OpenWrt v19.07.0-rc2: adjust config defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

.gitignore

@@ -16,6 +16,7 @@
 /overlay
 /package/feeds
 /package/openwrt-packages
+/*.patch
 key-build*
 *.orig
 *.rej

config/Config-kernel.in

@@ -775,7 +775,7 @@ menu "Filesystem ACL and attr support options"
 		select KERNEL_FS_POSIX_ACL
 		default y if USE_FS_ACL_ATTR
 
-	config KERNEL_HFSPLUG_FS_POSIX_ACL
+	config KERNEL_HFSPLUS_FS_POSIX_ACL
 		bool "Enable POSIX ACL for HFS+ Filesystems"
 		select KERNEL_FS_POSIX_ACL
 		default y if USE_FS_ACL_ATTR

feeds.conf.default

@@ -1,4 +1,4 @@
-src-git packages https://git.openwrt.org/feed/packages.git^3f3c613ac5bbbd74eac636c3cb1c5cdcf0cbfbe8
-src-git luci https://git.openwrt.org/project/luci.git^c0e73d3f9567f227cbe36ba12af53efbfdd4343d
+src-git packages https://git.openwrt.org/feed/packages.git^00803ffc91e80b16e9c1603ff32106d42e255923
+src-git luci https://git.openwrt.org/project/luci.git^039ef1f4deba725d3591b159bbc9569885d68131
 src-git routing https://git.openwrt.org/feed/routing.git^8d5ee29f088e9dfaa49dc74573edb1919f14dbf4
-src-git telephony https://git.openwrt.org/feed/telephony.git^821bcb7c58a24ea65f022ad2221ba68143533157
+src-git telephony https://git.openwrt.org/feed/telephony.git^44d82fa226dc36a53043fdffdb9688d34a16a18c

include/download.mk

@@ -289,6 +289,7 @@ endef
 define Download/default
   FILE:=$(PKG_SOURCE)
   URL:=$(PKG_SOURCE_URL)
+  URL_FILE:=$(PKG_SOURCE_URL_FILE)
   SUBDIR:=$(PKG_SOURCE_SUBDIR)
   PROTO:=$(PKG_SOURCE_PROTO)
   $(if $(PKG_SOURCE_MIRROR),MIRROR:=$(filter 1,$(PKG_MIRROR)))

include/kernel-version.mk

@@ -6,9 +6,9 @@ ifdef CONFIG_TESTING_KERNEL
   KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER)
 endif
 
-LINUX_VERSION-4.14 = .151
+LINUX_VERSION-4.14 = .156
 
-LINUX_KERNEL_HASH-4.14.151 = ff519c428ee9bbb513a84db5ec32a7e3705cd8c23a57104b25b944cb79583fae
+LINUX_KERNEL_HASH-4.14.156 = f8889feb0cbd7df36ff35bd4c72c1e2010567621bfcb218fcfa501bc5c7787c0
 
 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
 sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))

include/prereq-build.mk

@@ -141,10 +141,12 @@ $(eval $(call SetupHostCommand,wget,Please install GNU 'wget', \
 $(eval $(call SetupHostCommand,perl,Please install Perl 5.x, \
 	perl --version | grep "perl.*v5"))
 
+$(eval $(call CleanupPython3))
+
 $(eval $(call SetupHostCommand,python,Please install Python 2.x, \
-	python2.7 -V 2>&1 | grep Python, \
-	python2 -V 2>&1 | grep Python, \
-	python -V 2>&1 | grep Python))
+	python2.7 -V 2>&1 | grep 'Python 2.7', \
+	python2 -V 2>&1 | grep 'Python 2', \
+	python -V 2>&1 | grep 'Python 2'))
 
 $(eval $(call SetupHostCommand,git,Please install Git (git-core) >= 1.7.12.2, \
 	git --exec-path | xargs -I % -- grep -q -- --recursive %/git-submodule))

include/prereq.mk

@@ -66,6 +66,18 @@ define RequireHeader
   $$(eval $$(call Require,$(1),$(2)))
 endef
 
+define CleanupPython3
+  define Require/python3-cleanup
+	if [ -f "$(STAGING_DIR_HOST)/bin/python" ] && \
+		$(STAGING_DIR_HOST)/bin/python -V 2>&1 | \
+		grep -q 'Python 3'; then \
+			rm $(STAGING_DIR_HOST)/bin/python; \
+	fi
+  endef
+
+  $$(eval $$(call Require,python3-cleanup))
+endef
+
 define QuoteHostCommand
 '$(subst ','"'"',$(strip $(1)))'
 endef

include/version.mk

@@ -26,13 +26,13 @@ PKG_CONFIG_DEPENDS += \
 sanitize = $(call tolower,$(subst _,-,$(subst $(space),-,$(1))))
 
 VERSION_NUMBER:=$(call qstrip,$(CONFIG_VERSION_NUMBER))
-VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),19.07.0-rc1)
+VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),19.07.0-rc2)
 
 VERSION_CODE:=$(call qstrip,$(CONFIG_VERSION_CODE))
-VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r10649-c4fdb377a2)
+VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r10775-db8345d8e4)
 
 VERSION_REPO:=$(call qstrip,$(CONFIG_VERSION_REPO))
-VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),http://downloads.openwrt.org/releases/19.07.0-rc1)
+VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),http://downloads.openwrt.org/releases/19.07.0-rc2)
 
 VERSION_DIST:=$(call qstrip,$(CONFIG_VERSION_DIST))
 VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),OpenWrt)

package/base-files/Makefile

@@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/version.mk
 include $(INCLUDE_DIR)/feeds.mk
 
 PKG_NAME:=base-files
-PKG_RELEASE:=204
+PKG_RELEASE:=204.1
 PKG_FLAGS:=nonshared
 
 PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/

package/base-files/files/bin/config_generate

@@ -85,12 +85,16 @@ generate_network() {
 		set network.$1.proto='none'
 	EOF
 
-	[ -n "$macaddr" ] && uci -q batch <<-EOF
-		delete network.$1_dev
-		set network.$1_dev='device'
-		set network.$1_dev.name='$ifname'
-		set network.$1_dev.macaddr='$macaddr'
-	EOF
+	if [ -n "$macaddr" ]; then
+		for name in $ifname; do
+			uci -q batch <<-EOF
+				delete network.$1_${name/./_}_dev
+				set network.$1_${name/./_}_dev='device'
+				set network.$1_${name/./_}_dev.name='$name'
+				set network.$1_${name/./_}_dev.macaddr='$macaddr'
+			EOF
+		done
+	fi
 
 	case "$protocol" in
 		static)

package/base-files/files/lib/upgrade/stage2

@@ -48,7 +48,7 @@ switch_to_ramfs() {
 		local file="$(which "$binary" 2>/dev/null)"
 		[ -n "$file" ] && install_bin "$file"
 	done
-	install_file /etc/resolv.conf /lib/*.sh /lib/functions/*.sh /lib/upgrade/*.sh /lib/upgrade/do_stage2 $RAMFS_COPY_DATA
+	install_file /etc/resolv.conf /lib/*.sh /lib/functions/*.sh /lib/upgrade/*.sh /lib/upgrade/do_stage2 /usr/share/libubox/jshn.sh $RAMFS_COPY_DATA
 
 	[ -L "/lib64" ] && ln -s /lib $RAM_ROOT/lib64
 

package/base-files/image-config.in

@@ -183,7 +183,7 @@ if VERSIONOPT
 	config VERSION_REPO
 		string
 		prompt "Release repository"
-		default "http://downloads.openwrt.org/releases/19.07.0-rc1"
+		default "http://downloads.openwrt.org/releases/19.07.0-rc2"
 		help
 			This is the repository address embedded in the image, it defaults
 			to the trunk snapshot repo; the url may contain the following placeholders:

package/boot/uboot-envtools/Makefile

@@ -51,16 +51,11 @@ define Build/Configure
 	touch $(PKG_BUILD_DIR)/include/generated/autoconf.h
 endef
 
-TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include
-
-define Build/Compile
-	$(MAKE) -C $(PKG_BUILD_DIR) \
-		CROSS_COMPILE="$(TARGET_CROSS)" \
-		TARGET_CFLAGS="$(TARGET_CFLAGS)" \
-		HOSTLDFLAGS= \
-		no-dot-config-targets=envtools \
-		envtools
-endef
+MAKE_FLAGS += \
+	TARGET_CFLAGS="$(TARGET_CFLAGS)" \
+	TARGET_LDFLAGS="$(TARGET_LDFLAGS)" \
+	no-dot-config-targets=envtools \
+	envtools
 
 define Package/uboot-envtools/conffiles
 /etc/config/ubootenv

package/boot/uboot-envtools/files/ar71xx

@@ -58,7 +58,10 @@ sr3200|\
 t830|\
 tube2h|\
 wam250|\
-wndr3700|\
+wnr1000-v2|\
+wnr2000-v3|\
+wnr2200|\
+wnr612-v2|\
 xd3200)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x10000" "0x10000"
 	;;
@@ -92,6 +95,12 @@ qihoo-c301)
 wi2a-ac200i)
 	ubootenv_add_uci_config "/dev/mtd4" "0x0" "0x8000" "0x10000"
 	;;
+wndr3700)
+	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x20000" "0x10000"
+	;;
+wndr4300)
+	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x40000" "0x20000"
+	;;
 esac
 
 config_load ubootenv

package/boot/uboot-envtools/files/ath79

@@ -23,12 +23,18 @@ glinet,gl-ar300m-nor|\
 librerouter,librerouter-v1|\
 netgear,ex6400|\
 netgear,ex7300|\
+netgear,wnr612-v2|\
 ocedo,koala|\
 ocedo,raccoon|\
 openmesh,om5p-ac-v2|\
-yuncore,a770)
+yuncore,a770|\
+yuncore,a782|\
+yuncore,xd4200)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x10000" "0x10000"
 	;;
+netgear,wndr3700)
+	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x20000" "0x10000"
+	;;
 esac
 
 config_load ubootenv

package/boot/uboot-envtools/files/ramips

@@ -15,6 +15,8 @@ board=$(board_name)
 case "$board" in
 alfa-network,ac1200rm|\
 alfa-network,awusfree1|\
+alfa-network,quad-e4g|\
+alfa-network,r36m-e4g|\
 alfa-network,tube-e4g)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x1000" "0x1000"
 	;;

package/boot/uboot-envtools/patches/001-compile.patch

@@ -1,12 +1,15 @@
 --- a/tools/env/Makefile
 +++ b/tools/env/Makefile
-@@ -10,6 +10,10 @@
+@@ -10,6 +10,13 @@
  # with "CC" here for the maximum code reuse of scripts/Makefile.host.
  override HOSTCC = $(CC)
  
 +ifneq ($(TARGET_CFLAGS),)
 +HOSTCFLAGS = $(TARGET_CFLAGS)
 +endif
++ifneq ($(TARGET_LDFLAGS),)
++HOSTLDFLAGS = $(TARGET_LDFLAGS)
++endif
 +
  # Compile for a hosted environment on the target
  HOST_EXTRACFLAGS  = $(patsubst -I%,-idirafter%, $(filter -I%, $(UBOOTINCLUDE))) \

package/boot/uboot-fritz4040/Makefile

@@ -10,9 +10,9 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_SOURCE_URL:=https://github.com/chunkeey/FritzBox-4040-UBOOT
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=572ff7ff5a8b98022e75c4cca25fdede90eda1c3
-PKG_SOURCE_DATE:=2019-09-07
-PKG_MIRROR_HASH:=72a63dd6d4a968d0736938d1c7e1dda2afc54475c5ff456eff0f56c6bd6b84e9
+PKG_SOURCE_VERSION:=f92be9d783b1210c020d5d6129e210a94bb7e290
+PKG_SOURCE_DATE:=2019-10-19
+PKG_MIRROR_HASH:=e40a7f624b1758b276f81c765ef1da568c595b8bd54568b9cceca7d170ebc612
 
 PKG_RELEASE:=1
 
@@ -26,6 +26,11 @@ define U-Boot/Default
   UBOOT_IMAGE:=uboot-$(1).bin
 endef
 
+define U-Boot/fritz1200
+  NAME:=FritzRepeater 1200
+  BUILD_DEVICES:=avm_fritzrepeater-1200
+endef
+
 define U-Boot/fritz3000
   NAME:=FritzRepeater 3000
   BUILD_DEVICES:=avm_fritzrepeater-3000
@@ -67,6 +72,6 @@ define Package/u-boot/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/upload-to-f4040.sh $(1)/
 endef
 
-UBOOT_TARGETS := fritz3000 fritz4040 fritz7530
+UBOOT_TARGETS := fritz1200 fritz3000 fritz4040 fritz7530
 
 $(eval $(call BuildPackage/U-Boot))

package/devel/strace/patches/100-workaround--pt-reg-collisions-ppc.patch

@@ -1,17 +0,0 @@
---- a/ptrace.h
-+++ b/ptrace.h
-@@ -30,7 +30,14 @@
- #  define ptrace_peeksiginfo_args XXX_ptrace_peeksiginfo_args
- # endif
- 
-+#if POWERPC
-+#include <linux/types.h>
-+#define __ASSEMBLY__
-+#endif
- # include <linux/ptrace.h>
-+#if POWERPC
-+#undef __ASSEMBLY__
-+#endif
- 
- # ifdef HAVE_STRUCT_IA64_FPREG
- #  undef ia64_fpreg

package/firmware/intel-microcode/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=intel-microcode
-PKG_VERSION:=20180807a
+PKG_VERSION:=20190918
 PKG_RELEASE:=1
 
 PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).$(PKG_RELEASE).tar.xz
 PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/non-free/i/intel-microcode/
-PKG_HASH:=1a7cb96d5c6a4abac2936236223d9bea79d7442dc1cfe9b712ff8e35374f0f9f
+PKG_HASH:=b7ecb5dd30d71e9b3c2ab184693a876171392e0d80d138c3560c662e5f2a2247
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-3.$(PKG_VERSION).$(PKG_RELEASE)
 
 PKG_BUILD_DEPENDS:=iucode-tool/host

package/firmware/ipq-wifi/Makefile

@@ -27,6 +27,7 @@ ALLWIFIBOARDS:= \
 	alfa-network_ap120c-ac \
 	asus_map-ac2200 \
 	avm_fritzbox-7530 \
+	avm_fritzrepeater-1200 \
 	avm_fritzrepeater-3000 \
 	engenius_eap1300 \
 	engenius_ens620ext \
@@ -98,6 +99,7 @@ endef
 $(eval $(call generate-ipq-wifi-package,alfa-network_ap120c-ac,ALFA Network AP120C-AC))
 $(eval $(call generate-ipq-wifi-package,asus_map-ac2200,ASUS MAP-AC2200))
 $(eval $(call generate-ipq-wifi-package,avm_fritzbox-7530,AVM FRITZ!Box 7530))
+$(eval $(call generate-ipq-wifi-package,avm_fritzrepeater-1200,AVM FRITZRepeater 1200))
 $(eval $(call generate-ipq-wifi-package,avm_fritzrepeater-3000,AVM FRITZ!Repeater 3000))
 $(eval $(call generate-ipq-wifi-package,engenius_eap1300,EnGenius EAP1300))
 $(eval $(call generate-ipq-wifi-package,engenius_ens620ext,EnGenius ENS620EXT))

package/firmware/wireless-regdb/Makefile

@@ -1,26 +1,26 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wireless-regdb
+PKG_VERSION:=2019.06.03
 
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://git.kernel.org/pub/scm/linux/kernel/git/sforshee/wireless-regdb.git
-PKG_SOURCE_DATE:=2017-10-20
-PKG_SOURCE_VERSION:=4343d359ed5e7404de8803a74df186457b26ab79
-PKG_MIRROR_HASH:=5f5b669f32ae36cb65b1d99efbbbfd42c2983cda32f6448346e3e54ffaba3889
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=@KERNEL/software/network/wireless-regdb/
+PKG_HASH:=cd917ed86b63ce8d93947979f1f18948f03a4ac0ad89ec25227b36ac00dc54bf
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 
 include $(INCLUDE_DIR)/package.mk
 
 define Package/wireless-regdb
+  PKGARCH:=all
   SECTION:=firmware
   CATEGORY:=Firmware
-  URL:=$(patsubst pub/scm,cgit,$(PKG_SOURCE_URL))
+  URL:=https://git.kernel.org/pub/scm/linux/kernel/git/sforshee/wireless-regdb.git/
   TITLE:=Wireless Regulatory Database
 endef
 
 define Build/Compile
-	python $(PKG_BUILD_DIR)/db2fw.py $(PKG_BUILD_DIR)/regulatory.db $(PKG_BUILD_DIR)/db.txt
+	$(STAGING_DIR_HOST)/bin/$(PYTHON) $(PKG_BUILD_DIR)/db2fw.py $(PKG_BUILD_DIR)/regulatory.db $(PKG_BUILD_DIR)/db.txt
 endef
 
 define Package/wireless-regdb/install

package/firmware/wireless-regdb/patches/010-regdb-fix-compatibility-with-python2.patch

@@ -0,0 +1,58 @@
+From 651e39dee8605995b736b6056c6f7dc5c5a9c948 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Thu, 22 Aug 2019 21:46:27 +0200
+Subject: [PATCH] regdb: fix compatibility with python2
+
+Various changes in the commit mentioned below broke
+compatibility with python2. Restore it in a way that
+makes it worth with both versions.
+
+Fixes: f3c4969c2485 ("wireless-regdb: make scripts compatible with Python 3")
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
+---
+ db2bin.py  | 2 +-
+ db2fw.py   | 2 +-
+ dbparse.py | 3 +--
+ 3 files changed, 3 insertions(+), 4 deletions(-)
+
+--- a/db2bin.py
++++ b/db2bin.py
+@@ -118,7 +118,7 @@ reg_country_ptr.set()
+ for alpha2 in countrynames:
+     coll = countries[alpha2]
+     # struct regdb_file_reg_country
+-    output.write(struct.pack('>BBxBI', alpha2[0], alpha2[1], coll.dfs_region, reg_rules_collections[coll.permissions]))
++    output.write(struct.pack('>2sxBI', alpha2, coll.dfs_region, reg_rules_collections[coll.permissions]))
+ 
+ 
+ if len(sys.argv) > 3:
+--- a/db2fw.py
++++ b/db2fw.py
+@@ -85,7 +85,7 @@ countrynames = list(countries)
+ countrynames.sort()
+ for alpha2 in countrynames:
+     coll = countries[alpha2]
+-    output.write(struct.pack('>BB', alpha2[0], alpha2[1]))
++    output.write(struct.pack('>2s', alpha2))
+     country_ptrs[alpha2] = PTR(output)
+ output.write(b'\x00' * 4)
+ 
+--- a/dbparse.py
++++ b/dbparse.py
+@@ -1,6 +1,5 @@
+ #!/usr/bin/env python
+ 
+-from builtins import bytes
+ from functools import total_ordering
+ import sys, math
+ from math import ceil, log
+@@ -359,7 +358,7 @@ class DBParser(object):
+         for cname in cnames:
+             if len(cname) != 2:
+                 self._warn("country '%s' not alpha2" % cname)
+-            cname = bytes(cname, 'ascii')
++            cname = cname.encode('ascii')
+             if not cname in self._countries:
+                 self._countries[cname] = Country(dfs_region, comments=self._comments)
+             self._current_countries[cname] = self._countries[cname]

package/firmware/wireless-regdb/patches/100-regdb-write-firmware-file-format-version-code-20.patch

@@ -1,251 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Mon, 9 Oct 2017 11:50:57 +0200
-Subject: [PATCH] regdb: write firmware file format (version code 20)
-
-TODO: clean up the Makefile stuff ...
-
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
- create mode 100755 db2fw.py
-
---- a/Makefile
-+++ b/Makefile
-@@ -1,7 +1,5 @@
- # Install prefix
- PREFIX ?= /usr
--CRDA_PATH ?= $(PREFIX)/lib/crda
--CRDA_KEY_PATH ?= $(CRDA_PATH)/pubkeys
- 
- MANDIR ?= $(PREFIX)/share/man/
- 
-@@ -30,39 +28,47 @@ REGDB_AUTHOR ?= $(shell if [ -f $(DISTRO
- 		fi)
- 
- REGDB_PRIVKEY ?= ~/.wireless-regdb-$(REGDB_AUTHOR).key.priv.pem
--REGDB_PUBKEY ?= $(REGDB_AUTHOR).key.pub.pem
--
--REGDB_UPSTREAM_PUBKEY ?= sforshee.key.pub.pem
-+REGDB_PUBCERT ?= $(REGDB_AUTHOR).x509.pem
- 
- REGDB_CHANGED = $(shell $(SHA1SUM) -c --status sha1sum.txt >/dev/null 2>&1; \
-         if [ $$? -ne 0 ]; then \
--                echo maintainer-clean $(REGDB_PUBKEY); \
-+                echo maintainer-clean $(REGDB_PUBCERT); \
-         fi)
- 
- .PHONY: all clean mrproper install maintainer-clean install-distro-key
- 
--all: $(REGDB_CHANGED) regulatory.bin sha1sum.txt
-+all: $(REGDB_CHANGED) regulatory.db.p7s sha1sum.txt
- 
- clean:
- 	@rm -f *.pyc *.gz
- 
- maintainer-clean: clean
--	@rm -f regulatory.bin
-+	@rm -f regulatory.db regulatory.db.p7s
- 
- mrproper: clean maintainer-clean
--	@echo Removed public key, regulatory.bin and compresed man pages
--	@rm -f $(REGDB_PUBKEY) .custom
-+	@echo Removed public key, regulatory.db* and compressed man pages
-+	@rm -f $(REGDB_PUBCERT) .custom
- 
--regulatory.bin: db.txt $(REGDB_PRIVKEY) $(REGDB_PUBKEY)
--	@echo Generating $@ digitally signed by $(REGDB_AUTHOR)...
--	./db2bin.py regulatory.bin db.txt $(REGDB_PRIVKEY)
-+regulatory.db: db.txt db2fw.py
-+	@echo "Generating $@"
-+	./db2fw.py regulatory.db db.txt
-+
-+regulatory.db.p7s: regulatory.db $(REGDB_PRIVKEY) $(REGDB_PUBCERT)
-+	@echo "Signing regulatory.db (by $(REGDB_AUTHOR))..."
-+	@openssl smime -sign \
-+		-signer $(REGDB_PUBCERT) \
-+		-inkey $(REGDB_PRIVKEY) \
-+		-in $< -nosmimecap -binary \
-+		-outform DER -out $@
- 
- sha1sum.txt: db.txt
- 	sha1sum $< > $@
- 
--$(REGDB_PUBKEY): $(REGDB_PRIVKEY)
--	@echo "Generating public key for $(REGDB_AUTHOR)..."
--	openssl rsa -in $(REGDB_PRIVKEY) -out $(REGDB_PUBKEY) -pubout -outform PEM
-+$(REGDB_PUBCERT): $(REGDB_PRIVKEY)
-+	@echo "Generating certificate for $(REGDB_AUTHOR)..."
-+	@openssl req -config regulatory.openssl.conf \
-+		-key $(REGDB_PRIVKEY) -days 36500 -utf8 -nodes -batch \
-+		-x509 -outform PEM -out $(REGDB_PUBCERT)
- 	@echo $(REGDB_PUBKEY) > .custom
- 
- 
-@@ -97,16 +103,7 @@ install-distro-key: maintainer-clean $(D
- #	make maintainer-clean
- #	make
- #	sudo make install
--install: regulatory.bin.5.gz
--	install -m 755 -d $(DESTDIR)/$(CRDA_PATH)
--	install -m 755 -d $(DESTDIR)/$(CRDA_KEY_PATH)
--	if [ -f .custom ]; then \
--		install -m 644 -t $(DESTDIR)/$(CRDA_KEY_PATH)/ $(shell cat .custom); \
--	fi
--	install -m 644 -t $(DESTDIR)/$(CRDA_KEY_PATH)/ $(REGDB_UPSTREAM_PUBKEY)
--	install -m 644 -t $(DESTDIR)/$(CRDA_PATH)/ regulatory.bin
-+install: regulatory.db.5.gz
-+	install -m 644 -t $(DESTDIR)/$(CRDA_PATH)/ regulatory.db
- 	install -m 755 -d $(DESTDIR)/$(MANDIR)/man5/
--	install -m 644 -t $(DESTDIR)/$(MANDIR)/man5/ regulatory.bin.5.gz
--
--uninstall:
--	rm -rf $(DESTDIR)/$(CRDA_PATH)/
-+	install -m 644 -t $(DESTDIR)/$(MANDIR)/man5/ regulatory.db.5.gz
---- a/README
-+++ b/README
-@@ -18,8 +18,8 @@ python module is used by the web viewer
- implemented as a MoinMoin macro (and used on http://wireless.kernel.org)
- to allow viewing the database for verification.
- 
--The dbparse module is also used by db2bin.py, the `compiler', which
--compiles and signs the binary database.
-+The dbparse module is also used by db2bin.py and db2fw.py, the `compilers'
-+that compile the database to its binary formats.
- 
- For more information, please see the CRDA git repository:
- 
---- /dev/null
-+++ b/db2fw.py
-@@ -0,0 +1,133 @@
-+#!/usr/bin/env python
-+
-+from cStringIO import StringIO
-+import struct
-+import hashlib
-+from dbparse import DBParser
-+import sys
-+
-+MAGIC = 0x52474442
-+VERSION = 20
-+
-+if len(sys.argv) < 3:
-+    print 'Usage: %s output-file input-file' % sys.argv[0]
-+    sys.exit(2)
-+
-+def create_rules(countries):
-+    result = {}
-+    for c in countries.itervalues():
-+        for rule in c.permissions:
-+            result[rule] = 1
-+    return result.keys()
-+
-+def create_collections(countries):
-+    result = {}
-+    for c in countries.itervalues():
-+        result[(c.permissions, c.dfs_region)] = 1
-+    return result.keys()
-+
-+
-+def be32(output, val):
-+    output.write(struct.pack('>I', val))
-+def be16(output, val):
-+    output.write(struct.pack('>H', val))
-+
-+class PTR(object):
-+    def __init__(self, output):
-+        self._output = output
-+        self._pos = output.tell()
-+        be16(output, 0)
-+        self._written = False
-+
-+    def set(self, val=None):
-+        if val is None:
-+            val = self._output.tell()
-+        assert val & 3 == 0
-+        self._offset = val
-+        pos = self._output.tell()
-+        self._output.seek(self._pos)
-+        be16(self._output, val >> 2)
-+        self._output.seek(pos)
-+        self._written = True
-+
-+    def get(self):
-+        return self._offset
-+
-+    @property
-+    def written(self):
-+        return self._written
-+
-+p = DBParser()
-+countries = p.parse(file(sys.argv[2]))
-+rules = create_rules(countries)
-+rules.sort(cmp=lambda x, y: cmp(x.freqband, y.freqband))
-+collections = create_collections(countries)
-+collections.sort(cmp=lambda x, y: cmp(x[0][0].freqband, y[0][0].freqband))
-+
-+output = StringIO()
-+
-+# struct regdb_file_header
-+be32(output, MAGIC)
-+be32(output, VERSION)
-+
-+country_ptrs = {}
-+countrynames = countries.keys()
-+countrynames.sort()
-+for alpha2 in countrynames:
-+    coll = countries[alpha2]
-+    output.write(struct.pack('>cc', str(alpha2[0]), str(alpha2[1])))
-+    country_ptrs[alpha2] = PTR(output)
-+output.write('\x00' * 4)
-+
-+reg_rules = {}
-+flags = 0
-+for reg_rule in rules:
-+    freq_range, power_rule = reg_rule.freqband, reg_rule.power
-+    reg_rules[reg_rule] = output.tell()
-+    assert power_rule.max_ant_gain == 0
-+    flags = 0
-+    # convert to new rule flags
-+    assert reg_rule.flags & ~0x899 == 0
-+    if reg_rule.flags & 1<<0:
-+        flags |= 1<<0
-+    if reg_rule.flags & 1<<3:
-+        flags |= 1<<1
-+    if reg_rule.flags & 1<<4:
-+        flags |= 1<<2
-+    if reg_rule.flags & 1<<7:
-+        flags |= 1<<3
-+    if reg_rule.flags & 1<<11:
-+        flags |= 1<<4
-+    rule_len = 16
-+    cac_timeout = 0 # TODO
-+    if not (flags & 1<<2):
-+        cac_timeout = 0
-+    if cac_timeout:
-+        rule_len += 2
-+    output.write(struct.pack('>BBHIII', rule_len, flags, power_rule.max_eirp * 100,
-+                             freq_range.start * 1000, freq_range.end * 1000, freq_range.maxbw * 1000,
-+                             ))
-+    if cac_timeout:
-+        output.write(struct.pack('>H', cac_timeout))
-+    while rule_len % 4:
-+        output.write('\0')
-+        rule_len += 1
-+
-+for coll in collections:
-+    for alpha2 in countrynames:
-+        if (countries[alpha2].permissions, countries[alpha2].dfs_region) == coll:
-+            assert not country_ptrs[alpha2].written
-+            country_ptrs[alpha2].set()
-+    slen = 3
-+    output.write(struct.pack('>BBBx', slen, len(list(coll[0])), coll[1]))
-+    coll = list(coll[0])
-+    for regrule in coll:
-+        be16(output, reg_rules[regrule] >> 2)
-+    if len(coll) % 2:
-+        be16(output, 0)
-+
-+for alpha2 in countrynames:
-+    assert country_ptrs[alpha2].written
-+
-+outfile = open(sys.argv[1], 'w')
-+outfile.write(output.getvalue())

package/firmware/wireless-regdb/patches/500-world-regd-5GHz.patch

@@ -5,7 +5,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 ---
 --- a/db.txt
 +++ b/db.txt
-@@ -6,7 +6,7 @@ country 00:
+@@ -16,7 +16,7 @@ country 00:
  	# Channel 14. Only JP enables this and for 802.11b only
  	(2474 - 2494 @ 20), (20), NO-IR, NO-OFDM
  	# Channel 36 - 48

package/kernel/linux/modules/video.mk

@@ -151,7 +151,7 @@ define KernelPackage/fb-sys-fops
   DEPENDS:=+kmod-fb
   KCONFIG:=CONFIG_FB_SYS_FOPS
   FILES:=$(LINUX_DIR)/drivers/video/fbdev/core/fb_sys_fops.ko
-  AUTOLOAD:=$(call AutoLoad,07,fbsysfops)
+  AUTOLOAD:=$(call AutoLoad,07,fb_sys_fops)
 endef
 
 define KernelPackage/fb-sys-fops/description

package/kernel/mac80211/Makefile

@@ -10,10 +10,10 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=mac80211
 
-PKG_VERSION:=4.19.79-1
+PKG_VERSION:=4.19.85-1
 PKG_RELEASE:=1
-PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v4.19.79/
-PKG_HASH:=ee03b16949e4968092cfed3cd763ff4682bc29fa3b52ebc239aa915583413cf3
+PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v4.19.85/
+PKG_HASH:=6a92df43e8c3e2410638d84dfd18773d667757532dd0a911227c9b7d65aee34d
 
 PKG_SOURCE:=backports-$(PKG_VERSION).tar.xz
 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/backports-$(PKG_VERSION)
@@ -299,14 +299,14 @@ endef
 define KernelPackage/rsi91x
   $(call KernelPackage/mac80211/Default)
   TITLE:=Redpine Signals Inc 91x WLAN driver support
-  DEPENDS+= +kmod-mac80211 +rs9113-firmware
+  DEPENDS+= +kmod-mac80211 +rs9113-firmware +@DRIVER_11N_SUPPORT
   FILES:=$(PKG_BUILD_DIR)/drivers/net/wireless/rsi/rsi_91x.ko
 endef
 
 define KernelPackage/rsi91x-usb
   $(call KernelPackage/mac80211/Default)
   TITLE:=Redpine Signals USB bus support
-  DEPENDS+= +kmod-mac80211 +kmod-usb2 +kmod-rsi91x +rs9113-firmware
+  DEPENDS+=@USB_SUPPORT +kmod-usb-core +kmod-mac80211 +kmod-rsi91x +rs9113-firmware
   FILES:=$(PKG_BUILD_DIR)/drivers/net/wireless/rsi/rsi_usb.ko
   AUTOLOAD:=$(call AutoProbe,rsi_usb)
 endef

package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh

@@ -100,7 +100,9 @@ mac80211_hostapd_setup_base() {
 	json_get_vars noscan ht_coex
 	json_get_values ht_capab_list ht_capab tx_burst
 
-	[ -n "$noscan" -a "$noscan" -gt 0 ] && hostapd_noscan=1
+	set_default noscan 0
+
+	[ "$noscan" -gt 0 ] && hostapd_noscan=1
 	[ "$tx_burst" = 0 ] && tx_burst=
 
 	ieee80211n=1

package/kernel/mac80211/patches/ath/381-ath9k-fix-tx99-with-monitor-mode-interface.patch

