buf,
+-					  dpp_pkhash_buf);
++					  dpp_pkhash_buf, alg_buf);
  	} else {
  		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
 +		hostapd_ubus_notify(hapd, "disassoc", sta->addr);
@@ -314,7 +319,7 @@
  		    hapd->msg_ctx_parent != hapd->msg_ctx)
 --- a/src/ap/wpa_auth_glue.c
 +++ b/src/ap/wpa_auth_glue.c
-@@ -268,6 +268,7 @@ static void hostapd_wpa_auth_psk_failure
+@@ -269,6 +269,7 @@ static void hostapd_wpa_auth_psk_failure
  	struct hostapd_data *hapd = ctx;
  	wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
  		MAC2STR(addr));
@@ -324,7 +329,7 @@
  
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -183,6 +183,12 @@ ifdef CONFIG_EAPOL_TEST
+@@ -194,6 +194,12 @@ ifdef CONFIG_EAPOL_TEST
  CFLAGS += -Werror -DEAPOL_TEST
  endif
  
@@ -337,7 +342,7 @@
  ifdef CONFIG_CODE_COVERAGE
  CFLAGS += -O0 -fprofile-arcs -ftest-coverage
  LIBS += -lgcov
-@@ -977,6 +983,9 @@ ifdef CONFIG_CTRL_IFACE_MIB
+@@ -989,6 +995,9 @@ ifdef CONFIG_CTRL_IFACE_MIB
  CFLAGS += -DCONFIG_CTRL_IFACE_MIB
  endif
  OBJS += ../src/ap/ctrl_iface_ap.o
@@ -349,7 +354,7 @@
  CFLAGS += -DEAP_SERVER -DEAP_SERVER_IDENTITY
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -7285,6 +7285,8 @@ struct wpa_supplicant * wpa_supplicant_a
+@@ -7608,6 +7608,8 @@ struct wpa_supplicant * wpa_supplicant_a
  	}
  #endif /* CONFIG_P2P */
  
@@ -358,7 +363,7 @@
  	return wpa_s;
  }
  
-@@ -7311,6 +7313,8 @@ int wpa_supplicant_remove_iface(struct w
+@@ -7634,6 +7636,8 @@ int wpa_supplicant_remove_iface(struct w
  	struct wpa_supplicant *parent = wpa_s->parent;
  #endif /* CONFIG_MESH */
  
@@ -367,7 +372,7 @@
  	/* Remove interface from the global list of interfaces */
  	prev = global->ifaces;
  	if (prev == wpa_s) {
-@@ -7614,8 +7618,12 @@ int wpa_supplicant_run(struct wpa_global
+@@ -7980,8 +7984,12 @@ int wpa_supplicant_run(struct wpa_global
  	eloop_register_signal_terminate(wpa_supplicant_terminate, global);
  	eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
  
@@ -382,15 +387,15 @@
  
 --- a/wpa_supplicant/wpa_supplicant_i.h
 +++ b/wpa_supplicant/wpa_supplicant_i.h
-@@ -20,6 +20,7 @@
- #include "wps/wps_defs.h"
+@@ -21,6 +21,7 @@
  #include "config_ssid.h"
  #include "wmm_ac.h"
+ #include "pasn/pasn_common.h"
 +#include "ubus.h"
  
  extern const char *const wpa_supplicant_version;
  extern const char *const wpa_supplicant_license;
-@@ -323,6 +324,8 @@ struct wpa_global {
+@@ -324,6 +325,8 @@ struct wpa_global {
  #endif /* CONFIG_WIFI_DISPLAY */
  
  	struct psk_list_entry *add_psk; /* From group formation */
@@ -399,7 +404,7 @@
  };
  
  
-@@ -707,6 +710,7 @@ struct wpa_supplicant {
+@@ -655,6 +658,7 @@ struct wpa_supplicant {
  	unsigned char own_addr[ETH_ALEN];
  	unsigned char perm_addr[ETH_ALEN];
  	char ifname[100];
@@ -417,7 +422,7 @@
  
