[PR PATCH] wpa_supplicant: update to 2.11

[PR PATCH] wpa_supplicant: update to 2.11

[dkwo]

[-- Attachment #1: Type: text/plain, Size: 415 bytes --]

There is a new pull request by dkwo against master on the void-packages repository

https://github.com/dkwo/void-packages wpa_s
https://github.com/void-linux/void-packages/pull/51362

wpa_supplicant: update to 2.11
- I tested the changes in this PR: yes
- I built this PR locally for my native architecture, (x86_64-glibc)

A patch file from https://github.com/void-linux/void-packages/pull/51362.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-wpa_s-51362.patch --]
[-- Type: text/x-diff, Size: 19809 bytes --]

From 89dbbf51f2cacf49a1b8b3b2e8d443ac6a24c4e1 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Thu, 15 Feb 2024 11:54:25 -0500
Subject: [PATCH] wpa_supplicant: update to 2.11

---
 srcpkgs/wpa_supplicant/files/config           |  53 ++++
 .../wpa_supplicant/patches/4way-hand.patch    | 247 ------------------
 .../patches/SAE_external_database.patch       | 182 -------------
 srcpkgs/wpa_supplicant/template               |  15 +-
 4 files changed, 61 insertions(+), 436 deletions(-)
 delete mode 100644 srcpkgs/wpa_supplicant/patches/4way-hand.patch
 delete mode 100644 srcpkgs/wpa_supplicant/patches/SAE_external_database.patch

diff --git a/srcpkgs/wpa_supplicant/files/config b/srcpkgs/wpa_supplicant/files/config
index 7a61cf87a769e6..743c68504c9315 100644
--- a/srcpkgs/wpa_supplicant/files/config
+++ b/srcpkgs/wpa_supplicant/files/config
@@ -101,6 +101,9 @@ CONFIG_EAP_MSCHAPV2=y
 
 # EAP-TLS
 CONFIG_EAP_TLS=y
+# Enable EAP-TLSv1.3 support by default (currently disabled unless explicitly
+# enabled in network configuration)
+CONFIG_EAP_TLSV1_3=y
 
 # EAL-PEAP
 CONFIG_EAP_PEAP=y
@@ -203,9 +206,15 @@ CONFIG_SMARTCARD=y
 # Support VHT overrides (disable VHT, mask MCS rates, etc.)
 #CONFIG_VHT_OVERRIDES=y
 
+# Support HE overrides
+#CONFIG_HE_OVERRIDES=y
+
 # Development testing
 #CONFIG_EAPOL_TEST=y
 
+# Support IPv6
+CONFIG_IPV6=y
+
 # Select control interface backend for external programs, e.g, wpa_cli:
 # unix = UNIX domain sockets (default for Linux/*BSD)
 # udp = UDP sockets using localhost (127.0.0.1)
@@ -248,6 +257,9 @@ CONFIG_WPA_CLI_EDIT=y
 # Simultaneous Authentication of Equals (SAE), WPA3-Personal
 CONFIG_SAE=y
 
+# SAE Public Key, WPA3-Personal
+CONFIG_SAE_PK=y
+
 # Disable scan result processing (ap_scan=1) to save code size by about 1 kB.
 # This can be used if ap_scan=1 mode is never enabled.
 #CONFIG_NO_SCAN_PROCESSING=y
@@ -389,6 +401,22 @@ CONFIG_CTRL_IFACE_DBUS_INTRO=y
 # amount of memory/flash.
 #CONFIG_DYNAMIC_EAP_METHODS=y
 
+# Dynamic library loading
+
+# Add the ability to configure libraries to load at compile time.
+# If set, these disable dynamic configuration.
+#CONFIG_PKCS11_ENGINE_PATH - pkcs11_engine library location.
+#CONFIG_PKCS11_MODULE_PATH - pkcs11_module library location.
+#CONFIG_OPENSC_ENGINE_PATH - opensc_engine library location.
+#
+# Prevent library loading at runtime
+#CONFIG_NO_PKCS11_ENGINE_PATH=y # prevents loading pkcs11_engine library.
+#CONFIG_NO_PKCS11_MODULE_PATH=y # prevents loading pkcs11_module library.
+# CONFIG_NO_OPENSC_ENGINE_PATH=y # prevents loading opensc_engine library.
+
+# Prevents loading EAP libraries at runtime
+#CONFIG_NO_LOAD_DYNAMIC_EAP=y
+
 # IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
 CONFIG_IEEE80211R=y
 
@@ -474,6 +502,16 @@ CONFIG_GETRANDOM=y
 # IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
 CONFIG_IEEE80211AC=y
 
