[LEDE-DEV] [PATCH] hostapd: update to git snapshot of 2018-03-13

Daniel Golle daniel at makrotopia.org
Wed Mar 14 17:29:03 PDT 2018


Update hostapd sources to current git snapshot to get rid of local
patches and pave the road towards using WPA3 features.

For SAE key management in mesh mode, use the newly introduce
sae_password parameter instead of the psk parameter to also support
SAE keys which would fail the checks applied on the psk field (ie.
length and such).

The following patches were merged upstream:
000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
 replaced by commit 0e3bd7ac6
001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
 replaced by commit cb5132bb3
002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
 replaced by commit 87e2db16b
003-Prevent-installation-of-an-all-zero-TK.patch
 replaced by commit 53bb18cc8
004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
 replaced by commit 0adc9b28b
005-TDLS-Reject-TPK-TK-reconfiguration.patch
 replaced by commit ff89af96e
006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
 replaced by commit adae51f8b
007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
 replaced by commit 2a9c5217b
008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
 replaced by commit a00e946c1
009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
 replaced by commit b488a1294
010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
 replaced by commit 6f234c1e2
011-Additional-consistentcy-checks-for-PTK-component-len.patch
 replaced by commit a6ea66530
012-Clear-BSSID-information-in-supplicant-state-machine-.patch
 replaced by commit c0fe5f125
013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
 replaced by commit 114f2830d

Some patches had to be modified to work with changed upstream source:
380-disable_ctrl_iface_mib.patch
 add more ifdef'ery
plus some minor knits needed for other patches to apply which are not
worth being explicitely listed here.

Signed-off-by: Daniel Golle <daniel at makrotopia.org>
---
Compile tested: ar71xx/generic, ramips/mt7621
Run tested: ramips/mt7621 (MT7603E+MT7612E)

 package/network/services/hostapd/Makefile          |   8 +-
 package/network/services/hostapd/files/hostapd.sh  |   6 +-
 ...-Avoid-key-reinstallation-in-FT-handshake.patch | 154 -------------
 ...nstallation-of-an-already-in-use-group-ke.patch | 244 ---------------------
 ...ection-of-GTK-IGTK-reinstallation-of-WNM-.patch | 182 ---------------
 ...03-Prevent-installation-of-an-all-zero-TK.patch |  73 ------
 ...Fix-PTK-rekeying-to-generate-a-new-ANonce.patch |  56 -----
 .../005-TDLS-Reject-TPK-TK-reconfiguration.patch   | 124 -----------
 ...WNM-Sleep-Mode-Response-without-pending-r.patch |  35 ---
 ...llow-multiple-Reassociation-Response-fram.patch |  68 ------
 ...efense-against-PTK-reinstalls-in-4-way-ha.patch |  34 ---
 ...ength-and-check-for-this-when-deriving-PT.patch |  53 -----
 ...-side-workaround-for-key-reinstallation-a.patch | 221 -------------------
 ...consistentcy-checks-for-PTK-component-len.patch | 100 ---------
 ...-information-in-supplicant-state-machine-.patch |  25 ---
 ...WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch |  35 ---
 .../hostapd/patches/110-no_eapol_fix.patch         |   2 +-
 .../services/hostapd/patches/200-multicall.patch   |  48 ++--
 .../services/hostapd/patches/300-noscan.patch      |   4 +-
 .../hostapd/patches/310-rescan_immediately.patch   |   2 +-
 .../hostapd/patches/330-nl80211_fix_set_freq.patch |   2 +-
 .../patches/350-nl80211_del_beacon_bss.patch       |  10 +-
 .../hostapd/patches/360-ctrl_iface_reload.patch    |  10 +-
 .../hostapd/patches/370-ap_sta_support.patch       |  18 +-
 .../patches/380-disable_ctrl_iface_mib.patch       |  53 +++--
 .../patches/390-wpa_ie_cap_workaround.patch        |   4 +-
 .../patches/400-wps_single_auth_enc_type.patch     |   4 +-
 .../hostapd/patches/420-indicate-features.patch    |   4 +-
 .../hostapd/patches/430-hostapd_cli_ifdef.patch    |   4 +-
 .../services/hostapd/patches/450-scan_wait.patch   |  12 +-
 ...ant-add-new-config-params-to-be-used-with.patch |  12 +-
 ...80211-use-new-parameters-during-ibss-join.patch |   4 +-
 .../patches/463-add-mcast_rate-to-11s.patch        |   6 +-
 .../hostapd/patches/464-fix-mesh-obss-check.patch  |   2 +-
 .../hostapd/patches/600-ubus_support.patch         |  52 +++--
 35 files changed, 147 insertions(+), 1524 deletions(-)
 delete mode 100644 package/network/services/hostapd/patches/000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
 delete mode 100644 package/network/services/hostapd/patches/001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
 delete mode 100644 package/network/services/hostapd/patches/002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
 delete mode 100644 package/network/services/hostapd/patches/003-Prevent-installation-of-an-all-zero-TK.patch
 delete mode 100644 package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
 delete mode 100644 package/network/services/hostapd/patches/005-TDLS-Reject-TPK-TK-reconfiguration.patch
 delete mode 100644 package/network/services/hostapd/patches/006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
 delete mode 100644 package/network/services/hostapd/patches/007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
 delete mode 100644 package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
 delete mode 100644 package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
 delete mode 100644 package/network/services/hostapd/patches/010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
 delete mode 100644 package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch
 delete mode 100644 package/network/services/hostapd/patches/012-Clear-BSSID-information-in-supplicant-state-machine-.patch
 delete mode 100644 package/network/services/hostapd/patches/013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch

diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index 51f1692933..bd5832aa75 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -7,13 +7,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
-PKG_RELEASE:=6
+PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2017-08-24
-PKG_SOURCE_VERSION:=c2d4f2eb5dba0b5c5a8c5805823084da958a9b52
-PKG_MIRROR_HASH:=c6ad9a73fc1ae0ba8bc48f71cf14394b274bc9c2c1d1b53c2775f08312597e74
+PKG_SOURCE_DATE:=2018-03-13
+PKG_SOURCE_VERSION:=c63e69c3799bd7eb89c6bd4f1b0d1932b8869247
+PKG_MIRROR_HASH:=0c3a5cf6499c31b8f6bd6973edc38cd7f6d92b6eb8735aaf43b3680d499c273a
 
