hostapd: update to version 2016-01-15
authorFelix Fietkau <nbd@openwrt.org>
Thu, 28 Jan 2016 17:19:13 +0000 (17:19 +0000)
committerFelix Fietkau <nbd@openwrt.org>
Thu, 28 Jan 2016 17:19:13 +0000 (17:19 +0000)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 48527

42 files changed:
package/network/services/hostapd/Makefile
package/network/services/hostapd/patches/001-P2P-Validate-SSID-element-length-before-copying-it-C.patch [deleted file]
package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch [deleted file]
package/network/services/hostapd/patches/003-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch [deleted file]
package/network/services/hostapd/patches/004-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch [deleted file]
package/network/services/hostapd/patches/005-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch [deleted file]
package/network/services/hostapd/patches/006-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch [deleted file]
package/network/services/hostapd/patches/007-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch [deleted file]
package/network/services/hostapd/patches/008-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch [deleted file]
package/network/services/hostapd/patches/009-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch [deleted file]
package/network/services/hostapd/patches/010-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch [deleted file]
package/network/services/hostapd/patches/011-EAP-pwd-peer-Fix-last-fragment-length-validation.patch [deleted file]
package/network/services/hostapd/patches/012-EAP-pwd-server-Fix-last-fragment-length-validation.patch [deleted file]
package/network/services/hostapd/patches/013-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch [deleted file]
package/network/services/hostapd/patches/110-bool_fix.patch [deleted file]
package/network/services/hostapd/patches/120-daemonize_fix.patch
package/network/services/hostapd/patches/130-no_eapol_fix.patch
package/network/services/hostapd/patches/140-disable_bridge_packet_workaround.patch
package/network/services/hostapd/patches/150-nl80211-Report-disassociated-STA-lost-peer-for-the-c.patch [deleted file]
package/network/services/hostapd/patches/200-multicall.patch
package/network/services/hostapd/patches/300-noscan.patch
package/network/services/hostapd/patches/310-rescan_immediately.patch
package/network/services/hostapd/patches/320-optional_rfkill.patch
package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch
package/network/services/hostapd/patches/340-reload_freq_change.patch
package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch
package/network/services/hostapd/patches/360-ctrl_iface_reload.patch
package/network/services/hostapd/patches/370-ap_sta_support.patch
package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch
package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch
package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch
package/network/services/hostapd/patches/410-limit_debug_messages.patch
package/network/services/hostapd/patches/420-indicate-features.patch
package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch
package/network/services/hostapd/patches/431-wpa_cli_ifdef.patch
package/network/services/hostapd/patches/440-max_num_sta_probe.patch [deleted file]
package/network/services/hostapd/patches/450-scan_wait.patch
package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch
package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch
package/network/services/hostapd/patches/470-wait-for-nullfunc-longer.patch [deleted file]
package/network/services/hostapd/patches/600-ubus_support.patch

