The NetBSD Project

CVS log for src/external/bsd/wpa/dist/wpa_supplicant/bssid_ignore.h

[BACK] Up to [cvs.NetBSD.org] / src / external / bsd / wpa / dist / wpa_supplicant

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MALINEN, MAIN


Revision 1.1.1.1 (vendor branch): download - view: text, markup, annotated - select for diffs
Wed Sep 18 15:02:55 2024 UTC (4 months ago) by christos
Branches: MALINEN, MAIN
CVS tags: v2_11, HEAD
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +0 -0 lines
Import wpa_supplicant hand hostapd 2.11. Previous was 2.9

1. Changes for hostapd:

2024-07-20 - v2.11
	* Wi-Fi Easy Connect
	  - add support for DPP release 3
	  - allow Configurator parameters to be provided during config exchange
	* HE/IEEE 802.11ax/Wi-Fi 6
	  - various fixes
	* EHT/IEEE 802.11be/Wi-Fi 7
	  - add preliminary support
	* SAE: add support for fetching the password from a RADIUS server
	* support OpenSSL 3.0 API changes
	* support background radar detection and CAC with some additional
	  drivers
	* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
	* EAP-SIM/AKA: support IMSI privacy
	* improve 4-way handshake operations
	  - use Secure=1 in message 3 during PTK rekeying
	* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
	  to avoid interoperability issues
	* support new SAE AKM suites with variable length keys
	* support new AKM for 802.1X/EAP with SHA384
	* extend PASN support for secure ranging
	* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
	  - this is based on additional details being added in the IEEE 802.11
	    standard
	  - the new implementation is not backwards compatible
	* improved ACS to cover additional channel types/bandwidths
	* extended Multiple BSSID support
	* fix beacon protection with FT protocol (incorrect BIGTK was provided)
	* support unsynchronized service discovery (USD)
	* add preliminary support for RADIUS/TLS
	* add support for explicit SSID protection in 4-way handshake
	  (a mitigation for CVE-2023-52424; disabled by default for now, can be
	  enabled with ssid_protection=1)
	* fix SAE H2E rejected groups validation to avoid downgrade attacks
	* use stricter validation for some RADIUS messages
	* a large number of other fixes, cleanup, and extensions

2022-01-16 - v2.10
	* SAE changes
	  - improved protection against side channel attacks
	    [https://w1.fi/security/2022-1/]
	  - added option send SAE Confirm immediately (sae_config_immediate=1)
	    after SAE Commit
	  - added support for the hash-to-element mechanism (sae_pwe=1 or
	    sae_pwe=2)
	  - fixed PMKSA caching with OKC
	  - added support for SAE-PK
	* EAP-pwd changes
	  - improved protection against side channel attacks
	    [https://w1.fi/security/2022-1/]
	* fixed WPS UPnP SUBSCRIBE handling of invalid operations
	  [https://w1.fi/security/2020-1/]
	* fixed PMF disconnection protection bypass
	  [https://w1.fi/security/2019-7/]
	* added support for using OpenSSL 3.0
	* fixed various issues in experimental support for EAP-TEAP server
	* added configuration (max_auth_rounds, max_auth_rounds_short) to
	  increase the maximum number of EAP message exchanges (mainly to
	  support cases with very large certificates) for the EAP server
	* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
	* extended HE (IEEE 802.11ax) support, including 6 GHz support
	* removed obsolete IAPP functionality
	* fixed EAP-FAST server with TLS GCM/CCM ciphers
	* dropped support for libnl 1.1
	* added support for nl80211 control port for EAPOL frame TX/RX
	* fixed OWE key derivation with groups 20 and 21; this breaks backwards
	  compatibility for these groups while the default group 19 remains
	  backwards compatible; owe_ptk_workaround=1 can be used to enabled a
	  a workaround for the group 20/21 backwards compatibility
	* added support for Beacon protection
	* added support for Extended Key ID for pairwise keys
	* removed WEP support from the default build (CONFIG_WEP=y can be used
	  to enable it, if really needed)
	* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
	* added support for Transition Disable mechanism to allow the AP to
	  automatically disable transition mode to improve security
	* added support for PASN
	* added EAP-TLS server support for TLS 1.3 (disabled by default for now)
	* a large number of other fixes, cleanup, and extensions


2. Changes for wpa_supplicant

2024-07-20 - v2.11
	* Wi-Fi Easy Connect
	  - add support for DPP release 3
	  - allow Configurator parameters to be provided during config exchange
	* MACsec
	  - add support for GCM-AES-256 cipher suite
	  - remove incorrect EAP Session-Id length constraint
	  - add hardware offload support for additional drivers
	* HE/IEEE 802.11ax/Wi-Fi 6
	  - support BSS color updates
	  - various fixes
	* EHT/IEEE 802.11be/Wi-Fi 7
	  - add preliminary support
	* support OpenSSL 3.0 API changes
	* improve EAP-TLS support for TLSv1.3
	* EAP-SIM/AKA: support IMSI privacy
	* improve mitigation against DoS attacks when PMF is used
	* improve 4-way handshake operations
	  - discard unencrypted EAPOL frames in additional cases
	  - use Secure=1 in message 2 during PTK rekeying
	* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
	  to avoid interoperability issues
	* support new SAE AKM suites with variable length keys
	* support new AKM for 802.1X/EAP with SHA384
	* improve cross-AKM roaming with driver-based SME/BSS selection
	* PASN
	  - extend support for secure ranging
	  - allow PASN implementation to be used with external programs for
	    Wi-Fi Aware
	* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
	  - this is based on additional details being added in the IEEE 802.11
	    standard
	  - the new implementation is not backwards compatible, but PMKSA
	    caching with FT-EAP was, and still is, disabled by default
	* support a pregenerated MAC (mac_addr=3) as an alternative mechanism
	  for using per-network random MAC addresses
	* EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1)
	  to improve security for still unfortunately common invalid
	  configurations that do not set ca_cert
	* extend SCS support for QoS Characteristics
	* extend MSCS support
	* support unsynchronized service discovery (USD)
	* add support for explicit SSID protection in 4-way handshake
	  (a mitigation for CVE-2023-52424; disabled by default for now, can be
	  enabled with ssid_protection=1)
	  - in addition, verify SSID after key setup when beacon protection is
	    used
	* fix SAE H2E rejected groups validation to avoid downgrade attacks
	* a large number of other fixes, cleanup, and extensions

2022-01-16 - v2.10
	* SAE changes
	  - improved protection against side channel attacks
	    [https://w1.fi/security/2022-1/]
	  - added support for the hash-to-element mechanism (sae_pwe=1 or
	    sae_pwe=2); this is currently disabled by default, but will likely
	    get enabled by default in the future
	  - fixed PMKSA caching with OKC
	  - added support for SAE-PK
	* EAP-pwd changes
	  - improved protection against side channel attacks
	  [https://w1.fi/security/2022-1/]
	* fixed P2P provision discovery processing of a specially constructed
	  invalid frame
	  [https://w1.fi/security/2021-1/]
	* fixed P2P group information processing of a specially constructed
	  invalid frame
	  [https://w1.fi/security/2020-2/]
	* fixed PMF disconnection protection bypass in AP mode
	  [https://w1.fi/security/2019-7/]
	* added support for using OpenSSL 3.0
	* increased the maximum number of EAP message exchanges (mainly to
	  support cases with very large certificates)
	* fixed various issues in experimental support for EAP-TEAP peer
	* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
	* a number of MKA/MACsec fixes and extensions
	* added support for SAE (WPA3-Personal) AP mode configuration
	* added P2P support for EDMG (IEEE 802.11ay) channels
	* fixed EAP-FAST peer with TLS GCM/CCM ciphers
	* improved throughput estimation and BSS selection
	* dropped support for libnl 1.1
	* added support for nl80211 control port for EAPOL frame TX/RX
	* fixed OWE key derivation with groups 20 and 21; this breaks backwards
	  compatibility for these groups while the default group 19 remains
	  backwards compatible
	* added support for Beacon protection
	* added support for Extended Key ID for pairwise keys
	* removed WEP support from the default build (CONFIG_WEP=y can be used
	  to enable it, if really needed)
	* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
	* added support for Transition Disable mechanism to allow the AP to
	  automatically disable transition mode to improve security
	* extended D-Bus interface
	* added support for PASN
	* added a file-based backend for external password storage to allow
	  secret information to be moved away from the main configuration file
	  without requiring external tools
	* added EAP-TLS peer support for TLS 1.3 (disabled by default for now)
	* added support for SCS, MSCS, DSCP policy
	* changed driver interface selection to default to automatic fallback
	  to other compiled in options
	* a large number of other fixes, cleanup, and extensions

Revision 1.1: download - view: text, markup, annotated - select for diffs
Wed Sep 18 15:02:55 2024 UTC (4 months ago) by christos
Branch point for: MAIN
Initial revision

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>