en Copyright 2025 Java http://opengrok.net:8080/history/src/contrib/wpa/README#a90b9d0159070121c221b966469c3e36d912bf82 wpa: Import 2.11Following is a changelog of new features and fixes to wpa:hostapd:* Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange* HE/IEEE 802.11ax/Wi-Fi 6 - various fixes* EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support* SAE: add support for fetching the password from a RADIUS server* support OpenSSL 3.0 API changes* support background radar detection and CAC with some additional drivers* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)* EAP-SIM/AKA: support IMSI privacy* improve 4-way handshake operations - use Secure=1 in message 3 during PTK rekeying* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues* support new SAE AKM suites with variable length keys* support new AKM for 802.1X/EAP with SHA384* extend PASN support for secure ranging* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible* improved ACS to cover additional channel types/bandwidths* extended Multiple BSSID support* fix beacon protection with FT protocol (incorrect BIGTK was provided)* support unsynchronized service discovery (USD)* add preliminary support for RADIUS/TLS* add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1)* fix SAE H2E rejected groups validation to avoid downgrade attacks* use stricter validation for some RADIUS messages* a large number of other fixes, cleanup, and extensionswpa_supplicant:* Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange* MACsec - add support for GCM-AES-256 cipher suite - remove incorrect EAP Session-Id length constraint - add hardware offload support for additional drivers* HE/IEEE 802.11ax/Wi-Fi 6 - support BSS color updates - various fixes* EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support* support OpenSSL 3.0 API changes* improve EAP-TLS support for TLSv1.3* EAP-SIM/AKA: support IMSI privacy* improve mitigation against DoS attacks when PMF is used* improve 4-way handshake operations - discard unencrypted EAPOL frames in additional cases - use Secure=1 in message 2 during PTK rekeying* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues* support new SAE AKM suites with variable length keys* support new AKM for 802.1X/EAP with SHA384* improve cross-AKM roaming with driver-based SME/BSS selection* PASN - extend support for secure ranging - allow PASN implementation to be used with external programs for Wi-Fi Aware* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible, but PMKSA caching with FT-EAP was, and still is, disabled by default* support a pregenerated MAC (mac_addr=3) as an alternative mechanism for using per-network random MAC addresses* EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1) to improve security for still unfortunately common invalid configurations that do not set ca_cert* extend SCS support for QoS Characteristics* extend MSCS support* support unsynchronized service discovery (USD)* add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1) - in addition, verify SSID after key setup when beacon protection is used* fix SAE H2E rejected groups validation to avoid downgrade attacks* a large number of other fixes, cleanup, and extensionsMFC after: 2 monthsMerge commit '6377230b3cf4f238dcd0dc2d76ff25943d3040e5' List of files: /src/contrib/wpa/README Sun, 21 Jul 2024 18:59:44 +0000 Cy Schubert <cy@FreeBSD.org> http://opengrok.net:8080/history/src/contrib/wpa/README#ec080394e21815b6852dee5cba6155bbba26a3ff wpa: Import wpa 2.10.The long awaited hostapd 2.10 is finally here.MFC after: 3 weeks List of files: /src/contrib/wpa/README Tue, 18 Jan 2022 16:15:25 +0000 Cy Schubert <cy@FreeBSD.org> http://opengrok.net:8080/history/src/contrib/wpa/README#64e33c5cb1e2ec64e0b1ce576eb53bbb27e93582 Revert "wpa: Import wpa 2.10."This reverts commit 5eb81a4b4028113e3c319f21a1db6b67613ec7ab, reversingchanges made to c6806434e79079f4f9419c3ba4fec37efcaa1635 andthis reverts commit 679ff6112361d2660f4e0c3cda71198a5e773a25.What happend is git rebase --rebase-merges doesn't do what is expected. List of files: /src/contrib/wpa/README Tue, 18 Jan 2022 16:08:03 +0000 Cy Schubert <cy@FreeBSD.org> http://opengrok.net:8080/history/src/contrib/wpa/README#5eb81a4b4028113e3c319f21a1db6b67613ec7ab wpa: Import wpa 2.10.The long awaited hostapd 2.10 is finally here.MFC after: 3 weeks List of files: /src/contrib/wpa/README Mon, 17 Jan 2022 21:21:38 +0000 Cy Schubert <cy@FreeBSD.org> http://opengrok.net:8080/history/src/contrib/wpa/README#7648bc9fee8dec6cb3c4941e0165a930fbe8dcb0 MFHead @347527Sponsored by: The FreeBSD Foundation List of files: /src/contrib/wpa/README Mon, 13 May 2019 18:25:55 +0000 Alan Somers <asomers@FreeBSD.org> http://opengrok.net:8080/history/src/contrib/wpa/README#4bc523382c7e72183c32be2c3aedecc1f5e844dd MFV r346563:Update wpa_supplicant/hostapd 2.7 --> 2.8Upstream documents the following advisories:- https://w1.fi/security/2019-1/sae-side-channel-attacks.txt- https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt- https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt- https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt- https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-\ with-unexpected-fragment.txtRelnotes: yesMFC after: 1 week (or less)Security: CVE-2019-9494, VU#871675, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499 List of files: /src/contrib/wpa/README Tue, 23 Apr 2019 03:52:43 +0000 Cy Schubert <cy@FreeBSD.org> http://opengrok.net:8080/history/src/contrib/wpa/README#67350cb56a69468c118bd4ccf6e361b7ebfa9eb4 Merge ^/head r340918 through r341763. List of files: /src/contrib/wpa/README Sun, 09 Dec 2018 11:39:45 +0000 Dimitry Andric <dim@FreeBSD.org> http://opengrok.net:8080/history/src/contrib/wpa/README#85732ac8bccbc0adcf5a261ea1ffec8ca7b3a92d MFV r341618:Update wpa 2.6 --> 2.7. List of files: /src/contrib/wpa/README Sun, 09 Dec 2018 06:45:49 +0000 Cy Schubert <cy@FreeBSD.org> http://opengrok.net:8080/history/src/contrib/wpa/README#a90b9d0159070121c221b966469c3e36d912bf82 wpa: Import 2.11Following is a changelog of new features and fixes to wpa:hostapd:* Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange* HE/IEEE 802.11ax/Wi-Fi 6 - various fixes* EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support* SAE: add support for fetching the password from a RADIUS server* support OpenSSL 3.0 API changes* support background radar detection and CAC with some additional drivers* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)* EAP-SIM/AKA: support IMSI privacy* improve 4-way handshake operations - use Secure=1 in message 3 during PTK rekeying* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues* support new SAE AKM suites with variable length keys* support new AKM for 802.1X/EAP with SHA384* extend PASN support for secure ranging* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible* improved ACS to cover additional channel types/bandwidths* extended Multiple BSSID support* fix beacon protection with FT protocol (incorrect BIGTK was provided)* support unsynchronized service discovery (USD)* add preliminary support for RADIUS/TLS* add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1)* fix SAE H2E rejected groups validation to avoid downgrade attacks* use stricter validation for some RADIUS messages* a large number of other fixes, cleanup, and extensionswpa_supplicant:* Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange* MACsec - add support for GCM-AES-256 cipher suite - remove incorrect EAP Session-Id length constraint - add hardware offload support for additional drivers* HE/IEEE 802.11ax/Wi-Fi 6 - support BSS color updates - various fixes* EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support* support OpenSSL 3.0 API changes* improve EAP-TLS support for TLSv1.3* EAP-SIM/AKA: support IMSI privacy* improve mitigation against DoS attacks when PMF is used* improve 4-way handshake operations - discard unencrypted EAPOL frames in additional cases - use Secure=1 in message 2 during PTK rekeying* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues* support new SAE AKM suites with variable length keys* support new AKM for 802.1X/EAP with SHA384* improve cross-AKM roaming with driver-based SME/BSS selection* PASN - extend support for secure ranging - allow PASN implementation to be used with external programs for Wi-Fi Aware* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible, but PMKSA caching with FT-EAP was, and still is, disabled by default* support a pregenerated MAC (mac_addr=3) as an