From f899dc267076f8f6672bc37f28997cda383616a4 Mon Sep 17 00:00:00 2001
From: Dave Olsthoorn <dave@bewaar.me>
Date: Sat, 15 May 2021 15:19:41 +0200
Subject: [PATCH] Fix issues with FT a.k.a. 802.11r when not supported by
 adapter

Signed-off-by: Dave Olsthoorn <dave@bewaar.me>
---
 ...-FT-support-when-selecting-FT-suites.patch | 90 +++++++++++++++++++
 wpa_supplicant.spec                           |  8 +-
 2 files changed, 97 insertions(+), 1 deletion(-)
 create mode 100644 0001-Check-for-FT-support-when-selecting-FT-suites.patch

diff --git a/0001-Check-for-FT-support-when-selecting-FT-suites.patch b/0001-Check-for-FT-support-when-selecting-FT-suites.patch
new file mode 100644
index 0000000..6734f14
--- /dev/null
+++ b/0001-Check-for-FT-support-when-selecting-FT-suites.patch
@@ -0,0 +1,90 @@
+From cee97564dcd3df002a29fc79107248011699fca7 Mon Sep 17 00:00:00 2001
+From: Matthew Wang <matthewmwang@chromium.org>
+Date: Mon, 3 Feb 2020 17:12:05 -0800
+Subject: [PATCH] Check for FT support when selecting FT suites
+
+A driver supports FT if it either supports SME or the
+NL80211_CMD_UPDATE_FT_IES command. When selecting AKM suites,
+wpa_supplicant currently doesn't take into account whether or not either
+of those conditions are met. This can cause association failures, e.g.,
+when an AP supports both WPA-EAP and FT-EAP but the driver doesn't
+support FT (wpa_supplicant will decide to do FT-EAP since it is unaware
+the driver doesn't support it). This change allows an FT suite to be
+selected only when the driver also supports FT.
+
+Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
+Reviewed-by: Brian Norris <briannorris@chromium.org>
+---
+ src/drivers/driver.h              | 6 ++++++
+ src/drivers/driver_nl80211_capa.c | 7 +++++++
+ wpa_supplicant/wpa_supplicant.c   | 5 +++++
+ 3 files changed, 18 insertions(+)
+
+diff --git a/src/drivers/driver.h b/src/drivers/driver.h
+index 2a8459ae3..f48074c83 100644
+--- a/src/drivers/driver.h
++++ b/src/drivers/driver.h
+@@ -1659,6 +1659,12 @@ struct wpa_driver_capa {
+ #define WPA_DRIVER_FLAGS_FTM_RESPONDER		0x0100000000000000ULL
+ /** Driver support 4-way handshake offload for WPA-Personal */
+ #define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK	0x0200000000000000ULL
++/** Driver supports a separate control port for EAPOL frames */
++#define WPA_DRIVER_FLAGS_CONTROL_PORT		0x0400000000000000ULL
++/** Driver supports VLAN offload */
++#define WPA_DRIVER_FLAGS_VLAN_OFFLOAD		0x0800000000000000ULL
++/** Driver supports UPDATE_FT_IES command */
++#define WPA_DRIVER_FLAGS_UPDATE_FT_IES		0x1000000000000000ULL
+ 	u64 flags;
+ 
+ #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
+diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
+index 8318b10ab..2137b297f 100644
+--- a/src/drivers/driver_nl80211_capa.c
++++ b/src/drivers/driver_nl80211_capa.c
+@@ -78,6 +78,7 @@ struct wiphy_info_data {
+ 	unsigned int wmm_ac_supported:1;
+ 	unsigned int mac_addr_rand_scan_supported:1;
+ 	unsigned int mac_addr_rand_sched_scan_supported:1;
++	unsigned int update_ft_ies_supported:1;
+ };
+ 
+ 
+@@ -243,6 +244,9 @@ static void wiphy_info_supp_cmds(struct wiphy_info_data *info,
+ 		case NL80211_CMD_SET_QOS_MAP:
+ 			info->set_qos_map_supported = 1;
+ 			break;
++		case NL80211_CMD_UPDATE_FT_IES:
++			info->update_ft_ies_supported = 1;
++			break;
+ 		}
+ 	}
+ }
+@@ -901,6 +905,9 @@ static int wpa_driver_nl80211_get_info(struct wpa_driver_nl80211_data *drv,
+ 		drv->capa.max_sched_scan_plan_iterations = 0;
+ 	}
+ 
++	if (info->update_ft_ies_supported)
++		drv->capa.flags |= WPA_DRIVER_FLAGS_UPDATE_FT_IES;
++
+ 	return 0;
+ }
+ 
+diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
+index f4a81a835..57230f358 100644
+--- a/wpa_supplicant/wpa_supplicant.c
++++ b/wpa_supplicant/wpa_supplicant.c
+@@ -1410,6 +1410,11 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
+ 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
+ 		sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
+ #endif /* CONFIG_SAE */
++#ifdef CONFIG_IEEE80211R
++	if (!(wpa_s->drv_flags & (WPA_DRIVER_FLAGS_SME |
++				  WPA_DRIVER_FLAGS_UPDATE_FT_IES)))
++		sel &= ~WPA_KEY_MGMT_FT;
++#endif /* CONFIG_IEEE80211R */
+ 	if (0) {
+ #ifdef CONFIG_IEEE80211R
+ #ifdef CONFIG_SHA384
+-- 
+2.31.1
+
diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec
index 32b0a20..13484e4 100644
--- a/wpa_supplicant.spec
+++ b/wpa_supplicant.spec
@@ -9,7 +9,7 @@ Summary: WPA/WPA2/IEEE 802.1X Supplicant
 Name: wpa_supplicant
 Epoch: 1
 Version: 2.9
-Release: 13%{?dist}
+Release: 14%{?dist}
 License: BSD
 Source0: http://w1.fi/releases/%{name}-%{version}.tar.gz
 Source1: wpa_supplicant.conf
@@ -49,6 +49,9 @@ Patch11: 0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch
 #fix for CVE-2021-27803
 Patch12: 0001-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch
 
+# fix for 802.11r networks, and cards that don't support it
+Patch13: 0001-Check-for-FT-support-when-selecting-FT-suites.patch
+
 URL: http://w1.fi/wpa_supplicant/
 
 %if %with gui
@@ -208,6 +211,9 @@ chmod -R 0644 wpa_supplicant/examples/*.py
 
 
 %changelog
+* Tue Jul 27 2021 Dave Olsthoorn <dave@bewaar.me> - 1:2.9-14
+- Fix issues with FT a.k.a. 802.11r when not supported by adapter
+
 * Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.9-13
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild