mac80211, hostapd, iw, ...: update to LEDE b2ddfbc1c7b935cf931b4c336969b65947270ce9

patches/openwrt/0007-mac80211-update-to-LEDE-b47f438d98cd4b731d7f4431448dde973eae4739.patch → patches/openwrt/0007-mac80211-hostapd-iw-.-update-to-LEDE-b2ddfbc1c7b935cf931b4c336969b65947270ce9.patch

@@ -1,6 +1,6 @@
 From: Matthias Schiffer <mschiffer@universe-factory.net>
-Date: Tue, 7 Jun 2016 14:06:23 +0200
-Subject: mac80211: update to LEDE b47f438d98cd4b731d7f4431448dde973eae4739
+Date: Fri, 29 Jul 2016 21:36:45 +0200
+Subject: mac80211, hostapd, iw, ...: update to LEDE b2ddfbc1c7b935cf931b4c336969b65947270ce9
 
 diff --git a/package/firmware/ath10k-firmware/Makefile b/package/firmware/ath10k-firmware/Makefile
 index b03d644..e2cf92e 100644
@@ -8588,6 +8588,81 @@ index e414f23..0000000
 - 	bool last = false;
 - 
 - 	if (has_80211_header) {
+diff --git a/package/kernel/mac80211/patches/333-ath9k-fix-client-mode-beacon-configuration.patch b/package/kernel/mac80211/patches/333-ath9k-fix-client-mode-beacon-configuration.patch
+new file mode 100644
+index 0000000..d008ceb
+--- /dev/null
++++ b/package/kernel/mac80211/patches/333-ath9k-fix-client-mode-beacon-configuration.patch
+@@ -0,0 +1,69 @@
++From: Felix Fietkau <nbd@nbd.name>
++Date: Tue, 26 Jul 2016 08:05:10 +0200
++Subject: [PATCH] ath9k: fix client mode beacon configuration
++
++For pure station mode, iter_data.primary_beacon_vif was used and passed
++to ath_beacon_config, but not set to the station vif.
++This was causing the following warning:
++
++[  100.310919] ------------[ cut here ]------------
++[  100.315683] WARNING: CPU: 0 PID: 7 at compat-wireless-2016-06-20/drivers/net/wireless/ath/ath9k/beacon.c:642 ath9k_calculate_summary_state+0x250/0x60c [ath9k]()
++[  100.402028] CPU: 0 PID: 7 Comm: kworker/u2:1 Tainted: G        W       4.4.15 #5
++[  100.409676] Workqueue: phy0 ieee80211_ibss_leave [mac80211]
++[  100.415351] Stack : 8736e98c 870b4b20 87a25b54 800a6800 8782a080 80400d63 8039b96c 00000007
++[  100.415351]    803c5edc 87875914 80400000 800a47cc 87a25b54 800a6800 803a0fd8 80400000
++[  100.415351]    00000003 87875914 80400000 80094ae0 87a25b54 8787594c 00000000 801ef308
++[  100.415351]    803ffe70 801ef300 87193d58 87b3a400 87b3ad00 70687930 00000000 00000000
++[  100.415351]    00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
++[  100.415351]    ...
++[  100.451703] Call Trace:
++[  100.454235] [<800a6800>] vprintk_default+0x24/0x30
++[  100.459110] [<800a47cc>] printk+0x2c/0x38
++[  100.463190] [<800a6800>] vprintk_default+0x24/0x30
++[  100.468072] [<80094ae0>] print_worker_info+0x148/0x174
++[  100.473378] [<801ef308>] serial8250_console_putchar+0x0/0x44
++[  100.479122] [<801ef300>] wait_for_xmitr+0xc4/0xcc
++[  100.484014] [<87193d58>] ieee80211_ibss_leave+0xb90/0x1900 [mac80211]
++[  100.490590] [<80081604>] warn_slowpath_common+0xa0/0xd0
++[  100.495922] [<801a359c>] dump_stack+0x14/0x28
++[  100.500350] [<80071a00>] show_stack+0x50/0x84
++[  100.504784] [<80081604>] warn_slowpath_common+0xa0/0xd0
++[  100.510106] [<87024c60>] ath9k_calculate_summary_state+0x250/0x60c [ath9k]
++[  100.517105] [<800816b8>] warn_slowpath_null+0x18/0x24
++[  100.522256] [<87024c60>] ath9k_calculate_summary_state+0x250/0x60c [ath9k]
++[  100.529273] [<87025418>] ath9k_set_txpower+0x148/0x498 [ath9k]
++[  100.535302] [<871d2c64>] cleanup_module+0xa74/0xd4c [mac80211]
++[  100.541237] [<801ef308>] serial8250_console_putchar+0x0/0x44
++[  100.547042] [<800a5d18>] wake_up_klogd+0x54/0x68
++[  100.551730] [<800a6650>] vprintk_emit+0x404/0x43c
++[  100.556623] [<871b9db8>] ieee80211_sta_rx_notify+0x258/0x32c [mac80211]
++[  100.563475] [<871ba6a4>] ieee80211_sta_rx_queued_mgmt+0x63c/0x734 [mac80211]
++[  100.570693] [<871aa49c>] ieee80211_tx_prepare_skb+0x210/0x230 [mac80211]
++[  100.577609] [<800af5d4>] mod_timer+0x15c/0x190
++[  100.582220] [<871ba8b8>] ieee80211_sta_work+0xfc/0xe1c [mac80211]
++[  100.588539] [<871940b4>] ieee80211_ibss_leave+0xeec/0x1900 [mac80211]
++[  100.595122] [<8009ec84>] dequeue_task_fair+0x44/0x130
++[  100.600281] [<80092a34>] process_one_work+0x1f8/0x334
++[  100.605454] [<80093830>] worker_thread+0x2b4/0x408
++[  100.610317] [<8009357c>] worker_thread+0x0/0x408
++[  100.615019] [<8009357c>] worker_thread+0x0/0x408
++[  100.619705] [<80097b68>] kthread+0xdc/0xe8
++[  100.623886] [<80097a8c>] kthread+0x0/0xe8
++[  100.627961] [<80060878>] ret_from_kernel_thread+0x14/0x1c
++[  100.633448]
++[  100.634956] ---[ end trace aafbe57e9ae6862f ]---
++
++Fixes: cfda2d8e2314 ("ath9k: Fix beacon configuration for addition/removal of interfaces")
++Signed-off-by: Felix Fietkau <nbd@nbd.name>
++---
++
++--- a/drivers/net/wireless/ath/ath9k/main.c
+++++ b/drivers/net/wireless/ath/ath9k/main.c
++@@ -1154,6 +1154,7 @@ void ath9k_calculate_summary_state(struc
++ 		bool changed = (iter_data.primary_sta != ctx->primary_sta);
++ 
++ 		if (iter_data.primary_sta) {
+++			iter_data.primary_beacon_vif = iter_data.primary_sta;
++ 			iter_data.beacons = true;
++ 			ath9k_set_assoc_state(sc, iter_data.primary_sta,
++ 					      changed);
 diff --git a/package/kernel/mac80211/patches/333-cfg80211-reuse-existing-page-fragments-in-A-MSDU-rx.patch b/package/kernel/mac80211/patches/333-cfg80211-reuse-existing-page-fragments-in-A-MSDU-rx.patch
 deleted file mode 100644
 index 6e2d0cf..0000000
@@ -11933,6 +12008,3680 @@ index ed3e06a..0000000
 - 	int rc = 0;
 - 	struct mwl_priv *priv = hw->priv;
 - 	struct mwl_ampdu_stream *stream;
+diff --git a/package/network/services/hostapd/Config.in b/package/network/services/hostapd/Config.in
+index aee2a15..645888e 100644
+--- a/package/network/services/hostapd/Config.in
++++ b/package/network/services/hostapd/Config.in
+@@ -10,11 +10,10 @@ config WPA_SUPPLICANT_NO_TIMESTAMP_CHECK
+ choice
+ 	prompt "Choose TLS provider"
+ 	default WPA_SUPPLICANT_INTERNAL
+-	depends on PACKAGE_wpa-supplicant || PACKAGE_wpa-supplicant-mesh || PACKAGE_wpad || PACKAGE_wpad-mesh
++	depends on PACKAGE_wpa-supplicant || PACKAGE_wpad
+ 
+ config WPA_SUPPLICANT_INTERNAL
+ 	bool "internal"
+-	depends on PACKAGE_wpa-supplicant || PACKAGE_wpad
+ 
+ config WPA_SUPPLICANT_OPENSSL
+ 	bool "openssl"
+diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
+index 8e706dc..88f7627 100644
+--- a/package/network/services/hostapd/Makefile
++++ b/package/network/services/hostapd/Makefile
+@@ -7,18 +7,18 @@
+ include $(TOPDIR)/rules.mk
+ 
+ PKG_NAME:=hostapd
+-PKG_VERSION:=2015-03-25
++PKG_VERSION:=2016-06-15
+ PKG_RELEASE:=1
+-PKG_REV:=8278138e679174b1ec8af7f169c2810a8888e202
++PKG_REV:=31d3692fe5d56c05753ed4a70c7943979e1d29e7
+ 
+ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+-PKG_SOURCE_URL:=git://w1.fi/srv/git/hostap.git
++PKG_SOURCE_URL:=http://w1.fi/hostap.git
+ PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+ PKG_SOURCE_VERSION:=$(PKG_REV)
+ PKG_SOURCE_PROTO:=git
+ # PKG_MIRROR_MD5SUM:=4e7c1f97edd7514535056fce54ae053a
+ 
+-PKG_MAINTAINER:=Felix Fietkau <nbd@openwrt.org>
++PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
+ PKG_LICENSE:=BSD-3-Clause
+ 
+ PKG_BUILD_PARALLEL:=1
+@@ -40,6 +40,10 @@ LOCAL_TYPE=$(strip \
+ 		hostapd \
+ 	)))
+ LOCAL_VARIANT=$(patsubst wpad-%,%,$(patsubst supplicant-%,%,$(BUILD_VARIANT)))
++CONFIG_VARIANT:=$(LOCAL_VARIANT)
++ifeq ($(LOCAL_VARIANT),mesh)
++  CONFIG_VARIANT:=full
++endif
+ 
+ ifeq ($(LOCAL_TYPE),supplicant)
+   ifeq ($(LOCAL_VARIANT),full)
+@@ -47,10 +51,6 @@ ifeq ($(LOCAL_TYPE),supplicant)
+ 		CONFIG_WPA_SUPPLICANT_INTERNAL \
+ 		CONFIG_WPA_SUPPLICANT_OPENSSL
+   endif
+-  ifeq ($(LOCAL_VARIANT),mesh)
+-    PKG_CONFIG_DEPENDS += \
+-		CONFIG_WPA_SUPPLICANT_OPENSSL
+-  endif
+ endif
+ 
+ PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
+@@ -82,7 +82,7 @@ ifneq ($(LOCAL_TYPE),hostapd)
+     endif
+   endif
+   ifeq ($(LOCAL_VARIANT),mesh)
+-    DRIVER_MAKEOPTS += CONFIG_TLS=openssl
++    DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_AP=y CONFIG_SAE=y CONFIG_MESH=y
+     TARGET_LDFLAGS += -lcrypto -lssl
+   endif
+   ifdef CONFIG_WPA_SUPPLICANT_NO_TIMESTAMP_CHECK
+@@ -177,8 +177,7 @@ endef
+ define Package/wpad-mesh
+ $(call Package/wpad/Default)
+   TITLE+= (with 802.11s mesh and SAE support)
+-  DEPENDS:=$(DRV_DEPENDS) +libubus +libopenssl +@CONFIG_WPA_SUPPLICANT_OPENSSL @(!TARGET_uml||BROKEN)
+-  CONFLICTS:=@WPA_SUPPLICANT_INTERNAL
++  DEPENDS:=$(DRV_DEPENDS) +libubus +PACKAGE_wpad-mesh:libopenssl @(!TARGET_uml||BROKEN)
+   VARIANT:=wpad-mesh
+ endef
+ 
+@@ -284,10 +283,10 @@ endif
+ 
+ define Build/Configure
+ 	$(Build/Configure/rebuild)
+-	$(if $(wildcard ./files/hostapd-$(LOCAL_VARIANT).config), \
+-		$(CP) ./files/hostapd-$(LOCAL_VARIANT).config $(PKG_BUILD_DIR)/hostapd/.config \
++	$(if $(wildcard ./files/hostapd-$(CONFIG_VARIANT).config), \
++		$(CP) ./files/hostapd-$(CONFIG_VARIANT).config $(PKG_BUILD_DIR)/hostapd/.config \
+ 	)
+-	$(CP) ./files/wpa_supplicant-$(LOCAL_VARIANT).config $(PKG_BUILD_DIR)/wpa_supplicant/.config
++	$(CP) ./files/wpa_supplicant-$(CONFIG_VARIANT).config $(PKG_BUILD_DIR)/wpa_supplicant/.config
+ endef
+ 
+ TARGET_CPPFLAGS := \
+diff --git a/package/network/services/hostapd/files/hostapd-full.config b/package/network/services/hostapd/files/hostapd-full.config
+index f1b2655..681e9df 100644
+--- a/package/network/services/hostapd/files/hostapd-full.config
++++ b/package/network/services/hostapd/files/hostapd-full.config
+@@ -53,6 +53,9 @@ CONFIG_PEERKEY=y
+ # Integrated EAP server
+ CONFIG_EAP=y
+ 
++# EAP-FAST for the integrated EAP server
++CONFIG_EAP_FAST=y
++
+ # EAP-MD5 for the integrated EAP server
+ CONFIG_EAP_MD5=y
+ 
+diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
+index 7aec7ad..9c1ba0f 100644
+--- a/package/network/services/hostapd/files/hostapd.sh
++++ b/package/network/services/hostapd/files/hostapd.sh
+@@ -1,3 +1,5 @@
++. /lib/functions/network.sh
++
+ hostapd_set_bss_options() {
+ 	local var="$1"
+ 	local vif="$2"
+@@ -193,8 +195,8 @@ hostapd_set_bss_options() {
+ 
+ 	[ -n "$wps_possible" -a -n "$config_methods" ] && {
+ 		config_get device_type "$vif" wps_device_type "6-0050F204-1"
+-		config_get device_name "$vif" wps_device_name "OpenWrt AP"
+-		config_get manufacturer "$vif" wps_manufacturer "openwrt.org"
++		config_get device_name "$vif" wps_device_name "Lede AP"
++		config_get manufacturer "$vif" wps_manufacturer "www.lede-project.org"
+ 		config_get wps_pin "$vif" wps_pin
+ 
+ 		config_get_bool ext_registrar "$vif" ext_registrar 0
+@@ -213,7 +215,11 @@ hostapd_set_bss_options() {
+ 	append "$var" "ssid=$ssid" "$N"
+ 	[ -n "$bridge" ] && append "$var" "bridge=$bridge" "$N"
+ 	[ -n "$ieee80211d" ] && append "$var" "ieee80211d=$ieee80211d" "$N"
+-	[ -n "$iapp_interface" ] && append "$var" iapp_interface=$(uci_get_state network "$iapp_interface" ifname "$iapp_interface") "$N"
++	[ -n "$iapp_interface" ] && {
++		local ifname
++		network_get_device ifname "$iapp_interface" || ifname = "$iapp_interface"
++		append bss_conf "iapp_interface=$ifname" "$N"
++	}
+ 
+ 	if [ "$wpa" -ge "1" ]
+ 	then
+@@ -391,4 +397,3 @@ $hostapd_cfg
+ EOF
+ 	hostapd -P /var/run/wifi-$ifname.pid -B /var/run/hostapd-$ifname.conf
+ }
+-
+diff --git a/package/network/services/hostapd/files/netifd.sh b/package/network/services/hostapd/files/netifd.sh
+index 23d2e7e..af72e7a 100644
+--- a/package/network/services/hostapd/files/netifd.sh
++++ b/package/network/services/hostapd/files/netifd.sh
+@@ -1,3 +1,5 @@
++. /lib/functions/network.sh
++
+ wpa_supplicant_add_rate() {
+ 	local var="$1"
+ 	local val="$(($2 / 1000))"
+@@ -120,6 +122,7 @@ hostapd_common_add_bss_config() {
+ 
+ 	config_add_boolean rsn_preauth auth_cache
+ 	config_add_int ieee80211w
++	config_add_int eapol_version
+ 
+ 	config_add_string 'auth_server:host' 'server:host'
+ 	config_add_string auth_secret
+@@ -136,10 +139,11 @@ hostapd_common_add_bss_config() {
+ 	config_add_string nasid
+ 	config_add_string ownip
+ 	config_add_string iapp_interface
+-	config_add_string eap_type ca_cert client_cert identity auth priv_key priv_key_pwd
++	config_add_string eap_type ca_cert client_cert identity anonymous_identity auth priv_key priv_key_pwd
+ 
+ 	config_add_int dynamic_vlan vlan_naming
+ 	config_add_string vlan_tagged_interface vlan_bridge
++	config_add_string vlan_file
+ 
+ 	config_add_string 'key1:wepkey' 'key2:wepkey' 'key3:wepkey' 'key4:wepkey' 'password:wpakey'
+ 
+@@ -182,7 +186,7 @@ hostapd_set_bss_options() {
+ 		wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 \
+ 		wps_device_type wps_device_name wps_manufacturer wps_pin \
+ 		macfilter ssid wmm uapsd hidden short_preamble rsn_preauth \
+-		iapp_interface
++		iapp_interface eapol_version
+ 
+ 	set_default isolate 0
+ 	set_default maxassoc 0
+@@ -192,6 +196,7 @@ hostapd_set_bss_options() {
+ 	set_default hidden 0
+ 	set_default wmm 1
+ 	set_default uapsd 1
++	set_default eapol_version 0
+ 
+ 	append bss_conf "ctrl_interface=/var/run/hostapd"
+ 	if [ "$isolate" -gt 0 ]; then
+@@ -237,6 +242,8 @@ hostapd_set_bss_options() {
+ 				[ -e "$wpa_psk_file" ] || touch "$wpa_psk_file"
+ 				append bss_conf "wpa_psk_file=$wpa_psk_file" "$N"
+ 			}
++			[ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N"
++
+ 			wps_possible=1
+ 			append wpa_key_mgmt "WPA-PSK"
+ 		;;
+@@ -248,7 +255,7 @@ hostapd_set_bss_options() {
+ 				ownip \
+ 				eap_reauth_period dynamic_vlan \
+ 				vlan_naming vlan_tagged_interface \
+-				vlan_bridge
++				vlan_bridge vlan_file
+ 
+ 			# legacy compatibility
+ 			[ -n "$auth_server" ] || json_get_var auth_server server
+@@ -291,7 +298,13 @@ hostapd_set_bss_options() {
+ 					append bss_conf "vlan_bridge=$vlan_bridge" "$N"
+ 				[ -n "$vlan_tagged_interface" ] && \
+ 					append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N"
++				[ -n "$vlan_file" ] && {
++					[ -e "$vlan_file" ] || touch "$vlan_file"
++					append bss_conf "vlan_file=$vlan_file" "$N"
++				}
+ 			}
++
++			[ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N"
+ 		;;
+ 		wep)
+ 			local wep_keyidx=0
+@@ -318,8 +331,8 @@ hostapd_set_bss_options() {
+ 	[ -n "$wps_possible" -a -n "$config_methods" ] && {
+ 		set_default ext_registrar 0
+ 		set_default wps_device_type "6-0050F204-1"
+-		set_default wps_device_name "OpenWrt AP"
+-		set_default wps_manufacturer "openwrt.org"
++		set_default wps_device_name "Lede AP"
++		set_default wps_manufacturer "www.lede-project.org"
+ 
+ 		wps_state=2
+ 		[ -n "$wps_configured" ] && wps_state=1
+@@ -340,8 +353,9 @@ hostapd_set_bss_options() {
+ 	append bss_conf "ssid=$ssid" "$N"
+ 	[ -n "$network_bridge" ] && append bss_conf "bridge=$network_bridge" "$N"
+ 	[ -n "$iapp_interface" ] && {
+-		iapp_interface="$(uci_get_state network "$iapp_interface" ifname "$iapp_interface")"
+-		[ -n "$iapp_interface" ] && append bss_conf "iapp_interface=$iapp_interface" "$N"
++		local ifname
++		network_get_device ifname "$iapp_interface" || ifname = "$iapp_interface"
++		append bss_conf "iapp_interface=$ifname" "$N"
+ 	}
+ 
+ 	if [ "$wpa" -ge "1" ]; then
+@@ -522,9 +536,15 @@ wpa_supplicant_prepare_interface() {
+ 		_w_modestr="mode=1"
+ 	}
+ 
++	local country_str=
++	[ -n "$country" ] && {
++		country_str="country=$country"
++	}
++
+ 	wpa_supplicant_teardown_interface "$ifname"
+ 	cat > "$_config" <<EOF
+ $ap_scan
++$country_str
+ EOF
+ 	return 0
+ }
+@@ -538,7 +558,9 @@ wpa_supplicant_add_network() {
+ 	json_get_vars \
+ 		ssid bssid key \
+ 		basic_rate mcast_rate \
+-		ieee80211w
++		ieee80211w ieee80211r
++
++	set_default ieee80211r 0
+ 
+ 	local key_mgmt='NONE'
+ 	local enc_str=
+@@ -549,6 +571,8 @@ wpa_supplicant_add_network() {
+ 	local scan_ssid="scan_ssid=1"
+ 	local freq
+ 
++	[ "$ieee80211r" -gt 0 ] && wpa_key_mgmt="FT-PSK $wpa_key_mgmt"
++
+ 	[[ "$_w_mode" = "adhoc" ]] && {
+ 		append network_data "mode=1" "$N$T"
+ 		[ -n "$channel" ] && {
+@@ -563,6 +587,9 @@ wpa_supplicant_add_network() {
+ 	}
+ 
+ 	[[ "$_w_mode" = "mesh" ]] && {
++		json_get_vars mesh_id
++		ssid="${mesh_id}"
++
+ 		append network_data "mode=5" "$N$T"
+ 		[ -n "$channel" ] && {
+ 			freq="$(get_freq "$phy" "$channel")"
+@@ -594,10 +621,12 @@ wpa_supplicant_add_network() {
+ 		;;
+ 		eap)
+ 			key_mgmt='WPA-EAP'
++		        [ "$ieee80211r" -gt 0 ] && key_mgmt="FT-EAP $key_mgmt"
+ 
+-			json_get_vars eap_type identity ca_cert
++			json_get_vars eap_type identity anonymous_identity ca_cert
+ 			[ -n "$ca_cert" ] && append network_data "ca_cert=\"$ca_cert\"" "$N$T"
+ 			[ -n "$identity" ] && append network_data "identity=\"$identity\"" "$N$T"
++			[ -n "$anonymous_identity" ] && append network_data "anonymous_identity=\"$anonymous_identity\"" "$N$T"
+ 			case "$eap_type" in
+ 				tls)
+ 					json_get_vars client_cert priv_key priv_key_pwd
+@@ -605,11 +634,32 @@ wpa_supplicant_add_network() {
+ 					append network_data "private_key=\"$priv_key\"" "$N$T"
+ 					append network_data "private_key_passwd=\"$priv_key_pwd\"" "$N$T"
+ 				;;
+-				peap|ttls)
+-					json_get_vars auth password
++				fast|peap|ttls)
++					json_get_vars auth password ca_cert2 client_cert2 priv_key2 priv_key2_pwd
+ 					set_default auth MSCHAPV2
+-					append network_data "phase2=\"$auth\"" "$N$T"
+-					append network_data "password=\"$password\"" "$N$T"
++
++					if [ "$auth" = "EAP-TLS" ]; then
++						[ -n "$ca_cert2" ] &&
++							append network_data "ca_cert2=\"$ca_cert2\"" "$N$T"
++						append network_data "client_cert2=\"$client_cert2\"" "$N$T"
++						append network_data "private_key2=\"$priv_key2\"" "$N$T"
++						append network_data "private_key2_passwd=\"$priv_key2_pwd\"" "$N$T"
++					else
++						append network_data "password=\"$password\"" "$N$T"
++					fi
++
++					phase2proto="auth="
++					case "$auth" in
++						"auth"*)
++							phase2proto=""
++						;;
++						"EAP-"*)
++							auth="$(echo $auth | cut -b 5- )"
++							[ "$eap_type" = "ttls" ] &&
++								phase2proto="autheap="
++						;;
++					esac
++					append network_data "phase2=\"$phase2proto$auth\"" "$N$T"
+ 				;;
+ 			esac
+ 			append network_data "eap=$(echo $eap_type | tr 'a-z' 'A-Z')" "$N$T"
+diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/package/network/services/hostapd/files/wpa_supplicant-full.config
+index a9d04ab..53c0762 100644
+--- a/package/network/services/hostapd/files/wpa_supplicant-full.config
++++ b/package/network/services/hostapd/files/wpa_supplicant-full.config
+@@ -121,6 +121,9 @@ CONFIG_DRIVER_WIRED=y
+ # included)
+ CONFIG_IEEE8021X_EAPOL=y
+ 
++# EAP-FAST
++CONFIG_EAP_FAST=y
++
+ # EAP-MD5
+ CONFIG_EAP_MD5=y
+ 
+@@ -367,7 +370,7 @@ CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+ #CONFIG_DYNAMIC_EAP_METHODS=y
+ 
+ # IEEE Std 802.11r-2008 (Fast BSS Transition)
+-#CONFIG_IEEE80211R=y
++CONFIG_IEEE80211R=y
+ 
+ # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
+ #CONFIG_DEBUG_FILE=y
+diff --git a/package/network/services/hostapd/files/wpa_supplicant-mesh.config b/package/network/services/hostapd/files/wpa_supplicant-mesh.config
+deleted file mode 100644
+index 36e2908..0000000
+--- a/package/network/services/hostapd/files/wpa_supplicant-mesh.config
++++ /dev/null
+@@ -1,407 +0,0 @@
+-# Example wpa_supplicant build time configuration
+-#
+-# This file lists the configuration options that are used when building the
+-# hostapd binary. All lines starting with # are ignored. Configuration option
+-# lines must be commented out complete, if they are not to be included, i.e.,
+-# just setting VARIABLE=n is not disabling that variable.