+# IEEE 802.11ax HE support (mainly for AP mode)
+CONFIG_IEEE80211AX=y
+
+# IEEE 802.11be EHT support (mainly for AP mode)
+# CONFIG_IEEE80211AX is mandatory for setting CONFIG_IEEE80211BE.
+# Note: This is experimental and work in progress. The definitions are still
+# subject to change and this should not be expected to interoperate with the
+# final IEEE 802.11be version.
+#CONFIG_IEEE80211BE=y
+
 # Wireless Network Management (IEEE Std 802.11v-2011)
 # Note: This is experimental and not complete implementation.
 #CONFIG_WNM=y
@@ -633,3 +671,18 @@ CONFIG_WEP=y
 # design is still subject to change. As such, this should not yet be enabled in
 # production use.
 #CONFIG_PASN=y
+
+# Disable support for Radio Measurement (IEEE 802.11k) and supported operating
+# class indication. Removing these is not recommended since they can help the
+# AP manage the network and STA steering.
+#CONFIG_NO_RRM=y
+
+# Disable support for Robust AV streaming for consumer and enterprise Wi-Fi
+# applications; IEEE Std 802.11-2020, 4.3.24; SCS, MSCS, QoS Management
+#CONFIG_NO_ROBUST_AV=y
+
+# Disable support for WMM admission control
+#CONFIG_NO_WMM_AC=y
+
+# Wi-Fi Aware unsynchronized service discovery (NAN USD)
+#CONFIG_NAN_USD=y
diff --git a/srcpkgs/wpa_supplicant/patches/4way-hand.patch b/srcpkgs/wpa_supplicant/patches/4way-hand.patch
deleted file mode 100644
index d2baa8a839aac1..00000000000000
--- a/srcpkgs/wpa_supplicant/patches/4way-hand.patch
+++ /dev/null
@@ -1,247 +0,0 @@
-From 023c17659786fe381312f154cf06663f1cb3607c Mon Sep 17 00:00:00 2001
-From: Ben Wolsieffer <benwolsieffer@gmail.com>
-Date: Tue, 23 Aug 2022 21:34:55 -0400
-Subject: [PATCH] Fix external passwords with 4-way handshake offloading
-
-Passphrases/PSKs from external password databases were ignored if 4-way
-handshake offloading was supported by the driver. This patch splits the PSK
-loading functionality into a separate function and calls if to get the PSK for
-handshake offloading.
-
-I tested connecting to a WPA2-PSK network with both inline and external
-passphrases, using the iwlwifi and brcmfmac drivers.
-
-Signed-off-by: Ben Wolsieffer <benwolsieffer@gmail.com>
----
- wpa_supplicant/wpa_supplicant.c | 184 +++++++++++++++++---------------
- 1 file changed, 95 insertions(+), 89 deletions(-)
-
-diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
-index d37a994f9..bb063380f 100644
---- a/wpa_supplicant/wpa_supplicant.c
-+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -1337,6 +1337,88 @@ void wpas_set_mgmt_group_cipher(struct wpa_supplicant *wpa_s,
- 			 wpas_get_ssid_pmf(wpa_s, ssid));
- }
- 
-+static int wpa_supplicant_get_psk(struct wpa_supplicant *wpa_s,
-+				  struct wpa_bss *bss, struct wpa_ssid *ssid,
-+				  u8 *psk)
-+{
-+        if (ssid->psk_set) {
-+		wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)", ssid->psk,
-+				PMK_LEN);
-+		os_memcpy(psk, ssid->psk, PMK_LEN);
-+		return 0;
-+	}
-+
-+#ifndef CONFIG_NO_PBKDF2
-+	if (bss && ssid->bssid_set && ssid->ssid_len == 0 && ssid->passphrase) {
-+	        pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len, 4096,
-+			    psk, PMK_LEN);
-+	        wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)", psk,
-+				PMK_LEN);
-+                return 0;
-+	}
-+#endif /* CONFIG_NO_PBKDF2 */
-+
-+#ifdef CONFIG_EXT_PASSWORD
-+	if (ssid->ext_psk) {
-+		struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
-+						     ssid->ext_psk);
-+		char pw_str[64 + 1];
-+
-+		if (pw == NULL) {
-+			wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK found from "
-+				"external storage");
-+			return -1;
-+		}
-+
-+		if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
-+			wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected PSK "
-+				"length %d in external storage",
-+				(int) wpabuf_len(pw));
-+			ext_password_free(pw);
-+			return -1;
-+		}
-+
-+		os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
-+		pw_str[wpabuf_len(pw)] = '\0';
-+
-+#ifndef CONFIG_NO_PBKDF2
-+		if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
-+		{
-+			pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len, 4096, psk,
-+				    PMK_LEN);
-+			os_memset(pw_str, 0, sizeof(pw_str));
-+			wpa_hexdump_key(MSG_MSGDUMP, "PSK (from external "
-+					"passphrase)",
-+					psk, PMK_LEN);
-+		} else
-+#endif /* CONFIG_NO_PBKDF2 */
-+		if (wpabuf_len(pw) == 2 * PMK_LEN) {
-+			if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
-+				wpa_msg(wpa_s, MSG_INFO, "EXT PW: Invalid PSK "
-+					"hex string");
-+				os_memset(pw_str, 0, sizeof(pw_str));
-+				ext_password_free(pw);
-+				return -1;
-+			}
-+			wpa_hexdump_key(MSG_MSGDUMP, "PSK (from external PSK)",
-+					psk, PMK_LEN);
-+		} else {
-+			wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable PSK "
-+				"available");
-+			os_memset(pw_str, 0, sizeof(pw_str));
-+			ext_password_free(pw);
-+			return -1;
-+		}
-+
-+		os_memset(pw_str, 0, sizeof(pw_str));
-+		ext_password_free(pw);
-+
-+		return 0;
-+	}
-+#endif /* CONFIG_EXT_PASSWORD */
-+
-+	return -1;
-+}
- 
- /**
-  * wpa_supplicant_set_suites - Set authentication and encryption parameters
-@@ -1756,97 +1838,20 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
- 					      WPA_KEY_MGMT_FT_PSK |
- 					      WPA_KEY_MGMT_PSK_SHA256)) == 0;
- 
--		if (ssid->psk_set && !sae_only) {
--			wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)",
--					ssid->psk, PMK_LEN);
--			wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL,
--				       NULL);
--			psk_set = 1;
--		}
--
--		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
--		    (ssid->sae_password || ssid->passphrase))
--			psk_set = 1;
--
--#ifndef CONFIG_NO_PBKDF2
--		if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
--		    ssid->passphrase && !sae_only) {
-+		if (!sae_only) {
- 			u8 psk[PMK_LEN];
--		        pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
--				    4096, psk, PMK_LEN);
--		        wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
--					psk, PMK_LEN);
--			wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
--			psk_set = 1;
--			os_memset(psk, 0, sizeof(psk));
--		}
--#endif /* CONFIG_NO_PBKDF2 */
--#ifdef CONFIG_EXT_PASSWORD
--		if (ssid->ext_psk && !sae_only) {
--			struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
--							     ssid->ext_psk);
--			char pw_str[64 + 1];
--			u8 psk[PMK_LEN];
--
--			if (pw == NULL) {
--				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
--					"found from external storage");
--				return -1;
--			}
--
--			if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
--				wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
--					"PSK length %d in external storage",
--					(int) wpabuf_len(pw));
--				ext_password_free(pw);
--				return -1;
--			}
--
--			os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
--			pw_str[wpabuf_len(pw)] = '\0';
--
--#ifndef CONFIG_NO_PBKDF2
--			if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
--			{
--				pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
--					    4096, psk, PMK_LEN);
--				os_memset(pw_str, 0, sizeof(pw_str));
--				wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
--						"external passphrase)",
--						psk, PMK_LEN);
--				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
--					       NULL);
--				psk_set = 1;
--				os_memset(psk, 0, sizeof(psk));
--			} else
--#endif /* CONFIG_NO_PBKDF2 */
--			if (wpabuf_len(pw) == 2 * PMK_LEN) {
--				if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
--					wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
--						"Invalid PSK hex string");
--					os_memset(pw_str, 0, sizeof(pw_str));
--					ext_password_free(pw);
--					return -1;
--				}
--				wpa_hexdump_key(MSG_MSGDUMP,
--						"PSK (from external PSK)",
--						psk, PMK_LEN);
-+			if (wpa_supplicant_get_psk(wpa_s, bss, ssid,
-+						   psk) >= 0) {
- 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
- 					       NULL);
- 				psk_set = 1;
--				os_memset(psk, 0, sizeof(psk));
--			} else {
--				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
--					"PSK available");
--				os_memset(pw_str, 0, sizeof(pw_str));
--				ext_password_free(pw);
--				return -1;
- 			}
--
--			os_memset(pw_str, 0, sizeof(pw_str));
--			ext_password_free(pw);
-+			os_memset(psk, 0, sizeof(psk));
- 		}
--#endif /* CONFIG_EXT_PASSWORD */
-+
-+		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
-+		    (ssid->sae_password || ssid->passphrase))
-+			psk_set = 1;
- 
- 		if (!psk_set) {
- 			wpa_msg(wpa_s, MSG_INFO,
-@@ -3606,6 +3611,7 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
- 	int use_crypt, ret, bssid_changed;
- 	unsigned int cipher_pairwise, cipher_group, cipher_group_mgmt;
- 	struct wpa_driver_associate_params params;
-+	u8 psk[PMK_LEN];
- #if defined(CONFIG_WEP) || defined(IEEE8021X_EAPOL)
- 	int wep_keys_set = 0;
- #endif /* CONFIG_WEP || IEEE8021X_EAPOL */
-@@ -3890,8 +3896,8 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
- 	    (params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
- 	     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
- 		params.passphrase = ssid->passphrase;
--		if (ssid->psk_set)
--			params.psk = ssid->psk;
-+		if (wpa_supplicant_get_psk(wpa_s, bss, ssid, psk) >= 0)
-+			params.psk = psk;
- 	}
- 
- 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
-@@ -3915,8 +3921,8 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
- 		if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
- 		     params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
- 		     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
--		    ssid->psk_set)
--			params.psk = ssid->psk;
-+		    wpa_supplicant_get_psk(wpa_s, bss, ssid, psk) >= 0)
-+			params.psk = psk;
- 	}
- 
- 	params.drop_unencrypted = use_crypt;
diff --git a/srcpkgs/wpa_supplicant/patches/SAE_external_database.patch b/srcpkgs/wpa_supplicant/patches/SAE_external_database.patch
deleted file mode 100644
index b3ed31f58eb1a4..00000000000000
--- a/srcpkgs/wpa_supplicant/patches/SAE_external_database.patch
+++ /dev/null
@@ -1,182 +0,0 @@
-From bdc35acd5abae45bd53e3117bfc673fc0e1ab0b9 Mon Sep 17 00:00:00 2001
-From: Ben Wolsieffer <benwolsieffer@gmail.com>
-Date: Sat, 17 Sep 2022 00:21:02 -0400
-Subject: SAE: Allow loading of the password from an external database
-
-There was no support for loading SAE passwords from an external password
-database.
-
-Signed-off-by: Ben Wolsieffer <benwolsieffer@gmail.com>
----
- wpa_supplicant/sme.c            | 65 ++++++++++++++++++++++++++++++++---------
- wpa_supplicant/wpa_supplicant.c |  2 +-
- 2 files changed, 53 insertions(+), 14 deletions(-)
-
-diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
-index 52861c805..28ac03f23 100644
---- a/wpa_supplicant/sme.c
-+++ b/wpa_supplicant/sme.c
-@@ -10,6 +10,7 @@
- 
- #include "common.h"
- #include "utils/eloop.h"
-+#include "utils/ext_password.h"
- #include "common/ieee802_11_defs.h"
- #include "common/ieee802_11_common.h"
- #include "common/ocv.h"
-@@ -90,7 +91,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- {
- 	struct wpabuf *buf;
- 	size_t len;
--	const char *password;
-+	char *password = NULL;
- 	struct wpa_bss *bss;
- 	int use_pt = 0;
- 	bool use_pk = false;
-@@ -106,7 +107,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 		wpa_printf(MSG_DEBUG, "SAE: TESTING - commit override");
- 		buf = wpabuf_alloc(4 + wpabuf_len(wpa_s->sae_commit_override));
- 		if (!buf)
--			return NULL;
-+			goto fail;
- 		if (!external) {
- 			wpabuf_put_le16(buf, 1); /* Transaction seq# */
- 			wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
-@@ -116,12 +117,45 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 	}
- #endif /* CONFIG_TESTING_OPTIONS */
- 
--	password = ssid->sae_password;
--	if (!password)
--		password = ssid->passphrase;
-+	if (ssid->sae_password) {
-+		password = os_strdup(ssid->sae_password);
-+		if (!password) {
-+			wpa_dbg(wpa_s, MSG_INFO,
-+				"SAE: Failed to allocate password");
-+			goto fail;
-+		}
-+	}
-+	if (!password && ssid->passphrase) {
-+		password = os_strdup(ssid->passphrase);
-+		if (!password) {
-+			wpa_dbg(wpa_s, MSG_INFO,
-+				"SAE: Failed to allocate password");
-+			goto fail;
-+		}
-+	}
-+	if (!password && ssid->ext_psk) {
-+		struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
-+						     ssid->ext_psk);
-+
-+		if (!pw) {
-+			wpa_msg(wpa_s, MSG_INFO,
-+				"SAE: No password found from external storage");
-+			goto fail;
-+		}
-+
-+		password = os_malloc(wpabuf_len(pw) + 1);
-+		if (!password) {
-+			wpa_dbg(wpa_s, MSG_INFO,
-+				"SAE: Failed to allocate password");
-+			goto fail;
-+		}
-+		os_memcpy(password, wpabuf_head(pw), wpabuf_len(pw));
-+		password[wpabuf_len(pw)] = '\0';
-+		ext_password_free(pw);
-+	}
- 	if (!password) {
- 		wpa_printf(MSG_DEBUG, "SAE: No password available");
--		return NULL;
-+		goto fail;
- 	}
- 
- 	if (reuse && wpa_s->sme.sae.tmp &&
-@@ -134,7 +168,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 	}
- 	if (sme_set_sae_group(wpa_s) < 0) {
- 		wpa_printf(MSG_DEBUG, "SAE: Failed to select group");
--		return NULL;
-+		goto fail;
- 	}
- 
- 	bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
-@@ -171,7 +205,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 	if (ssid->sae_pk == SAE_PK_MODE_ONLY && !use_pk) {
- 		wpa_printf(MSG_DEBUG,
- 			   "SAE: Cannot use PK with the selected AP");
--		return NULL;
-+		goto fail;
- 	}
- #endif /* CONFIG_SAE_PK */
- 
-@@ -184,7 +218,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 		    !use_pt) {
- 			wpa_printf(MSG_DEBUG,
- 				   "SAE: Cannot use H2E with the selected AP");
--			return NULL;
-+			goto fail;
- 		}
- 	}
- 
-@@ -192,13 +226,13 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 	    sae_prepare_commit_pt(&wpa_s->sme.sae, ssid->pt,
- 				  wpa_s->own_addr, bssid,
- 				  wpa_s->sme.sae_rejected_groups, NULL) < 0)
--		return NULL;
-+		goto fail;
- 	if (!use_pt &&
- 	    sae_prepare_commit(wpa_s->own_addr, bssid,
- 			       (u8 *) password, os_strlen(password),
- 			       &wpa_s->sme.sae) < 0) {
- 		wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
--		return NULL;
-+		goto fail;
- 	}
- 	if (wpa_s->sme.sae.tmp) {
- 		os_memcpy(wpa_s->sme.sae.tmp->bssid, bssid, ETH_ALEN);
-@@ -218,7 +252,7 @@ reuse_data:
- 		len += 4 + os_strlen(ssid->sae_password_id);
- 	buf = wpabuf_alloc(4 + SAE_COMMIT_MAX_LEN + len);
- 	if (buf == NULL)
--		return NULL;
-+		goto fail;
- 	if (!external) {
- 		wpabuf_put_le16(buf, 1); /* Transaction seq# */
- 		if (use_pk)
-@@ -231,14 +265,19 @@ reuse_data:
- 	if (sae_write_commit(&wpa_s->sme.sae, buf, wpa_s->sme.sae_token,
- 			     ssid->sae_password_id) < 0) {
- 		wpabuf_free(buf);
--		return NULL;
-+		goto fail;
- 	}
- 	if (ret_use_pt)
- 		*ret_use_pt = use_pt;
- 	if (ret_use_pk)
- 		*ret_use_pk = use_pk;
- 
-+	str_clear_free(password);
- 	return buf;
-+
-+fail:
-+	str_clear_free(password);
-+	return NULL;
- }
- 
- 
-diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
-index 54c3c859e..ef5d0cd71 100644
---- a/wpa_supplicant/wpa_supplicant.c
-+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -1998,7 +1998,7 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
- 		}
- 
- 		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
--		    (ssid->sae_password || ssid->passphrase))
-+		    (ssid->sae_password || ssid->passphrase || ssid->ext_psk))
- 			psk_set = 1;
- 
- 		if (!psk_set) {
--- 
-cgit v1.2.3-18-g5258
diff --git a/srcpkgs/wpa_supplicant/template b/srcpkgs/wpa_supplicant/template
index 63a346320597da..5294519d3a9a3e 100644
--- a/srcpkgs/wpa_supplicant/template
+++ b/srcpkgs/wpa_supplicant/template
@@ -1,17 +1,16 @@
 # Template file for 'wpa_supplicant'
 pkgname=wpa_supplicant
-version=2.10
-revision=5
-build_wrksrc="$pkgname"
+version=2.11
+revision=1
+build_wrksrc="${pkgname}"
+hostmakedepends="pkg-config"
+makedepends="libnl3-devel openssl-devel $(vopt_if dbus dbus-devel) $(vopt_if readline readline-devel)"
 short_desc="WPA/WPA2/IEEE 802.1X Supplicant"
 maintainer="Enno Boland <gottox@voidlinux.org>"
 license="BSD-3-Clause"
 homepage="http://w1.fi/wpa_supplicant/"
 distfiles="http://w1.fi/releases/${pkgname}-${version}.tar.gz"
-checksum=20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f
-
-hostmakedepends="pkg-config"
-makedepends="libnl3-devel openssl-devel $(vopt_if dbus dbus-devel) $(vopt_if readline readline-devel)"
+checksum=912ea06f74e30a8e36fbb68064d6cdff218d8d591db0fc5d75dee6c81ac7fc0a
 build_options="dbus readline"
 build_options_default="dbus readline"
 conf_files="/etc/${pkgname}/${pkgname}.conf"
@@ -31,10 +30,12 @@ pre_build() {
 		vsed -i -e 's|#\{0,1\}\(CONFIG_READLINE\)=\(.*\)|\1=y|' .config
 	fi
 }
+
 do_build() {
 	export CFLAGS+=" $(pkg-config --cflags libnl-3.0) $CPPFLAGS"
 	make ${makejobs} V=1 PREFIX=/usr BINDIR=/usr/bin
 }
+
 do_install() {
 	make PREFIX=/usr BINDIR=/usr/bin DESTDIR=${DESTDIR} install
 