index 8a7fad6..5c6e981 100644 (file)
@@ -7,9 +7,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
-PKG_VERSION:=2015-03-25
+PKG_VERSION:=2016-01-15
 PKG_RELEASE:=2
-PKG_REV:=8278138e679174b1ec8af7f169c2810a8888e202
+PKG_REV:=e15dcf6d1bc2725388555523effca75b1ffab735
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=git://w1.fi/srv/git/hostap.git
diff --git a/package/network/services/hostapd/patches/001-P2P-Validate-SSID-element-length-before-copying-it-C.patch b/package/network/services/hostapd/patches/001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
deleted file mode 100644 (file)
index e408fbe..0000000
+++ /dev/null
@@ -1,37 +0,0 @@
-From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@qca.qualcomm.com>
-Date: Tue, 7 Apr 2015 11:32:11 +0300
-Subject: [PATCH] P2P: Validate SSID element length before copying it
- (CVE-2015-1863)
-
-This fixes a possible memcpy overflow for P2P dev->oper_ssid in
-p2p_add_device(). The length provided by the peer device (0..255 bytes)
-was used without proper bounds checking and that could have resulted in
-arbitrary data of up to 223 bytes being written beyond the end of the
-dev->oper_ssid[] array (of which about 150 bytes would be beyond the
-heap allocation) when processing a corrupted management frame for P2P
-peer discovery purposes.
-
-This could result in corrupted state in heap, unexpected program
-behavior due to corrupted P2P peer device information, denial of service
-due to process crash, exposure of memory contents during GO Negotiation,
-and potentially arbitrary code execution.
-
-Thanks to Google security team for reporting this issue and smart
-hardware research group of Alibaba security team for discovering it.
-
-Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
----
- src/p2p/p2p.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/src/p2p/p2p.c
-+++ b/src/p2p/p2p.c
-@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p,
-       if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
-               os_memcpy(dev->interface_addr, addr, ETH_ALEN);
-       if (msg.ssid &&
-+          msg.ssid[1] <= sizeof(dev->oper_ssid) &&
-           (msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
-            os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
-            != 0)) {
diff --git a/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch b/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
deleted file mode 100644 (file)
index bc4d60f..0000000
+++ /dev/null
@@ -1,36 +0,0 @@
-From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Wed, 29 Apr 2015 02:21:53 +0300
-Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser
-
-The length of the WMM Action frame was not properly validated and the
-length of the information elements (int left) could end up being
-negative. This would result in reading significantly past the stack
-buffer while parsing the IEs in ieee802_11_parse_elems() and while doing
-so, resulting in segmentation fault.
-
-This can result in an invalid frame being used for a denial of service
-attack (hostapd process killed) against an AP with a driver that uses
-hostapd for management frame processing (e.g., all mac80211-based
-drivers).
-
-Thanks to Kostya Kortchinsky of Google security team for discovering and
-reporting this issue.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/ap/wmm.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/src/ap/wmm.c
-+++ b/src/ap/wmm.c
-@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_d
-               return;
-       }
-+      if (left < 0)
-+              return; /* not a valid WMM Action frame */
-+
-       /* extract the tspec info element */
-       if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) {
-               hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
diff --git a/package/network/services/hostapd/patches/003-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch b/package/network/services/hostapd/patches/003-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
deleted file mode 100644 (file)
index 36b4ca2..0000000
+++ /dev/null
@@ -1,49 +0,0 @@
-From 5acd23f4581da58683f3cf5e36cb71bbe4070bd7 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Tue, 28 Apr 2015 17:08:33 +0300
-Subject: [PATCH] WPS: Fix HTTP chunked transfer encoding parser
-
-strtoul() return value may end up overflowing the int h->chunk_size and
-resulting in a negative value to be stored as the chunk_size. This could
-result in the following memcpy operation using a very large length
-argument which would result in a buffer overflow and segmentation fault.
-
-This could have been used to cause a denial service by any device that
-has been authorized for network access (either wireless or wired). This
-would affect both the WPS UPnP functionality in a WPS AP (hostapd with
-upnp_iface parameter set in the configuration) and WPS ER
-(wpa_supplicant with WPS_ER_START control interface command used).
-
-Validate the parsed chunk length value to avoid this. In addition to
-rejecting negative values, we can also reject chunk size that would be
-larger than the maximum configured body length.
-
-Thanks to Kostya Kortchinsky of Google security team for discovering and
-reporting this issue.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/wps/httpread.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/src/wps/httpread.c b/src/wps/httpread.c
-index 2f08f37..d2855e3 100644
---- a/src/wps/httpread.c
-+++ b/src/wps/httpread.c
-@@ -533,6 +533,13 @@ static void httpread_read_handler(int sd, void *eloop_ctx, void *sock_ctx)
-                                       if (!isxdigit(*cbp))
-                                               goto bad;
-                                       h->chunk_size = strtoul(cbp, NULL, 16);
-+                                      if (h->chunk_size < 0 ||
-+                                          h->chunk_size > h->max_bytes) {
-+                                              wpa_printf(MSG_DEBUG,
-+                                                         "httpread: Invalid chunk size %d",
-+                                                         h->chunk_size);
-+                                              goto bad;
-+                                      }
-                                       /* throw away chunk header
-                                        * so we have only real data
-                                        */
--- 
-1.9.1
-
diff --git a/package/network/services/hostapd/patches/004-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch b/package/network/services/hostapd/patches/004-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
deleted file mode 100644 (file)
index 91627fb..0000000
+++ /dev/null
@@ -1,73 +0,0 @@
-From dd2f043c9c43d156494e33d7ce22db96e6ef42c7 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 1 May 2015 16:37:45 +0300
-Subject: [PATCH 1/5] EAP-pwd peer: Fix payload length validation for Commit
- and Confirm
-
-The length of the received Commit and Confirm message payloads was not
-checked before reading them. This could result in a buffer read
-overflow when processing an invalid message.
-
-Fix this by verifying that the payload is of expected length before
-processing it. In addition, enforce correct state transition sequence to
-make sure there is no unexpected behavior if receiving a Commit/Confirm
-message before the previous exchanges have been completed.
-
-Thanks to Kostya Kortchinsky of Google security team for discovering and
-reporting this issue.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_peer/eap_pwd.c | 29 +++++++++++++++++++++++++++++
- 1 file changed, 29 insertions(+)
-
-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
-index f2b0926..a629437 100644
---- a/src/eap_peer/eap_pwd.c
-+++ b/src/eap_peer/eap_pwd.c
-@@ -355,6 +355,23 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
-       BIGNUM *mask = NULL, *x = NULL, *y = NULL, *cofactor = NULL;
-       u16 offset;
-       u8 *ptr, *scalar = NULL, *element = NULL;
-+      size_t prime_len, order_len;
-+
-+      if (data->state != PWD_Commit_Req) {
-+              ret->ignore = TRUE;
-+              goto fin;
-+      }
-+
-+      prime_len = BN_num_bytes(data->grp->prime);
-+      order_len = BN_num_bytes(data->grp->order);
-+
-+      if (payload_len != 2 * prime_len + order_len) {
-+              wpa_printf(MSG_INFO,
-+                         "EAP-pwd: Unexpected Commit payload length %u (expected %u)",
-+                         (unsigned int) payload_len,
-+                         (unsigned int) (2 * prime_len + order_len));
-+              goto fin;
-+      }
-       if (((data->private_value = BN_new()) == NULL) ||
-           ((data->my_element = EC_POINT_new(data->grp->group)) == NULL) ||
-@@ -554,6 +571,18 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
-       u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr;
-       int offset;
-+      if (data->state != PWD_Confirm_Req) {
-+              ret->ignore = TRUE;
-+              goto fin;
-+      }
-+
-+      if (payload_len != SHA256_MAC_LEN) {
-+              wpa_printf(MSG_INFO,
-+                         "EAP-pwd: Unexpected Confirm payload length %u (expected %u)",
-+                         (unsigned int) payload_len, SHA256_MAC_LEN);
-+              goto fin;
-+      }
-+
-       /*
-        * first build up the ciphersuite which is group | random_function |
-        *      prf
--- 
-1.9.1
-
diff --git a/package/network/services/hostapd/patches/005-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch b/package/network/services/hostapd/patches/005-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
deleted file mode 100644 (file)
index 5dca20b..0000000
+++ /dev/null
@@ -1,66 +0,0 @@
-From e28a58be26184c2a23f80b410e0997ef1bd5d578 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 1 May 2015 16:40:44 +0300
-Subject: [PATCH 2/5] EAP-pwd server: Fix payload length validation for Commit
- and Confirm
-
-The length of the received Commit and Confirm message payloads was not
-checked before reading them. This could result in a buffer read
-overflow when processing an invalid message.
-
-Fix this by verifying that the payload is of expected length before
-processing it. In addition, enforce correct state transition sequence to
-make sure there is no unexpected behavior if receiving a Commit/Confirm
-message before the previous exchanges have been completed.
-
-Thanks to Kostya Kortchinsky of Google security team for discovering and
-reporting this issue.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_server/eap_server_pwd.c | 19 +++++++++++++++++++
- 1 file changed, 19 insertions(+)
-
-diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
-index 66bd5d2..3189105 100644
---- a/src/eap_server/eap_server_pwd.c
-+++ b/src/eap_server/eap_server_pwd.c
-@@ -656,9 +656,21 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data,
-       BIGNUM *x = NULL, *y = NULL, *cofactor = NULL;
-       EC_POINT *K = NULL, *point = NULL;
-       int res = 0;
-+      size_t prime_len, order_len;
-       wpa_printf(MSG_DEBUG, "EAP-pwd: Received commit response");
-+      prime_len = BN_num_bytes(data->grp->prime);
-+      order_len = BN_num_bytes(data->grp->order);
-+
-+      if (payload_len != 2 * prime_len + order_len) {
-+              wpa_printf(MSG_INFO,
-+                         "EAP-pwd: Unexpected Commit payload length %u (expected %u)",
-+                         (unsigned int) payload_len,
-+                         (unsigned int) (2 * prime_len + order_len));
-+              goto fin;
-+      }
-+
-       if (((data->peer_scalar = BN_new()) == NULL) ||
-           ((data->k = BN_new()) == NULL) ||
-           ((cofactor = BN_new()) == NULL) ||
-@@ -774,6 +786,13 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
-       u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr;
-       int offset;
-+      if (payload_len != SHA256_MAC_LEN) {
-+              wpa_printf(MSG_INFO,
-+                         "EAP-pwd: Unexpected Confirm payload length %u (expected %u)",
-+                         (unsigned int) payload_len, SHA256_MAC_LEN);
-+              goto fin;
-+      }
-+
-       /* build up the ciphersuite: group | random_function | prf */
-       grp = htons(data->group_num);
-       ptr = (u8 *) &cs;
--- 
-1.9.1
-
diff --git a/package/network/services/hostapd/patches/006-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch b/package/network/services/hostapd/patches/006-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
deleted file mode 100644 (file)
index 4d2f9d8..0000000
+++ /dev/null
@@ -1,52 +0,0 @@
-From 477c74395acd0123340457ba6f15ab345d42016e Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sat, 2 May 2015 19:23:04 +0300
-Subject: [PATCH 3/5] EAP-pwd peer: Fix Total-Length parsing for fragment
- reassembly
-
-The remaining number of bytes in the message could be smaller than the
-Total-Length field size, so the length needs to be explicitly checked
-prior to reading the field and decrementing the len variable. This could
-have resulted in the remaining length becoming negative and interpreted
-as a huge positive integer.
-
-In addition, check that there is no already started fragment in progress
-before allocating a new buffer for reassembling fragments. This avoid a
-potential memory leak when processing invalid message.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_peer/eap_pwd.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
-index a629437..1d2079b 100644
---- a/src/eap_peer/eap_pwd.c
-+++ b/src/eap_peer/eap_pwd.c
-@@ -866,11 +866,23 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
-        * if it's the first fragment there'll be a length field
-        */
-       if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) {
-+              if (len < 2) {
-+                      wpa_printf(MSG_DEBUG,
-+                                 "EAP-pwd: Frame too short to contain Total-Length field");
-+                      ret->ignore = TRUE;
-+                      return NULL;
-+              }
-               tot_len = WPA_GET_BE16(pos);
-               wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments whose "
-                          "total length = %d", tot_len);
-               if (tot_len > 15000)
-                       return NULL;
-+              if (data->inbuf) {
-+                      wpa_printf(MSG_DEBUG,
-+                                 "EAP-pwd: Unexpected new fragment start when previous fragment is still in use");
-+                      ret->ignore = TRUE;
-+                      return NULL;
-+              }
-               data->inbuf = wpabuf_alloc(tot_len);
-               if (data->inbuf == NULL) {
-                       wpa_printf(MSG_INFO, "Out of memory to buffer "
--- 
-1.9.1
-
diff --git a/package/network/services/hostapd/patches/007-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch b/package/network/services/hostapd/patches/007-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
deleted file mode 100644 (file)
index 7edef09..0000000
+++ /dev/null
@@ -1,50 +0,0 @@
-From 3035cc2894e08319b905bd6561e8bddc8c2db9fa Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sat, 2 May 2015 19:26:06 +0300
-Subject: [PATCH 4/5] EAP-pwd server: Fix Total-Length parsing for fragment
- reassembly
-
-The remaining number of bytes in the message could be smaller than the
-Total-Length field size, so the length needs to be explicitly checked
-prior to reading the field and decrementing the len variable. This could
-have resulted in the remaining length becoming negative and interpreted
-as a huge positive integer.
-
-In addition, check that there is no already started fragment in progress
-before allocating a new buffer for reassembling fragments. This avoid a
-potential memory leak when processing invalid message.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_server/eap_server_pwd.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
-index 3189105..2bfc3c2 100644
---- a/src/eap_server/eap_server_pwd.c
-+++ b/src/eap_server/eap_server_pwd.c
-@@ -942,11 +942,21 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
-        * the first fragment has a total length
-        */
-       if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) {
-+              if (len < 2) {
-+                      wpa_printf(MSG_DEBUG,
-+                                 "EAP-pwd: Frame too short to contain Total-Length field");
-+                      return;
-+              }
-               tot_len = WPA_GET_BE16(pos);
-               wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments, total "
-                          "length = %d", tot_len);
-               if (tot_len > 15000)
-                       return;
-+              if (data->inbuf) {
-+                      wpa_printf(MSG_DEBUG,
-+                                 "EAP-pwd: Unexpected new fragment start when previous fragment is still in use");
-+                      return;
-+              }
-               data->inbuf = wpabuf_alloc(tot_len);
-               if (data->inbuf == NULL) {
-                       wpa_printf(MSG_INFO, "EAP-pwd: Out of memory to "
--- 
-1.9.1
-
diff --git a/package/network/services/hostapd/patches/008-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch b/package/network/services/hostapd/patches/008-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
deleted file mode 100644 (file)
index a601323..0000000
+++ /dev/null
@@ -1,32 +0,0 @@
-From 28a069a545b06b99eb55ad53f63f2c99e65a98f6 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sat, 2 May 2015 19:26:28 +0300
-Subject: [PATCH 5/5] EAP-pwd peer: Fix asymmetric fragmentation behavior
-
-The L (Length) and M (More) flags needs to be cleared before deciding
-whether the locally generated response requires fragmentation. This
-fixes an issue where these flags from the server could have been invalid
-for the following message. In some cases, this could have resulted in
-triggering the wpabuf security check that would terminate the process
-due to invalid buffer allocation.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_peer/eap_pwd.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
-index 1d2079b..e58b13a 100644
---- a/src/eap_peer/eap_pwd.c
-+++ b/src/eap_peer/eap_pwd.c
-@@ -968,6 +968,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
-       /*
-        * we have output! Do we need to fragment it?
-        */
-+      lm_exch = EAP_PWD_GET_EXCHANGE(lm_exch);
-       len = wpabuf_len(data->outbuf);
-       if ((len + EAP_PWD_HDR_SIZE) > data->mtu) {
-               resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data->mtu,
--- 
-1.9.1
-
diff --git a/package/network/services/hostapd/patches/009-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch b/package/network/services/hostapd/patches/009-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch
deleted file mode 100644 (file)
index dd34624..0000000
+++ /dev/null
@@ -1,61 +0,0 @@
-From df9079e72760ceb7ebe7fb11538200c516bdd886 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Tue, 7 Jul 2015 21:57:28 +0300
-Subject: [PATCH] NFC: Fix payload length validation in NDEF record parser
-
-It was possible for the 32-bit record->total_length value to end up
-wrapping around due to integer overflow if the longer form of payload
-length field is used and record->payload_length gets a value close to
-2^32. This could result in ndef_parse_record() accepting a too large
-payload length value and the record type filter reading up to about 20
-bytes beyond the end of the buffer and potentially killing the process.
-This could also result in an attempt to allocate close to 2^32 bytes of
-heap memory and if that were to succeed, a buffer read overflow of the
-same length which would most likely result in the process termination.
-In case of record->total_length ending up getting the value 0, there
-would be no buffer read overflow, but record parsing would result in an
-infinite loop in ndef_parse_records().
-
-Any of these error cases could potentially be used for denial of service
-attacks over NFC by using a malformed NDEF record on an NFC Tag or
-sending them during NFC connection handover if the application providing
-the NDEF message to hostapd/wpa_supplicant did no validation of the
-received records. While such validation is likely done in the NFC stack
-that needs to parse the NFC messages before further processing,
-hostapd/wpa_supplicant better be prepared for any data being included
-here.
-
-Fix this by validating record->payload_length value in a way that
-detects integer overflow. (CID 122668)
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/wps/ndef.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/wps/ndef.c b/src/wps/ndef.c
-index 5604b0a..50d018f 100644
---- a/src/wps/ndef.c
-+++ b/src/wps/ndef.c
-@@ -48,6 +48,8 @@ static int ndef_parse_record(const u8 *data, u32 size,
-               if (size < 6)
-                       return -1;
-               record->payload_length = ntohl(*(u32 *)pos);
-+              if (record->payload_length > size - 6)
-+                      return -1;
-               pos += sizeof(u32);
-       }
-@@ -68,7 +70,8 @@ static int ndef_parse_record(const u8 *data, u32 size,
-       pos += record->payload_length;
-       record->total_length = pos - data;
--      if (record->total_length > size)
-+      if (record->total_length > size ||
-+          record->total_length < record->payload_length)
-               return -1;
-       return 0;
- }
--- 
-1.9.1
-
diff --git a/package/network/services/hostapd/patches/010-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch b/package/network/services/hostapd/patches/010-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch
deleted file mode 100644 (file)
index 00e5b7c..0000000
+++ /dev/null
@@ -1,32 +0,0 @@
-From 6b12d93d2c7428a34bfd4b3813ba339ed57b698a Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 25 Oct 2015 15:45:50 +0200
-Subject: [PATCH] WNM: Ignore Key Data in WNM Sleep Mode Response frame if no
- PMF in use
-
-WNM Sleep Mode Response frame is used to update GTK/IGTK only if PMF is
-enabled. Verify that PMF is in use before using this field on station
-side to avoid accepting unauthenticated key updates. (CVE-2015-5310)
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- wpa_supplicant/wnm_sta.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
-index 954de67..7d79499 100644
---- a/wpa_supplicant/wnm_sta.c
-+++ b/wpa_supplicant/wnm_sta.c
-@@ -187,6 +187,12 @@ static void wnm_sleep_mode_exit_success(struct wpa_supplicant *wpa_s,
-       end = ptr + key_len_total;
-       wpa_hexdump_key(MSG_DEBUG, "WNM: Key Data", ptr, key_len_total);
-+      if (key_len_total && !wpa_sm_pmf_enabled(wpa_s->wpa)) {
-+              wpa_msg(wpa_s, MSG_INFO,
-+                      "WNM: Ignore Key Data in WNM-Sleep Mode Response - PMF not enabled");
-+              return;
-+      }
-+
-       while (ptr + 1 < end) {
-               if (ptr + 2 + ptr[1] > end) {
-                       wpa_printf(MSG_DEBUG, "WNM: Invalid Key Data element "
diff --git a/package/network/services/hostapd/patches/011-EAP-pwd-peer-Fix-last-fragment-length-validation.patch b/package/network/services/hostapd/patches/011-EAP-pwd-peer-Fix-last-fragment-length-validation.patch
deleted file mode 100644 (file)
index 82c2639..0000000
+++ /dev/null
@@ -1,54 +0,0 @@
-From 8057821706784608b828e769ccefbced95591e50 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Nov 2015 18:18:17 +0200
-Subject: [PATCH] EAP-pwd peer: Fix last fragment length validation
-
-All but the last fragment had their length checked against the remaining
-room in the reassembly buffer. This allowed a suitably constructed last
-fragment frame to try to add extra data that would go beyond the buffer.
-The length validation code in wpabuf_put_data() prevents an actual
-buffer write overflow from occurring, but this results in process
-termination. (CVE-2015-5315)
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_peer/eap_pwd.c | 7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
-index 1f78544..75ceef1 100644
---- a/src/eap_peer/eap_pwd.c
-+++ b/src/eap_peer/eap_pwd.c
-@@ -903,7 +903,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
-       /*
-        * buffer and ACK the fragment
-        */
--      if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
-+      if (EAP_PWD_GET_MORE_BIT(lm_exch) || data->in_frag_pos) {
-               data->in_frag_pos += len;
-               if (data->in_frag_pos > wpabuf_size(data->inbuf)) {
-                       wpa_printf(MSG_INFO, "EAP-pwd: Buffer overflow attack "
-@@ -916,7 +916,8 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
-                       return NULL;
-               }
-               wpabuf_put_data(data->inbuf, pos, len);
--
-+      }
-+      if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
-               resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD,
-                                    EAP_PWD_HDR_SIZE,
-                                    EAP_CODE_RESPONSE, eap_get_id(reqData));
-@@ -930,10 +931,8 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
-        * we're buffering and this is the last fragment
-        */
-       if (data->in_frag_pos) {
--              wpabuf_put_data(data->inbuf, pos, len);
-               wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes",
-                          (int) len);
--              data->in_frag_pos += len;
-               pos = wpabuf_head_u8(data->inbuf);
-               len = data->in_frag_pos;
-       }
--- 
-1.9.1
-
diff --git a/package/network/services/hostapd/patches/012-EAP-pwd-server-Fix-last-fragment-length-validation.patch b/package/network/services/hostapd/patches/012-EAP-pwd-server-Fix-last-fragment-length-validation.patch
deleted file mode 100644 (file)
index bfc4c74..0000000
+++ /dev/null
@@ -1,51 +0,0 @@
-From bef802ece03f9ae9d52a21f0cf4f1bc2c5a1f8aa Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Nov 2015 18:24:16 +0200
-Subject: [PATCH] EAP-pwd server: Fix last fragment length validation
-
-All but the last fragment had their length checked against the remaining
-room in the reassembly buffer. This allowed a suitably constructed last
-fragment frame to try to add extra data that would go beyond the buffer.
-The length validation code in wpabuf_put_data() prevents an actual
-buffer write overflow from occurring, but this results in process
-termination. (CVE-2015-5314)
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_server/eap_server_pwd.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
-index cb83ff7..9f787ab 100644
---- a/src/eap_server/eap_server_pwd.c
-+++ b/src/eap_server/eap_server_pwd.c
-@@ -970,7 +970,7 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
-       /*
-        * the first and all intermediate fragments have the M bit set
-        */
--      if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
-+      if (EAP_PWD_GET_MORE_BIT(lm_exch) || data->in_frag_pos) {
-               if ((data->in_frag_pos + len) > wpabuf_size(data->inbuf)) {
-                       wpa_printf(MSG_DEBUG, "EAP-pwd: Buffer overflow "
-                                  "attack detected! (%d+%d > %d)",
-@@ -981,6 +981,8 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
-               }
-               wpabuf_put_data(data->inbuf, pos, len);
-               data->in_frag_pos += len;
-+      }
-+      if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
-               wpa_printf(MSG_DEBUG, "EAP-pwd: Got a %d byte fragment",
-                          (int) len);
-               return;
-@@ -990,8 +992,6 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
-        * buffering fragments so that's how we know it's the last)
-        */
-       if (data->in_frag_pos) {
--              wpabuf_put_data(data->inbuf, pos, len);
--              data->in_frag_pos += len;
-               pos = wpabuf_head_u8(data->inbuf);
-               len = data->in_frag_pos;
-               wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes",
--- 
-1.9.1
-
diff --git a/package/network/services/hostapd/patches/013-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch b/package/network/services/hostapd/patches/013-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch
deleted file mode 100644 (file)
index 3088f6a..0000000
+++ /dev/null
@@ -1,34 +0,0 @@
-From 95577884ca4fa76be91344ff7a8d5d1e6dc3da61 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Nov 2015 19:35:44 +0200
-Subject: [PATCH] EAP-pwd peer: Fix error path for unexpected Confirm message
-
-If the Confirm message is received from the server before the Identity
-exchange has been completed, the group has not yet been determined and
-data->grp is NULL. The error path in eap_pwd_perform_confirm_exchange()
-did not take this corner case into account and could end up
-dereferencing a NULL pointer and terminating the process if invalid
-message sequence is received. (CVE-2015-5316)
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_peer/eap_pwd.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
-index 75ceef1..892b590 100644
---- a/src/eap_peer/eap_pwd.c
-+++ b/src/eap_peer/eap_pwd.c
-@@ -774,7 +774,8 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
-       wpabuf_put_data(data->outbuf, conf, SHA256_MAC_LEN);
- fin:
--      bin_clear_free(cruft, BN_num_bytes(data->grp->prime));
-+      if (data->grp)
-+              bin_clear_free(cruft, BN_num_bytes(data->grp->prime));
-       BN_clear_free(x);
-       BN_clear_free(y);
-       if (data->outbuf == NULL) {
--- 
-1.9.1
-
diff --git a/package/network/services/hostapd/patches/110-bool_fix.patch b/package/network/services/hostapd/patches/110-bool_fix.patch
deleted file mode 100644 (file)
index 865c014..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
---- a/src/ap/ieee802_1x.c
-+++ b/src/ap/ieee802_1x.c
-@@ -2332,9 +2332,9 @@ void ieee802_1x_notify_pre_auth(struct e
- }
--static const char * bool_txt(Boolean bool)
-+static const char * bool_txt(Boolean bool_val)
- {
--      return bool ? "TRUE" : "FALSE";
-+      return bool_val ? "TRUE" : "FALSE";
- }
index 032e207..fad8466 100644 (file)
@@ -8,7 +8,7 @@
  