 PKG_MAINTAINER:=Felix Fietkau <nbd at nbd.name>
 PKG_LICENSE:=BSD-3-Clause
diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 334694abfa..2d2c6a7c79 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -706,7 +706,11 @@ wpa_supplicant_add_network() {
 			if [ ${#key} -eq 64 ]; then
 				passphrase="psk=${key}"
 			else
-				passphrase="psk=\"${key}\""
+				if [ "$_w_mode" = "mesh" ]; then
+					passphrase="sae_password=\"${key}\""
+				else
+					passphrase="psk=\"${key}\""
+				fi
 			fi
 			append network_data "$passphrase" "$N$T"
 		;;
diff --git a/package/network/services/hostapd/patches/000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/package/network/services/hostapd/patches/000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
deleted file mode 100644
index 14b2d7c717..0000000000
--- a/package/network/services/hostapd/patches/000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
+++ /dev/null
@@ -1,154 +0,0 @@
-From: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
-Date: Fri, 14 Jul 2017 15:15:35 +0200
-Subject: [PATCH] hostapd: Avoid key reinstallation in FT handshake
-
-Do not reinstall TK to the driver during Reassociation Response frame
-processing if the first attempt of setting the TK succeeded. This avoids
-issues related to clearing the TX/RX PN that could result in reusing
-same PN values for transmitted frames (e.g., due to CCM nonce reuse and
-also hitting replay protection on the receiver) and accepting replayed
-frames on RX side.
-
-This issue was introduced by the commit
-0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
-authenticator') which allowed wpa_ft_install_ptk() to be called multiple
-times with the same PTK. While the second configuration attempt is
-needed with some drivers, it must be done only if the first attempt
-failed.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
----
-
---- a/src/ap/ieee802_11.c
-+++ b/src/ap/ieee802_11.c
-@@ -2522,6 +2522,7 @@ static int add_associated_sta(struct hos
- {
- 	struct ieee80211_ht_capabilities ht_cap;
- 	struct ieee80211_vht_capabilities vht_cap;
-+	int set = 1;
- 
- 	/*
- 	 * Remove the STA entry to ensure the STA PS state gets cleared and
-@@ -2529,9 +2530,18 @@ static int add_associated_sta(struct hos
- 	 * FT-over-the-DS, where a station re-associates back to the same AP but
- 	 * skips the authentication flow, or if working with a driver that
- 	 * does not support full AP client state.
-+	 *
-+	 * Skip this if the STA has already completed FT reassociation and the
-+	 * TK has been configured since the TX/RX PN must not be reset to 0 for
-+	 * the same key.
- 	 */
--	if (!sta->added_unassoc)
-+	if (!sta->added_unassoc &&
-+	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
-+	     !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
- 		hostapd_drv_sta_remove(hapd, sta->addr);
-+		wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
-+		set = 0;
-+	}
- 
- #ifdef CONFIG_IEEE80211N
- 	if (sta->flags & WLAN_STA_HT)
-@@ -2554,11 +2564,11 @@ static int add_associated_sta(struct hos
- 			    sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
- 			    sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
- 			    sta->vht_opmode, sta->p2p_ie ? 1 : 0,
--			    sta->added_unassoc)) {
-+			    set)) {
- 		hostapd_logger(hapd, sta->addr,
- 			       HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
- 			       "Could not %s STA to kernel driver",
--			       sta->added_unassoc ? "set" : "add");
-+			       set ? "set" : "add");
- 
- 		if (sta->added_unassoc) {
- 			hostapd_drv_sta_remove(hapd, sta->addr);
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -1783,6 +1783,9 @@ int wpa_auth_sm_event(struct wpa_state_m
- #else /* CONFIG_FILS */
- 		break;
- #endif /* CONFIG_FILS */
-+	case WPA_DRV_STA_REMOVED:
-+		sm->tk_already_set = FALSE;
-+		return 0;
- 	}
- 
- #ifdef CONFIG_IEEE80211R_AP
-@@ -3922,6 +3925,14 @@ int wpa_auth_sta_wpa_version(struct wpa_
- }
- 
- 
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
-+{
-+	if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
-+		return 0;
-+	return sm->tk_already_set;
-+}
-+
-+
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- 			     struct rsn_pmksa_cache_entry *entry)
- {
---- a/src/ap/wpa_auth.h
-+++ b/src/ap/wpa_auth.h
-@@ -300,7 +300,7 @@ void wpa_receive(struct wpa_authenticato
- 		 u8 *data, size_t data_len);
- enum wpa_event {
- 	WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
--	WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_ASSOC_FILS
-+	WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_ASSOC_FILS, WPA_DRV_STA_REMOVED
- };
- void wpa_remove_ptk(struct wpa_state_machine *sm);
- int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
-@@ -313,6 +313,7 @@ int wpa_auth_pairwise_set(struct wpa_sta
- int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
- int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
- int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- 			     struct rsn_pmksa_cache_entry *entry);
- struct rsn_pmksa_cache_entry *
---- a/src/ap/wpa_auth_ft.c
-+++ b/src/ap/wpa_auth_ft.c
-@@ -1937,6 +1937,14 @@ void wpa_ft_install_ptk(struct wpa_state
- 		return;
- 	}
- 
-+	if (sm->tk_already_set) {
-+		/* Must avoid TK reconfiguration to prevent clearing of TX/RX
-+		 * PN in the driver */
-+		wpa_printf(MSG_DEBUG,
-+			   "FT: Do not re-install same PTK to the driver");
-+		return;
-+	}
-+
- 	/* FIX: add STA entry to kernel/driver here? The set_key will fail
- 	 * most likely without this.. At the moment, STA entry is added only
- 	 * after association has been completed. This function will be called
-@@ -1949,6 +1957,7 @@ void wpa_ft_install_ptk(struct wpa_state
- 
- 	/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
- 	sm->pairwise_set = TRUE;
-+	sm->tk_already_set = TRUE;
- }
- 
- 
-@@ -2152,6 +2161,7 @@ static int wpa_ft_process_auth_req(struc
- 
- 	sm->pairwise = pairwise;
- 	sm->PTK_valid = TRUE;
-+	sm->tk_already_set = FALSE;
- 	wpa_ft_install_ptk(sm);
- 
- 	buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
---- a/src/ap/wpa_auth_i.h
-+++ b/src/ap/wpa_auth_i.h
-@@ -61,6 +61,7 @@ struct wpa_state_machine {
- 	struct wpa_ptk PTK;
- 	Boolean PTK_valid;
- 	Boolean pairwise_set;
-+	Boolean tk_already_set;
- 	int keycount;
- 	Boolean Pair;
- 	struct wpa_key_replay_counter {
diff --git a/package/network/services/hostapd/patches/001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch b/package/network/services/hostapd/patches/001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
deleted file mode 100644
index b283bf887d..0000000000
--- a/package/network/services/hostapd/patches/001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
+++ /dev/null
@@ -1,244 +0,0 @@
-From: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
-Date: Wed, 12 Jul 2017 16:03:24 +0200
-Subject: [PATCH] Prevent reinstallation of an already in-use group key
-
-Track the current GTK and IGTK that is in use and when receiving a
-(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
-not install the given key if it is already in use. This prevents an
-attacker from trying to trick the client into resetting or lowering the
-sequence counter associated to the group key.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
----
-
---- a/src/common/wpa_common.h
-+++ b/src/common/wpa_common.h
-@@ -218,6 +218,17 @@ struct wpa_ptk {
- 	size_t tk_len;
- };
- 
-+struct wpa_gtk {
-+	u8 gtk[WPA_GTK_MAX_LEN];
-+	size_t gtk_len;
-+};
-+
-+#ifdef CONFIG_IEEE80211W
-+struct wpa_igtk {
-+	u8 igtk[WPA_IGTK_MAX_LEN];
-+	size_t igtk_len;
-+};
-+#endif /* CONFIG_IEEE80211W */
- 
- /* WPA IE version 1
-  * 00-50-f2:1 (OUI:OUI type)
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -800,6 +800,15 @@ static int wpa_supplicant_install_gtk(st
- 	const u8 *_gtk = gd->gtk;
- 	u8 gtk_buf[32];
- 
-+	/* Detect possible key reinstallation */
-+	if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-+	    os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
-+		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+			"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
-+			gd->keyidx, gd->tx, gd->gtk_len);
-+		return 0;
-+	}
-+
- 	wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
- 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- 		"WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
-@@ -834,6 +843,9 @@ static int wpa_supplicant_install_gtk(st
- 	}
- 	os_memset(gtk_buf, 0, sizeof(gtk_buf));
- 
-+	sm->gtk.gtk_len = gd->gtk_len;
-+	os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+
- 	return 0;
- }
- 
-@@ -940,6 +952,48 @@ static int wpa_supplicant_pairwise_gtk(s
- }
- 
- 
-+#ifdef CONFIG_IEEE80211W
-+static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
-+				       const struct wpa_igtk_kde *igtk)
-+{
-+	size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
-+	u16 keyidx = WPA_GET_LE16(igtk->keyid);
-+
-+	/* Detect possible key reinstallation */
-+	if (sm->igtk.igtk_len == len &&
-+	    os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
-+		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+			"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
-+			keyidx);
-+		return  0;
-+	}
-+
-+	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+		"WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
-+		keyidx, MAC2STR(igtk->pn));
-+	wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
-+	if (keyidx > 4095) {
-+		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+			"WPA: Invalid IGTK KeyID %d", keyidx);
-+		return -1;
-+	}
-+	if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-+			   broadcast_ether_addr,
-+			   keyidx, 0, igtk->pn, sizeof(igtk->pn),
-+			   igtk->igtk, len) < 0) {
-+		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+			"WPA: Failed to configure IGTK to the driver");
-+		return -1;
-+	}
-+
-+	sm->igtk.igtk_len = len;
-+	os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+
-+	return 0;
-+}
-+#endif /* CONFIG_IEEE80211W */
-+
-+
- static int ieee80211w_set_keys(struct wpa_sm *sm,
- 			       struct wpa_eapol_ie_parse *ie)
- {
-@@ -950,30 +1004,14 @@ static int ieee80211w_set_keys(struct wp
- 	if (ie->igtk) {
- 		size_t len;
- 		const struct wpa_igtk_kde *igtk;
--		u16 keyidx;
-+
- 		len = wpa_cipher_key_len(sm->mgmt_group_cipher);
- 		if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
- 			return -1;
-+
- 		igtk = (const struct wpa_igtk_kde *) ie->igtk;
--		keyidx = WPA_GET_LE16(igtk->keyid);
--		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
--			"pn %02x%02x%02x%02x%02x%02x",
--			keyidx, MAC2STR(igtk->pn));
--		wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
--				igtk->igtk, len);
--		if (keyidx > 4095) {
--			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
--				"WPA: Invalid IGTK KeyID %d", keyidx);
-+		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
- 			return -1;
--		}
--		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
--				   broadcast_ether_addr,
--				   keyidx, 0, igtk->pn, sizeof(igtk->pn),
--				   igtk->igtk, len) < 0) {
--			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
--				"WPA: Failed to configure IGTK to the driver");
--			return -1;
--		}
- 	}
- 
- 	return 0;
-@@ -2491,7 +2529,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
-  */
- void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- {
--	int clear_ptk = 1;
-+	int clear_keys = 1;
- 
- 	if (sm == NULL)
- 		return;
-@@ -2517,7 +2555,7 @@ void wpa_sm_notify_assoc(struct wpa_sm *
- 		/* Prepare for the next transition */
- 		wpa_ft_prepare_auth_request(sm, NULL);
- 
--		clear_ptk = 0;
-+		clear_keys = 0;
- 	}
- #endif /* CONFIG_IEEE80211R */
- #ifdef CONFIG_FILS
-@@ -2527,11 +2565,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *
- 		 * AUTHENTICATED state to get the EAPOL port Authorized.
- 		 */
- 		wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
--		clear_ptk = 0;
-+		clear_keys = 0;
- 	}
- #endif /* CONFIG_FILS */
- 
--	if (clear_ptk) {
-+	if (clear_keys) {
- 		/*
- 		 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
- 		 * this is not part of a Fast BSS Transition.
-@@ -2541,6 +2579,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *
- 		os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- 		sm->tptk_set = 0;
- 		os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+		os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+#ifdef CONFIG_IEEE80211W
-+		os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+#endif /* CONFIG_IEEE80211W */
- 	}
- 
- #ifdef CONFIG_TDLS
-@@ -3117,6 +3159,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
- 	os_memset(sm->pmk, 0, sizeof(sm->pmk));
- 	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- 	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+	os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+#ifdef CONFIG_IEEE80211W
-+	os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+#endif /* CONFIG_IEEE80211W */
- #ifdef CONFIG_IEEE80211R
- 	os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
- 	os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
-@@ -3189,29 +3235,11 @@ int wpa_wnmsleep_install_key(struct wpa_
- 		os_memset(&gd, 0, sizeof(gd));
- #ifdef CONFIG_IEEE80211W
- 	} else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
--		struct wpa_igtk_kde igd;
--		u16 keyidx;
-+		const struct wpa_igtk_kde *igtk;
- 
--		os_memset(&igd, 0, sizeof(igd));
--		keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
--		os_memcpy(igd.keyid, buf + 2, 2);
--		os_memcpy(igd.pn, buf + 4, 6);
--
--		keyidx = WPA_GET_LE16(igd.keyid);
--		os_memcpy(igd.igtk, buf + 10, keylen);
--
--		wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
--				igd.igtk, keylen);
--		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
--				   broadcast_ether_addr,
--				   keyidx, 0, igd.pn, sizeof(igd.pn),
--				   igd.igtk, keylen) < 0) {
--			wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
--				   "WNM mode");
--			os_memset(&igd, 0, sizeof(igd));
-+		igtk = (const struct wpa_igtk_kde *) (buf + 2);
-+		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
- 			return -1;
--		}
--		os_memset(&igd, 0, sizeof(igd));
- #endif /* CONFIG_IEEE80211W */
- 	} else {
- 		wpa_printf(MSG_DEBUG, "Unknown element id");
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -31,6 +31,10 @@ struct wpa_sm {
- 	u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
- 	int rx_replay_counter_set;
- 	u8 request_counter[WPA_REPLAY_COUNTER_LEN];
-+	struct wpa_gtk gtk;
-+#ifdef CONFIG_IEEE80211W
-+	struct wpa_igtk igtk;
-+#endif /* CONFIG_IEEE80211W */
- 
- 	struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
- 
diff --git a/package/network/services/hostapd/patches/002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch b/package/network/services/hostapd/patches/002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
deleted file mode 100644
index 2093d25e9c..0000000000
--- a/package/network/services/hostapd/patches/002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
+++ /dev/null
@@ -1,182 +0,0 @@
-From: Jouni Malinen <j at w1.fi>
-Date: Sun, 1 Oct 2017 12:12:24 +0300
-Subject: [PATCH] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
- Mode cases
-
-This extends the protection to track last configured GTK/IGTK value
-separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
-corner case where these two different mechanisms may get used when the
-GTK/IGTK has changed and tracking a single value is not sufficient to
-detect a possible key reconfiguration.
-
-Signed-off-by: Jouni Malinen <j at w1.fi>
----
-
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -795,14 +795,17 @@ struct wpa_gtk_data {
- 
- static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- 				      const struct wpa_gtk_data *gd,
--				      const u8 *key_rsc)
-+				      const u8 *key_rsc, int wnm_sleep)
- {
- 	const u8 *_gtk = gd->gtk;
- 	u8 gtk_buf[32];
- 
- 	/* Detect possible key reinstallation */
--	if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
--	    os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
-+	if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-+	     os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
-+	    (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
-+	     os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
-+		       sm->gtk_wnm_sleep.gtk_len) == 0)) {
- 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- 			"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
- 			gd->keyidx, gd->tx, gd->gtk_len);
-@@ -843,8 +846,14 @@ static int wpa_supplicant_install_gtk(st
- 	}
- 	os_memset(gtk_buf, 0, sizeof(gtk_buf));
- 
--	sm->gtk.gtk_len = gd->gtk_len;
--	os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+	if (wnm_sleep) {
-+		sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
-+		os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
-+			  sm->gtk_wnm_sleep.gtk_len);
-+	} else {
-+		sm->gtk.gtk_len = gd->gtk_len;
-+		os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+	}
- 
- 	return 0;
- }
-@@ -938,7 +947,7 @@ static int wpa_supplicant_pairwise_gtk(s
- 	    (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
- 					       gtk_len, gtk_len,
- 					       &gd.key_rsc_len, &gd.alg) ||
--	     wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
-+	     wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
- 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- 			"RSN: Failed to install GTK");
- 		os_memset(&gd, 0, sizeof(gd));
-@@ -954,14 +963,18 @@ static int wpa_supplicant_pairwise_gtk(s
- 
- #ifdef CONFIG_IEEE80211W
- static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
--				       const struct wpa_igtk_kde *igtk)
-+				       const struct wpa_igtk_kde *igtk,
-+				       int wnm_sleep)
- {
- 	size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
- 	u16 keyidx = WPA_GET_LE16(igtk->keyid);
- 
- 	/* Detect possible key reinstallation */
--	if (sm->igtk.igtk_len == len &&
--	    os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
-+	if ((sm->igtk.igtk_len == len &&
-+	     os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
-+	    (sm->igtk_wnm_sleep.igtk_len == len &&
-+	     os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
-+		       sm->igtk_wnm_sleep.igtk_len) == 0)) {
- 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- 			"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
- 			keyidx);
-@@ -986,8 +999,14 @@ static int wpa_supplicant_install_igtk(s
- 		return -1;
- 	}
- 
--	sm->igtk.igtk_len = len;
--	os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+	if (wnm_sleep) {
-+		sm->igtk_wnm_sleep.igtk_len = len;
-+		os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
-+			  sm->igtk_wnm_sleep.igtk_len);
-+	} else {
-+		sm->igtk.igtk_len = len;
-+		os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+	}
- 
- 	return 0;
- }
-@@ -1010,7 +1029,7 @@ static int ieee80211w_set_keys(struct wp
- 			return -1;
- 
- 		igtk = (const struct wpa_igtk_kde *) ie->igtk;
