wpa_supplicant: update to 2.11

srcpkgs/wpa_supplicant/files/config

@@ -101,6 +101,9 @@ CONFIG_EAP_MSCHAPV2=y
 
 # EAP-TLS
 CONFIG_EAP_TLS=y
+# Enable EAP-TLSv1.3 support by default (currently disabled unless explicitly
+# enabled in network configuration)
+CONFIG_EAP_TLSV1_3=y
 
 # EAL-PEAP
 CONFIG_EAP_PEAP=y
@@ -203,9 +206,15 @@ CONFIG_SMARTCARD=y
 # Support VHT overrides (disable VHT, mask MCS rates, etc.)
 #CONFIG_VHT_OVERRIDES=y
 
+# Support HE overrides
+#CONFIG_HE_OVERRIDES=y
+
 # Development testing
 #CONFIG_EAPOL_TEST=y
 
+# Support IPv6
+CONFIG_IPV6=y
+
 # Select control interface backend for external programs, e.g, wpa_cli:
 # unix = UNIX domain sockets (default for Linux/*BSD)
 # udp = UDP sockets using localhost (127.0.0.1)
@@ -248,6 +257,9 @@ CONFIG_WPA_CLI_EDIT=y
 # Simultaneous Authentication of Equals (SAE), WPA3-Personal
 CONFIG_SAE=y
 
+# SAE Public Key, WPA3-Personal
+CONFIG_SAE_PK=y
+
 # Disable scan result processing (ap_scan=1) to save code size by about 1 kB.
 # This can be used if ap_scan=1 mode is never enabled.
 #CONFIG_NO_SCAN_PROCESSING=y
@@ -389,6 +401,22 @@ CONFIG_CTRL_IFACE_DBUS_INTRO=y
 # amount of memory/flash.
 #CONFIG_DYNAMIC_EAP_METHODS=y
 
+# Dynamic library loading
+
+# Add the ability to configure libraries to load at compile time.
+# If set, these disable dynamic configuration.
+#CONFIG_PKCS11_ENGINE_PATH - pkcs11_engine library location.
+#CONFIG_PKCS11_MODULE_PATH - pkcs11_module library location.
+#CONFIG_OPENSC_ENGINE_PATH - opensc_engine library location.
+#
+# Prevent library loading at runtime
+#CONFIG_NO_PKCS11_ENGINE_PATH=y # prevents loading pkcs11_engine library.
+#CONFIG_NO_PKCS11_MODULE_PATH=y # prevents loading pkcs11_module library.
+# CONFIG_NO_OPENSC_ENGINE_PATH=y # prevents loading opensc_engine library.
+
+# Prevents loading EAP libraries at runtime
+#CONFIG_NO_LOAD_DYNAMIC_EAP=y
+
 # IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
 CONFIG_IEEE80211R=y
 
@@ -474,6 +502,16 @@ CONFIG_GETRANDOM=y
 # IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
 CONFIG_IEEE80211AC=y
 
+# IEEE 802.11ax HE support (mainly for AP mode)
+CONFIG_IEEE80211AX=y
+
+# IEEE 802.11be EHT support (mainly for AP mode)
+# CONFIG_IEEE80211AX is mandatory for setting CONFIG_IEEE80211BE.
+# Note: This is experimental and work in progress. The definitions are still
+# subject to change and this should not be expected to interoperate with the
+# final IEEE 802.11be version.
+#CONFIG_IEEE80211BE=y
+
 # Wireless Network Management (IEEE Std 802.11v-2011)
 # Note: This is experimental and not complete implementation.
 #CONFIG_WNM=y
@@ -633,3 +671,18 @@ CONFIG_WEP=y
 # design is still subject to change. As such, this should not yet be enabled in
 # production use.
 #CONFIG_PASN=y
+
+# Disable support for Radio Measurement (IEEE 802.11k) and supported operating
+# class indication. Removing these is not recommended since they can help the
+# AP manage the network and STA steering.
+#CONFIG_NO_RRM=y
+
+# Disable support for Robust AV streaming for consumer and enterprise Wi-Fi
+# applications; IEEE Std 802.11-2020, 4.3.24; SCS, MSCS, QoS Management
+#CONFIG_NO_ROBUST_AV=y
+
+# Disable support for WMM admission control
+#CONFIG_NO_WMM_AC=y
+
+# Wi-Fi Aware unsynchronized service discovery (NAN USD)
+#CONFIG_NAN_USD=y