  #ifdef ANDROID
  #include <sys/capability.h>
-@@ -155,59 +156,46 @@ int os_gmtime(os_time_t t, struct os_tm
+@@ -179,59 +180,46 @@ int os_gmtime(os_time_t t, struct os_tm
        return 0;
  }
  
index d23b47b..0c4114a 100644 (file)
@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -252,9 +252,10 @@ void wpa_supplicant_cancel_auth_timeout(
+@@ -253,9 +253,10 @@ void wpa_supplicant_cancel_auth_timeout(
   */
  void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
  {
index 6337d8d..fdd5da9 100644 (file)
@@ -1,6 +1,6 @@
 --- a/src/l2_packet/l2_packet_linux.c
 +++ b/src/l2_packet/l2_packet_linux.c
-@@ -307,8 +307,7 @@ struct l2_packet_data * l2_packet_init_b
+@@ -337,8 +337,7 @@ struct l2_packet_data * l2_packet_init_b
  
        l2 = l2_packet_init(br_ifname, own_addr, protocol, rx_callback,
                            rx_callback_ctx, l2_hdr);
@@ -8,5 +8,5 @@
 -              return NULL;
 +      return l2;
  
+ #ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR
        /*
-        * The Linux packet socket behavior has changed over the years and there
diff --git a/package/network/services/hostapd/patches/150-nl80211-Report-disassociated-STA-lost-peer-for-the-c.patch b/package/network/services/hostapd/patches/150-nl80211-Report-disassociated-STA-lost-peer-for-the-c.patch
deleted file mode 100644 (file)
index 66c682f..0000000
+++ /dev/null
@@ -1,67 +0,0 @@
-From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <zajec5@gmail.com>
-Date: Mon, 11 Jan 2016 19:18:06 +0100
-Subject: [PATCH] nl80211: Report disassociated STA / lost peer for the correct
- BSS
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-We shouldn't use drv->ctx as it always points to the first BSS. When
-using FullMAC driver with multi-BSS support it resulted in incorrect
-treating nl80211 events. I noticed with with brcmfmac and BCM43602.
-
-Before my change I was getting "disassociated" on a wrong interface:
-wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: associated
-wlan0-1: STA 78:d6:f0:00:11:22 WPA: pairwise key handshake completed (RSN)
-wlan0: STA 78:d6:f0:00:11:22 IEEE 802.11: disassociated
-
-With this patch it works as expected:
-wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: associated
-wlan0-1: STA 78:d6:f0:00:11:22 WPA: pairwise key handshake completed (RSN)
-wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: disassociated
-
-This doesn't apply to hostapd dealing with SoftMAC drivers when handling
-AP SME & MLME is done it hostapd not the firmware.
-
-Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
----
- src/drivers/driver_nl80211_event.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
---- a/src/drivers/driver_nl80211_event.c
-+++ b/src/drivers/driver_nl80211_event.c
-@@ -1154,6 +1154,7 @@ static void nl80211_new_station_event(st
- static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv,
-+                                    struct i802_bss *bss,
-                                     struct nlattr **tb)
- {
-       u8 *addr;
-@@ -1166,7 +1167,7 @@ static void nl80211_del_station_event(st
-                  MAC2STR(addr));
-       if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) {
--              drv_event_disassoc(drv->ctx, addr);
-+              drv_event_disassoc(bss->ctx, addr);
-               return;
-       }
-@@ -1175,7 +1176,7 @@ static void nl80211_del_station_event(st
-       os_memset(&data, 0, sizeof(data));
-       os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN);
--      wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data);
-+      wpa_supplicant_event(bss->ctx, EVENT_IBSS_PEER_LOST, &data);
- }
-@@ -1939,7 +1940,7 @@ static void do_process_drv_event(struct
-               nl80211_new_station_event(drv, bss, tb);
-               break;
-       case NL80211_CMD_DEL_STATION:
--              nl80211_del_station_event(drv, tb);
-+              nl80211_del_station_event(drv, bss, tb);
-               break;
-       case NL80211_CMD_SET_REKEY_OFFLOAD:
-               nl80211_rekey_offload_event(drv, tb);
index de4a3a8..08f1e95 100644 (file)
@@ -1,14 +1,14 @@
 --- a/hostapd/Makefile
 +++ b/hostapd/Makefile
-@@ -17,6 +17,7 @@ export BINDIR ?= /usr/local/bin/
+@@ -32,6 +32,7 @@ export BINDIR ?= /usr/local/bin/
  # CFLAGS += -DUSE_KERNEL_HEADERS -I/usr/src/linux/include
  
  -include .config
 +-include $(if $(MULTICALL), ../wpa_supplicant/.config)
  
- ifdef CONFIG_TESTING_OPTIONS
- CFLAGS += -DCONFIG_TESTING_OPTIONS
-@@ -242,10 +243,14 @@ ifdef CONFIG_IEEE80211AC
+ ifndef CONFIG_NO_GITVER
+ # Add VERSION_STR postfix for builds from a git repository
+@@ -277,10 +278,14 @@ ifdef CONFIG_IEEE80211AC
  CFLAGS += -DCONFIG_IEEE80211AC
  endif
  
@@ -26,7 +26,7 @@
  LIBS += $(DRV_AP_LIBS)
  
  ifdef CONFIG_L2_PACKET
-@@ -941,6 +946,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
+@@ -1019,6 +1024,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
  
  BCHECK=../src/drivers/build.hostapd
  
@@ -39,7 +39,7 @@
  hostapd: $(BCHECK) $(OBJS)
        $(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
        @$(E) "  LD " $@
-@@ -980,6 +991,12 @@ HOBJS += ../src/crypto/aes-internal.o
+@@ -1060,6 +1071,12 @@ HOBJS += ../src/crypto/aes-internal.o
  HOBJS += ../src/crypto/aes-internal-enc.o
  endif
  