  
  #ifndef WPS_PIN_SCAN_IGNORE_SEL_REG
-@@ -391,6 +392,8 @@ static int wpa_supplicant_wps_cred(void
+@@ -402,6 +403,8 @@ static int wpa_supplicant_wps_cred(void
  	wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",
  			cred->cred_attr, cred->cred_attr_len);
  
@@ -428,7 +433,7 @@
  
 --- a/hostapd/main.c
 +++ b/hostapd/main.c
-@@ -897,6 +897,7 @@ int main(int argc, char *argv[])
+@@ -901,6 +901,7 @@ int main(int argc, char *argv[])
  	}
  
  	hostapd_global_ctrl_iface_init(&interfaces);
@@ -436,7 +441,7 @@
  
  	if (hostapd_global_run(&interfaces, daemonize, pid_file)) {
  		wpa_printf(MSG_ERROR, "Failed to start eloop");
-@@ -906,6 +907,7 @@ int main(int argc, char *argv[])
+@@ -910,6 +911,7 @@ int main(int argc, char *argv[])
  	ret = 0;
  
   out:
@@ -527,7 +532,7 @@
  
 --- a/src/ap/dfs.c
 +++ b/src/ap/dfs.c
-@@ -1203,6 +1203,8 @@ int hostapd_dfs_pre_cac_expired(struct h
+@@ -1211,6 +1211,8 @@ int hostapd_dfs_pre_cac_expired(struct h
  		"freq=%d ht_enabled=%d chan_offset=%d chan_width=%d cf1=%d cf2=%d",
  		freq, ht_enabled, chan_offset, chan_width, cf1, cf2);
  
@@ -569,7 +574,7 @@
  	}
 --- a/src/ap/sta_info.h
 +++ b/src/ap/sta_info.h
-@@ -328,6 +328,7 @@ struct sta_info {
+@@ -293,6 +293,7 @@ struct sta_info {
  #endif /* CONFIG_TESTING_OPTIONS */
  #ifdef CONFIG_AIRTIME_POLICY
  	unsigned int airtime_weight;

package/network/services/hostapd/patches/700-wifi-reload.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -2416,6 +2416,8 @@ static int hostapd_config_fill(struct ho
+@@ -2418,6 +2418,8 @@ static int hostapd_config_fill(struct ho
  		bss->isolate = atoi(pos);
  	} else if (os_strcmp(buf, "ap_max_inactivity") == 0) {
  		bss->ap_max_inactivity = atoi(pos);
@@ -8,8 +8,8 @@
 +		bss->config_id = os_strdup(pos);
  	} else if (os_strcmp(buf, "skip_inactivity_poll") == 0) {
  		bss->skip_inactivity_poll = atoi(pos);
- 	} else if (os_strcmp(buf, "country_code") == 0) {
-@@ -3121,6 +3123,8 @@ static int hostapd_config_fill(struct ho
+ 	} else if (os_strcmp(buf, "config_id") == 0) {
+@@ -3128,6 +3130,8 @@ static int hostapd_config_fill(struct ho
  		}
  	} else if (os_strcmp(buf, "acs_exclude_dfs") == 0) {
  		conf->acs_exclude_dfs = atoi(pos);
@@ -20,15 +20,7 @@
  	} else if (os_strcmp(buf, "channel") == 0) {
 --- a/src/ap/ap_config.c
 +++ b/src/ap/ap_config.c
-@@ -796,6 +796,7 @@ void hostapd_config_free_bss(struct host
- 	os_free(conf->radius_req_attr_sqlite);
- 	os_free(conf->rsn_preauth_interfaces);
- 	os_free(conf->ctrl_interface);
-+	os_free(conf->config_id);
- 	os_free(conf->ca_cert);
- 	os_free(conf->server_cert);
- 	os_free(conf->server_cert2);
-@@ -995,6 +996,7 @@ void hostapd_config_free(struct hostapd_
+@@ -997,6 +997,7 @@ void hostapd_config_free(struct hostapd_
  