alternative mechanism for using per-network random MAC addresses* EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1) to improve security for still unfortunately common invalid configurations that do not set ca_cert* extend SCS support for QoS Characteristics* extend MSCS support* support unsynchronized service discovery (USD)* add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1) - in addition, verify SSID after key setup when beacon protection is used* fix SAE H2E rejected groups validation to avoid downgrade attacks* a large number of other fixes, cleanup, and extensionsMFC after: 2 monthsMerge commit '6377230b3cf4f238dcd0dc2d76ff25943d3040e5' List of files: /src/contrib/wpa/README Sun, 21 Jul 2024 18:59:44 +0000 Cy Schubert <cy@FreeBSD.org> http://opengrok.net:8080/history/src/contrib/wpa/README#ec080394e21815b6852dee5cba6155bbba26a3ff wpa: Import wpa 2.10.The long awaited hostapd 2.10 is finally here.MFC after: 3 weeks List of files: /src/contrib/wpa/README Tue, 18 Jan 2022 16:15:25 +0000 Cy Schubert <cy@FreeBSD.org> http://opengrok.net:8080/history/src/contrib/wpa/README#64e33c5cb1e2ec64e0b1ce576eb53bbb27e93582 Revert "wpa: Import wpa 2.10."This reverts commit 5eb81a4b4028113e3c319f21a1db6b67613ec7ab, reversingchanges made to c6806434e79079f4f9419c3ba4fec37efcaa1635 andthis reverts commit 679ff6112361d2660f4e0c3cda71198a5e773a25.What happend is git rebase --rebase-merges doesn't do what is expected. List of files: /src/contrib/wpa/README Tue, 18 Jan 2022 16:08:03 +0000 Cy Schubert <cy@FreeBSD.org> http://opengrok.net:8080/history/src/contrib/wpa/README#5eb81a4b4028113e3c319f21a1db6b67613ec7ab wpa: Import wpa 2.10.The long awaited hostapd 2.10 is finally here.MFC after: 3 weeks List of files: /src/contrib/wpa/README Mon, 17 Jan 2022 21:21:38 +0000 Cy Schubert <cy@FreeBSD.org> http://opengrok.net:8080/history/src/contrib/wpa/README#7648bc9fee8dec6cb3c4941e0165a930fbe8dcb0 MFHead @347527Sponsored by: The FreeBSD Foundation List of files: /src/contrib/wpa/README Mon, 13 May 2019 18:25:55 +0000 Alan Somers <asomers@FreeBSD.org> http://opengrok.net:8080/history/src/contrib/wpa/README#4bc523382c7e72183c32be2c3aedecc1f5e844dd MFV r346563:Update wpa_supplicant/hostapd 2.7 --> 2.8Upstream documents the following advisories:- https://w1.fi/security/2019-1/sae-side-channel-attacks.txt- https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt- https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt- https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt- https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-\ with-unexpected-fragment.txtRelnotes: yesMFC after: 1 week (or less)Security: CVE-2019-9494, VU#871675, CVE-2019-9495, CVE-2019-9496, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499 List of files: /src/contrib/wpa/README Tue, 23 Apr 2019 03:52:43 +0000 Cy Schubert <cy@FreeBSD.org> http://opengrok.net:8080/history/src/contrib/wpa/README#67350cb56a69468c118bd4ccf6e361b7ebfa9eb4 Merge ^/head r340918 through r341763. List of files: /src/contrib/wpa/README Sun, 09 Dec 2018 11:39:45 +0000 Dimitry Andric <dim@FreeBSD.org> http://opengrok.net:8080/history/src/contrib/wpa/README#85732ac8bccbc0adcf5a261ea1ffec8ca7b3a92d MFV r341618:Update wpa 2.6 --> 2.7. List of files: /src/contrib/wpa/README Sun, 09 Dec 2018 06:45:49 +0000 Cy Schubert <cy@FreeBSD.org> http://opengrok.net:8080/history/src/contrib/wpa/README#780fb4a2fa9a9aee5ac48a60b790f567c0dc13e9 MFV r324714:Update wpa 2.5 --> 2.6.MFC after: 1 month List of files: /src/contrib/wpa/README Wed, 11 Jul 2018 18:53:18 +0000 Cy Schubert <cy@FreeBSD.org> http://opengrok.net:8080/history/src/contrib/wpa/README#416ba5c74546f32a993436a99516d35008e9f384 Catch up with HEAD (r280229-r284686). List of files: /src/contrib/wpa/README Mon, 22 Jun 2015 00:05:22 +0000 Navdeep Parhar <np@FreeBSD.org> http://opengrok.net:8080/history/src/contrib/wpa/README#98e0ffaefb0f241cda3a72395d3be04192ae0d47 Merge sync of head List of files: /src/contrib/wpa/README Wed, 27 May 2015 01:19:58 +0000 Simon J. Gerraty <sjg@FreeBSD.org> http://opengrok.net:8080/history/src/contrib/wpa/README#7757a1b4dc60696d9a95137ee0a2accd4ee680f4 Merge from head List of files: /src/contrib/wpa/README Sun, 03 May 2015 19:30:11 +0000 Baptiste Daroussin <bapt@FreeBSD.org>