wpa: Import 2.11Following is a changelog of new features and fixes to wpa:hostapd:* Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during c
wpa: Import 2.11Following is a changelog of new features and fixes to wpa:hostapd:* Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange* HE/IEEE 802.11ax/Wi-Fi 6 - various fixes* EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support* SAE: add support for fetching the password from a RADIUS server* support OpenSSL 3.0 API changes* support background radar detection and CAC with some additional drivers* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)* EAP-SIM/AKA: support IMSI privacy* improve 4-way handshake operations - use Secure=1 in message 3 during PTK rekeying* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues* support new SAE AKM suites with variable length keys* support new AKM for 802.1X/EAP with SHA384* extend PASN support for secure ranging* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible* improved ACS to cover additional channel types/bandwidths* extended Multiple BSSID support* fix beacon protection with FT protocol (incorrect BIGTK was provided)* support unsynchronized service discovery (USD)* add preliminary support for RADIUS/TLS* add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1)* fix SAE H2E rejected groups validation to avoid downgrade attacks* use stricter validation for some RADIUS messages* a large number of other fixes, cleanup, and extensionswpa_supplicant:* Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange* MACsec - add support for GCM-AES-256 cipher suite - remove incorrect EAP Session-Id length constraint - add hardware offload support for additional drivers* HE/IEEE 802.11ax/Wi-Fi 6 - support BSS color updates - various fixes* EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support* support OpenSSL 3.0 API changes* improve EAP-TLS support for TLSv1.3* EAP-SIM/AKA: support IMSI privacy* improve mitigation against DoS attacks when PMF is used* improve 4-way handshake operations - discard unencrypted EAPOL frames in additional cases - use Secure=1 in message 2 during PTK rekeying* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues* support new SAE AKM suites with variable length keys* support new AKM for 802.1X/EAP with SHA384* improve cross-AKM roaming with driver-based SME/BSS selection* PASN - extend support for secure ranging - allow PASN implementation to be used with external programs for Wi-Fi Aware* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible, but PMKSA caching with FT-EAP was, and still is, disabled by default* support a pregenerated MAC (mac_addr=3) as an alternative mechanism for using per-network random MAC addresses* EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1) to improve security for still unfortunately common invalid configurations that do not set ca_cert* extend SCS support for QoS Characteristics* extend MSCS support* support unsynchronized service discovery (USD)* add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1) - in addition, verify SSID after key setup when beacon protection is used* fix SAE H2E rejected groups validation to avoid downgrade attacks* a large number of other fixes, cleanup, and extensionsMFC after: 2 monthsMerge commit '6377230b3cf4f238dcd0dc2d76ff25943d3040e5'
show more ...
wpa: Import wpa 2.10.The long awaited hostapd 2.10 is finally here.MFC after: 3 weeks
Revert "wpa: Import wpa 2.10."This reverts commit 5eb81a4b4028113e3c319f21a1db6b67613ec7ab, reversingchanges made to c6806434e79079f4f9419c3ba4fec37efcaa1635 andthis reverts commit 679ff6112361d2
Revert "wpa: Import wpa 2.10."This reverts commit 5eb81a4b4028113e3c319f21a1db6b67613ec7ab, reversingchanges made to c6806434e79079f4f9419c3ba4fec37efcaa1635 andthis reverts commit 679ff6112361d2660f4e0c3cda71198a5e773a25.What happend is git rebase --rebase-merges doesn't do what is expected.
wpa: Redo import wpa_supplicant/hostapd commit 14ab4a816This is the November update to vendor/wpa committed upstream 2021-11-26.MFC after: 1 month
Revert "wpa: Import wpa_supplicant/hostapd commit 14ab4a816"This reverts commit 266f97b5e9a7958e365e78288616a459b40d924a, reversingchanges made to a10253cffea84c0c980a36ba6776b00ed96c3e3b.A mism
Revert "wpa: Import wpa_supplicant/hostapd commit 14ab4a816"This reverts commit 266f97b5e9a7958e365e78288616a459b40d924a, reversingchanges made to a10253cffea84c0c980a36ba6776b00ed96c3e3b.A mismerge of a merge to catch up to main resulted in files beingcommitted which should not have been.
wpa: Import wpa_supplicant/hostapd commit 14ab4a816This is the November update to vendor/wpa committed upstream 2021-11-26.MFC after: 1 month
wpa: Import wpa_supplicant/hostapd commits up to b4f7506ffMerge vendor commits 40c7ff83e74eabba5a7e2caefeea12372b2d3f9a,efec8223892b3e677acb46eae84ec3534989971f, and2f6c3ea9600b494d24cac5a38c1cea
wpa: Import wpa_supplicant/hostapd commits up to b4f7506ffMerge vendor commits 40c7ff83e74eabba5a7e2caefeea12372b2d3f9a,efec8223892b3e677acb46eae84ec3534989971f, and2f6c3ea9600b494d24cac5a38c1cea0ac192245e.Tested by: philipMFC after: 2 months