Re: wpa_supplicant: update to 2.11

[Eloitor]

[-- Attachment #1: Type: text/plain, Size: 343 bytes --]

New comment by Eloitor on void-packages repository

https://github.com/void-linux/void-packages/pull/51362#issuecomment-2259946392

Comment:
It seems that there are some issues with 2.11:
- https://www.lorenzobettini.it/2024/07/downgrading-packages-in-arch-linux-arm/
- https://forum.pine64.org/showthread.php?tid=19368&pid=122855#pid122855

Re: wpa_supplicant: update to 2.11

[dkwo]

[-- Attachment #1: Type: text/plain, Size: 328 bytes --]

New comment by dkwo on void-packages repository

https://github.com/void-linux/void-packages/pull/51362#issuecomment-2260524410

Comment:
@Eloitor is this specific to pinebook? has it been reported upstream?

I've been running this for more than a week, tested with different networks (including eduroam) and had zero issues.

Re: wpa_supplicant: update to 2.11

[Eloitor]

[-- Attachment #1: Type: text/plain, Size: 286 bytes --]

New comment by Eloitor on void-packages repository

https://github.com/void-linux/void-packages/pull/51362#issuecomment-2260596676

Comment:
I don't know, I don't own one. 
It seems it also afects Broadcom Wireless BCM4331: https://bbs.archlinux.org/viewtopic.php?pid=2186121#p2186121

Re: wpa_supplicant: update to 2.11

[dkwo]

[-- Attachment #1: Type: text/plain, Size: 223 bytes --]

New comment by dkwo on void-packages repository

https://github.com/void-linux/void-packages/pull/51362#issuecomment-2260787093

Comment:
hmm, so it may be the `brcmfmac` driver. I wonder if this breaks in asahi linux too.

Re: wpa_supplicant: update to 2.11

[dkwo]

[-- Attachment #1: Type: text/plain, Size: 271 bytes --]

New comment by dkwo on void-packages repository

https://github.com/void-linux/void-packages/pull/51362#issuecomment-2267442085

Comment:
apple silicon is also affected, see https://lore.kernel.org/asahi/20240803-brcmfmac_pmksa_del_ssid-v1-1-4e85f19135e1@jannau.net/T/#u

Re: wpa_supplicant: update to 2.11

[dkwo]

[-- Attachment #1: Type: text/plain, Size: 529 bytes --]

New comment by dkwo on void-packages repository

https://github.com/void-linux/void-packages/pull/51362#issuecomment-2281056562

Comment:
The problem with brcmfmac was identified by J.Grunau of asahi linux: they fixed it by reverting a commit breaking authentication on brcmfmac in wpa_supplicant (commit 41638606054a09867fe3f9a2b5523aa4678cbfa5). There's also a discussion to improve the upstream kernel driver, but quoting them 'A revert in wpa_supplicant might be still appropriate until exteded kernel drivers are deployed.'

Re: [PR PATCH] [Updated] wpa_supplicant: update to 2.11

[dkwo]

[-- Attachment #1: Type: text/plain, Size: 538 bytes --]

There is an updated pull request by dkwo against master on the void-packages repository

https://github.com/dkwo/void-packages wpa_s
https://github.com/void-linux/void-packages/pull/51362

wpa_supplicant: update to 2.11
- I tested the changes in this PR: yes
- I built this PR locally for my native architecture, (x86_64-glibc)

iwlwifi works fine; brcmfmac see discussion at http://lists.infradead.org/pipermail/hostap/2024-August/042893.html

A patch file from https://github.com/void-linux/void-packages/pull/51362.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-wpa_s-51362.patch --]
[-- Type: text/x-diff, Size: 22206 bytes --]

From 243858275dd8cda52920923179d0341ed03b7134 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Thu, 15 Feb 2024 11:54:25 -0500
Subject: [PATCH] wpa_supplicant: update to 2.11

---
 srcpkgs/wpa_supplicant/files/config           |  53 ++++
 .../wpa_supplicant/patches/4way-hand.patch    | 247 ------------------
 .../patches/SAE_external_database.patch       | 182 -------------
 .../brcmfmac-temporarily-revert-commit.patch  |  50 ++++
 srcpkgs/wpa_supplicant/template               |  15 +-
 5 files changed, 111 insertions(+), 436 deletions(-)
 delete mode 100644 srcpkgs/wpa_supplicant/patches/4way-hand.patch
 delete mode 100644 srcpkgs/wpa_supplicant/patches/SAE_external_database.patch
 create mode 100644 srcpkgs/wpa_supplicant/patches/brcmfmac-temporarily-revert-commit.patch

diff --git a/srcpkgs/wpa_supplicant/files/config b/srcpkgs/wpa_supplicant/files/config
index 7a61cf87a769e6..743c68504c9315 100644
--- a/srcpkgs/wpa_supplicant/files/config
+++ b/srcpkgs/wpa_supplicant/files/config
@@ -101,6 +101,9 @@ CONFIG_EAP_MSCHAPV2=y
 
 # EAP-TLS
 CONFIG_EAP_TLS=y
+# Enable EAP-TLSv1.3 support by default (currently disabled unless explicitly
+# enabled in network configuration)
+CONFIG_EAP_TLSV1_3=y
 
 # EAL-PEAP
 CONFIG_EAP_PEAP=y
@@ -203,9 +206,15 @@ CONFIG_SMARTCARD=y
 # Support VHT overrides (disable VHT, mask MCS rates, etc.)
 #CONFIG_VHT_OVERRIDES=y
 
+# Support HE overrides
+#CONFIG_HE_OVERRIDES=y
+
 # Development testing
 #CONFIG_EAPOL_TEST=y
 
+# Support IPv6
+CONFIG_IPV6=y
+
 # Select control interface backend for external programs, e.g, wpa_cli:
 # unix = UNIX domain sockets (default for Linux/*BSD)
 # udp = UDP sockets using localhost (127.0.0.1)
@@ -248,6 +257,9 @@ CONFIG_WPA_CLI_EDIT=y
 # Simultaneous Authentication of Equals (SAE), WPA3-Personal
 CONFIG_SAE=y
 
+# SAE Public Key, WPA3-Personal
+CONFIG_SAE_PK=y
+
 # Disable scan result processing (ap_scan=1) to save code size by about 1 kB.
 # This can be used if ap_scan=1 mode is never enabled.
 #CONFIG_NO_SCAN_PROCESSING=y
@@ -389,6 +401,22 @@ CONFIG_CTRL_IFACE_DBUS_INTRO=y
 # amount of memory/flash.
 #CONFIG_DYNAMIC_EAP_METHODS=y
 
+# Dynamic library loading
+
+# Add the ability to configure libraries to load at compile time.
+# If set, these disable dynamic configuration.
+#CONFIG_PKCS11_ENGINE_PATH - pkcs11_engine library location.
+#CONFIG_PKCS11_MODULE_PATH - pkcs11_module library location.
+#CONFIG_OPENSC_ENGINE_PATH - opensc_engine library location.
+#
+# Prevent library loading at runtime
+#CONFIG_NO_PKCS11_ENGINE_PATH=y # prevents loading pkcs11_engine library.
+#CONFIG_NO_PKCS11_MODULE_PATH=y # prevents loading pkcs11_module library.
+# CONFIG_NO_OPENSC_ENGINE_PATH=y # prevents loading opensc_engine library.
+
+# Prevents loading EAP libraries at runtime
+#CONFIG_NO_LOAD_DYNAMIC_EAP=y
+
 # IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
 CONFIG_IEEE80211R=y
 
