PKG_SOURCE_URL:=https://w1.fi/hostap.git
PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2026-03-19
-PKG_SOURCE_VERSION:=2a98e6b981fb3f81b3ce3aa5f3941e509f73c454
-PKG_MIRROR_HASH:=34487c2c24a93bb7ead4b1f850152bdab475ea897419be18b3dd3df2fdde6a7b
+PKG_SOURCE_DATE:=2026-03-23
+PKG_SOURCE_VERSION:=3f9b7ae0780973446d3feea27b4caf6dbf43f0c6
+PKG_MIRROR_HASH:=5421a6bfe145559d27930010f1aba7781a483898e6de5462024871388f114661
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
PKG_LICENSE:=BSD-3-Clause
+++ /dev/null
-From 3650b847ca9dac1e38c09116321010f33c4dc194 Mon Sep 17 00:00:00 2001
-From: Nick Hainke <vincent@systemli.org>
-Date: Fri, 20 Mar 2026 11:08:19 +0100
-Subject: [PATCH] RSN: Fix pmksa_cache_flush prototype mismatch in
- non-IEEE8021X_EAPOL case
-
-Fix compilation error caused by conflicting declarations of
-pmksa_cache_flush() when IEEE8021X_EAPOL is not enabled or
-CONFIG_NO_WPA is set. The function definition in pmksa_cache.c
-was missing the addr parameter present in the header declaration
-for this build configuration.
-
-Align the implementation with the header by adding the missing
-parameter.
-
-Fixes: e6dbaa673f39 ("SAE: Limit PMKSA flushing on failure to the current BSS")
-Signed-off-by: Nick Hainke <vincent@systemli.org>
----
- src/rsn_supp/pmksa_cache.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
---- a/src/rsn_supp/pmksa_cache.c
-+++ b/src/rsn_supp/pmksa_cache.c
-@@ -955,7 +955,8 @@ int pmksa_cache_set_current(struct wpa_s
-
-
- void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, void *network_ctx,
-- const u8 *pmk, size_t pmk_len, bool external_only)
-+ const u8 *pmk, size_t pmk_len, bool external_only,
-+ const u8 *addr)
- {
- }
-
ifdef CONFIG_RADIUS_SERVER
CFLAGS += -DRADIUS_SERVER
-@@ -1373,7 +1458,9 @@ NOBJS += ../src/utils/trace.o
+@@ -1374,7 +1459,9 @@ NOBJS += ../src/utils/trace.o
endif
HOBJS += hlr_auc_gw.o ../src/utils/common.o ../src/utils/wpa_debug.o ../src/utils/os_$(CONFIG_OS).o ../src/utils/wpabuf.o ../src/crypto/milenage.o
ifdef CONFIG_INTERNAL_AES
HOBJS += ../src/crypto/aes-internal.o
HOBJS += ../src/crypto/aes-internal-enc.o
-@@ -1396,18 +1483,24 @@ SOBJS += ../src/common/sae.o
+@@ -1397,18 +1484,24 @@ SOBJS += ../src/common/sae.o
SOBJS += ../src/common/sae_pk.o
SOBJS += ../src/common/dragonfly.o
SOBJS += $(AESOBJS)
CONFIG_SIM_SIMULATOR=y
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -1265,6 +1265,29 @@ endif
+@@ -1266,6 +1266,29 @@ endif
CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\"
endif
ifeq ($(CONFIG_TLS), gnutls)
ifndef CONFIG_CRYPTO
# default to libgcrypt
-@@ -1457,9 +1480,11 @@ endif
+@@ -1458,9 +1481,11 @@ endif
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), wolfssl)
ifdef CONFIG_OPENSSL_INTERNAL_AES_WRAP
# Seems to be needed at least with BoringSSL
NEED_INTERNAL_AES_WRAP=y
-@@ -1473,9 +1498,11 @@ endif
+@@ -1474,9 +1499,11 @@ endif
ifdef NEED_INTERNAL_AES_WRAP
ifneq ($(CONFIG_TLS), linux)
ifdef NEED_AES_EAX
AESOBJS += ../src/crypto/aes-eax.o
NEED_AES_CTR=y
-@@ -1485,35 +1512,45 @@ AESOBJS += ../src/crypto/aes-siv.o
+@@ -1486,35 +1513,45 @@ AESOBJS += ../src/crypto/aes-siv.o
NEED_AES_CTR=y
endif
ifdef NEED_AES_CTR
ifdef NEED_AES_ENC
ifdef CONFIG_INTERNAL_AES
AESOBJS += ../src/crypto/aes-internal-enc.o
-@@ -1528,12 +1565,16 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1529,12 +1566,16 @@ ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), linux)
ifneq ($(CONFIG_TLS), gnutls)
ifneq ($(CONFIG_TLS), wolfssl)
ifdef CONFIG_INTERNAL_SHA1
SHA1OBJS += ../src/crypto/sha1-internal.o