srcpkgs/wpa_supplicant/patches/4way-hand.patch

@@ -1,247 +0,0 @@
-From 023c17659786fe381312f154cf06663f1cb3607c Mon Sep 17 00:00:00 2001
-From: Ben Wolsieffer <benwolsieffer@gmail.com>
-Date: Tue, 23 Aug 2022 21:34:55 -0400
-Subject: [PATCH] Fix external passwords with 4-way handshake offloading
-
-Passphrases/PSKs from external password databases were ignored if 4-way
-handshake offloading was supported by the driver. This patch splits the PSK
-loading functionality into a separate function and calls if to get the PSK for
-handshake offloading.
-
-I tested connecting to a WPA2-PSK network with both inline and external
-passphrases, using the iwlwifi and brcmfmac drivers.
-
-Signed-off-by: Ben Wolsieffer <benwolsieffer@gmail.com>
----
- wpa_supplicant/wpa_supplicant.c | 184 +++++++++++++++++---------------
- 1 file changed, 95 insertions(+), 89 deletions(-)
-
-diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
-index d37a994f9..bb063380f 100644
---- a/wpa_supplicant/wpa_supplicant.c
-+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -1337,6 +1337,88 @@ void wpas_set_mgmt_group_cipher(struct wpa_supplicant *wpa_s,
- 			 wpas_get_ssid_pmf(wpa_s, ssid));
- }
- 
-+static int wpa_supplicant_get_psk(struct wpa_supplicant *wpa_s,
-+				  struct wpa_bss *bss, struct wpa_ssid *ssid,
-+				  u8 *psk)
-+{
-+        if (ssid->psk_set) {
-+		wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)", ssid->psk,
-+				PMK_LEN);
-+		os_memcpy(psk, ssid->psk, PMK_LEN);
-+		return 0;
-+	}
-+
-+#ifndef CONFIG_NO_PBKDF2
-+	if (bss && ssid->bssid_set && ssid->ssid_len == 0 && ssid->passphrase) {
-+	        pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len, 4096,
-+			    psk, PMK_LEN);
-+	        wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)", psk,
-+				PMK_LEN);
-+                return 0;
-+	}
-+#endif /* CONFIG_NO_PBKDF2 */
-+
-+#ifdef CONFIG_EXT_PASSWORD
-+	if (ssid->ext_psk) {
-+		struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
-+						     ssid->ext_psk);
-+		char pw_str[64 + 1];
-+
-+		if (pw == NULL) {
-+			wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK found from "
-+				"external storage");
-+			return -1;
-+		}
-+
-+		if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
-+			wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected PSK "
-+				"length %d in external storage",
-+				(int) wpabuf_len(pw));
-+			ext_password_free(pw);
-+			return -1;
-+		}
-+
-+		os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
-+		pw_str[wpabuf_len(pw)] = '\0';
-+
-+#ifndef CONFIG_NO_PBKDF2
-+		if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
-+		{
-+			pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len, 4096, psk,
-+				    PMK_LEN);
-+			os_memset(pw_str, 0, sizeof(pw_str));
-+			wpa_hexdump_key(MSG_MSGDUMP, "PSK (from external "
-+					"passphrase)",
-+					psk, PMK_LEN);
-+		} else
-+#endif /* CONFIG_NO_PBKDF2 */
-+		if (wpabuf_len(pw) == 2 * PMK_LEN) {
-+			if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
-+				wpa_msg(wpa_s, MSG_INFO, "EXT PW: Invalid PSK "
-+					"hex string");
-+				os_memset(pw_str, 0, sizeof(pw_str));
-+				ext_password_free(pw);
-+				return -1;
-+			}
-+			wpa_hexdump_key(MSG_MSGDUMP, "PSK (from external PSK)",
-+					psk, PMK_LEN);
-+		} else {
-+			wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable PSK "
-+				"available");
-+			os_memset(pw_str, 0, sizeof(pw_str));
-+			ext_password_free(pw);
-+			return -1;
-+		}
-+
-+		os_memset(pw_str, 0, sizeof(pw_str));
-+		ext_password_free(pw);
-+
-+		return 0;
-+	}
-+#endif /* CONFIG_EXT_PASSWORD */
-+
-+	return -1;
-+}
- 
- /**
-  * wpa_supplicant_set_suites - Set authentication and encryption parameters
-@@ -1756,97 +1838,20 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
- 					      WPA_KEY_MGMT_FT_PSK |
- 					      WPA_KEY_MGMT_PSK_SHA256)) == 0;
- 
--		if (ssid->psk_set && !sae_only) {
--			wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)",
--					ssid->psk, PMK_LEN);
--			wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL,
--				       NULL);
--			psk_set = 1;
--		}
--
--		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
--		    (ssid->sae_password || ssid->passphrase))