        @$(E) "  LD " $@
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -15,6 +15,7 @@ CFLAGS += -I$(abspath ../src)
+@@ -27,6 +27,7 @@ CFLAGS += -I$(abspath ../src)
  CFLAGS += -I$(abspath ../src/utils)
  
  -include .config
 +-include $(if $(MULTICALL),../hostapd/.config)
  
- ifdef CONFIG_TESTING_OPTIONS
- CFLAGS += -DCONFIG_TESTING_OPTIONS
-@@ -773,6 +774,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
+ ifndef CONFIG_NO_GITVER
+ # Add VERSION_STR postfix for builds from a git repository
+@@ -794,6 +795,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
  CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
  LIBS += -ldl -rdynamic
  endif
@@ -73,7 +73,7 @@
  endif
  
  ifdef CONFIG_MACSEC
-@@ -793,9 +798,11 @@ NEED_EAP_COMMON=y
+@@ -814,9 +819,11 @@ NEED_EAP_COMMON=y
  NEED_RSN_AUTHENTICATOR=y
  CFLAGS += -DCONFIG_AP
  OBJS += ap.o
@@ -85,7 +85,7 @@
  OBJS += ../src/ap/hostapd.o
  OBJS += ../src/ap/wpa_auth_glue.o
  OBJS += ../src/ap/utils.o
-@@ -858,10 +865,18 @@ endif
+@@ -879,10 +886,18 @@ endif
  ifdef CONFIG_HS20
  OBJS += ../src/ap/hs20.o
  endif
  NEED_AES_WRAP=y
  OBJS += ../src/ap/wpa_auth.o
  OBJS += ../src/ap/wpa_auth_ie.o
-@@ -1603,6 +1618,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
+@@ -1657,6 +1672,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
  
  $(OBJS_c) $(OBJS_t) $(OBJS_t2) $(OBJS) $(BCHECK) $(EXTRA_progs): .config
  
  wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
        $(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
        @$(E) "  LD " $@
-@@ -1694,6 +1715,12 @@ endif
+@@ -1757,6 +1778,12 @@ endif
        $(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@
        @$(E) "  sed" $<
  
  wpa_cli.exe: wpa_cli
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -4581,8 +4581,8 @@ union wpa_event_data {
+@@ -4707,8 +4707,8 @@ union wpa_event_data {
   * Driver wrapper code should call this function whenever an event is received
   * from the driver.
   */
  /*
 --- a/src/ap/drv_callbacks.c
 +++ b/src/ap/drv_callbacks.c
-@@ -1075,8 +1075,8 @@ static void hostapd_event_dfs_cac_starte
+@@ -1122,8 +1122,8 @@ static void hostapd_event_dfs_cac_starte
  #endif /* NEED_AP_MLME */
  
  
  #ifndef CONFIG_NO_STDOUT_DEBUG
 --- a/wpa_supplicant/wpa_priv.c
 +++ b/wpa_supplicant/wpa_priv.c
-@@ -819,8 +819,8 @@ static void wpa_priv_send_ft_response(st
+@@ -932,8 +932,8 @@ static void wpa_priv_send_ft_response(st
  }
  
  
  {
        struct wpa_priv_interface *iface = ctx;
  
-@@ -961,6 +961,7 @@ int main(int argc, char *argv[])
+@@ -1082,6 +1082,7 @@ int main(int argc, char *argv[])
        if (os_program_init())
                return -1;
  
        for (;;) {
 --- a/wpa_supplicant/events.c
 +++ b/wpa_supplicant/events.c
-@@ -3138,8 +3138,8 @@ static void wpa_supplicant_event_assoc_a
+@@ -3298,8 +3298,8 @@ static void wpa_supplicant_event_assoc_a
  }
  
  
 +                    union wpa_event_data *data)
  {
        struct wpa_supplicant *wpa_s = ctx;
+       int resched;
+@@ -3947,7 +3947,7 @@ void wpa_supplicant_event(void *ctx, enu
+ #endif /* CONFIG_AP */
+               break;
+       case EVENT_ACS_CHANNEL_SELECTED:
+-#ifdef CONFIG_ACS
++#if defined(CONFIG_ACS) && defined(CONFIG_AP)
+               if (!wpa_s->ap_iface)
+                       break;
+               hostapd_acs_channel_selected(wpa_s->ap_iface->bss[0],
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -4300,6 +4300,9 @@ static void wpa_supplicant_deinit_iface(
+@@ -4845,6 +4845,9 @@ static void wpa_supplicant_deinit_iface(
        os_free(wpa_s);
  }
  
  
  /**
   * wpa_supplicant_add_iface - Add a new network interface
-@@ -4526,6 +4529,7 @@ struct wpa_global * wpa_supplicant_init(
+@@ -5100,6 +5103,7 @@ struct wpa_global * wpa_supplicant_init(
  #ifndef CONFIG_NO_WPA_MSG
        wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
  #endif /* CONFIG_NO_WPA_MSG */
                wpa_debug_open_file(params->wpa_debug_file_path);
 --- a/hostapd/main.c
 +++ b/hostapd/main.c
-@@ -511,6 +511,9 @@ static int hostapd_get_ctrl_iface_group(
+@@ -513,6 +513,9 @@ static int hostapd_get_ctrl_iface_group(
        return 0;
  }
  
  
  #ifdef CONFIG_WPS
  static int gen_uuid(const char *txt_addr)
-@@ -562,6 +565,7 @@ int main(int argc, char *argv[])
-       interfaces.global_iface_name = NULL;
+@@ -588,6 +591,7 @@ int main(int argc, char *argv[])
        interfaces.global_ctrl_sock = -1;
+       interfaces.global_ctrl_dst = NULL;
  
 +      wpa_supplicant_event = hostapd_wpa_event;
        for (;;) {
-               c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:vg:G:");
+               c = getopt(argc, argv, "b:Bde:f:hKP:STtu:vg:G:");
                if (c < 0)
 --- a/src/drivers/drivers.c
 +++ b/src/drivers/drivers.c
  #endif /* CONFIG_DRIVER_WEXT */
 --- a/wpa_supplicant/eapol_test.c
 +++ b/wpa_supplicant/eapol_test.c
-@@ -28,8 +28,12 @@
+@@ -29,7 +29,10 @@
  #include "ctrl_iface.h"
  #include "pcsc_funcs.h"
  #include "wpas_glue.h"
 +#include "drivers/driver.h"
  
 +void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
 +                           union wpa_event_data *data);
-+
- struct wpa_driver_ops *wpa_drivers[] = { NULL };
  
+ const struct wpa_driver_ops *const wpa_drivers[] = { NULL };
  
-@@ -1203,6 +1207,8 @@ static void usage(void)
+@@ -1288,6 +1291,8 @@ static void usage(void)
               "option several times.\n");
  }
  
  
  int main(int argc, char *argv[])
  {
-@@ -1221,6 +1227,7 @@ int main(int argc, char *argv[])
+@@ -1308,6 +1313,7 @@ int main(int argc, char *argv[])
        if (os_program_init())
                return -1;
  
index 57d8fe2..85dc0c1 100644 (file)
@@ -1,6 +1,6 @@
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -2771,6 +2771,10 @@ static int hostapd_config_fill(struct ho
+@@ -2852,6 +2852,10 @@ static int hostapd_config_fill(struct ho
                }
  #endif /* CONFIG_IEEE80211W */
  #ifdef CONFIG_IEEE80211N
@@ -13,7 +13,7 @@
        } else if (os_strcmp(buf, "ht_capab") == 0) {
 --- a/src/ap/ap_config.h
 +++ b/src/ap/ap_config.h
-@@ -619,6 +619,8 @@ struct hostapd_config {
+@@ -639,6 +639,8 @@ struct hostapd_config {
  
        int ht_op_mode_fixed;
        u16 ht_capab;
 +      int no_ht_coex;
        int ieee80211n;
        int secondary_channel;
-       int require_ht;
+       int no_pri_sec_switch;
 --- a/src/ap/hw_features.c
 +++ b/src/ap/hw_features.c
-@@ -461,7 +461,7 @@ static int ieee80211n_check_40mhz(struct
-       struct wpa_driver_scan_params params;
+@@ -473,7 +473,8 @@ static int ieee80211n_check_40mhz(struct
        int ret;
  
--      if (!iface->conf->secondary_channel)
-+      if (!iface->conf->secondary_channel || iface->conf->noscan)
-               return 0; /* HT40 not used */
+       /* Check that HT40 is used and PRI / SEC switch is allowed */
+-      if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch)
++      if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch ||
++              iface->conf->noscan)
+               return 0;
  
        hostapd_set_state(iface, HAPD_IFACE_HT_SCAN);
 --- a/src/ap/ieee802_11_ht.c
 +++ b/src/ap/ieee802_11_ht.c
-@@ -221,6 +221,9 @@ void hostapd_2040_coex_action(struct hos
+@@ -244,6 +244,9 @@ void hostapd_2040_coex_action(struct hos
        if (!(iface->conf->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
                return;
  
@@ -45,7 +46,7 @@
        if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie))
                return;
  
-@@ -346,6 +349,9 @@ void ht40_intolerant_add(struct hostapd_
+@@ -368,6 +371,9 @@ void ht40_intolerant_add(struct hostapd_
        if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G)
                return;
  
index 7be8c32..3bcdd70 100644 (file)
@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -3249,7 +3249,7 @@ wpa_supplicant_alloc(struct wpa_supplica
+@@ -3449,7 +3449,7 @@ wpa_supplicant_alloc(struct wpa_supplica
        if (wpa_s == NULL)
                return NULL;
        wpa_s->scan_req = INITIAL_SCAN_REQ;
index 75b4b07..349af03 100644 (file)
@@ -1,6 +1,6 @@
 --- a/src/drivers/drivers.mak
 +++ b/src/drivers/drivers.mak
-@@ -34,7 +34,6 @@ NEED_SME=y
+@@ -37,7 +37,6 @@ NEED_SME=y
  NEED_AP_MLME=y
  NEED_NETLINK=y
  NEED_LINUX_IOCTL=y
@@ -8,7 +8,7 @@
  
  ifdef CONFIG_LIBNL32
    DRV_LIBS += -lnl-3
-@@ -116,7 +115,6 @@ DRV_WPA_CFLAGS += -DCONFIG_DRIVER_WEXT
+@@ -121,7 +120,6 @@ DRV_WPA_CFLAGS += -DCONFIG_DRIVER_WEXT
  CONFIG_WIRELESS_EXTENSION=y
  NEED_NETLINK=y
  NEED_LINUX_IOCTL=y
@@ -16,7 +16,7 @@
  endif
  
  ifdef CONFIG_DRIVER_NDIS
-@@ -142,7 +140,6 @@ endif
+@@ -147,7 +145,6 @@ endif
  ifdef CONFIG_WIRELESS_EXTENSION
  DRV_WPA_CFLAGS += -DCONFIG_WIRELESS_EXTENSION
  DRV_WPA_OBJS += ../src/drivers/driver_wext.o
@@ -24,7 +24,7 @@
  endif
  
  ifdef NEED_NETLINK
-@@ -155,6 +152,7 @@ endif
+@@ -160,6 +157,7 @@ endif
  
  ifdef NEED_RFKILL
  DRV_OBJS += ../src/drivers/rfkill.o
index dd90877..4738fcd 100644 (file)
@@ -1,6 +1,6 @@
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -3616,7 +3616,7 @@ static int nl80211_set_channel(struct i8
+@@ -3708,7 +3708,7 @@ static int nl80211_set_channel(struct i8
                   freq->freq, freq->ht_enabled, freq->vht_enabled,
                   freq->bandwidth, freq->center_freq1, freq->center_freq2);
  
index 91b6196..a687a80 100644 (file)
@@ -1,6 +1,6 @@
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -76,6 +76,16 @@ static void hostapd_reload_bss(struct ho
+@@ -78,6 +78,16 @@ static void hostapd_reload_bss(struct ho
  #endif /* CONFIG_NO_RADIUS */
  
        ssid = &hapd->conf->ssid;
@@ -17,7 +17,7 @@
        if (!ssid->wpa_psk_set && ssid->wpa_psk && !ssid->wpa_psk->next &&
            ssid->wpa_passphrase_set && ssid->wpa_passphrase) {
                /*
-@@ -175,21 +185,12 @@ int hostapd_reload_config(struct hostapd
+@@ -177,21 +187,12 @@ int hostapd_reload_config(struct hostapd
        oldconf = hapd->iconf;
        iface->conf = newconf;
  
index a14fa03..bc72023 100644 (file)
@@ -1,6 +1,6 @@
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -2254,13 +2254,18 @@ wpa_driver_nl80211_finish_drv_init(struc
+@@ -2323,13 +2323,18 @@ wpa_driver_nl80211_finish_drv_init(struc
  }
  