+-#
+-# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+-# be modified from here. In most cases, these lines should use += in order not
+-# to override previous values of the variables.
+-
+-
+-# Uncomment following two lines and fix the paths if you have installed OpenSSL
+-# or GnuTLS in non-default location
+-#CFLAGS += -I/usr/local/openssl/include
+-#LIBS += -L/usr/local/openssl/lib
+-
+-# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
+-# the kerberos files are not in the default include path. Following line can be
+-# used to fix build issues on such systems (krb5.h not found).
+-#CFLAGS += -I/usr/include/kerberos
+-
+-# Example configuration for various cross-compilation platforms
+-
+-#### sveasoft (e.g., for Linksys WRT54G) ######################################
+-#CC=mipsel-uclibc-gcc
+-#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
+-#CFLAGS += -Os
+-#CPPFLAGS += -I../src/include -I../../src/router/openssl/include
+-#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl
+-###############################################################################
+-
+-#### openwrt (e.g., for Linksys WRT54G) #######################################
+-#CC=mipsel-uclibc-gcc
+-#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
+-#CFLAGS += -Os
+-#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \
+-#	-I../WRT54GS/release/src/include
+-#LIBS = -lssl
+-###############################################################################
+-
+-
+-# Driver interface for Host AP driver
+-CONFIG_DRIVER_HOSTAP=y
+-
+-# Driver interface for Agere driver
+-#CONFIG_DRIVER_HERMES=y
+-# Change include directories to match with the local setup
+-#CFLAGS += -I../../hcf -I../../include -I../../include/hcf
+-#CFLAGS += -I../../include/wireless
+-
+-# Driver interface for ndiswrapper
+-# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
+-#CONFIG_DRIVER_NDISWRAPPER=y
+-
+-# Driver interface for Atmel driver
+-# CONFIG_DRIVER_ATMEL=y
+-
+-# Driver interface for old Broadcom driver
+-# Please note that the newer Broadcom driver ("hybrid Linux driver") supports
+-# Linux wireless extensions and does not need (or even work) with the old
+-# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver.
+-#CONFIG_DRIVER_BROADCOM=y
+-# Example path for wlioctl.h; change to match your configuration
+-#CFLAGS += -I/opt/WRT54GS/release/src/include
+-
+-# Driver interface for Intel ipw2100/2200 driver
+-# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
+-#CONFIG_DRIVER_IPW=y
+-
+-# Driver interface for Ralink driver
+-#CONFIG_DRIVER_RALINK=y
+-
+-# Driver interface for generic Linux wireless extensions
+-CONFIG_DRIVER_WEXT=y
+-
+-# Driver interface for Linux drivers using the nl80211 kernel interface
+-CONFIG_DRIVER_NL80211=y
+-
+-# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+-#CONFIG_DRIVER_BSD=y
+-#CFLAGS += -I/usr/local/include
+-#LIBS += -L/usr/local/lib
+-#LIBS_p += -L/usr/local/lib
+-#LIBS_c += -L/usr/local/lib
+-
+-# Driver interface for Windows NDIS
+-#CONFIG_DRIVER_NDIS=y
+-#CFLAGS += -I/usr/include/w32api/ddk
+-#LIBS += -L/usr/local/lib
+-# For native build using mingw
+-#CONFIG_NATIVE_WINDOWS=y
+-# Additional directories for cross-compilation on Linux host for mingw target
+-#CFLAGS += -I/opt/mingw/mingw32/include/ddk
+-#LIBS += -L/opt/mingw/mingw32/lib
+-#CC=mingw32-gcc
+-# By default, driver_ndis uses WinPcap for low-level operations. This can be
+-# replaced with the following option which replaces WinPcap calls with NDISUIO.
+-# However, this requires that WZC is disabled (net stop wzcsvc) before starting
+-# wpa_supplicant.
+-# CONFIG_USE_NDISUIO=y
+-
+-# Driver interface for development testing
+-#CONFIG_DRIVER_TEST=y
+-
+-# Include client MLME (management frame processing) for test driver
+-# This can be used to test MLME operations in hostapd with the test interface.
+-# space.
+-#CONFIG_CLIENT_MLME=y
+-
+-# Driver interface for wired Ethernet drivers
+-CONFIG_DRIVER_WIRED=y
+-
+-# Driver interface for the Broadcom RoboSwitch family
+-#CONFIG_DRIVER_ROBOSWITCH=y
+-
+-# Driver interface for no driver (e.g., WPS ER only)
+-#CONFIG_DRIVER_NONE=y
+-
+-# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is
+-# included)
+-CONFIG_IEEE8021X_EAPOL=y
+-
+-# EAP-MD5
+-CONFIG_EAP_MD5=y
+-
+-# EAP-MSCHAPv2
+-CONFIG_EAP_MSCHAPV2=y
+-
+-# EAP-TLS
+-CONFIG_EAP_TLS=y
+-
+-# EAL-PEAP
+-CONFIG_EAP_PEAP=y
+-
+-# EAP-TTLS
+-CONFIG_EAP_TTLS=y
+-
+-# EAP-FAST
+-# Note: Default OpenSSL package does not include support for all the
+-# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL,
+-# the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch)
+-# to add the needed functions.
+-#CONFIG_EAP_FAST=y
+-
+-# EAP-GTC
+-CONFIG_EAP_GTC=y
+-
+-# EAP-OTP
+-CONFIG_EAP_OTP=y
+-
+-# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
+-#CONFIG_EAP_SIM=y
+-
+-# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
+-#CONFIG_EAP_PSK=y
+-
+-# EAP-PAX
+-#CONFIG_EAP_PAX=y
+-
+-# LEAP
+-CONFIG_EAP_LEAP=y
+-
+-# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
+-#CONFIG_EAP_AKA=y
+-
+-# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
+-# This requires CONFIG_EAP_AKA to be enabled, too.
+-#CONFIG_EAP_AKA_PRIME=y
+-
+-# Enable USIM simulator (Milenage) for EAP-AKA
+-#CONFIG_USIM_SIMULATOR=y
+-
+-# EAP-SAKE
+-#CONFIG_EAP_SAKE=y
+-
+-# EAP-GPSK
+-#CONFIG_EAP_GPSK=y
+-# Include support for optional SHA256 cipher suite in EAP-GPSK
+-#CONFIG_EAP_GPSK_SHA256=y
+-
+-# EAP-TNC and related Trusted Network Connect support (experimental)
+-#CONFIG_EAP_TNC=y
+-
+-# Wi-Fi Protected Setup (WPS)
+-CONFIG_WPS=y
+-
+-# EAP-IKEv2
+-#CONFIG_EAP_IKEV2=y
+-
+-# PKCS#12 (PFX) support (used to read private key and certificate file from
+-# a file that usually has extension .p12 or .pfx)
+-CONFIG_PKCS12=y
+-
+-# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
+-# engine.
+-CONFIG_SMARTCARD=y
+-
+-# PC/SC interface for smartcards (USIM, GSM SIM)
+-# Enable this if EAP-SIM or EAP-AKA is included
+-#CONFIG_PCSC=y
+-
+-# Development testing
+-#CONFIG_EAPOL_TEST=y
+-
+-# Select control interface backend for external programs, e.g, wpa_cli:
+-# unix = UNIX domain sockets (default for Linux/*BSD)
+-# udp = UDP sockets using localhost (127.0.0.1)
+-# named_pipe = Windows Named Pipe (default for Windows)
+-# y = use default (backwards compatibility)
+-# If this option is commented out, control interface is not included in the
+-# build.
+-CONFIG_CTRL_IFACE=y
+-
+-# Include support for GNU Readline and History Libraries in wpa_cli.
+-# When building a wpa_cli binary for distribution, please note that these
+-# libraries are licensed under GPL and as such, BSD license may not apply for
+-# the resulting binary.
+-#CONFIG_READLINE=y
+-
+-# Remove debugging code that is printing out debug message to stdout.
+-# This can be used to reduce the size of the wpa_supplicant considerably
+-# if debugging code is not needed. The size reduction can be around 35%
+-# (e.g., 90 kB).
+-#CONFIG_NO_STDOUT_DEBUG=y
+-
+-# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
+-# 35-50 kB in code size.
+-#CONFIG_NO_WPA=y
+-
+-# Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to
+-# save about 1 kB in code size when building only WPA-Personal (no EAP support)
+-# or 6 kB if building for WPA-Enterprise.
+-#CONFIG_NO_WPA2=y
+-
+-# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
+-# This option can be used to reduce code size by removing support for
+-# converting ASCII passphrases into PSK. If this functionality is removed, the
+-# PSK can only be configured as the 64-octet hexstring (e.g., from
+-# wpa_passphrase). This saves about 0.5 kB in code size.
+-#CONFIG_NO_WPA_PASSPHRASE=y
+-
+-# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
+-# This can be used if ap_scan=1 mode is never enabled.
+-#CONFIG_NO_SCAN_PROCESSING=y
+-
+-# Select configuration backend:
+-# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
+-#	path is given on command line, not here; this option is just used to
+-#	select the backend that allows configuration files to be used)
+-# winreg = Windows registry (see win_example.reg for an example)
+-CONFIG_BACKEND=file
+-
+-# Remove configuration write functionality (i.e., to allow the configuration
+-# file to be updated based on runtime configuration changes). The runtime
+-# configuration can still be changed, the changes are just not going to be
+-# persistent over restarts. This option can be used to reduce code size by
+-# about 3.5 kB.
+-#CONFIG_NO_CONFIG_WRITE=y
+-
+-# Remove support for configuration blobs to reduce code size by about 1.5 kB.
+-#CONFIG_NO_CONFIG_BLOBS=y
+-
+-# Select program entry point implementation:
+-# main = UNIX/POSIX like main() function (default)
+-# main_winsvc = Windows service (read parameters from registry)
+-# main_none = Very basic example (development use only)
+-#CONFIG_MAIN=main
+-
+-# Select wrapper for operatins system and C library specific functions
+-# unix = UNIX/POSIX like systems (default)
+-# win32 = Windows systems
+-# none = Empty template
+-#CONFIG_OS=unix
+-
+-# Select event loop implementation
+-# eloop = select() loop (default)
+-# eloop_win = Windows events and WaitForMultipleObject() loop
+-# eloop_none = Empty template
+-#CONFIG_ELOOP=eloop
+-
+-# Select layer 2 packet implementation
+-# linux = Linux packet socket (default)
+-# pcap = libpcap/libdnet/WinPcap
+-# freebsd = FreeBSD libpcap
+-# winpcap = WinPcap with receive thread
+-# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
+-# none = Empty template
+-#CONFIG_L2_PACKET=linux
+-
+-# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
+-CONFIG_PEERKEY=y
+-
+-# IEEE 802.11w (management frame protection)
+-# This version is an experimental implementation based on IEEE 802.11w/D1.0
+-# draft and is subject to change since the standard has not yet been finalized.
+-# Driver support is also needed for IEEE 802.11w.
+-CONFIG_IEEE80211W=y
+-
+-# Select TLS implementation
+-# openssl = OpenSSL (default)
+-# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA)
+-# internal = Internal TLSv1 implementation (experimental)
+-# none = Empty template
+-CONFIG_TLS=internal
+-
+-# Whether to enable TLS/IA support, which is required for EAP-TTLSv1.
+-# You need CONFIG_TLS=gnutls for this to have any effect. Please note that
+-# even though the core GnuTLS library is released under LGPL, this extra
+-# library uses GPL and as such, the terms of GPL apply to the combination
+-# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not
+-# apply for distribution of the resulting binary.
+-#CONFIG_GNUTLS_EXTRA=y
+-
+-# If CONFIG_TLS=internal is used, additional library and include paths are
+-# needed for LibTomMath. Alternatively, an integrated, minimal version of
+-# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+-# and drawbacks of this option.
+-CONFIG_INTERNAL_LIBTOMMATH=y
+-#ifndef CONFIG_INTERNAL_LIBTOMMATH
+-#LTM_PATH=/usr/src/libtommath-0.39
+-#CFLAGS += -I$(LTM_PATH)
+-#LIBS += -L$(LTM_PATH)
+-#LIBS_p += -L$(LTM_PATH)
+-#endif
+-# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+-# can be configured to include faster routines for exptmod, sqr, and div to
+-# speed up DH and RSA calculation considerably
+-CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+-
+-# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
+-# This is only for Windows builds and requires WMI-related header files and
+-# WbemUuid.Lib from Platform SDK even when building with MinGW.
+-#CONFIG_NDIS_EVENTS_INTEGRATED=y
+-#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
+-
+-# Add support for old DBus control interface
+-# (fi.epitest.hostap.WPASupplicant)
+-#CONFIG_CTRL_IFACE_DBUS=y
+-
+-# Add support for new DBus control interface
+-# (fi.w1.hostap.wpa_supplicant1)
+-#CONFIG_CTRL_IFACE_DBUS_NEW=y
+-
+-# Add introspection support for new DBus control interface
+-#CONFIG_CTRL_IFACE_DBUS_INTRO=y
+-
+-# Add support for loading EAP methods dynamically as shared libraries.
+-# When this option is enabled, each EAP method can be either included
+-# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
+-# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
+-# be loaded in the beginning of the wpa_supplicant configuration file
+-# (see load_dynamic_eap parameter in the example file) before being used in
+-# the network blocks.
+-#
+-# Note that some shared parts of EAP methods are included in the main program
+-# and in order to be able to use dynamic EAP methods using these parts, the
+-# main program must have been build with the EAP method enabled (=y or =dyn).
+-# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
+-# unless at least one of them was included in the main build to force inclusion
+-# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
+-# in the main build to be able to load these methods dynamically.
+-#
+-# Please also note that using dynamic libraries will increase the total binary
+-# size. Thus, it may not be the best option for targets that have limited
+-# amount of memory/flash.
+-#CONFIG_DYNAMIC_EAP_METHODS=y
+-
+-# IEEE Std 802.11r-2008 (Fast BSS Transition)
+-#CONFIG_IEEE80211R=y
+-
+-# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
+-#CONFIG_DEBUG_FILE=y
+-
+-# Enable privilege separation (see README 'Privilege separation' for details)
+-#CONFIG_PRIVSEP=y
+-
+-# Enable mitigation against certain attacks against TKIP by delaying Michael
+-# MIC error reports by a random amount of time between 0 and 60 seconds
+-#CONFIG_DELAYED_MIC_ERROR_REPORT=y
+-
+-# Enable tracing code for developer debugging
+-# This tracks use of memory allocations and other registrations and reports
+-# incorrect use with a backtrace of call (or allocation) location.
+-#CONFIG_WPA_TRACE=y
+-# For BSD, comment out these.
+-#LIBS += -lexecinfo
+-#LIBS_p += -lexecinfo
+-#LIBS_c += -lexecinfo
+-
+-# Use libbfd to get more details for developer debugging
+-# This enables use of libbfd to get more detailed symbols for the backtraces
+-# generated by CONFIG_WPA_TRACE=y.
+-#CONFIG_WPA_TRACE_BFD=y
+-# For BSD, comment out these.
+-#LIBS += -lbfd -liberty -lz
+-#LIBS_p += -lbfd -liberty -lz
+-#LIBS_c += -lbfd -liberty -lz
+-
+-CONFIG_NO_RANDOM_POOL=y
+-NEED_80211_COMMON=y
+-
+-CONFIG_IBSS_RSN=y
+-
+-CONFIG_MESH=y
+-CONFIG_SAE=y
+-CONFIG_AP=y
+diff --git a/package/network/services/hostapd/patches/001-4addr-fix-reconnecting-client-on-connection-lost.patch b/package/network/services/hostapd/patches/001-4addr-fix-reconnecting-client-on-connection-lost.patch
+new file mode 100644
+index 0000000..5c8b662
+--- /dev/null
++++ b/package/network/services/hostapd/patches/001-4addr-fix-reconnecting-client-on-connection-lost.patch
+@@ -0,0 +1,25 @@
++From: Matthias May <matthias.may@neratec.com>
++Date: Tue, 5 Jul 2016 15:00:43 +0200
++Subject: [PATCH] 4addr: fix reconnecting client on connection lost
++
++When a 4addr client suddenly looses its connection (no deauth/deassoc)
++the AP still thinks it is connected.
++If the client reconnects before the AP timeoutes the client, traffic
++cannot flow.
++
++Fix this by making sure the WLAN_STA_WDS flag is unset in the sta->flags
++when the client completes association.
++
++Signed-off-by: Matthias May <matthias.may@neratec.com>
++---
++
++--- a/src/ap/ieee802_11.c
+++++ b/src/ap/ieee802_11.c
++@@ -2826,6 +2826,7 @@ static void handle_assoc_cb(struct hosta
++ 		new_assoc = 0;
++ 	sta->flags |= WLAN_STA_ASSOC;
++ 	sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE;
+++	sta->flags &= ~WLAN_STA_WDS;
++ 	if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa && !hapd->conf->osen) ||
++ 	    sta->auth_alg == WLAN_AUTH_FT) {
++ 		/*
+diff --git a/package/network/services/hostapd/patches/001-P2P-Validate-SSID-element-length-before-copying-it-C.patch b/package/network/services/hostapd/patches/001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
+deleted file mode 100644
+index e408fbe..0000000
+--- a/package/network/services/hostapd/patches/001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
++++ /dev/null
+@@ -1,37 +0,0 @@
+-From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001
+-From: Jouni Malinen <jouni@qca.qualcomm.com>
+-Date: Tue, 7 Apr 2015 11:32:11 +0300
+-Subject: [PATCH] P2P: Validate SSID element length before copying it
+- (CVE-2015-1863)
+-
+-This fixes a possible memcpy overflow for P2P dev->oper_ssid in
+-p2p_add_device(). The length provided by the peer device (0..255 bytes)
+-was used without proper bounds checking and that could have resulted in
+-arbitrary data of up to 223 bytes being written beyond the end of the
+-dev->oper_ssid[] array (of which about 150 bytes would be beyond the
+-heap allocation) when processing a corrupted management frame for P2P
+-peer discovery purposes.