@@ -474,6 +502,16 @@ CONFIG_GETRANDOM=y
 # IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
 CONFIG_IEEE80211AC=y
 
+# IEEE 802.11ax HE support (mainly for AP mode)
+CONFIG_IEEE80211AX=y
+
+# IEEE 802.11be EHT support (mainly for AP mode)
+# CONFIG_IEEE80211AX is mandatory for setting CONFIG_IEEE80211BE.
+# Note: This is experimental and work in progress. The definitions are still
+# subject to change and this should not be expected to interoperate with the
+# final IEEE 802.11be version.
+#CONFIG_IEEE80211BE=y
+
 # Wireless Network Management (IEEE Std 802.11v-2011)
 # Note: This is experimental and not complete implementation.
 #CONFIG_WNM=y
@@ -633,3 +671,18 @@ CONFIG_WEP=y
 # design is still subject to change. As such, this should not yet be enabled in
 # production use.
 #CONFIG_PASN=y
+
+# Disable support for Radio Measurement (IEEE 802.11k) and supported operating
+# class indication. Removing these is not recommended since they can help the
+# AP manage the network and STA steering.
+#CONFIG_NO_RRM=y
+
+# Disable support for Robust AV streaming for consumer and enterprise Wi-Fi
+# applications; IEEE Std 802.11-2020, 4.3.24; SCS, MSCS, QoS Management
+#CONFIG_NO_ROBUST_AV=y
+
+# Disable support for WMM admission control
+#CONFIG_NO_WMM_AC=y
+
+# Wi-Fi Aware unsynchronized service discovery (NAN USD)
+#CONFIG_NAN_USD=y
diff --git a/srcpkgs/wpa_supplicant/patches/4way-hand.patch b/srcpkgs/wpa_supplicant/patches/4way-hand.patch
deleted file mode 100644
index d2baa8a839aac1..00000000000000
--- a/srcpkgs/wpa_supplicant/patches/4way-hand.patch
+++ /dev/null
@@ -1,247 +0,0 @@
-From 023c17659786fe381312f154cf06663f1cb3607c Mon Sep 17 00:00:00 2001
-From: Ben Wolsieffer <benwolsieffer@gmail.com>
-Date: Tue, 23 Aug 2022 21:34:55 -0400
-Subject: [PATCH] Fix external passwords with 4-way handshake offloading
-
-Passphrases/PSKs from external password databases were ignored if 4-way
-handshake offloading was supported by the driver. This patch splits the PSK
-loading functionality into a separate function and calls if to get the PSK for
-handshake offloading.
-
-I tested connecting to a WPA2-PSK network with both inline and external
-passphrases, using the iwlwifi and brcmfmac drivers.
-
-Signed-off-by: Ben Wolsieffer <benwolsieffer@gmail.com>
----
- wpa_supplicant/wpa_supplicant.c | 184 +++++++++++++++++---------------
- 1 file changed, 95 insertions(+), 89 deletions(-)
-
-diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
-index d37a994f9..bb063380f 100644
---- a/wpa_supplicant/wpa_supplicant.c
-+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -1337,6 +1337,88 @@ void wpas_set_mgmt_group_cipher(struct wpa_supplicant *wpa_s,
- 			 wpas_get_ssid_pmf(wpa_s, ssid));
- }
- 
-+static int wpa_supplicant_get_psk(struct wpa_supplicant *wpa_s,
-+				  struct wpa_bss *bss, struct wpa_ssid *ssid,
-+				  u8 *psk)
-+{
-+        if (ssid->psk_set) {
-+		wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)", ssid->psk,
-+				PMK_LEN);
-+		os_memcpy(psk, ssid->psk, PMK_LEN);
-+		return 0;
-+	}
-+
-+#ifndef CONFIG_NO_PBKDF2
-+	if (bss && ssid->bssid_set && ssid->ssid_len == 0 && ssid->passphrase) {
-+	        pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len, 4096,
-+			    psk, PMK_LEN);
-+	        wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)", psk,
-+				PMK_LEN);
-+                return 0;
-+	}
-+#endif /* CONFIG_NO_PBKDF2 */
-+
-+#ifdef CONFIG_EXT_PASSWORD
-+	if (ssid->ext_psk) {
-+		struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
-+						     ssid->ext_psk);
-+		char pw_str[64 + 1];
-+
-+		if (pw == NULL) {
-+			wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK found from "
-+				"external storage");
-+			return -1;
-+		}
-+
-+		if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
-+			wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected PSK "
-+				"length %d in external storage",
-+				(int) wpabuf_len(pw));
-+			ext_password_free(pw);
-+			return -1;
-+		}
-+
-+		os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
-+		pw_str[wpabuf_len(pw)] = '\0';
-+
-+#ifndef CONFIG_NO_PBKDF2
-+		if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
-+		{
-+			pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len, 4096, psk,
-+				    PMK_LEN);
-+			os_memset(pw_str, 0, sizeof(pw_str));
-+			wpa_hexdump_key(MSG_MSGDUMP, "PSK (from external "
-+					"passphrase)",
-+					psk, PMK_LEN);
-+		} else
-+#endif /* CONFIG_NO_PBKDF2 */
-+		if (wpabuf_len(pw) == 2 * PMK_LEN) {
-+			if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
-+				wpa_msg(wpa_s, MSG_INFO, "EXT PW: Invalid PSK "
-+					"hex string");
-+				os_memset(pw_str, 0, sizeof(pw_str));
-+				ext_password_free(pw);
-+				return -1;
-+			}
-+			wpa_hexdump_key(MSG_MSGDUMP, "PSK (from external PSK)",
-+					psk, PMK_LEN);
-+		} else {
-+			wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable PSK "
-+				"available");
-+			os_memset(pw_str, 0, sizeof(pw_str));
-+			ext_password_free(pw);
-+			return -1;
-+		}
-+
-+		os_memset(pw_str, 0, sizeof(pw_str));
-+		ext_password_free(pw);
-+
-+		return 0;
-+	}
-+#endif /* CONFIG_EXT_PASSWORD */
-+
-+	return -1;
-+}
- 
- /**
-  * wpa_supplicant_set_suites - Set authentication and encryption parameters
-@@ -1756,97 +1838,20 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
- 					      WPA_KEY_MGMT_FT_PSK |
- 					      WPA_KEY_MGMT_PSK_SHA256)) == 0;
- 
--		if (ssid->psk_set && !sae_only) {
--			wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)",
--					ssid->psk, PMK_LEN);
--			wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL,
--				       NULL);
--			psk_set = 1;
--		}
--
--		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
--		    (ssid->sae_password || ssid->passphrase))
--			psk_set = 1;
--
--#ifndef CONFIG_NO_PBKDF2
--		if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
--		    ssid->passphrase && !sae_only) {
-+		if (!sae_only) {
- 			u8 psk[PMK_LEN];
--		        pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
--				    4096, psk, PMK_LEN);
--		        wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
--					psk, PMK_LEN);
--			wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
--			psk_set = 1;
--			os_memset(psk, 0, sizeof(psk));
--		}
--#endif /* CONFIG_NO_PBKDF2 */
--#ifdef CONFIG_EXT_PASSWORD
--		if (ssid->ext_psk && !sae_only) {
--			struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
--							     ssid->ext_psk);
--			char pw_str[64 + 1];
--			u8 psk[PMK_LEN];
--
--			if (pw == NULL) {
--				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
--					"found from external storage");
--				return -1;
--			}
--
--			if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
--				wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
--					"PSK length %d in external storage",
--					(int) wpabuf_len(pw));
--				ext_password_free(pw);
--				return -1;
--			}
--
--			os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
--			pw_str[wpabuf_len(pw)] = '\0';
--
--#ifndef CONFIG_NO_PBKDF2
--			if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
--			{
--				pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
--					    4096, psk, PMK_LEN);
--				os_memset(pw_str, 0, sizeof(pw_str));
--				wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
--						"external passphrase)",
--						psk, PMK_LEN);
--				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
--					       NULL);
--				psk_set = 1;
--				os_memset(psk, 0, sizeof(psk));
--			} else
--#endif /* CONFIG_NO_PBKDF2 */
--			if (wpabuf_len(pw) == 2 * PMK_LEN) {
--				if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
--					wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
--						"Invalid PSK hex string");
--					os_memset(pw_str, 0, sizeof(pw_str));
--					ext_password_free(pw);
--					return -1;
--				}
--				wpa_hexdump_key(MSG_MSGDUMP,
--						"PSK (from external PSK)",
--						psk, PMK_LEN);
-+			if (wpa_supplicant_get_psk(wpa_s, bss, ssid,
-+						   psk) >= 0) {
- 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
- 					       NULL);
- 				psk_set = 1;
--				os_memset(psk, 0, sizeof(psk));
--			} else {
--				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
--					"PSK available");
--				os_memset(pw_str, 0, sizeof(pw_str));
--				ext_password_free(pw);
--				return -1;
- 			}
--
--			os_memset(pw_str, 0, sizeof(pw_str));
--			ext_password_free(pw);
-+			os_memset(psk, 0, sizeof(psk));
- 		}
--#endif /* CONFIG_EXT_PASSWORD */
-+
-+		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
-+		    (ssid->sae_password || ssid->passphrase))
-+			psk_set = 1;
- 
- 		if (!psk_set) {
- 			wpa_msg(wpa_s, MSG_INFO,
-@@ -3606,6 +3611,7 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
- 	int use_crypt, ret, bssid_changed;
- 	unsigned int cipher_pairwise, cipher_group, cipher_group_mgmt;
- 	struct wpa_driver_associate_params params;
-+	u8 psk[PMK_LEN];
- #if defined(CONFIG_WEP) || defined(IEEE8021X_EAPOL)
- 	int wep_keys_set = 0;
- #endif /* CONFIG_WEP || IEEE8021X_EAPOL */
-@@ -3890,8 +3896,8 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
- 	    (params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
- 	     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
- 		params.passphrase = ssid->passphrase;
--		if (ssid->psk_set)
--			params.psk = ssid->psk;
-+		if (wpa_supplicant_get_psk(wpa_s, bss, ssid, psk) >= 0)
-+			params.psk = psk;
- 	}
- 
- 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
-@@ -3915,8 +3921,8 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
- 		if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
- 		     params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
- 		     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
--		    ssid->psk_set)
--			params.psk = ssid->psk;
