From 89279d87c5d3e0ea330be1f927e3f3bc59dbc2a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=81LI=20G=C3=A1bor=20J=C3=A1nos?= <pali.gabor@gmail.com>
Date: Thu, 3 Aug 2023 10:10:44 +0200
Subject: Update to Linux 6.1 and Alpine 3.18

- Update base-layout to 3.4.3
- Update busybox to 1.36.1
- Update iptables to 1.8.9
- Update linux-lts to 6.1.53
- Update to openrc to 0.48
- Update rtl8821ce to snapshot of 20230915
- Replace rtwB88 with a third-party driver
- Update rtw89 to snapshot of 20230913
- Import wpa_supplicant fixes from Arch Linux
---
 ...ard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch | 56 ++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 aports/wpa_supplicant/0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch

(limited to 'aports/wpa_supplicant/0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch')

diff --git a/aports/wpa_supplicant/0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch b/aports/wpa_supplicant/0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
new file mode 100644
index 0000000..6509bcd
--- /dev/null
+++ b/aports/wpa_supplicant/0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
@@ -0,0 +1,56 @@
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Mon, 4 Apr 2022 09:13:12 +0200
+Subject: AP: guard FT-SAE code with CONFIG_IEEE80211R_AP
+
+wpa_supplicant doesn't support FT in AP mode, but it still negotiates
+FT-SAE. This can lead to an authentication failure when the AP is
+started with key_mgmt="SAE FT-SAE" and the STA supports both.
+
+Ensure that FT-SAE is not negotiated when CONFIG_IEEE80211R_AP is not
+defined.
+
+Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
+---
+ src/ap/wpa_auth_ie.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
+index 524922e..d63cbeb 100644
+--- a/src/ap/wpa_auth_ie.c
++++ b/src/ap/wpa_auth_ie.c
+@@ -228,11 +228,13 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
+ 		pos += RSN_SELECTOR_LEN;
+ 		num_suites++;
+ 	}
++#ifdef CONFIG_IEEE80211R_AP
+ 	if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) {
+ 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
+ 		pos += RSN_SELECTOR_LEN;
+ 		num_suites++;
+ 	}
++#endif /* CONFIG_IEEE80211R_AP */
+ #endif /* CONFIG_SAE */
+ 	if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
+ 		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B);
+@@ -670,8 +672,10 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
+ #ifdef CONFIG_SAE
+ 		else if (data.key_mgmt & WPA_KEY_MGMT_SAE)
+ 			selector = RSN_AUTH_KEY_MGMT_SAE;
++#ifdef CONFIG_IEEE80211R_AP
+ 		else if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE)
+ 			selector = RSN_AUTH_KEY_MGMT_FT_SAE;
++#endif /* CONFIG_IEEE80211R_AP */
+ #endif /* CONFIG_SAE */
+ 		else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
+ 			selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
+@@ -778,8 +782,10 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
+ #ifdef CONFIG_SAE
+ 	else if (key_mgmt & WPA_KEY_MGMT_SAE)
+ 		sm->wpa_key_mgmt = WPA_KEY_MGMT_SAE;
++#ifdef CONFIG_IEEE80211R_AP
+ 	else if (key_mgmt & WPA_KEY_MGMT_FT_SAE)
+ 		sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_SAE;
++#endif /* CONFIG_IEEE80211R_AP */
+ #endif /* CONFIG_SAE */
+ 	else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
+ 		sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
-- 
cgit v1.2.3