  	for (i = 0; i < conf->num_bss; i++)
  		hostapd_config_free_bss(conf->bss[i]);
@@ -38,16 +30,7 @@
  	os_free(conf->basic_rates);
 --- a/src/ap/ap_config.h
 +++ b/src/ap/ap_config.h
-@@ -285,6 +285,8 @@ struct hostapd_bss_config {
- 	char vlan_bridge[IFNAMSIZ + 1];
- 	char wds_bridge[IFNAMSIZ + 1];
- 
-+	char *config_id;
-+
- 	enum hostapd_logger_level logger_syslog_level, logger_stdout_level;
- 
- 	unsigned int logger_syslog; /* module bitfield */
-@@ -969,6 +971,7 @@ struct eht_phy_capabilities_info {
+@@ -987,6 +987,7 @@ struct eht_phy_capabilities_info {
  struct hostapd_config {
  	struct hostapd_bss_config **bss, *last_bss;
  	size_t num_bss;
@@ -57,7 +40,7 @@
  	int rts_threshold;
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -224,6 +224,10 @@ static int hostapd_iface_conf_changed(st
+@@ -254,6 +254,10 @@ static int hostapd_iface_conf_changed(st
  {
  	size_t i;
  
@@ -68,7 +51,7 @@
  	if (newconf->num_bss != oldconf->num_bss)
  		return 1;
  
-@@ -237,7 +241,7 @@ static int hostapd_iface_conf_changed(st
+@@ -267,7 +271,7 @@ static int hostapd_iface_conf_changed(st
  }
  
  
@@ -77,26 +60,17 @@
  {
  	struct hapd_interfaces *interfaces = iface->interfaces;
  	struct hostapd_data *hapd = iface->bss[0];
-@@ -260,13 +264,16 @@ int hostapd_reload_config(struct hostapd
- 	if (newconf == NULL)
- 		return -1;
- 
--	hostapd_clear_old(iface);
--
- 	oldconf = hapd->iconf;
- 	if (hostapd_iface_conf_changed(newconf, oldconf)) {
+@@ -295,6 +299,9 @@ int hostapd_reload_config(struct hostapd
  		char *fname;
  		int res;
  
 +		if (reconf)
 +			return -1;
 +
-+		hostapd_clear_old(iface);
-+
+ 		hostapd_clear_old(iface);
+ 
  		wpa_printf(MSG_DEBUG,
- 			   "Configuration changes include interface/BSS modification - force full disable+enable sequence");
- 		fname = os_strdup(iface->config_fname);
-@@ -291,6 +298,24 @@ int hostapd_reload_config(struct hostapd
+@@ -321,6 +328,24 @@ int hostapd_reload_config(struct hostapd
  			wpa_printf(MSG_ERROR,
  				   "Failed to enable interface on config reload");
  		return res;
@@ -121,7 +95,7 @@
  	}
  	iface->conf = newconf;
  
-@@ -307,6 +332,12 @@ int hostapd_reload_config(struct hostapd
+@@ -337,6 +362,12 @@ int hostapd_reload_config(struct hostapd
  