+-
+-This could result in corrupted state in heap, unexpected program
+-behavior due to corrupted P2P peer device information, denial of service
+-due to process crash, exposure of memory contents during GO Negotiation,
+-and potentially arbitrary code execution.
+-
+-Thanks to Google security team for reporting this issue and smart
+-hardware research group of Alibaba security team for discovering it.
+-
+-Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+----
+- src/p2p/p2p.c | 1 +
+- 1 file changed, 1 insertion(+)
+-
+---- a/src/p2p/p2p.c
+-+++ b/src/p2p/p2p.c
+-@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p,
+- 	if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
+- 		os_memcpy(dev->interface_addr, addr, ETH_ALEN);
+- 	if (msg.ssid &&
+-+	    msg.ssid[1] <= sizeof(dev->oper_ssid) &&
+- 	    (msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
+- 	     os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
+- 	     != 0)) {
+diff --git a/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch b/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
+deleted file mode 100644
+index bc4d60f..0000000
+--- a/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
++++ /dev/null
+@@ -1,36 +0,0 @@
+-From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001
+-From: Jouni Malinen <j@w1.fi>
+-Date: Wed, 29 Apr 2015 02:21:53 +0300
+-Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser
+-
+-The length of the WMM Action frame was not properly validated and the
+-length of the information elements (int left) could end up being
+-negative. This would result in reading significantly past the stack
+-buffer while parsing the IEs in ieee802_11_parse_elems() and while doing
+-so, resulting in segmentation fault.
+-
+-This can result in an invalid frame being used for a denial of service
+-attack (hostapd process killed) against an AP with a driver that uses
+-hostapd for management frame processing (e.g., all mac80211-based
+-drivers).
+-
+-Thanks to Kostya Kortchinsky of Google security team for discovering and
+-reporting this issue.
+-
+-Signed-off-by: Jouni Malinen <j@w1.fi>
+----
+- src/ap/wmm.c | 3 +++
+- 1 file changed, 3 insertions(+)
+-
+---- a/src/ap/wmm.c
+-+++ b/src/ap/wmm.c
+-@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_d
+- 		return;
+- 	}
+- 
+-+	if (left < 0)
+-+		return; /* not a valid WMM Action frame */
+-+
+- 	/* extract the tspec info element */
+- 	if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) {
+- 		hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
+diff --git a/package/network/services/hostapd/patches/002-mesh-Set-correct-secondary-channel-offset-if-HT40-is.patch b/package/network/services/hostapd/patches/002-mesh-Set-correct-secondary-channel-offset-if-HT40-is.patch
+new file mode 100644
+index 0000000..2439220
+--- /dev/null
++++ b/package/network/services/hostapd/patches/002-mesh-Set-correct-secondary-channel-offset-if-HT40-is.patch
+@@ -0,0 +1,61 @@
++From: Masashi Honma <masashi.honma@gmail.com>
++Date: Tue, 26 Jul 2016 11:45:40 +0900
++Subject: [PATCH] mesh: Set correct secondary channel offset if HT40 is
++ disabled
++
++Previously, secondary channel offset could be non zero even though
++disable_ht40=1. This patch fixes it.
++
++Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
++---
++
++--- a/wpa_supplicant/wpa_supplicant.c
+++++ b/wpa_supplicant/wpa_supplicant.c
++@@ -1901,20 +1901,27 @@ void ibss_mesh_setup_freq(struct wpa_sup
++ 			break;
++ 		}
++ 	}
+++#ifdef CONFIG_HT_OVERRIDES
+++	if (ssid->disable_ht40)
+++		ht40 = 0;
+++#endif /* CONFIG_HT_OVERRIDES */
++ 
++-	/* Find secondary channel */
++-	for (i = 0; i < mode->num_channels; i++) {
++-		sec_chan = &mode->channels[i];
++-		if (sec_chan->chan == channel + ht40 * 4)
++-			break;
++-		sec_chan = NULL;
++-	}
++-	if (!sec_chan)
++-		return;
+++	if (ht40) {
+++		/* Find secondary channel */
+++		for (i = 0; i < mode->num_channels; i++) {
+++			sec_chan = &mode->channels[i];
+++			if (sec_chan->chan == channel + ht40 * 4)
+++				break;
+++			sec_chan = NULL;
+++		}
+++		if (!sec_chan)
+++			return;
++ 
++-	/* Check secondary channel flags */
++-	if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
++-		return;
+++		/* Check secondary channel flags */
+++		if (sec_chan->flag &
+++		    (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
+++			return;
+++	}
++ 
++ 	freq->channel = pri_chan->chan;
++ 
++@@ -1930,6 +1937,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
++ 		freq->sec_channel_offset = 1;
++ 		break;
++ 	default:
+++		freq->sec_channel_offset = 0;
++ 		break;
++ 	}
++ 
+diff --git a/package/network/services/hostapd/patches/003-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch b/package/network/services/hostapd/patches/003-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
+deleted file mode 100644
+index 36b4ca2..0000000
+--- a/package/network/services/hostapd/patches/003-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
++++ /dev/null
+@@ -1,49 +0,0 @@
+-From 5acd23f4581da58683f3cf5e36cb71bbe4070bd7 Mon Sep 17 00:00:00 2001
+-From: Jouni Malinen <j@w1.fi>
+-Date: Tue, 28 Apr 2015 17:08:33 +0300
+-Subject: [PATCH] WPS: Fix HTTP chunked transfer encoding parser
+-
+-strtoul() return value may end up overflowing the int h->chunk_size and
+-resulting in a negative value to be stored as the chunk_size. This could
+-result in the following memcpy operation using a very large length
+-argument which would result in a buffer overflow and segmentation fault.
+-
+-This could have been used to cause a denial service by any device that
+-has been authorized for network access (either wireless or wired). This
+-would affect both the WPS UPnP functionality in a WPS AP (hostapd with
+-upnp_iface parameter set in the configuration) and WPS ER
+-(wpa_supplicant with WPS_ER_START control interface command used).
+-
+-Validate the parsed chunk length value to avoid this. In addition to
+-rejecting negative values, we can also reject chunk size that would be
+-larger than the maximum configured body length.
+-
+-Thanks to Kostya Kortchinsky of Google security team for discovering and
+-reporting this issue.
+-
+-Signed-off-by: Jouni Malinen <j@w1.fi>
+----
+- src/wps/httpread.c | 7 +++++++
+- 1 file changed, 7 insertions(+)
+-
+-diff --git a/src/wps/httpread.c b/src/wps/httpread.c
+-index 2f08f37..d2855e3 100644
+---- a/src/wps/httpread.c
+-+++ b/src/wps/httpread.c
+-@@ -533,6 +533,13 @@ static void httpread_read_handler(int sd, void *eloop_ctx, void *sock_ctx)
+- 					if (!isxdigit(*cbp))
+- 						goto bad;
+- 					h->chunk_size = strtoul(cbp, NULL, 16);
+-+					if (h->chunk_size < 0 ||
+-+					    h->chunk_size > h->max_bytes) {
+-+						wpa_printf(MSG_DEBUG,
+-+							   "httpread: Invalid chunk size %d",
+-+							   h->chunk_size);
+-+						goto bad;
+-+					}
+- 					/* throw away chunk header
+- 					 * so we have only real data
+- 					 */
+--- 
+-1.9.1
+-
+diff --git a/package/network/services/hostapd/patches/004-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch b/package/network/services/hostapd/patches/004-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
+deleted file mode 100644
+index 91627fb..0000000
+--- a/package/network/services/hostapd/patches/004-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
++++ /dev/null
+@@ -1,73 +0,0 @@
+-From dd2f043c9c43d156494e33d7ce22db96e6ef42c7 Mon Sep 17 00:00:00 2001
+-From: Jouni Malinen <j@w1.fi>
+-Date: Fri, 1 May 2015 16:37:45 +0300
+-Subject: [PATCH 1/5] EAP-pwd peer: Fix payload length validation for Commit
+- and Confirm
+-
+-The length of the received Commit and Confirm message payloads was not
+-checked before reading them. This could result in a buffer read
+-overflow when processing an invalid message.
+-
+-Fix this by verifying that the payload is of expected length before
+-processing it. In addition, enforce correct state transition sequence to
+-make sure there is no unexpected behavior if receiving a Commit/Confirm
+-message before the previous exchanges have been completed.
+-
+-Thanks to Kostya Kortchinsky of Google security team for discovering and
+-reporting this issue.
+-
+-Signed-off-by: Jouni Malinen <j@w1.fi>
+----
+- src/eap_peer/eap_pwd.c | 29 +++++++++++++++++++++++++++++
+- 1 file changed, 29 insertions(+)
+-
+-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
+-index f2b0926..a629437 100644
+---- a/src/eap_peer/eap_pwd.c
+-+++ b/src/eap_peer/eap_pwd.c
+-@@ -355,6 +355,23 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
+- 	BIGNUM *mask = NULL, *x = NULL, *y = NULL, *cofactor = NULL;
+- 	u16 offset;
+- 	u8 *ptr, *scalar = NULL, *element = NULL;
+-+	size_t prime_len, order_len;
+-+
+-+	if (data->state != PWD_Commit_Req) {
+-+		ret->ignore = TRUE;
+-+		goto fin;
+-+	}
+-+
+-+	prime_len = BN_num_bytes(data->grp->prime);
+-+	order_len = BN_num_bytes(data->grp->order);
+-+
+-+	if (payload_len != 2 * prime_len + order_len) {
+-+		wpa_printf(MSG_INFO,
+-+			   "EAP-pwd: Unexpected Commit payload length %u (expected %u)",
+-+			   (unsigned int) payload_len,
+-+			   (unsigned int) (2 * prime_len + order_len));
+-+		goto fin;
+-+	}
+- 
+- 	if (((data->private_value = BN_new()) == NULL) ||
+- 	    ((data->my_element = EC_POINT_new(data->grp->group)) == NULL) ||
+-@@ -554,6 +571,18 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
+- 	u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr;
+- 	int offset;
+- 
+-+	if (data->state != PWD_Confirm_Req) {
+-+		ret->ignore = TRUE;
+-+		goto fin;
+-+	}
+-+
+-+	if (payload_len != SHA256_MAC_LEN) {
+-+		wpa_printf(MSG_INFO,
+-+			   "EAP-pwd: Unexpected Confirm payload length %u (expected %u)",
+-+			   (unsigned int) payload_len, SHA256_MAC_LEN);
+-+		goto fin;
+-+	}
+-+
+- 	/*
+- 	 * first build up the ciphersuite which is group | random_function |
+- 	 *	prf
+--- 
+-1.9.1
+-
+diff --git a/package/network/services/hostapd/patches/005-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch b/package/network/services/hostapd/patches/005-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
+deleted file mode 100644
+index 5dca20b..0000000
+--- a/package/network/services/hostapd/patches/005-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
++++ /dev/null
+@@ -1,66 +0,0 @@
+-From e28a58be26184c2a23f80b410e0997ef1bd5d578 Mon Sep 17 00:00:00 2001
+-From: Jouni Malinen <j@w1.fi>
+-Date: Fri, 1 May 2015 16:40:44 +0300
+-Subject: [PATCH 2/5] EAP-pwd server: Fix payload length validation for Commit
+- and Confirm
+-
+-The length of the received Commit and Confirm message payloads was not
+-checked before reading them. This could result in a buffer read
+-overflow when processing an invalid message.
+-
+-Fix this by verifying that the payload is of expected length before
+-processing it. In addition, enforce correct state transition sequence to
+-make sure there is no unexpected behavior if receiving a Commit/Confirm
+-message before the previous exchanges have been completed.
+-
+-Thanks to Kostya Kortchinsky of Google security team for discovering and
+-reporting this issue.
+-
+-Signed-off-by: Jouni Malinen <j@w1.fi>
+----
+- src/eap_server/eap_server_pwd.c | 19 +++++++++++++++++++
+- 1 file changed, 19 insertions(+)
+-
+-diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
+-index 66bd5d2..3189105 100644
+---- a/src/eap_server/eap_server_pwd.c
+-+++ b/src/eap_server/eap_server_pwd.c
+-@@ -656,9 +656,21 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data,
+- 	BIGNUM *x = NULL, *y = NULL, *cofactor = NULL;
+- 	EC_POINT *K = NULL, *point = NULL;
+- 	int res = 0;
+-+	size_t prime_len, order_len;
+- 
+- 	wpa_printf(MSG_DEBUG, "EAP-pwd: Received commit response");
+- 
+-+	prime_len = BN_num_bytes(data->grp->prime);
+-+	order_len = BN_num_bytes(data->grp->order);
+-+
+-+	if (payload_len != 2 * prime_len + order_len) {
+-+		wpa_printf(MSG_INFO,
+-+			   "EAP-pwd: Unexpected Commit payload length %u (expected %u)",
+-+			   (unsigned int) payload_len,
+-+			   (unsigned int) (2 * prime_len + order_len));
+-+		goto fin;
+-+	}
+-+
+- 	if (((data->peer_scalar = BN_new()) == NULL) ||
+- 	    ((data->k = BN_new()) == NULL) ||
+- 	    ((cofactor = BN_new()) == NULL) ||
+-@@ -774,6 +786,13 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
+- 	u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr;
+- 	int offset;
+- 
+-+	if (payload_len != SHA256_MAC_LEN) {
+-+		wpa_printf(MSG_INFO,
+-+			   "EAP-pwd: Unexpected Confirm payload length %u (expected %u)",
+-+			   (unsigned int) payload_len, SHA256_MAC_LEN);
+-+		goto fin;
+-+	}
+-+
+- 	/* build up the ciphersuite: group | random_function | prf */
+- 	grp = htons(data->group_num);
+- 	ptr = (u8 *) &cs;
+--- 
+-1.9.1
+-
+diff --git a/package/network/services/hostapd/patches/006-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch b/package/network/services/hostapd/patches/006-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
+deleted file mode 100644
+index 4d2f9d8..0000000
+--- a/package/network/services/hostapd/patches/006-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
++++ /dev/null
+@@ -1,52 +0,0 @@
+-From 477c74395acd0123340457ba6f15ab345d42016e Mon Sep 17 00:00:00 2001
+-From: Jouni Malinen <j@w1.fi>
+-Date: Sat, 2 May 2015 19:23:04 +0300
+-Subject: [PATCH 3/5] EAP-pwd peer: Fix Total-Length parsing for fragment
+- reassembly
+-
+-The remaining number of bytes in the message could be smaller than the
+-Total-Length field size, so the length needs to be explicitly checked
+-prior to reading the field and decrementing the len variable. This could
+-have resulted in the remaining length becoming negative and interpreted
+-as a huge positive integer.
+-
+-In addition, check that there is no already started fragment in progress
+-before allocating a new buffer for reassembling fragments. This avoid a
+-potential memory leak when processing invalid message.
+-
+-Signed-off-by: Jouni Malinen <j@w1.fi>
+----
+- src/eap_peer/eap_pwd.c | 12 ++++++++++++
+- 1 file changed, 12 insertions(+)
+-
+-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
+-index a629437..1d2079b 100644
+---- a/src/eap_peer/eap_pwd.c
+-+++ b/src/eap_peer/eap_pwd.c
+-@@ -866,11 +866,23 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
+- 	 * if it's the first fragment there'll be a length field
+- 	 */
+- 	if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) {
+-+		if (len < 2) {
+-+			wpa_printf(MSG_DEBUG,
+-+				   "EAP-pwd: Frame too short to contain Total-Length field");
+-+			ret->ignore = TRUE;
+-+			return NULL;
+-+		}
+- 		tot_len = WPA_GET_BE16(pos);
+- 		wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments whose "
+- 			   "total length = %d", tot_len);
+- 		if (tot_len > 15000)
+- 			return NULL;
+-+		if (data->inbuf) {
+-+			wpa_printf(MSG_DEBUG,
+-+				   "EAP-pwd: Unexpected new fragment start when previous fragment is still in use");
+-+			ret->ignore = TRUE;
+-+			return NULL;
+-+		}
+- 		data->inbuf = wpabuf_alloc(tot_len);
+- 		if (data->inbuf == NULL) {
+- 			wpa_printf(MSG_INFO, "Out of memory to buffer "
+--- 
+-1.9.1
+-
+diff --git a/package/network/services/hostapd/patches/007-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch b/package/network/services/hostapd/patches/007-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
+deleted file mode 100644
+index 7edef09..0000000
+--- a/package/network/services/hostapd/patches/007-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
++++ /dev/null
+@@ -1,50 +0,0 @@
+-From 3035cc2894e08319b905bd6561e8bddc8c2db9fa Mon Sep 17 00:00:00 2001
+-From: Jouni Malinen <j@w1.fi>
+-Date: Sat, 2 May 2015 19:26:06 +0300
+-Subject: [PATCH 4/5] EAP-pwd server: Fix Total-Length parsing for fragment
+- reassembly
+-
+-The remaining number of bytes in the message could be smaller than the
+-Total-Length field size, so the length needs to be explicitly checked
+-prior to reading the field and decrementing the len variable. This could
+-have resulted in the remaining length becoming negative and interpreted
+-as a huge positive integer.
+-
+-In addition, check that there is no already started fragment in progress
+-before allocating a new buffer for reassembling fragments. This avoid a
+-potential memory leak when processing invalid message.
+-
+-Signed-off-by: Jouni Malinen <j@w1.fi>
+----
+- src/eap_server/eap_server_pwd.c | 10 ++++++++++
+- 1 file changed, 10 insertions(+)
+-
+-diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
+-index 3189105..2bfc3c2 100644
+---- a/src/eap_server/eap_server_pwd.c
+-+++ b/src/eap_server/eap_server_pwd.c
+-@@ -942,11 +942,21 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
+- 	 * the first fragment has a total length
+- 	 */
+- 	if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) {
+-+		if (len < 2) {
+-+			wpa_printf(MSG_DEBUG,
+-+				   "EAP-pwd: Frame too short to contain Total-Length field");
+-+			return;
+-+		}
+- 		tot_len = WPA_GET_BE16(pos);
+- 		wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments, total "
+- 			   "length = %d", tot_len);
+- 		if (tot_len > 15000)
+- 			return;
+-+		if (data->inbuf) {
+-+			wpa_printf(MSG_DEBUG,
+-+				   "EAP-pwd: Unexpected new fragment start when previous fragment is still in use");
+-+			return;
+-+		}
+- 		data->inbuf = wpabuf_alloc(tot_len);
+- 		if (data->inbuf == NULL) {
+- 			wpa_printf(MSG_INFO, "EAP-pwd: Out of memory to "
+--- 
+-1.9.1
+-
+diff --git a/package/network/services/hostapd/patches/008-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch b/package/network/services/hostapd/patches/008-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
+deleted file mode 100644
+index a601323..0000000
+--- a/package/network/services/hostapd/patches/008-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
++++ /dev/null
+@@ -1,32 +0,0 @@
+-From 28a069a545b06b99eb55ad53f63f2c99e65a98f6 Mon Sep 17 00:00:00 2001
+-From: Jouni Malinen <j@w1.fi>
+-Date: Sat, 2 May 2015 19:26:28 +0300
+-Subject: [PATCH 5/5] EAP-pwd peer: Fix asymmetric fragmentation behavior
+-
+-The L (Length) and M (More) flags needs to be cleared before deciding
+-whether the locally generated response requires fragmentation. This
+-fixes an issue where these flags from the server could have been invalid
+-for the following message. In some cases, this could have resulted in
+-triggering the wpabuf security check that would terminate the process
+-due to invalid buffer allocation.
+-
+-Signed-off-by: Jouni Malinen <j@w1.fi>
+----
+- src/eap_peer/eap_pwd.c | 1 +
+- 1 file changed, 1 insertion(+)
+-
+-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
+-index 1d2079b..e58b13a 100644
+---- a/src/eap_peer/eap_pwd.c
+-+++ b/src/eap_peer/eap_pwd.c
+-@@ -968,6 +968,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
+- 	/*
+- 	 * we have output! Do we need to fragment it?
+- 	 */
+-+	lm_exch = EAP_PWD_GET_EXCHANGE(lm_exch);
+- 	len = wpabuf_len(data->outbuf);
+- 	if ((len + EAP_PWD_HDR_SIZE) > data->mtu) {
+- 		resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data->mtu,
+--- 
+-1.9.1
+-
+diff --git a/package/network/services/hostapd/patches/009-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch b/package/network/services/hostapd/patches/009-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch
+deleted file mode 100644
+index dd34624..0000000
+--- a/package/network/services/hostapd/patches/009-NFC-Fix-payload-length-validation-in-NDEF-record-par.patch
++++ /dev/null
+@@ -1,61 +0,0 @@
+-From df9079e72760ceb7ebe7fb11538200c516bdd886 Mon Sep 17 00:00:00 2001
+-From: Jouni Malinen <j@w1.fi>
+-Date: Tue, 7 Jul 2015 21:57:28 +0300
+-Subject: [PATCH] NFC: Fix payload length validation in NDEF record parser
+-
+-It was possible for the 32-bit record->total_length value to end up
+-wrapping around due to integer overflow if the longer form of payload
+-length field is used and record->payload_length gets a value close to
+-2^32. This could result in ndef_parse_record() accepting a too large
+-payload length value and the record type filter reading up to about 20
+-bytes beyond the end of the buffer and potentially killing the process.
+-This could also result in an attempt to allocate close to 2^32 bytes of
+-heap memory and if that were to succeed, a buffer read overflow of the
+-same length which would most likely result in the process termination.
+-In case of record->total_length ending up getting the value 0, there
+-would be no buffer read overflow, but record parsing would result in an
+-infinite loop in ndef_parse_records().