--		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
-+		if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
- 			return -1;
- 	}
- 
-@@ -1659,7 +1678,7 @@ static void wpa_supplicant_process_1_of_
- 	if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
- 		key_rsc = null_rsc;
- 
--	if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
-+	if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
- 	    wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
- 		goto failed;
- 	os_memset(&gd, 0, sizeof(gd));
-@@ -2580,8 +2599,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *
- 		sm->tptk_set = 0;
- 		os_memset(&sm->tptk, 0, sizeof(sm->tptk));
- 		os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+		os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
- #ifdef CONFIG_IEEE80211W
- 		os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+		os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
- #endif /* CONFIG_IEEE80211W */
- 	}
- 
-@@ -3160,8 +3181,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
- 	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- 	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
- 	os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+	os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
- #ifdef CONFIG_IEEE80211W
- 	os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+	os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
- #endif /* CONFIG_IEEE80211W */
- #ifdef CONFIG_IEEE80211R
- 	os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
-@@ -3226,7 +3249,7 @@ int wpa_wnmsleep_install_key(struct wpa_
- 
- 		wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
- 				gd.gtk, gd.gtk_len);
--		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
-+		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
- 			os_memset(&gd, 0, sizeof(gd));
- 			wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
- 				   "WNM mode");
-@@ -3238,7 +3261,7 @@ int wpa_wnmsleep_install_key(struct wpa_
- 		const struct wpa_igtk_kde *igtk;
- 
- 		igtk = (const struct wpa_igtk_kde *) (buf + 2);
--		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
-+		if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
- 			return -1;
- #endif /* CONFIG_IEEE80211W */
- 	} else {
-@@ -4121,7 +4144,7 @@ int fils_process_assoc_resp(struct wpa_s
- 	os_memcpy(gd.gtk, kde.gtk + 2, kde.gtk_len - 2);
- 
- 	wpa_printf(MSG_DEBUG, "FILS: Set GTK to driver");
--	if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery) < 0) {
-+	if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery, 0) < 0) {
- 		wpa_printf(MSG_DEBUG, "FILS: Failed to set GTK");
- 		goto fail;
- 	}
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -32,8 +32,10 @@ struct wpa_sm {
- 	int rx_replay_counter_set;
- 	u8 request_counter[WPA_REPLAY_COUNTER_LEN];
- 	struct wpa_gtk gtk;
-+	struct wpa_gtk gtk_wnm_sleep;
- #ifdef CONFIG_IEEE80211W
- 	struct wpa_igtk igtk;
-+	struct wpa_igtk igtk_wnm_sleep;
- #endif /* CONFIG_IEEE80211W */
- 
- 	struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
diff --git a/package/network/services/hostapd/patches/003-Prevent-installation-of-an-all-zero-TK.patch b/package/network/services/hostapd/patches/003-Prevent-installation-of-an-all-zero-TK.patch
deleted file mode 100644
index 30679e25c2..0000000000
--- a/package/network/services/hostapd/patches/003-Prevent-installation-of-an-all-zero-TK.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
-Date: Fri, 29 Sep 2017 04:22:51 +0200
-Subject: [PATCH] Prevent installation of an all-zero TK
-
-Properly track whether a PTK has already been installed to the driver
-and the TK part cleared from memory. This prevents an attacker from
-trying to trick the client into installing an all-zero TK.
-
-This fixes the earlier fix in commit
-ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
-driver in EAPOL-Key 3/4 retry case') which did not take into account
-possibility of an extra message 1/4 showing up between retries of
-message 3/4.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
----
-
---- a/src/common/wpa_common.h
-+++ b/src/common/wpa_common.h
-@@ -216,6 +216,7 @@ struct wpa_ptk {
- 	size_t kck_len;
- 	size_t kek_len;
- 	size_t tk_len;
-+	int installed; /* 1 if key has already been installed to driver */
- };
- 
- struct wpa_gtk {
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -594,7 +594,6 @@ static void wpa_supplicant_process_1_of_
- 		os_memset(buf, 0, sizeof(buf));
- 	}
- 	sm->tptk_set = 1;
--	sm->tk_to_set = 1;
- 
- 	kde = sm->assoc_wpa_ie;
- 	kde_len = sm->assoc_wpa_ie_len;
-@@ -701,7 +700,7 @@ static int wpa_supplicant_install_ptk(st
- 	enum wpa_alg alg;
- 	const u8 *key_rsc;
- 
--	if (!sm->tk_to_set) {
-+	if (sm->ptk.installed) {
- 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- 			"WPA: Do not re-install same PTK to the driver");
- 		return 0;
-@@ -745,7 +744,7 @@ static int wpa_supplicant_install_ptk(st
- 
- 	/* TK is not needed anymore in supplicant */
- 	os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
--	sm->tk_to_set = 0;
-+	sm->ptk.installed = 1;
- 
- 	if (sm->wpa_ptk_rekey) {
- 		eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
-@@ -4172,6 +4171,7 @@ int fils_process_assoc_resp(struct wpa_s
- 	 * takes care of association frame encryption/decryption. */
- 	/* TK is not needed anymore in supplicant */
- 	os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
-+	sm->ptk.installed = 1;
- 
- 	/* FILS HLP Container */
- 	fils_process_hlp_container(sm, ie_start, end - ie_start);
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -24,7 +24,6 @@ struct wpa_sm {
- 	struct wpa_ptk ptk, tptk;
- 	int ptk_set, tptk_set;
- 	unsigned int msg_3_of_4_ok:1;
--	unsigned int tk_to_set:1;
- 	u8 snonce[WPA_NONCE_LEN];
- 	u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
- 	int renew_snonce;
diff --git a/package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch b/package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
deleted file mode 100644
index 6f28e74314..0000000000
--- a/package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From: Jouni Malinen <j at w1.fi>
-Date: Sun, 1 Oct 2017 12:32:57 +0300
-Subject: [PATCH] Fix PTK rekeying to generate a new ANonce
-
-The Authenticator state machine path for PTK rekeying ended up bypassing
-the AUTHENTICATION2 state where a new ANonce is generated when going
-directly to the PTKSTART state since there is no need to try to
-determine the PMK again in such a case. This is far from ideal since the
-new PTK would depend on a new nonce only from the supplicant.
-
-Fix this by generating a new ANonce when moving to the PTKSTART state
-for the purpose of starting new 4-way handshake to rekey PTK.
-
-Signed-off-by: Jouni Malinen <j at w1.fi>
----
-
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -1951,6 +1951,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
- }
- 
- 
-+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
-+{
-+	if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
-+		wpa_printf(MSG_ERROR,
-+			   "WPA: Failed to get random data for ANonce");
-+		sm->Disconnect = TRUE;
-+		return -1;
-+	}
-+	wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
-+		    WPA_NONCE_LEN);
-+	sm->TimeoutCtr = 0;
-+	return 0;
-+}
-+
-+
- SM_STATE(WPA_PTK, INITPMK)
- {
- 	u8 msk[2 * PMK_LEN];
-@@ -3116,9 +3131,12 @@ SM_STEP(WPA_PTK)
- 		SM_ENTER(WPA_PTK, AUTHENTICATION);
- 	else if (sm->ReAuthenticationRequest)
- 		SM_ENTER(WPA_PTK, AUTHENTICATION2);
--	else if (sm->PTKRequest)
--		SM_ENTER(WPA_PTK, PTKSTART);
--	else switch (sm->wpa_ptk_state) {
-+	else if (sm->PTKRequest) {
-+		if (wpa_auth_sm_ptk_update(sm) < 0)
-+			SM_ENTER(WPA_PTK, DISCONNECTED);
-+		else
-+			SM_ENTER(WPA_PTK, PTKSTART);
-+	} else switch (sm->wpa_ptk_state) {
- 	case WPA_PTK_INITIALIZE:
- 		break;
- 	case WPA_PTK_DISCONNECT:
diff --git a/package/network/services/hostapd/patches/005-TDLS-Reject-TPK-TK-reconfiguration.patch b/package/network/services/hostapd/patches/005-TDLS-Reject-TPK-TK-reconfiguration.patch
deleted file mode 100644
index 2ca05dd643..0000000000
--- a/package/network/services/hostapd/patches/005-TDLS-Reject-TPK-TK-reconfiguration.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-From: Jouni Malinen <j at w1.fi>
-Date: Fri, 22 Sep 2017 11:03:15 +0300
-Subject: [PATCH] TDLS: Reject TPK-TK reconfiguration
-
-Do not try to reconfigure the same TPK-TK to the driver after it has
-been successfully configured. This is an explicit check to avoid issues
-related to resetting the TX/RX packet number. There was already a check
-for this for TPK M2 (retries of that message are ignored completely), so
-that behavior does not get modified.
-
-For TPK M3, the TPK-TK could have been reconfigured, but that was
-followed by immediate teardown of the link due to an issue in updating
-the STA entry. Furthermore, for TDLS with any real security (i.e.,
-ignoring open/WEP), the TPK message exchange is protected on the AP path
-and simple replay attacks are not feasible.
-
-As an additional corner case, make sure the local nonce gets updated if
-the peer uses a very unlikely "random nonce" of all zeros.
-
-Signed-off-by: Jouni Malinen <j at w1.fi>
----
-
---- a/src/rsn_supp/tdls.c
-+++ b/src/rsn_supp/tdls.c
-@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
- 		u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
- 	} tpk;
- 	int tpk_set;
-+	int tk_set; /* TPK-TK configured to the driver */
- 	int tpk_success;
- 	int tpk_in_progress;
- 
-@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_s
- 	u8 rsc[6];
- 	enum wpa_alg alg;
- 
-+	if (peer->tk_set) {
-+		/*
-+		 * This same TPK-TK has already been configured to the driver
-+		 * and this new configuration attempt (likely due to an
-+		 * unexpected retransmitted frame) would result in clearing
-+		 * the TX/RX sequence number which can break security, so must
-+		 * not allow that to happen.
-+		 */
-+		wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
-+			   " has already been configured to the driver - do not reconfigure",
-+			   MAC2STR(peer->addr));
-+		return -1;
-+	}
-+
- 	os_memset(rsc, 0, 6);
- 
- 	switch (peer->cipher) {
-@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_s
- 		return -1;
- 	}
- 
-+	wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
-+		   MAC2STR(peer->addr));
- 	if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
- 			   rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
- 		wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
- 			   "driver");
- 		return -1;
- 	}
-+	peer->tk_set = 1;
- 	return 0;
- }
- 
-@@ -695,7 +713,7 @@ static void wpa_tdls_peer_clear(struct w
- 	peer->cipher = 0;
- 	peer->qos_info = 0;
- 	peer->wmm_capable = 0;
--	peer->tpk_set = peer->tpk_success = 0;
-+	peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
- 	peer->chan_switch_enabled = 0;
- 	os_memset(&peer->tpk, 0, sizeof(peer->tpk));
- 	os_memset(peer->inonce, 0, WPA_NONCE_LEN);
-@@ -1158,6 +1176,7 @@ skip_rsnie:
- 		wpa_tdls_peer_free(sm, peer);
- 		return -1;
- 	}
-+	peer->tk_set = 0; /* A new nonce results in a new TK */
- 	wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
- 		    peer->inonce, WPA_NONCE_LEN);
- 	os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
-@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct w
- }
- 
- 
-+static int tdls_nonce_set(const u8 *nonce)
-+{
-+	int i;
-+
-+	for (i = 0; i < WPA_NONCE_LEN; i++) {
-+		if (nonce[i])
-+			return 1;
-+	}
-+
-+	return 0;
-+}
-+
-+
- static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
- 				   const u8 *buf, size_t len)
- {
-@@ -2004,7 +2036,8 @@ skip_rsn:
- 	peer->rsnie_i_len = kde.rsn_ie_len;
- 	peer->cipher = cipher;
- 
--	if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
-+	if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
-+	    !tdls_nonce_set(peer->inonce)) {
- 		/*
- 		 * There is no point in updating the RNonce for every obtained
- 		 * TPK M1 frame (e.g., retransmission due to timeout) with the
-@@ -2020,6 +2053,7 @@ skip_rsn:
- 				"TDLS: Failed to get random data for responder nonce");
- 			goto error;
- 		}
-+		peer->tk_set = 0; /* A new nonce results in a new TK */
- 	}
- 
- #if 0
diff --git a/package/network/services/hostapd/patches/006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch b/package/network/services/hostapd/patches/006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
deleted file mode 100644
index 13d78b8cbd..0000000000
--- a/package/network/services/hostapd/patches/006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From: Jouni Malinen <j at w1.fi>
-Date: Fri, 22 Sep 2017 11:25:02 +0300
-Subject: [PATCH] WNM: Ignore WNM-Sleep Mode Response without pending
- request
-
-Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
-Mode Response if WNM-Sleep Mode has not been used') started ignoring the
-response when no WNM-Sleep Mode Request had been used during the
-association. This can be made tighter by clearing the used flag when
-successfully processing a response. This adds an additional layer of
-protection against unexpected retransmissions of the response frame.
-
-Signed-off-by: Jouni Malinen <j at w1.fi>
----
-
---- a/wpa_supplicant/wnm_sta.c
-+++ b/wpa_supplicant/wnm_sta.c
-@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(
- 
- 	if (!wpa_s->wnmsleep_used) {
- 		wpa_printf(MSG_DEBUG,
--			   "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
-+			   "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
- 		return;
- 	}
- 
-@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(
- 		return;
- 	}
- 
-+	wpa_s->wnmsleep_used = 0;
-+
- 	if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
- 	    wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
- 		wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
diff --git a/package/network/services/hostapd/patches/007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch b/package/network/services/hostapd/patches/007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
deleted file mode 100644
index 7712ce5198..0000000000
--- a/package/network/services/hostapd/patches/007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From: Jouni Malinen <j at w1.fi>
-Date: Fri, 22 Sep 2017 12:06:37 +0300
-Subject: [PATCH] FT: Do not allow multiple Reassociation Response frames
-
-The driver is expected to not report a second association event without
-the station having explicitly request a new association. As such, this
-case should not be reachable. However, since reconfiguring the same
-pairwise or group keys to the driver could result in nonce reuse issues,
-be extra careful here and do an additional state check to avoid this
-even if the local driver ends up somehow accepting an unexpected
-Reassociation Response frame.
-
-Signed-off-by: Jouni Malinen <j at w1.fi>
----
-
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -2637,6 +2637,9 @@ void wpa_sm_notify_disassoc(struct wpa_s
- #ifdef CONFIG_FILS
- 	sm->fils_completed = 0;
- #endif /* CONFIG_FILS */
-+#ifdef CONFIG_IEEE80211R
-+	sm->ft_reassoc_completed = 0;
-+#endif /* CONFIG_IEEE80211R */
- 
- 	/* Keys are not needed in the WPA state machine anymore */
- 	wpa_sm_drop_sa(sm);
---- a/src/rsn_supp/wpa_ft.c
-+++ b/src/rsn_supp/wpa_ft.c
-@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wp
- 	u16 capab;
- 
- 	sm->ft_completed = 0;
-+	sm->ft_reassoc_completed = 0;
- 
- 	buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
- 		2 + sm->r0kh_id_len + ric_ies_len + 100;
-@@ -687,6 +688,11 @@ int wpa_ft_validate_reassoc_resp(struct
- 		return -1;
- 	}
- 
-+	if (sm->ft_reassoc_completed) {
-+		wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
-+		return 0;
-+	}
-+
- 	if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
- 		wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
- 		return -1;
-@@ -787,6 +793,8 @@ int wpa_ft_validate_reassoc_resp(struct
- 		return -1;
- 	}
- 
-+	sm->ft_reassoc_completed = 1;
-+
- 	if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
- 		return -1;
- 
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -128,6 +128,7 @@ struct wpa_sm {
- 	size_t r0kh_id_len;
- 	u8 r1kh_id[FT_R1KH_ID_LEN];
- 	int ft_completed;
-+	int ft_reassoc_completed;
- 	int over_the_ds_in_progress;
- 	u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
- 	int set_ptk_after_assoc;
diff --git a/package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch b/package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
deleted file mode 100644
index 40f6b56965..0000000000
--- a/package/network/services/hostapd/patches/008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From a00e946c1c9a1f9cc65c72900d2a444ceb1f872e Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
-Date: Thu, 5 Oct 2017 23:53:01 +0200
-Subject: [PATCH] WPA: Extra defense against PTK reinstalls in 4-way handshake
-
-Currently, reinstallations of the PTK are prevented by (1) assuring the
-same TPTK is only set once as the PTK, and (2) that one particular PTK
-is only installed once. This patch makes it more explicit that point (1)
-is required to prevent key reinstallations. At the same time, this patch
-hardens wpa_supplicant such that future changes do not accidentally
-break this property.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef at cs.kuleuven.be>
----
- src/rsn_supp/wpa.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -1728,6 +1728,14 @@ static int wpa_supplicant_verify_eapol_k
- 			sm->ptk_set = 1;
- 			os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
- 			os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+			/*
-+			 * This assures the same TPTK in sm->tptk can never be
-+			 * copied twice to sm->pkt as the new PTK. In
-+			 * combination with the installed flag in the wpa_ptk
-+			 * struct, this assures the same PTK is only installed
-+			 * once.
-+			 */
-+			sm->renew_snonce = 1;
- 		}
- 	}
- 
diff --git a/package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch b/package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
deleted file mode 100644
index ed7d79ec1b..0000000000
--- a/package/network/services/hostapd/patches/009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From b488a12948751f57871f09baa345e59b23959a41 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j at w1.fi>
-Date: Sun, 8 Oct 2017 13:18:02 +0300
-Subject: [PATCH] Clear PMK length and check for this when deriving PTK
-
-Instead of setting the default PMK length for the cleared PMK, set the
-length to 0 and explicitly check for this when deriving PTK to avoid
-unexpected key derivation with an all-zeroes key should it be possible
-to somehow trigger PTK derivation to happen before PMK derivation.
-
-Signed-off-by: Jouni Malinen <j at w1.fi>
----
- src/common/wpa_common.c | 5 +++++
- src/rsn_supp/wpa.c      | 7 ++++---
- 2 files changed, 9 insertions(+), 3 deletions(-)
-
---- a/src/common/wpa_common.c
-+++ b/src/common/wpa_common.c
-@@ -225,6 +225,11 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t
- 	u8 tmp[WPA_KCK_MAX_LEN + WPA_KEK_MAX_LEN + WPA_TK_MAX_LEN];