  
@@ -22,7 +22,7 @@
        return send_and_recv_msgs(drv, msg, NULL, NULL);
  }
  
-@@ -2311,7 +2316,7 @@ static void wpa_driver_nl80211_deinit(st
+@@ -2380,7 +2385,7 @@ static void wpa_driver_nl80211_deinit(st
        nl80211_remove_monitor_interface(drv);
  
        if (is_ap_interface(drv->nlmode))
@@ -31,7 +31,7 @@
  
        if (drv->eapol_sock >= 0) {
                eloop_unregister_read_sock(drv->eapol_sock);
-@@ -4140,8 +4145,7 @@ static void nl80211_teardown_ap(struct i
+@@ -4232,8 +4237,7 @@ static void nl80211_teardown_ap(struct i
                nl80211_remove_monitor_interface(drv);
        else
                nl80211_mgmt_unsubscribe(bss, "AP teardown");
@@ -41,7 +41,7 @@
  }
  
  
-@@ -6066,8 +6070,6 @@ static int wpa_driver_nl80211_if_remove(
+@@ -6164,8 +6168,6 @@ static int wpa_driver_nl80211_if_remove(
        } else {
                wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
                nl80211_teardown_ap(bss);
@@ -50,7 +50,7 @@
                nl80211_destroy_bss(bss);
                if (!bss->added_if)
                        i802_set_iface_flags(bss, 0);
-@@ -6389,8 +6391,7 @@ static int wpa_driver_nl80211_deinit_ap(
+@@ -6527,8 +6529,7 @@ static int wpa_driver_nl80211_deinit_ap(
        struct wpa_driver_nl80211_data *drv = bss->drv;
        if (!is_ap_interface(drv->nlmode))
                return -1;
@@ -60,7 +60,7 @@
  
        /*
         * If the P2P GO interface was dynamically added, then it is
-@@ -6409,8 +6410,7 @@ static int wpa_driver_nl80211_stop_ap(vo
+@@ -6547,8 +6548,7 @@ static int wpa_driver_nl80211_stop_ap(vo
        struct wpa_driver_nl80211_data *drv = bss->drv;
        if (!is_ap_interface(drv->nlmode))
                return -1;
index 06b005e..ebc63ab 100644 (file)
@@ -1,22 +1,22 @@
 --- a/hostapd/ctrl_iface.c
 +++ b/hostapd/ctrl_iface.c
-@@ -45,6 +45,7 @@
- #include "wps/wps.h"
+@@ -47,6 +47,7 @@
+ #include "fst/fst_ctrl_iface.h"
  #include "config_file.h"
  #include "ctrl_iface.h"
 +#include "config_file.h"
  
  
- struct wpa_ctrl_dst {
-@@ -55,6 +56,7 @@ struct wpa_ctrl_dst {
+ #define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256
+@@ -59,6 +60,7 @@ struct wpa_ctrl_dst {
        int errors;
  };
  
 +static char *reload_opts = NULL;
  
  static void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level,
-                                   const char *buf, size_t len);
-@@ -164,6 +166,61 @@ static int hostapd_ctrl_iface_new_sta(st
+                                   enum wpa_msg_type type,
+@@ -169,6 +171,61 @@ static int hostapd_ctrl_iface_new_sta(st
        return 0;
  }
  
@@ -78,7 +78,7 @@
  
  #ifdef CONFIG_IEEE80211W
  #ifdef NEED_AP_MLME
-@@ -2086,6 +2143,8 @@ static void hostapd_ctrl_iface_receive(i
+@@ -2257,6 +2314,8 @@ static int hostapd_ctrl_iface_receive_pr
        } else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
                reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply,
                                                      reply_size);
@@ -89,7 +89,7 @@
  #ifdef RADIUS_SERVER
 --- a/src/ap/ctrl_iface_ap.c
 +++ b/src/ap/ctrl_iface_ap.c
-@@ -541,5 +541,11 @@ int hostapd_parse_csa_settings(const cha
+@@ -552,5 +552,11 @@ int hostapd_parse_csa_settings(const cha
  
  int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd)
  {
index ea235e6..716916a 100644 (file)
@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/wpa_supplicant_i.h
 +++ b/wpa_supplicant/wpa_supplicant_i.h
-@@ -110,6 +110,11 @@ struct wpa_interface {
+@@ -99,6 +99,11 @@ struct wpa_interface {
        const char *ifname;
  
        /**
@@ -12,7 +12,7 @@
         * bridge_ifname - Optional bridge interface name
         *
         * If the driver interface (ifname) is included in a Linux bridge
-@@ -442,6 +447,8 @@ struct wpa_supplicant {
+@@ -465,6 +470,8 @@ struct wpa_supplicant {
  #endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
        char bridge_ifname[16];
  
@@ -23,7 +23,7 @@
  
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -14,6 +14,10 @@ CFLAGS += $(EXTRA_CFLAGS)
+@@ -26,6 +26,10 @@ CFLAGS += $(EXTRA_CFLAGS)
  CFLAGS += -I$(abspath ../src)
  CFLAGS += -I$(abspath ../src/utils)
  
@@ -34,7 +34,7 @@
  -include .config
  -include $(if $(MULTICALL),../hostapd/.config)
  
-@@ -84,6 +88,8 @@ OBJS_c += ../src/utils/wpa_debug.o
+@@ -113,6 +117,8 @@ OBJS_c += ../src/utils/wpa_debug.o
  OBJS_c += ../src/utils/common.o
  OBJS += wmm_ac.o
  
@@ -45,7 +45,7 @@
  CONFIG_OS=win32
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -107,6 +107,55 @@ const char *wpa_supplicant_full_license5
+@@ -108,6 +108,55 @@ const char *const wpa_supplicant_full_li
  "\n";
  #endif /* CONFIG_NO_STDOUT_DEBUG */
  
@@ -73,7 +73,7 @@
 +      int ret;
 +
 +      if (!bss)
-+              return;
++              return -1;
 +
 +      if (bss->ht_param & HT_INFO_HT_PARAM_STA_CHNL_WIDTH) {
 +              int sec = bss->ht_param & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK;
  /* Configure default/group WEP keys for static WEP */
  int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
  {
-@@ -743,8 +792,12 @@ void wpa_supplicant_set_state(struct wpa
+@@ -783,8 +832,12 @@ void wpa_supplicant_set_state(struct wpa
                wpas_p2p_completed(wpa_s);
  
                sme_sched_obss_scan(wpa_s, 1);
                wpa_s->new_connection = 1;
                wpa_drv_set_operstate(wpa_s, 0);
  #ifndef IEEE8021X_EAPOL
-@@ -4038,6 +4091,20 @@ static int wpa_supplicant_init_iface(str
+@@ -4537,6 +4590,20 @@ static int wpa_supplicant_init_iface(str
                           sizeof(wpa_s->bridge_ifname));
        }
  
        /* RSNA Supplicant Key Management - INITIALIZE */
        eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
        eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
-@@ -4280,6 +4347,11 @@ static void wpa_supplicant_deinit_iface(
+@@ -4823,6 +4890,11 @@ static void wpa_supplicant_deinit_iface(
        if (terminate)
                wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
  
  #include "drivers/driver.h"
  #include "wpa_supplicant_i.h"
  #include "config.h"
-@@ -277,6 +278,10 @@ static void calculate_update_time(const
+@@ -287,6 +288,10 @@ static void calculate_update_time(const
  static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src,
                             struct os_reltime *fetch_time)
  {
        dst->flags = src->flags;
        os_memcpy(dst->bssid, src->bssid, ETH_ALEN);
        dst->freq = src->freq;
-@@ -289,6 +294,15 @@ static void wpa_bss_copy_res(struct wpa_
+@@ -299,6 +304,15 @@ static void wpa_bss_copy_res(struct wpa_
        dst->est_throughput = src->est_throughput;
        dst->snr = src->snr;
  
  
 --- a/wpa_supplicant/main.c
 +++ b/wpa_supplicant/main.c
-@@ -33,7 +33,7 @@ static void usage(void)
+@@ -34,7 +34,7 @@ static void usage(void)
               "vW] [-P<pid file>] "
               "[-g<global ctrl>] \\\n"
               "        [-G<group>] \\\n"
               "[-p<driver_param>] \\\n"
               "        [-b<br_ifname>] [-e<entropy file>]"
  #ifdef CONFIG_DEBUG_FILE
-@@ -84,6 +84,7 @@ static void usage(void)
- #endif /* CONFIG_DEBUG_LINUX_TRACING */
-       printf("  -t = include timestamp in debug messages\n"
+@@ -74,6 +74,7 @@ static void usage(void)
+              "  -g = global ctrl_interface\n"
+              "  -G = global ctrl_interface group\n"
               "  -h = show this help text\n"
 +                 "  -H = connect to a hostapd instance to manage state changes\n"
-              "  -L = show license (BSD)\n"
-              "  -o = override driver parameter for new interfaces\n"
-              "  -O = override ctrl_interface parameter for new interfaces\n"
-@@ -175,7 +176,7 @@ int main(int argc, char *argv[])
+              "  -i = interface name\n"
+              "  -I = additional configuration file\n"
+              "  -K = include keys (passwords, etc.) in debug output\n"
+@@ -176,7 +177,7 @@ int main(int argc, char *argv[])
  
        for (;;) {
                c = getopt(argc, argv,
                if (c < 0)
                        break;
                switch (c) {
-@@ -222,6 +223,9 @@ int main(int argc, char *argv[])
+@@ -223,6 +224,9 @@ int main(int argc, char *argv[])
                        usage();
                        exitcode = 0;
                        goto out;
                        break;
 --- a/wpa_supplicant/bss.h
 +++ b/wpa_supplicant/bss.h
-@@ -72,6 +72,10 @@ struct wpa_bss {
-       u8 ssid[32];
+@@ -79,6 +79,10 @@ struct wpa_bss {
+       u8 ssid[SSID_MAX_LEN];
        /** Length of SSID */
        size_t ssid_len;
 +      /** HT caapbilities */
index 3a41b82..1e1aa20 100644 (file)
@@ -1,6 +1,6 @@
 --- a/hostapd/Makefile
 +++ b/hostapd/Makefile
-@@ -168,6 +168,9 @@ endif
+@@ -202,6 +202,9 @@ endif
  ifdef CONFIG_NO_CTRL_IFACE
  CFLAGS += -DCONFIG_NO_CTRL_IFACE
  else
@@ -12,7 +12,7 @@
  endif
 --- a/hostapd/ctrl_iface.c
 +++ b/hostapd/ctrl_iface.c
-@@ -1953,6 +1953,7 @@ static void hostapd_ctrl_iface_receive(i
+@@ -2119,6 +2119,7 @@ static int hostapd_ctrl_iface_receive_pr
                                                      reply_size);
        } else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
                reply_len = hostapd_drv_status(hapd, reply, reply_size);
        } else if (os_strcmp(buf, "MIB") == 0) {
                reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
                if (reply_len >= 0) {
-@@ -1994,6 +1995,7 @@ static void hostapd_ctrl_iface_receive(i
+@@ -2160,6 +2161,7 @@ static int hostapd_ctrl_iface_receive_pr
        } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
                reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
                                                        reply_size);
 +#endif
        } else if (os_strcmp(buf, "ATTACH") == 0) {
-               if (hostapd_ctrl_iface_attach(hapd, &from, fromlen))
+               if (hostapd_ctrl_iface_attach(hapd, from, fromlen))
                        reply_len = -1;
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -837,6 +837,9 @@ ifdef CONFIG_WNM
+@@ -858,6 +858,9 @@ ifdef CONFIG_WNM
  OBJS += ../src/ap/wnm_ap.o
  endif
  ifdef CONFIG_CTRL_IFACE
@@ -42,7 +42,7 @@
  