+-
+-Any of these error cases could potentially be used for denial of service
+-attacks over NFC by using a malformed NDEF record on an NFC Tag or
+-sending them during NFC connection handover if the application providing
+-the NDEF message to hostapd/wpa_supplicant did no validation of the
+-received records. While such validation is likely done in the NFC stack
+-that needs to parse the NFC messages before further processing,
+-hostapd/wpa_supplicant better be prepared for any data being included
+-here.
+-
+-Fix this by validating record->payload_length value in a way that
+-detects integer overflow. (CID 122668)
+-
+-Signed-off-by: Jouni Malinen <j@w1.fi>
+----
+- src/wps/ndef.c | 5 ++++-
+- 1 file changed, 4 insertions(+), 1 deletion(-)
+-
+-diff --git a/src/wps/ndef.c b/src/wps/ndef.c
+-index 5604b0a..50d018f 100644
+---- a/src/wps/ndef.c
+-+++ b/src/wps/ndef.c
+-@@ -48,6 +48,8 @@ static int ndef_parse_record(const u8 *data, u32 size,
+- 		if (size < 6)
+- 			return -1;
+- 		record->payload_length = ntohl(*(u32 *)pos);
+-+		if (record->payload_length > size - 6)
+-+			return -1;
+- 		pos += sizeof(u32);
+- 	}
+- 
+-@@ -68,7 +70,8 @@ static int ndef_parse_record(const u8 *data, u32 size,
+- 	pos += record->payload_length;
+- 
+- 	record->total_length = pos - data;
+--	if (record->total_length > size)
+-+	if (record->total_length > size ||
+-+	    record->total_length < record->payload_length)
+- 		return -1;
+- 	return 0;
+- }
+--- 
+-1.9.1
+-
+diff --git a/package/network/services/hostapd/patches/010-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch b/package/network/services/hostapd/patches/010-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch
+deleted file mode 100644
+index 00e5b7c..0000000
+--- a/package/network/services/hostapd/patches/010-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch
++++ /dev/null
+@@ -1,32 +0,0 @@
+-From 6b12d93d2c7428a34bfd4b3813ba339ed57b698a Mon Sep 17 00:00:00 2001
+-From: Jouni Malinen <j@w1.fi>
+-Date: Sun, 25 Oct 2015 15:45:50 +0200
+-Subject: [PATCH] WNM: Ignore Key Data in WNM Sleep Mode Response frame if no
+- PMF in use
+-
+-WNM Sleep Mode Response frame is used to update GTK/IGTK only if PMF is
+-enabled. Verify that PMF is in use before using this field on station
+-side to avoid accepting unauthenticated key updates. (CVE-2015-5310)
+-
+-Signed-off-by: Jouni Malinen <j@w1.fi>
+----
+- wpa_supplicant/wnm_sta.c | 6 ++++++
+- 1 file changed, 6 insertions(+)
+-
+-diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
+-index 954de67..7d79499 100644
+---- a/wpa_supplicant/wnm_sta.c
+-+++ b/wpa_supplicant/wnm_sta.c
+-@@ -187,6 +187,12 @@ static void wnm_sleep_mode_exit_success(struct wpa_supplicant *wpa_s,
+- 	end = ptr + key_len_total;
+- 	wpa_hexdump_key(MSG_DEBUG, "WNM: Key Data", ptr, key_len_total);
+- 
+-+	if (key_len_total && !wpa_sm_pmf_enabled(wpa_s->wpa)) {
+-+		wpa_msg(wpa_s, MSG_INFO,
+-+			"WNM: Ignore Key Data in WNM-Sleep Mode Response - PMF not enabled");
+-+		return;
+-+	}
+-+
+- 	while (ptr + 1 < end) {
+- 		if (ptr + 2 + ptr[1] > end) {
+- 			wpa_printf(MSG_DEBUG, "WNM: Invalid Key Data element "
+diff --git a/package/network/services/hostapd/patches/011-EAP-pwd-peer-Fix-last-fragment-length-validation.patch b/package/network/services/hostapd/patches/011-EAP-pwd-peer-Fix-last-fragment-length-validation.patch
+deleted file mode 100644
+index 82c2639..0000000
+--- a/package/network/services/hostapd/patches/011-EAP-pwd-peer-Fix-last-fragment-length-validation.patch
++++ /dev/null
+@@ -1,54 +0,0 @@
+-From 8057821706784608b828e769ccefbced95591e50 Mon Sep 17 00:00:00 2001
+-From: Jouni Malinen <j@w1.fi>
+-Date: Sun, 1 Nov 2015 18:18:17 +0200
+-Subject: [PATCH] EAP-pwd peer: Fix last fragment length validation
+-
+-All but the last fragment had their length checked against the remaining
+-room in the reassembly buffer. This allowed a suitably constructed last
+-fragment frame to try to add extra data that would go beyond the buffer.
+-The length validation code in wpabuf_put_data() prevents an actual
+-buffer write overflow from occurring, but this results in process
+-termination. (CVE-2015-5315)
+-
+-Signed-off-by: Jouni Malinen <j@w1.fi>
+----
+- src/eap_peer/eap_pwd.c | 7 +++----
+- 1 file changed, 3 insertions(+), 4 deletions(-)
+-
+-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
+-index 1f78544..75ceef1 100644
+---- a/src/eap_peer/eap_pwd.c
+-+++ b/src/eap_peer/eap_pwd.c
+-@@ -903,7 +903,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
+- 	/*
+- 	 * buffer and ACK the fragment
+- 	 */
+--	if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
+-+	if (EAP_PWD_GET_MORE_BIT(lm_exch) || data->in_frag_pos) {
+- 		data->in_frag_pos += len;
+- 		if (data->in_frag_pos > wpabuf_size(data->inbuf)) {
+- 			wpa_printf(MSG_INFO, "EAP-pwd: Buffer overflow attack "
+-@@ -916,7 +916,8 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
+- 			return NULL;
+- 		}
+- 		wpabuf_put_data(data->inbuf, pos, len);
+--
+-+	}
+-+	if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
+- 		resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD,
+- 				     EAP_PWD_HDR_SIZE,
+- 				     EAP_CODE_RESPONSE, eap_get_id(reqData));
+-@@ -930,10 +931,8 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
+- 	 * we're buffering and this is the last fragment
+- 	 */
+- 	if (data->in_frag_pos) {
+--		wpabuf_put_data(data->inbuf, pos, len);
+- 		wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes",
+- 			   (int) len);
+--		data->in_frag_pos += len;
+- 		pos = wpabuf_head_u8(data->inbuf);
+- 		len = data->in_frag_pos;
+- 	}
+--- 
+-1.9.1
+-
+diff --git a/package/network/services/hostapd/patches/012-EAP-pwd-server-Fix-last-fragment-length-validation.patch b/package/network/services/hostapd/patches/012-EAP-pwd-server-Fix-last-fragment-length-validation.patch
+deleted file mode 100644
+index bfc4c74..0000000
+--- a/package/network/services/hostapd/patches/012-EAP-pwd-server-Fix-last-fragment-length-validation.patch
++++ /dev/null
+@@ -1,51 +0,0 @@
+-From bef802ece03f9ae9d52a21f0cf4f1bc2c5a1f8aa Mon Sep 17 00:00:00 2001
+-From: Jouni Malinen <j@w1.fi>
+-Date: Sun, 1 Nov 2015 18:24:16 +0200
+-Subject: [PATCH] EAP-pwd server: Fix last fragment length validation
+-
+-All but the last fragment had their length checked against the remaining
+-room in the reassembly buffer. This allowed a suitably constructed last
+-fragment frame to try to add extra data that would go beyond the buffer.
+-The length validation code in wpabuf_put_data() prevents an actual
+-buffer write overflow from occurring, but this results in process
+-termination. (CVE-2015-5314)
+-
+-Signed-off-by: Jouni Malinen <j@w1.fi>
+----
+- src/eap_server/eap_server_pwd.c | 6 +++---
+- 1 file changed, 3 insertions(+), 3 deletions(-)
+-
+-diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
+-index cb83ff7..9f787ab 100644
+---- a/src/eap_server/eap_server_pwd.c
+-+++ b/src/eap_server/eap_server_pwd.c
+-@@ -970,7 +970,7 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
+- 	/*
+- 	 * the first and all intermediate fragments have the M bit set
+- 	 */
+--	if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
+-+	if (EAP_PWD_GET_MORE_BIT(lm_exch) || data->in_frag_pos) {
+- 		if ((data->in_frag_pos + len) > wpabuf_size(data->inbuf)) {
+- 			wpa_printf(MSG_DEBUG, "EAP-pwd: Buffer overflow "
+- 				   "attack detected! (%d+%d > %d)",
+-@@ -981,6 +981,8 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
+- 		}
+- 		wpabuf_put_data(data->inbuf, pos, len);
+- 		data->in_frag_pos += len;
+-+	}
+-+	if (EAP_PWD_GET_MORE_BIT(lm_exch)) {
+- 		wpa_printf(MSG_DEBUG, "EAP-pwd: Got a %d byte fragment",
+- 			   (int) len);
+- 		return;
+-@@ -990,8 +992,6 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
+- 	 * buffering fragments so that's how we know it's the last)
+- 	 */
+- 	if (data->in_frag_pos) {
+--		wpabuf_put_data(data->inbuf, pos, len);
+--		data->in_frag_pos += len;
+- 		pos = wpabuf_head_u8(data->inbuf);
+- 		len = data->in_frag_pos;
+- 		wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes",
+--- 
+-1.9.1
+-
+diff --git a/package/network/services/hostapd/patches/013-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch b/package/network/services/hostapd/patches/013-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch
+deleted file mode 100644
+index 3088f6a..0000000
+--- a/package/network/services/hostapd/patches/013-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch
++++ /dev/null
+@@ -1,34 +0,0 @@
+-From 95577884ca4fa76be91344ff7a8d5d1e6dc3da61 Mon Sep 17 00:00:00 2001
+-From: Jouni Malinen <j@w1.fi>
+-Date: Sun, 1 Nov 2015 19:35:44 +0200
+-Subject: [PATCH] EAP-pwd peer: Fix error path for unexpected Confirm message
+-
+-If the Confirm message is received from the server before the Identity
+-exchange has been completed, the group has not yet been determined and
+-data->grp is NULL. The error path in eap_pwd_perform_confirm_exchange()
+-did not take this corner case into account and could end up
+-dereferencing a NULL pointer and terminating the process if invalid
+-message sequence is received. (CVE-2015-5316)
+-
+-Signed-off-by: Jouni Malinen <j@w1.fi>
+----
+- src/eap_peer/eap_pwd.c | 3 ++-
+- 1 file changed, 2 insertions(+), 1 deletion(-)
+-
+-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
+-index 75ceef1..892b590 100644
+---- a/src/eap_peer/eap_pwd.c
+-+++ b/src/eap_peer/eap_pwd.c
+-@@ -774,7 +774,8 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
+- 	wpabuf_put_data(data->outbuf, conf, SHA256_MAC_LEN);
+- 
+- fin:
+--	bin_clear_free(cruft, BN_num_bytes(data->grp->prime));
+-+	if (data->grp)
+-+		bin_clear_free(cruft, BN_num_bytes(data->grp->prime));
+- 	BN_clear_free(x);
+- 	BN_clear_free(y);
+- 	if (data->outbuf == NULL) {
+--- 
+-1.9.1
+-
+diff --git a/package/network/services/hostapd/patches/100-mesh_mode_fix.patch b/package/network/services/hostapd/patches/100-mesh_mode_fix.patch
+new file mode 100644
+index 0000000..ceb4c53
+--- /dev/null
++++ b/package/network/services/hostapd/patches/100-mesh_mode_fix.patch
+@@ -0,0 +1,12 @@
++--- a/src/drivers/driver_nl80211.c
+++++ b/src/drivers/driver_nl80211.c
++@@ -2332,7 +2332,8 @@ wpa_driver_nl80211_finish_drv_init(struc
++ 
++ 	if (drv->hostapd || bss->static_ap)
++ 		nlmode = NL80211_IFTYPE_AP;
++-	else if (bss->if_dynamic)
+++	else if (bss->if_dynamic ||
+++		 nl80211_get_ifmode(bss) == NL80211_IFTYPE_MESH_POINT)
++ 		nlmode = nl80211_get_ifmode(bss);
++ 	else
++ 		nlmode = NL80211_IFTYPE_STATION;
+diff --git a/package/network/services/hostapd/patches/110-bool_fix.patch b/package/network/services/hostapd/patches/110-bool_fix.patch
+deleted file mode 100644
+index 865c014..0000000
+--- a/package/network/services/hostapd/patches/110-bool_fix.patch
++++ /dev/null
+@@ -1,14 +0,0 @@
+---- a/src/ap/ieee802_1x.c
+-+++ b/src/ap/ieee802_1x.c
+-@@ -2332,9 +2332,9 @@ void ieee802_1x_notify_pre_auth(struct e
+- }
+- 
+- 
+--static const char * bool_txt(Boolean bool)
+-+static const char * bool_txt(Boolean bool_val)
+- {
+--	return bool ? "TRUE" : "FALSE";
+-+	return bool_val ? "TRUE" : "FALSE";
+- }
+- 
+- 
+diff --git a/package/network/services/hostapd/patches/110-fix_parse_das_client.patch b/package/network/services/hostapd/patches/110-fix_parse_das_client.patch
+new file mode 100644
+index 0000000..67fb899
+--- /dev/null
++++ b/package/network/services/hostapd/patches/110-fix_parse_das_client.patch
+@@ -0,0 +1,10 @@
++--- a/hostapd/config_file.c
+++++ b/hostapd/config_file.c
++@@ -645,6 +645,7 @@ static int hostapd_parse_das_client(stru
++ 	if (secret == NULL)
++ 		return -1;
++ 
+++	*secret = 0;
++ 	secret++;
++ 
++ 	if (hostapd_parse_ip_addr(val, &bss->radius_das_client_addr))
+diff --git a/package/network/services/hostapd/patches/120-daemonize_fix.patch b/package/network/services/hostapd/patches/120-daemonize_fix.patch
+index 032e207..0389406 100644
+--- a/package/network/services/hostapd/patches/120-daemonize_fix.patch
++++ b/package/network/services/hostapd/patches/120-daemonize_fix.patch
+@@ -8,7 +8,7 @@
+  
+  #ifdef ANDROID
+  #include <sys/capability.h>
+-@@ -155,59 +156,46 @@ int os_gmtime(os_time_t t, struct os_tm
++@@ -179,59 +180,46 @@ int os_gmtime(os_time_t t, struct os_tm
+  	return 0;
+  }
+  
+@@ -60,13 +60,13 @@
+ +	if (chdir("/") < 0)
+  		return -1;
+ -	}
+--
++ 
+ -	return 0;
+ -}
+ -#else /* __APPLE__ */
+ -#define os_daemon daemon
+ -#endif /* __APPLE__ */
+- 
++-
+ -
+ -int os_daemonize(const char *pid_file)
+ -{
+diff --git a/package/network/services/hostapd/patches/130-no_eapol_fix.patch b/package/network/services/hostapd/patches/130-no_eapol_fix.patch
+index d23b47b..5aee3d0 100644
+--- a/package/network/services/hostapd/patches/130-no_eapol_fix.patch
++++ b/package/network/services/hostapd/patches/130-no_eapol_fix.patch
+@@ -1,6 +1,6 @@
+ --- a/wpa_supplicant/wpa_supplicant.c
+ +++ b/wpa_supplicant/wpa_supplicant.c
+-@@ -252,9 +252,10 @@ void wpa_supplicant_cancel_auth_timeout(
++@@ -257,9 +257,10 @@ void wpa_supplicant_cancel_auth_timeout(
+   */
+  void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
+  {
+diff --git a/package/network/services/hostapd/patches/140-disable_bridge_packet_workaround.patch b/package/network/services/hostapd/patches/140-disable_bridge_packet_workaround.patch
+index 6337d8d..fdd5da9 100644
+--- a/package/network/services/hostapd/patches/140-disable_bridge_packet_workaround.patch
++++ b/package/network/services/hostapd/patches/140-disable_bridge_packet_workaround.patch
+@@ -1,6 +1,6 @@
+ --- a/src/l2_packet/l2_packet_linux.c
+ +++ b/src/l2_packet/l2_packet_linux.c
+-@@ -307,8 +307,7 @@ struct l2_packet_data * l2_packet_init_b
++@@ -337,8 +337,7 @@ struct l2_packet_data * l2_packet_init_b
+  
+  	l2 = l2_packet_init(br_ifname, own_addr, protocol, rx_callback,
+  			    rx_callback_ctx, l2_hdr);
+@@ -8,5 +8,5 @@
+ -		return NULL;
+ +	return l2;
+  
++ #ifndef CONFIG_NO_LINUX_PACKET_SOCKET_WAR
+  	/*
+- 	 * The Linux packet socket behavior has changed over the years and there
+diff --git a/package/network/services/hostapd/patches/150-nl80211-Report-disassociated-STA-lost-peer-for-the-c.patch b/package/network/services/hostapd/patches/150-nl80211-Report-disassociated-STA-lost-peer-for-the-c.patch
+deleted file mode 100644
+index 66c682f..0000000
+--- a/package/network/services/hostapd/patches/150-nl80211-Report-disassociated-STA-lost-peer-for-the-c.patch
++++ /dev/null
+@@ -1,67 +0,0 @@
+-From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <zajec5@gmail.com>
+-Date: Mon, 11 Jan 2016 19:18:06 +0100
+-Subject: [PATCH] nl80211: Report disassociated STA / lost peer for the correct
+- BSS
+-MIME-Version: 1.0
+-Content-Type: text/plain; charset=UTF-8
+-Content-Transfer-Encoding: 8bit
+-
+-We shouldn't use drv->ctx as it always points to the first BSS. When
+-using FullMAC driver with multi-BSS support it resulted in incorrect
+-treating nl80211 events. I noticed with with brcmfmac and BCM43602.
+-
+-Before my change I was getting "disassociated" on a wrong interface:
+-wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: associated
+-wlan0-1: STA 78:d6:f0:00:11:22 WPA: pairwise key handshake completed (RSN)
+-wlan0: STA 78:d6:f0:00:11:22 IEEE 802.11: disassociated
+-
+-With this patch it works as expected:
+-wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: associated
+-wlan0-1: STA 78:d6:f0:00:11:22 WPA: pairwise key handshake completed (RSN)
+-wlan0-1: STA 78:d6:f0:00:11:22 IEEE 802.11: disassociated
+-
+-This doesn't apply to hostapd dealing with SoftMAC drivers when handling
+-AP SME & MLME is done it hostapd not the firmware.