  	for (j = 0; j < iface->num_bss; j++) {
  		hapd = iface->bss[j];
@@ -131,10 +105,10 @@
 +		}
 +		if (newconf->bss[j]->config_id)
 +			hapd->config_id = strdup(newconf->bss[j]->config_id);
- 		hapd->iconf = newconf;
- 		hapd->conf = newconf->bss[j];
- 		hostapd_reload_bss(hapd);
-@@ -2420,6 +2451,10 @@ hostapd_alloc_bss_data(struct hostapd_if
+ 		if (!hapd->conf->config_id || !newconf->bss[j]->config_id ||
+ 		    os_strcmp(hapd->conf->config_id,
+ 			      newconf->bss[j]->config_id) != 0)
+@@ -2514,6 +2545,10 @@ hostapd_alloc_bss_data(struct hostapd_if
  	hapd->iconf = conf;
  	hapd->conf = bss;
  	hapd->iface = hapd_iface;
@@ -164,7 +138,7 @@
  	int interface_added; /* virtual interface added for this BSS */
  	unsigned int started:1;
  	unsigned int disabled:1;
-@@ -667,7 +668,7 @@ struct hostapd_iface {
+@@ -676,7 +677,7 @@ struct hostapd_iface {
  int hostapd_for_each_interface(struct hapd_interfaces *interfaces,
  			       int (*cb)(struct hostapd_iface *iface,
  					 void *ctx), void *ctx);
@@ -175,19 +149,19 @@
  hostapd_alloc_bss_data(struct hostapd_iface *hapd_iface,
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -4852,6 +4852,9 @@ static int wpa_driver_nl80211_set_ap(voi
+@@ -5054,6 +5054,9 @@ static int wpa_driver_nl80211_set_ap(voi
  	if (ret) {
  		wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
  			   ret, strerror(-ret));
-+		if (!bss->beacon_set)
++		if (!bss->flink->beacon_set)
 +			ret = 0;
-+		bss->beacon_set = 0;
++		bss->flink->beacon_set = 0;
  	} else {
- 		bss->beacon_set = 1;
+ 		bss->flink->beacon_set = 1;
  		nl80211_set_bss(bss, params->cts_protect, params->preamble,
 --- a/hostapd/ctrl_iface.c
 +++ b/hostapd/ctrl_iface.c
-@@ -186,7 +186,7 @@ static int hostapd_ctrl_iface_update(str
+@@ -187,7 +187,7 @@ static int hostapd_ctrl_iface_update(str
  	iface->interfaces->config_read_cb = hostapd_ctrl_iface_config_read;
  	reload_opts = txt;
  
@@ -198,7 +172,7 @@
  }
 --- a/hostapd/main.c
 +++ b/hostapd/main.c
-@@ -317,7 +317,7 @@ static void handle_term(int sig, void *s
+@@ -320,7 +320,7 @@ static void handle_term(int sig, void *s
  
  static int handle_reload_iface(struct hostapd_iface *iface, void *ctx)
  {

package/network/services/hostapd/patches/710-vlan_no_bridge.patch

@@ -30,7 +30,7 @@
  
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -3346,6 +3346,8 @@ static int hostapd_config_fill(struct ho
+@@ -3353,6 +3353,8 @@ static int hostapd_config_fill(struct ho
  #ifndef CONFIG_NO_VLAN
  	} else if (os_strcmp(buf, "dynamic_vlan") == 0) {
  		bss->ssid.dynamic_vlan = atoi(pos);

package/network/services/hostapd/patches/711-wds_bridge_force.patch

@@ -6,12 +6,12 @@
  		os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
 +		if (!bss->wds_bridge[0])
 +			os_strlcpy(bss->wds_bridge, pos, sizeof(bss->wds_bridge));
+ 	} else if (os_strcmp(buf, "bridge_hairpin") == 0) {
+ 		bss->bridge_hairpin = atoi(pos);
  	} else if (os_strcmp(buf, "vlan_bridge") == 0) {
- 		os_strlcpy(bss->vlan_bridge, pos, sizeof(bss->vlan_bridge));
- 	} else if (os_strcmp(buf, "wds_bridge") == 0) {
 --- a/src/ap/ap_drv_ops.c
 +++ b/src/ap/ap_drv_ops.c
-@@ -340,8 +340,6 @@ int hostapd_set_wds_sta(struct hostapd_d
+@@ -348,8 +348,6 @@ int hostapd_set_wds_sta(struct hostapd_d
  		return -1;
  	if (hapd->conf->wds_bridge[0])
  		bridge = hapd->conf->wds_bridge;