 --- a/wpa_supplicant/ctrl_iface.c
 +++ b/wpa_supplicant/ctrl_iface.c
-@@ -1795,7 +1795,7 @@ static int wpa_supplicant_ctrl_iface_sta
+@@ -1858,7 +1858,7 @@ static int wpa_supplicant_ctrl_iface_sta
                        pos += ret;
                }
  
@@ -51,7 +51,7 @@
                if (wpa_s->ap_iface) {
                        pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos,
                                                            end - pos,
-@@ -7896,6 +7896,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -8352,6 +8352,7 @@ char * wpa_supplicant_ctrl_iface_process
                        reply_len = -1;
        } else if (os_strncmp(buf, "NOTE ", 5) == 0) {
                wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
@@ -59,7 +59,7 @@
        } else if (os_strcmp(buf, "MIB") == 0) {
                reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
                if (reply_len >= 0) {
-@@ -7903,6 +7904,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -8359,6 +8360,7 @@ char * wpa_supplicant_ctrl_iface_process
                                                      reply + reply_len,
                                                      reply_size - reply_len);
                }
@@ -67,7 +67,7 @@
        } else if (os_strncmp(buf, "STATUS", 6) == 0) {
                reply_len = wpa_supplicant_ctrl_iface_status(
                        wpa_s, buf + 6, reply, reply_size);
-@@ -8353,6 +8355,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -8821,6 +8823,7 @@ char * wpa_supplicant_ctrl_iface_process
                reply_len = wpa_supplicant_ctrl_iface_bss(
                        wpa_s, buf + 4, reply, reply_size);
  #ifdef CONFIG_AP
@@ -75,7 +75,7 @@
        } else if (os_strcmp(buf, "STA-FIRST") == 0) {
                reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size);
        } else if (os_strncmp(buf, "STA ", 4) == 0) {
-@@ -8361,12 +8364,15 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -8829,12 +8832,15 @@ char * wpa_supplicant_ctrl_iface_process
        } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
                reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
                                                   reply_size);
@@ -93,7 +93,7 @@
                        reply_len = -1;
 --- a/src/ap/ctrl_iface_ap.c
 +++ b/src/ap/ctrl_iface_ap.c
-@@ -22,6 +22,7 @@
+@@ -23,6 +23,7 @@
  #include "ctrl_iface_ap.h"
  #include "ap_drv_ops.h"
  
  
  static int hostapd_get_sta_tx_rx(struct hostapd_data *hapd,
                                 struct sta_info *sta,
-@@ -224,6 +225,7 @@ int hostapd_ctrl_iface_sta_next(struct h
+@@ -235,6 +236,7 @@ int hostapd_ctrl_iface_sta_next(struct h
        return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen);
  }
  
  static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
 --- a/src/ap/ieee802_1x.c
 +++ b/src/ap/ieee802_1x.c
-@@ -2337,6 +2337,7 @@ static const char * bool_txt(Boolean boo
-       return bool_val ? "TRUE" : "FALSE";
+@@ -2359,6 +2359,7 @@ static const char * bool_txt(Boolean val
+       return val ? "TRUE" : "FALSE";
  }
  
 +#ifdef CONFIG_CTRL_IFACE_MIB
  
  int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
  {
-@@ -2512,6 +2513,7 @@ int ieee802_1x_get_mib_sta(struct hostap
+@@ -2534,6 +2535,7 @@ int ieee802_1x_get_mib_sta(struct hostap
        return len;
  }
  
 +#endif
  
- static void ieee802_1x_finished(struct hostapd_data *hapd,
-                               struct sta_info *sta, int success,
+ #ifdef CONFIG_HS20
+ static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)
 --- a/src/ap/wpa_auth.c
 +++ b/src/ap/wpa_auth.c
-@@ -2999,6 +2999,7 @@ static const char * wpa_bool_txt(int boo
-       return bool ? "TRUE" : "FALSE";
+@@ -3069,6 +3069,7 @@ static const char * wpa_bool_txt(int val
+       return val ? "TRUE" : "FALSE";
  }
  
 +#ifdef CONFIG_CTRL_IFACE_MIB
  
  #define RSN_SUITE "%02x-%02x-%02x-%d"
  #define RSN_SUITE_ARG(s) \
-@@ -3143,7 +3144,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
+@@ -3213,7 +3214,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
  
        return len;
  }
  {
 --- a/src/rsn_supp/wpa.c
 +++ b/src/rsn_supp/wpa.c
-@@ -2032,6 +2032,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
+@@ -2108,6 +2108,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
  }
  
  
  #define RSN_SUITE "%02x-%02x-%02x-%d"
  #define RSN_SUITE_ARG(s) \
  ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
-@@ -2115,6 +2117,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
+@@ -2191,6 +2193,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
  
        return (int) len;
  }
  
 --- a/wpa_supplicant/ap.c
 +++ b/wpa_supplicant/ap.c
-@@ -1015,7 +1015,7 @@ int wpas_ap_wps_nfc_report_handover(stru
+@@ -1091,7 +1091,7 @@ int wpas_ap_wps_nfc_report_handover(stru
  #endif /* CONFIG_WPS */
  
  
index 1065a7f..0d752b0 100644 (file)
@@ -1,6 +1,6 @@
 --- a/src/common/wpa_common.c
 +++ b/src/common/wpa_common.c
-@@ -1228,6 +1228,31 @@ u32 wpa_akm_to_suite(int akm)
+@@ -1242,6 +1242,31 @@ u32 wpa_akm_to_suite(int akm)
  }
  
  
@@ -32,7 +32,7 @@
  int wpa_compare_rsn_ie(int ft_initial_assoc,
                       const u8 *ie1, size_t ie1len,
                       const u8 *ie2, size_t ie2len)
-@@ -1235,8 +1260,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
+@@ -1249,8 +1274,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
        if (ie1 == NULL || ie2 == NULL)
                return -1;
  
index 083af5b..f5872cd 100644 (file)
@@ -1,25 +1,22 @@
 --- a/src/ap/wps_hostapd.c
 +++ b/src/ap/wps_hostapd.c
-@@ -1052,11 +1052,9 @@ int hostapd_init_wps(struct hostapd_data
-               if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP))
+@@ -352,8 +352,7 @@ static int hapd_wps_reconfig_in_memory(s
+                               bss->wpa_pairwise |= WPA_CIPHER_GCMP;
+                       else
+                               bss->wpa_pairwise |= WPA_CIPHER_CCMP;
+-              }
+-              if (cred->encr_type & WPS_ENCR_TKIP)
++              } else if (cred->encr_type & WPS_ENCR_TKIP)
+                       bss->wpa_pairwise |= WPA_CIPHER_TKIP;
+               bss->rsn_pairwise = bss->wpa_pairwise;
+               bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
+@@ -1073,8 +1072,7 @@ int hostapd_init_wps(struct hostapd_data
+               if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) {
                        wps->encr_types |= WPS_ENCR_AES;
--              if (conf->rsn_pairwise & WPA_CIPHER_TKIP)
-+              else if (conf->rsn_pairwise & WPA_CIPHER_TKIP)
+                       wps->encr_types_rsn |= WPS_ENCR_AES;
+-              }
+-              if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
++              } else if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
                        wps->encr_types |= WPS_ENCR_TKIP;
--      }
--
--      if (conf->wpa & WPA_PROTO_WPA) {
-+      } else if (conf->wpa & WPA_PROTO_WPA) {
-               if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK)
-                       wps->auth_types |= WPS_AUTH_WPAPSK;
-               if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
-@@ -1064,7 +1062,7 @@ int hostapd_init_wps(struct hostapd_data
-               if (conf->wpa_pairwise & WPA_CIPHER_CCMP)
-                       wps->encr_types |= WPS_ENCR_AES;
--              if (conf->wpa_pairwise & WPA_CIPHER_TKIP)
-+              else if (conf->wpa_pairwise & WPA_CIPHER_TKIP)
-                       wps->encr_types |= WPS_ENCR_TKIP;
-       }
+                       wps->encr_types_rsn |= WPS_ENCR_TKIP;
+               }
index da88732..a48b696 100644 (file)
@@ -64,7 +64,7 @@
  #ifdef CONFIG_DEBUG_FILE
  static char *last_path = NULL;
  #endif /* CONFIG_DEBUG_FILE */
-@@ -602,7 +576,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_
+@@ -604,7 +578,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_
  }
  
  
@@ -73,7 +73,7 @@
  {
        va_list ap;
        char *buf;
-@@ -640,7 +614,7 @@ void wpa_msg(void *ctx, int level, const
+@@ -642,7 +616,7 @@ void wpa_msg(void *ctx, int level, const
  }
  
  
  
  /*
   * wpa_dbg() behaves like wpa_msg(), but it can be removed from build to reduce
-@@ -181,7 +222,12 @@ void wpa_hexdump_ascii_key(int level, co
+@@ -182,7 +223,12 @@ void wpa_hexdump_ascii_key(int level, co
   *
   * Note: New line '\n' is added to the end of the text when printing to stdout.
   */
  
  /**
   * wpa_msg_ctrl - Conditional printf for ctrl_iface monitors
-@@ -195,8 +241,13 @@ void wpa_msg(void *ctx, int level, const
+@@ -196,8 +242,13 @@ void wpa_msg(void *ctx, int level, const
   * attached ctrl_iface monitors. In other words, it can be used for frequent
   * events that do not need to be sent to syslog.
   */
index 64c92df..234537a 100644 (file)
@@ -8,16 +8,16 @@
  #include "crypto/random.h"
  #include "crypto/tls.h"
  #include "common/version.h"
-@@ -567,7 +568,7 @@ int main(int argc, char *argv[])
+@@ -593,7 +594,7 @@ int main(int argc, char *argv[])
  
        wpa_supplicant_event = hostapd_wpa_event;
        for (;;) {
--              c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:vg:G:");
-+              c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:g:G:v::");
+-              c = getopt(argc, argv, "b:Bde:f:hKP:STtu:vg:G:");
++              c = getopt(argc, argv, "b:Bde:f:hKP:STtu:g:G:v::");
                if (c < 0)
                        break;
                switch (c) {
-@@ -604,6 +605,8 @@ int main(int argc, char *argv[])
+@@ -630,6 +631,8 @@ int main(int argc, char *argv[])
                        break;
  #endif /* CONFIG_DEBUG_LINUX_TRACING */
                case 'v':
  