-+		    wpa_supplicant_get_psk(wpa_s, bss, ssid, psk) >= 0)
-+			params.psk = psk;
- 	}
- 
- 	params.drop_unencrypted = use_crypt;
diff --git a/srcpkgs/wpa_supplicant/patches/SAE_external_database.patch b/srcpkgs/wpa_supplicant/patches/SAE_external_database.patch
deleted file mode 100644
index b3ed31f58eb1a4..00000000000000
--- a/srcpkgs/wpa_supplicant/patches/SAE_external_database.patch
+++ /dev/null
@@ -1,182 +0,0 @@
-From bdc35acd5abae45bd53e3117bfc673fc0e1ab0b9 Mon Sep 17 00:00:00 2001
-From: Ben Wolsieffer <benwolsieffer@gmail.com>
-Date: Sat, 17 Sep 2022 00:21:02 -0400
-Subject: SAE: Allow loading of the password from an external database
-
-There was no support for loading SAE passwords from an external password
-database.
-
-Signed-off-by: Ben Wolsieffer <benwolsieffer@gmail.com>
----
- wpa_supplicant/sme.c            | 65 ++++++++++++++++++++++++++++++++---------
- wpa_supplicant/wpa_supplicant.c |  2 +-
- 2 files changed, 53 insertions(+), 14 deletions(-)
-
-diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
-index 52861c805..28ac03f23 100644
---- a/wpa_supplicant/sme.c
-+++ b/wpa_supplicant/sme.c
-@@ -10,6 +10,7 @@
- 
- #include "common.h"
- #include "utils/eloop.h"
-+#include "utils/ext_password.h"
- #include "common/ieee802_11_defs.h"
- #include "common/ieee802_11_common.h"
- #include "common/ocv.h"
-@@ -90,7 +91,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- {
- 	struct wpabuf *buf;
- 	size_t len;
--	const char *password;
-+	char *password = NULL;
- 	struct wpa_bss *bss;
- 	int use_pt = 0;
- 	bool use_pk = false;
-@@ -106,7 +107,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 		wpa_printf(MSG_DEBUG, "SAE: TESTING - commit override");
- 		buf = wpabuf_alloc(4 + wpabuf_len(wpa_s->sae_commit_override));
- 		if (!buf)
--			return NULL;
-+			goto fail;
- 		if (!external) {
- 			wpabuf_put_le16(buf, 1); /* Transaction seq# */
- 			wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
-@@ -116,12 +117,45 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 	}
- #endif /* CONFIG_TESTING_OPTIONS */
- 
--	password = ssid->sae_password;
--	if (!password)
--		password = ssid->passphrase;
-+	if (ssid->sae_password) {
-+		password = os_strdup(ssid->sae_password);
-+		if (!password) {
-+			wpa_dbg(wpa_s, MSG_INFO,
-+				"SAE: Failed to allocate password");
-+			goto fail;
-+		}
-+	}
-+	if (!password && ssid->passphrase) {
-+		password = os_strdup(ssid->passphrase);
-+		if (!password) {
-+			wpa_dbg(wpa_s, MSG_INFO,
-+				"SAE: Failed to allocate password");
-+			goto fail;
-+		}
-+	}
-+	if (!password && ssid->ext_psk) {
-+		struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
-+						     ssid->ext_psk);
-+
-+		if (!pw) {
-+			wpa_msg(wpa_s, MSG_INFO,
-+				"SAE: No password found from external storage");
-+			goto fail;
-+		}
-+
-+		password = os_malloc(wpabuf_len(pw) + 1);
-+		if (!password) {
-+			wpa_dbg(wpa_s, MSG_INFO,
-+				"SAE: Failed to allocate password");
-+			goto fail;
-+		}
-+		os_memcpy(password, wpabuf_head(pw), wpabuf_len(pw));
-+		password[wpabuf_len(pw)] = '\0';
-+		ext_password_free(pw);
-+	}
- 	if (!password) {
- 		wpa_printf(MSG_DEBUG, "SAE: No password available");
--		return NULL;
-+		goto fail;
- 	}
- 
- 	if (reuse && wpa_s->sme.sae.tmp &&
-@@ -134,7 +168,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 	}
- 	if (sme_set_sae_group(wpa_s) < 0) {
- 		wpa_printf(MSG_DEBUG, "SAE: Failed to select group");
--		return NULL;
-+		goto fail;
- 	}
- 
- 	bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
-@@ -171,7 +205,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 	if (ssid->sae_pk == SAE_PK_MODE_ONLY && !use_pk) {
- 		wpa_printf(MSG_DEBUG,
- 			   "SAE: Cannot use PK with the selected AP");
--		return NULL;
-+		goto fail;
- 	}
- #endif /* CONFIG_SAE_PK */
- 
-@@ -184,7 +218,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 		    !use_pt) {
- 			wpa_printf(MSG_DEBUG,
- 				   "SAE: Cannot use H2E with the selected AP");
--			return NULL;
-+			goto fail;
- 		}
- 	}
- 
-@@ -192,13 +226,13 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 	    sae_prepare_commit_pt(&wpa_s->sme.sae, ssid->pt,
- 				  wpa_s->own_addr, bssid,
- 				  wpa_s->sme.sae_rejected_groups, NULL) < 0)
--		return NULL;
-+		goto fail;
- 	if (!use_pt &&
- 	    sae_prepare_commit(wpa_s->own_addr, bssid,
- 			       (u8 *) password, os_strlen(password),
- 			       &wpa_s->sme.sae) < 0) {
- 		wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
--		return NULL;
-+		goto fail;
- 	}
- 	if (wpa_s->sme.sae.tmp) {
- 		os_memcpy(wpa_s->sme.sae.tmp->bssid, bssid, ETH_ALEN);
-@@ -218,7 +252,7 @@ reuse_data:
- 		len += 4 + os_strlen(ssid->sae_password_id);
- 	buf = wpabuf_alloc(4 + SAE_COMMIT_MAX_LEN + len);
- 	if (buf == NULL)
--		return NULL;
-+		goto fail;
- 	if (!external) {
- 		wpabuf_put_le16(buf, 1); /* Transaction seq# */
- 		if (use_pk)
-@@ -231,14 +265,19 @@ reuse_data:
- 	if (sae_write_commit(&wpa_s->sme.sae, buf, wpa_s->sme.sae_token,
- 			     ssid->sae_password_id) < 0) {
- 		wpabuf_free(buf);
--		return NULL;
-+		goto fail;
- 	}
- 	if (ret_use_pt)
- 		*ret_use_pt = use_pt;
- 	if (ret_use_pk)
- 		*ret_use_pk = use_pk;
- 
-+	str_clear_free(password);
- 	return buf;
-+
-+fail:
-+	str_clear_free(password);
-+	return NULL;
- }
- 
- 
-diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
-index 54c3c859e..ef5d0cd71 100644
---- a/wpa_supplicant/wpa_supplicant.c
-+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -1998,7 +1998,7 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
- 		}
- 
- 		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
--		    (ssid->sae_password || ssid->passphrase))
-+		    (ssid->sae_password || ssid->passphrase || ssid->ext_psk))
- 			psk_set = 1;
- 
- 		if (!psk_set) {
--- 
-cgit v1.2.3-18-g5258
diff --git a/srcpkgs/wpa_supplicant/patches/brcmfmac-temporarily-revert-commit.patch b/srcpkgs/wpa_supplicant/patches/brcmfmac-temporarily-revert-commit.patch
new file mode 100644
index 00000000000000..b42cba1088ddd6
--- /dev/null
+++ b/srcpkgs/wpa_supplicant/patches/brcmfmac-temporarily-revert-commit.patch
@@ -0,0 +1,50 @@
+From 2514856652f9a393e505d542cb8f039f8bac10f5 Mon Sep 17 00:00:00 2001
+From: Janne Grunau <janne-fdr@jannau.net>
+Date: Sun, 4 Aug 2024 13:24:42 +0200
+Subject: [PATCH 1/1] Revert "Mark authorization completed on driver indication
+ during 4-way HS offload"
+
+This reverts commit 41638606054a09867fe3f9a2b5523aa4678cbfa5.
+---
+ wpa_supplicant/events.c | 25 ++++++++-----------------
+ 1 file changed, 8 insertions(+), 17 deletions(-)
+
+diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
+index 46e7cf1ab..7b3ef7205 100644
+--- a/wpa_supplicant/events.c
++++ b/wpa_supplicant/events.c
+@@ -4441,23 +4441,14 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
+ 		eapol_sm_notify_eap_success(wpa_s->eapol, true);
+ 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
+ 		   wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
+-		if (already_authorized) {
+-			/*
+-			 * We are done; the driver will take care of RSN 4-way
+-			 * handshake.
+-			 */
+-			wpa_supplicant_cancel_auth_timeout(wpa_s);
+-			wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
+-			eapol_sm_notify_portValid(wpa_s->eapol, true);
+-			eapol_sm_notify_eap_success(wpa_s->eapol, true);
+-		} else {
+-			/* Update port, WPA_COMPLETED state from the
+-			 * EVENT_PORT_AUTHORIZED handler when the driver is done
+-			 * with the 4-way handshake.
+-			 */
+-			wpa_msg(wpa_s, MSG_DEBUG,
+-				"ASSOC INFO: wait for driver port authorized indication");
+-		}
++		/*
++		 * We are done; the driver will take care of RSN 4-way
++		 * handshake.
++		 */
++		wpa_supplicant_cancel_auth_timeout(wpa_s);
++		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
++		eapol_sm_notify_portValid(wpa_s->eapol, true);
++		eapol_sm_notify_eap_success(wpa_s->eapol, true);
+ 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
+ 		   wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
+ 		/*
+-- 
+2.45.2
+
diff --git a/srcpkgs/wpa_supplicant/template b/srcpkgs/wpa_supplicant/template
index 63a346320597da..5294519d3a9a3e 100644
--- a/srcpkgs/wpa_supplicant/template
+++ b/srcpkgs/wpa_supplicant/template
@@ -1,17 +1,16 @@
 # Template file for 'wpa_supplicant'
 pkgname=wpa_supplicant
-version=2.10
-revision=5
-build_wrksrc="$pkgname"
+version=2.11
+revision=1
+build_wrksrc="${pkgname}"
+hostmakedepends="pkg-config"
+makedepends="libnl3-devel openssl-devel $(vopt_if dbus dbus-devel) $(vopt_if readline readline-devel)"
 short_desc="WPA/WPA2/IEEE 802.1X Supplicant"
 maintainer="Enno Boland <gottox@voidlinux.org>"
 license="BSD-3-Clause"
 homepage="http://w1.fi/wpa_supplicant/"
 distfiles="http://w1.fi/releases/${pkgname}-${version}.tar.gz"
-checksum=20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f
-
-hostmakedepends="pkg-config"
-makedepends="libnl3-devel openssl-devel $(vopt_if dbus dbus-devel) $(vopt_if readline readline-devel)"
+checksum=912ea06f74e30a8e36fbb68064d6cdff218d8d591db0fc5d75dee6c81ac7fc0a
 build_options="dbus readline"
 build_options_default="dbus readline"
 conf_files="/etc/${pkgname}/${pkgname}.conf"
@@ -31,10 +30,12 @@ pre_build() {
 		vsed -i -e 's|#\{0,1\}\(CONFIG_READLINE\)=\(.*\)|\1=y|' .config
 	fi
 }
+
 do_build() {
 	export CFLAGS+=" $(pkg-config --cflags libnl-3.0) $CPPFLAGS"
 	make ${makejobs} V=1 PREFIX=/usr BINDIR=/usr/bin
 }
+
 do_install() {
 	make PREFIX=/usr BINDIR=/usr/bin DESTDIR=${DESTDIR} install
 

Re: wpa_supplicant: update to 2.11

[dkwo]

[-- Attachment #1: Type: text/plain, Size: 268 bytes --]

New comment by dkwo on void-packages repository

https://github.com/void-linux/void-packages/pull/51362#issuecomment-2294816249

Comment:
Btw, it seems like the option `-s     Log output to syslog instead of stdout.` is wrong for the runit service: should we drop it?