--			psk_set = 1;
--
--#ifndef CONFIG_NO_PBKDF2
--		if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
--		    ssid->passphrase && !sae_only) {
-+		if (!sae_only) {
- 			u8 psk[PMK_LEN];
--		        pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
--				    4096, psk, PMK_LEN);
--		        wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
--					psk, PMK_LEN);
--			wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
--			psk_set = 1;
--			os_memset(psk, 0, sizeof(psk));
--		}
--#endif /* CONFIG_NO_PBKDF2 */
--#ifdef CONFIG_EXT_PASSWORD
--		if (ssid->ext_psk && !sae_only) {
--			struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
--							     ssid->ext_psk);
--			char pw_str[64 + 1];
--			u8 psk[PMK_LEN];
--
--			if (pw == NULL) {
--				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
--					"found from external storage");
--				return -1;
--			}
--
--			if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
--				wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
--					"PSK length %d in external storage",
--					(int) wpabuf_len(pw));
--				ext_password_free(pw);
--				return -1;
--			}
--
--			os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
--			pw_str[wpabuf_len(pw)] = '\0';
--
--#ifndef CONFIG_NO_PBKDF2
--			if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
--			{
--				pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
--					    4096, psk, PMK_LEN);
--				os_memset(pw_str, 0, sizeof(pw_str));
--				wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
--						"external passphrase)",
--						psk, PMK_LEN);
--				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
--					       NULL);
--				psk_set = 1;
--				os_memset(psk, 0, sizeof(psk));
--			} else
--#endif /* CONFIG_NO_PBKDF2 */
--			if (wpabuf_len(pw) == 2 * PMK_LEN) {
--				if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
--					wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
--						"Invalid PSK hex string");
--					os_memset(pw_str, 0, sizeof(pw_str));
--					ext_password_free(pw);
--					return -1;
--				}
--				wpa_hexdump_key(MSG_MSGDUMP,
--						"PSK (from external PSK)",
--						psk, PMK_LEN);
-+			if (wpa_supplicant_get_psk(wpa_s, bss, ssid,
-+						   psk) >= 0) {
- 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
- 					       NULL);
- 				psk_set = 1;
--				os_memset(psk, 0, sizeof(psk));
--			} else {
--				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
--					"PSK available");
--				os_memset(pw_str, 0, sizeof(pw_str));
--				ext_password_free(pw);
--				return -1;
- 			}
--
--			os_memset(pw_str, 0, sizeof(pw_str));
--			ext_password_free(pw);
-+			os_memset(psk, 0, sizeof(psk));
- 		}
--#endif /* CONFIG_EXT_PASSWORD */
-+
-+		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
-+		    (ssid->sae_password || ssid->passphrase))
-+			psk_set = 1;
- 
- 		if (!psk_set) {
- 			wpa_msg(wpa_s, MSG_INFO,
-@@ -3606,6 +3611,7 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
- 	int use_crypt, ret, bssid_changed;
- 	unsigned int cipher_pairwise, cipher_group, cipher_group_mgmt;
- 	struct wpa_driver_associate_params params;
-+	u8 psk[PMK_LEN];
- #if defined(CONFIG_WEP) || defined(IEEE8021X_EAPOL)
- 	int wep_keys_set = 0;
- #endif /* CONFIG_WEP || IEEE8021X_EAPOL */
-@@ -3890,8 +3896,8 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
- 	    (params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
- 	     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
- 		params.passphrase = ssid->passphrase;
--		if (ssid->psk_set)
--			params.psk = ssid->psk;
-+		if (wpa_supplicant_get_psk(wpa_s, bss, ssid, psk) >= 0)
-+			params.psk = psk;
- 	}
- 
- 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
-@@ -3915,8 +3921,8 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
- 		if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
- 		     params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
- 		     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
--		    ssid->psk_set)
--			params.psk = ssid->psk;
-+		    wpa_supplicant_get_psk(wpa_s, bss, ssid, psk) >= 0)
-+			params.psk = psk;
- 	}
- 
- 	params.drop_unencrypted = use_crypt;