  #include "common.h"
 +#include "build_features.h"
+ #include "fst/fst.h"
  #include "wpa_supplicant_i.h"
  #include "driver_i.h"
- #include "p2p_supplicant.h"
-@@ -176,7 +177,7 @@ int main(int argc, char *argv[])
+@@ -177,7 +178,7 @@ int main(int argc, char *argv[])
  
        for (;;) {
                c = getopt(argc, argv,
@@ -45,7 +45,7 @@
                if (c < 0)
                        break;
                switch (c) {
-@@ -279,8 +280,12 @@ int main(int argc, char *argv[])
+@@ -280,8 +281,12 @@ int main(int argc, char *argv[])
                        break;
  #endif /* CONFIG_DBUS */
                case 'v':
index 85d2e16..9ecd786 100644 (file)
@@ -1,6 +1,6 @@
 --- a/hostapd/hostapd_cli.c
 +++ b/hostapd/hostapd_cli.c
-@@ -67,7 +67,6 @@ static const char *commands_help =
+@@ -68,7 +68,6 @@ static const char *const commands_help =
  #ifdef CONFIG_IEEE80211W
  "   sa_query <addr>      send SA Query to a station\n"
  #endif /* CONFIG_IEEE80211W */
@@ -8,7 +8,7 @@
  "   wps_pin <uuid> <pin> [timeout] [addr]  add WPS Enrollee PIN\n"
  "   wps_check_pin <PIN>  verify PIN checksum\n"
  "   wps_pbc              indicate button pushed to initiate PBC\n"
-@@ -80,7 +79,6 @@ static const char *commands_help =
+@@ -81,7 +80,6 @@ static const char *const commands_help =
  "   wps_ap_pin <cmd> [params..]  enable/disable AP PIN\n"
  "   wps_config <SSID> <auth> <encr> <key>  configure AP\n"
  "   wps_get_status       show current WPS status\n"
@@ -16,7 +16,7 @@
  "   get_config           show current configuration\n"
  "   help                 show this usage help\n"
  "   interface [ifname]   show interfaces/select interface\n"
-@@ -353,7 +351,6 @@ static int hostapd_cli_cmd_sa_query(stru
+@@ -364,7 +362,6 @@ static int hostapd_cli_cmd_sa_query(stru
  #endif /* CONFIG_IEEE80211W */
  
  
@@ -24,7 +24,7 @@
  static int hostapd_cli_cmd_wps_pin(struct wpa_ctrl *ctrl, int argc,
                                   char *argv[])
  {
-@@ -579,7 +576,6 @@ static int hostapd_cli_cmd_wps_config(st
+@@ -590,7 +587,6 @@ static int hostapd_cli_cmd_wps_config(st
                         ssid_hex, argv[1]);
        return wpa_ctrl_command(ctrl, buf);
  }
@@ -32,7 +32,7 @@
  
  
  static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc,
-@@ -1027,7 +1023,6 @@ static struct hostapd_cli_cmd hostapd_cl
+@@ -1086,7 +1082,6 @@ static const struct hostapd_cli_cmd host
  #ifdef CONFIG_IEEE80211W
        { "sa_query", hostapd_cli_cmd_sa_query },
  #endif /* CONFIG_IEEE80211W */
@@ -40,7 +40,7 @@
        { "wps_pin", hostapd_cli_cmd_wps_pin },
        { "wps_check_pin", hostapd_cli_cmd_wps_check_pin },
        { "wps_pbc", hostapd_cli_cmd_wps_pbc },
-@@ -1041,7 +1036,6 @@ static struct hostapd_cli_cmd hostapd_cl
+@@ -1100,7 +1095,6 @@ static const struct hostapd_cli_cmd host
        { "wps_ap_pin", hostapd_cli_cmd_wps_ap_pin },
        { "wps_config", hostapd_cli_cmd_wps_config },
        { "wps_get_status", hostapd_cli_cmd_wps_get_status },
index 874ff4b..256f6b5 100644 (file)
@@ -1,13 +1,12 @@
 --- a/wpa_supplicant/wpa_cli.c
 +++ b/wpa_supplicant/wpa_cli.c
-@@ -26,6 +26,10 @@
+@@ -25,6 +25,9 @@
+ #include <cutils/properties.h>
  #endif /* ANDROID */
  
 +#ifndef CONFIG_P2P
 +#define CONFIG_P2P
 +#endif
-+
- static const char *wpa_cli_version =
+ static const char *const wpa_cli_version =
  "wpa_cli v" VERSION_STR "\n"
- "Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi> and contributors";
diff --git a/package/network/services/hostapd/patches/440-max_num_sta_probe.patch b/package/network/services/hostapd/patches/440-max_num_sta_probe.patch
deleted file mode 100644 (file)
index 74aef26..0000000
+++ /dev/null
@@ -1,13 +0,0 @@
---- a/src/ap/beacon.c
-+++ b/src/ap/beacon.c
-@@ -664,6 +664,10 @@ void handle_probe_req(struct hostapd_dat
-               return;
-       }
-+      if (!sta && hapd->num_sta >= hapd->conf->max_num_sta)
-+              wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR " ignored,"
-+                         " too many connected stations.", MAC2STR(mgmt->sa));
-+
- #ifdef CONFIG_INTERWORKING
-       if (hapd->conf->interworking &&
-           elems.interworking && elems.interworking_len >= 1) {
index 87ebd45..192006a 100644 (file)
@@ -1,6 +1,6 @@
 --- a/hostapd/main.c
 +++ b/hostapd/main.c
-@@ -36,6 +36,8 @@ struct hapd_global {
+@@ -37,6 +37,8 @@ struct hapd_global {
  };
  
  static struct hapd_global global;
@@ -9,7 +9,7 @@
  
  
  #ifndef CONFIG_NO_HOSTAPD_LOGGER
-@@ -142,6 +144,14 @@ static void hostapd_logger_cb(void *ctx,
+@@ -143,6 +145,14 @@ static void hostapd_logger_cb(void *ctx,
  }
  #endif /* CONFIG_NO_HOSTAPD_LOGGER */
  
@@ -24,7 +24,7 @@
  
  /**
   * hostapd_driver_init - Preparate driver interface
-@@ -160,6 +170,8 @@ static int hostapd_driver_init(struct ho
+@@ -161,6 +171,8 @@ static int hostapd_driver_init(struct ho
                return -1;
        }
  
@@ -33,7 +33,7 @@
        /* Initialize the driver interface */
        if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5]))
                b = NULL;
-@@ -381,8 +393,6 @@ static void hostapd_global_deinit(const
+@@ -382,8 +394,6 @@ static void hostapd_global_deinit(const
  #endif /* CONFIG_NATIVE_WINDOWS */
  
        eap_server_unregister_methods();
@@ -42,7 +42,7 @@
  }
  
  
-@@ -408,11 +418,6 @@ static int hostapd_global_run(struct hap
+@@ -409,11 +419,6 @@ static int hostapd_global_run(struct hap
        }
  #endif /* EAP_SERVER_TNC */
  
@@ -54,7 +54,7 @@
        eloop_run();
  
        return 0;
-@@ -542,8 +547,7 @@ int main(int argc, char *argv[])
+@@ -566,8 +571,7 @@ int main(int argc, char *argv[])
        struct hapd_interfaces interfaces;
        int ret = 1;
        size_t i, j;
index 217e701..426ffc5 100644 (file)
@@ -20,9 +20,9 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
  
 +#include "drivers/nl80211_copy.h"
  #include "common/defs.h"
+ #include "common/ieee802_11_defs.h"
  #include "utils/list.h"
-@@ -538,6 +539,9 @@ struct wpa_driver_associate_params {
+@@ -570,6 +571,9 @@ struct wpa_driver_associate_params {
         * responsible for selecting with which BSS to associate. */
        const u8 *bssid;
  
@@ -34,15 +34,15 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
         *
 --- a/wpa_supplicant/config.c
 +++ b/wpa_supplicant/config.c
-@@ -15,6 +15,7 @@
- #include "rsn_supp/wpa.h"
+@@ -16,6 +16,7 @@
  #include "eap_peer/eap.h"
  #include "p2p/p2p.h"
+ #include "fst/fst.h"
 +#include "drivers/nl80211_copy.h"
  #include "config.h"
  
  
-@@ -1722,6 +1723,97 @@ static char * wpa_config_write_mesh_basi
+@@ -1742,6 +1743,97 @@ static char * wpa_config_write_mesh_basi
  #endif /* CONFIG_MESH */
  
  
@@ -140,7 +140,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
  /* Helper macros for network block parser */
  
  #ifdef OFFSET
-@@ -1947,6 +2039,9 @@ static const struct parse_data ssid_fiel
+@@ -1973,6 +2065,9 @@ static const struct parse_data ssid_fiel
        { INT(ap_max_inactivity) },
        { INT(dtim_period) },
        { INT(beacon_int) },
@@ -158,9 +158,9 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
  #include "eap_peer/eap_config.h"
 +#include "drivers/nl80211_copy.h"
  
- #define MAX_SSID_LEN 32
  
-@@ -675,6 +676,9 @@ struct wpa_ssid {
+ #define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
+@@ -698,6 +699,9 @@ struct wpa_ssid {
         */
        void *parent_cred;
  
@@ -172,7 +172,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
         * macsec_policy - Determines the policy for MACsec secure session
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2266,6 +2266,13 @@ static void wpas_start_assoc_cb(struct w
+@@ -2421,6 +2421,13 @@ static void wpas_start_assoc_cb(struct w
                        params.beacon_int = ssid->beacon_int;
                else
                        params.beacon_int = wpa_s->conf->beacon_int;
index 730cc31..faff322 100644 (file)
@@ -10,7 +10,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
 
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -4398,7 +4398,7 @@ static int wpa_driver_nl80211_ibss(struc
+@@ -4491,7 +4491,7 @@ static int wpa_driver_nl80211_ibss(struc
                                   struct wpa_driver_associate_params *params)
  {
        struct nl_msg *msg;
@@ -19,7 +19,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
        int count = 0;
  
        wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
-@@ -4425,6 +4425,37 @@ retry:
+@@ -4518,6 +4518,37 @@ retry:
            nl80211_put_beacon_int(msg, params->beacon_int))
                goto fail;
  
index 30bb2dc..62ce84e 100644 (file)
@@ -16,7 +16,7 @@ Signed-off-by: Antonio Quartulli <ordex@autistici.org>
 
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -541,6 +541,8 @@ struct wpa_driver_associate_params {
+@@ -573,6 +573,8 @@ struct wpa_driver_associate_params {
  
        unsigned char rates[NL80211_MAX_SUPP_RATES];
        int mcast_rate;
@@ -27,7 +27,7 @@ Signed-off-by: Antonio Quartulli <ordex@autistici.org>
         * bssid_hint - BSSID of a proposed AP
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -4456,6 +4456,22 @@ retry:
+@@ -4549,6 +4549,22 @@ retry:
                nla_put_u32(msg, NL80211_ATTR_MCAST_RATE, params->mcast_rate);
        }
  
@@ -52,7 +52,7 @@ Signed-off-by: Antonio Quartulli <ordex@autistici.org>
                goto fail;
 --- a/wpa_supplicant/config.c
 +++ b/wpa_supplicant/config.c
-@@ -1754,6 +1754,71 @@ static char * wpa_config_write_mcast_rat
+@@ -1774,6 +1774,71 @@ static char * wpa_config_write_mcast_rat
  }
  #endif /* NO_CONFIG_WRITE */
  