- 	size_t ptk_len;
- 
-+	if (pmk_len == 0) {
-+		wpa_printf(MSG_ERROR, "WPA: No PMK set for PT derivation");
-+		return -1;
-+	}
-+
- 	if (os_memcmp(addr1, addr2, ETH_ALEN) < 0) {
- 		os_memcpy(data, addr1, ETH_ALEN);
- 		os_memcpy(data + ETH_ALEN, addr2, ETH_ALEN);
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -584,7 +584,8 @@ static void wpa_supplicant_process_1_of_
- 	/* Calculate PTK which will be stored as a temporary PTK until it has
- 	 * been verified when processing message 3/4. */
- 	ptk = &sm->tptk;
--	wpa_derive_ptk(sm, src_addr, key, ptk);
-+	if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0)
-+		goto failed;
- 	if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
- 		u8 buf[8];
- 		/* Supplicant: swap tx/rx Mic keys */
-@@ -2705,8 +2706,8 @@ void wpa_sm_set_pmk_from_pmksa(struct wp
- 		sm->pmk_len = sm->cur_pmksa->pmk_len;
- 		os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
- 	} else {
--		sm->pmk_len = PMK_LEN;
--		os_memset(sm->pmk, 0, PMK_LEN);
-+		sm->pmk_len = 0;
-+		os_memset(sm->pmk, 0, PMK_LEN_MAX);
- 	}
- }
- 
diff --git a/package/network/services/hostapd/patches/010-Optional-AP-side-workaround-for-key-reinstallation-a.patch b/package/network/services/hostapd/patches/010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
deleted file mode 100644
index 19165cce2d..0000000000
--- a/package/network/services/hostapd/patches/010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
+++ /dev/null
@@ -1,221 +0,0 @@
-From 6f234c1e2ee1ede29f2412b7012b3345ed8e52d3 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j at w1.fi>
-Date: Mon, 16 Oct 2017 18:37:43 +0300
-Subject: [PATCH] Optional AP side workaround for key reinstallation attacks
-
-This adds a new hostapd configuration parameter
-wpa_disable_eapol_key_retries=1 that can be used to disable
-retransmission of EAPOL-Key frames that are used to install
-keys (EAPOL-Key message 3/4 and group message 1/2). This is
-similar to setting wpa_group_update_count=1 and
-wpa_pairwise_update_count=1, but with no impact to message 1/4
-retries and with extended timeout for messages 4/4 and group
-message 2/2 to avoid causing issues with stations that may use
-aggressive power saving have very long time in replying to the
-EAPOL-Key messages.
-
-This option can be used to work around key reinstallation attacks
-on the station (supplicant) side in cases those station devices
-cannot be updated for some reason. By removing the
-retransmissions the attacker cannot cause key reinstallation with
-a delayed frame transmission. This is related to the station side
-vulnerabilities CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
-CVE-2017-13080, and CVE-2017-13081.
-
-This workaround might cause interoperability issues and reduced
-robustness of key negotiation especially in environments with
-heavy traffic load due to the number of attempts to perform the
-key exchange is reduced significantly. As such, this workaround
-is disabled by default (unless overridden in build
-configuration). To enable this, set the parameter to 1.
-
-It is also possible to enable this in the build by default by
-adding the following to the build configuration:
-
-CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
-
-Signed-off-by: Jouni Malinen <j at w1.fi>
----
- hostapd/config_file.c  |  2 ++
- hostapd/defconfig      |  4 ++++
- hostapd/hostapd.conf   | 24 ++++++++++++++++++++++++
- src/ap/ap_config.c     |  6 ++++++
- src/ap/ap_config.h     |  1 +
- src/ap/wpa_auth.c      | 22 ++++++++++++++++++++--
- src/ap/wpa_auth.h      |  1 +
- src/ap/wpa_auth_glue.c |  2 ++
- 8 files changed, 60 insertions(+), 2 deletions(-)
-
---- a/hostapd/config_file.c
-+++ b/hostapd/config_file.c
-@@ -2542,6 +2542,8 @@ static int hostapd_config_fill(struct ho
- 			return 1;
- 		}
- 		bss->wpa_pairwise_update_count = (u32) val;
-+	} else if (os_strcmp(buf, "wpa_disable_eapol_key_retries") == 0) {
-+		bss->wpa_disable_eapol_key_retries = atoi(pos);
- 	} else if (os_strcmp(buf, "wpa_passphrase") == 0) {
- 		int len = os_strlen(pos);
- 		if (len < 8 || len > 63) {
---- a/hostapd/defconfig
-+++ b/hostapd/defconfig
-@@ -372,3 +372,7 @@ CONFIG_IPV6=y
- # Opportunistic Wireless Encryption (OWE)
- # Experimental implementation of draft-harkins-owe-07.txt
- #CONFIG_OWE=y
-+
-+# Override default value for the wpa_disable_eapol_key_retries configuration
-+# parameter. See that parameter in hostapd.conf for more details.
-+#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
---- a/hostapd/hostapd.conf
-+++ b/hostapd/hostapd.conf
-@@ -1315,6 +1315,30 @@ own_ip_addr=127.0.0.1
- # Range 1..4294967295; default: 4
- #wpa_pairwise_update_count=4
- 
-+# Workaround for key reinstallation attacks
-+#
-+# This parameter can be used to disable retransmission of EAPOL-Key frames that
-+# are used to install keys (EAPOL-Key message 3/4 and group message 1/2). This
-+# is similar to setting wpa_group_update_count=1 and
-+# wpa_pairwise_update_count=1, but with no impact to message 1/4 and with
-+# extended timeout on the response to avoid causing issues with stations that
-+# may use aggressive power saving have very long time in replying to the
-+# EAPOL-Key messages.
-+#
-+# This option can be used to work around key reinstallation attacks on the
-+# station (supplicant) side in cases those station devices cannot be updated
-+# for some reason. By removing the retransmissions the attacker cannot cause
-+# key reinstallation with a delayed frame transmission. This is related to the
-+# station side vulnerabilities CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
-+# CVE-2017-13080, and CVE-2017-13081.
-+#
-+# This workaround might cause interoperability issues and reduced robustness of
-+# key negotiation especially in environments with heavy traffic load due to the
-+# number of attempts to perform the key exchange is reduced significantly. As
-+# such, this workaround is disabled by default (unless overridden in build
-+# configuration). To enable this, set the parameter to 1.
-+#wpa_disable_eapol_key_retries=1
-+
- # Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up
- # roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN
- # authentication and key handshake before actually associating with a new AP.
---- a/src/ap/ap_config.c
-+++ b/src/ap/ap_config.c
-@@ -37,6 +37,10 @@ static void hostapd_config_free_vlan(str
- }
- 
- 
-+#ifndef DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES
-+#define DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES 0
-+#endif /* DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES */
-+
- void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
- {
- 	dl_list_init(&bss->anqp_elem);
-@@ -58,6 +62,8 @@ void hostapd_config_defaults_bss(struct
- 	bss->wpa_gmk_rekey = 86400;
- 	bss->wpa_group_update_count = 4;
- 	bss->wpa_pairwise_update_count = 4;
-+	bss->wpa_disable_eapol_key_retries =
-+		DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES;
- 	bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
- 	bss->wpa_pairwise = WPA_CIPHER_TKIP;
- 	bss->wpa_group = WPA_CIPHER_TKIP;
---- a/src/ap/ap_config.h
-+++ b/src/ap/ap_config.h
-@@ -333,6 +333,7 @@ struct hostapd_bss_config {
- 	int wpa_ptk_rekey;
- 	u32 wpa_group_update_count;
- 	u32 wpa_pairwise_update_count;
-+	int wpa_disable_eapol_key_retries;
- 	int rsn_pairwise;
- 	int rsn_preauth;
- 	char *rsn_preauth_interfaces;
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -65,6 +65,7 @@ static u8 * ieee80211w_kde_add(struct wp
- static const u32 eapol_key_timeout_first = 100; /* ms */
- static const u32 eapol_key_timeout_subseq = 1000; /* ms */
- static const u32 eapol_key_timeout_first_group = 500; /* ms */
-+static const u32 eapol_key_timeout_no_retrans = 4000; /* ms */
- 
- /* TODO: make these configurable */
- static const int dot11RSNAConfigPMKLifetime = 43200;
-@@ -1653,6 +1654,9 @@ static void wpa_send_eapol(struct wpa_au
- 			eapol_key_timeout_first_group;
- 	else
- 		timeout_ms = eapol_key_timeout_subseq;
-+	if (wpa_auth->conf.wpa_disable_eapol_key_retries &&
-+	    (!pairwise || (key_info & WPA_KEY_INFO_MIC)))
-+		timeout_ms = eapol_key_timeout_no_retrans;
- 	if (pairwise && ctr == 1 && !(key_info & WPA_KEY_INFO_MIC))
- 		sm->pending_1_of_4_timeout = 1;
- 	wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry "
-@@ -2882,6 +2886,11 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
- 	sm->TimeoutEvt = FALSE;
- 
- 	sm->TimeoutCtr++;
-+	if (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
-+	    sm->TimeoutCtr > 1) {
-+		/* Do not allow retransmission of EAPOL-Key msg 3/4 */
-+		return;
-+	}
- 	if (sm->TimeoutCtr > sm->wpa_auth->conf.wpa_pairwise_update_count) {
- 		/* No point in sending the EAPOL-Key - we will disconnect
- 		 * immediately following this. */
-@@ -3220,7 +3229,9 @@ SM_STEP(WPA_PTK)
- 			 sm->EAPOLKeyPairwise && sm->MICVerified)
- 			SM_ENTER(WPA_PTK, PTKINITDONE);
- 		else if (sm->TimeoutCtr >
--			 sm->wpa_auth->conf.wpa_pairwise_update_count) {
-+			 sm->wpa_auth->conf.wpa_pairwise_update_count ||
-+			 (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
-+			  sm->TimeoutCtr > 1)) {
- 			wpa_auth->dot11RSNA4WayHandshakeFailures++;
- 			wpa_auth_vlogger(
- 				sm->wpa_auth, sm->addr, LOGGER_DEBUG,
-@@ -3260,6 +3271,11 @@ SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING
- 	SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group);
- 
- 	sm->GTimeoutCtr++;
-+	if (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
-+	    sm->GTimeoutCtr > 1) {
-+		/* Do not allow retransmission of EAPOL-Key group msg 1/2 */
-+		return;
-+	}
- 	if (sm->GTimeoutCtr > sm->wpa_auth->conf.wpa_group_update_count) {
- 		/* No point in sending the EAPOL-Key - we will disconnect
- 		 * immediately following this. */
-@@ -3363,7 +3379,9 @@ SM_STEP(WPA_PTK_GROUP)
- 		    !sm->EAPOLKeyPairwise && sm->MICVerified)
- 			SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED);
- 		else if (sm->GTimeoutCtr >
--			 sm->wpa_auth->conf.wpa_group_update_count)
-+			 sm->wpa_auth->conf.wpa_group_update_count ||
-+			 (sm->wpa_auth->conf.wpa_disable_eapol_key_retries &&
-+			  sm->GTimeoutCtr > 1))
- 			SM_ENTER(WPA_PTK_GROUP, KEYERROR);
- 		else if (sm->TimeoutEvt)
- 			SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING);
---- a/src/ap/wpa_auth.h
-+++ b/src/ap/wpa_auth.h
-@@ -165,6 +165,7 @@ struct wpa_auth_config {
- 	int wpa_ptk_rekey;
- 	u32 wpa_group_update_count;
- 	u32 wpa_pairwise_update_count;
-+	int wpa_disable_eapol_key_retries;
- 	int rsn_pairwise;
- 	int rsn_preauth;
- 	int eapol_version;
---- a/src/ap/wpa_auth_glue.c
-+++ b/src/ap/wpa_auth_glue.c
-@@ -45,6 +45,8 @@ static void hostapd_wpa_auth_conf(struct
- 	wconf->wpa_gmk_rekey = conf->wpa_gmk_rekey;
- 	wconf->wpa_ptk_rekey = conf->wpa_ptk_rekey;
- 	wconf->wpa_group_update_count = conf->wpa_group_update_count;
-+	wconf->wpa_disable_eapol_key_retries =
-+		conf->wpa_disable_eapol_key_retries;
- 	wconf->wpa_pairwise_update_count = conf->wpa_pairwise_update_count;
- 	wconf->rsn_pairwise = conf->rsn_pairwise;
- 	wconf->rsn_preauth = conf->rsn_preauth;
diff --git a/package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch b/package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch
deleted file mode 100644
index 5cc2f7b17d..0000000000
--- a/package/network/services/hostapd/patches/011-Additional-consistentcy-checks-for-PTK-component-len.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From a6ea665300919d6a3af22b1f4237203647fda93a Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j at w1.fi>
-Date: Tue, 17 Oct 2017 00:01:11 +0300
-Subject: [PATCH] Additional consistentcy checks for PTK component lengths
-
-Verify that TK, KCK, and KEK lengths are set to consistent values within
-struct wpa_ptk before using them in supplicant. This is an additional
-layer of protection against unexpected states.
-
-Signed-off-by: Jouni Malinen <j at w1.fi>
----
- src/common/wpa_common.c |  6 ++++++
- src/rsn_supp/wpa.c      | 26 ++++++++++++++++++++------
- 2 files changed, 26 insertions(+), 6 deletions(-)
-
---- a/src/common/wpa_common.c
-+++ b/src/common/wpa_common.c
-@@ -100,6 +100,12 @@ int wpa_eapol_key_mic(const u8 *key, siz
- {
- 	u8 hash[SHA512_MAC_LEN];
- 
-+	if (key_len == 0) {
-+		wpa_printf(MSG_DEBUG,
-+			   "WPA: KCK not set - cannot calculate MIC");
-+		return -1;
-+	}
-+
- 	switch (ver) {
- #ifndef CONFIG_FIPS
- 	case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4:
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -725,6 +725,11 @@ static int wpa_supplicant_install_ptk(st
- 
- 	alg = wpa_cipher_to_alg(sm->pairwise_cipher);
- 	keylen = wpa_cipher_key_len(sm->pairwise_cipher);
-+	if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
-+		wpa_printf(MSG_DEBUG, "WPA: TK length mismatch: %d != %lu",
-+			   keylen, (long unsigned int) sm->ptk.tk_len);
-+		return -1;
-+	}
- 	rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
- 
- 	if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
-@@ -745,6 +750,7 @@ static int wpa_supplicant_install_ptk(st
- 
- 	/* TK is not needed anymore in supplicant */
- 	os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
-+	sm->ptk.tk_len = 0;
- 	sm->ptk.installed = 1;
- 
- 	if (sm->wpa_ptk_rekey) {
-@@ -1717,9 +1723,10 @@ static int wpa_supplicant_verify_eapol_k
- 	os_memcpy(mic, key + 1, mic_len);
- 	if (sm->tptk_set) {
- 		os_memset(key + 1, 0, mic_len);
--		wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt,
--				  ver, buf, len, (u8 *) (key + 1));
--		if (os_memcmp_const(mic, key + 1, mic_len) != 0) {
-+		if (wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len,
-+				      sm->key_mgmt,
-+				      ver, buf, len, (u8 *) (key + 1)) < 0 ||
-+		    os_memcmp_const(mic, key + 1, mic_len) != 0) {
- 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
- 				"WPA: Invalid EAPOL-Key MIC "
- 				"when using TPTK - ignoring TPTK");
-@@ -1742,9 +1749,10 @@ static int wpa_supplicant_verify_eapol_k
- 
- 	if (!ok && sm->ptk_set) {
- 		os_memset(key + 1, 0, mic_len);
--		wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt,
--				  ver, buf, len, (u8 *) (key + 1));
--		if (os_memcmp_const(mic, key + 1, mic_len) != 0) {
-+		if (wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len,
-+				      sm->key_mgmt,
-+				      ver, buf, len, (u8 *) (key + 1)) < 0 ||
-+		    os_memcmp_const(mic, key + 1, mic_len) != 0) {
- 			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
- 				"WPA: Invalid EAPOL-Key MIC - "
- 				"dropping packet");
-@@ -4167,6 +4175,11 @@ int fils_process_assoc_resp(struct wpa_s
- 
- 	alg = wpa_cipher_to_alg(sm->pairwise_cipher);
- 	keylen = wpa_cipher_key_len(sm->pairwise_cipher);
-+	if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
-+		wpa_printf(MSG_DEBUG, "FILS: TK length mismatch: %u != %lu",
-+			   keylen, (long unsigned int) sm->ptk.tk_len);
-+		goto fail;
-+	}
- 	rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
- 	wpa_hexdump_key(MSG_DEBUG, "FILS: Set TK to driver",
- 			sm->ptk.tk, keylen);
-@@ -4183,6 +4196,7 @@ int fils_process_assoc_resp(struct wpa_s
- 	 * takes care of association frame encryption/decryption. */
- 	/* TK is not needed anymore in supplicant */
- 	os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
-+	sm->ptk.tk_len = 0;
- 	sm->ptk.installed = 1;
- 
- 	/* FILS HLP Container */
diff --git a/package/network/services/hostapd/patches/012-Clear-BSSID-information-in-supplicant-state-machine-.patch b/package/network/services/hostapd/patches/012-Clear-BSSID-information-in-supplicant-state-machine-.patch
deleted file mode 100644
index 808d34586b..0000000000
--- a/package/network/services/hostapd/patches/012-Clear-BSSID-information-in-supplicant-state-machine-.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From c0fe5f125a9d4a6564e1f4956ccc3809bf2fd69d Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j at w1.fi>
-Date: Tue, 17 Oct 2017 01:15:24 +0300
-Subject: [PATCH] Clear BSSID information in supplicant state machine on
- disconnection
-
-This fixes a corner case where RSN pre-authentication candidate from
-scan results was ignored if the station was associated with that BSS
-just before running the new scan for the connection.
-
-Signed-off-by: Jouni Malinen <j at w1.fi>
----
- src/rsn_supp/wpa.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -2662,6 +2662,7 @@ void wpa_sm_notify_disassoc(struct wpa_s
- 	wpa_sm_drop_sa(sm);
- 
- 	sm->msg_3_of_4_ok = 0;
-+	os_memset(sm->bssid, 0, ETH_ALEN);
- }
- 
- 
diff --git a/package/network/services/hostapd/patches/013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch b/package/network/services/hostapd/patches/013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
deleted file mode 100644
index 13426e4db1..0000000000
--- a/package/network/services/hostapd/patches/013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 114f2830d2c2aee6db23d48240e93415a256a37c Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni at qca.qualcomm.com>
-Date: Fri, 20 Oct 2017 17:39:42 +0300
-Subject: [PATCH] WNM: Ignore WNM-Sleep Mode Request in wnm_sleep_mode=0 case
-
-The hostapd wnm_sleep_mode parameter was previously used to control
-advertisement of WNM-Sleep Mode support, but it was not used when
-processing a request to use WNM-Sleep Mode. Add an explicit check during
-request processing as well so that any misbehaving station is ignored.
-
-Signed-off-by: Jouni Malinen <jouni at qca.qualcomm.com>
----
- src/ap/wnm_ap.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/src/ap/wnm_ap.c b/src/ap/wnm_ap.c
-index 7c4fde0..973e4d3 100644
---- a/src/ap/wnm_ap.c
-+++ b/src/ap/wnm_ap.c
-@@ -200,6 +200,13 @@ static void ieee802_11_rx_wnmsleep_req(struct hostapd_data *hapd,
- 	u8 *tfsreq_ie_end = NULL;
- 	u16 tfsreq_ie_len = 0;
- 
-+	if (!hapd->conf->wnm_sleep_mode) {
-+		wpa_printf(MSG_DEBUG, "Ignore WNM-Sleep Mode Request from "
-+			   MACSTR " since WNM-Sleep Mode is disabled",
-+			   MAC2STR(addr));
-+		return;
-+	}
-+
- 	dialog_token = *pos++;
- 	while (pos + 1 < frm + len) {
- 		u8 ie_len = pos[1];
--- 
-2.1.4
diff --git a/package/network/services/hostapd/patches/110-no_eapol_fix.patch b/package/network/services/hostapd/patches/110-no_eapol_fix.patch
index 3a48a7a95f..b8e057e2fa 100644
--- a/package/network/services/hostapd/patches/110-no_eapol_fix.patch
+++ b/package/network/services/hostapd/patches/110-no_eapol_fix.patch
@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -265,9 +265,10 @@ void wpa_supplicant_cancel_auth_timeout(
+@@ -272,9 +272,10 @@ void wpa_supplicant_cancel_auth_timeout(
   */
  void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
  {
diff --git a/package/network/services/hostapd/patches/200-multicall.patch b/package/network/services/hostapd/patches/200-multicall.patch
index 0d289d53a3..70b2aaea7f 100644
--- a/package/network/services/hostapd/patches/200-multicall.patch
+++ b/package/network/services/hostapd/patches/200-multicall.patch
@@ -36,7 +36,7 @@
  LIBS += $(DRV_AP_LIBS)
  
