From: Miaoqing Pan Date: Thu, 18 Dec 2025 03:04:47 +0000 (+0800) Subject: wpa-supplicant: enable OWE support X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d16c66b4efada276536ccd3c8456f02ab9753e2e;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git wpa-supplicant: enable OWE support Enable Opportunistic Wireless Encryption (OWE) in wpa_supplicant for easier testing and examples by setting CONFIG_OWE=y in defconfig. OWE is standardized in IEEE Std 802.11-2024 and specified by RFC 8110 (updated by RFC 9672). Disable OWE when PACKAGECONFIG selects gnutls to prevent build failures. Signed-off-by: Miaoqing Pan Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --- diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-defconfig-Update-Opportunistic-Wireless-Encryption-O.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-defconfig-Update-Opportunistic-Wireless-Encryption-O.patch new file mode 100644 index 0000000000..7311b76b6f --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-defconfig-Update-Opportunistic-Wireless-Encryption-O.patch @@ -0,0 +1,39 @@ +From fb043a27324ba81502b8986a31222f38aa414bbf Mon Sep 17 00:00:00 2001 +From: Miaoqing Pan +Date: Thu, 18 Dec 2025 09:46:03 +0800 +Subject: [PATCH 1/3] defconfig: Update Opportunistic Wireless Encryption (OWE) + state + +OWE enhances privacy in public and enterprise environments where open +networks are prevalent. Enabling OWE aligns with modern security best +practices and supports the testing and development of OWE-capable +devices. + +OWE is now standardized in IEEE Std 802.11-2024 while it was originally +specified in IETF RFC 8110 (updated by RFC 9672). It is not experimental +anymore, i.e., there has been significant interoperability testing and +there are deployed cases. + +Signed-off-by: Miaoqing Pan +Upstream-Status: Backport [https://git.w1.fi/cgit/hostap/commit/?id=39db92dcf301793ce45a8ebf85c425f67c670058] +--- + wpa_supplicant/defconfig | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig +index 52befd8..044604a 100644 +--- a/wpa_supplicant/defconfig ++++ b/wpa_supplicant/defconfig +@@ -638,8 +638,7 @@ CONFIG_BGSCAN_SIMPLE=y + #CONFIG_BGSCAN_LEARN=y + + # Opportunistic Wireless Encryption (OWE) +-# Experimental implementation of draft-harkins-owe-07.txt +-#CONFIG_OWE=y ++CONFIG_OWE=y + + # Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect) + CONFIG_DPP=y +-- +2.34.1 + diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb index 6ba10a8ca9..50f16e935d 100644 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.11.bb @@ -16,6 +16,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ file://wpa_supplicant.conf-sane \ file://99_wpa_supplicant \ file://0001-macsec_linux-Hardware-offload-requires-Linux-headers.patch \ + file://0002-defconfig-Update-Opportunistic-Wireless-Encryption-O.patch \ file://CVE-2025-24912-01.patch \ file://CVE-2025-24912-02.patch \ " @@ -45,7 +46,8 @@ do_configure () { echo 'CONFIG_TLS=gnutls' >>wpa_supplicant/.config sed -i -e 's/\(^CONFIG_DPP=\)/#\1/' \ -e 's/\(^CONFIG_EAP_PWD=\)/#\1/' \ - -e 's/\(^CONFIG_SAE=\)/#\1/' wpa_supplicant/.config + -e 's/\(^CONFIG_SAE=\)/#\1/' \ + -e 's/\(^CONFIG_OWE=\)/#\1/' wpa_supplicant/.config fi # For rebuild