@@ -1,92 +0,0 @@
-From: Felix Fietkau <nbd@nbd.name>
-Date: Mon, 20 Aug 2018 11:35:05 +0200
-Subject: [PATCH] ath9k: fix tx99 with monitor mode interface
-
-Tx99 is typically configured via a monitor mode interface, which does
-not get added to the driver as a vif. Since the code currently expects
-a configured virtual interface for tx99, enabling tx99 via debugfs fails.
-Since the vif is not needed anyway, remove all checks for it.
-
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/drivers/net/wireless/ath/ath9k/ath9k.h
-+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
-@@ -1074,7 +1074,6 @@ struct ath_softc {
- 
- 	struct ath_spec_scan_priv spec_priv;
- 
--	struct ieee80211_vif *tx99_vif;
- 	struct sk_buff *tx99_skb;
- 	bool tx99_state;
- 	s16 tx99_power;
---- a/drivers/net/wireless/ath/ath9k/main.c
-+++ b/drivers/net/wireless/ath/ath9k/main.c
-@@ -1251,15 +1251,10 @@ static int ath9k_add_interface(struct ie
- 	struct ath_vif *avp = (void *)vif->drv_priv;
- 	struct ath_node *an = &avp->mcast_node;
- 
--	mutex_lock(&sc->mutex);
-+	if (IS_ENABLED(CPTCFG_ATH9K_TX99))
-+		return -EOPNOTSUPP;
- 
--	if (IS_ENABLED(CPTCFG_ATH9K_TX99)) {
--		if (sc->cur_chan->nvifs >= 1) {
--			mutex_unlock(&sc->mutex);
--			return -EOPNOTSUPP;
--		}
--		sc->tx99_vif = vif;
--	}
-+	mutex_lock(&sc->mutex);
- 
- 	ath_dbg(common, CONFIG, "Attach a VIF of type: %d\n", vif->type);
- 	sc->cur_chan->nvifs++;
-@@ -1342,7 +1337,6 @@ static void ath9k_remove_interface(struc
- 	ath9k_p2p_remove_vif(sc, vif);
- 
- 	sc->cur_chan->nvifs--;
--	sc->tx99_vif = NULL;
- 	if (!ath9k_is_chanctx_enabled())
- 		list_del(&avp->list);
- 
---- a/drivers/net/wireless/ath/ath9k/tx99.c
-+++ b/drivers/net/wireless/ath/ath9k/tx99.c
-@@ -54,12 +54,6 @@ static struct sk_buff *ath9k_build_tx99_
- 	struct ieee80211_hdr *hdr;
- 	struct ieee80211_tx_info *tx_info;
- 	struct sk_buff *skb;
--	struct ath_vif *avp;
--
--	if (!sc->tx99_vif)
--		return NULL;
--
--	avp = (struct ath_vif *)sc->tx99_vif->drv_priv;
- 
- 	skb = alloc_skb(len, GFP_KERNEL);
- 	if (!skb)
-@@ -77,14 +71,11 @@ static struct sk_buff *ath9k_build_tx99_
- 	memcpy(hdr->addr2, hw->wiphy->perm_addr, ETH_ALEN);
- 	memcpy(hdr->addr3, hw->wiphy->perm_addr, ETH_ALEN);
- 
--	hdr->seq_ctrl |= cpu_to_le16(avp->seq_no);
--
- 	tx_info = IEEE80211_SKB_CB(skb);
- 	memset(tx_info, 0, sizeof(*tx_info));
- 	rate = &tx_info->control.rates[0];
- 	tx_info->band = sc->cur_chan->chandef.chan->band;
- 	tx_info->flags = IEEE80211_TX_CTL_NO_ACK;
--	tx_info->control.vif = sc->tx99_vif;
- 	rate->count = 1;
- 	if (ah->curchan && IS_CHAN_HT(ah->curchan)) {
- 		rate->flags |= IEEE80211_TX_RC_MCS;
---- a/drivers/net/wireless/ath/ath9k/xmit.c
-+++ b/drivers/net/wireless/ath/ath9k/xmit.c
-@@ -2974,7 +2974,7 @@ int ath9k_tx99_send(struct ath_softc *sc
- 		return -EINVAL;
- 	}
- 
--	ath_set_rates(sc->tx99_vif, NULL, bf);
-+	ath_set_rates(NULL, NULL, bf);
- 
- 	ath9k_hw_set_desc_link(sc->sc_ah, bf->bf_desc, bf->bf_daddr);
- 	ath9k_hw_tx99_start(sc->sc_ah, txctl->txq->axq_qnum);

package/kernel/mac80211/patches/ath/395-ath9k-add-back-support-for-using-active-monitor-inte.patch

@@ -1,96 +0,0 @@
-From: Felix Fietkau <nbd@nbd.name>
-Date: Sat, 22 Sep 2018 15:20:50 +0200
-Subject: [PATCH] ath9k: add back support for using active monitor interfaces
- for tx99
-
-Various documented examples on how to set up tx99 with ath9k rely
-on setting up a regular monitor interface for setting the channel.
-My previous patch "ath9k: fix tx99 with monitor mode interface" made
-it possible to set it up this way again. However, it was removing support
-for using an active monitor interface, which is required for controlling
-the bitrate as well, since the bitrate is not passed down with a regular
-monitor interface.
-
-This patch partially reverts the previous one, but keeps support for using
-a regular monitor interface to keep documented steps working in cases
-where the bitrate does not matter
-
-Fixes: d9c52fd17cb48 ("ath9k: fix tx99 with monitor mode interface")
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/drivers/net/wireless/ath/ath9k/ath9k.h
-+++ b/drivers/net/wireless/ath/ath9k/ath9k.h
-@@ -1074,6 +1074,7 @@ struct ath_softc {
- 
- 	struct ath_spec_scan_priv spec_priv;
- 
-+	struct ieee80211_vif *tx99_vif;
- 	struct sk_buff *tx99_skb;
- 	bool tx99_state;
- 	s16 tx99_power;
---- a/drivers/net/wireless/ath/ath9k/main.c
-+++ b/drivers/net/wireless/ath/ath9k/main.c
-@@ -1251,8 +1251,13 @@ static int ath9k_add_interface(struct ie
- 	struct ath_vif *avp = (void *)vif->drv_priv;
- 	struct ath_node *an = &avp->mcast_node;
- 
--	if (IS_ENABLED(CPTCFG_ATH9K_TX99))
--		return -EOPNOTSUPP;
-+	if (IS_ENABLED(CPTCFG_ATH9K_TX99)) {
-+		if (sc->cur_chan->nvifs >= 1) {
-+			mutex_unlock(&sc->mutex);
-+			return -EOPNOTSUPP;
-+		}
-+		sc->tx99_vif = vif;
-+	}
- 
- 	mutex_lock(&sc->mutex);
- 
-@@ -1337,6 +1342,7 @@ static void ath9k_remove_interface(struc
- 	ath9k_p2p_remove_vif(sc, vif);
- 
- 	sc->cur_chan->nvifs--;
-+	sc->tx99_vif = NULL;
- 	if (!ath9k_is_chanctx_enabled())
- 		list_del(&avp->list);
- 
---- a/drivers/net/wireless/ath/ath9k/tx99.c
-+++ b/drivers/net/wireless/ath/ath9k/tx99.c
-@@ -54,6 +54,7 @@ static struct sk_buff *ath9k_build_tx99_
- 	struct ieee80211_hdr *hdr;
- 	struct ieee80211_tx_info *tx_info;
- 	struct sk_buff *skb;
-+	struct ath_vif *avp;
- 
- 	skb = alloc_skb(len, GFP_KERNEL);
- 	if (!skb)
-@@ -71,11 +72,17 @@ static struct sk_buff *ath9k_build_tx99_
- 	memcpy(hdr->addr2, hw->wiphy->perm_addr, ETH_ALEN);
- 	memcpy(hdr->addr3, hw->wiphy->perm_addr, ETH_ALEN);
- 
-+	if (sc->tx99_vif) {
-+		avp = (struct ath_vif *) sc->tx99_vif->drv_priv;
-+		hdr->seq_ctrl |= cpu_to_le16(avp->seq_no);
-+	}
-+
- 	tx_info = IEEE80211_SKB_CB(skb);
- 	memset(tx_info, 0, sizeof(*tx_info));
- 	rate = &tx_info->control.rates[0];
- 	tx_info->band = sc->cur_chan->chandef.chan->band;
- 	tx_info->flags = IEEE80211_TX_CTL_NO_ACK;
-+	tx_info->control.vif = sc->tx99_vif;
- 	rate->count = 1;
- 	if (ah->curchan && IS_CHAN_HT(ah->curchan)) {
- 		rate->flags |= IEEE80211_TX_RC_MCS;
---- a/drivers/net/wireless/ath/ath9k/xmit.c
-+++ b/drivers/net/wireless/ath/ath9k/xmit.c
-@@ -2974,7 +2974,7 @@ int ath9k_tx99_send(struct ath_softc *sc
- 		return -EINVAL;
- 	}
- 
--	ath_set_rates(NULL, NULL, bf);
-+	ath_set_rates(sc->tx99_vif, NULL, bf);
- 
- 	ath9k_hw_set_desc_link(sc->sc_ah, bf->bf_desc, bf->bf_daddr);
- 	ath9k_hw_tx99_start(sc->sc_ah, txctl->txq->axq_qnum);

package/kernel/mac80211/patches/ath/404-regd_no_assoc_hints.patch

@@ -1,6 +1,6 @@
 --- a/net/wireless/reg.c
 +++ b/net/wireless/reg.c
-@@ -3021,6 +3021,8 @@ void regulatory_hint_country_ie(struct w
+@@ -3027,6 +3027,8 @@ void regulatory_hint_country_ie(struct w
  	enum environment_cap env = ENVIRON_ANY;
  	struct regulatory_request *request = NULL, *lr;
  
@@ -9,11 +9,11 @@
  	/* IE len must be evenly divisible by 2 */
  	if (country_ie_len & 0x01)
  		return;
-@@ -3227,6 +3229,7 @@ static void restore_regulatory_settings(
+@@ -3252,6 +3254,7 @@ static bool is_wiphy_all_set_reg_flag(en
  
  void regulatory_hint_disconnect(void)
  {
 +	return;
- 	pr_debug("All devices are disconnected, going to restore regulatory settings\n");
- 	restore_regulatory_settings(false);
- }
+ 	/* Restore of regulatory settings is not required when wiphy(s)
+ 	 * ignore IE from connected access point but clearance of beacon hints
+ 	 * is required when wiphy(s) supports beacon hints.

package/kernel/mac80211/patches/ath/552-ahb_of.patch

@@ -16,7 +16,7 @@
  
  static const struct platform_device_id ath9k_platform_id_table[] = {
  	{
-@@ -69,6 +77,235 @@ static const struct ath_bus_ops ath_ahb_
+@@ -69,6 +77,242 @@ static const struct ath_bus_ops ath_ahb_
  	.eeprom_read = ath_ahb_eeprom_read,
  };
  
@@ -232,7 +232,14 @@
 +		pdata->external_reset = data->wmac_reset;
 +	}
 +
-+	if (data->bootstrap_reg && data->bootstrap_ref) {
++	if (data->dev_id == AR9300_DEVID_AR953X) {
++		/*
++		 * QCA953x only supports 25MHz refclk.
++		 * Some vendors have an invalid bootstrap option
++		 * set, which would break the WMAC here.
++		 */
++		pdata->is_clk_25mhz = true;
++	} else if (data->bootstrap_reg && data->bootstrap_ref) {
 +		u32 t = ath79_reset_rr(data->bootstrap_reg);
 +		if (t & data->bootstrap_ref)
 +			pdata->is_clk_25mhz = false;
@@ -252,7 +259,7 @@
  static int ath_ahb_probe(struct platform_device *pdev)
  {
  	void __iomem *mem;
-@@ -80,6 +317,17 @@ static int ath_ahb_probe(struct platform
+@@ -80,6 +324,17 @@ static int ath_ahb_probe(struct platform
  	int ret = 0;
  	struct ath_hw *ah;
  	char hw_name[64];
@@ -270,7 +277,7 @@
  
  	if (!dev_get_platdata(&pdev->dev)) {
  		dev_err(&pdev->dev, "no platform data specified\n");
-@@ -122,13 +370,16 @@ static int ath_ahb_probe(struct platform
+@@ -122,13 +377,16 @@ static int ath_ahb_probe(struct platform
  	sc->mem = mem;
  	sc->irq = irq;
  
@@ -288,7 +295,7 @@
  	if (ret) {
  		dev_err(&pdev->dev, "failed to initialize device\n");
  		goto err_irq;
-@@ -159,6 +410,9 @@ static int ath_ahb_remove(struct platfor
+@@ -159,6 +417,9 @@ static int ath_ahb_remove(struct platfor
  		free_irq(sc->irq, sc);
  		ieee80211_free_hw(sc->hw);
  	}
@@ -298,7 +305,7 @@
  
  	return 0;
  }
-@@ -168,6 +422,9 @@ static struct platform_driver ath_ahb_dr
+@@ -168,6 +429,9 @@ static struct platform_driver ath_ahb_dr
  	.remove     = ath_ahb_remove,
  	.driver		= {
  		.name	= "ath9k",

package/kernel/mac80211/patches/ath/921-ath10k_init_devices_synchronously.patch

@@ -14,7 +14,7 @@ Signed-off-by: Sven Eckelmann <sven@open-mesh.com>
 
 --- a/drivers/net/wireless/ath/ath10k/core.c
 +++ b/drivers/net/wireless/ath/ath10k/core.c
-@@ -2720,6 +2720,16 @@ int ath10k_core_register(struct ath10k *
+@@ -2735,6 +2735,16 @@ int ath10k_core_register(struct ath10k *
  	ar->chip_id = chip_id;
  	queue_work(ar->workqueue, &ar->register_work);
  

package/kernel/mac80211/patches/ath/930-ath10k_add_tpt_led_trigger.patch

@@ -1,6 +1,6 @@
 --- a/drivers/net/wireless/ath/ath10k/mac.c
 +++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -8286,6 +8286,21 @@ static int ath10k_mac_init_rd(struct ath
+@@ -8287,6 +8287,21 @@ static int ath10k_mac_init_rd(struct ath
  	return 0;
  }
  
@@ -22,7 +22,7 @@
  int ath10k_mac_register(struct ath10k *ar)
  {
  	static const u32 cipher_suites[] = {
-@@ -8575,6 +8590,12 @@ int ath10k_mac_register(struct ath10k *a
+@@ -8577,6 +8592,12 @@ int ath10k_mac_register(struct ath10k *a
  
  	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
  

package/kernel/mac80211/patches/ath/972-ath10k_fix-crash-due-to-wrong-handling-of-peer_bw_rxnss_override-parameter.patch

@@ -23,7 +23,7 @@ v9: use SM/MS macros from code.h to simplify shift/mask handling
  3 files changed, 52 insertions(+), 23 deletions(-)
 --- a/drivers/net/wireless/ath/ath10k/mac.c
 +++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -2473,7 +2473,7 @@ static void ath10k_peer_assoc_h_vht(stru
+@@ -2474,7 +2474,7 @@ static void ath10k_peer_assoc_h_vht(stru
  	const u16 *vht_mcs_mask;
  	u8 ampdu_factor;
  	u8 max_nss, vht_mcs;
@@ -32,7 +32,7 @@ v9: use SM/MS macros from code.h to simplify shift/mask handling
  
  	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
  		return;
-@@ -2533,23 +2533,45 @@ static void ath10k_peer_assoc_h_vht(stru
+@@ -2534,23 +2534,45 @@ static void ath10k_peer_assoc_h_vht(stru
  		__le16_to_cpu(vht_cap->vht_mcs.tx_highest);
  	arg->peer_vht_rates.tx_mcs_set = ath10k_peer_assoc_h_vht_limit(
  		__le16_to_cpu(vht_cap->vht_mcs.tx_mcs_map), vht_mcs_mask);
@@ -92,7 +92,7 @@ v9: use SM/MS macros from code.h to simplify shift/mask handling
  }
  
  static void ath10k_peer_assoc_h_qos(struct ath10k *ar,
-@@ -2701,9 +2723,9 @@ static int ath10k_peer_assoc_prepare(str
+@@ -2702,9 +2724,9 @@ static int ath10k_peer_assoc_prepare(str
  	ath10k_peer_assoc_h_crypto(ar, vif, sta, arg);
  	ath10k_peer_assoc_h_rates(ar, vif, sta, arg);
  	ath10k_peer_assoc_h_ht(ar, vif, sta, arg);
@@ -105,7 +105,7 @@ v9: use SM/MS macros from code.h to simplify shift/mask handling
  }
 --- a/drivers/net/wireless/ath/ath10k/wmi.c
 +++ b/drivers/net/wireless/ath/ath10k/wmi.c
-@@ -7357,12 +7357,7 @@ ath10k_wmi_peer_assoc_fill_10_4(struct a
+@@ -7365,12 +7365,7 @@ ath10k_wmi_peer_assoc_fill_10_4(struct a
  	struct wmi_10_4_peer_assoc_complete_cmd *cmd = buf;
  
  	ath10k_wmi_peer_assoc_fill_10_2(ar, buf, arg);

package/kernel/mac80211/patches/ath/973-ath10k_fix-band_center_freq-handling-for-VHT160-in-recent-firmwares.patch

@@ -13,7 +13,7 @@ v2: fix trailing whitespace issue and fix some typos within the commit note
  2 files changed, 8 insertions(+), 10 deletions(-)
 --- a/drivers/net/wireless/ath/ath10k/mac.c
 +++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -4477,13 +4477,6 @@ static struct ieee80211_sta_vht_cap ath1
+@@ -4478,13 +4478,6 @@ static struct ieee80211_sta_vht_cap ath1
  		vht_cap.cap |= val;
  	}
  

package/kernel/mac80211/patches/ath/974-ath10k_add-LED-and-GPIO-controlling-support-for-various-chipsets.patch

@@ -140,7 +140,7 @@ v13:
  		.patch_load_addr = QCA988X_HW_2_0_PATCH_LOAD_ADDR,
  		.uart_pin = 7,
  		.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_ALL,
-@@ -129,6 +131,7 @@ static const struct ath10k_hw_params ath
+@@ -131,6 +133,7 @@ static const struct ath10k_hw_params ath
  		.id = QCA9887_HW_1_0_VERSION,
  		.dev_id = QCA9887_1_0_DEVICE_ID,
  		.name = "qca9887 hw1.0",
@@ -148,7 +148,7 @@ v13:
  		.patch_load_addr = QCA9887_HW_1_0_PATCH_LOAD_ADDR,
  		.uart_pin = 7,
  		.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_ALL,
-@@ -293,6 +296,7 @@ static const struct ath10k_hw_params ath
+@@ -300,6 +303,7 @@ static const struct ath10k_hw_params ath
  		.id = QCA99X0_HW_2_0_DEV_VERSION,
  		.dev_id = QCA99X0_2_0_DEVICE_ID,
  		.name = "qca99x0 hw2.0",
@@ -156,7 +156,7 @@ v13:
  		.patch_load_addr = QCA99X0_HW_2_0_PATCH_LOAD_ADDR,
  		.uart_pin = 7,
  		.otp_exe_param = 0x00000700,
-@@ -331,6 +335,7 @@ static const struct ath10k_hw_params ath
+@@ -339,6 +343,7 @@ static const struct ath10k_hw_params ath
  		.id = QCA9984_HW_1_0_DEV_VERSION,
  		.dev_id = QCA9984_1_0_DEVICE_ID,
  		.name = "qca9984/qca9994 hw1.0",
@@ -164,7 +164,7 @@ v13:
  		.patch_load_addr = QCA9984_HW_1_0_PATCH_LOAD_ADDR,
  		.uart_pin = 7,
  		.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_EACH,
-@@ -374,6 +379,7 @@ static const struct ath10k_hw_params ath
+@@ -383,6 +388,7 @@ static const struct ath10k_hw_params ath
  		.id = QCA9888_HW_2_0_DEV_VERSION,
  		.dev_id = QCA9888_2_0_DEVICE_ID,
  		.name = "qca9888 hw2.0",
@@ -172,7 +172,7 @@ v13:
  		.patch_load_addr = QCA9888_HW_2_0_PATCH_LOAD_ADDR,
  		.uart_pin = 7,
  		.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_EACH,
-@@ -2441,6 +2447,10 @@ int ath10k_core_start(struct ath10k *ar,
+@@ -2456,6 +2462,10 @@ int ath10k_core_start(struct ath10k *ar,
  	if (status)
  		goto err_hif_stop;
  
@@ -183,7 +183,7 @@ v13:
  	return 0;
  
  err_hif_stop:
-@@ -2695,9 +2705,18 @@ static void ath10k_core_register_work(st
+@@ -2710,9 +2720,18 @@ static void ath10k_core_register_work(st
  		goto err_spectral_destroy;
  	}
  
@@ -202,7 +202,7 @@ v13:
  err_spectral_destroy:
  	ath10k_spectral_destroy(ar);
  err_debug_destroy:
-@@ -2741,6 +2760,8 @@ void ath10k_core_unregister(struct ath10
+@@ -2756,6 +2775,8 @@ void ath10k_core_unregister(struct ath10
  	if (!test_bit(ATH10K_FLAG_CORE_REGISTERED, &ar->dev_flags))
  		return;
  
@@ -405,7 +405,7 @@ v13:
 +#endif /* _LEDS_H_ */
 --- a/drivers/net/wireless/ath/ath10k/mac.c
 +++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -33,6 +33,7 @@
+@@ -34,6 +34,7 @@
  #include "wmi-tlv.h"
  #include "wmi-ops.h"
  #include "wow.h"
@@ -475,7 +475,7 @@ v13:
  static const struct wmi_peer_flags_map wmi_tlv_peer_flags_map = {
 --- a/drivers/net/wireless/ath/ath10k/wmi.c
 +++ b/drivers/net/wireless/ath/ath10k/wmi.c
-@@ -7177,6 +7177,49 @@ ath10k_wmi_op_gen_peer_set_param(struct
+@@ -7185,6 +7185,49 @@ ath10k_wmi_op_gen_peer_set_param(struct
  	return skb;
  }
  
@@ -525,7 +525,7 @@ v13:
  static struct sk_buff *
  ath10k_wmi_op_gen_set_psmode(struct ath10k *ar, u32 vdev_id,
  			     enum wmi_sta_ps_mode psmode)
-@@ -8788,6 +8831,9 @@ static const struct wmi_ops wmi_ops = {
+@@ -8796,6 +8839,9 @@ static const struct wmi_ops wmi_ops = {
  	.fw_stats_fill = ath10k_wmi_main_op_fw_stats_fill,
  	.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
  	.gen_echo = ath10k_wmi_op_gen_echo,
@@ -535,7 +535,7 @@ v13:
  	/* .gen_bcn_tmpl not implemented */
  	/* .gen_prb_tmpl not implemented */
  	/* .gen_p2p_go_bcn_ie not implemented */
-@@ -8858,6 +8904,8 @@ static const struct wmi_ops wmi_10_1_ops
+@@ -8866,6 +8912,8 @@ static const struct wmi_ops wmi_10_1_ops
  	.fw_stats_fill = ath10k_wmi_10x_op_fw_stats_fill,
  	.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
  	.gen_echo = ath10k_wmi_op_gen_echo,
@@ -544,7 +544,7 @@ v13:
  	/* .gen_bcn_tmpl not implemented */
  	/* .gen_prb_tmpl not implemented */
  	/* .gen_p2p_go_bcn_ie not implemented */
-@@ -8929,6 +8977,8 @@ static const struct wmi_ops wmi_10_2_ops
+@@ -8937,6 +8985,8 @@ static const struct wmi_ops wmi_10_2_ops
  	.gen_delba_send = ath10k_wmi_op_gen_delba_send,
  	.fw_stats_fill = ath10k_wmi_10x_op_fw_stats_fill,
  	.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
@@ -553,7 +553,7 @@ v13:
  	/* .gen_pdev_enable_adaptive_cca not implemented */
  };
  
-@@ -8999,6 +9049,8 @@ static const struct wmi_ops wmi_10_2_4_o
+@@ -9007,6 +9057,8 @@ static const struct wmi_ops wmi_10_2_4_o
  	.gen_pdev_enable_adaptive_cca =
  		ath10k_wmi_op_gen_pdev_enable_adaptive_cca,
  	.get_vdev_subtype = ath10k_wmi_10_2_4_op_get_vdev_subtype,
@@ -562,7 +562,7 @@ v13:
  	/* .gen_bcn_tmpl not implemented */
  	/* .gen_prb_tmpl not implemented */
  	/* .gen_p2p_go_bcn_ie not implemented */
-@@ -9078,6 +9130,8 @@ static const struct wmi_ops wmi_10_4_ops
+@@ -9086,6 +9138,8 @@ static const struct wmi_ops wmi_10_4_ops
  	.gen_pdev_bss_chan_info_req = ath10k_wmi_10_2_op_gen_pdev_bss_chan_info,
  	.gen_echo = ath10k_wmi_op_gen_echo,
  	.gen_pdev_get_tpc_config = ath10k_wmi_10_2_4_op_gen_pdev_get_tpc_config,

package/kernel/mac80211/patches/ath/975-ath10k-use-tpt-trigger-by-default.patch

@@ -42,7 +42,7 @@ Signed-off-by: Mathias Kresin <dev@kresin.me>
  	if (ret)
 --- a/drivers/net/wireless/ath/ath10k/mac.c
 +++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -8607,7 +8607,7 @@ int ath10k_mac_register(struct ath10k *a
+@@ -8609,7 +8609,7 @@ int ath10k_mac_register(struct ath10k *a
  	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
  
  #ifdef CPTCFG_MAC80211_LEDS

package/kernel/mac80211/patches/ath/976-ath10k-Limit-available-channels-via-DT-ieee80211-fre.patch

@@ -1,39 +0,0 @@
-From bbf0a8af2261bc7ae39b227ff6a1e9f45a008c27 Mon Sep 17 00:00:00 2001
-From: Sven Eckelmann <sven.eckelmann@openmesh.com>
-Date: Mon, 30 Jul 2018 17:31:41 +0200
-Subject: [PATCH] ath10k: Limit available channels via DT ieee80211-freq-limit
-
-Tri-band devices (1x 2.4GHz + 2x 5GHz) often incorporate special filters in
-the RX and TX path. These filtered channel can in theory still be used by
-the hardware but the signal strength is reduced so much that it makes no
-sense.
-
-There is already a DT property to limit the available channels but ath10k
-has to manually call this functionality to limit the currrently set wiphy
-channels further.
-
-Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
-
-Forwarded: https://patchwork.kernel.org/patch/10549245/
----
- drivers/net/wireless/ath/ath10k/mac.c | 2 ++
- 1 file changed, 2 insertions(+)
-
---- a/drivers/net/wireless/ath/ath10k/mac.c
-+++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -18,6 +18,7 @@
- 
- #include "mac.h"
- 
-+#include <net/cfg80211.h>
- #include <net/mac80211.h>
- #include <linux/etherdevice.h>
- #include <linux/acpi.h>
-@@ -8394,6 +8395,7 @@ int ath10k_mac_register(struct ath10k *a
- 		ar->hw->wiphy->bands[NL80211_BAND_5GHZ] = band;
- 	}
- 
-+	wiphy_read_of_freq_limits(ar->hw->wiphy);
- 	ath10k_mac_setup_ht_vht_cap(ar);
- 
- 	ar->hw->wiphy->interface_modes =

package/kernel/mac80211/patches/brcm/302-v4.20-0001-brcmfmac-fix-wrong-strnchr-usage.patch

@@ -1,38 +0,0 @@
-From cb18e2e9ec71d42409a51b83546686c609780dde Mon Sep 17 00:00:00 2001
-From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
-Date: Wed, 22 Aug 2018 15:22:15 +0200
-Subject: [PATCH] brcmfmac: fix wrong strnchr usage
-
-strnchr takes arguments in the order of its name: string, max bytes to
-read, character to search for. Here we're passing '\n' aka 10 as the
-buffer size, and searching for sizeof(buf) aka BRCMF_DCMD_SMLEN aka
-256 (aka '\0', since it's implicitly converted to char) within those 10
-bytes.
-
-Just interchanging the last two arguments would still leave a bug,
-because if we've been successful once, there are not sizeof(buf)
-characters left after the new value of p.
-
-Since clmver is immediately afterwards passed as a %s argument, I assume
-that it is actually a properly nul-terminated string. For that case, we
-have strreplace().
-
-Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
----
- drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
-@@ -296,9 +296,7 @@ int brcmf_c_preinit_dcmds(struct brcmf_i
- 		/* Replace all newline/linefeed characters with space
- 		 * character
- 		 */
--		ptr = clmver;
--		while ((ptr = strnchr(ptr, '\n', sizeof(buf))) != NULL)
--			*ptr = ' ';
-+		strreplace(clmver, '\n', ' ');
- 
- 		brcmf_dbg(INFO, "CLM version = %s\n", clmver);
- 	}

package/kernel/mac80211/patches/brcm/304-v4.20-0002-brcmfmac-increase-buffer-for-obtaining-firmware-capa.patch

@@ -1,28 +0,0 @@
-From: Arend van Spriel <arend.vanspriel@broadcom.com>
-Date: Wed, 5 Sep 2018 09:48:59 +0200
-Subject: [PATCH] brcmfmac: increase buffer for obtaining firmware capabilities
-
-When obtaining the firmware capability a buffer is provided of 512
-bytes. However, if all features in firmware are supported the buffer
-needs to be 565 bytes as otherwise truncated information is retrieved
-from firmware. Increasing the buffer to 768 bytes on stack.
-
-Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com>
-Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
-Reviewed-by: Franky Lin <franky.lin@broadcom.com>
-Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
----
- drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c
-+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c
-@@ -178,7 +178,7 @@ static void brcmf_feat_iovar_data_set(st
- 	ifp->fwil_fwerr = false;
- }
- 
--#define MAX_CAPS_BUFFER_SIZE	512
-+#define MAX_CAPS_BUFFER_SIZE	768
- static void brcmf_feat_firmware_capabilities(struct brcmf_if *ifp)
- {
- 	char caps[MAX_CAPS_BUFFER_SIZE];

package/kernel/mac80211/patches/brcm/396-brcmfmac-disable-PCIe-interrupts-before-bus-reset.patch

@@ -0,0 +1,54 @@
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
+Date: Mon, 18 Nov 2019 11:52:41 +0100
+Subject: [PATCH FIX] brcmfmac: disable PCIe interrupts before bus reset
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Keeping interrupts on could result in brcmfmac freeing some resources
+and then IRQ handlers trying to use them. That was obviously a straight
+path for crashing a kernel.
+
+Example:
+CPU0                           CPU1
+----                           ----
+brcmf_pcie_reset
+  brcmf_pcie_bus_console_read
+  brcmf_detach
+    ...
+    brcmf_fweh_detach
+    brcmf_proto_detach
+                               brcmf_pcie_isr_thread
+                                 ...
+                                 brcmf_proto_msgbuf_rx_trigger
+                                   ...
+                                   drvr->proto->pd
+    brcmf_pcie_release_irq
+
+[  363.789218] Unable to handle kernel NULL pointer dereference at virtual address 00000038
+[  363.797339] pgd = c0004000
+[  363.800050] [00000038] *pgd=00000000
+[  363.803635] Internal error: Oops: 17 [#1] SMP ARM
+(...)
+[  364.029209] Backtrace:
+[  364.031725] [<bf243838>] (brcmf_proto_msgbuf_rx_trigger [brcmfmac]) from [<bf2471dc>] (brcmf_pcie_isr_thread+0x228/0x274 [brcmfmac])
+[  364.043662]  r7:00000001 r6:c8ca0000 r5:00010000 r4:c7b4f800
+
+Fixes: 4684997d9eea ("brcmfmac: reset PCIe bus on a firmware crash")
+Cc: stable@vger.kernel.org # v5.2+
+Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
+@@ -1427,6 +1427,8 @@ static int brcmf_pcie_reset(struct devic
+ 	struct brcmf_fw_request *fwreq;
+ 	int err;
+ 
++	brcmf_pcie_intr_disable(devinfo);
++
+ 	brcmf_pcie_bus_console_read(devinfo, true);
+ 
+ 	brcmf_detach(dev);

package/kernel/mac80211/patches/brcm/397-brcmfmac-remove-monitor-interface-when-detaching.patch

@@ -0,0 +1,30 @@
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
+Date: Mon, 18 Nov 2019 13:35:20 +0100
+Subject: [PATCH 5.5] brcmfmac: remove monitor interface when detaching
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This fixes a minor WARNING in the cfg80211:
+[  130.658034] ------------[ cut here ]------------
+[  130.662805] WARNING: CPU: 1 PID: 610 at net/wireless/core.c:954 wiphy_unregister+0xb4/0x198 [cfg80211]
+
+Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
+@@ -1371,6 +1371,11 @@ void brcmf_detach(struct device *dev)
+ 	brcmf_fweh_detach(drvr);
+ 	brcmf_proto_detach(drvr);
+ 
++	if (drvr->mon_if) {
++		brcmf_net_detach(drvr->mon_if->ndev, false);
++		drvr->mon_if = NULL;
++	}
++
+ 	/* make sure primary interface removed last */
+ 	for (i = BRCMF_MAX_IFS - 1; i > -1; i--) {
+ 		if (drvr->iflist[i])

package/kernel/mac80211/patches/brcm/860-brcmfmac-register-wiphy-s-during-module_init.patch

