SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for hostapd-2.10-2.12.x86_64.rpm :

* Fri Mar 11 2022 Clemens Famulla-Conrad - Adjust config
* Enable SAE
* Enable DPP
* Enable wired driver
* Enable Airtime policy support
* Enable Fast Initial Link Setup (FILS) (IEEE 802.11ai)
* Mon Jan 17 2022 Michael Ströder - Removed obsolete patches:
* CVE-2019-16275.patch
* CVE-2020-12695.patch
* CVE-2021-30004.patch- Update to version 2.10
* SAE changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] - added option send SAE Confirm immediately (sae_config_immediate=1) after SAE Commit - added support for the hash-to-element mechanism (sae_pwe=1 or sae_pwe=2) - fixed PMKSA caching with OKC - added support for SAE-PK
* EAP-pwd changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/]
* fixed WPS UPnP SUBSCRIBE handling of invalid operations [https://w1.fi/security/2020-1/]
* fixed PMF disconnection protection bypass [https://w1.fi/security/2019-7/]
* added support for using OpenSSL 3.0
* fixed various issues in experimental support for EAP-TEAP server
* added configuration (max_auth_rounds, max_auth_rounds_short) to increase the maximum number of EAP message exchanges (mainly to support cases with very large certificates) for the EAP server
* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
* extended HE (IEEE 802.11ax) support, including 6 GHz support
* removed obsolete IAPP functionality
* fixed EAP-FAST server with TLS GCM/CCM ciphers
* dropped support for libnl 1.1
* added support for nl80211 control port for EAPOL frame TX/RX
* fixed OWE key derivation with groups 20 and 21; this breaks backwards compatibility for these groups while the default group 19 remains backwards compatible; owe_ptk_workaround=1 can be used to enabled a a workaround for the group 20/21 backwards compatibility
* added support for Beacon protection
* added support for Extended Key ID for pairwise keys
* removed WEP support from the default build (CONFIG_WEP=y can be used to enable it, if really needed)
* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
* added support for Transition Disable mechanism to allow the AP to automatically disable transition mode to improve security
* added support for PASN
* added EAP-TLS server support for TLS 1.3 (disabled by default for now)
* a large number of other fixes, cleanup, and extensions
* Fri Nov 26 2021 Clemens Famulla-Conrad - Fix AppArmor profile -- allow access to /etc/ssl/openssl.cnf (bsc#1192959)
* Fri Oct 15 2021 Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400). Modified:
* hostapd.service
* Wed Jul 14 2021 Michael Ströder - fixed AppArmor profile
* Tue Apr 06 2021 Clemens Famulla-Conrad - Add CVE-2021-30004.patch -- forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348)
* Tue Feb 23 2021 Michael Ströder - added AppArmor profile (source apparmor-usr.sbin.hostapd)
* Tue Sep 29 2020 Clemens Famulla-Conrad - Add CVE-2020-12695.patch -- UPnP SUBSCRIBE misbehavior in hostapd WPS AP (bsc#1172700)
* Thu Apr 23 2020 Clemens Famulla-Conrad - Add CVE-2019-16275.patch -- AP mode PMF disconnection protection bypass (bsc#1150934)
* Thu Sep 05 2019 Michael Ströder - Update to version 2.9
* SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/]
* EAP-pwd changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/]
* fixed FT-EAP initial mobility domain association using PMKSA caching
* added configuration of airtime policy
* fixed FILS to and RSNE into (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* added support for regulatory WMM limitation (for ETSI)
* added support for MACsec Key Agreement using IEEE 802.1X/PSK
* added experimental support for EAP-TEAP server (RFC 7170)
* added experimental support for EAP-TLS server with TLS v1.3
* added support for two server certificates/keys (RSA/ECC)
* added AKMSuiteSelector into \"STA \" control interface data to determine with AKM was used for an association
* added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and fast reauthentication use to be disabled
* fixed an ECDH operation corner case with OpenSSL
  
ICM