  ifdef CONFIG_L2_PACKET
-@@ -1204,6 +1210,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
+@@ -1270,6 +1276,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
  
  BCHECK=../src/drivers/build.hostapd
  
@@ -49,7 +49,7 @@
  hostapd: $(BCHECK) $(OBJS)
  	$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
  	@$(E) "  LD " $@
-@@ -1248,6 +1260,12 @@ ifeq ($(CONFIG_TLS), linux)
+@@ -1315,6 +1327,12 @@ ifeq ($(CONFIG_TLS), linux)
  HOBJS += ../src/crypto/crypto_linux.o
  endif
  
@@ -72,7 +72,7 @@
  
  ifndef CONFIG_NO_GITVER
  # Add VERSION_STR postfix for builds from a git repository
-@@ -357,7 +358,9 @@ endif
+@@ -358,7 +359,9 @@ endif
  ifdef CONFIG_IBSS_RSN
  NEED_RSN_AUTHENTICATOR=y
  CFLAGS += -DCONFIG_IBSS_RSN
@@ -82,7 +82,7 @@
  OBJS += ibss_rsn.o
  endif
  
-@@ -861,6 +864,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
+@@ -866,6 +869,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
  CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
  LIBS += -ldl -rdynamic
  endif
@@ -93,7 +93,7 @@
  endif
  
  ifdef CONFIG_AP
-@@ -868,9 +875,11 @@ NEED_EAP_COMMON=y
+@@ -873,9 +880,11 @@ NEED_EAP_COMMON=y
  NEED_RSN_AUTHENTICATOR=y
  CFLAGS += -DCONFIG_AP
  OBJS += ap.o
@@ -105,7 +105,7 @@
  OBJS += ../src/ap/hostapd.o
  OBJS += ../src/ap/wpa_auth_glue.o
  OBJS += ../src/ap/utils.o
-@@ -952,6 +961,12 @@ endif
+@@ -957,6 +966,12 @@ endif
  ifdef CONFIG_HS20
  OBJS += ../src/ap/hs20.o
  endif
@@ -118,7 +118,7 @@
  endif
  
  ifdef CONFIG_MBO
-@@ -960,7 +975,9 @@ CFLAGS += -DCONFIG_MBO
+@@ -965,7 +980,9 @@ CFLAGS += -DCONFIG_MBO
  endif
  
  ifdef NEED_RSN_AUTHENTICATOR
@@ -128,7 +128,7 @@
  NEED_AES_WRAP=y
  OBJS += ../src/ap/wpa_auth.o
  OBJS += ../src/ap/wpa_auth_ie.o
-@@ -1835,6 +1852,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
+@@ -1895,6 +1912,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
  
  $(OBJS_c) $(OBJS_t) $(OBJS_t2) $(OBJS) $(BCHECK) $(EXTRA_progs): .config
  
@@ -141,7 +141,7 @@
  wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
  	$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
  	@$(E) "  LD " $@
-@@ -1937,6 +1960,12 @@ endif
+@@ -1997,6 +2020,12 @@ endif
  		-e 's|\@DBUS_INTERFACE\@|$(DBUS_INTERFACE)|g' $< >$@
  	@$(E) "  sed" $<
  
@@ -156,7 +156,7 @@
  wpa_cli.exe: wpa_cli
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -5317,8 +5317,8 @@ union wpa_event_data {
+@@ -5385,8 +5385,8 @@ union wpa_event_data {
   * Driver wrapper code should call this function whenever an event is received
   * from the driver.
   */
@@ -167,7 +167,7 @@
  
  /**
   * wpa_supplicant_event_global - Report a driver event for wpa_supplicant
-@@ -5330,7 +5330,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -5398,7 +5398,7 @@ void wpa_supplicant_event(void *ctx, enu
   * Same as wpa_supplicant_event(), but we search for the interface in
   * wpa_global.
   */
@@ -178,7 +178,7 @@
  /*
 --- a/src/ap/drv_callbacks.c
 +++ b/src/ap/drv_callbacks.c
-@@ -1375,8 +1375,8 @@ static void hostapd_event_dfs_cac_starte
+@@ -1406,8 +1406,8 @@ static void hostapd_event_dfs_cac_starte
  #endif /* NEED_AP_MLME */
  
  
@@ -189,7 +189,7 @@
  {
  	struct hostapd_data *hapd = ctx;
  #ifndef CONFIG_NO_STDOUT_DEBUG
-@@ -1590,7 +1590,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -1621,7 +1621,7 @@ void wpa_supplicant_event(void *ctx, enu
  }
  
