Package Release Info

hostapd-2.10-bp153.3.3.1

Update Info: openSUSE-2022-152
Available in Package Hub : 15 SP3 Update

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

hostapd

Change Logs

* Fri Mar 11 2022 Clemens Famulla-Conrad <cfamullaconrad@suse.com>

- Adjust config
  * Enable SAE
  * Enable DPP
  * Enable wired driver
  * Enable Airtime policy support
  * Enable Fast Initial Link Setup (FILS) (IEEE 802.11ai)

* Mon Jan 17 2022 Michael Ströder <michael@stroeder.com>

- Removed obsolete patches:
  * CVE-2019-16275.patch
  * CVE-2020-12695.patch
  * CVE-2021-30004.patch
- Update to version 2.10
  * SAE changes
  - improved protection against side channel attacks
    [https://w1.fi/security/2022-1/]
  - added option send SAE Confirm immediately (sae_config_immediate=1)
    after SAE Commit
  - added support for the hash-to-element mechanism (sae_pwe=1 or
    sae_pwe=2)
  - fixed PMKSA caching with OKC
  - added support for SAE-PK
  * EAP-pwd changes
  - improved protection against side channel attacks
    [https://w1.fi/security/2022-1/]
  * fixed WPS UPnP SUBSCRIBE handling of invalid operations
    [https://w1.fi/security/2020-1/]
  * fixed PMF disconnection protection bypass
    [https://w1.fi/security/2019-7/]
  * added support for using OpenSSL 3.0
  * fixed various issues in experimental support for EAP-TEAP server
  * added configuration (max_auth_rounds, max_auth_rounds_short) to
    increase the maximum number of EAP message exchanges (mainly to
    support cases with very large certificates) for the EAP server
  * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
  * extended HE (IEEE 802.11ax) support, including 6 GHz support
  * removed obsolete IAPP functionality
  * fixed EAP-FAST server with TLS GCM/CCM ciphers
  * dropped support for libnl 1.1
  * added support for nl80211 control port for EAPOL frame TX/RX
  * fixed OWE key derivation with groups 20 and 21; this breaks backwards
    compatibility for these groups while the default group 19 remains
    backwards compatible; owe_ptk_workaround=1 can be used to enabled a
    a workaround for the group 20/21 backwards compatibility
  * added support for Beacon protection
  * added support for Extended Key ID for pairwise keys
  * removed WEP support from the default build (CONFIG_WEP=y can be used
    to enable it, if really needed)
  * added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
  * added support for Transition Disable mechanism to allow the AP to
    automatically disable transition mode to improve security
  * added support for PASN
  * added EAP-TLS server support for TLS 1.3 (disabled by default for now)
  * a large number of other fixes, cleanup, and extensions

* Fri Nov 26 2021 Clemens Famulla-Conrad <cfamullaconrad@suse.com>

- Fix AppArmor profile -- allow access to /etc/ssl/openssl.cnf
  (bsc#1192959)

* Fri Oct 15 2021 Johannes Segitz <jsegitz@suse.com>

- Added hardening to systemd service(s) (bsc#1181400). Modified:
  * hostapd.service

* Wed Jul 14 2021 Michael Ströder <michael@stroeder.com>

- fixed AppArmor profile