Overview Repositories Revisions Requests Users Attributes Meta

Revisions of hostapd

Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1198031 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 48) 
- 2024-07-20 - v2.11
  * Wi-Fi Easy Connect
    - add support for DPP release 3
    - allow Configurator parameters to be provided during config
      exchange
  * HE/IEEE 802.11ax/Wi-Fi 6
    - various fixes
  * EHT/IEEE 802.11be/Wi-Fi 7
    - add preliminary support
  * SAE: add support for fetching the password from a RADIUS server
  * support OpenSSL 3.0 API changes
  * support background radar detection and CAC with some additional
    drivers
  * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
  * EAP-SIM/AKA: support IMSI privacy
  * improve 4-way handshake operations
    - use Secure=1 in message 3 during PTK rekeying
  * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
    to avoid interoperability issues
  * support new SAE AKM suites with variable length keys
  * support new AKM for 802.1X/EAP with SHA384
  * extend PASN support for secure ranging
  * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
    - this is based on additional details being added in the IEEE 802.11
    standard
    - the new implementation is not backwards compatible
  * improved ACS to cover additional channel types/bandwidths
  * extended Multiple BSSID support
  * fix beacon protection with FT protocol (incorrect BIGTK was provided)
  * support unsynchronized service discovery (USD)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) committed (revision 44) 
https://bugzilla.opensuse.org/show_bug.cgi?id=1192959
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 433344 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 31) 
- update to upstream release 2.6
  * fixed EAP-pwd last fragment validation
    [http://w1.fi/security/2015-7/] (CVE-2015-5314)
  * fixed WPS configuration update vulnerability with malformed passphrase
    [http://w1.fi/security/2016-1/] (CVE-2016-4476)
  * extended channel switch support for VHT bandwidth changes
  * added support for configuring new ANQP-elements with
    anqp_elem=<InfoID>:<hexdump of payload>
  * fixed Suite B 192-bit AKM to use proper PMK length
    (note: this makes old releases incompatible with the fixed behavior)
  * added no_probe_resp_if_max_sta=1 parameter to disable Probe Response
    frame sending for not-associated STAs if max_num_sta limit has been
    reached
  * added option (-S as command line argument) to request all interfaces
    to be started at the same time
  * modified rts_threshold and fragm_threshold configuration parameters
    to allow -1 to be used to disable RTS/fragmentation
  * EAP-pwd: added support for Brainpool Elliptic Curves
    (with OpenSSL 1.0.2 and newer)
  * fixed EAPOL reauthentication after FT protocol run
  * fixed FTIE generation for 4-way handshake after FT protocol run
  * fixed and improved various FST operations
  * TLS server
    - support SHA384 and SHA512 hashes
    - support TLS v1.2 signature algorithm with SHA384 and SHA512
    - support PKCS #5 v2.0 PBES2
    - support PKCS #5 with PKCS #12 style key decryption
    - minimal support for PKCS #12
    - support OCSP stapling (including ocsp_multi)
  * added support for OpenSSL 1.1 API changes
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 345591 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 30) 
- update to upstream release 2.5
- removed 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
  (CVE-2015-1863) because it's fixed in upstream release 2.5
- rebased hostapd-2.4-defconfig.patch -> hostapd-2.5-defconfig.patch
ChangeLog for hostapd since 2.4:
2015-09-27 - v2.5
	* fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
	  [http://w1.fi/security/2015-2/] (CVE-2015-4141 bsc#930077)
	* fixed WMM Action frame parser
	  [http://w1.fi/security/2015-3/] (CVE-2015-4142 bsc#930078)
	* fixed EAP-pwd server missing payload length validation
	  [http://w1.fi/security/2015-4/]
	  (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, bsc#930079)
	* fixed validation of WPS and P2P NFC NDEF record payload length
	  [http://w1.fi/security/2015-5/]
	* nl80211:
	  - fixed vendor command handling to check OUI properly
	* fixed hlr_auc_gw build with OpenSSL
	* hlr_auc_gw: allow Milenage RES length to be reduced
	* disable HT for a station that does not support WMM/QoS
	* added support for hashed password (NtHash) in EAP-pwd server
	* fixed and extended dynamic VLAN cases
	* added EAP-EKE server support for deriving Session-Id
	* set Acct-Session-Id to a random value to make it more likely to be
	  unique even if the device does not have a proper clock
	* added more 2.4 GHz channels for 20/40 MHz HT co-ex scan
	* modified SAE routines to be more robust and PWE generation to be
	  stronger against timing attacks
	* added support for Brainpool Elliptic Curves with SAE
	* increases maximum value accepted for cwmin/cwmax
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 307199 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 29) 
Automatic submission by obs-autosubmit
Displaying revisions 1 - 20 of 48
openSUSE Build Service is sponsored by
Places