@@ -13,7 +13,7 @@ Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
 
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-@@ -1472,6 +1472,7 @@ int __init brcmf_core_init(void)
+@@ -1477,6 +1477,7 @@ int __init brcmf_core_init(void)
  {
  	if (!schedule_work(&brcmf_driver_work))
  		return -EBUSY;

package/kernel/mac80211/patches/subsys/321-cfg80211-Add-airtime-statistics-and-settings.patch

@@ -148,7 +148,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	MAX_NL80211_EXT_FEATURES = NUM_NL80211_EXT_FEATURES - 1
 --- a/net/wireless/nl80211.c
 +++ b/net/wireless/nl80211.c
-@@ -462,6 +462,7 @@ static const struct nla_policy nl80211_p
+@@ -463,6 +463,7 @@ static const struct nla_policy nl80211_p
  	[NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
  	[NL80211_ATTR_HE_CAPABILITY] = { .type = NLA_BINARY,
  					 .len = NL80211_HE_MAX_CAPABILITY_LEN },
@@ -156,7 +156,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  };
  
  /* policy for the key attributes */
-@@ -4702,6 +4703,11 @@ static int nl80211_send_station(struct s
+@@ -4703,6 +4704,11 @@ static int nl80211_send_station(struct s
  	PUT_SINFO(PLID, plid, u16);
  	PUT_SINFO(PLINK_STATE, plink_state, u8);
  	PUT_SINFO_U64(RX_DURATION, rx_duration);
@@ -168,7 +168,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  
  	switch (rdev->wiphy.signal_type) {
  	case CFG80211_SIGNAL_TYPE_MBM:
-@@ -5338,6 +5344,15 @@ static int nl80211_set_station(struct sk
+@@ -5339,6 +5345,15 @@ static int nl80211_set_station(struct sk
  			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
  	}
  
@@ -184,7 +184,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  	/* Include parameters for TDLS peer (will check later) */
  	err = nl80211_set_station_tdls(info, &params);
  	if (err)
-@@ -5476,6 +5491,15 @@ static int nl80211_new_station(struct sk
+@@ -5477,6 +5492,15 @@ static int nl80211_new_station(struct sk
  			return -EINVAL;
  	}
  

package/kernel/mac80211/patches/subsys/354-mac80211-calculate-hash-for-fq-without-holding-fq-lo.patch

@@ -10,37 +10,53 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/include/net/fq_impl.h
 +++ b/include/net/fq_impl.h
-@@ -107,21 +107,23 @@ begin:
+@@ -107,29 +107,31 @@ begin:
  	return skb;
  }
  
+-static struct fq_flow *fq_flow_classify(struct fq *fq,
+-					struct fq_tin *tin,
+-					struct sk_buff *skb,
+-					fq_flow_get_default_t get_default_func)
 +static u32 fq_flow_idx(struct fq *fq, struct sk_buff *skb)
-+{
+ {
+-	struct fq_flow *flow;
+-	u32 hash;
+-	u32 idx;
+-
+-	lockdep_assert_held(&fq->lock);
+-
+ #if LINUX_VERSION_IS_GEQ(5,3,10) || \
+     LINUX_VERSION_IN_RANGE(4,19,83, 4,20,0) || \
+     LINUX_VERSION_IN_RANGE(4,14,153, 4,15,0) || \
+     LINUX_VERSION_IN_RANGE(4,9,200, 4,10,0) || \
+     LINUX_VERSION_IN_RANGE(4,4,200, 4,5,0)
+-	hash = skb_get_hash_perturb(skb, &fq->perturbation);
++	u32 hash = skb_get_hash_perturb(skb, &fq->perturbation);
+ #else
+-	hash = skb_get_hash_perturb(skb, fq->perturbation);
 +	u32 hash = skb_get_hash_perturb(skb, fq->perturbation);
-+
+ #endif
+-	idx = reciprocal_scale(hash, fq->flows_cnt);
+-	flow = &fq->flows[idx];
+ 
 +	return reciprocal_scale(hash, fq->flows_cnt);
 +}
 +
- static struct fq_flow *fq_flow_classify(struct fq *fq,
--					struct fq_tin *tin,
++static struct fq_flow *fq_flow_classify(struct fq *fq,
 +					struct fq_tin *tin, u32 idx,
- 					struct sk_buff *skb,
- 					fq_flow_get_default_t get_default_func)
- {
- 	struct fq_flow *flow;
--	u32 hash;
--	u32 idx;
- 
- 	lockdep_assert_held(&fq->lock);
- 
--	hash = skb_get_hash_perturb(skb, fq->perturbation);
--	idx = reciprocal_scale(hash, fq->flows_cnt);
- 	flow = &fq->flows[idx];
--
++					struct sk_buff *skb,
++					fq_flow_get_default_t get_default_func)
++{
++	struct fq_flow *flow;
++
++	lockdep_assert_held(&fq->lock);
++
++	flow = &fq->flows[idx];
  	if (flow->tin && flow->tin != tin) {
  		flow = get_default_func(fq, tin, idx, skb);
  		tin->collisions++;
-@@ -153,7 +155,7 @@ static void fq_recalc_backlog(struct fq
+@@ -161,7 +163,7 @@ static void fq_recalc_backlog(struct fq
  }
  
  static void fq_tin_enqueue(struct fq *fq,
@@ -49,7 +65,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  			   struct sk_buff *skb,
  			   fq_skb_free_t free_func,
  			   fq_flow_get_default_t get_default_func)
-@@ -163,7 +165,7 @@ static void fq_tin_enqueue(struct fq *fq
+@@ -171,7 +173,7 @@ static void fq_tin_enqueue(struct fq *fq
  
  	lockdep_assert_held(&fq->lock);
  

package/kernel/mac80211/patches/subsys/365-mac80211-IBSS-send-deauth-when-expiring-inactive-STA.patch

@@ -0,0 +1,128 @@
+From 4b08d1b6a994dbb593557bd2095ba4f0c3c47819 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Fri, 30 Aug 2019 14:24:51 +0300
+Subject: [PATCH] mac80211: IBSS: send deauth when expiring inactive STAs
+
+When we expire an inactive station, try to send it a deauth. This
+helps if it's actually still around, and just has issues with
+beacon distribution (or we do), and it will not also remove us.
+Then, if we have shared state, this may not be reset properly,
+causing problems; for example, we saw a case where aggregation
+sessions weren't removed properly (due to the TX start being
+offloaded to firmware and it relying on deauth for stop), causing
+a lot of traffic to get lost due to the SN reset after remove/add
+of the peer.
+
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
+Link: https://lore.kernel.org/r/20190830112451.21655-9-luca@coelho.fi
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+ net/mac80211/ibss.c        |  8 ++++++++
+ net/mac80211/ieee80211_i.h |  3 ++-
+ net/mac80211/mlme.c        | 11 ++++++-----
+ net/mac80211/util.c        |  5 +++--
+ 4 files changed, 19 insertions(+), 8 deletions(-)
+
+--- a/net/mac80211/ibss.c
++++ b/net/mac80211/ibss.c
+@@ -1253,6 +1253,7 @@ void ieee80211_ibss_rx_no_sta(struct iee
+ 
+ static void ieee80211_ibss_sta_expire(struct ieee80211_sub_if_data *sdata)
+ {
++	struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
+ 	struct ieee80211_local *local = sdata->local;
+ 	struct sta_info *sta, *tmp;
+ 	unsigned long exp_time = IEEE80211_IBSS_INACTIVITY_LIMIT;
+@@ -1269,10 +1270,17 @@ static void ieee80211_ibss_sta_expire(st
+ 		if (time_is_before_jiffies(last_active + exp_time) ||
+ 		    (time_is_before_jiffies(last_active + exp_rsn) &&
+ 		     sta->sta_state != IEEE80211_STA_AUTHORIZED)) {
++			u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
++
+ 			sta_dbg(sta->sdata, "expiring inactive %sSTA %pM\n",
+ 				sta->sta_state != IEEE80211_STA_AUTHORIZED ?
+ 				"not authorized " : "", sta->sta.addr);
+ 
++			ieee80211_send_deauth_disassoc(sdata, sta->sta.addr,
++						       ifibss->bssid,
++						       IEEE80211_STYPE_DEAUTH,
++						       WLAN_REASON_DEAUTH_LEAVING,
++						       true, frame_buf);
+ 			WARN_ON(__sta_info_destroy(sta));
+ 		}
+ 	}
+--- a/net/mac80211/ieee80211_i.h
++++ b/net/mac80211/ieee80211_i.h
+@@ -2070,7 +2070,8 @@ void ieee80211_send_auth(struct ieee8021
+ 			 const u8 *da, const u8 *key, u8 key_len, u8 key_idx,
+ 			 u32 tx_flags);
+ void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata,
+-				    const u8 *bssid, u16 stype, u16 reason,
++				    const u8 *da, const u8 *bssid,
++				    u16 stype, u16 reason,
+ 				    bool send_frame, u8 *frame_buf);
+ 
+ enum {
+--- a/net/mac80211/mlme.c
++++ b/net/mac80211/mlme.c
+@@ -2203,8 +2203,9 @@ static void ieee80211_set_disassoc(struc
+ 		    !ifmgd->have_beacon)
+ 			drv_mgd_prepare_tx(sdata->local, sdata, 0);
+ 
+-		ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype,
+-					       reason, tx, frame_buf);
++		ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid,
++					       ifmgd->bssid, stype, reason,
++					       tx, frame_buf);
+ 	}
+ 
+ 	/* flush out frame - make sure the deauth was actually sent */
+@@ -4369,7 +4370,7 @@ void ieee80211_mgd_quiesce(struct ieee80
+ 		 * cfg80211 won't know and won't actually abort those attempts,
+ 		 * thus we need to do that ourselves.
+ 		 */
+-		ieee80211_send_deauth_disassoc(sdata, bssid,
++		ieee80211_send_deauth_disassoc(sdata, bssid, bssid,
+ 					       IEEE80211_STYPE_DEAUTH,
+ 					       WLAN_REASON_DEAUTH_LEAVING,
+ 					       false, frame_buf);
+@@ -5349,7 +5350,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+ 			   ieee80211_get_reason_code_string(req->reason_code));
+ 
+ 		drv_mgd_prepare_tx(sdata->local, sdata, 0);
+-		ieee80211_send_deauth_disassoc(sdata, req->bssid,
++		ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
+ 					       IEEE80211_STYPE_DEAUTH,
+ 					       req->reason_code, tx,
+ 					       frame_buf);
+@@ -5369,7 +5370,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+ 			   ieee80211_get_reason_code_string(req->reason_code));
+ 
+ 		drv_mgd_prepare_tx(sdata->local, sdata, 0);
+-		ieee80211_send_deauth_disassoc(sdata, req->bssid,
++		ieee80211_send_deauth_disassoc(sdata, req->bssid, req->bssid,
+ 					       IEEE80211_STYPE_DEAUTH,
+ 					       req->reason_code, tx,
+ 					       frame_buf);
+--- a/net/mac80211/util.c
++++ b/net/mac80211/util.c
+@@ -1427,7 +1427,8 @@ void ieee80211_send_auth(struct ieee8021
+ }
+ 
+ void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata,
+-				    const u8 *bssid, u16 stype, u16 reason,
++				    const u8 *da, const u8 *bssid,
++				    u16 stype, u16 reason,
+ 				    bool send_frame, u8 *frame_buf)
+ {
+ 	struct ieee80211_local *local = sdata->local;
+@@ -1438,7 +1439,7 @@ void ieee80211_send_deauth_disassoc(stru
+ 	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | stype);
+ 	mgmt->duration = 0; /* initialize only */
+ 	mgmt->seq_ctrl = 0; /* initialize only */
+-	memcpy(mgmt->da, bssid, ETH_ALEN);
++	memcpy(mgmt->da, da, ETH_ALEN);
+ 	memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
+ 	memcpy(mgmt->bssid, bssid, ETH_ALEN);
+ 	/* u.deauth.reason_code == u.disassoc.reason_code */

package/kernel/mac80211/patches/subsys/366-mac80211-accept-deauth-frames-in-IBSS-mode.patch

@@ -0,0 +1,39 @@
+From 95697f9907bfe3eab0ef20265a766b22e27dde64 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Fri, 4 Oct 2019 15:37:05 +0300
+Subject: [PATCH] mac80211: accept deauth frames in IBSS mode
+
+We can process deauth frames and all, but we drop them very
+early in the RX path today - this could never have worked.
+
+Fixes: 2cc59e784b54 ("mac80211: reply to AUTH with DEAUTH if sta allocation fails in IBSS")
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
+Link: https://lore.kernel.org/r/20191004123706.15768-2-luca@coelho.fi
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+ net/mac80211/rx.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -3407,9 +3407,18 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_
+ 	case cpu_to_le16(IEEE80211_STYPE_PROBE_RESP):
+ 		/* process for all: mesh, mlme, ibss */
+ 		break;
++	case cpu_to_le16(IEEE80211_STYPE_DEAUTH):
++		if (is_multicast_ether_addr(mgmt->da) &&
++		    !is_broadcast_ether_addr(mgmt->da))
++			return RX_DROP_MONITOR;
++
++		/* process only for station/IBSS */
++		if (sdata->vif.type != NL80211_IFTYPE_STATION &&
++		    sdata->vif.type != NL80211_IFTYPE_ADHOC)
++			return RX_DROP_MONITOR;
++		break;
+ 	case cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP):
+ 	case cpu_to_le16(IEEE80211_STYPE_REASSOC_RESP):
+-	case cpu_to_le16(IEEE80211_STYPE_DEAUTH):
+ 	case cpu_to_le16(IEEE80211_STYPE_DISASSOC):
+ 		if (is_multicast_ether_addr(mgmt->da) &&
+ 		    !is_broadcast_ether_addr(mgmt->da))

package/kernel/mac80211/patches/subsys/367-mac80211-sta-randomize-BA-session-dialog-token-alloc.patch

@@ -0,0 +1,38 @@
+From b478e06a16a8baa00c5ecc87c1d636981f2206d5 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Tue, 29 Oct 2019 10:25:25 +0100
+Subject: [PATCH] mac80211: sta: randomize BA session dialog token allocator
+
+We currently always start the dialog token generator at zero,
+so the first dialog token we use is always 1. This would be
+OK if we had a perfect guarantee that we always do a proper
+deauth/re-auth handshake, but in IBSS mode this doesn't always
+happen properly.
+
+To make problems with block ack (aggregation) sessions getting
+stuck less likely, randomize the dialog token so if we start a
+new session but the peer still has old state for us, it can
+better detect this.
+
+This is really just a workaround to make things a bit more
+robust than they are now - a better fix would be to do a full
+authentication handshake in IBSS mode upon having discovered a
+new station, and on the receiver resetting the state (removing
+and re-adding the station) on receiving the authentication
+packet.
+
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+ net/mac80211/sta_info.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/mac80211/sta_info.c
++++ b/net/mac80211/sta_info.c
+@@ -322,6 +322,7 @@ struct sta_info *sta_info_alloc(struct i
+ 	INIT_WORK(&sta->drv_deliver_wk, sta_deliver_ps_frames);
+ 	INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
+ 	mutex_init(&sta->ampdu_mlme.mtx);
++	sta->ampdu_mlme.dialog_token_allocator = prandom_u32_max(U8_MAX);
+ #ifdef CPTCFG_MAC80211_MESH
+ 	if (ieee80211_vif_is_mesh(&sdata->vif)) {
+ 		sta->mesh = kzalloc(sizeof(*sta->mesh), gfp);

package/kernel/mac80211/patches/subsys/522-mac80211_configure_antenna_gain.patch

@@ -129,7 +129,7 @@
  	local->user_power_level = IEEE80211_UNSET_POWER_LEVEL;
 --- a/net/wireless/nl80211.c
 +++ b/net/wireless/nl80211.c
-@@ -463,6 +463,7 @@ static const struct nla_policy nl80211_p
+@@ -464,6 +464,7 @@ static const struct nla_policy nl80211_p
  	[NL80211_ATTR_HE_CAPABILITY] = { .type = NLA_BINARY,
  					 .len = NL80211_HE_MAX_CAPABILITY_LEN },
  	[NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
@@ -137,7 +137,7 @@
  };
  
  /* policy for the key attributes */
-@@ -2622,6 +2623,20 @@ static int nl80211_set_wiphy(struct sk_b
+@@ -2623,6 +2624,20 @@ static int nl80211_set_wiphy(struct sk_b
  		if (result)
  			return result;
  	}

package/libs/ustream-ssl/Makefile

@@ -5,9 +5,9 @@ PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/ustream-ssl.git
-PKG_SOURCE_DATE:=2019-08-17
-PKG_SOURCE_VERSION:=e8f9c22d02fccde1d992f324280fb9966d3b4be6
-PKG_MIRROR_HASH:=b735fc259337c0ea3cc93fc05ad9151b841a8f85a4168f37b1d20979415d5a19
+PKG_SOURCE_DATE:=2019-11-05
+PKG_SOURCE_VERSION:=c9b6668215a27f2346d5eedd6f29cc720985b448
+PKG_MIRROR_HASH:=28b53b7e27b68d62c8fbbc57660d915bdcb6a464157c1930f16ed67e151398e9
 CMAKE_INSTALL:=1
 
 PKG_LICENSE:=ISC
@@ -49,8 +49,8 @@ define Package/libustream-mbedtls
 endef
 
 ifeq ($(BUILD_VARIANT),wolfssl)
-  TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include/cyassl -DHAVE_SNI
-  CMAKE_OPTIONS += -DCYASSL=on
+  TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include/wolfssl
+  CMAKE_OPTIONS += -DWOLFSSL=on
 endif
 ifeq ($(BUILD_VARIANT),mbedtls)
   CMAKE_OPTIONS += -DMBEDTLS=on

package/libs/ustream-ssl/patches/0001-ustream-ssl-skip-writing-pending-data.patch

@@ -1,56 +0,0 @@
-From c9b6668215a27f2346d5eedd6f29cc720985b448 Mon Sep 17 00:00:00 2001
-From: Jo-Philipp Wich <jo@mein.io>
-Date: Wed, 11 Sep 2019 21:09:59 +0200
-Subject: [PATCH] ustream-ssl: skip writing pending data if .eof is true after
- connect
-
-Check the .eof member of the underlying ustream after the call to
-__ustream_ssl_connect() since existing users of the library appear
-to set the eof flag as a way to signal connection termination upon
-failing certificate verification.
-
-This is a stop-gap measure to address TALOS-2019-0893 but a proper
-API redesign is required to give applications proper control over
-whether certificate failures are to be ignored or not and the default
-implementation without custom callbacks should always terminate on
-verification failures.
-
-Signed-off-by: Jo-Philipp Wich <jo@mein.io>
----
- ustream-ssl.c | 20 ++++++++++++++++++++
- 1 file changed, 20 insertions(+)
-
-diff --git a/ustream-ssl.c b/ustream-ssl.c
-index e6b084b..47f66d6 100644
---- a/ustream-ssl.c
-+++ b/ustream-ssl.c
-@@ -40,6 +40,26 @@ static void ustream_ssl_check_conn(struct ustream_ssl *us)
- 		return;
- 
- 	if (__ustream_ssl_connect(us) == U_SSL_OK) {
-+
-+		/* __ustream_ssl_connect() will also return U_SSL_OK when certificate
-+		 * verification failed!
-+		 *
-+		 * Applications may register a custom .notify_verify_error callback in the
-+		 * struct ustream_ssl which is called upon verification failures, but there
-+		 * is no straight forward way for the callback to terminate the connection
-+		 * initiation right away, e.g. through a true or false return value.
-+		 *
-+		 * Instead, existing implementations appear to set .eof field of the underlying
-+		 * ustream in the hope that this inhibits further operations on the stream.
-+		 *
-+		 * Declare this informal behaviour "official" and check for the state of the
-+		 * .eof member after __ustream_ssl_connect() returned, and do not write the
-+		 * pending data if it is set to true.
-+		 */
-+
-+		if (us->stream.eof)
-+			return;
-+
- 		us->connected = true;
- 		if (us->notify_connected)
- 			us->notify_connected(us);
--- 
-2.20.1
-

package/libs/wolfssl/Config.in

@@ -50,28 +50,27 @@ config WOLFSSL_HAS_ECC25519
 config WOLFSSL_HAS_DEVCRYPTO
 	bool
 
-if WOLFSSL_HAS_AES_CCM
-	comment "! Hardware Acceleration does not build with AES-CCM enabled"
-endif
-if !WOLFSSL_HAS_AES_CCM
-	choice
-		prompt "Hardware Acceleration"
-		default WOLFSSL_HAS_NO_HW
+choice
+	prompt "Hardware Acceleration"
+	default WOLFSSL_HAS_NO_HW
 
-		config WOLFSSL_HAS_NO_HW
-			bool "None"
+	config WOLFSSL_HAS_NO_HW
+		bool "None"
 
-		config WOLFSSL_HAS_AFALG
-			bool "AF_ALG"
+	config WOLFSSL_HAS_AFALG
+		bool "AF_ALG"
 
-		config WOLFSSL_HAS_DEVCRYPTO_AES
-			bool "/dev/crypto - AES-only"
-			select WOLFSSL_HAS_DEVCRYPTO
+	config WOLFSSL_HAS_DEVCRYPTO_CBC
+		bool "/dev/crytpo - AES-CBC-only"
+		select WOLFSSL_HAS_DEVCRYPTO
 
-		config WOLFSSL_HAS_DEVCRYPTO_FULL
-			bool "/dev/crypto - full"
-			select WOLFSSL_HAS_DEVCRYPTO
-	endchoice
-endif
+	config WOLFSSL_HAS_DEVCRYPTO_AES
+		bool "/dev/crypto - AES-only (all supported modes)"
+		select WOLFSSL_HAS_DEVCRYPTO
+
+	config WOLFSSL_HAS_DEVCRYPTO_FULL
+		bool "/dev/crypto - full"
+		select WOLFSSL_HAS_DEVCRYPTO
+endchoice
 
 endif

package/libs/wolfssl/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
-PKG_VERSION:=4.1.0-stable
+PKG_VERSION:=4.2.0-stable
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=f0d630c3ddfeb692b8ae38cc739f47d5e9f0fb708662aa241ede0c42a5eb3dd8
+PKG_HASH:=3562af485c26cd7abe94d9404fbfc0c5c9bceb4aab29b81ebf5e6c2467507e12
 
 PKG_FIXUP:=libtool
 PKG_INSTALL:=1
@@ -44,7 +44,7 @@ define Package/libwolfssl
   MENU:=1
   PROVIDES:=libcyassl
   DEPENDS:=+WOLFSSL_HAS_DEVCRYPTO:kmod-cryptodev +WOLFSSL_HAS_AFALG:kmod-crypto-user
-  ABI_VERSION:=19
+  ABI_VERSION:=23
 endef
 
 define Package/libwolfssl/description
@@ -77,7 +77,9 @@ CONFIGURE_ARGS += \
 	--$(if $(CONFIG_WOLFSSL_HAS_DTLS),enable,disable)-dtls \
 	--$(if $(CONFIG_WOLFSSL_HAS_ECC25519),enable,disable)-curve25519 \
 	--$(if $(CONFIG_WOLFSSL_HAS_AFALG),enable,disable)-afalg \
-	--enable-devcrypto=$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES),aes,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL),yes,no))
+	--enable-devcrypto=$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC),cbc\
+			  ,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES),aes\
+			  ,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL),yes,no)))
 
 ifeq ($(CONFIG_WOLFSSL_HAS_OCSP),y)
 CONFIGURE_ARGS += \

package/network/config/firewall/Makefile

@@ -13,9 +13,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall3.git
-PKG_SOURCE_DATE:=2019-09-18
-PKG_SOURCE_VERSION:=383eb58f1750b3b96a82558b5dcb806a8a2528bc
-PKG_MIRROR_HASH:=eb589a8b8f0c24920221ca79367940ce735548539b9ae685477138be6c5eed89
+PKG_SOURCE_DATE:=2019-11-22
+PKG_SOURCE_VERSION:=8174814a507489ebbe8bb85c1004e1f02919ca82
+PKG_MIRROR_HASH:=84e0cca2d47470bdb1788a8ae044cc425be8ff650a1137474ba43a15040085da
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=ISC
 

package/network/config/swconfig/Makefile

@@ -23,6 +23,9 @@ define Package/swconfig
   TITLE:=Switch configuration utility
 endef
 
+TARGET_CFLAGS += -flto
+TARGET_LDFLAGS += -flto=jobserver
+
 TARGET_CPPFLAGS := \
 	-D_GNU_SOURCE \
 	-I$(STAGING_DIR)/usr/include/libnl-tiny \

package/network/services/hostapd/Config.in

@@ -51,14 +51,10 @@ config WPA_WOLFSSL
 	        PACKAGE_wpad-wolfssl ||\
 	        PACKAGE_wpad-mesh-wolfssl ||\
 	        PACKAGE_eapol-test-wolfssl
-	select PACKAGE_libwolfssl
 	select WOLFSSL_HAS_AES_CCM
 	select WOLFSSL_HAS_ARC4
-	select WOLFSSL_HAS_DES3
 	select WOLFSSL_HAS_DH
-	select WOLFSSL_HAS_ECC
 	select WOLFSSL_HAS_OCSP
-	select WOLFSSL_HAS_PSK
 	select WOLFSSL_HAS_SESSION_TICKET
 	select WOLFSSL_HAS_WPAS
 

package/network/services/hostapd/Makefile

@@ -7,13 +7,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
-PKG_RELEASE:=9
+PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2018-12-02
-PKG_SOURCE_VERSION:=c2c6c01bb8b6fafc2074b46a53c4eab2c145ac6f
-PKG_MIRROR_HASH:=d381123fe42059b553d96122a03c35e7d1709153c3aaf10fa4e74fe59be243dd
+PKG_SOURCE_DATE:=2019-08-08
+PKG_SOURCE_VERSION:=ca8c2bd28ad53f431d6ee60ef754e98cfdb4c17b
+PKG_MIRROR_HASH:=9d9f1c60afa5324ee17219bd3ec61c1a6fa4043b4187da9bb44e59025d3ed31d
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_LICENSE:=BSD-3-Clause
@@ -95,11 +95,11 @@ endif
 
 ifeq ($(LOCAL_VARIANT),full)
   ifeq ($(SSL_VARIANT),openssl)
-    DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y CONFIG_OWE=y CONFIG_SUITEB192=y
+    DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y
     TARGET_LDFLAGS += -lcrypto -lssl
   endif
   ifeq ($(SSL_VARIANT),wolfssl)
-    DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y CONFIG_OWE=y CONFIG_SUITEB192=y
+    DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_WPS_NFC=1 CONFIG_SAE=y CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y
     TARGET_LDFLAGS += -lwolfssl
   endif
 endif

package/network/services/hostapd/files/hostapd-basic.config

@@ -50,13 +50,12 @@ CONFIG_DRIVER_NL80211=y
 # WPA2/IEEE 802.11i RSN pre-authentication
 CONFIG_RSN_PREAUTH=y
 
-# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
-CONFIG_PEERKEY=y
-
 # IEEE 802.11w (management frame protection)
-# Driver support is also needed for IEEE 802.11w.
 #CONFIG_IEEE80211W=y
 
+# Support Operating Channel Validation
+#CONFIG_OCV=y
+
 # Integrated EAP server
 #CONFIG_EAP=y
 
@@ -109,11 +108,18 @@ CONFIG_PEERKEY=y
 #CONFIG_EAP_GPSK_SHA256=y
 
 # EAP-FAST for the integrated EAP server
-# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
-# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
-# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
 #CONFIG_EAP_FAST=y
 
+# EAP-TEAP for the integrated EAP server
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
 # Wi-Fi Protected Setup (WPS)
 #CONFIG_WPS=y
 # Enable UPnP support for external WPS Registrars
@@ -253,6 +259,11 @@ CONFIG_NO_DUMP_STATE=y
 # requirements described above.
 CONFIG_NO_RANDOM_POOL=y
 
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+CONFIG_GETRANDOM=y
+
 # Should we use poll instead of select? Select is used by default.
 #CONFIG_ELOOP_POLL=y
 
@@ -360,8 +371,6 @@ CONFIG_TLS=internal
 #CONFIG_TAXONOMY=y
 
 # Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-# Note: This is an experimental and not yet complete implementation. This
-# should not be enabled for production use.
 #CONFIG_FILS=y
 # FILS shared key authentication with PFS
 #CONFIG_FILS_SK_PFS=y
@@ -374,6 +383,13 @@ CONFIG_TLS=internal
 # Experimental implementation of draft-harkins-owe-07.txt
 #CONFIG_OWE=y
 
+# Airtime policy support
+#CONFIG_AIRTIME_POLICY=y
+
+# Override default value for the wpa_disable_eapol_key_retries configuration
+# parameter. See that parameter in hostapd.conf for more details.
+#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
+
 # uBus IPC/RPC System
 # Services can connect to the bus and provide methods
 # that can be called by other services or clients.

package/network/services/hostapd/files/hostapd-full.config

@@ -53,6 +53,9 @@ CONFIG_RSN_PREAUTH=y
 # IEEE 802.11w (management frame protection)
 #CONFIG_IEEE80211W=y
 
+# Support Operating Channel Validation
+#CONFIG_OCV=y
+
 # Integrated EAP server
 CONFIG_EAP=y
 
@@ -105,11 +108,18 @@ CONFIG_EAP_TTLS=y
 #CONFIG_EAP_GPSK_SHA256=y
 
 # EAP-FAST for the integrated EAP server
-# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
-# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
-# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
 CONFIG_EAP_FAST=y
 
+# EAP-TEAP for the integrated EAP server
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
 # Wi-Fi Protected Setup (WPS)
 CONFIG_WPS=y
 # Enable UPnP support for external WPS Registrars
@@ -249,6 +259,11 @@ CONFIG_NO_DUMP_STATE=y
 # requirements described above.
 CONFIG_NO_RANDOM_POOL=y
 
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+CONFIG_GETRANDOM=y
+
 # Should we use poll instead of select? Select is used by default.
 #CONFIG_ELOOP_POLL=y
 
@@ -356,8 +371,6 @@ CONFIG_INTERNAL_LIBTOMMATH=y
 CONFIG_TAXONOMY=y
 
 # Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-# Note: This is an experimental and not yet complete implementation. This
-# should not be enabled for production use.
 #CONFIG_FILS=y
 # FILS shared key authentication with PFS
 #CONFIG_FILS_SK_PFS=y
@@ -370,6 +383,9 @@ CONFIG_TAXONOMY=y
 # Experimental implementation of draft-harkins-owe-07.txt
 #CONFIG_OWE=y
 
+# Airtime policy support
+#CONFIG_AIRTIME_POLICY=y
+
 # Override default value for the wpa_disable_eapol_key_retries configuration
 # parameter. See that parameter in hostapd.conf for more details.
 #CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1

package/network/services/hostapd/files/hostapd-mini.config

@@ -53,6 +53,9 @@ CONFIG_RSN_PREAUTH=y
 # IEEE 802.11w (management frame protection)
 #CONFIG_IEEE80211W=y
 
+# Support Operating Channel Validation
+#CONFIG_OCV=y
+
 # Integrated EAP server
 #CONFIG_EAP=y
 
@@ -105,11 +108,18 @@ CONFIG_RSN_PREAUTH=y
 #CONFIG_EAP_GPSK_SHA256=y
 
 # EAP-FAST for the integrated EAP server
-# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
-# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
-# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
 #CONFIG_EAP_FAST=y
 
+# EAP-TEAP for the integrated EAP server
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
 # Wi-Fi Protected Setup (WPS)
 #CONFIG_WPS=y
 # Enable UPnP support for external WPS Registrars
@@ -249,6 +259,11 @@ CONFIG_NO_DUMP_STATE=y
 # requirements described above.
 CONFIG_NO_RANDOM_POOL=y
 
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+CONFIG_GETRANDOM=y
+
 # Should we use poll instead of select? Select is used by default.
 #CONFIG_ELOOP_POLL=y
 
@@ -356,8 +371,6 @@ CONFIG_TLS=internal
 #CONFIG_TAXONOMY=y
 
 # Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-# Note: This is an experimental and not yet complete implementation. This
-# should not be enabled for production use.
 #CONFIG_FILS=y
 # FILS shared key authentication with PFS
 #CONFIG_FILS_SK_PFS=y
@@ -370,6 +383,9 @@ CONFIG_TLS=internal
 # Experimental implementation of draft-harkins-owe-07.txt
 #CONFIG_OWE=y
 
+# Airtime policy support
+#CONFIG_AIRTIME_POLICY=y
+
 # Override default value for the wpa_disable_eapol_key_retries configuration
 # parameter. See that parameter in hostapd.conf for more details.
 #CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1

package/network/services/hostapd/files/hostapd.sh

@@ -223,6 +223,8 @@ hostapd_common_add_bss_config() {
 	config_add_int time_advertisement
 	config_add_string time_zone
 