srcpkgs/wpa_supplicant/patches/SAE_external_database.patch

@@ -1,182 +0,0 @@
-From bdc35acd5abae45bd53e3117bfc673fc0e1ab0b9 Mon Sep 17 00:00:00 2001
-From: Ben Wolsieffer <benwolsieffer@gmail.com>
-Date: Sat, 17 Sep 2022 00:21:02 -0400
-Subject: SAE: Allow loading of the password from an external database
-
-There was no support for loading SAE passwords from an external password
-database.
-
-Signed-off-by: Ben Wolsieffer <benwolsieffer@gmail.com>
----
- wpa_supplicant/sme.c            | 65 ++++++++++++++++++++++++++++++++---------
- wpa_supplicant/wpa_supplicant.c |  2 +-
- 2 files changed, 53 insertions(+), 14 deletions(-)
-
-diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
-index 52861c805..28ac03f23 100644
---- a/wpa_supplicant/sme.c
-+++ b/wpa_supplicant/sme.c
-@@ -10,6 +10,7 @@
- 
- #include "common.h"
- #include "utils/eloop.h"
-+#include "utils/ext_password.h"
- #include "common/ieee802_11_defs.h"
- #include "common/ieee802_11_common.h"
- #include "common/ocv.h"
-@@ -90,7 +91,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- {
- 	struct wpabuf *buf;
- 	size_t len;
--	const char *password;
-+	char *password = NULL;
- 	struct wpa_bss *bss;
- 	int use_pt = 0;
- 	bool use_pk = false;
-@@ -106,7 +107,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 		wpa_printf(MSG_DEBUG, "SAE: TESTING - commit override");
- 		buf = wpabuf_alloc(4 + wpabuf_len(wpa_s->sae_commit_override));
- 		if (!buf)
--			return NULL;
-+			goto fail;
- 		if (!external) {
- 			wpabuf_put_le16(buf, 1); /* Transaction seq# */
- 			wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
-@@ -116,12 +117,45 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 	}
- #endif /* CONFIG_TESTING_OPTIONS */
- 
--	password = ssid->sae_password;
--	if (!password)
--		password = ssid->passphrase;
-+	if (ssid->sae_password) {
-+		password = os_strdup(ssid->sae_password);
-+		if (!password) {
-+			wpa_dbg(wpa_s, MSG_INFO,
-+				"SAE: Failed to allocate password");
-+			goto fail;
-+		}
-+	}
-+	if (!password && ssid->passphrase) {
-+		password = os_strdup(ssid->passphrase);
-+		if (!password) {
-+			wpa_dbg(wpa_s, MSG_INFO,
-+				"SAE: Failed to allocate password");
-+			goto fail;
-+		}
-+	}
-+	if (!password && ssid->ext_psk) {
-+		struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
-+						     ssid->ext_psk);
-+
-+		if (!pw) {
-+			wpa_msg(wpa_s, MSG_INFO,
-+				"SAE: No password found from external storage");
-+			goto fail;
-+		}
-+
-+		password = os_malloc(wpabuf_len(pw) + 1);
-+		if (!password) {
-+			wpa_dbg(wpa_s, MSG_INFO,
-+				"SAE: Failed to allocate password");
-+			goto fail;
-+		}
-+		os_memcpy(password, wpabuf_head(pw), wpabuf_len(pw));
-+		password[wpabuf_len(pw)] = '\0';