+-
+-Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
+----
+- src/drivers/driver_nl80211_event.c | 7 ++++---
+- 1 file changed, 4 insertions(+), 3 deletions(-)
+-
+---- a/src/drivers/driver_nl80211_event.c
+-+++ b/src/drivers/driver_nl80211_event.c
+-@@ -1154,6 +1154,7 @@ static void nl80211_new_station_event(st
+- 
+- 
+- static void nl80211_del_station_event(struct wpa_driver_nl80211_data *drv,
+-+				      struct i802_bss *bss,
+- 				      struct nlattr **tb)
+- {
+- 	u8 *addr;
+-@@ -1166,7 +1167,7 @@ static void nl80211_del_station_event(st
+- 		   MAC2STR(addr));
+- 
+- 	if (is_ap_interface(drv->nlmode) && drv->device_ap_sme) {
+--		drv_event_disassoc(drv->ctx, addr);
+-+		drv_event_disassoc(bss->ctx, addr);
+- 		return;
+- 	}
+- 
+-@@ -1175,7 +1176,7 @@ static void nl80211_del_station_event(st
+- 
+- 	os_memset(&data, 0, sizeof(data));
+- 	os_memcpy(data.ibss_peer_lost.peer, addr, ETH_ALEN);
+--	wpa_supplicant_event(drv->ctx, EVENT_IBSS_PEER_LOST, &data);
+-+	wpa_supplicant_event(bss->ctx, EVENT_IBSS_PEER_LOST, &data);
+- }
+- 
+- 
+-@@ -1939,7 +1940,7 @@ static void do_process_drv_event(struct
+- 		nl80211_new_station_event(drv, bss, tb);
+- 		break;
+- 	case NL80211_CMD_DEL_STATION:
+--		nl80211_del_station_event(drv, tb);
+-+		nl80211_del_station_event(drv, bss, tb);
+- 		break;
+- 	case NL80211_CMD_SET_REKEY_OFFLOAD:
+- 		nl80211_rekey_offload_event(drv, tb);
+diff --git a/package/network/services/hostapd/patches/200-multicall.patch b/package/network/services/hostapd/patches/200-multicall.patch
+index de4a3a8..8b260c2 100644
+--- a/package/network/services/hostapd/patches/200-multicall.patch
++++ b/package/network/services/hostapd/patches/200-multicall.patch
+@@ -1,15 +1,25 @@
+ --- a/hostapd/Makefile
+ +++ b/hostapd/Makefile
+-@@ -17,6 +17,7 @@ export BINDIR ?= /usr/local/bin/
+- # CFLAGS += -DUSE_KERNEL_HEADERS -I/usr/src/linux/include
++@@ -28,6 +28,7 @@ CFLAGS += -I$(abspath ../src/utils)
++ export BINDIR ?= /usr/local/bin/
+  
+  -include .config
+ +-include $(if $(MULTICALL), ../wpa_supplicant/.config)
+  
+- ifdef CONFIG_TESTING_OPTIONS
+- CFLAGS += -DCONFIG_TESTING_OPTIONS
+-@@ -242,10 +243,14 @@ ifdef CONFIG_IEEE80211AC
+- CFLAGS += -DCONFIG_IEEE80211AC
++ ifndef CONFIG_NO_GITVER
++ # Add VERSION_STR postfix for builds from a git repository
++@@ -190,7 +191,8 @@ endif
++ 
++ ifdef CONFIG_NO_VLAN
++ CFLAGS += -DCONFIG_NO_VLAN
++-else
+++endif
+++ifneq ($(findstring CONFIG_NO_VLAN,$(CFLAGS)), CONFIG_NO_VLAN)
++ OBJS += ../src/ap/vlan_init.o
++ OBJS += ../src/ap/vlan_ifconfig.o
++ OBJS += ../src/ap/vlan.o
++@@ -315,10 +317,14 @@ CFLAGS += -DCONFIG_MBO
++ OBJS += ../src/ap/mbo_ap.o
+  endif
+  
+ +ifndef MULTICALL
+@@ -26,7 +36,7 @@
+  LIBS += $(DRV_AP_LIBS)
+  
+  ifdef CONFIG_L2_PACKET
+-@@ -941,6 +946,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
++@@ -1051,6 +1057,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
+  
+  BCHECK=../src/drivers/build.hostapd
+  
+@@ -39,7 +49,7 @@
+  hostapd: $(BCHECK) $(OBJS)
+  	$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
+  	@$(E) "  LD " $@
+-@@ -980,6 +991,12 @@ HOBJS += ../src/crypto/aes-internal.o
++@@ -1092,6 +1104,12 @@ HOBJS += ../src/crypto/aes-internal.o
+  HOBJS += ../src/crypto/aes-internal-enc.o
+  endif
+  
+@@ -54,15 +64,25 @@
+  	@$(E) "  LD " $@
+ --- a/wpa_supplicant/Makefile
+ +++ b/wpa_supplicant/Makefile
+-@@ -15,6 +15,7 @@ CFLAGS += -I$(abspath ../src)
++@@ -27,6 +27,7 @@ CFLAGS += -I$(abspath ../src)
+  CFLAGS += -I$(abspath ../src/utils)
+  
+  -include .config
+ +-include $(if $(MULTICALL),../hostapd/.config)
+  
+- ifdef CONFIG_TESTING_OPTIONS
+- CFLAGS += -DCONFIG_TESTING_OPTIONS
+-@@ -773,6 +774,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
++ ifndef CONFIG_NO_GITVER
++ # Add VERSION_STR postfix for builds from a git repository
++@@ -312,7 +313,9 @@ endif
++ ifdef CONFIG_IBSS_RSN
++ NEED_RSN_AUTHENTICATOR=y
++ CFLAGS += -DCONFIG_IBSS_RSN
+++ifndef MULTICALL
++ CFLAGS += -DCONFIG_NO_VLAN
+++endif
++ OBJS += ibss_rsn.o
++ endif
++ 
++@@ -803,6 +806,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
+  CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
+  LIBS += -ldl -rdynamic
+  endif
+@@ -73,7 +93,7 @@
+  endif
+  
+  ifdef CONFIG_MACSEC
+-@@ -793,9 +798,11 @@ NEED_EAP_COMMON=y
++@@ -823,9 +830,11 @@ NEED_EAP_COMMON=y
+  NEED_RSN_AUTHENTICATOR=y
+  CFLAGS += -DCONFIG_AP
+  OBJS += ap.o
+@@ -85,7 +105,7 @@
+  OBJS += ../src/ap/hostapd.o
+  OBJS += ../src/ap/wpa_auth_glue.o
+  OBJS += ../src/ap/utils.o
+-@@ -858,10 +865,18 @@ endif
++@@ -898,10 +907,18 @@ endif
+  ifdef CONFIG_HS20
+  OBJS += ../src/ap/hs20.o
+  endif
+@@ -104,7 +124,7 @@
+  NEED_AES_WRAP=y
+  OBJS += ../src/ap/wpa_auth.o
+  OBJS += ../src/ap/wpa_auth_ie.o
+-@@ -1603,6 +1618,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
++@@ -1680,6 +1697,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
+  
+  $(OBJS_c) $(OBJS_t) $(OBJS_t2) $(OBJS) $(BCHECK) $(EXTRA_progs): .config
+  
+@@ -117,8 +137,8 @@
+  wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
+  	$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
+  	@$(E) "  LD " $@
+-@@ -1694,6 +1715,12 @@ endif
+- 	$(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@
++@@ -1782,6 +1805,12 @@ endif
++ 		-e 's|\@DBUS_INTERFACE\@|$(DBUS_INTERFACE)|g' $< >$@
+  	@$(E) "  sed" $<
+  
+ +dump_cflags:
+@@ -132,7 +152,7 @@
+  wpa_cli.exe: wpa_cli
+ --- a/src/drivers/driver.h
+ +++ b/src/drivers/driver.h
+-@@ -4581,8 +4581,8 @@ union wpa_event_data {
++@@ -4794,8 +4794,8 @@ union wpa_event_data {
+   * Driver wrapper code should call this function whenever an event is received
+   * from the driver.
+   */
+@@ -141,11 +161,20 @@
+ +extern void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
+ +				    union wpa_event_data *data);
+  
++ /**
++  * wpa_supplicant_event_global - Report a driver event for wpa_supplicant
++@@ -4807,7 +4807,7 @@ void wpa_supplicant_event(void *ctx, enu
++  * Same as wpa_supplicant_event(), but we search for the interface in
++  * wpa_global.
++  */
++-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
+++extern void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
++ 				 union wpa_event_data *data);
+  
+  /*
+ --- a/src/ap/drv_callbacks.c
+ +++ b/src/ap/drv_callbacks.c
+-@@ -1075,8 +1075,8 @@ static void hostapd_event_dfs_cac_starte
++@@ -1157,8 +1157,8 @@ static void hostapd_event_dfs_cac_starte
+  #endif /* NEED_AP_MLME */
+  
+  
+@@ -156,9 +185,18 @@
+  {
+  	struct hostapd_data *hapd = ctx;
+  #ifndef CONFIG_NO_STDOUT_DEBUG
++@@ -1367,7 +1367,7 @@ void wpa_supplicant_event(void *ctx, enu
++ }
++ 
++ 
++-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
+++void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event,
++ 				 union wpa_event_data *data)
++ {
++ 	struct hapd_interfaces *interfaces = ctx;
+ --- a/wpa_supplicant/wpa_priv.c
+ +++ b/wpa_supplicant/wpa_priv.c
+-@@ -819,8 +819,8 @@ static void wpa_priv_send_ft_response(st
++@@ -940,8 +940,8 @@ static void wpa_priv_send_ft_response(st
+  }
+  
+  
+@@ -169,17 +207,27 @@
+  {
+  	struct wpa_priv_interface *iface = ctx;
+  
+-@@ -961,6 +961,7 @@ int main(int argc, char *argv[])
++@@ -1010,7 +1010,7 @@ void wpa_supplicant_event(void *ctx, enu
++ }
++ 
++ 
++-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
+++void supplicant_event_global(void *ctx, enum wpa_event_type event,
++ 				 union wpa_event_data *data)
++ {
++ 	struct wpa_priv_global *global = ctx;
++@@ -1122,6 +1122,8 @@ int main(int argc, char *argv[])
+  	if (os_program_init())
+  		return -1;
+  
+ +	wpa_supplicant_event = supplicant_event;
+++	wpa_supplicant_event_global = supplicant_event_global;
+  	wpa_priv_fd_workaround();
+  
+- 	for (;;) {
++ 	os_memset(&global, 0, sizeof(global));
+ --- a/wpa_supplicant/events.c
+ +++ b/wpa_supplicant/events.c
+-@@ -3138,8 +3138,8 @@ static void wpa_supplicant_event_assoc_a
++@@ -3384,8 +3384,8 @@ static void wpa_supplicant_event_assoc_a
+  }
+  
+  
+@@ -189,88 +237,125 @@
+ +		      union wpa_event_data *data)
+  {
+  	struct wpa_supplicant *wpa_s = ctx;
++ 	int resched;
++@@ -4051,7 +4051,7 @@ void wpa_supplicant_event(void *ctx, enu
++ #endif /* CONFIG_AP */
++ 		break;
++ 	case EVENT_ACS_CHANNEL_SELECTED:
++-#ifdef CONFIG_ACS
+++#if defined(CONFIG_ACS) && defined(CONFIG_AP)
++ 		if (!wpa_s->ap_iface)
++ 			break;
++ 		hostapd_acs_channel_selected(wpa_s->ap_iface->bss[0],
++@@ -4065,7 +4065,7 @@ void wpa_supplicant_event(void *ctx, enu
++ }
++ 
+  
++-void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
+++void supplicant_event_global(void *ctx, enum wpa_event_type event,
++ 				 union wpa_event_data *data)
++ {
++ 	struct wpa_supplicant *wpa_s;
+ --- a/wpa_supplicant/wpa_supplicant.c
+ +++ b/wpa_supplicant/wpa_supplicant.c
+-@@ -4300,6 +4300,9 @@ static void wpa_supplicant_deinit_iface(
+- 	os_free(wpa_s);
++@@ -4990,7 +4990,6 @@ struct wpa_interface * wpa_supplicant_ma
++ 	return NULL;
+  }
+  
++-
++ /**
++  * wpa_supplicant_match_existing - Match existing interfaces
++  * @global: Pointer to global data from wpa_supplicant_init()
++@@ -5027,6 +5026,11 @@ static int wpa_supplicant_match_existing
++ 
++ #endif /* CONFIG_MATCH_IFACE */
++ 
+ +extern void supplicant_event(void *ctx, enum wpa_event_type event,
+ +			     union wpa_event_data *data);
+ +
+++extern void supplicant_event_global(void *ctx, enum wpa_event_type event,
+++ 				 union wpa_event_data *data);
+  
+  /**
+   * wpa_supplicant_add_iface - Add a new network interface
+-@@ -4526,6 +4529,7 @@ struct wpa_global * wpa_supplicant_init(
++@@ -5282,6 +5286,8 @@ struct wpa_global * wpa_supplicant_init(
+  #ifndef CONFIG_NO_WPA_MSG
+  	wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
+  #endif /* CONFIG_NO_WPA_MSG */
+ +	wpa_supplicant_event = supplicant_event;
+++	wpa_supplicant_event_global = supplicant_event_global;
+  
+  	if (params->wpa_debug_file_path)
+  		wpa_debug_open_file(params->wpa_debug_file_path);
+ --- a/hostapd/main.c
+ +++ b/hostapd/main.c
+-@@ -511,6 +511,9 @@ static int hostapd_get_ctrl_iface_group(
+- 	return 0;
++@@ -583,6 +583,11 @@ fail:
++ 	return -1;
+  }
+  
+ +void hostapd_wpa_event(void *ctx, enum wpa_event_type event,
+ +                       union wpa_event_data *data);
+ +
+++void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event,
+++ 				 union wpa_event_data *data);
+  
+  #ifdef CONFIG_WPS
+  static int gen_uuid(const char *txt_addr)
+-@@ -562,6 +565,7 @@ int main(int argc, char *argv[])
+- 	interfaces.global_iface_name = NULL;
++@@ -660,6 +665,8 @@ int main(int argc, char *argv[])
+  	interfaces.global_ctrl_sock = -1;
++ 	dl_list_init(&interfaces.global_ctrl_dst);
+  
+ +	wpa_supplicant_event = hostapd_wpa_event;
+++	wpa_supplicant_event_global = hostapd_wpa_event_global;
+  	for (;;) {
+- 		c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:vg:G:");
++ 		c = getopt(argc, argv, "b:Bde:f:hi:KP:STtu:vg:G:");
+  		if (c < 0)
+ --- a/src/drivers/drivers.c
+ +++ b/src/drivers/drivers.c
+-@@ -10,6 +10,9 @@
++@@ -10,6 +10,11 @@
+  #include "utils/common.h"
+  #include "driver.h"
+  
+ +void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
+ +			     union wpa_event_data *data);
+++void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
+++			     union wpa_event_data *data);
+ +
+  #ifdef CONFIG_DRIVER_WEXT
+  extern struct wpa_driver_ops wpa_driver_wext_ops; /* driver_wext.c */
+  #endif /* CONFIG_DRIVER_WEXT */
+ --- a/wpa_supplicant/eapol_test.c
+ +++ b/wpa_supplicant/eapol_test.c
+-@@ -28,8 +28,12 @@
++@@ -29,7 +29,12 @@
+  #include "ctrl_iface.h"
+  #include "pcsc_funcs.h"
+  #include "wpas_glue.h"
+ +#include "drivers/driver.h"
+  
+- 
+ +void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
+ +			     union wpa_event_data *data);
+-+
+- struct wpa_driver_ops *wpa_drivers[] = { NULL };
+++void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
+++			     union wpa_event_data *data);
+  
++ const struct wpa_driver_ops *const wpa_drivers[] = { NULL };
+  
+-@@ -1203,6 +1207,8 @@ static void usage(void)
++@@ -1295,6 +1300,10 @@ static void usage(void)
+  	       "option several times.\n");
+  }
+  
+ +extern void supplicant_event(void *ctx, enum wpa_event_type event,
+ +			     union wpa_event_data *data);
+++extern void supplicant_event_global(void *ctx, enum wpa_event_type event,
+++			     union wpa_event_data *data);
+  
+  int main(int argc, char *argv[])
+  {
+-@@ -1221,6 +1227,7 @@ int main(int argc, char *argv[])
++@@ -1315,6 +1324,8 @@ int main(int argc, char *argv[])
+  	if (os_program_init())
+  		return -1;
+  
+ +	wpa_supplicant_event = supplicant_event;
+++	wpa_supplicant_event_global = supplicant_event_global;
+  	hostapd_logger_register_cb(hostapd_logger_cb);
+  
+  	os_memset(&eapol_test, 0, sizeof(eapol_test));
+diff --git a/package/network/services/hostapd/patches/300-noscan.patch b/package/network/services/hostapd/patches/300-noscan.patch
+index 57d8fe2..21d6316 100644
+--- a/package/network/services/hostapd/patches/300-noscan.patch
++++ b/package/network/services/hostapd/patches/300-noscan.patch
+@@ -1,6 +1,6 @@
+ --- a/hostapd/config_file.c
+ +++ b/hostapd/config_file.c
+-@@ -2771,6 +2771,10 @@ static int hostapd_config_fill(struct ho
++@@ -2862,6 +2862,10 @@ static int hostapd_config_fill(struct ho
+  		}
+  #endif /* CONFIG_IEEE80211W */
+  #ifdef CONFIG_IEEE80211N
+@@ -13,7 +13,7 @@
+  	} else if (os_strcmp(buf, "ht_capab") == 0) {
+ --- a/src/ap/ap_config.h
+ +++ b/src/ap/ap_config.h
+-@@ -619,6 +619,8 @@ struct hostapd_config {
++@@ -655,6 +655,8 @@ struct hostapd_config {
+  
+  	int ht_op_mode_fixed;
+  	u16 ht_capab;
+@@ -21,21 +21,22 @@
+ +	int no_ht_coex;
+  	int ieee80211n;
+  	int secondary_channel;
+- 	int require_ht;
++ 	int no_pri_sec_switch;
+ --- a/src/ap/hw_features.c
+ +++ b/src/ap/hw_features.c
+-@@ -461,7 +461,7 @@ static int ieee80211n_check_40mhz(struct
+- 	struct wpa_driver_scan_params params;
++@@ -474,7 +474,8 @@ static int ieee80211n_check_40mhz(struct
+  	int ret;
+  
+--	if (!iface->conf->secondary_channel)
+-+	if (!iface->conf->secondary_channel || iface->conf->noscan)
+- 		return 0; /* HT40 not used */
++ 	/* Check that HT40 is used and PRI / SEC switch is allowed */
++-	if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch)
+++	if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch ||
+++		iface->conf->noscan)
++ 		return 0;
+  
+  	hostapd_set_state(iface, HAPD_IFACE_HT_SCAN);
+ --- a/src/ap/ieee802_11_ht.c
+ +++ b/src/ap/ieee802_11_ht.c
+-@@ -221,6 +221,9 @@ void hostapd_2040_coex_action(struct hos
++@@ -244,6 +244,9 @@ void hostapd_2040_coex_action(struct hos
+  	if (!(iface->conf->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
+  		return;
+  
+@@ -45,7 +46,7 @@
+  	if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie))
+  		return;
+  
+-@@ -346,6 +349,9 @@ void ht40_intolerant_add(struct hostapd_
++@@ -368,6 +371,9 @@ void ht40_intolerant_add(struct hostapd_
+  	if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G)
+  		return;
+  
+diff --git a/package/network/services/hostapd/patches/310-rescan_immediately.patch b/package/network/services/hostapd/patches/310-rescan_immediately.patch
+index 7be8c32..3f46cc4 100644
+--- a/package/network/services/hostapd/patches/310-rescan_immediately.patch
++++ b/package/network/services/hostapd/patches/310-rescan_immediately.patch
+@@ -1,6 +1,6 @@
+ --- a/wpa_supplicant/wpa_supplicant.c
+ +++ b/wpa_supplicant/wpa_supplicant.c
+-@@ -3249,7 +3249,7 @@ wpa_supplicant_alloc(struct wpa_supplica
++@@ -3556,7 +3556,7 @@ wpa_supplicant_alloc(struct wpa_supplica
+  	if (wpa_s == NULL)
+  		return NULL;
+  	wpa_s->scan_req = INITIAL_SCAN_REQ;
+@@ -8,4 +8,4 @@
+ +	wpa_s->scan_interval = 1;
+  	wpa_s->new_connection = 1;
+  	wpa_s->parent = parent ? parent : wpa_s;
+- 	wpa_s->sched_scanning = 0;
++ 	wpa_s->p2pdev = wpa_s->parent;
+diff --git a/package/network/services/hostapd/patches/320-optional_rfkill.patch b/package/network/services/hostapd/patches/320-optional_rfkill.patch
+index 75b4b07..cf2a2c1 100644
+--- a/package/network/services/hostapd/patches/320-optional_rfkill.patch
++++ b/package/network/services/hostapd/patches/320-optional_rfkill.patch
+@@ -1,14 +1,14 @@
+ --- a/src/drivers/drivers.mak
+ +++ b/src/drivers/drivers.mak
+-@@ -34,7 +34,6 @@ NEED_SME=y
++@@ -36,7 +36,6 @@ NEED_SME=y
+  NEED_AP_MLME=y
+  NEED_NETLINK=y
+  NEED_LINUX_IOCTL=y
+ -NEED_RFKILL=y
++ NEED_RADIOTAP=y
+  
+  ifdef CONFIG_LIBNL32
+-   DRV_LIBS += -lnl-3
+-@@ -116,7 +115,6 @@ DRV_WPA_CFLAGS += -DCONFIG_DRIVER_WEXT
++@@ -123,7 +122,6 @@ DRV_WPA_CFLAGS += -DCONFIG_DRIVER_WEXT
+  CONFIG_WIRELESS_EXTENSION=y
+  NEED_NETLINK=y
+  NEED_LINUX_IOCTL=y
+@@ -16,7 +16,7 @@
+  endif
+  
+  ifdef CONFIG_DRIVER_NDIS
+-@@ -142,7 +140,6 @@ endif
++@@ -149,7 +147,6 @@ endif
+  ifdef CONFIG_WIRELESS_EXTENSION
+  DRV_WPA_CFLAGS += -DCONFIG_WIRELESS_EXTENSION
+  DRV_WPA_OBJS += ../src/drivers/driver_wext.o
+@@ -24,14 +24,14 @@
+  endif
+  
+  ifdef NEED_NETLINK
+-@@ -155,6 +152,7 @@ endif
++@@ -162,6 +159,7 @@ endif
+  
+  ifdef NEED_RFKILL
+  DRV_OBJS += ../src/drivers/rfkill.o
+ +DRV_WPA_CFLAGS += -DCONFIG_RFKILL
+  endif
+  
+- ifdef CONFIG_VLAN_NETLINK
++ ifdef NEED_RADIOTAP
+ --- a/src/drivers/rfkill.h
+ +++ b/src/drivers/rfkill.h
+ @@ -18,8 +18,24 @@ struct rfkill_config {
+diff --git a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch
+index dd90877..ca46012 100644
+--- a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch
++++ b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch
+@@ -1,6 +1,6 @@
+ --- a/src/drivers/driver_nl80211.c
+ +++ b/src/drivers/driver_nl80211.c
+-@@ -3616,7 +3616,7 @@ static int nl80211_set_channel(struct i8
++@@ -3795,7 +3795,7 @@ static int nl80211_set_channel(struct i8
+  		   freq->freq, freq->ht_enabled, freq->vht_enabled,
+  		   freq->bandwidth, freq->center_freq1, freq->center_freq2);
+  
+diff --git a/package/network/services/hostapd/patches/340-reload_freq_change.patch b/package/network/services/hostapd/patches/340-reload_freq_change.patch
+index 91b6196..086ade9 100644
+--- a/package/network/services/hostapd/patches/340-reload_freq_change.patch
++++ b/package/network/services/hostapd/patches/340-reload_freq_change.patch
+@@ -1,6 +1,6 @@
+ --- a/src/ap/hostapd.c
+ +++ b/src/ap/hostapd.c
+-@@ -76,6 +76,16 @@ static void hostapd_reload_bss(struct ho
++@@ -80,6 +80,16 @@ static void hostapd_reload_bss(struct ho
+  #endif /* CONFIG_NO_RADIUS */
+  
+  	ssid = &hapd->conf->ssid;
+@@ -17,7 +17,7 @@
+  	if (!ssid->wpa_psk_set && ssid->wpa_psk && !ssid->wpa_psk->next &&
+  	    ssid->wpa_passphrase_set && ssid->wpa_passphrase) {
+  		/*
+-@@ -175,21 +185,12 @@ int hostapd_reload_config(struct hostapd
++@@ -179,21 +189,12 @@ int hostapd_reload_config(struct hostapd
+  	oldconf = hapd->iconf;
+  	iface->conf = newconf;
+  
+diff --git a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch
+index a14fa03..247f154 100644
+--- a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch
++++ b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch
+@@ -1,6 +1,6 @@
+ --- a/src/drivers/driver_nl80211.c
+ +++ b/src/drivers/driver_nl80211.c
+-@@ -2254,13 +2254,18 @@ wpa_driver_nl80211_finish_drv_init(struc
++@@ -2394,13 +2394,18 @@ wpa_driver_nl80211_finish_drv_init(struc
+  }
+  
+  
+@@ -22,7 +22,7 @@
+  	return send_and_recv_msgs(drv, msg, NULL, NULL);
+  }
+  
+-@@ -2311,7 +2316,7 @@ static void wpa_driver_nl80211_deinit(st
++@@ -2452,7 +2457,7 @@ static void wpa_driver_nl80211_deinit(st
+  	nl80211_remove_monitor_interface(drv);