Re: wpa_supplicant: update to 2.11

[dkwo]

[-- Attachment #1: Type: text/plain, Size: 210 bytes --]

New comment by dkwo on void-packages repository

https://github.com/void-linux/void-packages/pull/51362#issuecomment-2308784490

Comment:
This works with brcmfmac as well, at least with the asahi-linux kernel.

Re: wpa_supplicant: update to 2.11

[dkwo]

[-- Attachment #1: Type: text/plain, Size: 252 bytes --]

New comment by dkwo on void-packages repository

https://github.com/void-linux/void-packages/pull/51362#issuecomment-2324992845

Comment:
this should be now safe to merge.
the relevant kernle patch is also in 6.10.7
asahi linux kernel works as well.

Re: [PR PATCH] [Updated] wpa_supplicant: update to 2.11

[dkwo]

[-- Attachment #1: Type: text/plain, Size: 538 bytes --]

There is an updated pull request by dkwo against master on the void-packages repository

https://github.com/dkwo/void-packages wpa_s
https://github.com/void-linux/void-packages/pull/51362

wpa_supplicant: update to 2.11
- I tested the changes in this PR: yes
- I built this PR locally for my native architecture, (x86_64-glibc)

iwlwifi works fine; brcmfmac see discussion at http://lists.infradead.org/pipermail/hostap/2024-August/042893.html

A patch file from https://github.com/void-linux/void-packages/pull/51362.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-wpa_s-51362.patch --]
[-- Type: text/x-diff, Size: 23213 bytes --]

From 3afc0fa672dbee4ab804025d4eff7aa130359ea0 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Thu, 15 Feb 2024 11:54:25 -0500
Subject: [PATCH 1/2] wpa_supplicant: update to 2.11

---
 srcpkgs/wpa_supplicant/files/config           |  53 ++++
 .../wpa_supplicant/patches/4way-hand.patch    | 247 ------------------
 .../patches/SAE_external_database.patch       | 182 -------------
 .../brcmfmac-temporarily-revert-commit.patch  |  50 ++++
 srcpkgs/wpa_supplicant/template               |  15 +-
 5 files changed, 111 insertions(+), 436 deletions(-)
 delete mode 100644 srcpkgs/wpa_supplicant/patches/4way-hand.patch
 delete mode 100644 srcpkgs/wpa_supplicant/patches/SAE_external_database.patch
 create mode 100644 srcpkgs/wpa_supplicant/patches/brcmfmac-temporarily-revert-commit.patch

diff --git a/srcpkgs/wpa_supplicant/files/config b/srcpkgs/wpa_supplicant/files/config
index 7a61cf87a769e6..743c68504c9315 100644
--- a/srcpkgs/wpa_supplicant/files/config
+++ b/srcpkgs/wpa_supplicant/files/config
@@ -101,6 +101,9 @@ CONFIG_EAP_MSCHAPV2=y
 
 # EAP-TLS
 CONFIG_EAP_TLS=y
+# Enable EAP-TLSv1.3 support by default (currently disabled unless explicitly
+# enabled in network configuration)
+CONFIG_EAP_TLSV1_3=y
 
 # EAL-PEAP
 CONFIG_EAP_PEAP=y
@@ -203,9 +206,15 @@ CONFIG_SMARTCARD=y
 # Support VHT overrides (disable VHT, mask MCS rates, etc.)
 #CONFIG_VHT_OVERRIDES=y
 
+# Support HE overrides
+#CONFIG_HE_OVERRIDES=y
+
 # Development testing
 #CONFIG_EAPOL_TEST=y
 
+# Support IPv6
+CONFIG_IPV6=y
+
 # Select control interface backend for external programs, e.g, wpa_cli:
 # unix = UNIX domain sockets (default for Linux/*BSD)
 # udp = UDP sockets using localhost (127.0.0.1)
@@ -248,6 +257,9 @@ CONFIG_WPA_CLI_EDIT=y
 # Simultaneous Authentication of Equals (SAE), WPA3-Personal
 CONFIG_SAE=y
 
+# SAE Public Key, WPA3-Personal
+CONFIG_SAE_PK=y
+
 # Disable scan result processing (ap_scan=1) to save code size by about 1 kB.
 # This can be used if ap_scan=1 mode is never enabled.
 #CONFIG_NO_SCAN_PROCESSING=y
@@ -389,6 +401,22 @@ CONFIG_CTRL_IFACE_DBUS_INTRO=y
 # amount of memory/flash.
 #CONFIG_DYNAMIC_EAP_METHODS=y
 
+# Dynamic library loading
+
+# Add the ability to configure libraries to load at compile time.
+# If set, these disable dynamic configuration.
+#CONFIG_PKCS11_ENGINE_PATH - pkcs11_engine library location.
+#CONFIG_PKCS11_MODULE_PATH - pkcs11_module library location.
+#CONFIG_OPENSC_ENGINE_PATH - opensc_engine library location.
+#
+# Prevent library loading at runtime
+#CONFIG_NO_PKCS11_ENGINE_PATH=y # prevents loading pkcs11_engine library.
+#CONFIG_NO_PKCS11_MODULE_PATH=y # prevents loading pkcs11_module library.
+# CONFIG_NO_OPENSC_ENGINE_PATH=y # prevents loading opensc_engine library.
+
+# Prevents loading EAP libraries at runtime
+#CONFIG_NO_LOAD_DYNAMIC_EAP=y
+
 # IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
 CONFIG_IEEE80211R=y
 
@@ -474,6 +502,16 @@ CONFIG_GETRANDOM=y
 # IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
 CONFIG_IEEE80211AC=y
 