package/network/services/hostapd/patches/720-iface_max_num_sta.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -2841,6 +2841,14 @@ static int hostapd_config_fill(struct ho
+@@ -2848,6 +2848,14 @@ static int hostapd_config_fill(struct ho
  				   line, bss->max_num_sta, MAX_STA_COUNT);
  			return 1;
  		}
@@ -17,7 +17,7 @@
  	} else if (os_strcmp(buf, "extended_key_id") == 0) {
 --- a/src/ap/hostapd.h
 +++ b/src/ap/hostapd.h
-@@ -711,6 +711,7 @@ void hostapd_cleanup_cs_params(struct ho
+@@ -721,6 +721,7 @@ void hostapd_cleanup_cs_params(struct ho
  void hostapd_periodic_iface(struct hostapd_iface *iface);
  int hostapd_owe_trans_get_info(struct hostapd_data *hapd);
  void hostapd_ocv_check_csa_sa_query(void *eloop_ctx, void *timeout_ctx);
@@ -27,7 +27,7 @@
  void hostapd_cleanup_cca_params(struct hostapd_data *hapd);
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -241,6 +241,30 @@ static int hostapd_iface_conf_changed(st
+@@ -271,6 +271,30 @@ static int hostapd_iface_conf_changed(st
  }
  
  
@@ -60,7 +60,7 @@
  	struct hapd_interfaces *interfaces = iface->interfaces;
 --- a/src/ap/beacon.c
 +++ b/src/ap/beacon.c
-@@ -1135,7 +1135,7 @@ void handle_probe_req(struct hostapd_dat
+@@ -1222,7 +1222,7 @@ void handle_probe_req(struct hostapd_dat
  	if (hapd->conf->no_probe_resp_if_max_sta &&
  	    is_multicast_ether_addr(mgmt->da) &&
  	    is_multicast_ether_addr(mgmt->bssid) &&
@@ -71,7 +71,7 @@
  			   " since no room for additional STA",
 --- a/src/ap/ap_config.h
 +++ b/src/ap/ap_config.h
-@@ -1010,6 +1010,8 @@ struct hostapd_config {
+@@ -1026,6 +1026,8 @@ struct hostapd_config {
  	unsigned int track_sta_max_num;
  	unsigned int track_sta_max_age;
  

package/network/services/hostapd/patches/730-ft_iface.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -3000,6 +3000,8 @@ static int hostapd_config_fill(struct ho
+@@ -3007,6 +3007,8 @@ static int hostapd_config_fill(struct ho
  		wpa_printf(MSG_INFO,
  			   "Line %d: Obsolete peerkey parameter ignored", line);
  #ifdef CONFIG_IEEE80211R_AP
@@ -18,10 +18,10 @@
 +	char ft_iface[IFNAMSIZ + 1];
  	char vlan_bridge[IFNAMSIZ + 1];
  	char wds_bridge[IFNAMSIZ + 1];
- 
+ 	int bridge_hairpin; /* hairpin_mode on bridge members */
 --- a/src/ap/wpa_auth_glue.c
 +++ b/src/ap/wpa_auth_glue.c
-@@ -1595,8 +1595,12 @@ int hostapd_setup_wpa(struct hostapd_dat
+@@ -1616,8 +1616,12 @@ int hostapd_setup_wpa(struct hostapd_dat
  	    wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) {
  		const char *ft_iface;
  

package/network/services/hostapd/patches/740-snoop_iface.patch

@@ -7,7 +7,7 @@
 +	char snoop_iface[IFNAMSIZ + 1];
  	char vlan_bridge[IFNAMSIZ + 1];
  	char wds_bridge[IFNAMSIZ + 1];
- 
+ 	int bridge_hairpin; /* hairpin_mode on bridge members */
 --- a/src/ap/x_snoop.c
 +++ b/src/ap/x_snoop.c
 @@ -33,14 +33,16 @@ int x_snoop_init(struct hostapd_data *ha
@@ -55,10 +55,10 @@
  			   "x_snoop: Failed to initialize L2 packet processing %s",
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -2318,6 +2318,8 @@ static int hostapd_config_fill(struct ho
- 		os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
- 		if (!bss->wds_bridge[0])
+@@ -2320,6 +2320,8 @@ static int hostapd_config_fill(struct ho
  			os_strlcpy(bss->wds_bridge, pos, sizeof(bss->wds_bridge));
+ 	} else if (os_strcmp(buf, "bridge_hairpin") == 0) {
+ 		bss->bridge_hairpin = atoi(pos);
 +	} else if (os_strcmp(buf, "snoop_iface") == 0) {
 +		os_strlcpy(bss->snoop_iface, pos, sizeof(bss->snoop_iface));
  	} else if (os_strcmp(buf, "vlan_bridge") == 0) {