+  
+  	if (is_ap_interface(drv->nlmode))
+@@ -31,7 +31,7 @@
+  
+  	if (drv->eapol_sock >= 0) {
+  		eloop_unregister_read_sock(drv->eapol_sock);
+-@@ -4140,8 +4145,7 @@ static void nl80211_teardown_ap(struct i
++@@ -4385,8 +4390,7 @@ static void nl80211_teardown_ap(struct i
+  		nl80211_remove_monitor_interface(drv);
+  	else
+  		nl80211_mgmt_unsubscribe(bss, "AP teardown");
+@@ -41,7 +41,7 @@
+  }
+  
+  
+-@@ -6066,8 +6070,6 @@ static int wpa_driver_nl80211_if_remove(
++@@ -6387,8 +6391,6 @@ static int wpa_driver_nl80211_if_remove(
+  	} else {
+  		wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
+  		nl80211_teardown_ap(bss);
+@@ -50,7 +50,7 @@
+  		nl80211_destroy_bss(bss);
+  		if (!bss->added_if)
+  			i802_set_iface_flags(bss, 0);
+-@@ -6389,8 +6391,7 @@ static int wpa_driver_nl80211_deinit_ap(
++@@ -6750,8 +6752,7 @@ static int wpa_driver_nl80211_deinit_ap(
+  	struct wpa_driver_nl80211_data *drv = bss->drv;
+  	if (!is_ap_interface(drv->nlmode))
+  		return -1;
+@@ -60,7 +60,7 @@
+  
+  	/*
+  	 * If the P2P GO interface was dynamically added, then it is
+-@@ -6409,8 +6410,7 @@ static int wpa_driver_nl80211_stop_ap(vo
++@@ -6770,8 +6771,7 @@ static int wpa_driver_nl80211_stop_ap(vo
+  	struct wpa_driver_nl80211_data *drv = bss->drv;
+  	if (!is_ap_interface(drv->nlmode))
+  		return -1;
+diff --git a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch
+index 06b005e..1e405cb 100644
+--- a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch
++++ b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch
+@@ -1,22 +1,22 @@
+ --- a/hostapd/ctrl_iface.c
+ +++ b/hostapd/ctrl_iface.c
+-@@ -45,6 +45,7 @@
+- #include "wps/wps.h"
++@@ -54,6 +54,7 @@
++ #include "fst/fst_ctrl_iface.h"
+  #include "config_file.h"
+  #include "ctrl_iface.h"
+ +#include "config_file.h"
+  
+  
+- struct wpa_ctrl_dst {
+-@@ -55,6 +56,7 @@ struct wpa_ctrl_dst {
+- 	int errors;
+- };
++ #define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256
++@@ -72,6 +73,7 @@ static void hostapd_ctrl_iface_send(stru
++ 				    enum wpa_msg_type type,
++ 				    const char *buf, size_t len);
+  
+ +static char *reload_opts = NULL;
+  
+- static void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level,
+- 				    const char *buf, size_t len);
+-@@ -164,6 +166,61 @@ static int hostapd_ctrl_iface_new_sta(st
++ static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd,
++ 				     struct sockaddr_storage *from,
++@@ -123,6 +125,61 @@ static int hostapd_ctrl_iface_new_sta(st
+  	return 0;
+  }
+  
+@@ -78,7 +78,7 @@
+  
+  #ifdef CONFIG_IEEE80211W
+  #ifdef NEED_AP_MLME
+-@@ -2086,6 +2143,8 @@ static void hostapd_ctrl_iface_receive(i
++@@ -2483,6 +2540,8 @@ static int hostapd_ctrl_iface_receive_pr
+  	} else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
+  		reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply,
+  						      reply_size);
+@@ -89,7 +89,7 @@
+  #ifdef RADIUS_SERVER
+ --- a/src/ap/ctrl_iface_ap.c
+ +++ b/src/ap/ctrl_iface_ap.c
+-@@ -541,5 +541,11 @@ int hostapd_parse_csa_settings(const cha
++@@ -593,7 +593,13 @@ int hostapd_parse_csa_settings(const cha
+  
+  int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd)
+  {
+@@ -102,3 +102,5 @@
+ +
+ +	return 0;
+  }
++ 
++ 
+diff --git a/package/network/services/hostapd/patches/370-ap_sta_support.patch b/package/network/services/hostapd/patches/370-ap_sta_support.patch
+index ea235e6..7a4ba0b 100644
+--- a/package/network/services/hostapd/patches/370-ap_sta_support.patch
++++ b/package/network/services/hostapd/patches/370-ap_sta_support.patch
+@@ -1,6 +1,6 @@
+ --- a/wpa_supplicant/wpa_supplicant_i.h
+ +++ b/wpa_supplicant/wpa_supplicant_i.h
+-@@ -110,6 +110,11 @@ struct wpa_interface {
++@@ -100,6 +100,11 @@ struct wpa_interface {
+  	const char *ifname;
+  
+  	/**
+@@ -12,8 +12,8 @@
+  	 * bridge_ifname - Optional bridge interface name
+  	 *
+  	 * If the driver interface (ifname) is included in a Linux bridge
+-@@ -442,6 +447,8 @@ struct wpa_supplicant {
+- #endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
++@@ -484,6 +489,8 @@ struct wpa_supplicant {
++ #endif /* CONFIG_CTRL_IFACE_BINDER */
+  	char bridge_ifname[16];
+  
+ +	struct wpa_ctrl *hostapd;
+@@ -23,7 +23,7 @@
+  
+ --- a/wpa_supplicant/Makefile
+ +++ b/wpa_supplicant/Makefile
+-@@ -14,6 +14,10 @@ CFLAGS += $(EXTRA_CFLAGS)
++@@ -26,6 +26,10 @@ CFLAGS += $(EXTRA_CFLAGS)
+  CFLAGS += -I$(abspath ../src)
+  CFLAGS += -I$(abspath ../src/utils)
+  
+@@ -34,7 +34,7 @@
+  -include .config
+  -include $(if $(MULTICALL),../hostapd/.config)
+  
+-@@ -84,6 +88,8 @@ OBJS_c += ../src/utils/wpa_debug.o
++@@ -113,6 +117,8 @@ OBJS_c += ../src/utils/wpa_debug.o
+  OBJS_c += ../src/utils/common.o
+  OBJS += wmm_ac.o
+  
+@@ -45,7 +45,7 @@
+  CONFIG_OS=win32
+ --- a/wpa_supplicant/wpa_supplicant.c
+ +++ b/wpa_supplicant/wpa_supplicant.c
+-@@ -107,6 +107,55 @@ const char *wpa_supplicant_full_license5
++@@ -112,6 +112,55 @@ const char *const wpa_supplicant_full_li
+  "\n";
+  #endif /* CONFIG_NO_STDOUT_DEBUG */
+  
+@@ -73,7 +73,7 @@
+ +	int ret;
+ +
+ +	if (!bss)
+-+		return;
+++		return -1;
+ +
+ +	if (bss->ht_param & HT_INFO_HT_PARAM_STA_CHNL_WIDTH) {
+ +		int sec = bss->ht_param & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK;
+@@ -101,7 +101,7 @@
+  /* Configure default/group WEP keys for static WEP */
+  int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
+  {
+-@@ -743,8 +792,12 @@ void wpa_supplicant_set_state(struct wpa
++@@ -812,8 +861,12 @@ void wpa_supplicant_set_state(struct wpa
+  		wpas_p2p_completed(wpa_s);
+  
+  		sme_sched_obss_scan(wpa_s, 1);
+@@ -114,7 +114,7 @@
+  		wpa_s->new_connection = 1;
+  		wpa_drv_set_operstate(wpa_s, 0);
+  #ifndef IEEE8021X_EAPOL
+-@@ -4038,6 +4091,20 @@ static int wpa_supplicant_init_iface(str
++@@ -4646,6 +4699,20 @@ static int wpa_supplicant_init_iface(str
+  			   sizeof(wpa_s->bridge_ifname));
+  	}
+  
+@@ -135,7 +135,7 @@
+  	/* RSNA Supplicant Key Management - INITIALIZE */
+  	eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
+  	eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
+-@@ -4280,6 +4347,11 @@ static void wpa_supplicant_deinit_iface(
++@@ -4937,6 +5004,11 @@ static void wpa_supplicant_deinit_iface(
+  	if (terminate)
+  		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
+  
+@@ -157,7 +157,7 @@
+  #include "drivers/driver.h"
+  #include "wpa_supplicant_i.h"
+  #include "config.h"
+-@@ -277,6 +278,10 @@ static void calculate_update_time(const
++@@ -287,6 +288,10 @@ static void calculate_update_time(const
+  static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src,
+  			     struct os_reltime *fetch_time)
+  {
+@@ -168,7 +168,7 @@
+  	dst->flags = src->flags;
+  	os_memcpy(dst->bssid, src->bssid, ETH_ALEN);
+  	dst->freq = src->freq;
+-@@ -289,6 +294,15 @@ static void wpa_bss_copy_res(struct wpa_
++@@ -299,6 +304,15 @@ static void wpa_bss_copy_res(struct wpa_
+  	dst->est_throughput = src->est_throughput;
+  	dst->snr = src->snr;
+  
+@@ -186,7 +186,7 @@
+  
+ --- a/wpa_supplicant/main.c
+ +++ b/wpa_supplicant/main.c
+-@@ -33,7 +33,7 @@ static void usage(void)
++@@ -34,7 +34,7 @@ static void usage(void)
+  	       "vW] [-P<pid file>] "
+  	       "[-g<global ctrl>] \\\n"
+  	       "        [-G<group>] \\\n"
+@@ -195,24 +195,24 @@
+  	       "[-p<driver_param>] \\\n"
+  	       "        [-b<br_ifname>] [-e<entropy file>]"
+  #ifdef CONFIG_DEBUG_FILE
+-@@ -84,6 +84,7 @@ static void usage(void)
+- #endif /* CONFIG_DEBUG_LINUX_TRACING */
+- 	printf("  -t = include timestamp in debug messages\n"
++@@ -74,6 +74,7 @@ static void usage(void)
++ 	       "  -g = global ctrl_interface\n"
++ 	       "  -G = global ctrl_interface group\n"
+  	       "  -h = show this help text\n"
+ +		   "  -H = connect to a hostapd instance to manage state changes\n"
+- 	       "  -L = show license (BSD)\n"
+- 	       "  -o = override driver parameter for new interfaces\n"
+- 	       "  -O = override ctrl_interface parameter for new interfaces\n"
+-@@ -175,7 +176,7 @@ int main(int argc, char *argv[])
++ 	       "  -i = interface name\n"
++ 	       "  -I = additional configuration file\n"
++ 	       "  -K = include keys (passwords, etc.) in debug output\n"
++@@ -201,7 +202,7 @@ int main(int argc, char *argv[])
+  
+  	for (;;) {
+  		c = getopt(argc, argv,
+--			   "b:Bc:C:D:de:f:g:G:hi:I:KLm:No:O:p:P:qsTtuvW");
+-+			   "b:Bc:C:D:de:f:g:G:hH:i:I:KLm:No:O:p:P:qsTtuvW");
++-			   "b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuvW");
+++			   "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuvW");
+  		if (c < 0)
+  			break;
+  		switch (c) {
+-@@ -222,6 +223,9 @@ int main(int argc, char *argv[])
++@@ -248,6 +249,9 @@ int main(int argc, char *argv[])
+  			usage();
+  			exitcode = 0;
+  			goto out;
+@@ -224,8 +224,8 @@
+  			break;
+ --- a/wpa_supplicant/bss.h
+ +++ b/wpa_supplicant/bss.h
+-@@ -72,6 +72,10 @@ struct wpa_bss {
+- 	u8 ssid[32];
++@@ -79,6 +79,10 @@ struct wpa_bss {
++ 	u8 ssid[SSID_MAX_LEN];
+  	/** Length of SSID */
+  	size_t ssid_len;
+ +	/** HT caapbilities */
+diff --git a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch
+index 3a41b82..9e815e9 100644
+--- a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch
++++ b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch
+@@ -1,18 +1,18 @@
+ --- a/hostapd/Makefile
+ +++ b/hostapd/Makefile
+-@@ -168,6 +168,9 @@ endif
++@@ -212,6 +212,9 @@ endif
+  ifdef CONFIG_NO_CTRL_IFACE
+  CFLAGS += -DCONFIG_NO_CTRL_IFACE
+  else
+ +ifdef CONFIG_CTRL_IFACE_MIB
+ +CFLAGS += -DCONFIG_CTRL_IFACE_MIB
+ +endif
+- OBJS += ctrl_iface.o
+- OBJS += ../src/ap/ctrl_iface_ap.o
+- endif
++ ifeq ($(CONFIG_CTRL_IFACE), udp)
++ CFLAGS += -DCONFIG_CTRL_IFACE_UDP
++ else
+ --- a/hostapd/ctrl_iface.c
+ +++ b/hostapd/ctrl_iface.c
+-@@ -1953,6 +1953,7 @@ static void hostapd_ctrl_iface_receive(i
++@@ -2342,6 +2342,7 @@ static int hostapd_ctrl_iface_receive_pr
+  						      reply_size);
+  	} else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
+  		reply_len = hostapd_drv_status(hapd, reply, reply_size);
+@@ -20,18 +20,18 @@
+  	} else if (os_strcmp(buf, "MIB") == 0) {
+  		reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
+  		if (reply_len >= 0) {
+-@@ -1994,6 +1995,7 @@ static void hostapd_ctrl_iface_receive(i
++@@ -2383,6 +2384,7 @@ static int hostapd_ctrl_iface_receive_pr
+  	} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
+  		reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
+  							reply_size);
+ +#endif
+  	} else if (os_strcmp(buf, "ATTACH") == 0) {
+- 		if (hostapd_ctrl_iface_attach(hapd, &from, fromlen))
++ 		if (hostapd_ctrl_iface_attach(hapd, from, fromlen))
+  			reply_len = -1;
+ --- a/wpa_supplicant/Makefile
+ +++ b/wpa_supplicant/Makefile
+-@@ -837,6 +837,9 @@ ifdef CONFIG_WNM
+- OBJS += ../src/ap/wnm_ap.o
++@@ -874,6 +874,9 @@ ifdef CONFIG_MBO
++ OBJS += ../src/ap/mbo_ap.o
+  endif
+  ifdef CONFIG_CTRL_IFACE
+ +ifdef CONFIG_CTRL_IFACE_MIB
+@@ -42,7 +42,7 @@
+  
+ --- a/wpa_supplicant/ctrl_iface.c
+ +++ b/wpa_supplicant/ctrl_iface.c
+-@@ -1795,7 +1795,7 @@ static int wpa_supplicant_ctrl_iface_sta
++@@ -1895,7 +1895,7 @@ static int wpa_supplicant_ctrl_iface_sta
+  			pos += ret;
+  		}
+  
+@@ -51,7 +51,7 @@
+  		if (wpa_s->ap_iface) {
+  			pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos,
+  							    end - pos,
+-@@ -7896,6 +7896,7 @@ char * wpa_supplicant_ctrl_iface_process
++@@ -8687,6 +8687,7 @@ char * wpa_supplicant_ctrl_iface_process
+  			reply_len = -1;
+  	} else if (os_strncmp(buf, "NOTE ", 5) == 0) {
+  		wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
+@@ -59,7 +59,7 @@
+  	} else if (os_strcmp(buf, "MIB") == 0) {
+  		reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
+  		if (reply_len >= 0) {
+-@@ -7903,6 +7904,7 @@ char * wpa_supplicant_ctrl_iface_process
++@@ -8694,6 +8695,7 @@ char * wpa_supplicant_ctrl_iface_process
+  						      reply + reply_len,
+  						      reply_size - reply_len);
+  		}
+@@ -67,7 +67,7 @@
+  	} else if (os_strncmp(buf, "STATUS", 6) == 0) {
+  		reply_len = wpa_supplicant_ctrl_iface_status(
+  			wpa_s, buf + 6, reply, reply_size);
+-@@ -8353,6 +8355,7 @@ char * wpa_supplicant_ctrl_iface_process
++@@ -9164,6 +9166,7 @@ char * wpa_supplicant_ctrl_iface_process
+  		reply_len = wpa_supplicant_ctrl_iface_bss(
+  			wpa_s, buf + 4, reply, reply_size);
+  #ifdef CONFIG_AP
+@@ -75,7 +75,7 @@
+  	} else if (os_strcmp(buf, "STA-FIRST") == 0) {
+  		reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size);
+  	} else if (os_strncmp(buf, "STA ", 4) == 0) {
+-@@ -8361,12 +8364,15 @@ char * wpa_supplicant_ctrl_iface_process
++@@ -9172,12 +9175,15 @@ char * wpa_supplicant_ctrl_iface_process
+  	} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
+  		reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
+  						   reply_size);
+@@ -93,15 +93,15 @@
+  			reply_len = -1;
+ --- a/src/ap/ctrl_iface_ap.c
+ +++ b/src/ap/ctrl_iface_ap.c
+-@@ -22,6 +22,7 @@
+- #include "ctrl_iface_ap.h"
++@@ -24,6 +24,7 @@
+  #include "ap_drv_ops.h"
++ #include "mbo_ap.h"
+  
+ +#ifdef CONFIG_CTRL_IFACE_MIB
+  
+  static int hostapd_get_sta_tx_rx(struct hostapd_data *hapd,
+  				 struct sta_info *sta,
+-@@ -224,6 +225,7 @@ int hostapd_ctrl_iface_sta_next(struct h
++@@ -249,6 +250,7 @@ int hostapd_ctrl_iface_sta_next(struct h
+  	return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen);
+  }
+  
+@@ -111,33 +111,33 @@
+  static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
+ --- a/src/ap/ieee802_1x.c
+ +++ b/src/ap/ieee802_1x.c
+-@@ -2337,6 +2337,7 @@ static const char * bool_txt(Boolean boo
+- 	return bool_val ? "TRUE" : "FALSE";
++@@ -2441,6 +2441,7 @@ static const char * bool_txt(Boolean val
++ 	return val ? "TRUE" : "FALSE";
+  }
+  
+ +#ifdef CONFIG_CTRL_IFACE_MIB
+  
+  int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
+  {
+-@@ -2512,6 +2513,7 @@ int ieee802_1x_get_mib_sta(struct hostap
++@@ -2616,6 +2617,7 @@ int ieee802_1x_get_mib_sta(struct hostap
+  	return len;
+  }
+  
+ +#endif
+  
+- static void ieee802_1x_finished(struct hostapd_data *hapd,
+- 				struct sta_info *sta, int success,
++ #ifdef CONFIG_HS20
++ static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)
+ --- a/src/ap/wpa_auth.c
+ +++ b/src/ap/wpa_auth.c
+-@@ -2999,6 +2999,7 @@ static const char * wpa_bool_txt(int boo
+- 	return bool ? "TRUE" : "FALSE";
++@@ -3069,6 +3069,7 @@ static const char * wpa_bool_txt(int val
++ 	return val ? "TRUE" : "FALSE";
+  }
+  
+ +#ifdef CONFIG_CTRL_IFACE_MIB
+  
+  #define RSN_SUITE "%02x-%02x-%02x-%d"
+  #define RSN_SUITE_ARG(s) \
+-@@ -3143,7 +3144,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
++@@ -3213,7 +3214,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
+  
+  	return len;
+  }
+@@ -148,7 +148,7 @@
+  {
+ --- a/src/rsn_supp/wpa.c
+ +++ b/src/rsn_supp/wpa.c
+-@@ -2032,6 +2032,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
++@@ -2108,6 +2108,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
+  }
+  
+  
+@@ -157,7 +157,7 @@
+  #define RSN_SUITE "%02x-%02x-%02x-%d"
+  #define RSN_SUITE_ARG(s) \
+  ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
+-@@ -2115,6 +2117,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
++@@ -2191,6 +2193,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
+  
+  	return (int) len;
+  }
+@@ -167,7 +167,7 @@
+  
+ --- a/wpa_supplicant/ap.c
+ +++ b/wpa_supplicant/ap.c
+-@@ -1015,7 +1015,7 @@ int wpas_ap_wps_nfc_report_handover(stru
++@@ -1114,7 +1114,7 @@ int wpas_ap_wps_nfc_report_handover(stru
+  #endif /* CONFIG_WPS */
+  
+  
+diff --git a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch
+index 1065a7f..c9e7bf4 100644
+--- a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch
++++ b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch
+@@ -1,6 +1,6 @@
+ --- a/src/common/wpa_common.c
+ +++ b/src/common/wpa_common.c
+-@@ -1228,6 +1228,31 @@ u32 wpa_akm_to_suite(int akm)
++@@ -1244,6 +1244,31 @@ u32 wpa_akm_to_suite(int akm)
+  }
+  
+  
+@@ -32,7 +32,7 @@
+  int wpa_compare_rsn_ie(int ft_initial_assoc,
+  		       const u8 *ie1, size_t ie1len,
+  		       const u8 *ie2, size_t ie2len)
+-@@ -1235,8 +1260,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
++@@ -1251,8 +1276,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
+  	if (ie1 == NULL || ie2 == NULL)
+  		return -1;
+  
+diff --git a/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch b/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch
+index 083af5b..f5872cd 100644
+--- a/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch
++++ b/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch
+@@ -1,25 +1,22 @@
+ --- a/src/ap/wps_hostapd.c
+ +++ b/src/ap/wps_hostapd.c
+-@@ -1052,11 +1052,9 @@ int hostapd_init_wps(struct hostapd_data
+- 
+- 		if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP))
++@@ -352,8 +352,7 @@ static int hapd_wps_reconfig_in_memory(s
++ 				bss->wpa_pairwise |= WPA_CIPHER_GCMP;
++ 			else
++ 				bss->wpa_pairwise |= WPA_CIPHER_CCMP;
++-		}
++-		if (cred->encr_type & WPS_ENCR_TKIP)
+++		} else if (cred->encr_type & WPS_ENCR_TKIP)
++ 			bss->wpa_pairwise |= WPA_CIPHER_TKIP;
++ 		bss->rsn_pairwise = bss->wpa_pairwise;
++ 		bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
++@@ -1073,8 +1072,7 @@ int hostapd_init_wps(struct hostapd_data
++ 		if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) {
+  			wps->encr_types |= WPS_ENCR_AES;
+--		if (conf->rsn_pairwise & WPA_CIPHER_TKIP)
+-+		else if (conf->rsn_pairwise & WPA_CIPHER_TKIP)
++ 			wps->encr_types_rsn |= WPS_ENCR_AES;
++-		}
++-		if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
+++		} else if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
+  			wps->encr_types |= WPS_ENCR_TKIP;
+--	}
+--
+--	if (conf->wpa & WPA_PROTO_WPA) {
+-+	} else if (conf->wpa & WPA_PROTO_WPA) {
+- 		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK)
+- 			wps->auth_types |= WPS_AUTH_WPAPSK;
+- 		if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
+-@@ -1064,7 +1062,7 @@ int hostapd_init_wps(struct hostapd_data
+- 
+- 		if (conf->wpa_pairwise & WPA_CIPHER_CCMP)
+- 			wps->encr_types |= WPS_ENCR_AES;
+--		if (conf->wpa_pairwise & WPA_CIPHER_TKIP)
+-+		else if (conf->wpa_pairwise & WPA_CIPHER_TKIP)
+- 			wps->encr_types |= WPS_ENCR_TKIP;
+- 	}
+- 
++ 			wps->encr_types_rsn |= WPS_ENCR_TKIP;
++ 		}
+diff --git a/package/network/services/hostapd/patches/410-limit_debug_messages.patch b/package/network/services/hostapd/patches/410-limit_debug_messages.patch
+index da88732..a48b696 100644
+--- a/package/network/services/hostapd/patches/410-limit_debug_messages.patch
++++ b/package/network/services/hostapd/patches/410-limit_debug_messages.patch
+@@ -64,7 +64,7 @@
+  #ifdef CONFIG_DEBUG_FILE
+  static char *last_path = NULL;
+  #endif /* CONFIG_DEBUG_FILE */
+-@@ -602,7 +576,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_
++@@ -604,7 +578,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_
+  }
+  
+  
+@@ -73,7 +73,7 @@
+  {
+  	va_list ap;
+  	char *buf;
+-@@ -640,7 +614,7 @@ void wpa_msg(void *ctx, int level, const
++@@ -642,7 +616,7 @@ void wpa_msg(void *ctx, int level, const
+  }
+  
+  
+@@ -183,7 +183,7 @@
+  
+  /*
+   * wpa_dbg() behaves like wpa_msg(), but it can be removed from build to reduce
+-@@ -181,7 +222,12 @@ void wpa_hexdump_ascii_key(int level, co
++@@ -182,7 +223,12 @@ void wpa_hexdump_ascii_key(int level, co
+   *
+   * Note: New line '\n' is added to the end of the text when printing to stdout.