+	config_add_boolean ieee80211k rrm_neighbor_report rrm_beacon_report
+
 	config_add_boolean ieee80211r pmk_r1_push ft_psk_generate_local ft_over_ds
 	config_add_int r0_key_lifetime reassociation_deadline
 	config_add_string mobility_domain r1_key_holder
@@ -489,6 +491,17 @@ hostapd_set_bss_options() {
 		append bss_conf "bss_transition=$bss_transition" "$N"
 	fi
 
+	json_get_vars ieee80211k
+	set_default ieee80211k 0
+	if [ "$ieee80211k" -eq "1" ]; then
+		json_get_vars rrm_neighbor_report rrm_beacon_report
+
+		set_default rrm_neighbor_report 1
+		set_default rrm_beacon_report 1
+		append bss_conf "rrm_neighbor_report=$rrm_neighbor_report" "$N"
+		append bss_conf "rrm_beacon_report=$rrm_beacon_report" "$N"
+	fi
+
 	if [ "$wpa" -ge "1" ]; then
 		json_get_vars ieee80211r
 		set_default ieee80211r 0
@@ -754,6 +767,15 @@ wpa_supplicant_add_network() {
 		ieee80211w ieee80211r \
 		multi_ap
 
+	case "$auth_type" in
+		sae|owe|eap192|eap-eap192)
+			set_default ieee80211w 2
+		;;
+		psk-sae)
+			set_default ieee80211w 1
+		;;
+	esac
+
 	set_default ieee80211r 0
 	set_default multi_ap 0
 
@@ -795,6 +817,7 @@ wpa_supplicant_add_network() {
 		none) ;;
 		owe)
 			hostapd_append_wpa_key_mgmt
+			key_mgmt="$wpa_key_mgmt"
 		;;
 		wep)
 			local wep_keyidx=0

package/network/services/hostapd/files/wpa_supplicant-basic.config

@@ -73,6 +73,12 @@ CONFIG_DRIVER_NL80211=y
 # Driver interface for wired Ethernet drivers
 CONFIG_DRIVER_WIRED=y
 
+# Driver interface for MACsec capable Qualcomm Atheros drivers
+#CONFIG_DRIVER_MACSEC_QCA=y
+
+# Driver interface for Linux MACsec drivers
+#CONFIG_DRIVER_MACSEC_LINUX=y
+
 # Driver interface for the Broadcom RoboSwitch family
 #CONFIG_DRIVER_ROBOSWITCH=y
 
@@ -83,8 +89,8 @@ CONFIG_DRIVER_WIRED=y
 #LIBS += -lsocket -ldlpi -lnsl
 #LIBS_c += -lsocket
 
-# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is
-# included)
+# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
+# MACsec is included)
 #CONFIG_IEEE8021X_EAPOL=y
 
 # EAP-MD5
@@ -103,11 +109,18 @@ CONFIG_DRIVER_WIRED=y
 #CONFIG_EAP_TTLS=y
 
 # EAP-FAST
-# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
-# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
-# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
 #CONFIG_EAP_FAST=y
 
+# EAP-TEAP
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
 # EAP-GTC
 #CONFIG_EAP_GTC=y
 
@@ -117,6 +130,9 @@ CONFIG_DRIVER_WIRED=y
 # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
 #CONFIG_EAP_SIM=y
 
+# Enable SIM simulator (Milenage) for EAP-SIM
+#CONFIG_SIM_SIMULATOR=y
+
 # EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
 #CONFIG_EAP_PSK=y
 
@@ -166,6 +182,9 @@ CONFIG_DRIVER_WIRED=y
 # EAP-EKE
 #CONFIG_EAP_EKE=y
 
+# MACsec
+#CONFIG_MACSEC=y
+
 # PKCS#12 (PFX) support (used to read private key and certificate file from
 # a file that usually has extension .p12 or .pfx)
 #CONFIG_PKCS12=y
@@ -226,6 +245,9 @@ CONFIG_CTRL_IFACE=y
 # wpa_passphrase). This saves about 0.5 kB in code size.
 #CONFIG_NO_WPA_PASSPHRASE=y
 
+# Simultaneous Authentication of Equals (SAE), WPA3-Personal
+#CONFIG_SAE=y
+
 # Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
 # This can be used if ap_scan=1 mode is never enabled.
 #CONFIG_NO_SCAN_PROCESSING=y
@@ -286,15 +308,15 @@ CONFIG_BACKEND=file
 # in a bridge for EAPOL frames. This should be uncommented only if the kernel
 # is known to not have the regression issue in packet socket behavior with
 # bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
-#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
-
-# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
-#CONFIG_PEERKEY=y
+CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
 
 # IEEE 802.11w (management frame protection), also known as PMF
 # Driver support is also needed for IEEE 802.11w.
 #CONFIG_IEEE80211W=y
 
+# Support Operating Channel Validation
+#CONFIG_OCV=y
+
 # Select TLS implementation
 # openssl = OpenSSL (default)
 # gnutls = GnuTLS
@@ -343,10 +365,6 @@ CONFIG_TLS=internal
 #CONFIG_NDIS_EVENTS_INTEGRATED=y
 #PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
 
-# Add support for old DBus control interface
-# (fi.epitest.hostap.WPASupplicant)
-#CONFIG_CTRL_IFACE_DBUS=y
-
 # Add support for new DBus control interface
 # (fi.w1.hostap.wpa_supplicant1)
 #CONFIG_CTRL_IFACE_DBUS_NEW=y
@@ -378,10 +396,6 @@ CONFIG_TLS=internal
 # IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
 CONFIG_IEEE80211R=y
 
-# IEEE Std 802.11r-2008 (Fast BSS Transition) for AP mode (implies
-# CONFIG_IEEE80211R).
-#CONFIG_IEEE80211R_AP=y
-
 # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
 #CONFIG_DEBUG_FILE=y
 
@@ -456,6 +470,11 @@ CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
 # that meet the requirements described above.
 CONFIG_NO_RANDOM_POOL=y
 
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+CONFIG_GETRANDOM=y
+
 # IEEE 802.11n (High Throughput) support (mainly for AP mode)
 #CONFIG_IEEE80211N=y
 
@@ -497,8 +516,8 @@ CONFIG_NO_RANDOM_POOL=y
 # Enable TDLS support
 #CONFIG_TDLS=y
 
-# Wi-Fi Direct
-# This can be used to enable Wi-Fi Direct extensions for P2P using an external
+# Wi-Fi Display
+# This can be used to enable Wi-Fi Display extensions for P2P using an external
 # program to control the additional information exchanges in the messages.
 #CONFIG_WIFI_DISPLAY=y
 
@@ -559,8 +578,6 @@ CONFIG_NO_RANDOM_POOL=y
 #CONFIG_MBO=y
 
 # Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-# Note: This is an experimental and not yet complete implementation. This
-# should not be enabled for production use.
 #CONFIG_FILS=y
 # FILS shared key authentication with PFS
 #CONFIG_FILS_SK_PFS=y
@@ -592,6 +609,11 @@ CONFIG_NO_RANDOM_POOL=y
 # Experimental implementation of draft-harkins-owe-07.txt
 #CONFIG_OWE=y
 
+# Device Provisioning Protocol (DPP)
+# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
+# wpa_supplicant/README-DPP for details)
+#CONFIG_DPP=y
+
 # uBus IPC/RPC System
 # Services can connect to the bus and provide methods
 # that can be called by other services or clients.

package/network/services/hostapd/files/wpa_supplicant-full.config

@@ -109,11 +109,18 @@ CONFIG_EAP_PEAP=y
 CONFIG_EAP_TTLS=y
 
 # EAP-FAST
-# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
-# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
-# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
 CONFIG_EAP_FAST=y
 
+# EAP-TEAP
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
 # EAP-GTC
 CONFIG_EAP_GTC=y
 
@@ -123,6 +130,9 @@ CONFIG_EAP_OTP=y
 # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
 #CONFIG_EAP_SIM=y
 
+# Enable SIM simulator (Milenage) for EAP-SIM
+#CONFIG_SIM_SIMULATOR=y
+
 # EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
 #CONFIG_EAP_PSK=y
 
@@ -235,6 +245,9 @@ CONFIG_CTRL_IFACE=y
 # wpa_passphrase). This saves about 0.5 kB in code size.
 #CONFIG_NO_WPA_PASSPHRASE=y
 
+# Simultaneous Authentication of Equals (SAE), WPA3-Personal
+#CONFIG_SAE=y
+
 # Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
 # This can be used if ap_scan=1 mode is never enabled.
 #CONFIG_NO_SCAN_PROCESSING=y
@@ -295,12 +308,15 @@ CONFIG_BACKEND=file
 # in a bridge for EAPOL frames. This should be uncommented only if the kernel
 # is known to not have the regression issue in packet socket behavior with
 # bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
-#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
+CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
 
 # IEEE 802.11w (management frame protection), also known as PMF
 # Driver support is also needed for IEEE 802.11w.
 #CONFIG_IEEE80211W=y
 
+# Support Operating Channel Validation
+#CONFIG_OCV=y
+
 # Select TLS implementation
 # openssl = OpenSSL (default)
 # gnutls = GnuTLS
@@ -349,10 +365,6 @@ CONFIG_INTERNAL_LIBTOMMATH_FAST=y
 #CONFIG_NDIS_EVENTS_INTEGRATED=y
 #PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
 
-# Add support for old DBus control interface
-# (fi.epitest.hostap.WPASupplicant)
-#CONFIG_CTRL_IFACE_DBUS=y
-
 # Add support for new DBus control interface
 # (fi.w1.hostap.wpa_supplicant1)
 #CONFIG_CTRL_IFACE_DBUS_NEW=y
@@ -458,6 +470,11 @@ CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
 # that meet the requirements described above.
 CONFIG_NO_RANDOM_POOL=y
 
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+CONFIG_GETRANDOM=y
+
 # IEEE 802.11n (High Throughput) support (mainly for AP mode)
 #CONFIG_IEEE80211N=y
 
@@ -499,8 +516,8 @@ CONFIG_WNM=y
 # Enable TDLS support
 #CONFIG_TDLS=y
 
-# Wi-Fi Direct
-# This can be used to enable Wi-Fi Direct extensions for P2P using an external
+# Wi-Fi Display
+# This can be used to enable Wi-Fi Display extensions for P2P using an external
 # program to control the additional information exchanges in the messages.
 #CONFIG_WIFI_DISPLAY=y
 
@@ -561,8 +578,6 @@ CONFIG_WNM=y
 #CONFIG_MBO=y
 
 # Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-# Note: This is an experimental and not yet complete implementation. This
-# should not be enabled for production use.
 #CONFIG_FILS=y
 # FILS shared key authentication with PFS
 #CONFIG_FILS_SK_PFS=y
@@ -594,6 +609,11 @@ CONFIG_IBSS_RSN=y
 # Experimental implementation of draft-harkins-owe-07.txt
 #CONFIG_OWE=y
 
+# Device Provisioning Protocol (DPP)
+# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
+# wpa_supplicant/README-DPP for details)
+#CONFIG_DPP=y
+
 # uBus IPC/RPC System
 # Services can connect to the bus and provide methods
 # that can be called by other services or clients.

package/network/services/hostapd/files/wpa_supplicant-mini.config

@@ -109,11 +109,18 @@ CONFIG_DRIVER_WIRED=y
 #CONFIG_EAP_TTLS=y
 
 # EAP-FAST
-# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
-# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
-# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
 #CONFIG_EAP_FAST=y
 
+# EAP-TEAP
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
 # EAP-GTC
 #CONFIG_EAP_GTC=y
 
@@ -123,6 +130,9 @@ CONFIG_DRIVER_WIRED=y
 # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
 #CONFIG_EAP_SIM=y
 
+# Enable SIM simulator (Milenage) for EAP-SIM
+#CONFIG_SIM_SIMULATOR=y
+
 # EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
 #CONFIG_EAP_PSK=y
 
@@ -235,6 +245,9 @@ CONFIG_CTRL_IFACE=y
 # wpa_passphrase). This saves about 0.5 kB in code size.
 #CONFIG_NO_WPA_PASSPHRASE=y
 
+# Simultaneous Authentication of Equals (SAE), WPA3-Personal
+#CONFIG_SAE=y
+
 # Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
 # This can be used if ap_scan=1 mode is never enabled.
 #CONFIG_NO_SCAN_PROCESSING=y
@@ -295,12 +308,15 @@ CONFIG_BACKEND=file
 # in a bridge for EAPOL frames. This should be uncommented only if the kernel
 # is known to not have the regression issue in packet socket behavior with
 # bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
-#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
+CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
 
 # IEEE 802.11w (management frame protection), also known as PMF
 # Driver support is also needed for IEEE 802.11w.
 #CONFIG_IEEE80211W=y
 
+# Support Operating Channel Validation
+#CONFIG_OCV=y
+
 # Select TLS implementation
 # openssl = OpenSSL (default)
 # gnutls = GnuTLS
@@ -349,10 +365,6 @@ CONFIG_TLS=internal
 #CONFIG_NDIS_EVENTS_INTEGRATED=y
 #PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
 
-# Add support for old DBus control interface
-# (fi.epitest.hostap.WPASupplicant)
-#CONFIG_CTRL_IFACE_DBUS=y
-
 # Add support for new DBus control interface
 # (fi.w1.hostap.wpa_supplicant1)
 #CONFIG_CTRL_IFACE_DBUS_NEW=y
@@ -458,6 +470,11 @@ CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
 # that meet the requirements described above.
 CONFIG_NO_RANDOM_POOL=y
 
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+CONFIG_GETRANDOM=y
+
 # IEEE 802.11n (High Throughput) support (mainly for AP mode)
 #CONFIG_IEEE80211N=y
 
@@ -499,8 +516,8 @@ CONFIG_NO_RANDOM_POOL=y
 # Enable TDLS support
 #CONFIG_TDLS=y
 
-# Wi-Fi Direct
-# This can be used to enable Wi-Fi Direct extensions for P2P using an external
+# Wi-Fi Display
+# This can be used to enable Wi-Fi Display extensions for P2P using an external
 # program to control the additional information exchanges in the messages.
 #CONFIG_WIFI_DISPLAY=y
 
@@ -561,8 +578,6 @@ CONFIG_NO_RANDOM_POOL=y
 #CONFIG_MBO=y
 
 # Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-# Note: This is an experimental and not yet complete implementation. This
-# should not be enabled for production use.
 #CONFIG_FILS=y
 # FILS shared key authentication with PFS
 #CONFIG_FILS_SK_PFS=y
@@ -594,6 +609,11 @@ CONFIG_NO_RANDOM_POOL=y
 # Experimental implementation of draft-harkins-owe-07.txt
 #CONFIG_OWE=y
 
+# Device Provisioning Protocol (DPP)
+# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
+# wpa_supplicant/README-DPP for details)
+#CONFIG_DPP=y
+
 # uBus IPC/RPC System
 # Services can connect to the bus and provide methods
 # that can be called by other services or clients.

package/network/services/hostapd/files/wpa_supplicant-p2p.config

@@ -109,11 +109,18 @@ CONFIG_EAP_PEAP=y
 CONFIG_EAP_TTLS=y
 
 # EAP-FAST
-# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
-# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
-# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
 CONFIG_EAP_FAST=y
 
+# EAP-TEAP
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
 # EAP-GTC
 CONFIG_EAP_GTC=y
 
@@ -123,6 +130,9 @@ CONFIG_EAP_OTP=y
 # EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
 #CONFIG_EAP_SIM=y
 
+# Enable SIM simulator (Milenage) for EAP-SIM
+#CONFIG_SIM_SIMULATOR=y
+
 # EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
 #CONFIG_EAP_PSK=y
 
@@ -235,6 +245,9 @@ CONFIG_CTRL_IFACE=y
 # wpa_passphrase). This saves about 0.5 kB in code size.
 #CONFIG_NO_WPA_PASSPHRASE=y
 
+# Simultaneous Authentication of Equals (SAE), WPA3-Personal
+#CONFIG_SAE=y
+
 # Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
 # This can be used if ap_scan=1 mode is never enabled.
 #CONFIG_NO_SCAN_PROCESSING=y
@@ -295,12 +308,15 @@ CONFIG_BACKEND=file
 # in a bridge for EAPOL frames. This should be uncommented only if the kernel
 # is known to not have the regression issue in packet socket behavior with
 # bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
-#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
+CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
 
 # IEEE 802.11w (management frame protection), also known as PMF
 # Driver support is also needed for IEEE 802.11w.
 CONFIG_IEEE80211W=y
 
+# Support Operating Channel Validation
+#CONFIG_OCV=y
+
 # Select TLS implementation
 # openssl = OpenSSL (default)
 # gnutls = GnuTLS
@@ -349,10 +365,6 @@ CONFIG_INTERNAL_LIBTOMMATH_FAST=y
 #CONFIG_NDIS_EVENTS_INTEGRATED=y
 #PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
 
-# Add support for old DBus control interface
-# (fi.epitest.hostap.WPASupplicant)
-#CONFIG_CTRL_IFACE_DBUS=y
-
 # Add support for new DBus control interface
 # (fi.w1.hostap.wpa_supplicant1)
 #CONFIG_CTRL_IFACE_DBUS_NEW=y
@@ -458,6 +470,11 @@ CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
 # that meet the requirements described above.
 CONFIG_NO_RANDOM_POOL=y
 
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+CONFIG_GETRANDOM=y
+
 # IEEE 802.11n (High Throughput) support (mainly for AP mode)
 #CONFIG_IEEE80211N=y
 
@@ -499,8 +516,8 @@ CONFIG_P2P=y
 # Enable TDLS support
 #CONFIG_TDLS=y
 
-# Wi-Fi Direct
-# This can be used to enable Wi-Fi Direct extensions for P2P using an external
+# Wi-Fi Display
+# This can be used to enable Wi-Fi Display extensions for P2P using an external
 # program to control the additional information exchanges in the messages.
 #CONFIG_WIFI_DISPLAY=y
 
@@ -561,8 +578,6 @@ CONFIG_P2P=y
 #CONFIG_MBO=y
 
 # Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-# Note: This is an experimental and not yet complete implementation. This
-# should not be enabled for production use.
 #CONFIG_FILS=y
 # FILS shared key authentication with PFS
 #CONFIG_FILS_SK_PFS=y
@@ -594,6 +609,11 @@ CONFIG_IBSS_RSN=y
 # Experimental implementation of draft-harkins-owe-07.txt
 #CONFIG_OWE=y
 
+# Device Provisioning Protocol (DPP)
+# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
+# wpa_supplicant/README-DPP for details)
+#CONFIG_DPP=y
+
 # uBus IPC/RPC System
 # Services can connect to the bus and provide methods
 # that can be called by other services or clients.

package/network/services/hostapd/patches/001-mesh-factor-out-mesh-join-function.patch

@@ -1,211 +0,0 @@
-From 02ae4382f45f772e3630460459eb4e5af64e71b4 Mon Sep 17 00:00:00 2001
-From: Peter Oh <peter.oh@bowerswilkins.com>
-Date: Tue, 29 May 2018 14:39:05 -0700
-Subject: [PATCH 01/18] mesh: factor out mesh join function
-
-mesh join function consitss of 2 parts which are preparing
-configurations and sending join event to driver.
-Since physical mesh join event could happen either right
-after mesh configuration is done or after CAC is done
-in case of DFS channel is used, factor out the function
-into 2 parts to reduce redundant calls.
-
-Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
----
- wpa_supplicant/mesh.c             | 119 ++++++++++++++++--------------
- wpa_supplicant/mesh.h             |   1 +
- wpa_supplicant/wpa_supplicant_i.h |   1 +
- 3 files changed, 67 insertions(+), 54 deletions(-)
-
---- a/wpa_supplicant/mesh.c
-+++ b/wpa_supplicant/mesh.c
-@@ -364,13 +364,48 @@ void wpa_supplicant_mesh_add_scan_ie(str
- }
- 
- 
-+void wpas_join_mesh(struct wpa_supplicant *wpa_s)
-+{
-+	struct wpa_driver_mesh_join_params *params = wpa_s->mesh_params;
-+	struct wpa_ssid *ssid = wpa_s->current_ssid;
-+	int ret = 0;
-+
-+	if (ssid->key_mgmt & WPA_KEY_MGMT_SAE) {
-+		wpa_s->pairwise_cipher = wpa_s->mesh_rsn->pairwise_cipher;
-+		wpa_s->group_cipher = wpa_s->mesh_rsn->group_cipher;
-+		wpa_s->mgmt_group_cipher = wpa_s->mesh_rsn->mgmt_group_cipher;
-+	}
-+
-+	if (wpa_s->ifmsh) {
-+		params->ies = wpa_s->ifmsh->mconf->rsn_ie;
-+		params->ie_len = wpa_s->ifmsh->mconf->rsn_ie_len;
-+		params->basic_rates = wpa_s->ifmsh->basic_rates;
-+		params->conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_HT_OP_MODE;
-+		params->conf.ht_opmode = wpa_s->ifmsh->bss[0]->iface->ht_op_mode;
-+	}
-+
-+	ret = wpa_drv_join_mesh(wpa_s, params);
-+	if (ret)
-+		wpa_msg(wpa_s, MSG_ERROR, "mesh join error=%d\n", ret);
-+
-+	/* hostapd sets the interface down until we associate */
-+	wpa_drv_set_operstate(wpa_s, 1);
-+
-+	if (!ret)
-+		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
-+
-+	return;
-+}
-+
-+
- int wpa_supplicant_join_mesh(struct wpa_supplicant *wpa_s,
- 			     struct wpa_ssid *ssid)
- {
--	struct wpa_driver_mesh_join_params params;
-+	struct wpa_driver_mesh_join_params *params =
-+		os_zalloc(sizeof(struct wpa_driver_mesh_join_params));
- 	int ret = 0;
- 
--	if (!ssid || !ssid->ssid || !ssid->ssid_len || !ssid->frequency) {
-+	if (!ssid || !ssid->ssid || !ssid->ssid_len || !ssid->frequency || !params) {
- 		ret = -ENOENT;
- 		goto out;
- 	}
-@@ -381,22 +416,22 @@ int wpa_supplicant_join_mesh(struct wpa_
- 	wpa_s->group_cipher = WPA_CIPHER_NONE;
- 	wpa_s->mgmt_group_cipher = 0;
- 
--	os_memset(&params, 0, sizeof(params));
--	params.meshid = ssid->ssid;
--	params.meshid_len = ssid->ssid_len;
--	ibss_mesh_setup_freq(wpa_s, ssid, &params.freq);
--	wpa_s->mesh_ht_enabled = !!params.freq.ht_enabled;
--	wpa_s->mesh_vht_enabled = !!params.freq.vht_enabled;
--	if (params.freq.ht_enabled && params.freq.sec_channel_offset)
--		ssid->ht40 = params.freq.sec_channel_offset;
-+	params->meshid = ssid->ssid;
-+	params->meshid_len = ssid->ssid_len;
-+	ibss_mesh_setup_freq(wpa_s, ssid, &params->freq);
-+	wpa_s->mesh_ht_enabled = !!params->freq.ht_enabled;
-+	wpa_s->mesh_vht_enabled = !!params->freq.vht_enabled;
-+	if (params->freq.ht_enabled && params->freq.sec_channel_offset)
-+		ssid->ht40 = params->freq.sec_channel_offset;
-+
- 	if (wpa_s->mesh_vht_enabled) {
- 		ssid->vht = 1;
--		switch (params.freq.bandwidth) {
-+		switch (params->freq.bandwidth) {
- 		case 80:
--			if (params.freq.center_freq2) {
-+			if (params->freq.center_freq2) {
- 				ssid->max_oper_chwidth = VHT_CHANWIDTH_80P80MHZ;
- 				ssid->vht_center_freq2 =
--					params.freq.center_freq2;
-+					params->freq.center_freq2;
- 			} else {
- 				ssid->max_oper_chwidth = VHT_CHANWIDTH_80MHZ;
- 			}
-@@ -410,67 +445,43 @@ int wpa_supplicant_join_mesh(struct wpa_
- 		}
- 	}
- 	if (ssid->beacon_int > 0)
--		params.beacon_int = ssid->beacon_int;
-+		params->beacon_int = ssid->beacon_int;
- 	else if (wpa_s->conf->beacon_int > 0)
--		params.beacon_int = wpa_s->conf->beacon_int;
-+		params->beacon_int = wpa_s->conf->beacon_int;
- 	if (ssid->dtim_period > 0)
--		params.dtim_period = ssid->dtim_period;
-+		params->dtim_period = ssid->dtim_period;
- 	else if (wpa_s->conf->dtim_period > 0)
--		params.dtim_period = wpa_s->conf->dtim_period;
--	params.conf.max_peer_links = wpa_s->conf->max_peer_links;
-+		params->dtim_period = wpa_s->conf->dtim_period;
-+	params->conf.max_peer_links = wpa_s->conf->max_peer_links;
- 	if (ssid->mesh_rssi_threshold < DEFAULT_MESH_RSSI_THRESHOLD) {
--		params.conf.rssi_threshold = ssid->mesh_rssi_threshold;
--		params.conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_RSSI_THRESHOLD;
-+		params->conf.rssi_threshold = ssid->mesh_rssi_threshold;
-+		params->conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_RSSI_THRESHOLD;
- 	}
- 
- 	if (ssid->key_mgmt & WPA_KEY_MGMT_SAE) {
--		params.flags |= WPA_DRIVER_MESH_FLAG_SAE_AUTH;
--		params.flags |= WPA_DRIVER_MESH_FLAG_AMPE;
-+		params->flags |= WPA_DRIVER_MESH_FLAG_SAE_AUTH;
-+		params->flags |= WPA_DRIVER_MESH_FLAG_AMPE;
- 		wpa_s->conf->user_mpm = 1;
- 	}
- 
- 	if (wpa_s->conf->user_mpm) {
--		params.flags |= WPA_DRIVER_MESH_FLAG_USER_MPM;
--		params.conf.auto_plinks = 0;
-+		params->flags |= WPA_DRIVER_MESH_FLAG_USER_MPM;
-+		params->conf.auto_plinks = 0;
- 	} else {
--		params.flags |= WPA_DRIVER_MESH_FLAG_DRIVER_MPM;
--		params.conf.auto_plinks = 1;
-+		params->flags |= WPA_DRIVER_MESH_FLAG_DRIVER_MPM;
-+		params->conf.auto_plinks = 1;
- 	}
--	params.conf.peer_link_timeout = wpa_s->conf->mesh_max_inactivity;
-+	params->conf.peer_link_timeout = wpa_s->conf->mesh_max_inactivity;
- 
--	if (wpa_supplicant_mesh_init(wpa_s, ssid, &params.freq)) {
-+	wpa_s->mesh_params = params;
-+	if (wpa_supplicant_mesh_init(wpa_s, ssid, &params->freq)) {
- 		wpa_msg(wpa_s, MSG_ERROR, "Failed to init mesh");
- 		wpa_drv_leave_mesh(wpa_s);
- 		ret = -1;
- 		goto out;
- 	}
- 
--	if (ssid->key_mgmt & WPA_KEY_MGMT_SAE) {
--		wpa_s->pairwise_cipher = wpa_s->mesh_rsn->pairwise_cipher;
--		wpa_s->group_cipher = wpa_s->mesh_rsn->group_cipher;
--		wpa_s->mgmt_group_cipher = wpa_s->mesh_rsn->mgmt_group_cipher;
--	}
--
--	if (wpa_s->ifmsh) {
--		params.ies = wpa_s->ifmsh->mconf->rsn_ie;
--		params.ie_len = wpa_s->ifmsh->mconf->rsn_ie_len;
--		params.basic_rates = wpa_s->ifmsh->basic_rates;
--		params.conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_HT_OP_MODE;
--		params.conf.ht_opmode = wpa_s->ifmsh->bss[0]->iface->ht_op_mode;
--	}
--
--	wpa_msg(wpa_s, MSG_INFO, "joining mesh %s",
--		wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
--	ret = wpa_drv_join_mesh(wpa_s, &params);
--	if (ret)
--		wpa_msg(wpa_s, MSG_ERROR, "mesh join error=%d", ret);
--
--	/* hostapd sets the interface down until we associate */
--	wpa_drv_set_operstate(wpa_s, 1);
--
--	if (!ret)
--		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
--
-+	wpas_join_mesh(wpa_s);
- out:
- 	return ret;
- }
---- a/wpa_supplicant/mesh.h
-+++ b/wpa_supplicant/mesh.h
-@@ -21,6 +21,7 @@ int wpas_mesh_add_interface(struct wpa_s
- int wpas_mesh_peer_remove(struct wpa_supplicant *wpa_s, const u8 *addr);
- int wpas_mesh_peer_add(struct wpa_supplicant *wpa_s, const u8 *addr,
- 		       int duration);
-+void wpas_join_mesh(struct wpa_supplicant *wpa_s);
- 
- #ifdef CONFIG_MESH
- 
---- a/wpa_supplicant/wpa_supplicant_i.h
-+++ b/wpa_supplicant/wpa_supplicant_i.h
-@@ -814,6 +814,7 @@ struct wpa_supplicant {
- 	unsigned int mesh_if_created:1;
- 	unsigned int mesh_ht_enabled:1;
- 	unsigned int mesh_vht_enabled:1;
-+	struct wpa_driver_mesh_join_params *mesh_params;
- #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
- 	/* struct external_pmksa_cache::list */
- 	struct dl_list mesh_external_pmksa_cache;

package/network/services/hostapd/patches/002-mesh-factor-out-rsn-initialization.patch

@@ -1,133 +0,0 @@
-From 89db76eeff6502dfa39b011962ec9d560ed4c2ee Mon Sep 17 00:00:00 2001
-From: Peter Oh <peter.oh@bowerswilkins.com>
-Date: Tue, 29 May 2018 14:39:06 -0700
-Subject: [PATCH 02/18] mesh: factor out rsn initialization
-
-RSN initialization can be used in different phases
-if mesh initialization and mesh join don't happen
-in sequence such as DFS CAC is done in between,
-hence factor it out to help convering the case.
-
-Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
----
- wpa_supplicant/mesh.c | 84 +++++++++++++++++++++++++------------------
- wpa_supplicant/mesh.h |  1 +
- 2 files changed, 50 insertions(+), 35 deletions(-)
-
---- a/wpa_supplicant/mesh.c
-+++ b/wpa_supplicant/mesh.c
-@@ -147,6 +147,53 @@ static void wpas_mesh_copy_groups(struct
- }
- 
- 
-+int wpas_mesh_init_rsn(struct wpa_supplicant *wpa_s)
-+{
-+	struct hostapd_iface *ifmsh = wpa_s->ifmsh;
-+	struct mesh_conf *mconf = wpa_s->ifmsh->mconf;
-+	struct wpa_ssid *ssid = wpa_s->current_ssid;
-+	struct hostapd_data *bss = ifmsh->bss[0];
-+	static int default_groups[] = { 19, 20, 21, 25, 26, -1 };
-+	const char *password;
-+	size_t len;
-+
-+	if (mconf->security != MESH_CONF_SEC_NONE) {
-+		password = ssid->sae_password;
-+		if (!password)
-+			password = ssid->passphrase;
-+		if (!password) {
-+			wpa_printf(MSG_ERROR,
-+				   "mesh: Passphrase for SAE not configured");
-+			return -1;
-+		}
-+
-+		bss->conf->wpa = ssid->proto;
-+		bss->conf->wpa_key_mgmt = ssid->key_mgmt;
-+
-+		if (wpa_s->conf->sae_groups &&
-+		    wpa_s->conf->sae_groups[0] > 0) {
-+			wpas_mesh_copy_groups(bss, wpa_s);
-+		} else {
-+			bss->conf->sae_groups =
-+				os_memdup(default_groups,
-+					  sizeof(default_groups));
-+			if (!bss->conf->sae_groups)
-+				return -1;
-+		}
-+
-+		len = os_strlen(password);
-+		bss->conf->ssid.wpa_passphrase =
-+			dup_binstr(password, len);
-+
-+		wpa_s->mesh_rsn = mesh_rsn_auth_init(wpa_s, mconf);
-+		if (!wpa_s->mesh_rsn)
-+			return -1;
-+	}
-+
-+	return 0;
-+}
-+
-+
- static int wpa_supplicant_mesh_init(struct wpa_supplicant *wpa_s,
- 				    struct wpa_ssid *ssid,
- 				    struct hostapd_freq_params *freq)
-@@ -156,9 +203,6 @@ static int wpa_supplicant_mesh_init(stru
- 	struct hostapd_config *conf;
- 	struct mesh_conf *mconf;
- 	int basic_rates_erp[] = { 10, 20, 55, 60, 110, 120, 240, -1 };
--	static int default_groups[] = { 19, 20, 21, 25, 26, -1 };
--	const char *password;
--	size_t len;
- 	int rate_len;
- 	int frequency;
- 
-@@ -292,38 +336,8 @@ static int wpa_supplicant_mesh_init(stru
- 		return -1;
- 	}
- 
--	if (mconf->security != MESH_CONF_SEC_NONE) {
--		password = ssid->sae_password;
--		if (!password)
--			password = ssid->passphrase;
--		if (!password) {
--			wpa_printf(MSG_ERROR,
--				   "mesh: Passphrase for SAE not configured");
--			goto out_free;
--		}
--
--		bss->conf->wpa = ssid->proto;
--		bss->conf->wpa_key_mgmt = ssid->key_mgmt;
--
--		if (wpa_s->conf->sae_groups &&
--		    wpa_s->conf->sae_groups[0] > 0) {
--			wpas_mesh_copy_groups(bss, wpa_s);
--		} else {
--			bss->conf->sae_groups =
--				os_memdup(default_groups,
--					  sizeof(default_groups));
--			if (!bss->conf->sae_groups)
--				goto out_free;
--		}
--
--		len = os_strlen(password);
--		bss->conf->ssid.wpa_passphrase =
--			dup_binstr(password, len);
--
--		wpa_s->mesh_rsn = mesh_rsn_auth_init(wpa_s, mconf);
--		if (!wpa_s->mesh_rsn)
--			goto out_free;
--	}
-+	if (wpas_mesh_init_rsn(wpa_s))
-+		goto out_free;
- 
- 	wpa_supplicant_conf_ap_ht(wpa_s, ssid, conf);
- 
---- a/wpa_supplicant/mesh.h
-+++ b/wpa_supplicant/mesh.h
-@@ -22,6 +22,7 @@ int wpas_mesh_peer_remove(struct wpa_sup
- int wpas_mesh_peer_add(struct wpa_supplicant *wpa_s, const u8 *addr,
- 		       int duration);
- void wpas_join_mesh(struct wpa_supplicant *wpa_s);
-+int wpas_mesh_init_rsn(struct wpa_supplicant *wpa_s);
- 
- #ifdef CONFIG_MESH
- 

package/network/services/hostapd/patches/003-mesh-relocate-RSN-init-function.patch

@@ -1,41 +0,0 @@
-From 07bad5f256cbe8a4b45d32c5b43b870ee815fb42 Mon Sep 17 00:00:00 2001
-From: Peter Oh <peter.oh@bowerswilkins.com>
-Date: Tue, 29 May 2018 14:39:07 -0700
-Subject: [PATCH 03/18] mesh: relocate RSN init function
-
-RSN init function should work together with mesh join
-when it's used. Since mesh join could be called at different stage
-if DFS channel is used, relocate the function to mesh join.
-It is still the same call flows of mesh join before this changes
-if non-DFS channels are used, hence no side effect will occur.
-
-Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
----
- wpa_supplicant/mesh.c | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
---- a/wpa_supplicant/mesh.c
-+++ b/wpa_supplicant/mesh.c
-@@ -336,9 +336,6 @@ static int wpa_supplicant_mesh_init(stru
- 		return -1;
- 	}
- 
--	if (wpas_mesh_init_rsn(wpa_s))
--		goto out_free;
--
- 	wpa_supplicant_conf_ap_ht(wpa_s, ssid, conf);
- 
- 	return 0;
-@@ -384,6 +381,12 @@ void wpas_join_mesh(struct wpa_supplican
- 	struct wpa_ssid *ssid = wpa_s->current_ssid;
- 	int ret = 0;
- 
-+	if (wpas_mesh_init_rsn(wpa_s)) {
-+		wpa_printf(MSG_ERROR, "Init RSN failed. Deinit mesh...");
-+		wpa_supplicant_mesh_deinit(wpa_s);
-+		return;
-+	}
-+
- 	if (ssid->key_mgmt & WPA_KEY_MGMT_SAE) {
- 		wpa_s->pairwise_cipher = wpa_s->mesh_rsn->pairwise_cipher;
- 		wpa_s->group_cipher = wpa_s->mesh_rsn->group_cipher;

package/network/services/hostapd/patches/004-mesh-use-setup-completion-callback-to-complete-mesh-.patch

@@ -1,30 +1,103 @@
-From bd05de484bfa61def530d717c7234381f6b33cf7 Mon Sep 17 00:00:00 2001
+From c05ace7510ead96e72b97ce47b33f7b5865d6d36 Mon Sep 17 00:00:00 2001
 From: Peter Oh <peter.oh@bowerswilkins.com>
-Date: Tue, 29 May 2018 14:39:08 -0700
-Subject: [PATCH 04/18] mesh: use setup completion callback to complete mesh
- join
+Date: Mon, 27 Aug 2018 14:28:38 -0700
+Subject: [PATCH 1/7] mesh: use setup completion callback to complete mesh join
 
 mesh join function is the last function to be called during
 mesh join process, but it's been called a bit earlier than
 it's supposed to be, so that some mesh parameter values
 such as VHT capabilities not applied correct when mesh join
-is in process. Moreover current design of mesh join that is called
-directly after mesh initialization is not suitable for DFS channels
-to use, since mesh join process should be paused until DFS CAC is
-done and resumed once it's done.
-Using setup completion callback is how AP mode is using for DFS channels
-and mesh can use the same way.
+is in process.
+Moreover current design of mesh join that is called directly
+after mesh initialization isn't suitable for DFS channels to use,
+since mesh join process should be paused until DFS CAC is
+done and resumed after it's done.
 The callback will be called by hostapd_setup_interface_complete_sync.
+There is possiblity that completing mesh init fails, so add error
+handle codes.
 
+Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 ---
- wpa_supplicant/mesh.c | 7 +++++--
- wpa_supplicant/mesh.h | 2 +-
- 2 files changed, 6 insertions(+), 3 deletions(-)
+ src/ap/hostapd.c      | 11 ++++++++++-
+ wpa_supplicant/mesh.c | 13 +++++++------
+ 2 files changed, 17 insertions(+), 7 deletions(-)
 
+--- a/src/ap/hostapd.c
++++ b/src/ap/hostapd.c
+@@ -423,6 +423,8 @@ static void hostapd_free_hapd_data(struc
+ #ifdef CONFIG_MESH
+ 	wpabuf_free(hapd->mesh_pending_auth);
+ 	hapd->mesh_pending_auth = NULL;
++	/* handling setup failure is already done */
++	hapd->setup_complete_cb = NULL;
+ #endif /* CONFIG_MESH */
+ 
+ 	hostapd_clean_rrm(hapd);
+@@ -2049,6 +2051,13 @@ dfs_offload:
+ 	if (hapd->setup_complete_cb)
+ 		hapd->setup_complete_cb(hapd->setup_complete_cb_ctx);
+ 
++#ifdef CONFIG_MESH
++	if (delay_apply_cfg && !iface->mconf) {
++		wpa_printf(MSG_ERROR, "Error while completing mesh init");
++		goto fail;
++	}
++#endif /* CONFIG_MESH */
++
+ 	wpa_printf(MSG_DEBUG, "%s: Setup of interface done.",
+ 		   iface->bss[0]->conf->iface);
+ 	if (iface->interfaces && iface->interfaces->terminate_on_error > 0)
+@@ -2192,7 +2201,7 @@ int hostapd_setup_interface(struct hosta
+ 	ret = setup_interface(iface);
+ 	if (ret) {
+ 		wpa_printf(MSG_ERROR, "%s: Unable to setup interface.",
+-			   iface->bss[0]->conf->iface);
++			   iface->conf ? iface->conf->bss[0]->iface : "N/A");
+ 		return -1;
+ 	}
+ 
 --- a/wpa_supplicant/mesh.c
 +++ b/wpa_supplicant/mesh.c
-@@ -217,6 +217,7 @@ static int wpa_supplicant_mesh_init(stru
+@@ -190,8 +190,9 @@ static int wpas_mesh_init_rsn(struct wpa
+ }
+ 
+ 
+-static int wpas_mesh_complete(struct wpa_supplicant *wpa_s)
++static void wpas_mesh_complete_cb(void *ctx)
+ {
++	struct wpa_supplicant *wpa_s = ctx;
+ 	struct hostapd_iface *ifmsh = wpa_s->ifmsh;
+ 	struct wpa_driver_mesh_join_params *params = wpa_s->mesh_params;
+ 	struct wpa_ssid *ssid = wpa_s->current_ssid;
+@@ -200,7 +201,7 @@ static int wpas_mesh_complete(struct wpa
+ 	if (!params || !ssid || !ifmsh) {
+ 		wpa_printf(MSG_ERROR, "mesh: %s called without active mesh",
+ 			   __func__);
+-		return -1;
++		return;
+ 	}
+ 
+ 	if (ifmsh->mconf->security != MESH_CONF_SEC_NONE &&
+@@ -209,7 +210,7 @@ static int wpas_mesh_complete(struct wpa
+ 			   "mesh: RSN initialization failed - deinit mesh");
+ 		wpa_supplicant_mesh_deinit(wpa_s);
+ 		wpa_drv_leave_mesh(wpa_s);
+-		return -1;
++		return;
+ 	}
+ 
+ 	if (ssid->key_mgmt & WPA_KEY_MGMT_SAE) {
+@@ -235,8 +236,6 @@ static int wpas_mesh_complete(struct wpa
+ 
+ 	if (!ret)
+ 		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
+-
+-	return ret;
+ }
+ 
+ 
+@@ -263,6 +262,7 @@ static int wpa_supplicant_mesh_init(stru
  	if (!ifmsh)
  		return -ENOMEM;
  
@@ -32,7 +105,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  	ifmsh->drv_flags = wpa_s->drv_flags;
  	ifmsh->num_bss = 1;
  	ifmsh->bss = os_calloc(wpa_s->ifmsh->num_bss,
-@@ -234,6 +235,8 @@ static int wpa_supplicant_mesh_init(stru
+@@ -280,6 +280,8 @@ static int wpa_supplicant_mesh_init(stru
  	bss->drv_priv = wpa_s->drv_priv;
  	bss->iface = ifmsh;
  	bss->mesh_sta_free_cb = mesh_mpm_free_sta;
@@ -41,33 +114,11 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  	frequency = ssid->frequency;
  	if (frequency != freq->freq &&
  	    frequency == freq->freq + freq->sec_channel_offset * 20) {
-@@ -375,8 +378,9 @@ void wpa_supplicant_mesh_add_scan_ie(str
- }
- 
- 
--void wpas_join_mesh(struct wpa_supplicant *wpa_s)
-+void wpas_mesh_complete_cb(void *ctx)
- {
-+	struct wpa_supplicant *wpa_s = (struct wpa_supplicant *)ctx;
- 	struct wpa_driver_mesh_join_params *params = wpa_s->mesh_params;
- 	struct wpa_ssid *ssid = wpa_s->current_ssid;
- 	int ret = 0;
-@@ -498,7 +502,6 @@ int wpa_supplicant_join_mesh(struct wpa_
+@@ -521,7 +523,6 @@ int wpa_supplicant_join_mesh(struct wpa_
  		goto out;
  	}
  
--	wpas_join_mesh(wpa_s);
+-	ret = wpas_mesh_complete(wpa_s);
  out:
  	return ret;
  }
---- a/wpa_supplicant/mesh.h
-+++ b/wpa_supplicant/mesh.h
-@@ -21,7 +21,7 @@ int wpas_mesh_add_interface(struct wpa_s
- int wpas_mesh_peer_remove(struct wpa_supplicant *wpa_s, const u8 *addr);
- int wpas_mesh_peer_add(struct wpa_supplicant *wpa_s, const u8 *addr,
- 		       int duration);
--void wpas_join_mesh(struct wpa_supplicant *wpa_s);
-+void wpas_mesh_complete_cb(void *ctx);
- int wpas_mesh_init_rsn(struct wpa_supplicant *wpa_s);
- 
- #ifdef CONFIG_MESH

package/network/services/hostapd/patches/005-mesh-reflect-country-setting-to-mesh-configuration.patch

@@ -1,35 +0,0 @@
-From dbe9afab3b2dceb35d478ac43dfcf8fdc5e23a22 Mon Sep 17 00:00:00 2001
-From: Peter Oh <peter.oh@bowerswilkins.com>
-Date: Tue, 29 May 2018 14:39:09 -0700
-Subject: [PATCH 05/18] mesh: reflect country setting to mesh configuration
-
-wpa_supplicant configuration has country parameter that is
-supposed to be used in AP mode to indicate supporting 802.11h
-and 802.11d. Reflect this configuration to Mesh also since Mesh
-is required to support 802.11h and 802.11d to use DFS channels.
-
-Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
-Signed-off-by: Daniel Golle <daniel@makrotopia.org>
-[daniel@makrotopia.org: adapted to changed ieee80211_is_dfs prototype]
----
- wpa_supplicant/mesh.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
---- a/wpa_supplicant/mesh.c
-+++ b/wpa_supplicant/mesh.c
-@@ -255,6 +255,15 @@ static int wpa_supplicant_mesh_init(stru
- 	bss->conf->start_disabled = 1;
- 	bss->conf->mesh = MESH_ENABLED;
- 	bss->conf->ap_max_inactivity = wpa_s->conf->mesh_max_inactivity;
-+
-+	if (ieee80211_is_dfs(ssid->frequency, wpa_s->hw.modes,
-+			     wpa_s->hw.num_modes) && wpa_s->conf->country[0]) {
-+		conf->ieee80211h = 1;
-+		conf->ieee80211d = 1;
-+		conf->country[0] = wpa_s->conf->country[0];
-+		conf->country[1] = wpa_s->conf->country[1];
-+	}
-+
- 	bss->iconf = conf;
- 	ifmsh->conf = conf;
- 

package/network/services/hostapd/patches/005-mesh-update-ssid-frequency-as-pri-sec-channel-switch.patch

@@ -0,0 +1,26 @@
+From c56f18380d1d404a2abc0ea5373d294508ef1e54 Mon Sep 17 00:00:00 2001
+From: Peter Oh <peter.oh@bowerswilkins.com>
+Date: Mon, 27 Aug 2018 14:28:41 -0700
+Subject: [PATCH 2/7] mesh: update ssid->frequency as pri/sec channel switch
+
+ssid->frequency is one of variables used to gets channel
+number from given frequency. Leave it as unchanged when
+pri/sec channel switched will cause picking up wrong
+channel number after applying secondary channel offset
+for HT40 and leads failing interface bring-up.
+
+Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
+---
+ wpa_supplicant/mesh.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/wpa_supplicant/mesh.c
++++ b/wpa_supplicant/mesh.c
+@@ -287,6 +287,7 @@ static int wpa_supplicant_mesh_init(stru
+ 	    frequency == freq->freq + freq->sec_channel_offset * 20) {
+ 		wpa_printf(MSG_DEBUG, "mesh: pri/sec channels switched");
+ 		frequency = freq->freq;
++		ssid->frequency = frequency;
+ 	}
+ 	wpa_s->assoc_freq = frequency;
+ 	wpa_s->current_ssid = ssid;

package/network/services/hostapd/patches/006-mesh-inform-kernel-driver-DFS-handler-in-userspace.patch

@@ -1,7 +1,7 @@
-From 51e759da5026b3e64f801135b5d53f2198bbd2f0 Mon Sep 17 00:00:00 2001
+From 593602b7f14be5c2695979639764b1c50f01bbec Mon Sep 17 00:00:00 2001
 From: Peter Oh <peter.oh@bowerswilkins.com>
-Date: Tue, 29 May 2018 14:39:10 -0700
-Subject: [PATCH 06/18] mesh: inform kernel driver DFS handler in userspace
+Date: Mon, 27 Aug 2018 14:28:49 -0700
+Subject: [PATCH 7/7] mesh: inform kernel driver DFS handler in userspace
 
 NL80211_ATTR_HANDLE_DFS is required by kerenel space
 to enable DFS channels that indicates DFS handler
@@ -16,7 +16,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -1402,6 +1402,7 @@ struct wpa_driver_mesh_join_params {
+@@ -1477,6 +1477,7 @@ struct wpa_driver_mesh_join_params {
  #define WPA_DRIVER_MESH_FLAG_SAE_AUTH	0x00000004
  #define WPA_DRIVER_MESH_FLAG_AMPE	0x00000008
  	unsigned int flags;
@@ -26,7 +26,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  /**
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -9375,6 +9375,9 @@ static int nl80211_join_mesh(struct i802
+@@ -9624,6 +9624,9 @@ static int nl80211_join_mesh(struct i802
  
  	wpa_printf(MSG_DEBUG, "  * flags=%08X", params->flags);
  
@@ -38,10 +38,10 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  		goto fail;
 --- a/wpa_supplicant/mesh.c
 +++ b/wpa_supplicant/mesh.c
-@@ -262,6 +262,7 @@ static int wpa_supplicant_mesh_init(stru
- 		conf->ieee80211d = 1;
+@@ -309,6 +309,7 @@ static int wpa_supplicant_mesh_init(stru
  		conf->country[0] = wpa_s->conf->country[0];
  		conf->country[1] = wpa_s->conf->country[1];
+ 		conf->country[2] = ' ';
 +		wpa_s->mesh_params->handle_dfs = 1;
  	}
  

package/network/services/hostapd/patches/007-mesh-apply-channel-attributes-before-running-Mesh.patch

@@ -1,28 +1,42 @@
-From bdc77efe681d5b88f3256e2bb6e706d4eaf09518 Mon Sep 17 00:00:00 2001
+From 2564184440d9d6041d11a8c7d50b31368634c3bd Mon Sep 17 00:00:00 2001
 From: Peter Oh <peter.oh@bowerswilkins.com>
-Date: Tue, 29 May 2018 14:39:11 -0700
-Subject: [PATCH 07/18] mesh: apply channel attributes before running Mesh
+Date: Mon, 27 Aug 2018 14:28:40 -0700
+Subject: [PATCH] mesh: Apply channel attributes before setup interface
 
-This helps mesh interface initializes with correct
-channel parameters.
+This helps mesh interface initialization with correct channel
+parameters.
 
 Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 ---
- wpa_supplicant/mesh.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
+ wpa_supplicant/mesh.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
 
 --- a/wpa_supplicant/mesh.c
 +++ b/wpa_supplicant/mesh.c
-@@ -338,6 +338,8 @@ static int wpa_supplicant_mesh_init(stru
+@@ -249,7 +249,7 @@ static int wpa_supplicant_mesh_init(stru
+ 	struct mesh_conf *mconf;
+ 	int basic_rates_erp[] = { 10, 20, 55, 60, 110, 120, 240, -1 };
+ 	int rate_len;
+-	int frequency;
++	int frequency, saved_freq;
+ 
+ 	if (!wpa_s->conf->user_mpm) {
+ 		/* not much for us to do here */
+@@ -386,6 +386,13 @@ static int wpa_supplicant_mesh_init(stru
  		conf->basic_rates[rate_len] = -1;
  	}
  
++	/* Handle pri/sec switch frequency within AP configuration parameter
++	 * generation without changing the stored network profile in the end. */
++	saved_freq = ssid->frequency;
++	ssid->frequency = frequency;
 +	wpa_supplicant_conf_ap_ht(wpa_s, ssid, conf);
++	ssid->frequency = saved_freq;
 +
- 	if (hostapd_setup_interface(ifmsh)) {
- 		wpa_printf(MSG_ERROR,
- 			   "Failed to initialize hostapd interface for mesh");
-@@ -349,8 +351,6 @@ static int wpa_supplicant_mesh_init(stru
+ 	if (wpa_drv_init_mesh(wpa_s)) {
+ 		wpa_msg(wpa_s, MSG_ERROR, "Failed to init mesh in driver");
+ 		return -1;
+@@ -397,8 +404,6 @@ static int wpa_supplicant_mesh_init(stru
  		return -1;
  	}
  

package/network/services/hostapd/patches/008-mesh-set-interface-type-to-mesh-before-setting-inter.patch

@@ -1,36 +0,0 @@
-From eb9888ba41faaeb8fd07392ad46808b7d894cc14 Mon Sep 17 00:00:00 2001
-From: Peter Oh <peter.oh@bowerswilkins.com>
-Date: Tue, 29 May 2018 14:39:12 -0700
-Subject: [PATCH 08/18] mesh: set interface type to mesh before setting
- interface
-
-Correct interface type is required to start DFS CAC that can be
-triggered during interface setup.
-
-Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
----
- wpa_supplicant/mesh.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
---- a/wpa_supplicant/mesh.c
-+++ b/wpa_supplicant/mesh.c
-@@ -340,14 +340,14 @@ static int wpa_supplicant_mesh_init(stru
- 
- 	wpa_supplicant_conf_ap_ht(wpa_s, ssid, conf);
- 
--	if (hostapd_setup_interface(ifmsh)) {
--		wpa_printf(MSG_ERROR,
--			   "Failed to initialize hostapd interface for mesh");
-+	if (wpa_drv_init_mesh(wpa_s)) {
-+		wpa_msg(wpa_s, MSG_ERROR, "Failed to init mesh in driver");
- 		return -1;
- 	}
- 
--	if (wpa_drv_init_mesh(wpa_s)) {
--		wpa_msg(wpa_s, MSG_ERROR, "Failed to init mesh in driver");
-+	if (hostapd_setup_interface(ifmsh)) {
-+		wpa_printf(MSG_ERROR,
-+			   "Failed to initialize hostapd interface for mesh");
- 		return -1;
- 	}
- 

package/network/services/hostapd/patches/009-mesh-set-mesh-center-frequency.patch

@@ -1,22 +0,0 @@
-From fa3af966032267e618b19bbf06a536ddb81ddbdf Mon Sep 17 00:00:00 2001
-From: Peter Oh <peter.oh@bowerswilkins.com>
-Date: Tue, 29 May 2018 14:39:13 -0700
-Subject: [PATCH 09/18] mesh: set mesh center frequency
-
-vht center frequency value is required to compose the correct channel info.
-
-Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
----
- wpa_supplicant/mesh.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/wpa_supplicant/mesh.c
-+++ b/wpa_supplicant/mesh.c
-@@ -457,6 +457,7 @@ int wpa_supplicant_join_mesh(struct wpa_
- 
- 	if (wpa_s->mesh_vht_enabled) {
- 		ssid->vht = 1;
-+		ssid->vht_center_freq1 = params->freq.center_freq1;
- 		switch (params->freq.bandwidth) {
- 		case 80:
- 			if (params->freq.center_freq2) {

package/network/services/hostapd/patches/010-mesh-consider-mesh-interface-on-dfs-event-handler.patch

@@ -1,176 +0,0 @@
-From 9a8ca54a264a2820af614043e7af853166b320b0 Mon Sep 17 00:00:00 2001
-From: Peter Oh <peter.oh@bowerswilkins.com>
-Date: Tue, 29 May 2018 14:39:14 -0700
-Subject: [PATCH 10/18] mesh: consider mesh interface on dfs event handler
-
-Once mesh starts supporting DFS channels, it has to handle DFS related events
-from drivers, hence add mesh interface to the check list.
-
-Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
-Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
----
- wpa_supplicant/ap.c     | 71 ++++++++++++++++++++++++++++++-----------
- wpa_supplicant/events.c |  7 ++--
- 2 files changed, 57 insertions(+), 21 deletions(-)
-
---- a/wpa_supplicant/ap.c
-+++ b/wpa_supplicant/ap.c
-@@ -1379,13 +1379,18 @@ int ap_ctrl_iface_chanswitch(struct wpa_
- void wpas_ap_ch_switch(struct wpa_supplicant *wpa_s, int freq, int ht,
- 		       int offset, int width, int cf1, int cf2)
- {
--	if (!wpa_s->ap_iface)
--		return;
-+	struct hostapd_iface *iface = wpa_s->ap_iface;
- 
-+	if (!wpa_s->ap_iface) {
-+		if (!wpa_s->ifmsh)
-+			return;
-+		else
-+			iface = wpa_s->ifmsh;
-+	}
- 	wpa_s->assoc_freq = freq;
- 	if (wpa_s->current_ssid)
- 		wpa_s->current_ssid->frequency = freq;
--	hostapd_event_ch_switch(wpa_s->ap_iface->bss[0], freq, ht,
-+	hostapd_event_ch_switch(iface->bss[0], freq, ht,
- 				offset, width, cf1, cf2);
- }
- 
-@@ -1582,10 +1587,16 @@ int wpas_ap_pmksa_cache_add_external(str
- void wpas_ap_event_dfs_radar_detected(struct wpa_supplicant *wpa_s,
- 				      struct dfs_event *radar)
- {
--	if (!wpa_s->ap_iface || !wpa_s->ap_iface->bss[0])
--		return;
-+	struct hostapd_iface *iface = wpa_s->ap_iface;
-+
-+	if (!wpa_s->ap_iface || !wpa_s->ap_iface->bss[0]) {
-+		if (!wpa_s->ifmsh || !wpa_s->ifmsh->bss[0])
-+			return;
-+		else
-+			iface = wpa_s->ifmsh;
-+	}
- 	wpa_printf(MSG_DEBUG, "DFS radar detected on %d MHz", radar->freq);
--	hostapd_dfs_radar_detected(wpa_s->ap_iface, radar->freq,
-+	hostapd_dfs_radar_detected(iface, radar->freq,
- 				   radar->ht_enabled, radar->chan_offset,
- 				   radar->chan_width,
- 				   radar->cf1, radar->cf2);
-@@ -1595,10 +1606,16 @@ void wpas_ap_event_dfs_radar_detected(st
- void wpas_ap_event_dfs_cac_started(struct wpa_supplicant *wpa_s,
- 				   struct dfs_event *radar)
- {
--	if (!wpa_s->ap_iface || !wpa_s->ap_iface->bss[0])
--		return;
-+	struct hostapd_iface *iface = wpa_s->ap_iface;
-+
-+	if (!wpa_s->ap_iface || !wpa_s->ap_iface->bss[0]) {
-+		if (!wpa_s->ifmsh || !wpa_s->ifmsh->bss[0])
-+			return;
-+		else
-+			iface = wpa_s->ifmsh;
-+	}
- 	wpa_printf(MSG_DEBUG, "DFS CAC started on %d MHz", radar->freq);
--	hostapd_dfs_start_cac(wpa_s->ap_iface, radar->freq,
-+	hostapd_dfs_start_cac(iface, radar->freq,
- 			      radar->ht_enabled, radar->chan_offset,
- 			      radar->chan_width, radar->cf1, radar->cf2);
- }
-@@ -1607,10 +1624,16 @@ void wpas_ap_event_dfs_cac_started(struc
- void wpas_ap_event_dfs_cac_finished(struct wpa_supplicant *wpa_s,
- 				    struct dfs_event *radar)
- {
--	if (!wpa_s->ap_iface || !wpa_s->ap_iface->bss[0])
--		return;
-+	struct hostapd_iface *iface = wpa_s->ap_iface;
-+
-+	if (!wpa_s->ap_iface || !wpa_s->ap_iface->bss[0]) {
-+		if (!wpa_s->ifmsh || !wpa_s->ifmsh->bss[0])
-+			return;
-+		else
-+			iface = wpa_s->ifmsh;
-+	}
- 	wpa_printf(MSG_DEBUG, "DFS CAC finished on %d MHz", radar->freq);
--	hostapd_dfs_complete_cac(wpa_s->ap_iface, 1, radar->freq,
-+	hostapd_dfs_complete_cac(iface, 1, radar->freq,
- 				 radar->ht_enabled, radar->chan_offset,
- 				 radar->chan_width, radar->cf1, radar->cf2);
- }
-@@ -1619,10 +1642,16 @@ void wpas_ap_event_dfs_cac_finished(stru
- void wpas_ap_event_dfs_cac_aborted(struct wpa_supplicant *wpa_s,
- 				   struct dfs_event *radar)
- {
--	if (!wpa_s->ap_iface || !wpa_s->ap_iface->bss[0])
--		return;
-+	struct hostapd_iface *iface = wpa_s->ap_iface;
-+
-+	if (!wpa_s->ap_iface || !wpa_s->ap_iface->bss[0]) {
-+		if (!wpa_s->ifmsh || !wpa_s->ifmsh->bss[0])
-+			return;
-+		else
-+			iface = wpa_s->ifmsh;
-+	}
- 	wpa_printf(MSG_DEBUG, "DFS CAC aborted on %d MHz", radar->freq);
--	hostapd_dfs_complete_cac(wpa_s->ap_iface, 0, radar->freq,
-+	hostapd_dfs_complete_cac(iface, 0, radar->freq,
- 				 radar->ht_enabled, radar->chan_offset,
- 				 radar->chan_width, radar->cf1, radar->cf2);
- }
-@@ -1631,10 +1660,16 @@ void wpas_ap_event_dfs_cac_aborted(struc
- void wpas_ap_event_dfs_cac_nop_finished(struct wpa_supplicant *wpa_s,
- 					struct dfs_event *radar)
- {
--	if (!wpa_s->ap_iface || !wpa_s->ap_iface->bss[0])
--		return;
-+	struct hostapd_iface *iface = wpa_s->ap_iface;
-+
-+	if (!wpa_s->ap_iface || !wpa_s->ap_iface->bss[0]) {
-+		if (!wpa_s->ifmsh || !wpa_s->ifmsh->bss[0])
-+			return;
-+		else
-+			iface = wpa_s->ifmsh;
-+	}
- 	wpa_printf(MSG_DEBUG, "DFS NOP finished on %d MHz", radar->freq);
--	hostapd_dfs_nop_finished(wpa_s->ap_iface, radar->freq,
-+	hostapd_dfs_nop_finished(iface, radar->freq,
- 				 radar->ht_enabled, radar->chan_offset,
- 				 radar->chan_width, radar->cf1, radar->cf2);
- }
---- a/wpa_supplicant/events.c
-+++ b/wpa_supplicant/events.c
-@@ -3840,7 +3840,7 @@ static void wpas_event_dfs_cac_started(s
- 				       struct dfs_event *radar)
- {
- #if defined(NEED_AP_MLME) && defined(CONFIG_AP)
--	if (wpa_s->ap_iface) {
-+	if (wpa_s->ap_iface || wpa_s->ifmsh) {
- 		wpas_ap_event_dfs_cac_started(wpa_s, radar);
- 	} else
- #endif /* NEED_AP_MLME && CONFIG_AP */
-@@ -3861,7 +3861,7 @@ static void wpas_event_dfs_cac_finished(
- 					struct dfs_event *radar)
- {
- #if defined(NEED_AP_MLME) && defined(CONFIG_AP)
--	if (wpa_s->ap_iface) {
-+	if (wpa_s->ap_iface || wpa_s->ifmsh) {
- 		wpas_ap_event_dfs_cac_finished(wpa_s, radar);
- 	} else
- #endif /* NEED_AP_MLME && CONFIG_AP */
-@@ -3877,7 +3877,7 @@ static void wpas_event_dfs_cac_aborted(s
- 				       struct dfs_event *radar)
- {
- #if defined(NEED_AP_MLME) && defined(CONFIG_AP)
--	if (wpa_s->ap_iface) {
-+	if (wpa_s->ap_iface || wpa_s->ifmsh) {
- 		wpas_ap_event_dfs_cac_aborted(wpa_s, radar);
- 	} else
- #endif /* NEED_AP_MLME && CONFIG_AP */
-@@ -4328,6 +4328,7 @@ void wpa_supplicant_event(void *ctx, enu
- #ifdef CONFIG_AP
- 		if (wpa_s->current_ssid->mode == WPAS_MODE_AP ||
- 		    wpa_s->current_ssid->mode == WPAS_MODE_P2P_GO ||
-+		    wpa_s->current_ssid->mode == WPAS_MODE_MESH ||
- 		    wpa_s->current_ssid->mode ==
- 		    WPAS_MODE_P2P_GROUP_FORMATION) {
- 			wpas_ap_ch_switch(wpa_s, data->ch_switch.freq,

package/network/services/hostapd/patches/011-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch

@@ -1,8 +1,7 @@
-From bbaa6142eadf229334436fdbf51aa65bb819f771 Mon Sep 17 00:00:00 2001
+From 89fa0d75fb1be82330258082ed3d7fd452eb6076 Mon Sep 17 00:00:00 2001
 From: Peter Oh <peter.oh@bowerswilkins.com>
-Date: Tue, 29 May 2018 14:39:15 -0700
-Subject: [PATCH 11/18] mesh: Allow DFS channels to be selected if dfs is
- enabled
+Date: Mon, 27 Aug 2018 14:28:45 -0700
+Subject: [PATCH 3/7] mesh: Allow DFS channels to be selected if dfs is enabled
 
 Note: DFS is assumed to be usable if a country code has been set
 
@@ -14,7 +13,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 
 --- a/wpa_supplicant/wpa_supplicant.c
 +++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2090,6 +2090,8 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -2153,6 +2153,8 @@ void ibss_mesh_setup_freq(struct wpa_sup
  	struct hostapd_freq_params vht_freq;
  	int chwidth, seg0, seg1;
  	u32 vht_caps = 0;
@@ -23,7 +22,7 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
  
  	freq->freq = ssid->frequency;
  
-@@ -2166,8 +2168,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
+@@ -2232,8 +2234,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
  		return;
  
  	/* Check primary channel flags */
@@ -34,9 +33,9 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 +		if (!dfs_enabled)
 +			return;
  
- #ifdef CONFIG_HT_OVERRIDES
- 	if (ssid->disable_ht40)
-@@ -2193,8 +2198,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ 	freq->channel = pri_chan->chan;
+ 
+@@ -2264,8 +2269,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
  		return;
  
  	/* Check secondary channel flags */
@@ -47,9 +46,9 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 +		if (!dfs_enabled)
 +			return;
  
- 	freq->channel = pri_chan->chan;
- 
-@@ -2284,8 +2292,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ 	if (ht40 == -1) {
+ 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
+@@ -2356,8 +2364,11 @@ skip_ht40:
  			return;
  
  		/* Back to HT configuration if channel not usable */
@@ -61,8 +60,8 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 +				return;
  	}
  
- 	chwidth = VHT_CHANWIDTH_80MHZ;
-@@ -2305,10 +2316,11 @@ void ibss_mesh_setup_freq(struct wpa_sup
+ 	chwidth = CHANWIDTH_80MHZ;
+@@ -2377,10 +2388,11 @@ skip_ht40:
  				if (!chan)
  					continue;
  
@@ -76,4 +75,4 @@ Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 +						continue;
  
  				/* Found a suitable second segment for 80+80 */
- 				chwidth = VHT_CHANWIDTH_80P80MHZ;
+ 				chwidth = CHANWIDTH_80P80MHZ;

package/network/services/hostapd/patches/013-mesh-do-not-allow-pri-sec-channel-switch.patch

@@ -1,27 +1,29 @@
-From 267395271c1a36b54ef21070acff2cadce241035 Mon Sep 17 00:00:00 2001
+From 4f4a9b9e2e61fba334a21dadea749e4b440f42e6 Mon Sep 17 00:00:00 2001
 From: Peter Oh <peter.oh@bowerswilkins.com>
-Date: Tue, 29 May 2018 14:39:17 -0700
-Subject: [PATCH 13/18] mesh: do not allow pri/sec channel switch
+Date: Mon, 27 Aug 2018 14:28:48 -0700
+Subject: [PATCH 6/7] mesh: don't allow pri/sec channel switch
 
-We don't want mesh to switch the channel from primary to secondary,
-since mesh points are not able to join each other in that case.
+This limitation isn't backed by standard, but it is known that
+mesh doesn't have capability to handle 20/40 coex change in
+current implementation and it will not able to establish
+PLINK when channel switch between primary and secondary happens.
+
+Since it's unknown when we will have the implementation of handling
+20/40 coex change for mesh, it'd better to avoid them from happening
+until standard based implementation is introduced.
 
 Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 ---
- wpa_supplicant/mesh.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
+ wpa_supplicant/mesh.c | 1 +
+ 1 file changed, 1 insertion(+)
 
 --- a/wpa_supplicant/mesh.c
 +++ b/wpa_supplicant/mesh.c
-@@ -337,7 +337,10 @@ static int wpa_supplicant_mesh_init(stru
- 			  rate_len * sizeof(int));
+@@ -386,6 +386,7 @@ static int wpa_supplicant_mesh_init(stru
  		conf->basic_rates[rate_len] = -1;
  	}
--
-+	/* Do not allow primary/secondary channel switch in mesh mode,
-+	  * since mesh is not able to establish a physical link for it
-+	  */
-+	conf->no_pri_sec_switch = 1;
- 	wpa_supplicant_conf_ap_ht(wpa_s, ssid, conf);
  
- 	if (wpa_drv_init_mesh(wpa_s)) {
++	conf->no_pri_sec_switch = 1;
+ 	/* Handle pri/sec switch frequency within AP configuration parameter
+ 	 * generation without changing the stored network profile in the end. */
+ 	saved_freq = ssid->frequency;

package/network/services/hostapd/patches/014-mesh-do-not-allow-scan-result-to-swap-pri-sec.patch

@@ -1,24 +0,0 @@
-From f95897cef614fff710c31d9e478eacc85d6312d5 Mon Sep 17 00:00:00 2001
-From: Peter Oh <peter.oh@bowerswilkins.com>
-Date: Tue, 29 May 2018 14:39:18 -0700
-Subject: [PATCH 14/18] mesh: do not allow scan result to swap pri/sec
-
-Swapping between primary and secondary channel will break
-mesh from joining, hence don't allow it.
-
-Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
----
- wpa_supplicant/wpa_supplicant.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/wpa_supplicant/wpa_supplicant.c
-+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2215,7 +2215,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
- 	}
- 	freq->sec_channel_offset = ht40;
- 
--	if (obss_scan) {
-+	if (ssid->mode != WPAS_MODE_MESH && obss_scan) {
- 		struct wpa_scan_results *scan_res;
- 
- 		scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);

package/network/services/hostapd/patches/015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch

@@ -1,44 +1,56 @@
-From 9423e8be0393e82c8622806a0529e47fd5583c0b Mon Sep 17 00:00:00 2001
+From 71e9c65a7c8af90a5fd11072062b596421316452 Mon Sep 17 00:00:00 2001
 From: Peter Oh <peter.oh@bowerswilkins.com>
-Date: Tue, 29 May 2018 14:39:19 -0700
-Subject: [PATCH 15/18] mesh: do not use offchan mgmt tx on DFS
+Date: Mon, 27 Aug 2018 14:28:46 -0700
+Subject: [PATCH 4/7] mesh: do not set offchanok on DFS channels in non-ETSI
 
-Drivers don't allow mesh to use offchannel on management Tx.
+mac80211 does not allow mgmt tx to use off channel on
+DFS channels in non-ETSI domain, because it will invalidate
+CAC result on current operating channel.
+(mac80211 commit: 34373d12f3cbb74960a73431138ef619d857996f)
+Hence don't set offchanok for mgmt tx in case of DFS channels
+in non-ETSI.
 
 Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
-Signed-off-by: Daniel Golle <daniel@makrotopia.org>
-[daniel@makrotopia.org: adapted to changed ieee80211_is_dfs prototype]
 ---
- src/drivers/driver_nl80211.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
+ src/drivers/driver_nl80211.c | 21 ++++++++++++++++++++-
+ 1 file changed, 20 insertions(+), 1 deletion(-)
 
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -7268,6 +7268,10 @@ static int wpa_driver_nl80211_send_actio
- 	struct wpa_driver_nl80211_data *drv = bss->drv;
+@@ -7462,6 +7462,10 @@ static int wpa_driver_nl80211_send_actio
  	int ret = -1;
  	u8 *buf;
-+	int offchanok = 1;
-+	u16 num_modes, flags;
-+	struct hostapd_hw_modes *modes;
-+	u8 dfs_domain;
  	struct ieee80211_hdr *hdr;
++	struct hostapd_hw_modes *modes;
++	int i, offchanok = 1;
++	u16 num_modes, flags;
++	u8 dfs_domain;
  
  	wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, "
-@@ -7292,7 +7296,11 @@ static int wpa_driver_nl80211_send_actio
- 	} else {
+ 		   "freq=%u MHz wait=%d ms no_cck=%d)",
+@@ -7486,6 +7490,21 @@ static int wpa_driver_nl80211_send_actio
  		os_memset(bss->rand_addr, 0, ETH_ALEN);
  	}
--
-+	if (is_mesh_interface(drv->nlmode) &&
-+	    (modes = nl80211_get_hw_feature_data(bss, &num_modes, &flags,
-+						 &dfs_domain)) &&
-+	    ieee80211_is_dfs(freq, modes, num_modes))
-+		offchanok = 0;
+ 
++	if (is_mesh_interface(drv->nlmode)) {
++		modes = nl80211_get_hw_feature_data(bss, &num_modes,
++						    &flags, &dfs_domain);
++		if (dfs_domain != HOSTAPD_DFS_REGION_ETSI &&
++		    ieee80211_is_dfs(bss->freq, modes, num_modes))
++			offchanok = 0;
++		if (modes) {
++			for (i = 0; i < num_modes; i++) {
++				os_free(modes[i].channels);
++				os_free(modes[i].rates);
++			}
++			os_free(modes);
++		}
++	}
++
  	if (is_ap_interface(drv->nlmode) &&
  	    (!(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) ||
  	     (int) freq == bss->freq || drv->device_ap_sme ||
-@@ -7304,7 +7312,7 @@ static int wpa_driver_nl80211_send_actio
+@@ -7497,7 +7516,7 @@ static int wpa_driver_nl80211_send_actio
  		ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf,
  					     24 + data_len,
  					     &drv->send_action_cookie,

package/network/services/hostapd/patches/016-mesh-fix-channel-switch-error-during-CAC.patch

@@ -1,7 +1,7 @@
-From fa9d565fe8841b288f29137c23a7ab2584dd9510 Mon Sep 17 00:00:00 2001
+From 5913d6e2a741683e7c747c046f72ca790bbe1337 Mon Sep 17 00:00:00 2001
 From: Peter Oh <peter.oh@bowerswilkins.com>
-Date: Tue, 29 May 2018 14:39:20 -0700
-Subject: [PATCH 16/18] mesh: fix channel switch error during CAC
+Date: Mon, 27 Aug 2018 14:28:47 -0700
+Subject: [PATCH 5/7] mesh: fix channel switch error during CAC
 
 Mesh interface has used its channel parameters that configured
 during its initialization even after channel switched due to
@@ -10,30 +10,23 @@ This change fixes the error by updating its channel parameters
 when channel's been changed from initial one.
 
 Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
-Signed-off-by: Daniel Golle <daniel@makrotopia.org>
-[daniel@makrotopia.org: added hw_features_common.h include]
 ---
  wpa_supplicant/mesh.c | 25 +++++++++++++++++++++++++
  1 file changed, 25 insertions(+)
 
 --- a/wpa_supplicant/mesh.c
 +++ b/wpa_supplicant/mesh.c
-@@ -11,6 +11,7 @@
- #include "utils/common.h"
- #include "utils/eloop.h"
+@@ -13,6 +13,7 @@
  #include "utils/uuid.h"
-+#include "common/hw_features_common.h"
  #include "common/ieee802_11_defs.h"
  #include "common/wpa_ctrl.h"
++#include "common/hw_features_common.h"
  #include "ap/sta_info.h"
-@@ -394,10 +395,35 @@ void wpa_supplicant_mesh_add_scan_ie(str
- void wpas_mesh_complete_cb(void *ctx)
- {
- 	struct wpa_supplicant *wpa_s = (struct wpa_supplicant *)ctx;
-+	struct hostapd_iface *ifmsh = wpa_s->ifmsh;
- 	struct wpa_driver_mesh_join_params *params = wpa_s->mesh_params;
- 	struct wpa_ssid *ssid = wpa_s->current_ssid;
- 	int ret = 0;
+ #include "ap/hostapd.h"
+ #include "ap/ieee802_11.h"
+@@ -204,6 +205,32 @@ static void wpas_mesh_complete_cb(void *
+ 		return;
+ 	}
  
 +	/*
 +	 * inspect if channel's been changed since initialized.
@@ -48,17 +41,19 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 +				ifmsh->conf->channel,
 +				ifmsh->conf->ieee80211n,
 +				ifmsh->conf->ieee80211ac,
++				ifmsh->conf->ieee80211ax,
 +				ifmsh->conf->secondary_channel,
-+				ifmsh->conf->vht_oper_chwidth,
-+				ifmsh->conf->vht_oper_centr_freq_seg0_idx,
-+				ifmsh->conf->vht_oper_centr_freq_seg1_idx,
-+				ifmsh->conf->vht_capab)) {
++				hostapd_get_oper_chwidth(ifmsh->conf),
++				hostapd_get_oper_centr_freq_seg0_idx(ifmsh->conf),
++				hostapd_get_oper_centr_freq_seg1_idx(ifmsh->conf),
++				ifmsh->current_mode->vht_capab,
++				&ifmsh->current_mode->he_capab[IEEE80211_MODE_AP])) {
 +			wpa_printf(MSG_ERROR, "Error updating mesh frequency params.");
 +			wpa_supplicant_mesh_deinit(wpa_s);
 +			return;
 +		}
 +	}
 +
- 	if (wpas_mesh_init_rsn(wpa_s)) {
- 		wpa_printf(MSG_ERROR, "Init RSN failed. Deinit mesh...");
- 		wpa_supplicant_mesh_deinit(wpa_s);
+ 	if (ifmsh->mconf->security != MESH_CONF_SEC_NONE &&
+ 	    wpas_mesh_init_rsn(wpa_s)) {
+ 		wpa_printf(MSG_ERROR,

package/network/services/hostapd/patches/017-mesh-use-right-interface-context-to-send-DFS-event-m.patch

@@ -1,107 +0,0 @@
-From d3201adfe7d2219217a07ef16ef365ad59c1a89b Mon Sep 17 00:00:00 2001
-From: Peter Oh <peter.oh@bowerswilkins.com>
-Date: Tue, 29 May 2018 14:39:21 -0700
-Subject: [PATCH 17/18] mesh: use right interface context to send DFS event
- messages
-
-use mesh interface context to send DFS event messages when
-DFS events are on mesh interface.
-
-Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
-Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
----
- src/ap/dfs.c | 27 +++++++++++++++++++--------
- 1 file changed, 19 insertions(+), 8 deletions(-)
-
---- a/src/ap/dfs.c
-+++ b/src/ap/dfs.c
-@@ -637,6 +637,17 @@ static unsigned int dfs_get_cac_time(str
- }
- 
- 
-+static void *get_message_ctx(struct hostapd_iface *iface)
-+{
-+#ifdef CONFIG_MESH
-+       if (iface->mconf)
-+               return iface->owner;
-+#endif /* CONFIG_MESH */
-+
-+       return iface->bss[0]->msg_ctx;
-+}
-+
-+
- /*
-  * Main DFS handler
-  * 1 - continue channel/ap setup
-@@ -719,7 +730,7 @@ int hostapd_handle_dfs(struct hostapd_if
- 	/* Finally start CAC */
- 	hostapd_set_state(iface, HAPD_IFACE_DFS);
- 	wpa_printf(MSG_DEBUG, "DFS start CAC on %d MHz", iface->freq);
--	wpa_msg(iface->bss[0]->msg_ctx, MSG_INFO, DFS_EVENT_CAC_START
-+	wpa_msg(get_message_ctx(iface), MSG_INFO, DFS_EVENT_CAC_START
- 		"freq=%d chan=%d sec_chan=%d, width=%d, seg0=%d, seg1=%d, cac_time=%ds",
- 		iface->freq,
- 		iface->conf->channel, iface->conf->secondary_channel,
-@@ -768,7 +779,7 @@ int hostapd_dfs_complete_cac(struct host
- 			     int ht_enabled, int chan_offset, int chan_width,
- 			     int cf1, int cf2)
- {
--	wpa_msg(iface->bss[0]->msg_ctx, MSG_INFO, DFS_EVENT_CAC_COMPLETED
-+	wpa_msg(get_message_ctx(iface), MSG_INFO, DFS_EVENT_CAC_COMPLETED
- 		"success=%d freq=%d ht_enabled=%d chan_offset=%d chan_width=%d cf1=%d cf2=%d",
- 		success, freq, ht_enabled, chan_offset, chan_width, cf1, cf2);
- 
-@@ -810,7 +821,7 @@ int hostapd_dfs_pre_cac_expired(struct h
- 				int ht_enabled, int chan_offset, int chan_width,
- 				int cf1, int cf2)
- {
--	wpa_msg(iface->bss[0]->msg_ctx, MSG_INFO, DFS_EVENT_PRE_CAC_EXPIRED
-+	wpa_msg(get_message_ctx(iface), MSG_INFO, DFS_EVENT_PRE_CAC_EXPIRED
- 		"freq=%d ht_enabled=%d chan_offset=%d chan_width=%d cf1=%d cf2=%d",
- 		freq, ht_enabled, chan_offset, chan_width, cf1, cf2);
- 
-@@ -848,7 +859,7 @@ static int hostapd_dfs_start_channel_swi
- 
- 	wpa_printf(MSG_DEBUG, "DFS will switch to a new channel %d",
- 		   channel->chan);
--	wpa_msg(iface->bss[0]->msg_ctx, MSG_INFO, DFS_EVENT_NEW_CHANNEL
-+	wpa_msg(get_message_ctx(iface), MSG_INFO, DFS_EVENT_NEW_CHANNEL
- 		"freq=%d chan=%d sec_chan=%d", channel->freq,
- 		channel->chan, secondary_channel);
- 
-@@ -935,7 +946,7 @@ static int hostapd_dfs_start_channel_swi
- 
- 	wpa_printf(MSG_DEBUG, "DFS will switch to a new channel %d",
- 		   channel->chan);
--	wpa_msg(iface->bss[0]->msg_ctx, MSG_INFO, DFS_EVENT_NEW_CHANNEL
-+	wpa_msg(get_message_ctx(iface), MSG_INFO, DFS_EVENT_NEW_CHANNEL
- 		"freq=%d chan=%d sec_chan=%d", channel->freq,
- 		channel->chan, secondary_channel);
- 
-@@ -997,7 +1008,7 @@ int hostapd_dfs_radar_detected(struct ho
- {
- 	int res;
- 
--	wpa_msg(iface->bss[0]->msg_ctx, MSG_INFO, DFS_EVENT_RADAR_DETECTED
-+	wpa_msg(get_message_ctx(iface), MSG_INFO, DFS_EVENT_RADAR_DETECTED
- 		"freq=%d ht_enabled=%d chan_offset=%d chan_width=%d cf1=%d cf2=%d",
- 		freq, ht_enabled, chan_offset, chan_width, cf1, cf2);
- 
-@@ -1028,7 +1039,7 @@ int hostapd_dfs_nop_finished(struct host
- 			     int ht_enabled, int chan_offset, int chan_width,
- 			     int cf1, int cf2)
- {
--	wpa_msg(iface->bss[0]->msg_ctx, MSG_INFO, DFS_EVENT_NOP_FINISHED
-+	wpa_msg(get_message_ctx(iface), MSG_INFO, DFS_EVENT_NOP_FINISHED
- 		"freq=%d ht_enabled=%d chan_offset=%d chan_width=%d cf1=%d cf2=%d",
- 		freq, ht_enabled, chan_offset, chan_width, cf1, cf2);
- 
-@@ -1078,7 +1089,7 @@ int hostapd_dfs_start_cac(struct hostapd
- 			  int ht_enabled, int chan_offset, int chan_width,
- 			  int cf1, int cf2)
- {
--	wpa_msg(iface->bss[0]->msg_ctx, MSG_INFO, DFS_EVENT_CAC_START
-+	wpa_msg(get_message_ctx(iface), MSG_INFO, DFS_EVENT_CAC_START
- 		"freq=%d chan=%d chan_offset=%d width=%d seg0=%d "
- 		"seg1=%d cac_time=%ds",
- 		freq, (freq - 5000) / 5, chan_offset, chan_width, cf1, cf2, 60);

package/network/services/hostapd/patches/018-mesh-make-forwarding-configurable.patch

@@ -23,7 +23,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 
 --- a/src/ap/ap_config.h
 +++ b/src/ap/ap_config.h
-@@ -49,6 +49,7 @@ struct mesh_conf {
+@@ -51,6 +51,7 @@ struct mesh_conf {
  	int dot11MeshRetryTimeout; /* msec */
  	int dot11MeshConfirmTimeout; /* msec */
  	int dot11MeshHoldingTimeout; /* msec */
@@ -31,7 +31,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  };
  
  #define MAX_STA_COUNT 2007
-@@ -628,6 +629,7 @@ struct hostapd_bss_config {
+@@ -666,6 +667,7 @@ struct hostapd_bss_config {
  
  #define MESH_ENABLED BIT(0)
  	int mesh;
@@ -41,7 +41,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  
 --- a/src/drivers/driver.h
 +++ b/src/drivers/driver.h
-@@ -1375,6 +1375,7 @@ struct wpa_driver_mesh_bss_params {
+@@ -1450,6 +1450,7 @@ struct wpa_driver_mesh_bss_params {
  #define WPA_DRIVER_MESH_CONF_FLAG_MAX_PEER_LINKS	0x00000004
  #define WPA_DRIVER_MESH_CONF_FLAG_HT_OP_MODE		0x00000008
  #define WPA_DRIVER_MESH_CONF_FLAG_RSSI_THRESHOLD	0x00000010
@@ -49,7 +49,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  	/*
  	 * TODO: Other mesh configuration parameters would go here.
  	 * See NL80211_MESHCONF_* for all the mesh config parameters.
-@@ -1384,6 +1385,7 @@ struct wpa_driver_mesh_bss_params {
+@@ -1459,6 +1460,7 @@ struct wpa_driver_mesh_bss_params {
  	int peer_link_timeout;
  	int max_peer_links;
  	int rssi_threshold;
@@ -59,7 +59,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  
 --- a/src/drivers/driver_nl80211.c
 +++ b/src/drivers/driver_nl80211.c
-@@ -9332,6 +9332,9 @@ static int nl80211_put_mesh_config(struc
+@@ -9592,6 +9592,9 @@ static int nl80211_put_mesh_config(struc
  	if (((params->flags & WPA_DRIVER_MESH_CONF_FLAG_AUTO_PLINKS) &&
  	     nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
  			params->auto_plinks)) ||
@@ -71,7 +71,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  			 params->max_peer_links)) ||
 --- a/wpa_supplicant/config.c
 +++ b/wpa_supplicant/config.c
-@@ -2228,6 +2228,7 @@ static const struct parse_data ssid_fiel
+@@ -2307,6 +2307,7 @@ static const struct parse_data ssid_fiel
  #ifdef CONFIG_MESH
  	{ INT_RANGE(mode, 0, 5) },
  	{ INT_RANGE(no_auto_peer, 0, 1) },
@@ -79,7 +79,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  	{ INT_RANGE(mesh_rssi_threshold, -255, 1) },
  #else /* CONFIG_MESH */
  	{ INT_RANGE(mode, 0, 4) },
-@@ -2779,6 +2780,7 @@ void wpa_config_set_network_defaults(str
+@@ -2869,6 +2870,7 @@ void wpa_config_set_network_defaults(str
  	ssid->dot11MeshRetryTimeout = DEFAULT_MESH_RETRY_TIMEOUT;
  	ssid->dot11MeshConfirmTimeout = DEFAULT_MESH_CONFIRM_TIMEOUT;
  	ssid->dot11MeshHoldingTimeout = DEFAULT_MESH_HOLDING_TIMEOUT;
@@ -87,7 +87,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  	ssid->mesh_rssi_threshold = DEFAULT_MESH_RSSI_THRESHOLD;
  #endif /* CONFIG_MESH */
  #ifdef CONFIG_HT_OVERRIDES
-@@ -3996,6 +3998,7 @@ struct wpa_config * wpa_config_alloc_emp
+@@ -4089,6 +4091,7 @@ struct wpa_config * wpa_config_alloc_emp
  	config->user_mpm = DEFAULT_USER_MPM;
  	config->max_peer_links = DEFAULT_MAX_PEER_LINKS;
  	config->mesh_max_inactivity = DEFAULT_MESH_MAX_INACTIVITY;
@@ -95,7 +95,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  	config->dot11RSNASAERetransPeriod =
  		DEFAULT_DOT11_RSNA_SAE_RETRANS_PERIOD;
  	config->fast_reauth = DEFAULT_FAST_REAUTH;
-@@ -4618,6 +4621,7 @@ static const struct global_parse_data gl
+@@ -4726,6 +4729,7 @@ static const struct global_parse_data gl
  	{ INT(user_mpm), 0 },
  	{ INT_RANGE(max_peer_links, 0, 255), 0 },
  	{ INT(mesh_max_inactivity), 0 },
@@ -113,7 +113,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  /*
   * The default dot11RSNASAERetransPeriod is defined as 40 ms in the standard,
   * but use 1000 ms in practice to avoid issues on low power CPUs.
-@@ -1306,6 +1307,14 @@ struct wpa_config {
+@@ -1327,6 +1328,14 @@ struct wpa_config {
  	int mesh_max_inactivity;
  
  	/**
@@ -130,7 +130,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  	 * This timeout value is used in mesh STA to retransmit
 --- a/wpa_supplicant/config_file.c
 +++ b/wpa_supplicant/config_file.c
-@@ -818,6 +818,7 @@ static void wpa_config_write_network(FIL
+@@ -829,6 +829,7 @@ static void wpa_config_write_network(FIL
  #endif /* IEEE8021X_EAPOL */
  	INT(mode);
  	INT(no_auto_peer);
@@ -138,7 +138,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  	INT(frequency);
  	INT(fixed_freq);
  #ifdef CONFIG_ACS
-@@ -1450,6 +1451,9 @@ static void wpa_config_write_global(FILE
+@@ -1472,6 +1473,9 @@ static void wpa_config_write_global(FILE
  		fprintf(f, "mesh_max_inactivity=%d\n",
  			config->mesh_max_inactivity);
  
@@ -150,7 +150,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  		fprintf(f, "dot11RSNASAERetransPeriod=%d\n",
 --- a/wpa_supplicant/config_ssid.h
 +++ b/wpa_supplicant/config_ssid.h
-@@ -500,6 +500,11 @@ struct wpa_ssid {
+@@ -516,6 +516,11 @@ struct wpa_ssid {
  	int dot11MeshConfirmTimeout; /* msec */
  	int dot11MeshHoldingTimeout; /* msec */
  
@@ -164,7 +164,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  
 --- a/wpa_supplicant/mesh.c
 +++ b/wpa_supplicant/mesh.c
-@@ -121,6 +121,7 @@ static struct mesh_conf * mesh_config_cr
+@@ -126,6 +126,7 @@ static struct mesh_conf * mesh_config_cr
  	conf->mesh_cc_id = 0;
  	conf->mesh_sp_id = MESH_SYNC_METHOD_NEIGHBOR_OFFSET;
  	conf->mesh_auth_id = (conf->security & MESH_CONF_SEC_AUTH) ? 1 : 0;
@@ -172,7 +172,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  	conf->dot11MeshMaxRetries = ssid->dot11MeshMaxRetries;
  	conf->dot11MeshRetryTimeout = ssid->dot11MeshRetryTimeout;
  	conf->dot11MeshConfirmTimeout = ssid->dot11MeshConfirmTimeout;
-@@ -256,6 +257,7 @@ static int wpa_supplicant_mesh_init(stru
+@@ -328,6 +329,7 @@ static int wpa_supplicant_mesh_init(stru
  	bss->conf->start_disabled = 1;
  	bss->conf->mesh = MESH_ENABLED;
  	bss->conf->ap_max_inactivity = wpa_s->conf->mesh_max_inactivity;
@@ -180,7 +180,7 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
  
  	if (ieee80211_is_dfs(ssid->frequency, wpa_s->hw.modes,
  			     wpa_s->hw.num_modes) && wpa_s->conf->country[0]) {
-@@ -534,6 +536,10 @@ int wpa_supplicant_join_mesh(struct wpa_
+@@ -549,6 +551,10 @@ int wpa_supplicant_join_mesh(struct wpa_
  	}
  	params->conf.peer_link_timeout = wpa_s->conf->mesh_max_inactivity;
  
@@ -188,12 +188,12 @@ Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 +	params->conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_FORWARDING;
 +	params->conf.forwarding = ssid->mesh_fwding;
 +
+ 	os_free(wpa_s->mesh_params);
  	wpa_s->mesh_params = params;
  	if (wpa_supplicant_mesh_init(wpa_s, ssid, &params->freq)) {
- 		wpa_msg(wpa_s, MSG_ERROR, "Failed to init mesh");
 --- a/wpa_supplicant/mesh_mpm.c
 +++ b/wpa_supplicant/mesh_mpm.c
-@@ -289,9 +289,9 @@ static void mesh_mpm_send_plink_action(s
+@@ -305,9 +305,9 @@ static void mesh_mpm_send_plink_action(s
  		info = (bss->num_plinks > 63 ? 63 : bss->num_plinks) << 1;
  		/* TODO: Add Connected to Mesh Gate/AS subfields */
  		wpabuf_put_u8(buf, info);

package/network/services/hostapd/patches/031-mesh-add-VHT_CHANWIDTH_USE_HT-to-max_oper_chwidth.patch

@@ -1,49 +0,0 @@
-From 838225f2319348e430b553fd9bb3680bd7434ae3 Mon Sep 17 00:00:00 2001
-From: Peter Oh <peter.oh@bowerswilkins.com>
-Date: Wed, 18 Apr 2018 14:14:18 -0700
-Subject: [PATCH 1/2] mesh: add VHT_CHANWIDTH_USE_HT to max_oper_chwidth
-
-Channel width in VHT mode refers HT capability when
-the width goes down to below 80MHz, hence add checking
-HT channel width to its max operation channel width.
-So that mesh has capable to select bandwidth below 80Mhz.
-
-Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
----
- wpa_supplicant/config.c         | 1 +
- wpa_supplicant/config_ssid.h    | 1 +
- wpa_supplicant/wpa_supplicant.c | 3 +++
- 3 files changed, 5 insertions(+)
-
---- a/wpa_supplicant/config.c
-+++ b/wpa_supplicant/config.c
-@@ -2818,6 +2818,7 @@ void wpa_config_set_network_defaults(str
- 	ssid->mka_priority = DEFAULT_PRIO_NOT_KEY_SERVER;
- #endif /* CONFIG_MACSEC */
- 	ssid->mac_addr = -1;
-+	ssid->max_oper_chwidth = (u8)DEFAULT_MAX_OPER_CHWIDTH;
- }
- 
- 
---- a/wpa_supplicant/config_ssid.h
-+++ b/wpa_supplicant/config_ssid.h
-@@ -37,6 +37,7 @@
- #define DEFAULT_AMPDU_FACTOR -1 /* no change */
- #define DEFAULT_AMPDU_DENSITY -1 /* no change */
- #define DEFAULT_USER_SELECTED_SIM 1
-+#define DEFAULT_MAX_OPER_CHWIDTH -1
- 
- struct psk_list_entry {
- 	struct dl_list list;
---- a/wpa_supplicant/wpa_supplicant.c
-+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2342,6 +2342,9 @@ void ibss_mesh_setup_freq(struct wpa_sup
- 			vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
- 			seg0 = 114;
- 		}
-+	} else if (ssid->max_oper_chwidth == VHT_CHANWIDTH_USE_HT) {
-+		chwidth = VHT_CHANWIDTH_USE_HT;
-+		seg0 = vht80[j] + 2;
- 	}
- 
- 	if (hostapd_set_freq_params(&vht_freq, mode->mode, freq->freq,

package/network/services/hostapd/patches/032-mesh-implement-use-of-VHT20-config-in-mesh-mode.patch

@@ -1,82 +0,0 @@
-From 24fc73b2470ff79cd8c92e029ca785c8e95a204c Mon Sep 17 00:00:00 2001
-From: Peter Oh <peter.oh@bowerswilkins.com>
-Date: Wed, 18 Apr 2018 14:14:19 -0700
-Subject: [PATCH 2/2] mesh: implement use of VHT20 config in mesh mode
-
-mesh in VHT mode is supposed to be able to use any bandwidth
-that 11ac supports, but we don't have a way to set VHT20
-although there are parameters that are supposed to be used.
-This patch along with the patch of
-"mesh: add VHT_CHANWIDTH_USE_HT to max_oper_chwidth" makes mesh
-available to use of any bandwidth using combination of
-existing parameters like below shown.
-
-VHT80:
-  default
-  do not set any parameters
-VHT40:
-  max_oper_chwidth = 0
-VHT20:
-  max_oper_chwidth=0
-  disable_ht40=1
-HT40:
-  disable_vht = 1
-HT20:
-  disable_ht40 = 1
-disable HT:
-  disable_ht = 1
-
-Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
----
- wpa_supplicant/wpa_supplicant.c | 18 +++++++++++++-----
- 1 file changed, 13 insertions(+), 5 deletions(-)
-
---- a/wpa_supplicant/wpa_supplicant.c
-+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -2174,9 +2174,15 @@ void ibss_mesh_setup_freq(struct wpa_sup
- 		if (!dfs_enabled)
- 			return;
- 
-+	freq->channel = pri_chan->chan;
-+
- #ifdef CONFIG_HT_OVERRIDES
--	if (ssid->disable_ht40)
--		return;
-+	if (ssid->disable_ht40) {
-+		if (ssid->disable_vht)
-+			return;
-+		else
-+			goto skip_ht40;
-+	}
- #endif /* CONFIG_HT_OVERRIDES */
- 
- 	/* Check/setup HT40+/HT40- */
-@@ -2204,8 +2210,6 @@ void ibss_mesh_setup_freq(struct wpa_sup
- 		if (!dfs_enabled)
- 			return;
- 
--	freq->channel = pri_chan->chan;
--
- 	if (ht40 == -1) {
- 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
- 			return;
-@@ -2249,6 +2253,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
- 		wpa_scan_results_free(scan_res);
- 	}
- 
-+skip_ht40:
- 	wpa_printf(MSG_DEBUG,
- 		   "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
- 		   freq->channel, freq->sec_channel_offset);
-@@ -2344,7 +2349,10 @@ void ibss_mesh_setup_freq(struct wpa_sup
- 		}
- 	} else if (ssid->max_oper_chwidth == VHT_CHANWIDTH_USE_HT) {
- 		chwidth = VHT_CHANWIDTH_USE_HT;
--		seg0 = vht80[j] + 2;
-+		if (ssid->disable_ht40)
-+			seg0 = 0;
-+		else
-+			seg0 = vht80[j] + 2;
- 	}
- 
- 	if (hostapd_set_freq_params(&vht_freq, mode->mode, freq->freq,

package/network/services/hostapd/patches/040-FT-Fix-CONFIG_IEEE80211X-y-build-without-CONFIG_FILS.patch