-+		ext_password_free(pw);
-+	}
- 	if (!password) {
- 		wpa_printf(MSG_DEBUG, "SAE: No password available");
--		return NULL;
-+		goto fail;
- 	}
- 
- 	if (reuse && wpa_s->sme.sae.tmp &&
-@@ -134,7 +168,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 	}
- 	if (sme_set_sae_group(wpa_s) < 0) {
- 		wpa_printf(MSG_DEBUG, "SAE: Failed to select group");
--		return NULL;
-+		goto fail;
- 	}
- 
- 	bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
-@@ -171,7 +205,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 	if (ssid->sae_pk == SAE_PK_MODE_ONLY && !use_pk) {
- 		wpa_printf(MSG_DEBUG,
- 			   "SAE: Cannot use PK with the selected AP");
--		return NULL;
-+		goto fail;
- 	}
- #endif /* CONFIG_SAE_PK */
- 
-@@ -184,7 +218,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 		    !use_pt) {
- 			wpa_printf(MSG_DEBUG,
- 				   "SAE: Cannot use H2E with the selected AP");
--			return NULL;
-+			goto fail;
- 		}
- 	}
- 
-@@ -192,13 +226,13 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 	    sae_prepare_commit_pt(&wpa_s->sme.sae, ssid->pt,
- 				  wpa_s->own_addr, bssid,
- 				  wpa_s->sme.sae_rejected_groups, NULL) < 0)
--		return NULL;
-+		goto fail;
- 	if (!use_pt &&
- 	    sae_prepare_commit(wpa_s->own_addr, bssid,
- 			       (u8 *) password, os_strlen(password),
- 			       &wpa_s->sme.sae) < 0) {
- 		wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
--		return NULL;
-+		goto fail;
- 	}
- 	if (wpa_s->sme.sae.tmp) {
- 		os_memcpy(wpa_s->sme.sae.tmp->bssid, bssid, ETH_ALEN);
-@@ -218,7 +252,7 @@ reuse_data:
- 		len += 4 + os_strlen(ssid->sae_password_id);
- 	buf = wpabuf_alloc(4 + SAE_COMMIT_MAX_LEN + len);
- 	if (buf == NULL)
--		return NULL;
-+		goto fail;
- 	if (!external) {
- 		wpabuf_put_le16(buf, 1); /* Transaction seq# */
- 		if (use_pk)
-@@ -231,14 +265,19 @@ reuse_data:
- 	if (sae_write_commit(&wpa_s->sme.sae, buf, wpa_s->sme.sae_token,
- 			     ssid->sae_password_id) < 0) {
- 		wpabuf_free(buf);
--		return NULL;
-+		goto fail;
- 	}
- 	if (ret_use_pt)
- 		*ret_use_pt = use_pt;
- 	if (ret_use_pk)
- 		*ret_use_pk = use_pk;
- 
-+	str_clear_free(password);
- 	return buf;
-+
-+fail:
-+	str_clear_free(password);
-+	return NULL;
- }
- 
- 
-diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
-index 54c3c859e..ef5d0cd71 100644
---- a/wpa_supplicant/wpa_supplicant.c
-+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -1998,7 +1998,7 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
- 		}
- 
- 		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
--		    (ssid->sae_password || ssid->passphrase))
-+		    (ssid->sae_password || ssid->passphrase || ssid->ext_psk))
- 			psk_set = 1;
- 
- 		if (!psk_set) {
--- 
-cgit v1.2.3-18-g5258

