Version: 2.11-160000.2.2
* Fri May 30 2025 cfamullaconrad@suse.com
- Remove support for WEP authentication (jsc#PED-12955)
* Mon Apr 07 2025 cfamullaconrad@suse.com
- CVE-2025-24912: hostapd fails to process crafted RADIUS packets
properly (bsc#1239461)
[+ CVE-2025-24912.patch]
- Drop rcFOO symlinks for CODE16 (PED-266).
- Revert "Mark authorization completed on driver indication
during 4-way HS offload" because of WPA2-PSK/WPA-SAE connection
problems with brcmfmac wifi hardware. (bsc#1230797, bsc#1240791)
[+ Revert-Mark-authorization-completed-on-driver-indica.patch]
* Wed Sep 11 2024 cfamullaconrad@suse.com
- update to v2.11:
* Wi-Fi Easy Connect
- add support for DPP release 3
- allow Configurator parameters to be provided during config exchange
* HE/IEEE 802.11ax/Wi-Fi 6
- various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
- add preliminary support
* SAE: add support for fetching the password from a RADIUS server
* support OpenSSL 3.0 API changes
* support background radar detection and CAC with some additional
drivers
* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
* EAP-SIM/AKA: support IMSI privacy
* improve 4-way handshake operations
- use Secure=1 in message 3 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* extend PASN support for secure ranging
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
- this is based on additional details being added in the IEEE 802.11
standard
- the new implementation is not backwards compatible
* improved ACS to cover additional channel types/bandwidths
* extended Multiple BSSID support
* fix beacon protection with FT protocol (incorrect BIGTK was provided)
* support unsynchronized service discovery (USD)
* add preliminary support for RADIUS/TLS
* add support for explicit SSID protection in 4-way handshake
(a mitigation for CVE-2023-52424; disabled by default for now, can be
enabled with ssid_protection=1)
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* use stricter validation for some RADIUS messages
* a large number of other fixes, cleanup, and extensions
- refresh patches:
wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff
wpa_supplicant-sigusr1-changes-debuglevel.patch
- drop patches:
CVE-2023-52160.patch
dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch
* Thu Feb 15 2024 cfamullaconrad@suse.com
- Add CVE-2023-52160.patch - Bypassing WiFi Authentication (bsc#1219975)
* Tue May 16 2023 gmbr3@opensuse.org
- Change ctrl_interface from /var/run to %_rundir (/run)
* Thu Sep 01 2022 schubi@suse.com
- Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update.
* Tue Jul 05 2022 cfamullaconrad@suse.com
- Add dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch
(bsc#1201219)
* Tue Jun 21 2022 schubi@suse.com
- Removed %config flag for files in /usr directory.
* Tue Jun 21 2022 schubi@suse.com
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
* Mon Jun 20 2022 cfamullaconrad@suse.com
- Remove Revert-DBus-Add-sae-to-interface-key_mgmt-capabilities.patch
Fixed in NetworkManager (glfo#NetworkManager/NetworkManager#a0988868).
Wifi cards, wich do not support PMF/BIP ciphers, should not use
SAE as key management. (bsc#1195312)