@@ -124,7 +124,7 @@ Signed-off-by: Antonio Quartulli <ordex@autistici.org>
  static int wpa_config_parse_rates(const struct parse_data *data,
                                  struct wpa_ssid *ssid, int line,
                                  const char *value)
-@@ -2042,6 +2107,7 @@ static const struct parse_data ssid_fiel
+@@ -2068,6 +2133,7 @@ static const struct parse_data ssid_fiel
        { INT_RANGE(fixed_freq, 0, 1) },
        { FUNC(rates) },
        { FUNC(mcast_rate) },
@@ -134,7 +134,7 @@ Signed-off-by: Antonio Quartulli <ordex@autistici.org>
  #endif /* CONFIG_MACSEC */
 --- a/wpa_supplicant/config_ssid.h
 +++ b/wpa_supplicant/config_ssid.h
-@@ -678,6 +678,8 @@ struct wpa_ssid {
+@@ -701,6 +701,8 @@ struct wpa_ssid {
  
        unsigned char rates[NL80211_MAX_SUPP_RATES];
        double mcast_rate;
@@ -145,7 +145,7 @@ Signed-off-by: Antonio Quartulli <ordex@autistici.org>
        /**
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2273,6 +2273,8 @@ static void wpas_start_assoc_cb(struct w
+@@ -2428,6 +2428,8 @@ static void wpas_start_assoc_cb(struct w
                        i++;
                }
                params.mcast_rate = ssid->mcast_rate;
diff --git a/package/network/services/hostapd/patches/470-wait-for-nullfunc-longer.patch b/package/network/services/hostapd/patches/470-wait-for-nullfunc-longer.patch
deleted file mode 100644 (file)
index e6bbddd..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/src/ap/sta_info.h
-+++ b/src/ap/sta_info.h
-@@ -179,7 +179,7 @@ struct sta_info {
-  * AP_DISASSOC_DELAY seconds. Similarly, the station will be deauthenticated
-  * after AP_DEAUTH_DELAY seconds has passed after disassociation. */
- #define AP_MAX_INACTIVITY (5 * 60)
--#define AP_DISASSOC_DELAY (1)
-+#define AP_DISASSOC_DELAY (3)
- #define AP_DEAUTH_DELAY (1)
- /* Number of seconds to keep STA entry with Authenticated flag after it has
-  * been disassociated. */
index df2eac8..0a61aef 100644 (file)
@@ -1,6 +1,6 @@
 --- a/hostapd/Makefile
 +++ b/hostapd/Makefile
-@@ -121,6 +121,11 @@ OBJS += ../src/common/hw_features_common
+@@ -155,6 +155,11 @@ OBJS += ../src/common/hw_features_common
  
  OBJS += ../src/eapol_auth/eapol_auth_sm.o
  
@@ -22,7 +22,7 @@
  
  struct wpa_ctrl_dst;
  struct radius_server_data;
-@@ -103,6 +104,7 @@ struct hostapd_data {
+@@ -107,6 +108,7 @@ struct hostapd_data {
        struct hostapd_iface *iface;
        struct hostapd_config *iconf;
        struct hostapd_bss_config *conf;
@@ -30,7 +30,7 @@
        int interface_added; /* virtual interface added for this BSS */
        unsigned int started:1;
        unsigned int disabled:1;
-@@ -286,6 +288,8 @@ struct hostapd_iface {
+@@ -299,6 +301,8 @@ struct hostapd_iface {
        struct hostapd_config *conf;
        char phy[16]; /* Name of the PHY (radio) */
  
@@ -41,7 +41,7 @@
                HAPD_IFACE_DISABLED,
 --- /dev/null
 +++ b/src/ap/ubus.c
-@@ -0,0 +1,511 @@
+@@ -0,0 +1,536 @@
 +/*
 + * hostapd / ubus support
 + * Copyright (c) 2013, Felix Fietkau <nbd@openwrt.org>
@@ -58,6 +58,8 @@
 +#include "wps_hostapd.h"
 +#include "sta_info.h"
 +#include "ubus.h"
++#include "ap_drv_ops.h"
++#include "beacon.h"
 +
 +static struct ubus_context *ctx;
 +static struct blob_buf b;
 +{
 +      struct blob_attr *tb[__VENDOR_ELEMENTS_MAX];
 +      struct hostapd_data *hapd = get_hapd_from_object(obj);
++      struct hostapd_bss_config *bss = hapd->conf;
++      struct wpabuf *elems;
++      const char *pos;
++      size_t len;
 +
 +      blobmsg_parse(ve_policy, __VENDOR_ELEMENTS_MAX, tb,
 +                    blob_data(msg), blob_len(msg));
 +      if (!tb[VENDOR_ELEMENTS])
 +              return UBUS_STATUS_INVALID_ARGUMENT;
 +
-+      const char *vendor_elements = blobmsg_data(tb[VENDOR_ELEMENTS]);
-+      if (hostapd_set_iface(hapd->iconf, hapd->conf, "vendor_elements",
-+                            vendor_elements) != 0)
-+              return UBUS_STATUS_NOT_SUPPORTED;
++      pos = blobmsg_data(tb[VENDOR_ELEMENTS]);
++      len = os_strlen(pos);
++      if (len & 0x01)
++                      return UBUS_STATUS_INVALID_ARGUMENT;
++
++      len /= 2;
++      if (len == 0) {
++              wpabuf_free(bss->vendor_elements);
++              bss->vendor_elements = NULL;
++              return 0;
++      }
++
++      elems = wpabuf_alloc(len);
++      if (elems == NULL)
++              return 1;
++
++      if (hexstr2bin(pos, wpabuf_put(elems, len), len)) {
++              wpabuf_free(elems);
++              return UBUS_STATUS_INVALID_ARGUMENT;
++      }
++
++      wpabuf_free(bss->vendor_elements);
++      bss->vendor_elements = elems;
 +
 +      /* update beacons if vendor elements were set successfully */
 +      if (ieee802_11_update_beacons(hapd->iface) != 0)
 +#endif
 --- a/src/ap/hostapd.c
 +++ b/src/ap/hostapd.c
-@@ -277,6 +277,7 @@ static void hostapd_free_hapd_data(struc
+@@ -280,6 +280,7 @@ static void hostapd_free_hapd_data(struc
        hapd->started = 0;
  
        wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface);
        iapp_deinit(hapd->iapp);
        hapd->iapp = NULL;
        accounting_deinit(hapd);
-@@ -1098,6 +1099,8 @@ static int hostapd_setup_bss(struct host
+@@ -1118,6 +1119,8 @@ static int hostapd_setup_bss(struct host
        if (hapd->driver && hapd->driver->set_operstate)
                hapd->driver->set_operstate(hapd->drv_priv, 1);
  
        return 0;
  }
  
-@@ -1384,6 +1387,7 @@ int hostapd_setup_interface_complete(str
+@@ -1523,6 +1526,7 @@ static int hostapd_setup_interface_compl
        if (err)
                goto fail;
  
        wpa_printf(MSG_DEBUG, "Completing interface initialization");
        if (iface->conf->channel) {
  #ifdef NEED_AP_MLME
-@@ -1544,6 +1548,7 @@ dfs_offload:
+@@ -1700,6 +1704,7 @@ dfs_offload:
  
  fail:
        wpa_printf(MSG_ERROR, "Interface initialization failed");
 +      hostapd_ubus_free_iface(iface);
        hostapd_set_state(iface, HAPD_IFACE_DISABLED);
        wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED);
-       if (iface->interfaces && iface->interfaces->terminate_on_error)
-@@ -1873,6 +1878,7 @@ void hostapd_interface_deinit_free(struc
+ #ifdef CONFIG_FST
+@@ -2125,6 +2130,7 @@ void hostapd_interface_deinit_free(struc
                   (unsigned int) iface->conf->num_bss);
        driver = iface->bss[0]->driver;
        drv_priv = iface->bss[0]->drv_priv;
                   __func__, driver, drv_priv);
 --- a/src/ap/ieee802_11.c
 +++ b/src/ap/ieee802_11.c
-@@ -881,7 +881,8 @@ int auth_sae_init_committed(struct hosta
+@@ -877,7 +877,8 @@ int auth_sae_init_committed(struct hosta
  
  
  static void handle_auth(struct hostapd_data *hapd,
  {
        u16 auth_alg, auth_transaction, status_code;
        u16 resp = WLAN_STATUS_SUCCESS;
-@@ -897,6 +898,11 @@ static void handle_auth(struct hostapd_d
+@@ -893,6 +894,11 @@ static void handle_auth(struct hostapd_d
        char *identity = NULL;
        char *radius_cui = NULL;
        u16 seq_ctrl;
  
        if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
                wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
-@@ -983,6 +989,14 @@ static void handle_auth(struct hostapd_d
+@@ -1044,6 +1050,14 @@ static void handle_auth(struct hostapd_d
                resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
                goto fail;
        }
        if (res == HOSTAPD_ACL_PENDING) {
                wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR
                           " waiting for an external authentication",
-@@ -1694,13 +1708,18 @@ static void send_assoc_resp(struct hosta
+@@ -1776,13 +1790,18 @@ static void send_assoc_resp(struct hosta
  
  static void handle_assoc(struct hostapd_data *hapd,
                         const struct ieee80211_mgmt *mgmt, size_t len,
  
        if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
                                      sizeof(mgmt->u.assoc_req))) {
-@@ -1820,6 +1839,13 @@ static void handle_assoc(struct hostapd_
+@@ -1902,6 +1921,13 @@ static void handle_assoc(struct hostapd_
                goto fail;
        }
  
        sta->capability = capab_info;
        sta->listen_interval = listen_interval;
  
-@@ -2236,7 +2262,7 @@ int ieee802_11_mgmt(struct hostapd_data
+@@ -2328,7 +2354,7 @@ int ieee802_11_mgmt(struct hostapd_data
  
  
        if (stype == WLAN_FC_STYPE_PROBE_REQ) {
                return 1;
        }
  
-@@ -2251,17 +2277,17 @@ int ieee802_11_mgmt(struct hostapd_data
+@@ -2346,17 +2372,17 @@ int ieee802_11_mgmt(struct hostapd_data
        switch (stype) {
        case WLAN_FC_STYPE_AUTH:
                wpa_printf(MSG_DEBUG, "mgmt::auth");
        case WLAN_FC_STYPE_DISASSOC:
 --- a/src/ap/beacon.c
 +++ b/src/ap/beacon.c
-@@ -542,7 +542,7 @@ static enum ssid_match_result ssid_match
+@@ -667,7 +667,7 @@ sta_track_seen_on(struct hostapd_iface *
  
  void handle_probe_req(struct hostapd_data *hapd,
                      const struct ieee80211_mgmt *mgmt, size_t len,
  {
        u8 *resp;
        struct ieee802_11_elems elems;
-@@ -550,8 +550,14 @@ void handle_probe_req(struct hostapd_dat
-       size_t ie_len;
-       struct sta_info *sta = NULL;
+@@ -676,9 +676,15 @@ void handle_probe_req(struct hostapd_dat
        size_t i, resp_len;
-+      int ssi_signal = fi->ssi_signal;
        int noack;
        enum ssid_match_result res;
++      int ssi_signal = fi->ssi_signal;
+       int ret;
+       u16 csa_offs[2];
+       size_t csa_offs_len;
 +      struct hostapd_ubus_request req = {
 +              .type = HOSTAPD_UBUS_PROBE_REQ,
 +              .mgmt_frame = mgmt,
  
        ie = mgmt->u.probe_req.variable;
        if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.probe_req))
-@@ -710,6 +716,12 @@ void handle_probe_req(struct hostapd_dat
+@@ -830,6 +836,12 @@ void handle_probe_req(struct hostapd_dat
        }
  #endif /* CONFIG_P2P */
  
  int ieee802_11_update_beacons(struct hostapd_iface *iface);
 --- a/src/ap/drv_callbacks.c
 +++ b/src/ap/drv_callbacks.c
-@@ -49,6 +49,10 @@ int hostapd_notif_assoc(struct hostapd_d
+@@ -51,6 +51,10 @@ int hostapd_notif_assoc(struct hostapd_d
        u16 reason = WLAN_REASON_UNSPECIFIED;
        u16 status = WLAN_STATUS_SUCCESS;
        const u8 *p2p_dev_addr = NULL;
  
        if (addr == NULL) {
                /*
-@@ -113,6 +117,12 @@ int hostapd_notif_assoc(struct hostapd_d
+@@ -123,6 +127,12 @@ int hostapd_notif_assoc(struct hostapd_d
+               goto fail;
        }
-       sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2);
  
 +      if (hostapd_ubus_handle_event(hapd, &req)) {
 +              wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",