package/network/services/hostapd/patches/750-qos_map_set_without_interworking.patch

@@ -18,7 +18,7 @@
  
  #ifdef CONFIG_HS20
  static int hs20_parse_conn_capab(struct hostapd_bss_config *bss, char *buf,
-@@ -4046,10 +4046,10 @@ static int hostapd_config_fill(struct ho
+@@ -4064,10 +4064,10 @@ static int hostapd_config_fill(struct ho
  		bss->gas_frag_limit = val;
  	} else if (os_strcmp(buf, "gas_comeback_delay") == 0) {
  		bss->gas_comeback_delay = atoi(pos);
@@ -32,7 +32,7 @@
  		os_free(bss->dump_msk_file);
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -1424,6 +1424,7 @@ static int hostapd_setup_bss(struct host
+@@ -1499,6 +1499,7 @@ static int hostapd_setup_bss(struct host
  		wpa_printf(MSG_ERROR, "GAS server initialization failed");
  		return -1;
  	}
@@ -40,7 +40,7 @@
  
  	if (conf->qos_map_set_len &&
  	    hostapd_drv_set_qos_map(hapd, conf->qos_map_set,
-@@ -1431,7 +1432,6 @@ static int hostapd_setup_bss(struct host
+@@ -1506,7 +1507,6 @@ static int hostapd_setup_bss(struct host
  		wpa_printf(MSG_ERROR, "Failed to initialize QoS Map");
  		return -1;
  	}
@@ -50,7 +50,7 @@
  		wpa_printf(MSG_ERROR, "BSS Load initialization failed");
 --- a/wpa_supplicant/events.c
 +++ b/wpa_supplicant/events.c
-@@ -2586,8 +2586,6 @@ void wnm_bss_keep_alive_deinit(struct wp
+@@ -2672,8 +2672,6 @@ void wnm_bss_keep_alive_deinit(struct wp
  }
  
  
@@ -59,16 +59,16 @@
  static int wpas_qos_map_set(struct wpa_supplicant *wpa_s, const u8 *qos_map,
  			    size_t len)
  {
-@@ -2620,8 +2618,6 @@ static void interworking_process_assoc_r
+@@ -2706,8 +2704,6 @@ static void interworking_process_assoc_r
  	}
  }
  
 -#endif /* CONFIG_INTERWORKING */
 -
  
- static void multi_ap_process_assoc_resp(struct wpa_supplicant *wpa_s,
- 					const u8 *ies, size_t ies_len)
-@@ -2954,10 +2950,8 @@ static int wpa_supplicant_event_associnf
+ static void wpa_supplicant_set_4addr_mode(struct wpa_supplicant *wpa_s)
+ {
+@@ -3087,10 +3083,8 @@ static int wpa_supplicant_event_associnf
  		wnm_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
  				       data->assoc_info.resp_ies_len);
  #endif /* CONFIG_WNM */
@@ -81,7 +81,7 @@
  			   data->assoc_info.resp_ies_len, WLAN_EID_VHT_CAP))
 --- a/src/ap/ieee802_11_shared.c
 +++ b/src/ap/ieee802_11_shared.c
-@@ -1100,13 +1100,11 @@ u8 * hostapd_eid_rsnxe(struct hostapd_da
+@@ -1116,13 +1116,11 @@ u8 * hostapd_eid_rsnxe(struct hostapd_da
  u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta,
  		    const u8 *ext_capab_ie, size_t ext_capab_ie_len)
  {

package/network/services/hostapd/patches/751-qos_map_ignore_when_unsupported.patch

