hostapd: update to 2022-06-02

4383528e0 P2P: Use weighted preferred channel list for channel selection
f2c5c8d38 QCA vendor attribute to configure RX link speed threshold for roaming
94bc94b20 Add QCA vendor attribute for DO_ACS to allow using existing scan entries
b9e2826b9 P2P: Filter 6 GHz channels if peer doesn't support them
d5a9944b8 Reserve QCA vendor sub command id 206..212
ed63c286f Remove space before tab in QCA vendor commands
e4015440a ProxyARP: Clear bridge parameters on deinit only if hostapd set them
02047e9c8 hs20-osu-client: Explicit checks for snprintf() result
cd92f7f98 FIPS PRF: Avoid duplicate SHA1Init() functionality
5c87fcc15 OpenSSL: Use internal FIPS 186-2 PRF with OpenSSL 3.0
9e305878c SAE-PK: Fix build without AES-SIV
c41004d86 OpenSSL: Convert more crypto_ec_key routines to new EVP API
667a2959c OpenSSL: crypto_ec_key_get_public_key() using new EVP_PKEY API
5b97395b3 OpenSSL: crypto_ec_key_get_private_key() using new EVP_PKEY API
177ebfe10 crypto: Convert crypto_ec_key_get_public_key() to return new ec_point
26780d92f crypto: Convert crypto_ec_key_get_private_key() to return new bignum
c9c2c2d9c OpenSSL: Fix a memory leak on crypto_hash_init() error path
6d19dccf9 OpenSSL: Free OSSL_DECODER_CTX in tls_global_dh()
4f4479ef9 OpenSSL: crypto_ec_key_parse_{priv,pub}() without EC_KEY API
b092d8ee6 tests: imsi_privacy_attr
563699174 EAP-SIM/AKA peer: IMSI privacy attribute
1004fb7ee tests: Testing functionality to discard DPP Public Action frames
355069616 tests: Add forgotten files for expired IMSI privacy cert tests
b9a222cdd tests: sigma_dut and DPP curve-from-URI special functionality
fa36e7ee4 tests: sigma_dut controlled STA and EAP-AKA parameters
99165cc4b Rename wpa_supplicant imsi_privacy_key configuration parameter
dde7f90a4 tests: Update VM setup example to use Ubuntu 22.04 and UML
426932f06 tests: EAP-AKA and expired imsi_privacy_key
35eda6e70 EAP-SIM peer: Free imsi_privacy_key on an error path
1328cdeb1 Do not try to use network profile with invalid imsi_privacy_key
d1652dc7c OpenSSL: Refuse to accept expired RSA certificate
866e7b745 OpenSSL: Include rsa.h for OpenSSL 3.0
bc99366f9 OpenSSL: Drop security level to 0 with OpenSSL 3.0 when using TLS 1.0/1.1
39e662308 tests: Work around reentrant logging issues due to __del__ misuse
72641f924 tests: Clean up failed test list in parallel-vm.py
e36a7c794 tests: Support pycryptodome
a44744d3b tests: Set ECB mode for AES explicitly to work with cryptodome
e90ea900a tests: sigma_dut DPP TCP Configurator as initiator with addr from URI
ed325ff0f DPP: Allow TCP destination (address/port) to be used from peer URI
e58dabbcf tests: DPP URI with host info
37bb4178b DPP: Host information in bootstrapping URI
1142b6e41 EHT: Do not check HE PHY capability info reserved fields
7173992b9 tests: Flush scan table in ap_wps_priority to make it more robust
b9313e17e tests: Update ap_wpa2_psk_ext_delayed_ptk_rekey to match implementation
bc3699179 Use Secure=1 in PTK rekeying EAPOL-Key msg 1/4 and 2/4
d2ce1b4d6 tests: Wait for request before responding in dscp_response

Compile-tested: all versions / ath79-generic, ramips-mt7621
Run-tested: hostapd-wolfssl / ath79-generic, ramips-mt7621

Signed-off-by: David Bauer <mail@david-bauer.net>

diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index a4640f119776b40e9f1eef5ca8bcc8198c06edd5..a3274c8d4d3a7d7a409a0b0a3bf6193d95c2626f 100644 (file)
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -9,9 +9,9 @@ PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2022-05-08
-PKG_SOURCE_VERSION:=b859b9bceadccd882252ff0aa2fdba0d3b91764e
-PKG_MIRROR_HASH:=4655a747c197d7622b41865203d6601a080b9750fcd68073688cbb6076d13894
+PKG_SOURCE_DATE:=2022-06-02
+PKG_SOURCE_VERSION:=4383528e01955d995d3b3db201e4c0f9840e8236
+PKG_MIRROR_HASH:=1b533287661d4877d56aca8a5b2a53d84d2a90eebe246d8d9b3adf943da7f0a1
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_LICENSE:=BSD-3-Clause

diff --git a/package/network/services/hostapd/patches/991-fix-compile.patch b/package/network/services/hostapd/patches/991-fix-compile.patch
new file mode 100644 (file)
index 0000000..d08efa0
--- /dev/null
+++ b/package/network/services/hostapd/patches/991-fix-compile.patch
@@ -0,0 +1,19 @@
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -8104,6 +8104,7 @@ int wpas_network_disabled(struct wpa_sup
+           !ssid->mem_only_psk)
+               return 1;
+ 
++#ifdef CONFIG_IEEE8021X_EAPOL
+ #ifdef CRYPTO_RSA_OAEP_SHA256
+       if (ssid->eap.imsi_privacy_cert) {
+               struct crypto_rsa_key *key;
+@@ -8121,7 +8122,7 @@ int wpas_network_disabled(struct wpa_sup
+               }
+       }
+ #endif /* CRYPTO_RSA_OAEP_SHA256 */
+-
++#endif /* CONFIG_IEEE8021X_EAPOL */
+       return 0;
+ }
+