hostapd: Update to 2.10

For details see:
https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog

"2022-01-16 - v2.10
	* SAE changes
	  - improved protection against side channel attacks
	    [https://w1.fi/security/2022-1/]
	  - added option send SAE Confirm immediately (sae_config_immediate=1)
	    after SAE Commit
	  - added support for the hash-to-element mechanism (sae_pwe=1 or
	    sae_pwe=2)
	  - fixed PMKSA caching with OKC
	  - added support for SAE-PK
	* EAP-pwd changes
	  - improved protection against side channel attacks
	    [https://w1.fi/security/2022-1/]
	* fixed WPS UPnP SUBSCRIBE handling of invalid operations
	  [https://w1.fi/security/2020-1/]
	* fixed PMF disconnection protection bypass
	  [https://w1.fi/security/2019-7/]
	* added support for using OpenSSL 3.0
	* fixed various issues in experimental support for EAP-TEAP server
	* added configuration (max_auth_rounds, max_auth_rounds_short) to
	  increase the maximum number of EAP message exchanges (mainly to
	  support cases with very large certificates) for the EAP server
	* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
	* extended HE (IEEE 802.11ax) support, including 6 GHz support
	* removed obsolete IAPP functionality
	* fixed EAP-FAST server with TLS GCM/CCM ciphers
	* dropped support for libnl 1.1
	* added support for nl80211 control port for EAPOL frame TX/RX
	* fixed OWE key derivation with groups 20 and 21; this breaks backwards
	  compatibility for these groups while the default group 19 remains
	  backwards compatible; owe_ptk_workaround=1 can be used to enabled a
	  a workaround for the group 20/21 backwards compatibility
	* added support for Beacon protection
	* added support for Extended Key ID for pairwise keys
	* removed WEP support from the default build (CONFIG_WEP=y can be used
	  to enable it, if really needed)
	* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
	* added support for Transition Disable mechanism to allow the AP to
	  automatically disable transition mode to improve security
	* added support for PASN
	* added EAP-TLS server support for TLS 1.3 (disabled by default for now)
	* a large number of other fixes, cleanup, and extensions"

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>

lfs/hostapd

@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2021  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,22 +24,18 @@
 
 include Config
 
-SUMMARY    = Daemon for running a WPA capable Access Point 
+VER        = 2_10
 
-VER        = 581dfcc
-
-THISAPP    = hostapd-$(VER)
-DL_FILE    = $(THISAPP).tar.gz
+THISAPP    = hostap_$(VER)
+DL_FILE    = $(THISAPP).tar.bz2
 DL_FROM    = $(URL_IPFIRE)
-DIR_APP    = $(DIR_SRC)/hostap-$(VER)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = hostapd
-PAK_VER    = 58
+PAK_VER    = 59
 
 DEPS       =
 
-SERVICES   = hostapd
-
 ###############################################################################
 # Top-level Rules
 ###############################################################################
@@ -48,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = eed922f2daabe16d74adf2b23455d8bd
+$(DL_FILE)_MD5 = 973639d02c9f6712b3b3da6d6c70ab37
 
 install : $(TARGET)
 
@@ -80,18 +76,18 @@ $(subst %,%_MD5,$(objects)) :
 
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
-	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
 
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/hostapd/hostapd-2.9-increase_EAPOL-timeouts.patch
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/hostapd/hostapd-2.9-noscan.patch
 
 	cd $(DIR_APP)/hostapd && cp $(DIR_SRC)/config/hostapd/config ./.config
 	cd $(DIR_APP)/hostapd && sed -e "s@/usr/local@/usr@g" -i Makefile
-	cd $(DIR_APP)/hostapd && make $(MAKETUNING)
+	cd $(DIR_APP)/hostapd && make $(MAKETUNING) $(EXTRA_MAKE)
 	cd $(DIR_APP)/hostapd && make install
 	install -v -m 644 $(DIR_SRC)/config/backup/includes/hostapd /var/ipfire/backup/addons/includes/hostapd
 	# install initscript
-	$(call INSTALL_INITSCRIPTS,$(SERVICES))
+	$(call INSTALL_INITSCRIPT,hostapd)
 	mkdir -p /var/ipfire/wlanap
 	touch /var/ipfire/wlanap/settings
 	cp -vrf $(DIR_SRC)/config/hostapd/hostapd.conf /var/ipfire/wlanap/hostapd.conf

src/patches/hostapd/hostapd-2.9-increase_EAPOL-timeouts.patch

@@ -1,8 +1,8 @@
 diff U3 src/ap/wpa_auth.c src/ap/wpa_auth.c
 --- a/src/ap/wpa_auth.c	Wed Aug  7 15:25:25 2019
 +++ b/src/ap/wpa_auth.c	Fri Sep 20 17:35:23 2019
-@@ -65,9 +65,9 @@
- 			  struct wpa_group *group);
+@@ -68,9 +68,9 @@
+ static int ieee80211w_kde_len(struct wpa_state_machine *sm);
  static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos);
  
 -static const u32 eapol_key_timeout_first = 100; /* ms */

src/patches/hostapd/hostapd-2.9-noscan.patch

@@ -1,6 +1,6 @@
 --- a/hostapd/config_file.c
 +++ b/hostapd/config_file.c
-@@ -3493,6 +3493,10 @@ static int hostapd_config_fill(struct ho
+@@ -3474,6 +3474,10 @@ static int hostapd_config_fill(struct ho
  		if (bss->ocv && !bss->ieee80211w)
  			bss->ieee80211w = 1;
  #endif /* CONFIG_OCV */
@@ -13,7 +13,7 @@
  	} else if (os_strcmp(buf, "ht_capab") == 0) {
 --- a/src/ap/ap_config.h
 +++ b/src/ap/ap_config.h
-@@ -984,6 +984,8 @@ struct hostapd_config {
+@@ -1014,6 +1014,8 @@ struct hostapd_config {
  
  	int ht_op_mode_fixed;
  	u16 ht_capab;
@@ -24,7 +24,7 @@
  	int no_pri_sec_switch;
 --- a/src/ap/hw_features.c
 +++ b/src/ap/hw_features.c
-@@ -500,7 +500,8 @@ static int ieee80211n_check_40mhz(struct
+@@ -517,7 +517,8 @@ static int ieee80211n_check_40mhz(struct
  	int ret;
  
  	/* Check that HT40 is used and PRI / SEC switch is allowed */