| #
a90b9d01 |
| 21-Jul-2024 |
Cy Schubert <cy@FreeBSD.org> |
wpa: Import 2.11
Following is a changelog of new features and fixes to wpa:
hostapd:
* Wi-Fi Easy Connect
- add support for DPP release 3
- allow Configurator parameters to be provided during c
wpa: Import 2.11
Following is a changelog of new features and fixes to wpa:
hostapd:
* Wi-Fi Easy Connect
- add support for DPP release 3
- allow Configurator parameters to be provided during config exchange
* HE/IEEE 802.11ax/Wi-Fi 6
- various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
- add preliminary support
* SAE: add support for fetching the password from a RADIUS server
* support OpenSSL 3.0 API changes
* support background radar detection and CAC with some additional
drivers
* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
* EAP-SIM/AKA: support IMSI privacy
* improve 4-way handshake operations
- use Secure=1 in message 3 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* extend PASN support for secure ranging
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
- this is based on additional details being added in the IEEE 802.11
standard
- the new implementation is not backwards compatible
* improved ACS to cover additional channel types/bandwidths
* extended Multiple BSSID support
* fix beacon protection with FT protocol (incorrect BIGTK was provided)
* support unsynchronized service discovery (USD)
* add preliminary support for RADIUS/TLS
* add support for explicit SSID protection in 4-way handshake
(a mitigation for CVE-2023-52424; disabled by default for now, can be
enabled with ssid_protection=1)
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* use stricter validation for some RADIUS messages
* a large number of other fixes, cleanup, and extensions
wpa_supplicant:
* Wi-Fi Easy Connect
- add support for DPP release 3
- allow Configurator parameters to be provided during config exchange
* MACsec
- add support for GCM-AES-256 cipher suite
- remove incorrect EAP Session-Id length constraint
- add hardware offload support for additional drivers
* HE/IEEE 802.11ax/Wi-Fi 6
- support BSS color updates
- various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
- add preliminary support
* support OpenSSL 3.0 API changes
* improve EAP-TLS support for TLSv1.3
* EAP-SIM/AKA: support IMSI privacy
* improve mitigation against DoS attacks when PMF is used
* improve 4-way handshake operations
- discard unencrypted EAPOL frames in additional cases
- use Secure=1 in message 2 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* improve cross-AKM roaming with driver-based SME/BSS selection
* PASN
- extend support for secure ranging
- allow PASN implementation to be used with external programs for
Wi-Fi Aware
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
- this is based on additional details being added in the IEEE 802.11
standard
- the new implementation is not backwards compatible, but PMKSA
caching with FT-EAP was, and still is, disabled by default
* support a pregenerated MAC (mac_addr=3) as an alternative mechanism
for using per-network random MAC addresses
* EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1)
to improve security for still unfortunately common invalid
configurations that do not set ca_cert
* extend SCS support for QoS Characteristics
* extend MSCS support
* support unsynchronized service discovery (USD)
* add support for explicit SSID protection in 4-way handshake
(a mitigation for CVE-2023-52424; disabled by default for now, can be
enabled with ssid_protection=1)
- in addition, verify SSID after key setup when beacon protection is
used
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* a large number of other fixes, cleanup, and extensions
MFC after: 2 months
Merge commit '6377230b3cf4f238dcd0dc2d76ff25943d3040e5'
show more ...
|
| #
cab9ccf3 |
| 31-May-2024 |
Warner Losh <imp@FreeBSD.org> |
wpa: Diff reduction with upstream
I inadvertantly added gratuitous changes to upstream. Revert the
gratuitous parts of 676041c41ba5
Suggested by: cy
Fixes: 676041c41ba5
Sponsored by: Netflix
|
| #
676041c4 |
| 31-May-2024 |
Warner Losh <imp@FreeBSD.org> |
WPA: Allow CLOCK_BOOTTIME and CLOCK_MONOTONIC to #define the same
Historically, these have been differnet values, and only one was defined
or they were defined as different values. Now that they are
WPA: Allow CLOCK_BOOTTIME and CLOCK_MONOTONIC to #define the same
Historically, these have been differnet values, and only one was defined
or they were defined as different values. Now that they are about to be
the same value, add #ifdef to cope.
Sponsored by: Netflix
Reviewed by: olce, val_packett.cool, adrian
Differential Revision: https://reviews.freebsd.org/D45418
show more ...
|
| #
c1d255d3 |
| 03-Sep-2021 |
Cy Schubert <cy@FreeBSD.org> |
wpa: Import wpa_supplicant/hostapd commits up to b4f7506ff
Merge vendor commits 40c7ff83e74eabba5a7e2caefeea12372b2d3f9a,
efec8223892b3e677acb46eae84ec3534989971f, and
2f6c3ea9600b494d24cac5a38c1cea
wpa: Import wpa_supplicant/hostapd commits up to b4f7506ff
Merge vendor commits 40c7ff83e74eabba5a7e2caefeea12372b2d3f9a,
efec8223892b3e677acb46eae84ec3534989971f, and
2f6c3ea9600b494d24cac5a38c1cea0ac192245e.
Tested by: philip
MFC after: 2 months
show more ...
|
| #
4bc52338 |
| 23-Apr-2019 |
Cy Schubert <cy@FreeBSD.org> |
MFV r346563:
Update wpa_supplicant/hostapd 2.7 --> 2.8
Upstream documents the following advisories:
- https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
- https://w1.fi/security/2019-2/eap
MFV r346563:
Update wpa_supplicant/hostapd 2.7 --> 2.8
Upstream documents the following advisories:
- https://w1.fi/security/2019-1/sae-side-channel-attacks.txt
- https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt
- https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt
- https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt
- https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-\
with-unexpected-fragment.txt
Relnotes: yes
MFC after: 1 week (or less)
Security: CVE-2019-9494, VU#871675, CVE-2019-9495, CVE-2019-9496,
CVE-2019-9497, CVE-2019-9498, CVE-2019-9499
show more ...
|
| #
85732ac8 |
| 09-Dec-2018 |
Cy Schubert <cy@FreeBSD.org> |
MFV r341618:
Update wpa 2.6 --> 2.7.
|
| #
780fb4a2 |
| 11-Jul-2018 |
Cy Schubert <cy@FreeBSD.org> |
MFV r324714:
Update wpa 2.5 --> 2.6.
MFC after: 1 month
|
| #
325151a3 |
| 18-Oct-2015 |
Rui Paulo <rpaulo@FreeBSD.org> |
Update hostapd/wpa_supplicant to version 2.5.
Tested by several people on current@/wireless@.
Relnotes: yes
|
| #
5b9c547c |
| 21-Apr-2015 |
Rui Paulo <rpaulo@FreeBSD.org> |
Merge wpa_supplicant/hostapd 2.4.
Major changes are: SAE, Suite B, RFC 7268, EAP-PKE, ACS, and tons of
bug fixes.
Relnotes: yes
|
| #
a061720c |
| 22-Jun-2014 |
John-Mark Gurney <jmg@FreeBSD.org> |
convert to using pidfile... This prevents multiple wpa_supplicants
running at the same time causing problems w/ wifi not working..
the patch will be submitted upstream... The next step if someone
convert to using pidfile... This prevents multiple wpa_supplicants
running at the same time causing problems w/ wifi not working..
the patch will be submitted upstream... The next step if someone wants
to push it upstream is to break os_unix.c up so that all these other
utilities don't need libutil..
Reviewed by: rpaulo
show more ...
|
| #
f05cddf9 |
| 04-Jul-2013 |
Rui Paulo <rpaulo@FreeBSD.org> |
Merge hostapd / wpa_supplicant 2.0.
Reviewed by: adrian (driver_bsd + usr.sbin/wpa)
|
| #
e28a4053 |
| 03-Nov-2010 |
Rui Paulo <rpaulo@FreeBSD.org> |
Merge wpa_supplicant and hostapd 0.7.3.
|
| #
3157ba21 |
| 14-Jun-2010 |
Rui Paulo <rpaulo@FreeBSD.org> |
MFV hostapd & wpa_supplicant 0.6.10.
|
| #
39beb93c |
| 02-Mar-2009 |
Sam Leffler <sam@FreeBSD.org> |
connect vendor wpa area to contrib
|