@@ -1,6 +1,6 @@
 --- a/src/ap/ap_drv_ops.c
 +++ b/src/ap/ap_drv_ops.c
-@@ -864,7 +864,8 @@ int hostapd_start_dfs_cac(struct hostapd
+@@ -874,7 +874,8 @@ int hostapd_start_dfs_cac(struct hostapd
  int hostapd_drv_set_qos_map(struct hostapd_data *hapd,
  			    const u8 *qos_map_set, u8 qos_map_set_len)
  {

package/network/services/hostapd/patches/760-dynamic_own_ip.patch

@@ -1,6 +1,6 @@
 --- a/src/ap/ap_config.h
 +++ b/src/ap/ap_config.h
-@@ -311,6 +311,7 @@ struct hostapd_bss_config {
+@@ -310,6 +310,7 @@ struct hostapd_bss_config {
  	unsigned int eap_sim_db_timeout;
  	int eap_server_erp; /* Whether ERP is enabled on internal EAP server */
  	struct hostapd_ip_addr own_ip_addr;
@@ -98,7 +98,7 @@
  	    hapd->conf->own_ip_addr.af == AF_INET &&
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -2681,6 +2681,8 @@ static int hostapd_config_fill(struct ho
+@@ -2688,6 +2688,8 @@ static int hostapd_config_fill(struct ho
  	} else if (os_strcmp(buf, "iapp_interface") == 0) {
  		wpa_printf(MSG_INFO, "DEPRECATED: iapp_interface not used");
  #endif /* CONFIG_IAPP */

package/network/services/hostapd/patches/761-shared_das_port.patch

@@ -10,7 +10,7 @@
  	unsigned int time_window;
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -1367,6 +1367,7 @@ static int hostapd_setup_bss(struct host
+@@ -1442,6 +1442,7 @@ static int hostapd_setup_bss(struct host
  		struct radius_das_conf das_conf;
  		os_memset(&das_conf, 0, sizeof(das_conf));
  		das_conf.port = conf->radius_das_port;

package/network/services/hostapd/patches/800-acs-don-t-select-indoor-channel-on-outdoor-operation.patch

@@ -1,58 +0,0 @@
-From 37528a5205cb0b9e2238b7d97fb2ff5457448f1c Mon Sep 17 00:00:00 2001
-From: David Bauer <[email protected]>
-Date: Thu, 8 Sep 2022 01:45:41 +0200
-Subject: [PATCH] acs: don't select indoor channel on outdoor operation
-
-Don't select channels designated for exclusive-indoor use when the
-country3 element is set on outdoor operation.
-
-Signed-off-by: David Bauer <[email protected]>
----
- src/ap/acs.c | 9 +++++++++
- src/ap/dfs.c | 3 +++
- 2 files changed, 12 insertions(+)
-
---- a/src/ap/acs.c
-+++ b/src/ap/acs.c
-@@ -552,6 +552,9 @@ static void acs_survey_mode_interference
- 		if (chan->max_tx_power < iface->conf->min_tx_power)
- 			continue;
- 
-+		if (chan->flag & HOSTAPD_CHAN_INDOOR_ONLY && iface->conf->country[2] == 0x4f)
-+			continue;
-+
- 		wpa_printf(MSG_DEBUG, "ACS: Survey analysis for channel %d (%d MHz)",
- 			   chan->chan, chan->freq);
- 
-@@ -686,6 +689,9 @@ acs_find_ideal_chan_mode(struct hostapd_
- 		if (chan->max_tx_power < iface->conf->min_tx_power)
- 			continue;
- 
-+		if (chan->flag & HOSTAPD_CHAN_INDOOR_ONLY && iface->conf->country[2] == 0x4f)
-+			continue;
-+
- 		if (!chan_bw_allowed(chan, bw, 1, 1)) {
- 			wpa_printf(MSG_DEBUG,
- 				   "ACS: Channel %d: BW %u is not supported",
-@@ -1067,6 +1073,9 @@ static int * acs_request_scan_add_freqs(
- 		if (chan->max_tx_power < iface->conf->min_tx_power)
- 			continue;
- 
-+		if (chan->flag & HOSTAPD_CHAN_INDOOR_ONLY && iface->conf->country[2] == 0x4f)
-+			continue;
-+
- 		*freq++ = chan->freq;
- 	}
- 
---- a/src/ap/dfs.c
-+++ b/src/ap/dfs.c
-@@ -282,6 +282,9 @@ static int dfs_find_channel(struct hosta
- 		if (chan->max_tx_power < iface->conf->min_tx_power)
- 			continue;
- 
-+		if (chan->flag & HOSTAPD_CHAN_INDOOR_ONLY && iface->conf->country[2] == 0x4f)
-+			continue;
-+
- 		if (ret_chan && idx == channel_idx) {
- 			wpa_printf(MSG_DEBUG, "Selected channel %d (%d)",
- 				   chan->freq, chan->chan);