ifdef NEED_FIPS186_2_PRF
-@@ -1545,29 +1586,37 @@ CFLAGS += -DCONFIG_NO_PBKDF2
+@@ -1546,29 +1587,37 @@ CFLAGS += -DCONFIG_NO_PBKDF2
else
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), wolfssl)
ifdef NEED_MD5
ifdef CONFIG_INTERNAL_MD5
MD5OBJS += ../src/crypto/md5-internal.o
-@@ -1622,12 +1671,17 @@ ifneq ($(CONFIG_TLS), openssl)
+@@ -1623,12 +1672,17 @@ ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), linux)
ifneq ($(CONFIG_TLS), gnutls)
ifneq ($(CONFIG_TLS), wolfssl)
ifdef CONFIG_INTERNAL_SHA256
SHA256OBJS += ../src/crypto/sha256-internal.o
endif
-@@ -1640,50 +1694,68 @@ CFLAGS += -DCONFIG_INTERNAL_SHA512
+@@ -1641,50 +1695,68 @@ CFLAGS += -DCONFIG_INTERNAL_SHA512
SHA256OBJS += ../src/crypto/sha512-internal.o
endif
ifdef NEED_TLS_PRF_SHA256
ifdef NEED_ASN1
OBJS += ../src/tls/asn1.o
-@@ -1858,10 +1930,12 @@ ifdef CONFIG_FIPS
+@@ -1859,10 +1931,12 @@ ifdef CONFIG_FIPS
CFLAGS += -DCONFIG_FIPS
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), wolfssl)
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -1276,10 +1276,6 @@ endif
+@@ -1277,10 +1277,6 @@ endif
OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
OBJS_p += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
OBJS_priv += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
if (need_more_data) {
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -1223,6 +1223,7 @@ TLS_FUNCS=y
+@@ -1224,6 +1224,7 @@ TLS_FUNCS=y
endif
ifeq ($(CONFIG_TLS), wolfssl)
CFLAGS += -DCRYPTO_RSA_OAEP_SHA256
ifdef TLS_FUNCS
CFLAGS += -DWOLFSSL_DER_LOAD
-@@ -1239,6 +1240,7 @@ LIBS_p += -lwolfssl -lm
+@@ -1240,6 +1241,7 @@ LIBS_p += -lwolfssl -lm
endif
ifeq ($(CONFIG_TLS), openssl)
CFLAGS += -DCRYPTO_RSA_OAEP_SHA256
ifdef TLS_FUNCS
CFLAGS += -DEAP_TLS_OPENSSL
-@@ -1266,6 +1268,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF
+@@ -1267,6 +1269,7 @@ CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONF
endif
ifeq ($(CONFIG_TLS), mbedtls)
ifndef CONFIG_CRYPTO
CONFIG_CRYPTO=mbedtls
endif
-@@ -1285,6 +1288,7 @@ endif
+@@ -1286,6 +1289,7 @@ endif
endif
ifeq ($(CONFIG_TLS), gnutls)
ifndef CONFIG_CRYPTO
# default to libgcrypt
CONFIG_CRYPTO=gnutls
-@@ -1315,6 +1319,7 @@ endif
+@@ -1316,6 +1320,7 @@ endif
endif
ifeq ($(CONFIG_TLS), internal)
ifndef CONFIG_CRYPTO
CONFIG_CRYPTO=internal
endif
-@@ -1395,6 +1400,7 @@ endif
+@@ -1396,6 +1401,7 @@ endif
endif
ifeq ($(CONFIG_TLS), linux)
LIBS += $(DRV_AP_LIBS)
ifdef CONFIG_L2_PACKET
-@@ -1424,6 +1430,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
+@@ -1425,6 +1431,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
_OBJS_VAR := OBJS
include ../src/objs.mk
hostapd: $(OBJS)
$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
@$(E) " LD " $@
-@@ -1512,6 +1524,12 @@ include ../src/objs.mk
+@@ -1513,6 +1525,12 @@ include ../src/objs.mk
_OBJS_VAR := SOBJS
include ../src/objs.mk
if (c < 0)
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
-@@ -2580,8 +2580,8 @@ static void hostapd_mld_iface_disable(st
+@@ -2596,8 +2596,8 @@ static void hostapd_mld_iface_disable(st
#endif /* CONFIG_IEEE80211BE */
{
struct hostapd_data *hapd = ctx;
struct sta_info *sta;
-@@ -2943,7 +2943,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -2967,7 +2967,7 @@ void wpa_supplicant_event(void *ctx, enu
}
struct hapd_interfaces *interfaces = ctx;
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
-@@ -7291,8 +7291,8 @@ union wpa_event_data {
+@@ -7309,8 +7309,8 @@ union wpa_event_data {
* Driver wrapper code should call this function whenever an event is received
* from the driver.