@@ -1,33 +0,0 @@
-From f2973fa39d6109f0f34969e91551a98dc340d537 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Mon, 3 Dec 2018 12:00:26 +0200
-Subject: FT: Fix CONFIG_IEEE80211X=y build without CONFIG_FILS=y
-
-remove_ie() was defined within an ifdef CONFIG_FILS block while it is
-now needed even without CONFIG_FILS=y. Remove the CONFIG_FILS condition
-there.
-
-Fixes 8c41734e5de1 ("FT: Fix Reassociation Request IEs during FT protocol")
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- wpa_supplicant/sme.c | 2 --
- 1 file changed, 2 deletions(-)
-
---- a/wpa_supplicant/sme.c
-+++ b/wpa_supplicant/sme.c
-@@ -1386,7 +1386,6 @@ void sme_event_auth(struct wpa_supplican
- }
- 
- 
--#ifdef CONFIG_FILS
- #ifdef CONFIG_IEEE80211R
- static void remove_ie(u8 *buf, size_t *len, u8 eid)
- {
-@@ -1401,7 +1400,6 @@ static void remove_ie(u8 *buf, size_t *l
- 	}
- }
- #endif /* CONFIG_IEEE80211R */
--#endif /* CONFIG_FILS */
- 
- 
- void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode,

package/network/services/hostapd/patches/051-wpa_supplicant-fix-race-condition-in-mesh-mpm-new-pe.patch

@@ -14,7 +14,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 
 --- a/wpa_supplicant/mesh_mpm.c
 +++ b/wpa_supplicant/mesh_mpm.c
-@@ -663,11 +663,12 @@ static struct sta_info * mesh_mpm_add_pe
+@@ -710,11 +710,12 @@ static struct sta_info * mesh_mpm_add_pe
  	}
  
  	sta = ap_get_sta(data, addr);

package/network/services/hostapd/patches/061-0001-OpenSSL-Use-constant-time-operations-for-private-big.patch

@@ -1,88 +0,0 @@
-From d42c477cc794163a3757956bbffca5cea000923c Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@codeaurora.org>
-Date: Tue, 26 Feb 2019 11:43:03 +0200
-Subject: [PATCH 01/14] OpenSSL: Use constant time operations for private
- bignums
-
-This helps in reducing measurable timing differences in operations
-involving private information. BoringSSL has removed BN_FLG_CONSTTIME
-and expects specific constant time functions to be called instead, so a
-bit different approach is needed depending on which library is used.
-
-The main operation that needs protection against side channel attacks is
-BN_mod_exp() that depends on private keys (the public key validation
-step in crypto_dh_derive_secret() is an exception that can use the
-faster version since it does not depend on private keys).
-
-crypto_bignum_div() is currently used only in SAE FFC case with not
-safe-prime groups and only with values that do not depend on private
-keys, so it is not critical to protect it.
-
-crypto_bignum_inverse() is currently used only in SAE FFC PWE
-derivation. The additional protection here is targeting only OpenSSL.
-BoringSSL may need conversion to using BN_mod_inverse_blinded().
-
-This is related to CVE-2019-9494 and CVE-2019-9495.
-
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
----
- src/crypto/crypto_openssl.c | 20 +++++++++++++++-----
- 1 file changed, 15 insertions(+), 5 deletions(-)
-
---- a/src/crypto/crypto_openssl.c
-+++ b/src/crypto/crypto_openssl.c
-@@ -549,7 +549,8 @@ int crypto_mod_exp(const u8 *base, size_
- 	    bn_result == NULL)
- 		goto error;
- 
--	if (BN_mod_exp(bn_result, bn_base, bn_exp, bn_modulus, ctx) != 1)
-+	if (BN_mod_exp_mont_consttime(bn_result, bn_base, bn_exp, bn_modulus,
-+				      ctx, NULL) != 1)
- 		goto error;
- 
- 	*result_len = BN_bn2bin(bn_result, result);
-@@ -1295,8 +1296,9 @@ int crypto_bignum_exptmod(const struct c
- 	bnctx = BN_CTX_new();
- 	if (bnctx == NULL)
- 		return -1;
--	res = BN_mod_exp((BIGNUM *) d, (const BIGNUM *) a, (const BIGNUM *) b,
--			 (const BIGNUM *) c, bnctx);
-+	res = BN_mod_exp_mont_consttime((BIGNUM *) d, (const BIGNUM *) a,
-+					(const BIGNUM *) b, (const BIGNUM *) c,
-+					bnctx, NULL);
- 	BN_CTX_free(bnctx);
- 
- 	return res ? 0 : -1;
-@@ -1315,6 +1317,11 @@ int crypto_bignum_inverse(const struct c
- 	bnctx = BN_CTX_new();
- 	if (bnctx == NULL)
- 		return -1;
-+#ifdef OPENSSL_IS_BORINGSSL
-+	/* TODO: use BN_mod_inverse_blinded() ? */
-+#else /* OPENSSL_IS_BORINGSSL */
-+	BN_set_flags((BIGNUM *) a, BN_FLG_CONSTTIME);
-+#endif /* OPENSSL_IS_BORINGSSL */
- 	res = BN_mod_inverse((BIGNUM *) c, (const BIGNUM *) a,
- 			     (const BIGNUM *) b, bnctx);
- 	BN_CTX_free(bnctx);
-@@ -1348,6 +1355,9 @@ int crypto_bignum_div(const struct crypt
- 	bnctx = BN_CTX_new();
- 	if (bnctx == NULL)
- 		return -1;
-+#ifndef OPENSSL_IS_BORINGSSL
-+	BN_set_flags((BIGNUM *) a, BN_FLG_CONSTTIME);
-+#endif /* OPENSSL_IS_BORINGSSL */
- 	res = BN_div((BIGNUM *) c, NULL, (const BIGNUM *) a,
- 		     (const BIGNUM *) b, bnctx);
- 	BN_CTX_free(bnctx);
-@@ -1439,8 +1449,8 @@ int crypto_bignum_legendre(const struct
- 	    /* exp = (p-1) / 2 */
- 	    !BN_sub(exp, (const BIGNUM *) p, BN_value_one()) ||
- 	    !BN_rshift1(exp, exp) ||
--	    !BN_mod_exp(tmp, (const BIGNUM *) a, exp, (const BIGNUM *) p,
--			bnctx))
-+	    !BN_mod_exp_mont_consttime(tmp, (const BIGNUM *) a, exp,
-+				       (const BIGNUM *) p, bnctx, NULL))
- 		goto fail;
- 
- 	if (BN_is_word(tmp, 1))

package/network/services/hostapd/patches/061-0002-Add-helper-functions-for-constant-time-operations.patch

@@ -1,212 +0,0 @@
-From 6e34f618d37ddbb5854c42e2ad4fca83492fa7b7 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@codeaurora.org>
-Date: Wed, 27 Feb 2019 18:38:30 +0200
-Subject: [PATCH 02/14] Add helper functions for constant time operations
-
-These functions can be used to help implement constant time operations
-for various cryptographic operations that must minimize externally
-observable differences in processing (both in timing and also in
-internal cache use, etc.).
-
-This is related to CVE-2019-9494 and CVE-2019-9495.
-
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
----
- src/utils/const_time.h | 191 +++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 191 insertions(+)
- create mode 100644 src/utils/const_time.h
-
---- /dev/null
-+++ b/src/utils/const_time.h
-@@ -0,0 +1,191 @@
-+/*
-+ * Helper functions for constant time operations
-+ * Copyright (c) 2019, The Linux Foundation
-+ *
-+ * This software may be distributed under the terms of the BSD license.
-+ * See README for more details.
-+ *
-+ * These helper functions can be used to implement logic that needs to minimize
-+ * externally visible differences in execution path by avoiding use of branches,
-+ * avoiding early termination or other time differences, and forcing same memory
-+ * access pattern regardless of values.
-+ */
-+
-+#ifndef CONST_TIME_H
-+#define CONST_TIME_H
-+
-+
-+#if defined(__clang__)
-+#define NO_UBSAN_UINT_OVERFLOW \
-+	__attribute__((no_sanitize("unsigned-integer-overflow")))
-+#else
-+#define NO_UBSAN_UINT_OVERFLOW
-+#endif
-+
-+
-+/**
-+ * const_time_fill_msb - Fill all bits with MSB value
-+ * @val: Input value
-+ * Returns: Value with all the bits set to the MSB of the input val
-+ */
-+static inline unsigned int const_time_fill_msb(unsigned int val)
-+{
-+	/* Move the MSB to LSB and multiple by -1 to fill in all bits. */
-+	return (val >> (sizeof(val) * 8 - 1)) * ~0U;
-+}
-+
-+
-+/* Returns: -1 if val is zero; 0 if val is not zero */
-+static inline unsigned int const_time_is_zero(unsigned int val)
-+	NO_UBSAN_UINT_OVERFLOW
-+{
-+	/* Set MSB to 1 for 0 and fill rest of bits with the MSB value */
-+	return const_time_fill_msb(~val & (val - 1));
-+}
-+
-+
-+/* Returns: -1 if a == b; 0 if a != b */
-+static inline unsigned int const_time_eq(unsigned int a, unsigned int b)
-+{
-+	return const_time_is_zero(a ^ b);
-+}
-+
-+
-+/* Returns: -1 if a == b; 0 if a != b */
-+static inline u8 const_time_eq_u8(unsigned int a, unsigned int b)
-+{
-+	return (u8) const_time_eq(a, b);
-+}
-+
-+
-+/**
-+ * const_time_eq_bin - Constant time memory comparison
-+ * @a: First buffer to compare
-+ * @b: Second buffer to compare
-+ * @len: Number of octets to compare
-+ * Returns: -1 if buffers are equal, 0 if not
-+ *
-+ * This function is meant for comparing passwords or hash values where
-+ * difference in execution time or memory access pattern could provide external
-+ * observer information about the location of the difference in the memory
-+ * buffers. The return value does not behave like memcmp(), i.e.,
-+ * const_time_eq_bin() cannot be used to sort items into a defined order. Unlike
-+ * memcmp(), the execution time of const_time_eq_bin() does not depend on the
-+ * contents of the compared memory buffers, but only on the total compared
-+ * length.
-+ */
-+static inline unsigned int const_time_eq_bin(const void *a, const void *b,
-+					     size_t len)
-+{
-+	const u8 *aa = a;
-+	const u8 *bb = b;
-+	size_t i;
-+	u8 res = 0;
-+
-+	for (i = 0; i < len; i++)
-+		res |= aa[i] ^ bb[i];
-+
-+	return const_time_is_zero(res);
-+}
-+
-+
-+/**
-+ * const_time_select - Constant time unsigned int selection
-+ * @mask: 0 (false) or -1 (true) to identify which value to select
-+ * @true_val: Value to select for the true case
-+ * @false_val: Value to select for the false case
-+ * Returns: true_val if mask == -1, false_val if mask == 0
-+ */
-+static inline unsigned int const_time_select(unsigned int mask,
-+					     unsigned int true_val,
-+					     unsigned int false_val)
-+{
-+	return (mask & true_val) | (~mask & false_val);
-+}
-+
-+
-+/**
-+ * const_time_select_int - Constant time int selection
-+ * @mask: 0 (false) or -1 (true) to identify which value to select
-+ * @true_val: Value to select for the true case
-+ * @false_val: Value to select for the false case
-+ * Returns: true_val if mask == -1, false_val if mask == 0
-+ */
-+static inline int const_time_select_int(unsigned int mask, int true_val,
-+					int false_val)
-+{
-+	return (int) const_time_select(mask, (unsigned int) true_val,
-+				       (unsigned int) false_val);
-+}
-+
-+
-+/**
-+ * const_time_select_u8 - Constant time u8 selection
-+ * @mask: 0 (false) or -1 (true) to identify which value to select
-+ * @true_val: Value to select for the true case
-+ * @false_val: Value to select for the false case
-+ * Returns: true_val if mask == -1, false_val if mask == 0
-+ */
-+static inline u8 const_time_select_u8(u8 mask, u8 true_val, u8 false_val)
-+{
-+	return (u8) const_time_select(mask, true_val, false_val);
-+}
-+
-+
-+/**
-+ * const_time_select_s8 - Constant time s8 selection
-+ * @mask: 0 (false) or -1 (true) to identify which value to select
-+ * @true_val: Value to select for the true case
-+ * @false_val: Value to select for the false case
-+ * Returns: true_val if mask == -1, false_val if mask == 0
-+ */
-+static inline s8 const_time_select_s8(u8 mask, s8 true_val, s8 false_val)
-+{
-+	return (s8) const_time_select(mask, (unsigned int) true_val,
-+				      (unsigned int) false_val);
-+}
-+
-+
-+/**
-+ * const_time_select_bin - Constant time binary buffer selection copy
-+ * @mask: 0 (false) or -1 (true) to identify which value to copy
-+ * @true_val: Buffer to copy for the true case
-+ * @false_val: Buffer to copy for the false case
-+ * @len: Number of octets to copy
-+ * @dst: Destination buffer for the copy
-+ *
-+ * This function copies the specified buffer into the destination buffer using
-+ * operations with identical memory access pattern regardless of which buffer
-+ * is being copied.
-+ */
-+static inline void const_time_select_bin(u8 mask, const u8 *true_val,
-+					 const u8 *false_val, size_t len,
-+					 u8 *dst)
-+{
-+	size_t i;
-+
-+	for (i = 0; i < len; i++)
-+		dst[i] = const_time_select_u8(mask, true_val[i], false_val[i]);
-+}
-+
-+
-+static inline int const_time_memcmp(const void *a, const void *b, size_t len)
-+{
-+	const u8 *aa = a;
-+	const u8 *bb = b;
-+	int diff, res = 0;
-+	unsigned int mask;
-+
-+	if (len == 0)
-+		return 0;
-+	do {
-+		len--;
-+		diff = (int) aa[len] - (int) bb[len];
-+		mask = const_time_is_zero((unsigned int) diff);
-+		res = const_time_select_int(mask, res, diff);
-+	} while (len);
-+
-+	return res;
-+}
-+
-+#endif /* CONST_TIME_H */

package/network/services/hostapd/patches/061-0003-OpenSSL-Use-constant-time-selection-for-crypto_bignu.patch

@@ -1,55 +0,0 @@
-From c93461c1d98f52681717a088776ab32fd97872b0 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@codeaurora.org>
-Date: Fri, 8 Mar 2019 00:24:12 +0200
-Subject: [PATCH 03/14] OpenSSL: Use constant time selection for
- crypto_bignum_legendre()
-
-Get rid of the branches that depend on the result of the Legendre
-operation. This is needed to avoid leaking information about different
-temporary results in blinding mechanisms.
-
-This is related to CVE-2019-9494 and CVE-2019-9495.
-
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
----
- src/crypto/crypto_openssl.c | 15 +++++++++------
- 1 file changed, 9 insertions(+), 6 deletions(-)
-
---- a/src/crypto/crypto_openssl.c
-+++ b/src/crypto/crypto_openssl.c
-@@ -24,6 +24,7 @@
- #endif /* CONFIG_ECC */
- 
- #include "common.h"
-+#include "utils/const_time.h"
- #include "wpabuf.h"
- #include "dh_group5.h"
- #include "sha1.h"
-@@ -1435,6 +1436,7 @@ int crypto_bignum_legendre(const struct
- 	BN_CTX *bnctx;
- 	BIGNUM *exp = NULL, *tmp = NULL;
- 	int res = -2;
-+	unsigned int mask;
- 
- 	if (TEST_FAIL())
- 		return -2;
-@@ -1453,12 +1455,13 @@ int crypto_bignum_legendre(const struct
- 				       (const BIGNUM *) p, bnctx, NULL))
- 		goto fail;
- 
--	if (BN_is_word(tmp, 1))
--		res = 1;
--	else if (BN_is_zero(tmp))
--		res = 0;
--	else
--		res = -1;
-+	/* Return 1 if tmp == 1, 0 if tmp == 0, or -1 otherwise. Need to use
-+	 * constant time selection to avoid branches here. */
-+	res = -1;
-+	mask = const_time_eq(BN_is_word(tmp, 1), 1);
-+	res = const_time_select_int(mask, 1, res);
-+	mask = const_time_eq(BN_is_zero(tmp), 1);
-+	res = const_time_select_int(mask, 0, res);
- 
- fail:
- 	BN_clear_free(tmp);

package/network/services/hostapd/patches/061-0005-SAE-Minimize-timing-differences-in-PWE-derivation.patch

@@ -1,242 +0,0 @@
-From 6513db3e96c43c2e36805cf5ead349765d18eaf7 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@codeaurora.org>
-Date: Tue, 26 Feb 2019 13:05:09 +0200
-Subject: [PATCH 05/14] SAE: Minimize timing differences in PWE derivation
-
-The QR test result can provide information about the password to an
-attacker, so try to minimize differences in how the
-sae_test_pwd_seed_ecc() result is used. (CVE-2019-9494)
-
-Use heap memory for the dummy password to allow the same password length
-to be used even with long passwords.
-
-Use constant time selection functions to track the real vs. dummy
-variables so that the exact same operations can be performed for both QR
-test results.
-
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
----
- src/common/sae.c | 106 ++++++++++++++++++++++++++++++-------------------------
- 1 file changed, 57 insertions(+), 49 deletions(-)
-
---- a/src/common/sae.c
-+++ b/src/common/sae.c
-@@ -9,6 +9,7 @@
- #include "includes.h"
- 
- #include "common.h"
-+#include "utils/const_time.h"
- #include "crypto/crypto.h"
- #include "crypto/sha256.h"
- #include "crypto/random.h"
-@@ -269,15 +270,12 @@ static int sae_test_pwd_seed_ecc(struct
- 				 const u8 *prime,
- 				 const struct crypto_bignum *qr,
- 				 const struct crypto_bignum *qnr,
--				 struct crypto_bignum **ret_x_cand)
-+				 u8 *pwd_value)
- {
--	u8 pwd_value[SAE_MAX_ECC_PRIME_LEN];
- 	struct crypto_bignum *y_sqr, *x_cand;
- 	int res;
- 	size_t bits;
- 
--	*ret_x_cand = NULL;
--
- 	wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-seed", pwd_seed, SHA256_MAC_LEN);
- 
- 	/* pwd-value = KDF-z(pwd-seed, "SAE Hunting and Pecking", p) */
-@@ -286,7 +284,7 @@ static int sae_test_pwd_seed_ecc(struct
- 			    prime, sae->tmp->prime_len, pwd_value, bits) < 0)
- 		return -1;
- 	if (bits % 8)
--		buf_shift_right(pwd_value, sizeof(pwd_value), 8 - bits % 8);
-+		buf_shift_right(pwd_value, sae->tmp->prime_len, 8 - bits % 8);
- 	wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-value",
- 			pwd_value, sae->tmp->prime_len);
- 
-@@ -297,20 +295,13 @@ static int sae_test_pwd_seed_ecc(struct
- 	if (!x_cand)
- 		return -1;
- 	y_sqr = crypto_ec_point_compute_y_sqr(sae->tmp->ec, x_cand);
--	if (!y_sqr) {
--		crypto_bignum_deinit(x_cand, 1);
-+	crypto_bignum_deinit(x_cand, 1);
-+	if (!y_sqr)
- 		return -1;
--	}
- 
- 	res = is_quadratic_residue_blind(sae, prime, bits, qr, qnr, y_sqr);
- 	crypto_bignum_deinit(y_sqr, 1);
--	if (res <= 0) {
--		crypto_bignum_deinit(x_cand, 1);
--		return res;
--	}
--
--	*ret_x_cand = x_cand;
--	return 1;
-+	return res;
- }
- 
- 
-@@ -431,25 +422,30 @@ static int sae_derive_pwe_ecc(struct sae
- 	const u8 *addr[3];
- 	size_t len[3];
- 	size_t num_elem;
--	u8 dummy_password[32];
--	size_t dummy_password_len;
-+	u8 *dummy_password, *tmp_password;
- 	int pwd_seed_odd = 0;
- 	u8 prime[SAE_MAX_ECC_PRIME_LEN];
- 	size_t prime_len;
--	struct crypto_bignum *x = NULL, *qr, *qnr;
-+	struct crypto_bignum *x = NULL, *qr = NULL, *qnr = NULL;
-+	u8 x_bin[SAE_MAX_ECC_PRIME_LEN];
-+	u8 x_cand_bin[SAE_MAX_ECC_PRIME_LEN];
- 	size_t bits;
--	int res;
--
--	dummy_password_len = password_len;
--	if (dummy_password_len > sizeof(dummy_password))
--		dummy_password_len = sizeof(dummy_password);
--	if (random_get_bytes(dummy_password, dummy_password_len) < 0)
--		return -1;
-+	int res = -1;
-+	u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
-+		       * mask */
-+
-+	os_memset(x_bin, 0, sizeof(x_bin));
-+
-+	dummy_password = os_malloc(password_len);
-+	tmp_password = os_malloc(password_len);
-+	if (!dummy_password || !tmp_password ||
-+	    random_get_bytes(dummy_password, password_len) < 0)
-+		goto fail;
- 
- 	prime_len = sae->tmp->prime_len;
- 	if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime),
- 				 prime_len) < 0)
--		return -1;
-+		goto fail;
- 	bits = crypto_ec_prime_len_bits(sae->tmp->ec);
- 
- 	/*
-@@ -458,7 +454,7 @@ static int sae_derive_pwe_ecc(struct sae
- 	 */
- 	if (get_random_qr_qnr(prime, prime_len, sae->tmp->prime, bits,
- 			      &qr, &qnr) < 0)
--		return -1;
-+		goto fail;
- 
- 	wpa_hexdump_ascii_key(MSG_DEBUG, "SAE: password",
- 			      password, password_len);
-@@ -474,7 +470,7 @@ static int sae_derive_pwe_ecc(struct sae
- 	 */
- 	sae_pwd_seed_key(addr1, addr2, addrs);
- 
--	addr[0] = password;
-+	addr[0] = tmp_password;
- 	len[0] = password_len;
- 	num_elem = 1;
- 	if (identifier) {
-@@ -491,9 +487,8 @@ static int sae_derive_pwe_ecc(struct sae
- 	 * attacks that attempt to determine the number of iterations required
- 	 * in the loop.
- 	 */
--	for (counter = 1; counter <= k || !x; counter++) {
-+	for (counter = 1; counter <= k || !found; counter++) {
- 		u8 pwd_seed[SHA256_MAC_LEN];
--		struct crypto_bignum *x_cand;
- 
- 		if (counter > 200) {
- 			/* This should not happen in practice */
-@@ -501,40 +496,49 @@ static int sae_derive_pwe_ecc(struct sae
- 			break;
- 		}
- 
--		wpa_printf(MSG_DEBUG, "SAE: counter = %u", counter);
-+		wpa_printf(MSG_DEBUG, "SAE: counter = %03u", counter);
-+		const_time_select_bin(found, dummy_password, password,
-+				      password_len, tmp_password);
- 		if (hmac_sha256_vector(addrs, sizeof(addrs), num_elem,
- 				       addr, len, pwd_seed) < 0)
- 			break;
- 
- 		res = sae_test_pwd_seed_ecc(sae, pwd_seed,
--					    prime, qr, qnr, &x_cand);
-+					    prime, qr, qnr, x_cand_bin);
-+		const_time_select_bin(found, x_bin, x_cand_bin, prime_len,
-+				      x_bin);
-+		pwd_seed_odd = const_time_select_u8(
-+			found, pwd_seed_odd,
-+			pwd_seed[SHA256_MAC_LEN - 1] & 0x01);
-+		os_memset(pwd_seed, 0, sizeof(pwd_seed));
- 		if (res < 0)
- 			goto fail;
--		if (res > 0 && !x) {
--			wpa_printf(MSG_DEBUG,
--				   "SAE: Selected pwd-seed with counter %u",
--				   counter);
--			x = x_cand;
--			pwd_seed_odd = pwd_seed[SHA256_MAC_LEN - 1] & 0x01;
--			os_memset(pwd_seed, 0, sizeof(pwd_seed));
--
--			/*
--			 * Use a dummy password for the following rounds, if
--			 * any.
--			 */
--			addr[0] = dummy_password;
--			len[0] = dummy_password_len;
--		} else if (res > 0) {
--			crypto_bignum_deinit(x_cand, 1);
--		}
-+		/* Need to minimize differences in handling res == 0 and 1 here
-+		 * to avoid differences in timing and instruction cache access,
-+		 * so use const_time_select_*() to make local copies of the
-+		 * values based on whether this loop iteration was the one that
-+		 * found the pwd-seed/x. */
-+
-+		/* found is 0 or 0xff here and res is 0 or 1. Bitwise OR of them
-+		 * (with res converted to 0/0xff) handles this in constant time.
-+		 */
-+		found |= res * 0xff;
-+		wpa_printf(MSG_DEBUG, "SAE: pwd-seed result %d found=0x%02x",
-+			   res, found);
- 	}
- 
--	if (!x) {
-+	if (!found) {
- 		wpa_printf(MSG_DEBUG, "SAE: Could not generate PWE");
- 		res = -1;
- 		goto fail;
- 	}
- 
-+	x = crypto_bignum_init_set(x_bin, prime_len);
-+	if (!x) {
-+		res = -1;
-+		goto fail;
-+	}
-+
- 	if (!sae->tmp->pwe_ecc)
- 		sae->tmp->pwe_ecc = crypto_ec_point_init(sae->tmp->ec);
- 	if (!sae->tmp->pwe_ecc)
-@@ -543,7 +547,6 @@ static int sae_derive_pwe_ecc(struct sae
- 		res = crypto_ec_point_solve_y_coord(sae->tmp->ec,
- 						    sae->tmp->pwe_ecc, x,
- 						    pwd_seed_odd);
--	crypto_bignum_deinit(x, 1);
- 	if (res < 0) {
- 		/*
- 		 * This should not happen since we already checked that there
-@@ -555,6 +558,11 @@ static int sae_derive_pwe_ecc(struct sae
- fail:
- 	crypto_bignum_deinit(qr, 0);
- 	crypto_bignum_deinit(qnr, 0);
-+	os_free(dummy_password);
-+	bin_clear_free(tmp_password, password_len);
-+	crypto_bignum_deinit(x, 1);
-+	os_memset(x_bin, 0, sizeof(x_bin));
-+	os_memset(x_cand_bin, 0, sizeof(x_cand_bin));
- 
- 	return res;
- }

package/network/services/hostapd/patches/061-0006-SAE-Avoid-branches-in-is_quadratic_residue_blind.patch

@@ -1,139 +0,0 @@
-From 362704dda04507e7ebb8035122e83d9f0ae7c320 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@codeaurora.org>
-Date: Tue, 26 Feb 2019 19:34:38 +0200
-Subject: [PATCH 06/14] SAE: Avoid branches in is_quadratic_residue_blind()
-
-Make the non-failure path in the function proceed without branches based
-on r_odd and in constant time to minimize risk of observable differences
-in timing or cache use. (CVE-2019-9494)
-
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
----
- src/common/sae.c | 64 ++++++++++++++++++++++++++++++++------------------------
- 1 file changed, 37 insertions(+), 27 deletions(-)
-
---- a/src/common/sae.c
-+++ b/src/common/sae.c
-@@ -209,12 +209,14 @@ get_rand_1_to_p_1(const u8 *prime, size_
- 
- static int is_quadratic_residue_blind(struct sae_data *sae,
- 				      const u8 *prime, size_t bits,
--				      const struct crypto_bignum *qr,
--				      const struct crypto_bignum *qnr,
-+				      const u8 *qr, const u8 *qnr,
- 				      const struct crypto_bignum *y_sqr)
- {
--	struct crypto_bignum *r, *num;
-+	struct crypto_bignum *r, *num, *qr_or_qnr = NULL;
- 	int r_odd, check, res = -1;
-+	u8 qr_or_qnr_bin[SAE_MAX_ECC_PRIME_LEN];
-+	size_t prime_len = sae->tmp->prime_len;
-+	unsigned int mask;
- 
- 	/*
- 	 * Use the blinding technique to mask y_sqr while determining
-@@ -225,7 +227,7 @@ static int is_quadratic_residue_blind(st
- 	 * r = a random number between 1 and p-1, inclusive
- 	 * num = (v * r * r) modulo p
- 	 */
--	r = get_rand_1_to_p_1(prime, sae->tmp->prime_len, bits, &r_odd);
-+	r = get_rand_1_to_p_1(prime, prime_len, bits, &r_odd);
- 	if (!r)
- 		return -1;
- 
-@@ -235,41 +237,45 @@ static int is_quadratic_residue_blind(st
- 	    crypto_bignum_mulmod(num, r, sae->tmp->prime, num) < 0)
- 		goto fail;
- 
--	if (r_odd) {
--		/*
--		 * num = (num * qr) module p
--		 * LGR(num, p) = 1 ==> quadratic residue
--		 */
--		if (crypto_bignum_mulmod(num, qr, sae->tmp->prime, num) < 0)
--			goto fail;
--		check = 1;
--	} else {
--		/*
--		 * num = (num * qnr) module p
--		 * LGR(num, p) = -1 ==> quadratic residue
--		 */
--		if (crypto_bignum_mulmod(num, qnr, sae->tmp->prime, num) < 0)
--			goto fail;
--		check = -1;
--	}
-+	/*
-+	 * Need to minimize differences in handling different cases, so try to
-+	 * avoid branches and timing differences.
-+	 *
-+	 * If r_odd:
-+	 * num = (num * qr) module p
-+	 * LGR(num, p) = 1 ==> quadratic residue
-+	 * else:
-+	 * num = (num * qnr) module p
-+	 * LGR(num, p) = -1 ==> quadratic residue
-+	 */
-+	mask = const_time_is_zero(r_odd);
-+	const_time_select_bin(mask, qnr, qr, prime_len, qr_or_qnr_bin);
-+	qr_or_qnr = crypto_bignum_init_set(qr_or_qnr_bin, prime_len);
-+	if (!qr_or_qnr ||
-+	    crypto_bignum_mulmod(num, qr_or_qnr, sae->tmp->prime, num) < 0)
-+		goto fail;
-+	/* r_odd is 0 or 1; branchless version of check = r_odd ? 1 : -1, */
-+	check = const_time_select_int(mask, -1, 1);
- 
- 	res = crypto_bignum_legendre(num, sae->tmp->prime);
- 	if (res == -2) {
- 		res = -1;
- 		goto fail;
- 	}
--	res = res == check;
-+	/* branchless version of res = res == check
-+	 * (res is -1, 0, or 1; check is -1 or 1) */
-+	mask = const_time_eq(res, check);
-+	res = const_time_select_int(mask, 1, 0);
- fail:
- 	crypto_bignum_deinit(num, 1);
- 	crypto_bignum_deinit(r, 1);
-+	crypto_bignum_deinit(qr_or_qnr, 1);
- 	return res;
- }
- 
- 
- static int sae_test_pwd_seed_ecc(struct sae_data *sae, const u8 *pwd_seed,
--				 const u8 *prime,
--				 const struct crypto_bignum *qr,
--				 const struct crypto_bignum *qnr,
-+				 const u8 *prime, const u8 *qr, const u8 *qnr,
- 				 u8 *pwd_value)
- {
- 	struct crypto_bignum *y_sqr, *x_cand;
-@@ -429,6 +435,8 @@ static int sae_derive_pwe_ecc(struct sae
- 	struct crypto_bignum *x = NULL, *qr = NULL, *qnr = NULL;
- 	u8 x_bin[SAE_MAX_ECC_PRIME_LEN];
- 	u8 x_cand_bin[SAE_MAX_ECC_PRIME_LEN];
-+	u8 qr_bin[SAE_MAX_ECC_PRIME_LEN];
-+	u8 qnr_bin[SAE_MAX_ECC_PRIME_LEN];
- 	size_t bits;
- 	int res = -1;
- 	u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
-@@ -453,7 +461,9 @@ static int sae_derive_pwe_ecc(struct sae
- 	 * (qnr) modulo p for blinding purposes during the loop.
- 	 */
- 	if (get_random_qr_qnr(prime, prime_len, sae->tmp->prime, bits,
--			      &qr, &qnr) < 0)
-+			      &qr, &qnr) < 0 ||
-+	    crypto_bignum_to_bin(qr, qr_bin, sizeof(qr_bin), prime_len) < 0 ||
-+	    crypto_bignum_to_bin(qnr, qnr_bin, sizeof(qnr_bin), prime_len) < 0)
- 		goto fail;
- 
- 	wpa_hexdump_ascii_key(MSG_DEBUG, "SAE: password",
-@@ -504,7 +514,7 @@ static int sae_derive_pwe_ecc(struct sae
- 			break;
- 
- 		res = sae_test_pwd_seed_ecc(sae, pwd_seed,
--					    prime, qr, qnr, x_cand_bin);
-+					    prime, qr_bin, qnr_bin, x_cand_bin);
- 		const_time_select_bin(found, x_bin, x_cand_bin, prime_len,
- 				      x_bin);
- 		pwd_seed_odd = const_time_select_u8(

package/network/services/hostapd/patches/061-0007-SAE-Mask-timing-of-MODP-groups-22-23-24.patch