  
@@ -211,7 +211,7 @@
  {
  	struct wpa_priv_interface *iface = ctx;
  
-@@ -1101,7 +1101,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -1095,7 +1095,7 @@ void wpa_supplicant_event(void *ctx, enu
  }
  
  
@@ -220,7 +220,7 @@
  				 union wpa_event_data *data)
  {
  	struct wpa_priv_global *global = ctx;
-@@ -1213,6 +1213,8 @@ int main(int argc, char *argv[])
+@@ -1207,6 +1207,8 @@ int main(int argc, char *argv[])
  	if (os_program_init())
  		return -1;
  
@@ -231,7 +231,7 @@
  	os_memset(&global, 0, sizeof(global));
 --- a/wpa_supplicant/events.c
 +++ b/wpa_supplicant/events.c
-@@ -3709,8 +3709,8 @@ static void wpa_supplicant_event_assoc_a
+@@ -3812,8 +3812,8 @@ static void wpa_supplicant_event_assoc_a
  }
  
  
@@ -242,7 +242,7 @@
  {
  	struct wpa_supplicant *wpa_s = ctx;
  	int resched;
-@@ -4466,7 +4466,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -4616,7 +4616,7 @@ void wpa_supplicant_event(void *ctx, enu
  }
  
  
@@ -253,7 +253,7 @@
  	struct wpa_supplicant *wpa_s;
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -5457,7 +5457,6 @@ struct wpa_interface * wpa_supplicant_ma
+@@ -5678,7 +5678,6 @@ struct wpa_interface * wpa_supplicant_ma
  	return NULL;
  }
  
@@ -261,7 +261,7 @@
  /**
   * wpa_supplicant_match_existing - Match existing interfaces
   * @global: Pointer to global data from wpa_supplicant_init()
-@@ -5494,6 +5493,11 @@ static int wpa_supplicant_match_existing
+@@ -5715,6 +5714,11 @@ static int wpa_supplicant_match_existing
  
  #endif /* CONFIG_MATCH_IFACE */
  
@@ -273,7 +273,7 @@
  
  /**
   * wpa_supplicant_add_iface - Add a new network interface
-@@ -5750,6 +5754,8 @@ struct wpa_global * wpa_supplicant_init(
+@@ -5971,6 +5975,8 @@ struct wpa_global * wpa_supplicant_init(
  #ifndef CONFIG_NO_WPA_MSG
  	wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
  #endif /* CONFIG_NO_WPA_MSG */
@@ -284,7 +284,7 @@
  		wpa_debug_open_file(params->wpa_debug_file_path);
 --- a/hostapd/main.c
 +++ b/hostapd/main.c
-@@ -590,6 +590,11 @@ fail:
+@@ -591,6 +591,11 @@ fail:
  	return -1;
  }
  
@@ -296,9 +296,9 @@
  
  #ifdef CONFIG_WPS
  static int gen_uuid(const char *txt_addr)
-@@ -670,6 +675,8 @@ int main(int argc, char *argv[])
- 	dl_list_init(&interfaces.eth_p_oui);
- #endif /* CONFIG_ETH_P_OUI */
+@@ -674,6 +679,8 @@ int main(int argc, char *argv[])
+ 	hostapd_dpp_init_global(&interfaces);
+ #endif /* CONFIG_DPP */
  
 +	wpa_supplicant_event = hostapd_wpa_event;
 +	wpa_supplicant_event_global = hostapd_wpa_event_global;
diff --git a/package/network/services/hostapd/patches/300-noscan.patch b/package/network/services/hostapd/patches/300-noscan.patch
index c8ca3694c0..d07fe9bb84 100644
--- a/package/network/services/hostapd/patches/300-noscan.patch
+++ b/package/network/services/hostapd/patches/300-noscan.patch
@@ -1,6 +1,6 @@
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -3016,6 +3016,10 @@ static int hostapd_config_fill(struct ho
+@@ -3086,6 +3086,10 @@ static int hostapd_config_fill(struct ho
  		}
  #endif /* CONFIG_IEEE80211W */
  #ifdef CONFIG_IEEE80211N
@@ -13,7 +13,7 @@
  	} else if (os_strcmp(buf, "ht_capab") == 0) {
 --- a/src/ap/ap_config.h
 +++ b/src/ap/ap_config.h
-@@ -735,6 +735,8 @@ struct hostapd_config {
+@@ -750,6 +750,8 @@ struct hostapd_config {
  
  	int ht_op_mode_fixed;
  	u16 ht_capab;
diff --git a/package/network/services/hostapd/patches/310-rescan_immediately.patch b/package/network/services/hostapd/patches/310-rescan_immediately.patch
index 6846db2750..552fd182e4 100644
--- a/package/network/services/hostapd/patches/310-rescan_immediately.patch
+++ b/package/network/services/hostapd/patches/310-rescan_immediately.patch
@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -3927,7 +3927,7 @@ wpa_supplicant_alloc(struct wpa_supplica
+@@ -4126,7 +4126,7 @@ wpa_supplicant_alloc(struct wpa_supplica
  	if (wpa_s == NULL)
  		return NULL;
  	wpa_s->scan_req = INITIAL_SCAN_REQ;
diff --git a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch
index 3bc916b6b8..272d4f9240 100644
--- a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch
+++ b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch
@@ -1,6 +1,6 @@
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -4152,7 +4152,7 @@ static int nl80211_set_channel(struct i8
+@@ -4231,7 +4231,7 @@ static int nl80211_set_channel(struct i8
  		   freq->freq, freq->ht_enabled, freq->vht_enabled,
  		   freq->bandwidth, freq->center_freq1, freq->center_freq2);
  
diff --git a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch
index 92e6ae9ae0..ca3d61e890 100644
--- a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch
+++ b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch
@@ -1,6 +1,6 @@
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -2536,10 +2536,15 @@ static int wpa_driver_nl80211_del_beacon
+@@ -2563,10 +2563,15 @@ static int wpa_driver_nl80211_del_beacon
  	struct nl_msg *msg;
  	struct wpa_driver_nl80211_data *drv = bss->drv;
  
@@ -18,7 +18,7 @@
  	return send_and_recv_msgs(drv, msg, NULL, NULL);
  }
  
-@@ -4753,7 +4758,7 @@ static void nl80211_teardown_ap(struct i
+@@ -4832,7 +4837,7 @@ static void nl80211_teardown_ap(struct i
  		nl80211_mgmt_unsubscribe(bss, "AP teardown");
  
  	nl80211_put_wiphy_data_ap(bss);
@@ -27,7 +27,7 @@
  }
  
  
-@@ -6853,8 +6858,6 @@ static int wpa_driver_nl80211_if_remove(
+@@ -7031,8 +7036,6 @@ static int wpa_driver_nl80211_if_remove(
  	} else {
  		wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
  		nl80211_teardown_ap(bss);
@@ -36,7 +36,7 @@
  		nl80211_destroy_bss(bss);
  		if (!bss->added_if)
  			i802_set_iface_flags(bss, 0);
-@@ -7225,7 +7228,6 @@ static int wpa_driver_nl80211_deinit_ap(
+@@ -7403,7 +7406,6 @@ static int wpa_driver_nl80211_deinit_ap(
  	if (!is_ap_interface(drv->nlmode))
  		return -1;
  	wpa_driver_nl80211_del_beacon(bss);
@@ -44,7 +44,7 @@
  
  	/*
  	 * If the P2P GO interface was dynamically added, then it is
-@@ -7245,7 +7247,6 @@ static int wpa_driver_nl80211_stop_ap(vo
+@@ -7423,7 +7425,6 @@ static int wpa_driver_nl80211_stop_ap(vo
  	if (!is_ap_interface(drv->nlmode))
  		return -1;
  	wpa_driver_nl80211_del_beacon(bss);
diff --git a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch
index 043ddbf889..f174f8fe7f 100644
--- a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch
+++ b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch
@@ -1,6 +1,6 @@
 --- a/hostapd/ctrl_iface.c
 +++ b/hostapd/ctrl_iface.c
-@@ -56,6 +56,7 @@
+@@ -60,6 +60,7 @@
  #include "fst/fst_ctrl_iface.h"
  #include "config_file.h"
  #include "ctrl_iface.h"
@@ -8,7 +8,7 @@
  
  
  #define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256
-@@ -74,6 +75,7 @@ static void hostapd_ctrl_iface_send(stru
+@@ -78,6 +79,7 @@ static void hostapd_ctrl_iface_send(stru
  				    enum wpa_msg_type type,
  				    const char *buf, size_t len);
  
@@ -16,7 +16,7 @@
  
  static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd,
  				     struct sockaddr_storage *from,
-@@ -125,6 +127,61 @@ static int hostapd_ctrl_iface_new_sta(st
+@@ -129,6 +131,61 @@ static int hostapd_ctrl_iface_new_sta(st
  	return 0;
  }
  
@@ -78,7 +78,7 @@
  
  #ifdef CONFIG_IEEE80211W
  #ifdef NEED_AP_MLME
-@@ -2607,6 +2664,8 @@ static int hostapd_ctrl_iface_receive_pr
+@@ -3024,6 +3081,8 @@ static int hostapd_ctrl_iface_receive_pr
  	} else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
  		reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply,
  						      reply_size);
@@ -89,7 +89,7 @@
  #ifdef RADIUS_SERVER
 --- a/src/ap/ctrl_iface_ap.c
 +++ b/src/ap/ctrl_iface_ap.c
-@@ -624,7 +624,13 @@ int hostapd_parse_csa_settings(const cha
+@@ -850,7 +850,13 @@ int hostapd_parse_csa_settings(const cha
  
  int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd)
  {
diff --git a/package/network/services/hostapd/patches/370-ap_sta_support.patch b/package/network/services/hostapd/patches/370-ap_sta_support.patch
index a37b193b6b..91731d34c0 100644
--- a/package/network/services/hostapd/patches/370-ap_sta_support.patch
+++ b/package/network/services/hostapd/patches/370-ap_sta_support.patch
@@ -12,7 +12,7 @@
  	 * bridge_ifname - Optional bridge interface name
  	 *
  	 * If the driver interface (ifname) is included in a Linux bridge
-@@ -512,6 +517,8 @@ struct wpa_supplicant {
+@@ -513,6 +518,8 @@ struct wpa_supplicant {
  #endif /* CONFIG_CTRL_IFACE_BINDER */
  	char bridge_ifname[16];
  
@@ -45,8 +45,8 @@
  CONFIG_OS=win32
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -118,6 +118,55 @@ const char *const wpa_supplicant_full_li
- static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx);
+@@ -125,6 +125,55 @@ static void wpas_update_fils_connect_par
+ #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
  
  
 +static int hostapd_stop(struct wpa_supplicant *wpa_s)
@@ -101,12 +101,16 @@
  /* Configure default/group WEP keys for static WEP */
  int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
  {
-@@ -883,8 +932,12 @@ void wpa_supplicant_set_state(struct wpa
- 		wpas_p2p_completed(wpa_s);
+@@ -893,12 +942,16 @@ void wpa_supplicant_set_state(struct wpa
  
  		sme_sched_obss_scan(wpa_s, 1);
+ 
 +		if (wpa_s->hostapd)
 +			hostapd_reload(wpa_s, wpa_s->current_bss);
+ #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
+ 		if (!fils_hlp_sent && ssid && ssid->eap.erp)
+ 			wpas_update_fils_connect_params(wpa_s);
+ #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
  	} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
  		   state == WPA_ASSOCIATED) {
 +		if (wpa_s->hostapd)
@@ -114,7 +118,7 @@
  		wpa_s->new_connection = 1;
  		wpa_drv_set_operstate(wpa_s, 0);
  #ifndef IEEE8021X_EAPOL
-@@ -5080,6 +5133,20 @@ static int wpa_supplicant_init_iface(str
+@@ -5301,6 +5354,20 @@ static int wpa_supplicant_init_iface(str
  			   sizeof(wpa_s->bridge_ifname));
  	}
  
@@ -135,7 +139,7 @@
  	/* RSNA Supplicant Key Management - INITIALIZE */
  	eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
  	eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
-@@ -5404,6 +5471,11 @@ static void wpa_supplicant_deinit_iface(
+@@ -5625,6 +5692,11 @@ static void wpa_supplicant_deinit_iface(
  	if (terminate)
  		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
  
diff --git a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch
index e977f00a25..6dfe26cb4e 100644
--- a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch
+++ b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch
@@ -12,7 +12,7 @@
  else
 --- a/hostapd/ctrl_iface.c
 +++ b/hostapd/ctrl_iface.c
-@@ -2458,6 +2458,7 @@ static int hostapd_ctrl_iface_receive_pr
+@@ -2850,6 +2850,7 @@ static int hostapd_ctrl_iface_receive_pr
  						      reply_size);
  	} else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
  		reply_len = hostapd_drv_status(hapd, reply, reply_size);
@@ -20,17 +20,17 @@
  	} else if (os_strcmp(buf, "MIB") == 0) {
  		reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
  		if (reply_len >= 0) {
-@@ -2499,6 +2500,7 @@ static int hostapd_ctrl_iface_receive_pr
+@@ -2891,6 +2892,7 @@ static int hostapd_ctrl_iface_receive_pr
  	} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
  		reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
  							reply_size);
 +#endif
  	} else if (os_strcmp(buf, "ATTACH") == 0) {
- 		if (hostapd_ctrl_iface_attach(hapd, from, fromlen))
+ 		if (hostapd_ctrl_iface_attach(hapd, from, fromlen, NULL))
  			reply_len = -1;
 --- a/wpa_supplicant/Makefile
 +++ b/wpa_supplicant/Makefile
-@@ -926,6 +926,9 @@ ifdef CONFIG_FILS
+@@ -931,6 +931,9 @@ ifdef CONFIG_FILS
  OBJS += ../src/ap/fils_hlp.o
  endif
  ifdef CONFIG_CTRL_IFACE
@@ -42,7 +42,7 @@
  