*/
/**
* wpa_supplicant_event_global - Report a driver event for wpa_supplicant
-@@ -7304,7 +7304,7 @@ void wpa_supplicant_event(void *ctx, enu
+@@ -7322,7 +7322,7 @@ void wpa_supplicant_event(void *ctx, enu
* Same as wpa_supplicant_event(), but we search for the interface in
* wpa_global.
*/
OBJS += ../src/ap/hostapd.o
OBJS += ../src/ap/wpa_auth_glue.o
OBJS += ../src/ap/utils.o
-@@ -1115,6 +1124,12 @@ endif
+@@ -1116,6 +1125,12 @@ endif
ifdef CONFIG_HS20
OBJS += ../src/ap/hs20.o
endif
endif
ifdef CONFIG_MBO
-@@ -1124,7 +1139,9 @@ NEED_GAS=y
+@@ -1125,7 +1140,9 @@ NEED_GAS=y
endif
ifdef NEED_RSN_AUTHENTICATOR
NEED_AES_WRAP=y
OBJS += ../src/ap/wpa_auth.o
OBJS += ../src/ap/wpa_auth_ie.o
-@@ -2124,6 +2141,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
+@@ -2125,6 +2142,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
_OBJS_VAR := OBJS
include ../src/objs.mk
wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
@$(E) " LD " $@
-@@ -2256,6 +2279,12 @@ eap_gpsk.so: $(SRC_EAP_GPSK)
+@@ -2257,6 +2280,12 @@ eap_gpsk.so: $(SRC_EAP_GPSK)
$(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@
@$(E) " sed" $<
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
-@@ -1437,7 +1437,7 @@ hostapd_multi.a: $(BCHECK) $(OBJS)
+@@ -1438,7 +1438,7 @@ hostapd_multi.a: $(BCHECK) $(OBJS)
@$(AR) cr $@ hostapd_multi.o $(OBJS)
hostapd: $(OBJS)
@$(E) " LD " $@
ifdef CONFIG_WPA_TRACE
-@@ -1448,7 +1448,7 @@ _OBJS_VAR := OBJS_c
+@@ -1449,7 +1449,7 @@ _OBJS_VAR := OBJS_c
include ../src/objs.mk
hostapd_cli: $(OBJS_c)
NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS)
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
-@@ -2148,31 +2148,31 @@ wpa_supplicant_multi.a: .config $(BCHECK
+@@ -2149,31 +2149,31 @@ wpa_supplicant_multi.a: .config $(BCHECK
@$(AR) cr $@ wpa_supplicant_multi.o $(OBJS)
wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
-@@ -6490,6 +6490,7 @@ static const char * wpa_bool_txt(int val
+@@ -6526,6 +6526,7 @@ static const char * wpa_bool_txt(int val
return val ? "TRUE" : "FALSE";
}
#define RSN_SUITE "%02x-%02x-%02x-%d"
#define RSN_SUITE_ARG(s) \
-@@ -6642,7 +6643,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
+@@ -6678,7 +6679,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
return len;
}
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
-@@ -1527,7 +1527,7 @@ int wpas_ap_wps_nfc_report_handover(stru
+@@ -1535,7 +1535,7 @@ int wpas_ap_wps_nfc_report_handover(stru
#endif /* CONFIG_WPS */
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
-@@ -1855,6 +1855,21 @@ int ap_switch_channel(struct wpa_supplic
+@@ -1863,6 +1863,21 @@ int ap_switch_channel(struct wpa_supplic
#ifdef CONFIG_CTRL_IFACE
int ap_ctrl_iface_chanswitch(struct wpa_supplicant *wpa_s, const char *pos)
{
struct csa_settings settings;
-@@ -1874,12 +1889,18 @@ int ap_ctrl_iface_chanswitch(struct wpa_
+@@ -1882,12 +1897,18 @@ int ap_ctrl_iface_chanswitch(struct wpa_
return -1;
ret = hostapd_parse_csa_settings(iface, pos, &settings);
return 0;
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
-@@ -332,6 +332,10 @@ int hostapd_notif_assoc(struct hostapd_d
+@@ -333,6 +333,10 @@ int hostapd_notif_assoc(struct hostapd_d
#endif /* CONFIG_OWE */
bool updated = false;
bool driver_acl;
#ifdef CONFIG_P2P
if (hapd->p2p_group && (!hapd->started || hapd->disabled)) {
-@@ -527,6 +531,12 @@ int hostapd_notif_assoc(struct hostapd_d
+@@ -528,6 +532,12 @@ int hostapd_notif_assoc(struct hostapd_d
}
#endif /* CONFIG_IEEE80211BE */
#ifdef CONFIG_P2P
if (elems.p2p) {
wpabuf_free(sta->p2p_ie);
-@@ -1424,6 +1434,7 @@ void hostapd_event_ch_switch(struct host
+@@ -1425,6 +1435,7 @@ void hostapd_event_ch_switch(struct host