@@ -1,113 +0,0 @@
-From 90839597cc4016b33f00055b12d59174c62770a3 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@codeaurora.org>
-Date: Sat, 2 Mar 2019 12:24:09 +0200
-Subject: [PATCH 07/14] SAE: Mask timing of MODP groups 22, 23, 24
-
-These groups have significant probability of coming up with pwd-value
-that is equal or greater than the prime and as such, need for going
-through the PWE derivation loop multiple times. This can result in
-sufficient timing different to allow an external observer to determine
-how many rounds are needed and that can leak information about the used
-password.
-
-Force at least 40 loop rounds for these MODP groups similarly to the ECC
-group design to mask timing. This behavior is not described in IEEE Std
-802.11-2016 for SAE, but it does not result in different values (i.e.,
-only different timing), so such implementation specific countermeasures
-can be done without breaking interoperability with other implementation.
-
-Note: These MODP groups 22, 23, and 24 are not considered sufficiently
-strong to be used with SAE (or more or less anything else). As such,
-they should never be enabled in runtime configuration for any production
-use cases. These changes to introduce additional protection to mask
-timing is only for completeness of implementation and not an indication
-that these groups should be used.
-
-This is related to CVE-2019-9494.
-
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
----
- src/common/sae.c | 38 ++++++++++++++++++++++++++++----------
- 1 file changed, 28 insertions(+), 10 deletions(-)
-
---- a/src/common/sae.c
-+++ b/src/common/sae.c
-@@ -578,22 +578,27 @@ fail:
- }
- 
- 
-+static int sae_modp_group_require_masking(int group)
-+{
-+	/* Groups for which pwd-value is likely to be >= p frequently */
-+	return group == 22 || group == 23 || group == 24;
-+}
-+
-+
- static int sae_derive_pwe_ffc(struct sae_data *sae, const u8 *addr1,
- 			      const u8 *addr2, const u8 *password,
- 			      size_t password_len, const char *identifier)
- {
--	u8 counter;
-+	u8 counter, k;
- 	u8 addrs[2 * ETH_ALEN];
- 	const u8 *addr[3];
- 	size_t len[3];
- 	size_t num_elem;
- 	int found = 0;
-+	struct crypto_bignum *pwe = NULL;
- 
--	if (sae->tmp->pwe_ffc == NULL) {
--		sae->tmp->pwe_ffc = crypto_bignum_init();
--		if (sae->tmp->pwe_ffc == NULL)
--			return -1;
--	}
-+	crypto_bignum_deinit(sae->tmp->pwe_ffc, 1);
-+	sae->tmp->pwe_ffc = NULL;
- 
- 	wpa_hexdump_ascii_key(MSG_DEBUG, "SAE: password",
- 			      password, password_len);
-@@ -617,7 +622,9 @@ static int sae_derive_pwe_ffc(struct sae
- 	len[num_elem] = sizeof(counter);
- 	num_elem++;
- 
--	for (counter = 1; !found; counter++) {
-+	k = sae_modp_group_require_masking(sae->group) ? 40 : 1;
-+
-+	for (counter = 1; counter <= k || !found; counter++) {
- 		u8 pwd_seed[SHA256_MAC_LEN];
- 		int res;
- 
-@@ -627,19 +634,30 @@ static int sae_derive_pwe_ffc(struct sae
- 			break;
- 		}
- 
--		wpa_printf(MSG_DEBUG, "SAE: counter = %u", counter);
-+		wpa_printf(MSG_DEBUG, "SAE: counter = %02u", counter);
- 		if (hmac_sha256_vector(addrs, sizeof(addrs), num_elem,
- 				       addr, len, pwd_seed) < 0)
- 			break;
--		res = sae_test_pwd_seed_ffc(sae, pwd_seed, sae->tmp->pwe_ffc);
-+		if (!pwe) {
-+			pwe = crypto_bignum_init();
-+			if (!pwe)
-+				break;
-+		}
-+		res = sae_test_pwd_seed_ffc(sae, pwd_seed, pwe);
- 		if (res < 0)
- 			break;
- 		if (res > 0) {
--			wpa_printf(MSG_DEBUG, "SAE: Use this PWE");
- 			found = 1;
-+			if (!sae->tmp->pwe_ffc) {
-+				wpa_printf(MSG_DEBUG, "SAE: Use this PWE");
-+				sae->tmp->pwe_ffc = pwe;
-+				pwe = NULL;
-+			}
- 		}
- 	}
- 
-+	crypto_bignum_deinit(pwe, 1);
-+
- 	return found ? 0 : -1;
- }
- 

package/network/services/hostapd/patches/061-0008-SAE-Use-const_time-selection-for-PWE-in-FFC.patch

@@ -1,100 +0,0 @@
-From f8f20717f87eff1f025f48ed585c7684debacf72 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@codeaurora.org>
-Date: Sat, 2 Mar 2019 12:45:33 +0200
-Subject: [PATCH 08/14] SAE: Use const_time selection for PWE in FFC
-
-This is an initial step towards making the FFC case use strictly
-constant time operations similarly to the ECC case.
-sae_test_pwd_seed_ffc() does not yet have constant time behavior,
-though.
-
-This is related to CVE-2019-9494.
-
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
----
- src/common/sae.c | 53 +++++++++++++++++++++++++++++++++++------------------
- 1 file changed, 35 insertions(+), 18 deletions(-)
-
---- a/src/common/sae.c
-+++ b/src/common/sae.c
-@@ -589,17 +589,28 @@ static int sae_derive_pwe_ffc(struct sae
- 			      const u8 *addr2, const u8 *password,
- 			      size_t password_len, const char *identifier)
- {
--	u8 counter, k;
-+	u8 counter, k, sel_counter = 0;
- 	u8 addrs[2 * ETH_ALEN];
- 	const u8 *addr[3];
- 	size_t len[3];
- 	size_t num_elem;
--	int found = 0;
--	struct crypto_bignum *pwe = NULL;
-+	u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
-+		       * mask */
-+	u8 mask;
-+	struct crypto_bignum *pwe;
-+	size_t prime_len = sae->tmp->prime_len * 8;
-+	u8 *pwe_buf;
- 
- 	crypto_bignum_deinit(sae->tmp->pwe_ffc, 1);
- 	sae->tmp->pwe_ffc = NULL;
- 
-+	/* Allocate a buffer to maintain selected and candidate PWE for constant
-+	 * time selection. */
-+	pwe_buf = os_zalloc(prime_len * 2);
-+	pwe = crypto_bignum_init();
-+	if (!pwe_buf || !pwe)
-+		goto fail;
-+
- 	wpa_hexdump_ascii_key(MSG_DEBUG, "SAE: password",
- 			      password, password_len);
- 
-@@ -638,27 +649,33 @@ static int sae_derive_pwe_ffc(struct sae
- 		if (hmac_sha256_vector(addrs, sizeof(addrs), num_elem,
- 				       addr, len, pwd_seed) < 0)
- 			break;
--		if (!pwe) {
--			pwe = crypto_bignum_init();
--			if (!pwe)
--				break;
--		}
- 		res = sae_test_pwd_seed_ffc(sae, pwd_seed, pwe);
-+		/* res is -1 for fatal failure, 0 if a valid PWE was not found,
-+		 * or 1 if a valid PWE was found. */
- 		if (res < 0)
- 			break;
--		if (res > 0) {
--			found = 1;
--			if (!sae->tmp->pwe_ffc) {
--				wpa_printf(MSG_DEBUG, "SAE: Use this PWE");
--				sae->tmp->pwe_ffc = pwe;
--				pwe = NULL;
--			}
--		}
-+		/* Store the candidate PWE into the second half of pwe_buf and
-+		 * the selected PWE in the beginning of pwe_buf using constant
-+		 * time selection. */
-+		if (crypto_bignum_to_bin(pwe, pwe_buf + prime_len, prime_len,
-+					 prime_len) < 0)
-+			break;
-+		const_time_select_bin(found, pwe_buf, pwe_buf + prime_len,
-+				      prime_len, pwe_buf);
-+		sel_counter = const_time_select_u8(found, sel_counter, counter);
-+		mask = const_time_eq_u8(res, 1);
-+		found = const_time_select_u8(found, found, mask);
- 	}
- 
--	crypto_bignum_deinit(pwe, 1);
-+	if (!found)
-+		goto fail;
- 
--	return found ? 0 : -1;
-+	wpa_printf(MSG_DEBUG, "SAE: Use PWE from counter = %02u", sel_counter);
-+	sae->tmp->pwe_ffc = crypto_bignum_init_set(pwe_buf, prime_len);
-+fail:
-+	crypto_bignum_deinit(pwe, 1);
-+	bin_clear_free(pwe_buf, prime_len * 2);
-+	return sae->tmp->pwe_ffc ? 0 : -1;
- }
- 
- 

package/network/services/hostapd/patches/061-0009-SAE-Use-constant-time-operations-in-sae_test_pwd_see.patch

@@ -1,133 +0,0 @@
-From cff138b0747fa39765cbc641b66cfa5d7f1735d1 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@codeaurora.org>
-Date: Sat, 2 Mar 2019 16:05:56 +0200
-Subject: [PATCH 09/14] SAE: Use constant time operations in
- sae_test_pwd_seed_ffc()
-
-Try to avoid showing externally visible timing or memory access
-differences regardless of whether the derived pwd-value is smaller than
-the group prime.
-
-This is related to CVE-2019-9494.
-
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
----
- src/common/sae.c | 75 ++++++++++++++++++++++++++++++++++----------------------
- 1 file changed, 46 insertions(+), 29 deletions(-)
-
---- a/src/common/sae.c
-+++ b/src/common/sae.c
-@@ -311,14 +311,17 @@ static int sae_test_pwd_seed_ecc(struct
- }
- 
- 
-+/* Returns -1 on fatal failure, 0 if PWE cannot be derived from the provided
-+ * pwd-seed, or 1 if a valid PWE was derived from pwd-seed. */
- static int sae_test_pwd_seed_ffc(struct sae_data *sae, const u8 *pwd_seed,
- 				 struct crypto_bignum *pwe)
- {
- 	u8 pwd_value[SAE_MAX_PRIME_LEN];
- 	size_t bits = sae->tmp->prime_len * 8;
- 	u8 exp[1];
--	struct crypto_bignum *a, *b;
--	int res;
-+	struct crypto_bignum *a, *b = NULL;
-+	int res, is_val;
-+	u8 pwd_value_valid;
- 
- 	wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-seed", pwd_seed, SHA256_MAC_LEN);
- 
-@@ -330,16 +333,29 @@ static int sae_test_pwd_seed_ffc(struct
- 	wpa_hexdump_key(MSG_DEBUG, "SAE: pwd-value", pwd_value,
- 			sae->tmp->prime_len);
- 
--	if (os_memcmp(pwd_value, sae->tmp->dh->prime, sae->tmp->prime_len) >= 0)
--	{
--		wpa_printf(MSG_DEBUG, "SAE: pwd-value >= p");
--		return 0;
--	}
-+	/* Check whether pwd-value < p */
-+	res = const_time_memcmp(pwd_value, sae->tmp->dh->prime,
-+				sae->tmp->prime_len);
-+	/* pwd-value >= p is invalid, so res is < 0 for the valid cases and
-+	 * the negative sign can be used to fill the mask for constant time
-+	 * selection */
-+	pwd_value_valid = const_time_fill_msb(res);
-+
-+	/* If pwd-value >= p, force pwd-value to be < p and perform the
-+	 * calculations anyway to hide timing difference. The derived PWE will
-+	 * be ignored in that case. */
-+	pwd_value[0] = const_time_select_u8(pwd_value_valid, pwd_value[0], 0);
- 
- 	/* PWE = pwd-value^((p-1)/r) modulo p */
- 
-+	res = -1;
- 	a = crypto_bignum_init_set(pwd_value, sae->tmp->prime_len);
-+	if (!a)
-+		goto fail;
- 
-+	/* This is an optimization based on the used group that does not depend
-+	 * on the password in any way, so it is fine to use separate branches
-+	 * for this step without constant time operations. */
- 	if (sae->tmp->dh->safe_prime) {
- 		/*
- 		 * r = (p-1)/2 for the group used here, so this becomes:
-@@ -353,33 +369,34 @@ static int sae_test_pwd_seed_ffc(struct
- 		b = crypto_bignum_init_set(exp, sizeof(exp));
- 		if (b == NULL ||
- 		    crypto_bignum_sub(sae->tmp->prime, b, b) < 0 ||
--		    crypto_bignum_div(b, sae->tmp->order, b) < 0) {
--			crypto_bignum_deinit(b, 0);
--			b = NULL;
--		}
-+		    crypto_bignum_div(b, sae->tmp->order, b) < 0)
-+			goto fail;
- 	}
- 
--	if (a == NULL || b == NULL)
--		res = -1;
--	else
--		res = crypto_bignum_exptmod(a, b, sae->tmp->prime, pwe);
--
--	crypto_bignum_deinit(a, 0);
--	crypto_bignum_deinit(b, 0);
--
--	if (res < 0) {
--		wpa_printf(MSG_DEBUG, "SAE: Failed to calculate PWE");
--		return -1;
--	}
--
--	/* if (PWE > 1) --> found */
--	if (crypto_bignum_is_zero(pwe) || crypto_bignum_is_one(pwe)) {
--		wpa_printf(MSG_DEBUG, "SAE: PWE <= 1");
--		return 0;
--	}
-+	if (!b)
-+		goto fail;
- 
--	wpa_printf(MSG_DEBUG, "SAE: PWE found");
--	return 1;
-+	res = crypto_bignum_exptmod(a, b, sae->tmp->prime, pwe);
-+	if (res < 0)
-+		goto fail;
-+
-+	/* There were no fatal errors in calculations, so determine the return
-+	 * value using constant time operations. We get here for number of
-+	 * invalid cases which are cleared here after having performed all the
-+	 * computation. PWE is valid if pwd-value was less than prime and
-+	 * PWE > 1. Start with pwd-value check first and then use constant time
-+	 * operations to clear res to 0 if PWE is 0 or 1.
-+	 */
-+	res = const_time_select_u8(pwd_value_valid, 1, 0);
-+	is_val = crypto_bignum_is_zero(pwe);
-+	res = const_time_select_u8(const_time_is_zero(is_val), res, 0);
-+	is_val = crypto_bignum_is_one(pwe);
-+	res = const_time_select_u8(const_time_is_zero(is_val), res, 0);
-+
-+fail:
-+	crypto_bignum_deinit(a, 1);
-+	crypto_bignum_deinit(b, 1);
-+	return res;
- }
- 
- 

package/network/services/hostapd/patches/062-0004-EAP-pwd-Use-constant-time-and-memory-access-for-find.patch

@@ -1,319 +0,0 @@
-From aaf65feac67c3993935634eefe5bc76b9fce03aa Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@codeaurora.org>
-Date: Tue, 26 Feb 2019 11:59:45 +0200
-Subject: [PATCH 04/14] EAP-pwd: Use constant time and memory access for
- finding the PWE
-
-This algorithm could leak information to external observers in form of
-timing differences or memory access patterns (cache use). While the
-previous implementation had protection against the most visible timing
-differences (looping 40 rounds and masking the legendre operation), it
-did not protect against memory access patterns between the two possible
-code paths in the masking operations. That might be sufficient to allow
-an unprivileged process running on the same device to be able to
-determine which path is being executed through a cache attack and based
-on that, determine information about the used password.
-
-Convert the PWE finding loop to use constant time functions and
-identical memory access path without different branches for the QR/QNR
-cases to minimize possible side-channel information similarly to the
-changes done for SAE authentication. (CVE-2019-9495)
-
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
----
- src/eap_common/eap_pwd_common.c | 187 +++++++++++++++++++++-------------------
- 1 file changed, 99 insertions(+), 88 deletions(-)
-
---- a/src/eap_common/eap_pwd_common.c
-+++ b/src/eap_common/eap_pwd_common.c
-@@ -8,11 +8,15 @@
- 
- #include "includes.h"
- #include "common.h"
-+#include "utils/const_time.h"
- #include "crypto/sha256.h"
- #include "crypto/crypto.h"
- #include "eap_defs.h"
- #include "eap_pwd_common.h"
- 
-+#define MAX_ECC_PRIME_LEN 66
-+
-+
- /* The random function H(x) = HMAC-SHA256(0^32, x) */
- struct crypto_hash * eap_pwd_h_init(void)
- {
-@@ -102,6 +106,15 @@ EAP_PWD_group * get_eap_pwd_group(u16 nu
- }
- 
- 
-+static void buf_shift_right(u8 *buf, size_t len, size_t bits)
-+{
-+	size_t i;
-+	for (i = len - 1; i > 0; i--)
-+		buf[i] = (buf[i - 1] << (8 - bits)) | (buf[i] >> bits);
-+	buf[0] >>= bits;
-+}
-+
-+
- /*
-  * compute a "random" secret point on an elliptic curve based
-  * on the password and identities.
-@@ -113,17 +126,27 @@ int compute_password_element(EAP_PWD_gro
- 			     const u8 *token)
- {
- 	struct crypto_bignum *qr = NULL, *qnr = NULL, *one = NULL;
-+	struct crypto_bignum *qr_or_qnr = NULL;
-+	u8 qr_bin[MAX_ECC_PRIME_LEN];
-+	u8 qnr_bin[MAX_ECC_PRIME_LEN];
-+	u8 qr_or_qnr_bin[MAX_ECC_PRIME_LEN];
-+	u8 x_bin[MAX_ECC_PRIME_LEN];
- 	struct crypto_bignum *tmp1 = NULL, *tmp2 = NULL, *pm1 = NULL;
- 	struct crypto_hash *hash;
- 	unsigned char pwe_digest[SHA256_MAC_LEN], *prfbuf = NULL, ctr;
--	int is_odd, ret = 0, check, found = 0;
--	size_t primebytelen, primebitlen;
--	struct crypto_bignum *x_candidate = NULL, *rnd = NULL, *cofactor = NULL;
-+	int ret = 0, check, res;
-+	u8 found = 0; /* 0 (false) or 0xff (true) to be used as const_time_*
-+		       * mask */
-+	size_t primebytelen = 0, primebitlen;
-+	struct crypto_bignum *x_candidate = NULL, *cofactor = NULL;
- 	const struct crypto_bignum *prime;
-+	u8 mask, found_ctr = 0, is_odd = 0;
- 
- 	if (grp->pwe)
- 		return -1;
- 
-+	os_memset(x_bin, 0, sizeof(x_bin));
-+
- 	prime = crypto_ec_get_prime(grp->group);
- 	cofactor = crypto_bignum_init();
- 	grp->pwe = crypto_ec_point_init(grp->group);
-@@ -152,8 +175,6 @@ int compute_password_element(EAP_PWD_gro
- 
- 	/* get a random quadratic residue and nonresidue */
- 	while (!qr || !qnr) {
--		int res;
--
- 		if (crypto_bignum_rand(tmp1, prime) < 0)
- 			goto fail;
- 		res = crypto_bignum_legendre(tmp1, prime);
-@@ -167,6 +188,11 @@ int compute_password_element(EAP_PWD_gro
- 		if (!tmp1)
- 			goto fail;
- 	}
-+	if (crypto_bignum_to_bin(qr, qr_bin, sizeof(qr_bin),
-+				 primebytelen) < 0 ||
-+	    crypto_bignum_to_bin(qnr, qnr_bin, sizeof(qnr_bin),
-+				 primebytelen) < 0)
-+		goto fail;
- 
- 	os_memset(prfbuf, 0, primebytelen);
- 	ctr = 0;
-@@ -194,17 +220,16 @@ int compute_password_element(EAP_PWD_gro
- 		eap_pwd_h_update(hash, &ctr, sizeof(ctr));
- 		eap_pwd_h_final(hash, pwe_digest);
- 
--		crypto_bignum_deinit(rnd, 1);
--		rnd = crypto_bignum_init_set(pwe_digest, SHA256_MAC_LEN);
--		if (!rnd) {
--			wpa_printf(MSG_INFO, "EAP-pwd: unable to create rnd");
--			goto fail;
--		}
-+		is_odd = const_time_select_u8(
-+			found, is_odd, pwe_digest[SHA256_MAC_LEN - 1] & 0x01);
- 		if (eap_pwd_kdf(pwe_digest, SHA256_MAC_LEN,
- 				(u8 *) "EAP-pwd Hunting And Pecking",
- 				os_strlen("EAP-pwd Hunting And Pecking"),
- 				prfbuf, primebitlen) < 0)
- 			goto fail;
-+		if (primebitlen % 8)
-+			buf_shift_right(prfbuf, primebytelen,
-+					8 - primebitlen % 8);
- 
- 		crypto_bignum_deinit(x_candidate, 1);
- 		x_candidate = crypto_bignum_init_set(prfbuf, primebytelen);
-@@ -214,24 +239,13 @@ int compute_password_element(EAP_PWD_gro
- 			goto fail;
- 		}
- 
--		/*
--		 * eap_pwd_kdf() returns a string of bits 0..primebitlen but
--		 * BN_bin2bn will treat that string of bits as a big endian
--		 * number. If the primebitlen is not an even multiple of 8
--		 * then excessive bits-- those _after_ primebitlen-- so now
--		 * we have to shift right the amount we masked off.
--		 */
--		if ((primebitlen % 8) &&
--		    crypto_bignum_rshift(x_candidate,
--					 (8 - (primebitlen % 8)),
--					 x_candidate) < 0)
--			goto fail;
--
- 		if (crypto_bignum_cmp(x_candidate, prime) >= 0)
- 			continue;
- 
--		wpa_hexdump(MSG_DEBUG, "EAP-pwd: x_candidate",
--			    prfbuf, primebytelen);
-+		wpa_hexdump_key(MSG_DEBUG, "EAP-pwd: x_candidate",
-+				prfbuf, primebytelen);
-+		const_time_select_bin(found, x_bin, prfbuf, primebytelen,
-+				      x_bin);
- 
- 		/*
- 		 * compute y^2 using the equation of the curve
-@@ -260,13 +274,15 @@ int compute_password_element(EAP_PWD_gro
- 		 * Flip a coin, multiply by the random quadratic residue or the
- 		 * random quadratic nonresidue and record heads or tails.
- 		 */
--		if (crypto_bignum_is_odd(tmp1)) {
--			crypto_bignum_mulmod(tmp2, qr, prime, tmp2);
--			check = 1;
--		} else {
--			crypto_bignum_mulmod(tmp2, qnr, prime, tmp2);
--			check = -1;
--		}
-+		mask = const_time_eq_u8(crypto_bignum_is_odd(tmp1), 1);
-+		check = const_time_select_s8(mask, 1, -1);
-+		const_time_select_bin(mask, qr_bin, qnr_bin, primebytelen,
-+				      qr_or_qnr_bin);
-+		crypto_bignum_deinit(qr_or_qnr, 1);
-+		qr_or_qnr = crypto_bignum_init_set(qr_or_qnr_bin, primebytelen);
-+		if (!qr_or_qnr ||
-+		    crypto_bignum_mulmod(tmp2, qr_or_qnr, prime, tmp2) < 0)
-+			goto fail;
- 
- 		/*
- 		 * Now it's safe to do legendre, if check is 1 then it's
-@@ -274,59 +290,12 @@ int compute_password_element(EAP_PWD_gro
- 		 * change result), if check is -1 then it's the opposite test
- 		 * (multiplying a qr by qnr would make a qnr).
- 		 */
--		if (crypto_bignum_legendre(tmp2, prime) == check) {
--			if (found == 1)
--				continue;
--
--			/* need to unambiguously identify the solution */
--			is_odd = crypto_bignum_is_odd(rnd);
--
--			/*
--			 * We know x_candidate is a quadratic residue so set
--			 * it here.
--			 */
--			if (crypto_ec_point_solve_y_coord(grp->group, grp->pwe,
--							  x_candidate,
--							  is_odd) != 0) {
--				wpa_printf(MSG_INFO,
--					   "EAP-pwd: Could not solve for y");
--				continue;
--			}
--
--			/*
--			 * If there's a solution to the equation then the point
--			 * must be on the curve so why check again explicitly?
--			 * OpenSSL code says this is required by X9.62. We're
--			 * not X9.62 but it can't hurt just to be sure.
--			 */
--			if (!crypto_ec_point_is_on_curve(grp->group,
--							 grp->pwe)) {
--				wpa_printf(MSG_INFO,
--					   "EAP-pwd: point is not on curve");
--				continue;
--			}
--
--			if (!crypto_bignum_is_one(cofactor)) {
--				/* make sure the point is not in a small
--				 * sub-group */
--				if (crypto_ec_point_mul(grp->group, grp->pwe,
--							cofactor,
--							grp->pwe) != 0) {
--					wpa_printf(MSG_INFO,
--						   "EAP-pwd: cannot multiply generator by order");
--					continue;
--				}
--				if (crypto_ec_point_is_at_infinity(grp->group,
--								   grp->pwe)) {
--					wpa_printf(MSG_INFO,
--						   "EAP-pwd: point is at infinity");
--					continue;
--				}
--			}
--			wpa_printf(MSG_DEBUG,
--				   "EAP-pwd: found a PWE in %d tries", ctr);
--			found = 1;
--		}
-+		res = crypto_bignum_legendre(tmp2, prime);
-+		if (res == -2)
-+			goto fail;
-+		mask = const_time_eq(res, check);
-+		found_ctr = const_time_select_u8(found, found_ctr, ctr);
-+		found |= mask;
- 	}
- 	if (found == 0) {
- 		wpa_printf(MSG_INFO,
-@@ -334,6 +303,44 @@ int compute_password_element(EAP_PWD_gro
- 			   num);
- 		goto fail;
- 	}
-+
-+	/*
-+	 * We know x_candidate is a quadratic residue so set it here.
-+	 */
-+	crypto_bignum_deinit(x_candidate, 1);
-+	x_candidate = crypto_bignum_init_set(x_bin, primebytelen);
-+	if (!x_candidate ||
-+	    crypto_ec_point_solve_y_coord(grp->group, grp->pwe, x_candidate,
-+					  is_odd) != 0) {
-+		wpa_printf(MSG_INFO, "EAP-pwd: Could not solve for y");
-+		goto fail;
-+	}
-+
-+	/*
-+	 * If there's a solution to the equation then the point must be on the
-+	 * curve so why check again explicitly? OpenSSL code says this is
-+	 * required by X9.62. We're not X9.62 but it can't hurt just to be sure.
-+	 */
-+	if (!crypto_ec_point_is_on_curve(grp->group, grp->pwe)) {
-+		wpa_printf(MSG_INFO, "EAP-pwd: point is not on curve");
-+		goto fail;
-+	}
-+
-+	if (!crypto_bignum_is_one(cofactor)) {
-+		/* make sure the point is not in a small sub-group */
-+		if (crypto_ec_point_mul(grp->group, grp->pwe, cofactor,
-+					grp->pwe) != 0) {
-+			wpa_printf(MSG_INFO,
-+				   "EAP-pwd: cannot multiply generator by order");
-+			goto fail;
-+		}
-+		if (crypto_ec_point_is_at_infinity(grp->group, grp->pwe)) {
-+			wpa_printf(MSG_INFO, "EAP-pwd: point is at infinity");
-+			goto fail;
-+		}
-+	}
-+	wpa_printf(MSG_DEBUG, "EAP-pwd: found a PWE in %02d tries", found_ctr);
-+
- 	if (0) {
-  fail:
- 		crypto_ec_point_deinit(grp->pwe, 1);
-@@ -343,14 +350,18 @@ int compute_password_element(EAP_PWD_gro
- 	/* cleanliness and order.... */
- 	crypto_bignum_deinit(cofactor, 1);
- 	crypto_bignum_deinit(x_candidate, 1);
--	crypto_bignum_deinit(rnd, 1);
- 	crypto_bignum_deinit(pm1, 0);
- 	crypto_bignum_deinit(tmp1, 1);
- 	crypto_bignum_deinit(tmp2, 1);
- 	crypto_bignum_deinit(qr, 1);
- 	crypto_bignum_deinit(qnr, 1);
-+	crypto_bignum_deinit(qr_or_qnr, 1);
- 	crypto_bignum_deinit(one, 0);
--	os_free(prfbuf);
-+	bin_clear_free(prfbuf, primebytelen);
-+	os_memset(qr_bin, 0, sizeof(qr_bin));
-+	os_memset(qnr_bin, 0, sizeof(qnr_bin));
-+	os_memset(qr_or_qnr_bin, 0, sizeof(qr_or_qnr_bin));
-+	os_memset(pwe_digest, 0, sizeof(pwe_digest));
- 
- 	return ret;
- }

package/network/services/hostapd/patches/063-0010-SAE-Fix-confirm-message-validation-in-error-cases.patch

@@ -1,52 +0,0 @@
-From ac8fa9ef198640086cf2ce7c94673be2b6a018a0 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@codeaurora.org>
-Date: Tue, 5 Mar 2019 23:43:25 +0200
-Subject: [PATCH 10/14] SAE: Fix confirm message validation in error cases
-
-Explicitly verify that own and peer commit scalar/element are available
-when trying to check SAE confirm message. It could have been possible to
-hit a NULL pointer dereference if the peer element could not have been
-parsed. (CVE-2019-9496)
-
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
----
- src/common/sae.c | 14 +++++++++++---
- 1 file changed, 11 insertions(+), 3 deletions(-)
-
---- a/src/common/sae.c
-+++ b/src/common/sae.c
-@@ -1464,23 +1464,31 @@ int sae_check_confirm(struct sae_data *s
- 
- 	wpa_printf(MSG_DEBUG, "SAE: peer-send-confirm %u", WPA_GET_LE16(data));
- 
--	if (sae->tmp == NULL) {
-+	if (!sae->tmp || !sae->peer_commit_scalar ||
-+	    !sae->tmp->own_commit_scalar) {
- 		wpa_printf(MSG_DEBUG, "SAE: Temporary data not yet available");
- 		return -1;
- 	}
- 
--	if (sae->tmp->ec)
-+	if (sae->tmp->ec) {
-+		if (!sae->tmp->peer_commit_element_ecc ||
-+		    !sae->tmp->own_commit_element_ecc)
-+			return -1;
- 		sae_cn_confirm_ecc(sae, data, sae->peer_commit_scalar,
- 				   sae->tmp->peer_commit_element_ecc,
- 				   sae->tmp->own_commit_scalar,
- 				   sae->tmp->own_commit_element_ecc,
- 				   verifier);
--	else
-+	} else {
-+		if (!sae->tmp->peer_commit_element_ffc ||
-+		    !sae->tmp->own_commit_element_ffc)
-+			return -1;
- 		sae_cn_confirm_ffc(sae, data, sae->peer_commit_scalar,
- 				   sae->tmp->peer_commit_element_ffc,
- 				   sae->tmp->own_commit_scalar,
- 				   sae->tmp->own_commit_element_ffc,
- 				   verifier);
-+	}
- 
- 	if (os_memcmp_const(verifier, data + 2, SHA256_MAC_LEN) != 0) {
- 		wpa_printf(MSG_DEBUG, "SAE: Confirm mismatch");

package/network/services/hostapd/patches/064-0011-EAP-pwd-server-Verify-received-scalar-and-element.patch

@@ -1,53 +0,0 @@
-From 70ff850e89fbc8bc7da515321b4d15b5eef70581 Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
-Date: Sun, 31 Mar 2019 17:13:06 +0200
-Subject: [PATCH 11/14] EAP-pwd server: Verify received scalar and element
-
-When processing an EAP-pwd Commit frame, the peer's scalar and element
-(elliptic curve point) were not validated. This allowed an adversary to
-bypass authentication, and impersonate any user if the crypto
-implementation did not verify the validity of the EC point.
-
-Fix this vulnerability by assuring the received scalar lies within the
-valid range, and by checking that the received element is not the point
-at infinity and lies on the elliptic curve being used. (CVE-2019-9498)
-
-The vulnerability is only exploitable if OpenSSL version 1.0.2 or lower
-is used, or if LibreSSL or wolfssl is used. Newer versions of OpenSSL
-(and also BoringSSL) implicitly validate the elliptic curve point in
-EC_POINT_set_affine_coordinates_GFp(), preventing the attack.
-
-Signed-off-by: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
----
- src/eap_server/eap_server_pwd.c | 20 ++++++++++++++++++++
- 1 file changed, 20 insertions(+)
-
---- a/src/eap_server/eap_server_pwd.c
-+++ b/src/eap_server/eap_server_pwd.c
-@@ -718,6 +718,26 @@ eap_pwd_process_commit_resp(struct eap_s
- 		goto fin;
- 	}
- 
-+	/* verify received scalar */
-+	if (crypto_bignum_is_zero(data->peer_scalar) ||
-+	    crypto_bignum_is_one(data->peer_scalar) ||
-+	    crypto_bignum_cmp(data->peer_scalar,
-+			      crypto_ec_get_order(data->grp->group)) >= 0) {
-+		wpa_printf(MSG_INFO,
-+			   "EAP-PWD (server): received scalar is invalid");
-+		goto fin;
-+	}
-+
-+	/* verify received element */
-+	if (!crypto_ec_point_is_on_curve(data->grp->group,
-+					 data->peer_element) ||
-+	    crypto_ec_point_is_at_infinity(data->grp->group,
-+					   data->peer_element)) {
-+		wpa_printf(MSG_INFO,
-+			   "EAP-PWD (server): received element is invalid");
-+		goto fin;
-+	}
-+
- 	/* check to ensure peer's element is not in a small sub-group */
- 	if (!crypto_bignum_is_one(cofactor)) {
- 		if (crypto_ec_point_mul(data->grp->group, data->peer_element,