+   */
+@@ -197,7 +197,7 @@
+  
+  /**
+   * wpa_msg_ctrl - Conditional printf for ctrl_iface monitors
+-@@ -195,8 +241,13 @@ void wpa_msg(void *ctx, int level, const
++@@ -196,8 +242,13 @@ void wpa_msg(void *ctx, int level, const
+   * attached ctrl_iface monitors. In other words, it can be used for frequent
+   * events that do not need to be sent to syslog.
+   */
+diff --git a/package/network/services/hostapd/patches/420-indicate-features.patch b/package/network/services/hostapd/patches/420-indicate-features.patch
+index 64c92df..335e71e 100644
+--- a/package/network/services/hostapd/patches/420-indicate-features.patch
++++ b/package/network/services/hostapd/patches/420-indicate-features.patch
+@@ -8,16 +8,16 @@
+  #include "crypto/random.h"
+  #include "crypto/tls.h"
+  #include "common/version.h"
+-@@ -567,7 +568,7 @@ int main(int argc, char *argv[])
+- 
++@@ -668,7 +669,7 @@ int main(int argc, char *argv[])
+  	wpa_supplicant_event = hostapd_wpa_event;
++ 	wpa_supplicant_event_global = hostapd_wpa_event_global;
+  	for (;;) {
+--		c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:vg:G:");
+-+		c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:g:G:v::");
++-		c = getopt(argc, argv, "b:Bde:f:hi:KP:STtu:vg:G:");
+++		c = getopt(argc, argv, "b:Bde:f:hi:KP:STtu:g:G:v::");
+  		if (c < 0)
+  			break;
+  		switch (c) {
+-@@ -604,6 +605,8 @@ int main(int argc, char *argv[])
++@@ -705,6 +706,8 @@ int main(int argc, char *argv[])
+  			break;
+  #endif /* CONFIG_DEBUG_LINUX_TRACING */
+  		case 'v':
+@@ -33,19 +33,19 @@
+  
+  #include "common.h"
+ +#include "build_features.h"
++ #include "fst/fst.h"
+  #include "wpa_supplicant_i.h"
+  #include "driver_i.h"
+- #include "p2p_supplicant.h"
+-@@ -176,7 +177,7 @@ int main(int argc, char *argv[])
++@@ -202,7 +203,7 @@ int main(int argc, char *argv[])
+  
+  	for (;;) {
+  		c = getopt(argc, argv,
+--			   "b:Bc:C:D:de:f:g:G:hH:i:I:KLm:No:O:p:P:qsTtuvW");
+-+			   "b:Bc:C:D:de:f:g:G:hH:i:I:KLm:No:O:p:P:qsTtuv::W");
++-			   "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuvW");
+++			   "b:Bc:C:D:de:f:g:G:hH:i:I:KLMm:No:O:p:P:qsTtuv::W");
+  		if (c < 0)
+  			break;
+  		switch (c) {
+-@@ -279,8 +280,12 @@ int main(int argc, char *argv[])
++@@ -305,8 +306,12 @@ int main(int argc, char *argv[])
+  			break;
+  #endif /* CONFIG_DBUS */
+  		case 'v':
+diff --git a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch
+index 85d2e16..d07b747 100644
+--- a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch
++++ b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch
+@@ -1,6 +1,6 @@
+ --- a/hostapd/hostapd_cli.c
+ +++ b/hostapd/hostapd_cli.c
+-@@ -67,7 +67,6 @@ static const char *commands_help =
++@@ -69,7 +69,6 @@ static const char *const commands_help =
+  #ifdef CONFIG_IEEE80211W
+  "   sa_query <addr>      send SA Query to a station\n"
+  #endif /* CONFIG_IEEE80211W */
+@@ -8,7 +8,7 @@
+  "   wps_pin <uuid> <pin> [timeout] [addr]  add WPS Enrollee PIN\n"
+  "   wps_check_pin <PIN>  verify PIN checksum\n"
+  "   wps_pbc              indicate button pushed to initiate PBC\n"
+-@@ -80,7 +79,6 @@ static const char *commands_help =
++@@ -82,7 +81,6 @@ static const char *const commands_help =
+  "   wps_ap_pin <cmd> [params..]  enable/disable AP PIN\n"
+  "   wps_config <SSID> <auth> <encr> <key>  configure AP\n"
+  "   wps_get_status       show current WPS status\n"
+@@ -16,7 +16,7 @@
+  "   get_config           show current configuration\n"
+  "   help                 show this usage help\n"
+  "   interface [ifname]   show interfaces/select interface\n"
+-@@ -353,7 +351,6 @@ static int hostapd_cli_cmd_sa_query(stru
++@@ -418,7 +416,6 @@ static int hostapd_cli_cmd_sa_query(stru
+  #endif /* CONFIG_IEEE80211W */
+  
+  
+@@ -24,7 +24,7 @@
+  static int hostapd_cli_cmd_wps_pin(struct wpa_ctrl *ctrl, int argc,
+  				   char *argv[])
+  {
+-@@ -579,7 +576,6 @@ static int hostapd_cli_cmd_wps_config(st
++@@ -644,7 +641,6 @@ static int hostapd_cli_cmd_wps_config(st
+  			 ssid_hex, argv[1]);
+  	return wpa_ctrl_command(ctrl, buf);
+  }
+@@ -32,7 +32,7 @@
+  
+  
+  static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc,
+-@@ -1027,7 +1023,6 @@ static struct hostapd_cli_cmd hostapd_cl
++@@ -1236,7 +1232,6 @@ static const struct hostapd_cli_cmd host
+  #ifdef CONFIG_IEEE80211W
+  	{ "sa_query", hostapd_cli_cmd_sa_query },
+  #endif /* CONFIG_IEEE80211W */
+@@ -40,7 +40,7 @@
+  	{ "wps_pin", hostapd_cli_cmd_wps_pin },
+  	{ "wps_check_pin", hostapd_cli_cmd_wps_check_pin },
+  	{ "wps_pbc", hostapd_cli_cmd_wps_pbc },
+-@@ -1041,7 +1036,6 @@ static struct hostapd_cli_cmd hostapd_cl
++@@ -1250,7 +1245,6 @@ static const struct hostapd_cli_cmd host
+  	{ "wps_ap_pin", hostapd_cli_cmd_wps_ap_pin },
+  	{ "wps_config", hostapd_cli_cmd_wps_config },
+  	{ "wps_get_status", hostapd_cli_cmd_wps_get_status },
+diff --git a/package/network/services/hostapd/patches/431-wpa_cli_ifdef.patch b/package/network/services/hostapd/patches/431-wpa_cli_ifdef.patch
+index 874ff4b..256f6b5 100644
+--- a/package/network/services/hostapd/patches/431-wpa_cli_ifdef.patch
++++ b/package/network/services/hostapd/patches/431-wpa_cli_ifdef.patch
+@@ -1,13 +1,12 @@
+ --- a/wpa_supplicant/wpa_cli.c
+ +++ b/wpa_supplicant/wpa_cli.c
+-@@ -26,6 +26,10 @@
++@@ -25,6 +25,9 @@
++ #include <cutils/properties.h>
+  #endif /* ANDROID */
+  
+- 
+ +#ifndef CONFIG_P2P
+ +#define CONFIG_P2P
+ +#endif
+-+
+- static const char *wpa_cli_version =
++ 
++ static const char *const wpa_cli_version =
+  "wpa_cli v" VERSION_STR "\n"
+- "Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi> and contributors";
+diff --git a/package/network/services/hostapd/patches/432-missing-typedef.patch b/package/network/services/hostapd/patches/432-missing-typedef.patch
+new file mode 100644
+index 0000000..7a100f1
+--- /dev/null
++++ b/package/network/services/hostapd/patches/432-missing-typedef.patch
+@@ -0,0 +1,10 @@
++--- a/src/drivers/linux_wext.h
+++++ b/src/drivers/linux_wext.h
++@@ -26,6 +26,7 @@ typedef int32_t __s32;
++ typedef uint16_t __u16;
++ typedef int16_t __s16;
++ typedef uint8_t __u8;
+++typedef int8_t __s8;
++ #ifndef __user
++ #define __user
++ #endif /* __user */
+diff --git a/package/network/services/hostapd/patches/440-max_num_sta_probe.patch b/package/network/services/hostapd/patches/440-max_num_sta_probe.patch
+deleted file mode 100644
+index 74aef26..0000000
+--- a/package/network/services/hostapd/patches/440-max_num_sta_probe.patch
++++ /dev/null
+@@ -1,13 +0,0 @@
+---- a/src/ap/beacon.c
+-+++ b/src/ap/beacon.c
+-@@ -664,6 +664,10 @@ void handle_probe_req(struct hostapd_dat
+- 		return;
+- 	}
+- 
+-+	if (!sta && hapd->num_sta >= hapd->conf->max_num_sta)
+-+		wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR " ignored,"
+-+			   " too many connected stations.", MAC2STR(mgmt->sa));
+-+
+- #ifdef CONFIG_INTERWORKING
+- 	if (hapd->conf->interworking &&
+- 	    elems.interworking && elems.interworking_len >= 1) {
+diff --git a/package/network/services/hostapd/patches/450-scan_wait.patch b/package/network/services/hostapd/patches/450-scan_wait.patch
+index 87ebd45..78cf306 100644
+--- a/package/network/services/hostapd/patches/450-scan_wait.patch
++++ b/package/network/services/hostapd/patches/450-scan_wait.patch
+@@ -1,6 +1,6 @@
+ --- a/hostapd/main.c
+ +++ b/hostapd/main.c
+-@@ -36,6 +36,8 @@ struct hapd_global {
++@@ -37,6 +37,8 @@ struct hapd_global {
+  };
+  
+  static struct hapd_global global;
+@@ -9,7 +9,7 @@
+  
+  
+  #ifndef CONFIG_NO_HOSTAPD_LOGGER
+-@@ -142,6 +144,14 @@ static void hostapd_logger_cb(void *ctx,
++@@ -143,6 +145,14 @@ static void hostapd_logger_cb(void *ctx,
+  }
+  #endif /* CONFIG_NO_HOSTAPD_LOGGER */
+  
+@@ -24,7 +24,7 @@
+  
+  /**
+   * hostapd_driver_init - Preparate driver interface
+-@@ -160,6 +170,8 @@ static int hostapd_driver_init(struct ho
++@@ -161,6 +171,8 @@ static int hostapd_driver_init(struct ho
+  		return -1;
+  	}
+  
+@@ -33,7 +33,7 @@
+  	/* Initialize the driver interface */
+  	if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5]))
+  		b = NULL;
+-@@ -381,8 +393,6 @@ static void hostapd_global_deinit(const
++@@ -401,8 +413,6 @@ static void hostapd_global_deinit(const
+  #endif /* CONFIG_NATIVE_WINDOWS */
+  
+  	eap_server_unregister_methods();
+@@ -42,19 +42,26 @@
+  }
+  
+  
+-@@ -408,11 +418,6 @@ static int hostapd_global_run(struct hap
++@@ -428,18 +438,6 @@ static int hostapd_global_run(struct hap
+  	}
+  #endif /* EAP_SERVER_TNC */
+  
+--	if (daemonize && os_daemonize(pid_file)) {
+--		wpa_printf(MSG_ERROR, "daemon: %s", strerror(errno));
+--		return -1;
++-	if (daemonize) {
++-		if (os_daemonize(pid_file)) {
++-			wpa_printf(MSG_ERROR, "daemon: %s", strerror(errno));
++-			return -1;
++-		}
++-		if (eloop_sock_requeue()) {
++-			wpa_printf(MSG_ERROR, "eloop_sock_requeue: %s",
++-				   strerror(errno));
++-			return -1;
++-		}
+ -	}
+ -
+  	eloop_run();
+  
+  	return 0;
+-@@ -542,8 +547,7 @@ int main(int argc, char *argv[])
++@@ -638,8 +636,7 @@ int main(int argc, char *argv[])
+  	struct hapd_interfaces interfaces;
+  	int ret = 1;
+  	size_t i, j;
+diff --git a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
+index 217e701..6a5866e 100644
+--- a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
++++ b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
+@@ -18,15 +18,15 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
+  
+  #define WPA_SUPPLICANT_DRIVER_VERSION 4
+  
+-+#include "drivers/nl80211_copy.h"
+++#include "ap/sta_info.h"
+  #include "common/defs.h"
++ #include "common/ieee802_11_defs.h"
+  #include "utils/list.h"
+- 
+-@@ -538,6 +539,9 @@ struct wpa_driver_associate_params {
++@@ -587,6 +588,9 @@ struct wpa_driver_associate_params {
+  	 * responsible for selecting with which BSS to associate. */
+  	const u8 *bssid;
+  
+-+	unsigned char rates[NL80211_MAX_SUPP_RATES];
+++	unsigned char rates[WLAN_SUPP_RATES_MAX];
+ +	int mcast_rate;
+ +
+  	/**
+@@ -34,15 +34,15 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
+  	 *
+ --- a/wpa_supplicant/config.c
+ +++ b/wpa_supplicant/config.c
+-@@ -15,6 +15,7 @@
+- #include "rsn_supp/wpa.h"
++@@ -16,6 +16,7 @@
+  #include "eap_peer/eap.h"
+  #include "p2p/p2p.h"
+-+#include "drivers/nl80211_copy.h"
++ #include "fst/fst.h"
+++#include "ap/sta_info.h"
+  #include "config.h"
+  
+  
+-@@ -1722,6 +1723,97 @@ static char * wpa_config_write_mesh_basi
++@@ -1816,6 +1817,97 @@ static char * wpa_config_write_mesh_basi
+  #endif /* CONFIG_MESH */
+  
+  
+@@ -88,7 +88,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
+ +	pos = (char *)value;
+ +	r = strtok_r(pos, ",", &sptr);
+ +	i = 0;
+-+	while (pos && i < NL80211_MAX_SUPP_RATES) {
+++	while (pos && i < WLAN_SUPP_RATES_MAX) {
+ +		rate = 0.0;
+ +		if (r)
+ +			rate = strtod(r, &end);
+@@ -113,11 +113,11 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
+ +	if (ssid->rates[0] <= 0)
+ +		return NULL;
+ +
+-+	value = os_malloc(6 * NL80211_MAX_SUPP_RATES + 1);
+++	value = os_malloc(6 * WLAN_SUPP_RATES_MAX + 1);
+ +	if (value == NULL)
+ +		return NULL;
+ +	pos = value;
+-+	for (i = 0; i < NL80211_MAX_SUPP_RATES - 1; i++) {
+++	for (i = 0; i < WLAN_SUPP_RATES_MAX - 1; i++) {
+ +		res = os_snprintf(pos, 6, "%.1f,", (double)ssid->rates[i] / 2);
+ +		if (res < 0) {
+ +			os_free(value);
+@@ -126,13 +126,13 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
+ +		pos += res;
+ +	}
+ +	res = os_snprintf(pos, 6, "%.1f",
+-+			  (double)ssid->rates[NL80211_MAX_SUPP_RATES - 1] / 2);
+++			  (double)ssid->rates[WLAN_SUPP_RATES_MAX - 1] / 2);
+ +	if (res < 0) {
+ +		os_free(value);
+ +		return NULL;
+ +	}
+ +
+-+	value[6 * NL80211_MAX_SUPP_RATES] = '\0';
+++	value[6 * WLAN_SUPP_RATES_MAX] = '\0';
+ +	return value;
+ +}
+ +#endif /* NO_CONFIG_WRITE */
+@@ -140,7 +140,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
+  /* Helper macros for network block parser */
+  
+  #ifdef OFFSET
+-@@ -1947,6 +2039,9 @@ static const struct parse_data ssid_fiel
++@@ -2047,6 +2139,9 @@ static const struct parse_data ssid_fiel
+  	{ INT(ap_max_inactivity) },
+  	{ INT(dtim_period) },
+  	{ INT(beacon_int) },
+@@ -152,19 +152,22 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
+  #endif /* CONFIG_MACSEC */
+ --- a/wpa_supplicant/config_ssid.h
+ +++ b/wpa_supplicant/config_ssid.h
+-@@ -12,6 +12,7 @@
++@@ -10,8 +10,10 @@
++ #define CONFIG_SSID_H
++ 
+  #include "common/defs.h"
+++#include "ap/sta_info.h"
+  #include "utils/list.h"
+  #include "eap_peer/eap_config.h"
+ +#include "drivers/nl80211_copy.h"
+  
+- #define MAX_SSID_LEN 32
+  
+-@@ -675,6 +676,9 @@ struct wpa_ssid {
++ #define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
++@@ -711,6 +713,9 @@ struct wpa_ssid {
+  	 */
+  	void *parent_cred;
+  
+-+	unsigned char rates[NL80211_MAX_SUPP_RATES];
+++	unsigned char rates[WLAN_SUPP_RATES_MAX];
+ +	double mcast_rate;
+ +
+  #ifdef CONFIG_MACSEC
+@@ -172,13 +175,13 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
+  	 * macsec_policy - Determines the policy for MACsec secure session
+ --- a/wpa_supplicant/wpa_supplicant.c
+ +++ b/wpa_supplicant/wpa_supplicant.c
+-@@ -2266,6 +2266,13 @@ static void wpas_start_assoc_cb(struct w
++@@ -2518,6 +2518,13 @@ static void wpas_start_assoc_cb(struct w
+  			params.beacon_int = ssid->beacon_int;
+  		else
+  			params.beacon_int = wpa_s->conf->beacon_int;
+ +		params.fixed_freq = ssid->fixed_freq;
+ +		i = 0;
+-+		while (i < NL80211_MAX_SUPP_RATES) {
+++		while (i < WLAN_SUPP_RATES_MAX) {
+ +			params.rates[i] = ssid->rates[i];
+ +			i++;
+ +		}
+diff --git a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch
+index 730cc31..459bdb9 100644
+--- a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch
++++ b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch
+@@ -10,7 +10,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
+ 
+ --- a/src/drivers/driver_nl80211.c
+ +++ b/src/drivers/driver_nl80211.c
+-@@ -4398,7 +4398,7 @@ static int wpa_driver_nl80211_ibss(struc
++@@ -4644,7 +4644,7 @@ static int wpa_driver_nl80211_ibss(struc
+  				   struct wpa_driver_associate_params *params)
+  {
+  	struct nl_msg *msg;
+@@ -19,7 +19,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
+  	int count = 0;
+  
+  	wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
+-@@ -4425,6 +4425,37 @@ retry:
++@@ -4671,6 +4671,37 @@ retry:
+  	    nl80211_put_beacon_int(msg, params->beacon_int))
+  		goto fail;
+  
+diff --git a/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch b/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch
+index 30bb2dc..80fe49c 100644
+--- a/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch
++++ b/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch
+@@ -16,9 +16,9 @@ Signed-off-by: Antonio Quartulli <ordex@autistici.org>
+ 
+ --- a/src/drivers/driver.h
+ +++ b/src/drivers/driver.h
+-@@ -541,6 +541,8 @@ struct wpa_driver_associate_params {
++@@ -590,6 +590,8 @@ struct wpa_driver_associate_params {
+  
+- 	unsigned char rates[NL80211_MAX_SUPP_RATES];
++ 	unsigned char rates[WLAN_SUPP_RATES_MAX];
+  	int mcast_rate;
+ +	int ht_set;
+ +	unsigned int htmode;
+@@ -27,7 +27,7 @@ Signed-off-by: Antonio Quartulli <ordex@autistici.org>
+  	 * bssid_hint - BSSID of a proposed AP
+ --- a/src/drivers/driver_nl80211.c
+ +++ b/src/drivers/driver_nl80211.c
+-@@ -4456,6 +4456,22 @@ retry:
++@@ -4702,6 +4702,22 @@ retry:
+  		nla_put_u32(msg, NL80211_ATTR_MCAST_RATE, params->mcast_rate);
+  	}
+  