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_CSA_FINISHED
"freq=%d dfs=%d", freq, is_dfs);
int interface_added; /* virtual interface added for this BSS */
unsigned int started:1;
unsigned int disabled:1;
-@@ -783,6 +785,7 @@ hostapd_alloc_bss_data(struct hostapd_if
+@@ -785,6 +787,7 @@ hostapd_alloc_bss_data(struct hostapd_if
struct hostapd_bss_config *bss);
int hostapd_setup_interface(struct hostapd_iface *iface);
int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err);
int interface_added; /* virtual interface added for this BSS */
unsigned int started:1;
unsigned int disabled:1;
-@@ -585,6 +591,7 @@ struct hostapd_mld {
+@@ -587,6 +593,7 @@ struct hostapd_mld {
*/
struct hostapd_iface {
struct hapd_interfaces *interfaces;
void *owner;
char *config_fname;
struct hostapd_config *conf;
-@@ -794,11 +801,16 @@ struct hostapd_iface * hostapd_init(stru
+@@ -796,11 +803,16 @@ struct hostapd_iface * hostapd_init(stru
struct hostapd_iface *
hostapd_interface_init_bss(struct hapd_interfaces *interfaces, const char *phy,
const char *config_fname, int debug);
int hostapd_enable_iface(struct hostapd_iface *hapd_iface);
int hostapd_reload_iface(struct hostapd_iface *hapd_iface);
int hostapd_reload_bss_only(struct hostapd_data *bss);
-@@ -824,6 +836,7 @@ hostapd_switch_channel_fallback(struct h
+@@ -826,6 +838,7 @@ hostapd_switch_channel_fallback(struct h
void hostapd_cleanup_cs_params(struct hostapd_data *hapd);
void hostapd_periodic_iface(struct hostapd_iface *iface);
int hostapd_owe_trans_get_info(struct hostapd_data *hapd);
* set_sta_vlan - Bind a station into a specific interface (AP only)
* @priv: Private driver interface data
* @ifname: Interface (main or virtual BSS or VLAN)
-@@ -7017,6 +7036,7 @@ union wpa_event_data {
+@@ -7023,6 +7042,7 @@ union wpa_event_data {
/**
* struct ch_switch
* @freq: Frequency of new channel in MHz
* @ht_enabled: Whether this is an HT channel
* @ch_offset: Secondary channel offset
-@@ -7027,6 +7047,7 @@ union wpa_event_data {
+@@ -7033,6 +7053,7 @@ union wpa_event_data {
* @punct_bitmap: Puncturing bitmap
*/
struct ch_switch {
if (link) {
data.ch_switch.link_id = nla_get_u8(link);
-@@ -4332,6 +4335,7 @@ static void do_process_drv_event(struct
+@@ -4421,6 +4424,7 @@ static void do_process_drv_event(struct
tb[NL80211_ATTR_CENTER_FREQ1],
tb[NL80211_ATTR_CENTER_FREQ2],
tb[NL80211_ATTR_PUNCT_BITMAP],
0);
break;
case NL80211_CMD_CH_SWITCH_NOTIFY:
-@@ -4344,6 +4348,7 @@ static void do_process_drv_event(struct
+@@ -4433,6 +4437,7 @@ static void do_process_drv_event(struct
tb[NL80211_ATTR_CENTER_FREQ1],
tb[NL80211_ATTR_CENTER_FREQ2],
tb[NL80211_ATTR_PUNCT_BITMAP],
{
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
-@@ -838,6 +838,7 @@ void hostapd_periodic_iface(struct hosta
+@@ -840,6 +840,7 @@ void hostapd_periodic_iface(struct hosta
int hostapd_owe_trans_get_info(struct hostapd_data *hapd);
void hostapd_owe_update_trans(struct hostapd_iface *iface);;
void hostapd_ocv_check_csa_sa_query(void *eloop_ctx, void *timeout_ctx);
int bridge_hairpin; /* hairpin_mode on bridge members */
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
-@@ -1899,8 +1899,12 @@ int hostapd_setup_wpa(struct hostapd_dat
+@@ -1925,8 +1925,12 @@ int hostapd_setup_wpa(struct hostapd_dat
wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) {
const char *ft_iface;
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
-@@ -1448,6 +1448,11 @@ CFLAGS += -DCONFIG_PROCESS_COORDINATION
+@@ -1449,6 +1449,11 @@ CFLAGS += -DCONFIG_PROCESS_COORDINATION
OBJS += ../src/common/proc_coord.o
endif
projects / thirdparty / openwrt.git / commitdiff