+# IEEE 802.11ax HE support (mainly for AP mode)
+CONFIG_IEEE80211AX=y
+
+# IEEE 802.11be EHT support (mainly for AP mode)
+# CONFIG_IEEE80211AX is mandatory for setting CONFIG_IEEE80211BE.
+# Note: This is experimental and work in progress. The definitions are still
+# subject to change and this should not be expected to interoperate with the
+# final IEEE 802.11be version.
+#CONFIG_IEEE80211BE=y
+
 # Wireless Network Management (IEEE Std 802.11v-2011)
 # Note: This is experimental and not complete implementation.
 #CONFIG_WNM=y
@@ -633,3 +671,18 @@ CONFIG_WEP=y
 # design is still subject to change. As such, this should not yet be enabled in
 # production use.
 #CONFIG_PASN=y
+
+# Disable support for Radio Measurement (IEEE 802.11k) and supported operating
+# class indication. Removing these is not recommended since they can help the
+# AP manage the network and STA steering.
+#CONFIG_NO_RRM=y
+
+# Disable support for Robust AV streaming for consumer and enterprise Wi-Fi
+# applications; IEEE Std 802.11-2020, 4.3.24; SCS, MSCS, QoS Management
+#CONFIG_NO_ROBUST_AV=y
+
+# Disable support for WMM admission control
+#CONFIG_NO_WMM_AC=y
+
+# Wi-Fi Aware unsynchronized service discovery (NAN USD)
+#CONFIG_NAN_USD=y
diff --git a/srcpkgs/wpa_supplicant/patches/4way-hand.patch b/srcpkgs/wpa_supplicant/patches/4way-hand.patch
deleted file mode 100644
index d2baa8a839aac1..00000000000000
--- a/srcpkgs/wpa_supplicant/patches/4way-hand.patch
+++ /dev/null
@@ -1,247 +0,0 @@
-From 023c17659786fe381312f154cf06663f1cb3607c Mon Sep 17 00:00:00 2001
-From: Ben Wolsieffer <benwolsieffer@gmail.com>
-Date: Tue, 23 Aug 2022 21:34:55 -0400
-Subject: [PATCH] Fix external passwords with 4-way handshake offloading
-
-Passphrases/PSKs from external password databases were ignored if 4-way
-handshake offloading was supported by the driver. This patch splits the PSK
-loading functionality into a separate function and calls if to get the PSK for
-handshake offloading.
-
-I tested connecting to a WPA2-PSK network with both inline and external
-passphrases, using the iwlwifi and brcmfmac drivers.
-
-Signed-off-by: Ben Wolsieffer <benwolsieffer@gmail.com>
----
- wpa_supplicant/wpa_supplicant.c | 184 +++++++++++++++++---------------
- 1 file changed, 95 insertions(+), 89 deletions(-)
-
-diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
-index d37a994f9..bb063380f 100644
---- a/wpa_supplicant/wpa_supplicant.c
-+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -1337,6 +1337,88 @@ void wpas_set_mgmt_group_cipher(struct wpa_supplicant *wpa_s,
- 			 wpas_get_ssid_pmf(wpa_s, ssid));
- }
- 
-+static int wpa_supplicant_get_psk(struct wpa_supplicant *wpa_s,
-+				  struct wpa_bss *bss, struct wpa_ssid *ssid,
-+				  u8 *psk)
-+{
-+        if (ssid->psk_set) {
-+		wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)", ssid->psk,
-+				PMK_LEN);
-+		os_memcpy(psk, ssid->psk, PMK_LEN);
-+		return 0;
-+	}
-+
-+#ifndef CONFIG_NO_PBKDF2
-+	if (bss && ssid->bssid_set && ssid->ssid_len == 0 && ssid->passphrase) {
-+	        pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len, 4096,
-+			    psk, PMK_LEN);
-+	        wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)", psk,
-+				PMK_LEN);
-+                return 0;
-+	}
-+#endif /* CONFIG_NO_PBKDF2 */
-+
-+#ifdef CONFIG_EXT_PASSWORD
-+	if (ssid->ext_psk) {
-+		struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
-+						     ssid->ext_psk);
-+		char pw_str[64 + 1];
-+
-+		if (pw == NULL) {
-+			wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK found from "
-+				"external storage");
-+			return -1;
-+		}
-+
-+		if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
-+			wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected PSK "
-+				"length %d in external storage",
-+				(int) wpabuf_len(pw));
-+			ext_password_free(pw);
-+			return -1;
-+		}
-+
-+		os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
-+		pw_str[wpabuf_len(pw)] = '\0';
-+
-+#ifndef CONFIG_NO_PBKDF2
-+		if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
-+		{
-+			pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len, 4096, psk,
-+				    PMK_LEN);
-+			os_memset(pw_str, 0, sizeof(pw_str));
-+			wpa_hexdump_key(MSG_MSGDUMP, "PSK (from external "
-+					"passphrase)",
-+					psk, PMK_LEN);
-+		} else
-+#endif /* CONFIG_NO_PBKDF2 */
-+		if (wpabuf_len(pw) == 2 * PMK_LEN) {
-+			if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
-+				wpa_msg(wpa_s, MSG_INFO, "EXT PW: Invalid PSK "
-+					"hex string");
-+				os_memset(pw_str, 0, sizeof(pw_str));
-+				ext_password_free(pw);
-+				return -1;
-+			}
-+			wpa_hexdump_key(MSG_MSGDUMP, "PSK (from external PSK)",
-+					psk, PMK_LEN);
-+		} else {
-+			wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable PSK "
-+				"available");
-+			os_memset(pw_str, 0, sizeof(pw_str));
-+			ext_password_free(pw);
-+			return -1;
-+		}
-+
-+		os_memset(pw_str, 0, sizeof(pw_str));
-+		ext_password_free(pw);
-+
-+		return 0;
-+	}
-+#endif /* CONFIG_EXT_PASSWORD */
-+
-+	return -1;
-+}
- 
- /**
-  * wpa_supplicant_set_suites - Set authentication and encryption parameters
-@@ -1756,97 +1838,20 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
- 					      WPA_KEY_MGMT_FT_PSK |
- 					      WPA_KEY_MGMT_PSK_SHA256)) == 0;
- 
--		if (ssid->psk_set && !sae_only) {
--			wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)",
--					ssid->psk, PMK_LEN);
--			wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL,
--				       NULL);
--			psk_set = 1;
--		}
--
--		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
--		    (ssid->sae_password || ssid->passphrase))
--			psk_set = 1;
--
--#ifndef CONFIG_NO_PBKDF2
--		if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
--		    ssid->passphrase && !sae_only) {
-+		if (!sae_only) {
- 			u8 psk[PMK_LEN];
--		        pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
--				    4096, psk, PMK_LEN);
--		        wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
--					psk, PMK_LEN);
--			wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
--			psk_set = 1;
--			os_memset(psk, 0, sizeof(psk));
--		}
--#endif /* CONFIG_NO_PBKDF2 */
--#ifdef CONFIG_EXT_PASSWORD
--		if (ssid->ext_psk && !sae_only) {
--			struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
--							     ssid->ext_psk);
--			char pw_str[64 + 1];
--			u8 psk[PMK_LEN];
--
--			if (pw == NULL) {
--				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
--					"found from external storage");
--				return -1;
--			}
--
--			if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
--				wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
--					"PSK length %d in external storage",
--					(int) wpabuf_len(pw));
--				ext_password_free(pw);
--				return -1;
--			}
--
--			os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
--			pw_str[wpabuf_len(pw)] = '\0';
--
--#ifndef CONFIG_NO_PBKDF2
--			if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
--			{
--				pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
--					    4096, psk, PMK_LEN);
--				os_memset(pw_str, 0, sizeof(pw_str));
--				wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
--						"external passphrase)",
--						psk, PMK_LEN);
--				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
--					       NULL);
--				psk_set = 1;
--				os_memset(psk, 0, sizeof(psk));
--			} else
--#endif /* CONFIG_NO_PBKDF2 */
--			if (wpabuf_len(pw) == 2 * PMK_LEN) {
--				if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
--					wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
--						"Invalid PSK hex string");
--					os_memset(pw_str, 0, sizeof(pw_str));
--					ext_password_free(pw);
--					return -1;
--				}
--				wpa_hexdump_key(MSG_MSGDUMP,
--						"PSK (from external PSK)",
--						psk, PMK_LEN);
-+			if (wpa_supplicant_get_psk(wpa_s, bss, ssid,
-+						   psk) >= 0) {
- 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
- 					       NULL);
- 				psk_set = 1;
--				os_memset(psk, 0, sizeof(psk));
--			} else {
--				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
--					"PSK available");
--				os_memset(pw_str, 0, sizeof(pw_str));
--				ext_password_free(pw);
--				return -1;
- 			}
--
--			os_memset(pw_str, 0, sizeof(pw_str));
--			ext_password_free(pw);
-+			os_memset(psk, 0, sizeof(psk));
- 		}
--#endif /* CONFIG_EXT_PASSWORD */
-+
-+		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
-+		    (ssid->sae_password || ssid->passphrase))
-+			psk_set = 1;
- 
- 		if (!psk_set) {
- 			wpa_msg(wpa_s, MSG_INFO,
-@@ -3606,6 +3611,7 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
- 	int use_crypt, ret, bssid_changed;
- 	unsigned int cipher_pairwise, cipher_group, cipher_group_mgmt;
- 	struct wpa_driver_associate_params params;
-+	u8 psk[PMK_LEN];
- #if defined(CONFIG_WEP) || defined(IEEE8021X_EAPOL)
- 	int wep_keys_set = 0;
- #endif /* CONFIG_WEP || IEEE8021X_EAPOL */
-@@ -3890,8 +3896,8 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
- 	    (params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
- 	     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
- 		params.passphrase = ssid->passphrase;
--		if (ssid->psk_set)
--			params.psk = ssid->psk;
-+		if (wpa_supplicant_get_psk(wpa_s, bss, ssid, psk) >= 0)
-+			params.psk = psk;
- 	}
- 
- 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
-@@ -3915,8 +3921,8 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
- 		if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
- 		     params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
- 		     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
--		    ssid->psk_set)
--			params.psk = ssid->psk;
-+		    wpa_supplicant_get_psk(wpa_s, bss, ssid, psk) >= 0)
-+			params.psk = psk;
- 	}
- 
- 	params.drop_unencrypted = use_crypt;
diff --git a/srcpkgs/wpa_supplicant/patches/SAE_external_database.patch b/srcpkgs/wpa_supplicant/patches/SAE_external_database.patch
deleted file mode 100644
index b3ed31f58eb1a4..00000000000000
--- a/srcpkgs/wpa_supplicant/patches/SAE_external_database.patch
+++ /dev/null
@@ -1,182 +0,0 @@
-From bdc35acd5abae45bd53e3117bfc673fc0e1ab0b9 Mon Sep 17 00:00:00 2001
-From: Ben Wolsieffer <benwolsieffer@gmail.com>
-Date: Sat, 17 Sep 2022 00:21:02 -0400
-Subject: SAE: Allow loading of the password from an external database
-
-There was no support for loading SAE passwords from an external password
-database.
-
-Signed-off-by: Ben Wolsieffer <benwolsieffer@gmail.com>
----
- wpa_supplicant/sme.c            | 65 ++++++++++++++++++++++++++++++++---------
- wpa_supplicant/wpa_supplicant.c |  2 +-
- 2 files changed, 53 insertions(+), 14 deletions(-)
-
-diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
-index 52861c805..28ac03f23 100644
---- a/wpa_supplicant/sme.c
-+++ b/wpa_supplicant/sme.c
-@@ -10,6 +10,7 @@
- 
- #include "common.h"
- #include "utils/eloop.h"
-+#include "utils/ext_password.h"
- #include "common/ieee802_11_defs.h"
- #include "common/ieee802_11_common.h"
- #include "common/ocv.h"
-@@ -90,7 +91,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- {
- 	struct wpabuf *buf;
- 	size_t len;
--	const char *password;
-+	char *password = NULL;
- 	struct wpa_bss *bss;
- 	int use_pt = 0;
- 	bool use_pk = false;
-@@ -106,7 +107,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 		wpa_printf(MSG_DEBUG, "SAE: TESTING - commit override");
- 		buf = wpabuf_alloc(4 + wpabuf_len(wpa_s->sae_commit_override));
- 		if (!buf)
--			return NULL;
-+			goto fail;
- 		if (!external) {
- 			wpabuf_put_le16(buf, 1); /* Transaction seq# */
- 			wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
-@@ -116,12 +117,45 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 	}
- #endif /* CONFIG_TESTING_OPTIONS */
- 
--	password = ssid->sae_password;
--	if (!password)
--		password = ssid->passphrase;
-+	if (ssid->sae_password) {
-+		password = os_strdup(ssid->sae_password);
-+		if (!password) {
-+			wpa_dbg(wpa_s, MSG_INFO,
-+				"SAE: Failed to allocate password");
-+			goto fail;
-+		}
-+	}
-+	if (!password && ssid->passphrase) {
-+		password = os_strdup(ssid->passphrase);
-+		if (!password) {
-+			wpa_dbg(wpa_s, MSG_INFO,
-+				"SAE: Failed to allocate password");
-+			goto fail;
-+		}
-+	}
-+	if (!password && ssid->ext_psk) {
-+		struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
-+						     ssid->ext_psk);
-+
-+		if (!pw) {
-+			wpa_msg(wpa_s, MSG_INFO,
-+				"SAE: No password found from external storage");
-+			goto fail;
-+		}
-+
-+		password = os_malloc(wpabuf_len(pw) + 1);
-+		if (!password) {
-+			wpa_dbg(wpa_s, MSG_INFO,
-+				"SAE: Failed to allocate password");
-+			goto fail;
-+		}
-+		os_memcpy(password, wpabuf_head(pw), wpabuf_len(pw));
-+		password[wpabuf_len(pw)] = '\0';
-+		ext_password_free(pw);
-+	}
- 	if (!password) {
- 		wpa_printf(MSG_DEBUG, "SAE: No password available");
--		return NULL;
-+		goto fail;
- 	}
- 
- 	if (reuse && wpa_s->sme.sae.tmp &&
-@@ -134,7 +168,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 	}
- 	if (sme_set_sae_group(wpa_s) < 0) {
- 		wpa_printf(MSG_DEBUG, "SAE: Failed to select group");
--		return NULL;
-+		goto fail;
- 	}
- 
- 	bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
-@@ -171,7 +205,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 	if (ssid->sae_pk == SAE_PK_MODE_ONLY && !use_pk) {
- 		wpa_printf(MSG_DEBUG,
- 			   "SAE: Cannot use PK with the selected AP");
--		return NULL;
-+		goto fail;
- 	}
- #endif /* CONFIG_SAE_PK */
- 
-@@ -184,7 +218,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 		    !use_pt) {
- 			wpa_printf(MSG_DEBUG,
- 				   "SAE: Cannot use H2E with the selected AP");
--			return NULL;
-+			goto fail;
- 		}
- 	}
- 
-@@ -192,13 +226,13 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
- 	    sae_prepare_commit_pt(&wpa_s->sme.sae, ssid->pt,
- 				  wpa_s->own_addr, bssid,
- 				  wpa_s->sme.sae_rejected_groups, NULL) < 0)
--		return NULL;
-+		goto fail;
- 	if (!use_pt &&
- 	    sae_prepare_commit(wpa_s->own_addr, bssid,
- 			       (u8 *) password, os_strlen(password),
- 			       &wpa_s->sme.sae) < 0) {
- 		wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
--		return NULL;
-+		goto fail;
- 	}
- 	if (wpa_s->sme.sae.tmp) {
- 		os_memcpy(wpa_s->sme.sae.tmp->bssid, bssid, ETH_ALEN);
-@@ -218,7 +252,7 @@ reuse_data:
- 		len += 4 + os_strlen(ssid->sae_password_id);
- 	buf = wpabuf_alloc(4 + SAE_COMMIT_MAX_LEN + len);
- 	if (buf == NULL)
--		return NULL;
-+		goto fail;
- 	if (!external) {
- 		wpabuf_put_le16(buf, 1); /* Transaction seq# */
- 		if (use_pk)
-@@ -231,14 +265,19 @@ reuse_data:
- 	if (sae_write_commit(&wpa_s->sme.sae, buf, wpa_s->sme.sae_token,
- 			     ssid->sae_password_id) < 0) {
- 		wpabuf_free(buf);
--		return NULL;
-+		goto fail;
- 	}
- 	if (ret_use_pt)
- 		*ret_use_pt = use_pt;
- 	if (ret_use_pk)
- 		*ret_use_pk = use_pk;
- 
-+	str_clear_free(password);
- 	return buf;
-+
-+fail:
-+	str_clear_free(password);
-+	return NULL;
- }
- 
- 
-diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
-index 54c3c859e..ef5d0cd71 100644
---- a/wpa_supplicant/wpa_supplicant.c
-+++ b/wpa_supplicant/wpa_supplicant.c
-@@ -1998,7 +1998,7 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
- 		}
- 
- 		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
--		    (ssid->sae_password || ssid->passphrase))
-+		    (ssid->sae_password || ssid->passphrase || ssid->ext_psk))
- 			psk_set = 1;
- 
- 		if (!psk_set) {
--- 
-cgit v1.2.3-18-g5258
diff --git a/srcpkgs/wpa_supplicant/patches/brcmfmac-temporarily-revert-commit.patch b/srcpkgs/wpa_supplicant/patches/brcmfmac-temporarily-revert-commit.patch
new file mode 100644
index 00000000000000..b42cba1088ddd6
--- /dev/null
+++ b/srcpkgs/wpa_supplicant/patches/brcmfmac-temporarily-revert-commit.patch
@@ -0,0 +1,50 @@
+From 2514856652f9a393e505d542cb8f039f8bac10f5 Mon Sep 17 00:00:00 2001
+From: Janne Grunau <janne-fdr@jannau.net>
+Date: Sun, 4 Aug 2024 13:24:42 +0200
+Subject: [PATCH 1/1] Revert "Mark authorization completed on driver indication
+ during 4-way HS offload"
+
+This reverts commit 41638606054a09867fe3f9a2b5523aa4678cbfa5.
+---
+ wpa_supplicant/events.c | 25 ++++++++-----------------
+ 1 file changed, 8 insertions(+), 17 deletions(-)
+
+diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
+index 46e7cf1ab..7b3ef7205 100644
+--- a/wpa_supplicant/events.c
++++ b/wpa_supplicant/events.c
+@@ -4441,23 +4441,14 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
+ 		eapol_sm_notify_eap_success(wpa_s->eapol, true);
+ 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
+ 		   wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
+-		if (already_authorized) {
+-			/*
+-			 * We are done; the driver will take care of RSN 4-way
+-			 * handshake.
+-			 */
+-			wpa_supplicant_cancel_auth_timeout(wpa_s);
+-			wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
+-			eapol_sm_notify_portValid(wpa_s->eapol, true);
+-			eapol_sm_notify_eap_success(wpa_s->eapol, true);
+-		} else {
+-			/* Update port, WPA_COMPLETED state from the
+-			 * EVENT_PORT_AUTHORIZED handler when the driver is done
+-			 * with the 4-way handshake.
+-			 */
+-			wpa_msg(wpa_s, MSG_DEBUG,
+-				"ASSOC INFO: wait for driver port authorized indication");
+-		}
++		/*
++		 * We are done; the driver will take care of RSN 4-way
++		 * handshake.
++		 */
++		wpa_supplicant_cancel_auth_timeout(wpa_s);
++		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
++		eapol_sm_notify_portValid(wpa_s->eapol, true);
++		eapol_sm_notify_eap_success(wpa_s->eapol, true);
+ 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
+ 		   wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
+ 		/*
+-- 
+2.45.2
+
diff --git a/srcpkgs/wpa_supplicant/template b/srcpkgs/wpa_supplicant/template
index 63a346320597da..5294519d3a9a3e 100644
--- a/srcpkgs/wpa_supplicant/template
+++ b/srcpkgs/wpa_supplicant/template
@@ -1,17 +1,16 @@
 # Template file for 'wpa_supplicant'
 pkgname=wpa_supplicant
-version=2.10
-revision=5
-build_wrksrc="$pkgname"
+version=2.11
+revision=1
+build_wrksrc="${pkgname}"
+hostmakedepends="pkg-config"
+makedepends="libnl3-devel openssl-devel $(vopt_if dbus dbus-devel) $(vopt_if readline readline-devel)"
 short_desc="WPA/WPA2/IEEE 802.1X Supplicant"
 maintainer="Enno Boland <gottox@voidlinux.org>"
 license="BSD-3-Clause"
 homepage="http://w1.fi/wpa_supplicant/"
 distfiles="http://w1.fi/releases/${pkgname}-${version}.tar.gz"
-checksum=20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f
-
-hostmakedepends="pkg-config"
-makedepends="libnl3-devel openssl-devel $(vopt_if dbus dbus-devel) $(vopt_if readline readline-devel)"
+checksum=912ea06f74e30a8e36fbb68064d6cdff218d8d591db0fc5d75dee6c81ac7fc0a
 build_options="dbus readline"
 build_options_default="dbus readline"
 conf_files="/etc/${pkgname}/${pkgname}.conf"
@@ -31,10 +30,12 @@ pre_build() {
 		vsed -i -e 's|#\{0,1\}\(CONFIG_READLINE\)=\(.*\)|\1=y|' .config
 	fi
 }
+
 do_build() {
 	export CFLAGS+=" $(pkg-config --cflags libnl-3.0) $CPPFLAGS"
 	make ${makejobs} V=1 PREFIX=/usr BINDIR=/usr/bin
 }
+
 do_install() {
 	make PREFIX=/usr BINDIR=/usr/bin DESTDIR=${DESTDIR} install
 