srcpkgs/wpa_supplicant/patches/brcmfmac-temporarily-revert-commit.patch

@@ -0,0 +1,50 @@
+From 2514856652f9a393e505d542cb8f039f8bac10f5 Mon Sep 17 00:00:00 2001
+From: Janne Grunau <janne-fdr@jannau.net>
+Date: Sun, 4 Aug 2024 13:24:42 +0200
+Subject: [PATCH 1/1] Revert "Mark authorization completed on driver indication
+ during 4-way HS offload"
+
+This reverts commit 41638606054a09867fe3f9a2b5523aa4678cbfa5.
+---
+ wpa_supplicant/events.c | 25 ++++++++-----------------
+ 1 file changed, 8 insertions(+), 17 deletions(-)
+
+diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
+index 46e7cf1ab..7b3ef7205 100644
+--- a/wpa_supplicant/events.c
++++ b/wpa_supplicant/events.c
+@@ -4441,23 +4441,14 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
+ 		eapol_sm_notify_eap_success(wpa_s->eapol, true);
+ 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
+ 		   wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
+-		if (already_authorized) {
+-			/*
+-			 * We are done; the driver will take care of RSN 4-way
+-			 * handshake.
+-			 */
+-			wpa_supplicant_cancel_auth_timeout(wpa_s);
+-			wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
+-			eapol_sm_notify_portValid(wpa_s->eapol, true);
+-			eapol_sm_notify_eap_success(wpa_s->eapol, true);
+-		} else {
+-			/* Update port, WPA_COMPLETED state from the
+-			 * EVENT_PORT_AUTHORIZED handler when the driver is done
+-			 * with the 4-way handshake.
+-			 */
+-			wpa_msg(wpa_s, MSG_DEBUG,
+-				"ASSOC INFO: wait for driver port authorized indication");
+-		}
++		/*
++		 * We are done; the driver will take care of RSN 4-way
++		 * handshake.
++		 */
++		wpa_supplicant_cancel_auth_timeout(wpa_s);
++		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
++		eapol_sm_notify_portValid(wpa_s->eapol, true);
++		eapol_sm_notify_eap_success(wpa_s->eapol, true);
+ 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
+ 		   wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
+ 		/*
+-- 
+2.45.2
+

srcpkgs/wpa_supplicant/template

@@ -1,17 +1,16 @@
 # Template file for 'wpa_supplicant'
 pkgname=wpa_supplicant
-version=2.10
+version=2.11
-revision=5
+revision=1
-build_wrksrc="$pkgname"
+build_wrksrc="${pkgname}"
+hostmakedepends="pkg-config"
+makedepends="libnl3-devel openssl-devel $(vopt_if dbus dbus-devel) $(vopt_if readline readline-devel)"
 short_desc="WPA/WPA2/IEEE 802.1X Supplicant"
 maintainer="Enno Boland <gottox@voidlinux.org>"
 license="BSD-3-Clause"
 homepage="http://w1.fi/wpa_supplicant/"
 distfiles="http://w1.fi/releases/${pkgname}-${version}.tar.gz"
-checksum=20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f
+checksum=912ea06f74e30a8e36fbb68064d6cdff218d8d591db0fc5d75dee6c81ac7fc0a
-
-hostmakedepends="pkg-config"
-makedepends="libnl3-devel openssl-devel $(vopt_if dbus dbus-devel) $(vopt_if readline readline-devel)"
 build_options="dbus readline"
 build_options_default="dbus readline"
 conf_files="/etc/${pkgname}/${pkgname}.conf"
@@ -31,10 +30,12 @@ pre_build() {
 		vsed -i -e 's|#\{0,1\}\(CONFIG_READLINE\)=\(.*\)|\1=y|' .config
 	fi
 }
+
 do_build() {
 	export CFLAGS+=" $(pkg-config --cflags libnl-3.0) $CPPFLAGS"
 	make ${makejobs} V=1 PREFIX=/usr BINDIR=/usr/bin
 }
+
 do_install() {
 	make PREFIX=/usr BINDIR=/usr/bin DESTDIR=${DESTDIR} install