package/network/services/hostapd/patches/990-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch

@@ -13,7 +13,7 @@ Signed-off-by: David Bauer <[email protected]>
 
 --- a/wpa_supplicant/ctrl_iface.c
 +++ b/wpa_supplicant/ctrl_iface.c
-@@ -12241,7 +12241,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -12640,7 +12640,7 @@ char * wpa_supplicant_ctrl_iface_process
  		if (wpas_ctrl_iface_coloc_intf_report(wpa_s, buf + 18))
  			reply_len = -1;
  #endif /* CONFIG_WNM */
@@ -22,7 +22,7 @@ Signed-off-by: David Bauer <[email protected]>
  	} else if (os_strncmp(buf, "DISASSOC_IMMINENT ", 18) == 0) {
  		if (ap_ctrl_iface_disassoc_imminent(wpa_s, buf + 18))
  			reply_len = -1;
-@@ -12251,7 +12251,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -12650,7 +12650,7 @@ char * wpa_supplicant_ctrl_iface_process
  	} else if (os_strncmp(buf, "BSS_TM_REQ ", 11) == 0) {
  		if (ap_ctrl_iface_bss_tm_req(wpa_s, buf + 11))
  			reply_len = -1;

package/network/services/hostapd/patches/992-openssl-include-rsa.patch

@@ -1,32 +0,0 @@
-From f374d52079111a4340acb6df835f45ac6b5f3f60 Mon Sep 17 00:00:00 2001
-From: Andre Heider <[email protected]>
-Date: Wed, 22 Jun 2022 14:13:55 +0200
-Subject: OpenSSL: Include rsa.h for all OpenSSL versions
-
-This fixes the build with OpenSSL 1.1.1:
-../src/crypto/crypto_openssl.c: In function 'crypto_rsa_oaep_sha256_decrypt':
-../src/crypto/crypto_openssl.c:4404:49: error: 'RSA_PKCS1_OAEP_PADDING' undeclared (first use in this function)
-
-Signed-off-by: Andre Heider <[email protected]>
----
- src/crypto/crypto_openssl.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/src/crypto/crypto_openssl.c
-+++ b/src/crypto/crypto_openssl.c
-@@ -16,6 +16,7 @@
- #include <openssl/dh.h>
- #include <openssl/hmac.h>
- #include <openssl/rand.h>
-+#include <openssl/rsa.h>
- #include <openssl/pem.h>
- #ifdef CONFIG_ECC
- #include <openssl/ec.h>
-@@ -25,7 +26,6 @@
- #include <openssl/provider.h>
- #include <openssl/core_names.h>
- #include <openssl/param_build.h>
--#include <openssl/rsa.h>
- #include <openssl/encoder.h>
- #include <openssl/decoder.h>
- #else /* OpenSSL version >= 3.0 */