+@@ -52,7 +52,7 @@ Signed-off-by: Antonio Quartulli <ordex@autistici.org>
+  		goto fail;
+ --- a/wpa_supplicant/config.c
+ +++ b/wpa_supplicant/config.c
+-@@ -1754,6 +1754,71 @@ static char * wpa_config_write_mcast_rat
++@@ -1848,6 +1848,71 @@ static char * wpa_config_write_mcast_rat
+  }
+  #endif /* NO_CONFIG_WRITE */
+  
+@@ -124,7 +124,7 @@ Signed-off-by: Antonio Quartulli <ordex@autistici.org>
+  static int wpa_config_parse_rates(const struct parse_data *data,
+  				  struct wpa_ssid *ssid, int line,
+  				  const char *value)
+-@@ -2042,6 +2107,7 @@ static const struct parse_data ssid_fiel
++@@ -2142,6 +2207,7 @@ static const struct parse_data ssid_fiel
+  	{ INT_RANGE(fixed_freq, 0, 1) },
+  	{ FUNC(rates) },
+  	{ FUNC(mcast_rate) },
+@@ -134,9 +134,9 @@ Signed-off-by: Antonio Quartulli <ordex@autistici.org>
+  #endif /* CONFIG_MACSEC */
+ --- a/wpa_supplicant/config_ssid.h
+ +++ b/wpa_supplicant/config_ssid.h
+-@@ -678,6 +678,8 @@ struct wpa_ssid {
++@@ -715,6 +715,8 @@ struct wpa_ssid {
+  
+- 	unsigned char rates[NL80211_MAX_SUPP_RATES];
++ 	unsigned char rates[WLAN_SUPP_RATES_MAX];
+  	double mcast_rate;
+ +	int ht_set;
+ +	unsigned int htmode;
+@@ -145,7 +145,7 @@ Signed-off-by: Antonio Quartulli <ordex@autistici.org>
+  	/**
+ --- a/wpa_supplicant/wpa_supplicant.c
+ +++ b/wpa_supplicant/wpa_supplicant.c
+-@@ -2273,6 +2273,8 @@ static void wpas_start_assoc_cb(struct w
++@@ -2525,6 +2525,8 @@ static void wpas_start_assoc_cb(struct w
+  			i++;
+  		}
+  		params.mcast_rate = ssid->mcast_rate;
+diff --git a/package/network/services/hostapd/patches/470-survey_data_fallback.patch b/package/network/services/hostapd/patches/470-survey_data_fallback.patch
+new file mode 100644
+index 0000000..4e40a87
+--- /dev/null
++++ b/package/network/services/hostapd/patches/470-survey_data_fallback.patch
+@@ -0,0 +1,45 @@
++--- a/src/ap/acs.c
+++++ b/src/ap/acs.c
++@@ -292,18 +292,12 @@ static void acs_fail(struct hostapd_ifac
++ static long double
++ acs_survey_interference_factor(struct freq_survey *survey, s8 min_nf)
++ {
++-	long double factor, busy, total;
+++	long double factor, busy = 0, total;
++ 
++ 	if (survey->filled & SURVEY_HAS_CHAN_TIME_BUSY)
++ 		busy = survey->channel_time_busy;
++ 	else if (survey->filled & SURVEY_HAS_CHAN_TIME_RX)
++ 		busy = survey->channel_time_rx;
++-	else {
++-		/* This shouldn't really happen as survey data is checked in
++-		 * acs_sanity_check() */
++-		wpa_printf(MSG_ERROR, "ACS: Survey data missing");
++-		return 0;
++-	}
++ 
++ 	total = survey->channel_time;
++ 
++@@ -395,20 +389,19 @@ static int acs_usable_vht80_chan(struct
++ static int acs_survey_is_sufficient(struct freq_survey *survey)
++ {
++ 	if (!(survey->filled & SURVEY_HAS_NF)) {
+++		survey->nf = -95;
++ 		wpa_printf(MSG_INFO, "ACS: Survey is missing noise floor");
++-		return 0;
++ 	}
++ 
++ 	if (!(survey->filled & SURVEY_HAS_CHAN_TIME)) {
+++		survey->channel_time = 0;
++ 		wpa_printf(MSG_INFO, "ACS: Survey is missing channel time");
++-		return 0;
++ 	}
++ 
++ 	if (!(survey->filled & SURVEY_HAS_CHAN_TIME_BUSY) &&
++ 	    !(survey->filled & SURVEY_HAS_CHAN_TIME_RX)) {
++ 		wpa_printf(MSG_INFO,
++ 			   "ACS: Survey is missing RX and busy time (at least one is required)");
++-		return 0;
++ 	}
++ 
++ 	return 1;
+diff --git a/package/network/services/hostapd/patches/470-wait-for-nullfunc-longer.patch b/package/network/services/hostapd/patches/470-wait-for-nullfunc-longer.patch
+deleted file mode 100644
+index e6bbddd..0000000
+--- a/package/network/services/hostapd/patches/470-wait-for-nullfunc-longer.patch
++++ /dev/null
+@@ -1,11 +0,0 @@
+---- a/src/ap/sta_info.h
+-+++ b/src/ap/sta_info.h
+-@@ -179,7 +179,7 @@ struct sta_info {
+-  * AP_DISASSOC_DELAY seconds. Similarly, the station will be deauthenticated
+-  * after AP_DEAUTH_DELAY seconds has passed after disassociation. */
+- #define AP_MAX_INACTIVITY (5 * 60)
+--#define AP_DISASSOC_DELAY (1)
+-+#define AP_DISASSOC_DELAY (3)
+- #define AP_DEAUTH_DELAY (1)
+- /* Number of seconds to keep STA entry with Authenticated flag after it has
+-  * been disassociated. */
+diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch
+index df2eac8..feacdf2 100644
+--- a/package/network/services/hostapd/patches/600-ubus_support.patch
++++ b/package/network/services/hostapd/patches/600-ubus_support.patch
+@@ -1,6 +1,6 @@
+ --- a/hostapd/Makefile
+ +++ b/hostapd/Makefile
+-@@ -121,6 +121,11 @@ OBJS += ../src/common/hw_features_common
++@@ -157,6 +157,11 @@ OBJS += ../src/common/hw_features_common
+  
+  OBJS += ../src/eapol_auth/eapol_auth_sm.o
+  
+@@ -22,7 +22,7 @@
+  
+  struct wpa_ctrl_dst;
+  struct radius_server_data;
+-@@ -103,6 +104,7 @@ struct hostapd_data {
++@@ -118,6 +119,7 @@ struct hostapd_data {
+  	struct hostapd_iface *iface;
+  	struct hostapd_config *iconf;
+  	struct hostapd_bss_config *conf;
+@@ -30,7 +30,7 @@
+  	int interface_added; /* virtual interface added for this BSS */
+  	unsigned int started:1;
+  	unsigned int disabled:1;
+-@@ -286,6 +288,8 @@ struct hostapd_iface {
++@@ -323,6 +325,8 @@ struct hostapd_iface {
+  	struct hostapd_config *conf;
+  	char phy[16]; /* Name of the PHY (radio) */
+  
+@@ -41,10 +41,10 @@
+  		HAPD_IFACE_DISABLED,
+ --- /dev/null
+ +++ b/src/ap/ubus.c
+-@@ -0,0 +1,511 @@
++@@ -0,0 +1,536 @@
+ +/*
+ + * hostapd / ubus support
+-+ * Copyright (c) 2013, Felix Fietkau <nbd@openwrt.org>
+++ * Copyright (c) 2013, Felix Fietkau <nbd@nbd.name>
+ + *
+ + * This software may be distributed under the terms of the BSD license.
+ + * See README for more details.
+@@ -58,6 +58,8 @@
+ +#include "wps_hostapd.h"
+ +#include "sta_info.h"
+ +#include "ubus.h"
+++#include "ap_drv_ops.h"
+++#include "beacon.h"
+ +
+ +static struct ubus_context *ctx;
+ +static struct blob_buf b;
+@@ -417,6 +419,10 @@
+ +{
+ +	struct blob_attr *tb[__VENDOR_ELEMENTS_MAX];
+ +	struct hostapd_data *hapd = get_hapd_from_object(obj);
+++	struct hostapd_bss_config *bss = hapd->conf;
+++	struct wpabuf *elems;
+++	const char *pos;
+++	size_t len;
+ +
+ +	blobmsg_parse(ve_policy, __VENDOR_ELEMENTS_MAX, tb,
+ +		      blob_data(msg), blob_len(msg));
+@@ -424,10 +430,29 @@
+ +	if (!tb[VENDOR_ELEMENTS])
+ +		return UBUS_STATUS_INVALID_ARGUMENT;
+ +
+-+	const char *vendor_elements = blobmsg_data(tb[VENDOR_ELEMENTS]);
+-+	if (hostapd_set_iface(hapd->iconf, hapd->conf, "vendor_elements",
+-+			      vendor_elements) != 0)
+-+		return UBUS_STATUS_NOT_SUPPORTED;
+++	pos = blobmsg_data(tb[VENDOR_ELEMENTS]);
+++	len = os_strlen(pos);
+++	if (len & 0x01)
+++			return UBUS_STATUS_INVALID_ARGUMENT;
+++
+++	len /= 2;
+++	if (len == 0) {
+++		wpabuf_free(bss->vendor_elements);
+++		bss->vendor_elements = NULL;
+++		return 0;
+++	}
+++
+++	elems = wpabuf_alloc(len);
+++	if (elems == NULL)
+++		return 1;
+++
+++	if (hexstr2bin(pos, wpabuf_put(elems, len), len)) {
+++		wpabuf_free(elems);
+++		return UBUS_STATUS_INVALID_ARGUMENT;
+++	}
+++
+++	wpabuf_free(bss->vendor_elements);
+++	bss->vendor_elements = elems;
+ +
+ +	/* update beacons if vendor elements were set successfully */
+ +	if (ieee802_11_update_beacons(hapd->iface) != 0)
+@@ -558,7 +583,7 @@
+ @@ -0,0 +1,78 @@
+ +/*
+ + * hostapd / ubus support
+-+ * Copyright (c) 2013, Felix Fietkau <nbd@openwrt.org>
+++ * Copyright (c) 2013, Felix Fietkau <nbd@nbd.name>
+ + *
+ + * This software may be distributed under the terms of the BSD license.
+ + * See README for more details.
+@@ -636,7 +661,7 @@
+ +#endif
+ --- a/src/ap/hostapd.c
+ +++ b/src/ap/hostapd.c
+-@@ -277,6 +277,7 @@ static void hostapd_free_hapd_data(struc
++@@ -284,6 +284,7 @@ static void hostapd_free_hapd_data(struc
+  	hapd->started = 0;
+  
+  	wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface);
+@@ -644,7 +669,7 @@
+  	iapp_deinit(hapd->iapp);
+  	hapd->iapp = NULL;
+  	accounting_deinit(hapd);
+-@@ -1098,6 +1099,8 @@ static int hostapd_setup_bss(struct host
++@@ -1139,6 +1140,8 @@ static int hostapd_setup_bss(struct host
+  	if (hapd->driver && hapd->driver->set_operstate)
+  		hapd->driver->set_operstate(hapd->drv_priv, 1);
+  
+@@ -653,7 +678,7 @@
+  	return 0;
+  }
+  
+-@@ -1384,6 +1387,7 @@ int hostapd_setup_interface_complete(str
++@@ -1664,6 +1667,7 @@ static int hostapd_setup_interface_compl
+  	if (err)
+  		goto fail;
+  
+@@ -661,15 +686,15 @@
+  	wpa_printf(MSG_DEBUG, "Completing interface initialization");
+  	if (iface->conf->channel) {
+  #ifdef NEED_AP_MLME
+-@@ -1544,6 +1548,7 @@ dfs_offload:
++@@ -1844,6 +1848,7 @@ dfs_offload:
+  
+  fail:
+  	wpa_printf(MSG_ERROR, "Interface initialization failed");
+ +	hostapd_ubus_free_iface(iface);
+  	hostapd_set_state(iface, HAPD_IFACE_DISABLED);
+  	wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED);
+- 	if (iface->interfaces && iface->interfaces->terminate_on_error)
+-@@ -1873,6 +1878,7 @@ void hostapd_interface_deinit_free(struc
++ #ifdef CONFIG_FST
++@@ -2277,6 +2282,7 @@ void hostapd_interface_deinit_free(struc
+  		   (unsigned int) iface->conf->num_bss);
+  	driver = iface->bss[0]->driver;
+  	drv_priv = iface->bss[0]->drv_priv;
+@@ -679,7 +704,7 @@
+  		   __func__, driver, drv_priv);
+ --- a/src/ap/ieee802_11.c
+ +++ b/src/ap/ieee802_11.c
+-@@ -881,7 +881,8 @@ int auth_sae_init_committed(struct hosta
++@@ -980,7 +980,8 @@ int auth_sae_init_committed(struct hosta
+  
+  
+  static void handle_auth(struct hostapd_data *hapd,
+@@ -689,7 +714,7 @@
+  {
+  	u16 auth_alg, auth_transaction, status_code;
+  	u16 resp = WLAN_STATUS_SUCCESS;
+-@@ -897,6 +898,11 @@ static void handle_auth(struct hostapd_d
++@@ -996,6 +997,11 @@ static void handle_auth(struct hostapd_d
+  	char *identity = NULL;
+  	char *radius_cui = NULL;
+  	u16 seq_ctrl;
+@@ -699,9 +724,9 @@
+ +		.frame_info = fi,
+ +	};
+  
+- 	if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
+- 		wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
+-@@ -983,6 +989,14 @@ static void handle_auth(struct hostapd_d
++ 	os_memset(&vlan_id, 0, sizeof(vlan_id));
++ 
++@@ -1149,6 +1155,14 @@ static void handle_auth(struct hostapd_d
+  		resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+  		goto fail;
+  	}
+@@ -716,7 +741,7 @@
+  	if (res == HOSTAPD_ACL_PENDING) {
+  		wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR
+  			   " waiting for an external authentication",
+-@@ -1694,13 +1708,18 @@ static void send_assoc_resp(struct hosta
++@@ -2033,13 +2047,18 @@ static u16 send_assoc_resp(struct hostap
+  
+  static void handle_assoc(struct hostapd_data *hapd,
+  			 const struct ieee80211_mgmt *mgmt, size_t len,
+@@ -724,7 +749,7 @@
+ +			 int reassoc, struct hostapd_frame_info *fi)
+  {
+  	u16 capab_info, listen_interval, seq_ctrl, fc;
+- 	u16 resp = WLAN_STATUS_SUCCESS;
++ 	u16 resp = WLAN_STATUS_SUCCESS, reply_res;
+  	const u8 *pos;
+  	int left, i;
+  	struct sta_info *sta;
+@@ -736,9 +761,9 @@
+  
+  	if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
+  				      sizeof(mgmt->u.assoc_req))) {
+-@@ -1820,6 +1839,13 @@ static void handle_assoc(struct hostapd_
+- 		goto fail;
++@@ -2159,6 +2178,13 @@ static void handle_assoc(struct hostapd_
+  	}
++ #endif /* CONFIG_MBO */
+  
+ +	if (hostapd_ubus_handle_event(hapd, &req)) {
+ +		wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
+@@ -747,10 +772,10 @@
+ +		goto fail;
+ +	}
+ +
+- 	sta->capability = capab_info;
+- 	sta->listen_interval = listen_interval;
+- 
+-@@ -2236,7 +2262,7 @@ int ieee802_11_mgmt(struct hostapd_data
++ 	/*
++ 	 * sta->capability is used in check_assoc_ies() for RRM enabled
++ 	 * capability element.
++@@ -2639,7 +2665,7 @@ int ieee802_11_mgmt(struct hostapd_data
+  
+  
+  	if (stype == WLAN_FC_STYPE_PROBE_REQ) {
+@@ -759,7 +784,7 @@
+  		return 1;
+  	}
+  
+-@@ -2251,17 +2277,17 @@ int ieee802_11_mgmt(struct hostapd_data
++@@ -2657,17 +2683,17 @@ int ieee802_11_mgmt(struct hostapd_data
+  	switch (stype) {
+  	case WLAN_FC_STYPE_AUTH:
+  		wpa_printf(MSG_DEBUG, "mgmt::auth");
+@@ -782,7 +807,7 @@
+  	case WLAN_FC_STYPE_DISASSOC:
+ --- a/src/ap/beacon.c
+ +++ b/src/ap/beacon.c
+-@@ -542,7 +542,7 @@ static enum ssid_match_result ssid_match
++@@ -675,7 +675,7 @@ sta_track_seen_on(struct hostapd_iface *
+  
+  void handle_probe_req(struct hostapd_data *hapd,
+  		      const struct ieee80211_mgmt *mgmt, size_t len,
+@@ -791,22 +816,23 @@
+  {
+  	u8 *resp;
+  	struct ieee802_11_elems elems;
+-@@ -550,8 +550,14 @@ void handle_probe_req(struct hostapd_dat
+- 	size_t ie_len;
+- 	struct sta_info *sta = NULL;
++@@ -684,9 +684,15 @@ void handle_probe_req(struct hostapd_dat
+  	size_t i, resp_len;
+-+	int ssi_signal = fi->ssi_signal;
+  	int noack;
+  	enum ssid_match_result res;
+++	int ssi_signal = fi->ssi_signal;
++ 	int ret;
++ 	u16 csa_offs[2];
++ 	size_t csa_offs_len;
+ +	struct hostapd_ubus_request req = {
+ +		.type = HOSTAPD_UBUS_PROBE_REQ,
+ +		.mgmt_frame = mgmt,
+ +		.frame_info = fi,
+ +	};
+  
+- 	ie = mgmt->u.probe_req.variable;
+- 	if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.probe_req))
+-@@ -710,6 +716,12 @@ void handle_probe_req(struct hostapd_dat
++ 	if (len < IEEE80211_HDRLEN)
++ 		return;
++@@ -838,6 +844,12 @@ void handle_probe_req(struct hostapd_dat
+  	}
+  #endif /* CONFIG_P2P */
+  
+@@ -832,7 +858,7 @@
+  int ieee802_11_update_beacons(struct hostapd_iface *iface);
+ --- a/src/ap/drv_callbacks.c
+ +++ b/src/ap/drv_callbacks.c
+-@@ -49,6 +49,10 @@ int hostapd_notif_assoc(struct hostapd_d
++@@ -52,6 +52,10 @@ int hostapd_notif_assoc(struct hostapd_d
+  	u16 reason = WLAN_REASON_UNSPECIFIED;
+  	u16 status = WLAN_STATUS_SUCCESS;
+  	const u8 *p2p_dev_addr = NULL;
+@@ -843,9 +869,9 @@
+  
+  	if (addr == NULL) {
+  		/*
+-@@ -113,6 +117,12 @@ int hostapd_notif_assoc(struct hostapd_d
++@@ -124,6 +128,12 @@ int hostapd_notif_assoc(struct hostapd_d
++ 		goto fail;
+  	}
+- 	sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2);
+  
+ +	if (hostapd_ubus_handle_event(hapd, &req)) {
+ +		wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
 diff --git a/package/network/utils/iw/Makefile b/package/network/utils/iw/Makefile
 index ad82081..d17cbca 100644
 --- a/package/network/utils/iw/Makefile

patches/openwrt/0009-hostapd-prevent-channel-switch-for-5GHz.patch

@@ -8,15 +8,15 @@ adapter (they would lose their configuration).
 
 As a temporary fix, disable this channel switch function.
 
-diff --git a/package/network/services/hostapd/patches/470-no_channel_switch.patch b/package/network/services/hostapd/patches/470-no_channel_switch.patch
+diff --git a/package/network/services/hostapd/patches/900-no_channel_switch.patch b/package/network/services/hostapd/patches/900-no_channel_switch.patch
 new file mode 100644
-index 0000000..2eb1d7e
+index 0000000..c614515
 --- /dev/null
-+++ b/package/network/services/hostapd/patches/470-no_channel_switch.patch
++++ b/package/network/services/hostapd/patches/900-no_channel_switch.patch
 @@ -0,0 +1,68 @@
 +--- a/src/common/hw_features_common.c
 ++++ b/src/common/hw_features_common.c
-+@@ -172,7 +172,6 @@ int check_40mhz_5g(struct hostapd_hw_mod
++@@ -171,7 +171,6 @@ int check_40mhz_5g(struct hostapd_hw_mod
 + 		   struct wpa_scan_results *scan_res, int pri_chan,
 + 		   int sec_chan)
 + {
@@ -24,8 +24,8 @@ index 0000000..2eb1d7e
 + 	int bss_pri_chan, bss_sec_chan;
 + 	size_t i;
 + 	int match;
-+@@ -183,57 +182,6 @@ int check_40mhz_5g(struct hostapd_hw_mod
-+ 	if (pri_chan == sec_chan)
++@@ -180,57 +179,6 @@ int check_40mhz_5g(struct hostapd_hw_mod
++ 	    pri_chan == sec_chan)
 + 		return 0;
 + 
 +-	pri_freq = hw_get_freq(mode, pri_chan);