 --- a/wpa_supplicant/ctrl_iface.c
 +++ b/wpa_supplicant/ctrl_iface.c
-@@ -2070,7 +2070,7 @@ static int wpa_supplicant_ctrl_iface_sta
+@@ -2130,7 +2130,7 @@ static int wpa_supplicant_ctrl_iface_sta
  			pos += ret;
  		}
  
@@ -51,7 +51,7 @@
  		if (wpa_s->ap_iface) {
  			pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos,
  							    end - pos,
-@@ -9631,6 +9631,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -9831,6 +9831,7 @@ char * wpa_supplicant_ctrl_iface_process
  			reply_len = -1;
  	} else if (os_strncmp(buf, "NOTE ", 5) == 0) {
  		wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
@@ -59,7 +59,7 @@
  	} else if (os_strcmp(buf, "MIB") == 0) {
  		reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
  		if (reply_len >= 0) {
-@@ -9638,6 +9639,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -9838,6 +9839,7 @@ char * wpa_supplicant_ctrl_iface_process
  						      reply + reply_len,
  						      reply_size - reply_len);
  		}
@@ -67,7 +67,7 @@
  	} else if (os_strncmp(buf, "STATUS", 6) == 0) {
  		reply_len = wpa_supplicant_ctrl_iface_status(
  			wpa_s, buf + 6, reply, reply_size);
-@@ -10124,6 +10126,7 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -10319,6 +10321,7 @@ char * wpa_supplicant_ctrl_iface_process
  		reply_len = wpa_supplicant_ctrl_iface_bss(
  			wpa_s, buf + 4, reply, reply_size);
  #ifdef CONFIG_AP
@@ -75,7 +75,7 @@
  	} else if (os_strcmp(buf, "STA-FIRST") == 0) {
  		reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size);
  	} else if (os_strncmp(buf, "STA ", 4) == 0) {
-@@ -10132,12 +10135,15 @@ char * wpa_supplicant_ctrl_iface_process
+@@ -10327,12 +10330,15 @@ char * wpa_supplicant_ctrl_iface_process
  	} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
  		reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
  						   reply_size);
@@ -99,9 +99,9 @@
  
 +#ifdef CONFIG_CTRL_IFACE_MIB
  
- static int hostapd_get_sta_tx_rx(struct hostapd_data *hapd,
- 				 struct sta_info *sta,
-@@ -250,6 +251,7 @@ int hostapd_ctrl_iface_sta_next(struct h
+ static size_t hostapd_write_ht_mcs_bitmask(char *buf, size_t buflen,
+ 					   size_t curr_len, const u8 *mcs_set)
+@@ -401,6 +402,7 @@ int hostapd_ctrl_iface_sta_next(struct h
  	return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen);
  }
  
@@ -109,9 +109,24 @@
  
  #ifdef CONFIG_P2P_MANAGER
  static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
+@@ -739,12 +741,12 @@ int hostapd_ctrl_iface_status(struct hos
+ 			return len;
+ 		len += ret;
+ 	}
+-
++#ifdef CONFIG_CTRL_IFACE_MIB
+ 	if (iface->conf->ieee80211n && !hapd->conf->disable_11n && mode) {
+ 		len = hostapd_write_ht_mcs_bitmask(buf, buflen, len,
+ 						   mode->mcs_set);
+ 	}
+-
++#endif /* CONFIG_CTRL_IFACE_MIB */
+ 	if (iface->current_rates && iface->num_rates) {
+ 		ret = os_snprintf(buf + len, buflen - len, "supported_rates=");
+ 		if (os_snprintf_error(buflen - len, ret))
 --- a/src/ap/ieee802_1x.c
 +++ b/src/ap/ieee802_1x.c
-@@ -2492,6 +2492,7 @@ static const char * bool_txt(Boolean val
+@@ -2501,6 +2501,7 @@ static const char * bool_txt(Boolean val
  	return val ? "TRUE" : "FALSE";
  }
  
@@ -119,7 +134,7 @@
  
  int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
  {
-@@ -2667,6 +2668,7 @@ int ieee802_1x_get_mib_sta(struct hostap
+@@ -2676,6 +2677,7 @@ int ieee802_1x_get_mib_sta(struct hostap
  	return len;
  }
  
@@ -129,7 +144,7 @@
  static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)
 --- a/src/ap/wpa_auth.c
 +++ b/src/ap/wpa_auth.c
-@@ -3780,6 +3780,7 @@ static const char * wpa_bool_txt(int val
+@@ -3785,6 +3785,7 @@ static const char * wpa_bool_txt(int val
  	return val ? "TRUE" : "FALSE";
  }
  
@@ -137,7 +152,7 @@
  
  #define RSN_SUITE "%02x-%02x-%02x-%d"
  #define RSN_SUITE_ARG(s) \
-@@ -3924,7 +3925,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
+@@ -3929,7 +3930,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
  
  	return len;
  }
@@ -148,7 +163,7 @@
  {
 --- a/src/rsn_supp/wpa.c
 +++ b/src/rsn_supp/wpa.c
-@@ -2356,6 +2356,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
+@@ -2306,6 +2306,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
  }
  
  
@@ -157,7 +172,7 @@
  #define RSN_SUITE "%02x-%02x-%02x-%d"
  #define RSN_SUITE_ARG(s) \
  ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
-@@ -2439,6 +2441,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
+@@ -2389,6 +2391,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
  
  	return (int) len;
  }
@@ -167,7 +182,7 @@
  
 --- a/wpa_supplicant/ap.c
 +++ b/wpa_supplicant/ap.c
-@@ -1139,7 +1139,7 @@ int wpas_ap_wps_nfc_report_handover(stru
+@@ -1170,7 +1170,7 @@ int wpas_ap_wps_nfc_report_handover(stru
  #endif /* CONFIG_WPS */
  
  
diff --git a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch
index 8f7a6879ca..a62cb3afcd 100644
--- a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch
+++ b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch
@@ -1,6 +1,6 @@
 --- a/src/common/wpa_common.c
 +++ b/src/common/wpa_common.c
-@@ -1675,6 +1675,31 @@ u32 wpa_akm_to_suite(int akm)
+@@ -1735,6 +1735,31 @@ u32 wpa_akm_to_suite(int akm)
  }
  
  
@@ -32,7 +32,7 @@
  int wpa_compare_rsn_ie(int ft_initial_assoc,
  		       const u8 *ie1, size_t ie1len,
  		       const u8 *ie2, size_t ie2len)
-@@ -1682,8 +1707,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
+@@ -1742,8 +1767,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
  	if (ie1 == NULL || ie2 == NULL)
  		return -1;
  
diff --git a/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch b/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch
index c10176371f..ea144f4def 100644
--- a/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch
+++ b/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch
@@ -10,8 +10,8 @@
  			bss->wpa_pairwise |= WPA_CIPHER_TKIP;
  		bss->rsn_pairwise = bss->wpa_pairwise;
  		bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
-@@ -1067,8 +1066,7 @@ int hostapd_init_wps(struct hostapd_data
- 		if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) {
+@@ -1069,8 +1068,7 @@ int hostapd_init_wps(struct hostapd_data
+ 					  WPA_CIPHER_GCMP_256)) {
  			wps->encr_types |= WPS_ENCR_AES;
  			wps->encr_types_rsn |= WPS_ENCR_AES;
 -		}
diff --git a/package/network/services/hostapd/patches/420-indicate-features.patch b/package/network/services/hostapd/patches/420-indicate-features.patch
index 2b529ca3e6..d582c8574c 100644
--- a/package/network/services/hostapd/patches/420-indicate-features.patch
+++ b/package/network/services/hostapd/patches/420-indicate-features.patch
@@ -8,7 +8,7 @@
  #include "crypto/random.h"
  #include "crypto/tls.h"
  #include "common/version.h"
-@@ -678,7 +679,7 @@ int main(int argc, char *argv[])
+@@ -682,7 +683,7 @@ int main(int argc, char *argv[])
  	wpa_supplicant_event = hostapd_wpa_event;
  	wpa_supplicant_event_global = hostapd_wpa_event_global;
  	for (;;) {
@@ -17,7 +17,7 @@
  		if (c < 0)
  			break;
  		switch (c) {
-@@ -715,6 +716,8 @@ int main(int argc, char *argv[])
+@@ -719,6 +720,8 @@ int main(int argc, char *argv[])
  			break;
  #endif /* CONFIG_DEBUG_LINUX_TRACING */
  		case 'v':
diff --git a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch
index 32cab7ff62..07b4cc3cb0 100644
--- a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch
+++ b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch
@@ -16,7 +16,7 @@
  
  
  static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc,
-@@ -1476,7 +1474,6 @@ static const struct hostapd_cli_cmd host
+@@ -1504,7 +1502,6 @@ static const struct hostapd_cli_cmd host
  	{ "sa_query", hostapd_cli_cmd_sa_query, hostapd_complete_stations,
  	  "<addr> = send SA Query to a station" },
  #endif /* CONFIG_IEEE80211W */
@@ -24,7 +24,7 @@
  	{ "wps_pin", hostapd_cli_cmd_wps_pin, NULL,
  	  "<uuid> <pin> [timeout] [addr] = add WPS Enrollee PIN" },
  	{ "wps_check_pin", hostapd_cli_cmd_wps_check_pin, NULL,
-@@ -1501,7 +1498,6 @@ static const struct hostapd_cli_cmd host
+@@ -1529,7 +1526,6 @@ static const struct hostapd_cli_cmd host
  	  "<SSID> <auth> <encr> <key> = configure AP" },
  	{ "wps_get_status", hostapd_cli_cmd_wps_get_status, NULL,
  	  "= show current WPS status" },
diff --git a/package/network/services/hostapd/patches/450-scan_wait.patch b/package/network/services/hostapd/patches/450-scan_wait.patch
index 463a362911..9620ecc520 100644
--- a/package/network/services/hostapd/patches/450-scan_wait.patch
+++ b/package/network/services/hostapd/patches/450-scan_wait.patch
@@ -1,6 +1,6 @@
 --- a/hostapd/main.c
 +++ b/hostapd/main.c
-@@ -37,6 +37,8 @@ struct hapd_global {
+@@ -38,6 +38,8 @@ struct hapd_global {
  };
  
  static struct hapd_global global;
@@ -9,7 +9,7 @@
  
  
  #ifndef CONFIG_NO_HOSTAPD_LOGGER
-@@ -147,6 +149,14 @@ static void hostapd_logger_cb(void *ctx,
+@@ -148,6 +150,14 @@ static void hostapd_logger_cb(void *ctx,
  }
  #endif /* CONFIG_NO_HOSTAPD_LOGGER */
  
@@ -24,7 +24,7 @@
  
  /**
   * hostapd_driver_init - Preparate driver interface
-@@ -165,6 +175,8 @@ static int hostapd_driver_init(struct ho
+@@ -166,6 +176,8 @@ static int hostapd_driver_init(struct ho
  		return -1;
  	}
  
@@ -33,7 +33,7 @@
  	/* Initialize the driver interface */
  	if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5]))
  		b = NULL;
-@@ -405,8 +417,6 @@ static void hostapd_global_deinit(const
+@@ -406,8 +418,6 @@ static void hostapd_global_deinit(const
  #endif /* CONFIG_NATIVE_WINDOWS */
  
  	eap_server_unregister_methods();
@@ -42,7 +42,7 @@
  }
  
  
-@@ -432,18 +442,6 @@ static int hostapd_global_run(struct hap
+@@ -433,18 +443,6 @@ static int hostapd_global_run(struct hap
  	}
  #endif /* EAP_SERVER_TNC */
  
@@ -61,7 +61,7 @@
  	eloop_run();
  
  	return 0;
-@@ -645,8 +643,7 @@ int main(int argc, char *argv[])
+@@ -646,8 +644,7 @@ int main(int argc, char *argv[])
  	struct hapd_interfaces interfaces;
  	int ret = 1;
  	size_t i, j;
diff --git a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
index 213ee6d726..9df9239cb4 100644
--- a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
+++ b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
@@ -42,8 +42,8 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
  #include "config.h"
  
  
-@@ -1985,6 +1986,97 @@ static char * wpa_config_write_mka_ckn(c
- #endif /* CONFIG_MACSEC */
+@@ -2037,6 +2038,97 @@ static char * wpa_config_write_peerkey(c
+ #endif /* NO_CONFIG_WRITE */
  
  
 +static int wpa_config_parse_mcast_rate(const struct parse_data *data,
@@ -140,7 +140,7 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
  /* Helper macros for network block parser */
  
  #ifdef OFFSET
-@@ -2224,6 +2316,8 @@ static const struct parse_data ssid_fiel
+@@ -2279,6 +2371,8 @@ static const struct parse_data ssid_fiel
  	{ INT(ap_max_inactivity) },
  	{ INT(dtim_period) },
  	{ INT(beacon_int) },
@@ -162,7 +162,7 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
  
  
  #define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
-@@ -735,6 +737,9 @@ struct wpa_ssid {
+@@ -743,6 +745,9 @@ struct wpa_ssid {
  	 */
  	void *parent_cred;
  
@@ -174,7 +174,7 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
  	 * macsec_policy - Determines the policy for MACsec secure session
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2781,6 +2781,12 @@ static void wpas_start_assoc_cb(struct w
+@@ -2942,6 +2942,12 @@ static void wpas_start_assoc_cb(struct w
  			params.beacon_int = ssid->beacon_int;
  		else
  			params.beacon_int = wpa_s->conf->beacon_int;
@@ -186,4 +186,4 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
 +		params.mcast_rate = ssid->mcast_rate;
  	}
  