From ee1b5b65ca749993252ffffabc7ecbdce6cee01c Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Mon, 2 Sep 2024 15:03:37 -0400
Subject: [PATCH 2/2] wpa_supplicant: log to stdout instead of syslog

---
 srcpkgs/wpa_supplicant/files/wpa_supplicant/run | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/wpa_supplicant/files/wpa_supplicant/run b/srcpkgs/wpa_supplicant/files/wpa_supplicant/run
index d96bac26d1a5b5..29829f12cfa668 100644
--- a/srcpkgs/wpa_supplicant/files/wpa_supplicant/run
+++ b/srcpkgs/wpa_supplicant/files/wpa_supplicant/run
@@ -1,10 +1,10 @@
 #!/bin/sh
 if [ -r ./conf ]; then
 	. ./conf
-	: ${OPTS:=-M -c ${CONF_FILE:-/etc/wpa_supplicant/wpa_supplicant.conf} ${WPA_INTERFACE:+-i ${WPA_INTERFACE}} ${DRIVER:+-D ${DRIVER}} -s}
+	: ${OPTS:=-M -c ${CONF_FILE:-/etc/wpa_supplicant/wpa_supplicant.conf} ${WPA_INTERFACE:+-i ${WPA_INTERFACE}} ${DRIVER:+-D ${DRIVER}}}
 else
 	. ./auto
-	OPTS="${AUTO} -s"
+	OPTS="${AUTO}"
 fi
 
 exec 2>&1

Re: wpa_supplicant: update to 2.11

[dkwo]

[-- Attachment #1: Type: text/plain, Size: 252 bytes --]

New comment by dkwo on void-packages repository

https://github.com/void-linux/void-packages/pull/51362#issuecomment-2324992845

Comment:
this should be now safe to merge.
the relevant kernel patch is also in 6.10.7
asahi linux kernel works as well.

Re: [PR PATCH] [Merged]: wpa_supplicant: update to 2.11

[classabbyamp]

[-- Attachment #1: Type: text/plain, Size: 390 bytes --]

There's a merged pull request on the void-packages repository

wpa_supplicant: update to 2.11
https://github.com/void-linux/void-packages/pull/51362

Description:
- I tested the changes in this PR: yes
- I built this PR locally for my native architecture, (x86_64-glibc)

iwlwifi works fine; brcmfmac see discussion at http://lists.infradead.org/pipermail/hostap/2024-August/042893.html