- 	params.wpa_ie = wpa_ie;
+ 	params.pairwise_suite = cipher_pairwise;
diff --git a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch
index 11822366de..bf9020e2b6 100644
--- a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch
+++ b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch
@@ -10,7 +10,7 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
 
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -5012,7 +5012,7 @@ static int wpa_driver_nl80211_ibss(struc
+@@ -5091,7 +5091,7 @@ static int wpa_driver_nl80211_ibss(struc
  				   struct wpa_driver_associate_params *params)
  {
  	struct nl_msg *msg;
@@ -19,7 +19,7 @@ Signed-hostap: Antonio Quartulli <ordex at autistici.org>
  	int count = 0;
  
  	wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
-@@ -5039,6 +5039,37 @@ retry:
+@@ -5118,6 +5118,37 @@ retry:
  	    nl80211_put_beacon_int(msg, params->beacon_int))
  		goto fail;
  
diff --git a/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch b/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch
index 9b5ee4bbb3..80433b93be 100644
--- a/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch
+++ b/package/network/services/hostapd/patches/463-add-mcast_rate-to-11s.patch
@@ -19,7 +19,7 @@ Tested-by: Simon Wunderlich <simon.wunderlich at openmesh.com>
 
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -1424,6 +1424,7 @@ struct wpa_driver_mesh_join_params {
+@@ -1394,6 +1394,7 @@ struct wpa_driver_mesh_join_params {
  #define WPA_DRIVER_MESH_FLAG_SAE_AUTH	0x00000004
  #define WPA_DRIVER_MESH_FLAG_AMPE	0x00000008
  	unsigned int flags;
@@ -29,7 +29,7 @@ Tested-by: Simon Wunderlich <simon.wunderlich at openmesh.com>
  /**
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -8981,6 +8981,18 @@ static int nl80211_put_mesh_id(struct nl
+@@ -9204,6 +9204,18 @@ static int nl80211_put_mesh_id(struct nl
  }
  
  
@@ -48,7 +48,7 @@ Tested-by: Simon Wunderlich <simon.wunderlich at openmesh.com>
  static int nl80211_put_mesh_config(struct nl_msg *msg,
  				   struct wpa_driver_mesh_bss_params *params)
  {
-@@ -9039,6 +9051,7 @@ static int nl80211_join_mesh(struct i802
+@@ -9262,6 +9274,7 @@ static int nl80211_join_mesh(struct i802
  	    nl80211_put_basic_rates(msg, params->basic_rates) ||
  	    nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) ||
  	    nl80211_put_beacon_int(msg, params->beacon_int) ||
diff --git a/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch b/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch
index 3833539489..4f8ea499c0 100644
--- a/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch
+++ b/package/network/services/hostapd/patches/464-fix-mesh-obss-check.patch
@@ -1,6 +1,6 @@
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2010,11 +2010,13 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -2081,11 +2081,13 @@ void ibss_mesh_setup_freq(struct wpa_sup
  	for (j = 0; j < wpa_s->last_scan_res_used; j++) {
  		struct wpa_bss *bss = wpa_s->last_scan_res[j];
  
diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch
index acdc668a7b..6a0a89ece4 100644
--- a/package/network/services/hostapd/patches/600-ubus_support.patch
+++ b/package/network/services/hostapd/patches/600-ubus_support.patch
@@ -22,7 +22,7 @@
  
  struct wpa_ctrl_dst;
  struct radius_server_data;
-@@ -122,6 +123,7 @@ struct hostapd_data {
+@@ -129,6 +130,7 @@ struct hostapd_data {
  	struct hostapd_iface *iface;
  	struct hostapd_config *iconf;
  	struct hostapd_bss_config *conf;
@@ -30,7 +30,7 @@
  	int interface_added; /* virtual interface added for this BSS */
  	unsigned int started:1;
  	unsigned int disabled:1;
-@@ -370,6 +372,8 @@ struct hostapd_iface {
+@@ -392,6 +394,8 @@ struct hostapd_iface {
  	struct hostapd_config *conf;
  	char phy[16]; /* Name of the PHY (radio) */
  
@@ -39,7 +39,7 @@
  	enum hostapd_iface_state {
  		HAPD_IFACE_UNINITIALIZED,
  		HAPD_IFACE_DISABLED,
-@@ -518,6 +522,7 @@ hostapd_alloc_bss_data(struct hostapd_if
+@@ -544,6 +548,7 @@ hostapd_alloc_bss_data(struct hostapd_if
  		       struct hostapd_bss_config *bss);
  int hostapd_setup_interface(struct hostapd_iface *iface);
  int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err);
@@ -75,7 +75,7 @@
  {
  #ifdef NEED_AP_MLME
  	u16 capab = hostapd_own_capab_info(hapd);
-@@ -1711,6 +1714,7 @@ static int hostapd_setup_interface_compl
+@@ -1807,6 +1810,7 @@ static int hostapd_setup_interface_compl
  	if (err)
  		goto fail;
  
@@ -83,7 +83,7 @@
  	wpa_printf(MSG_DEBUG, "Completing interface initialization");
  	if (iface->conf->channel) {
  #ifdef NEED_AP_MLME
-@@ -1890,6 +1894,7 @@ dfs_offload:
+@@ -1987,6 +1991,7 @@ dfs_offload:
  
  fail:
  	wpa_printf(MSG_ERROR, "Interface initialization failed");
@@ -91,7 +91,7 @@
  	hostapd_set_state(iface, HAPD_IFACE_DISABLED);
  	wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED);
  #ifdef CONFIG_FST
-@@ -2344,6 +2349,7 @@ void hostapd_interface_deinit_free(struc
+@@ -2441,6 +2446,7 @@ void hostapd_interface_deinit_free(struc
  		   (unsigned int) iface->conf->num_bss);
  	driver = iface->bss[0]->driver;
  	drv_priv = iface->bss[0]->drv_priv;
@@ -101,7 +101,7 @@
  		   __func__, driver, drv_priv);
 --- a/src/ap/ieee802_11.c
 +++ b/src/ap/ieee802_11.c
-@@ -1587,12 +1587,13 @@ ieee802_11_set_radius_info(struct hostap
+@@ -1662,12 +1662,13 @@ ieee802_11_set_radius_info(struct hostap
  
  
  static void handle_auth(struct hostapd_data *hapd,
@@ -117,7 +117,7 @@
  	u16 fc;
  	const u8 *challenge = NULL;
  	u32 session_timeout, acct_interim_interval;
-@@ -1603,6 +1604,11 @@ static void handle_auth(struct hostapd_d
+@@ -1678,6 +1679,11 @@ static void handle_auth(struct hostapd_d
  	char *identity = NULL;
  	char *radius_cui = NULL;
  	u16 seq_ctrl;
@@ -129,7 +129,7 @@
  
  	if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
  		wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
-@@ -1757,6 +1763,13 @@ static void handle_auth(struct hostapd_d
+@@ -1836,6 +1842,13 @@ static void handle_auth(struct hostapd_d
  		resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
  		goto fail;
  	}
@@ -143,7 +143,7 @@
  	if (res == HOSTAPD_ACL_PENDING)
  		return;
  
-@@ -2870,12 +2883,12 @@ void fils_hlp_timeout(void *eloop_ctx, v
+@@ -3098,12 +3111,12 @@ void fils_hlp_timeout(void *eloop_ctx, v
  
  static void handle_assoc(struct hostapd_data *hapd,
  			 const struct ieee80211_mgmt *mgmt, size_t len,
@@ -158,7 +158,7 @@
  	struct sta_info *sta;
  	u8 *tmp = NULL;
  	struct hostapd_sta_wpa_psk_short *psk = NULL;
-@@ -2884,6 +2897,11 @@ static void handle_assoc(struct hostapd_
+@@ -3112,6 +3125,11 @@ static void handle_assoc(struct hostapd_
  #ifdef CONFIG_FILS
  	int delay_assoc = 0;
  #endif /* CONFIG_FILS */
@@ -170,7 +170,7 @@
  
  	if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
  				      sizeof(mgmt->u.assoc_req))) {
-@@ -3051,6 +3069,14 @@ static void handle_assoc(struct hostapd_
+@@ -3283,6 +3301,14 @@ static void handle_assoc(struct hostapd_
  	}
  #endif /* CONFIG_MBO */
  
@@ -185,7 +185,7 @@
  	/*
  	 * sta->capability is used in check_assoc_ies() for RRM enabled
  	 * capability element.
-@@ -3258,6 +3284,7 @@ static void handle_disassoc(struct hosta
+@@ -3496,6 +3522,7 @@ static void handle_disassoc(struct hosta
  	wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
  		   MAC2STR(mgmt->sa),
  		   le_to_host16(mgmt->u.disassoc.reason_code));
@@ -193,7 +193,7 @@
  
  	sta = ap_get_sta(hapd, mgmt->sa);
  	if (sta == NULL) {
-@@ -3323,6 +3350,8 @@ static void handle_deauth(struct hostapd
+@@ -3561,6 +3588,8 @@ static void handle_deauth(struct hostapd
  		" reason_code=%d",
  		MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
  
@@ -202,16 +202,16 @@
  	sta = ap_get_sta(hapd, mgmt->sa);
  	if (sta == NULL) {
  		wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
-@@ -3637,7 +3666,7 @@ int ieee802_11_mgmt(struct hostapd_data
+@@ -3883,7 +3912,7 @@ int ieee802_11_mgmt(struct hostapd_data
  
  
  	if (stype == WLAN_FC_STYPE_PROBE_REQ) {
--		handle_probe_req(hapd, mgmt, len, fi->ssi_signal);
+-		handle_probe_req(hapd, mgmt, len, ssi_signal);
 +		handle_probe_req(hapd, mgmt, len, fi);
  		return 1;
  	}
  
-@@ -3657,17 +3686,17 @@ int ieee802_11_mgmt(struct hostapd_data
+@@ -3903,17 +3932,17 @@ int ieee802_11_mgmt(struct hostapd_data
  	switch (stype) {
  	case WLAN_FC_STYPE_AUTH:
  		wpa_printf(MSG_DEBUG, "mgmt::auth");
@@ -234,7 +234,7 @@
  	case WLAN_FC_STYPE_DISASSOC:
 --- a/src/ap/beacon.c
 +++ b/src/ap/beacon.c
-@@ -716,7 +716,7 @@ void sta_track_claim_taxonomy_info(struc
+@@ -720,7 +720,7 @@ void sta_track_claim_taxonomy_info(struc
  
  void handle_probe_req(struct hostapd_data *hapd,
  		      const struct ieee80211_mgmt *mgmt, size_t len,
@@ -243,7 +243,7 @@
  {
  	u8 *resp;
  	struct ieee802_11_elems elems;
-@@ -725,9 +725,15 @@ void handle_probe_req(struct hostapd_dat
+@@ -729,6 +729,7 @@ void handle_probe_req(struct hostapd_dat
  	size_t i, resp_len;
  	int noack;
  	enum ssid_match_result res;
@@ -251,6 +251,10 @@
  	int ret;
  	u16 csa_offs[2];
  	size_t csa_offs_len;
+@@ -737,6 +738,11 @@ void handle_probe_req(struct hostapd_dat
+ 	struct hostapd_sta_wpa_psk_short *psk = NULL;
+ 	char *identity = NULL;
+ 	char *radius_cui = NULL;
 +	struct hostapd_ubus_request req = {
 +		.type = HOSTAPD_UBUS_PROBE_REQ,
 +		.mgmt_frame = mgmt,
@@ -259,7 +263,7 @@
  
  	if (len < IEEE80211_HDRLEN)
  		return;
-@@ -894,6 +900,12 @@ void handle_probe_req(struct hostapd_dat
+@@ -914,6 +920,12 @@ void handle_probe_req(struct hostapd_dat
  	}
  #endif /* CONFIG_P2P */
  
@@ -311,7 +315,7 @@
  		wpabuf_free(sta->p2p_ie);
 --- a/src/ap/sta_info.c
 +++ b/src/ap/sta_info.c
-@@ -404,6 +404,7 @@ void ap_handle_timer(void *eloop_ctx, vo
+@@ -408,6 +408,7 @@ void ap_handle_timer(void *eloop_ctx, vo
  			       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
  			       "local deauth request");
  		ap_free_sta(hapd, sta);
@@ -319,7 +323,7 @@
  		return;
  	}
  
-@@ -551,6 +552,7 @@ skip_poll:
+@@ -555,6 +556,7 @@ skip_poll:
  			hapd, sta,
  			WLAN_REASON_PREV_AUTH_NOT_VALID);
  		ap_free_sta(hapd, sta);
@@ -327,7 +331,7 @@
  		break;
  	}
  }
-@@ -1212,6 +1214,7 @@ void ap_sta_set_authorized(struct hostap
+@@ -1216,6 +1218,7 @@ void ap_sta_set_authorized(struct hostap
  					  buf, ip_addr);
  	} else {
  		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
@@ -337,7 +341,7 @@
  		    hapd->msg_ctx_parent != hapd->msg_ctx)
 --- a/src/ap/wpa_auth_glue.c
 +++ b/src/ap/wpa_auth_glue.c
-@@ -175,6 +175,7 @@ static void hostapd_wpa_auth_psk_failure
+@@ -176,6 +176,7 @@ static void hostapd_wpa_auth_psk_failure
  	struct hostapd_data *hapd = ctx;
  	wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
  		MAC2STR(addr));
-- 
2.16.2




More information about the Lede-dev mailing list