Accepting request 1198031 from Base:System

- 2024-07-20 - v2.11 * Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange * HE/IEEE 802.11ax/Wi-Fi 6 - various fixes * EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support * SAE: add support for fetching the password from a RADIUS server * support OpenSSL 3.0 API changes * support background radar detection and CAC with some additional drivers * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3) * EAP-SIM/AKA: support IMSI privacy * improve 4-way handshake operations - use Secure=1 in message 3 during PTK rekeying * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues * support new SAE AKM suites with variable length keys * support new AKM for 802.1X/EAP with SHA384 * extend PASN support for secure ranging * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible * improved ACS to cover additional channel types/bandwidths * extended Multiple BSSID support * fix beacon protection with FT protocol (incorrect BIGTK was provided) * support unsynchronized service discovery (USD) OBS-URL: https://build.opensuse.org/request/show/1198031 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hostapd?expand=0&rev=48
2024-09-02 11:13:41 +00:00 · 2024-09-02 11:13:41 +00:00 · d8f2b01ffd
commit d8f2b01ffd
parent 3096b54644 e97fd0f1ba
6 changed files with 66 additions and 25 deletions
--- a/hostapd-2.10.tar.gz
+++ b/hostapd-2.10.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:206e7c799b678572c2e3d12030238784bc4a9f82323b0156b4c9466f1498915d
-size 2440435
--- a/hostapd-2.10.tar.gz.asc
+++ b/hostapd-2.10.tar.gz.asc
@ -1,6 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iF0EABECAB0WIQTsSqCpkaXyRkWC1S0rbvQy78iV+gUCYeSJ0QAKCRArbvQy78iV
-+ryaAJ9Dg6Jolf9k10113AamARgeJObKPgCdGhRdfhroyDzd5qglBkDB0wDsqXc=
-=N0h0
-----END PGP SIGNATURE-----
--- a/hostapd-2.11.tar.gz
+++ b/hostapd-2.11.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2b3facb632fd4f65e32f4bf82a76b4b72c501f995a4f62e330219fe7aed1747a
+size 2708343
--- a/hostapd-2.11.tar.gz.asc
+++ b/hostapd-2.11.tar.gz.asc
@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iF0EABECAB0WIQTsSqCpkaXyRkWC1S0rbvQy78iV+gUCZpwBjgAKCRArbvQy78iV
+kn0AJ425X6Qa2egH+GcGYD/W0Im31POWACfTus+8lK5KJGLsOuXcPGCazUGkl0=
+=2w57
+-----END PGP SIGNATURE-----
--- a/hostapd.changes
+++ b/hostapd.changes
@ -1,3 +1,44 @@
+-------------------------------------------------------------------
+Thu Aug  8 07:30:47 UTC 2024 - chris@computersalat.de
+
+- 2024-07-20 - v2.11
+  * Wi-Fi Easy Connect
+    - add support for DPP release 3
+    - allow Configurator parameters to be provided during config
+      exchange
+  * HE/IEEE 802.11ax/Wi-Fi 6
+    - various fixes
+  * EHT/IEEE 802.11be/Wi-Fi 7
+    - add preliminary support
+  * SAE: add support for fetching the password from a RADIUS server
+  * support OpenSSL 3.0 API changes
+  * support background radar detection and CAC with some additional
+    drivers
+  * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
+  * EAP-SIM/AKA: support IMSI privacy
+  * improve 4-way handshake operations
+    - use Secure=1 in message 3 during PTK rekeying
+  * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
+    to avoid interoperability issues
+  * support new SAE AKM suites with variable length keys
+  * support new AKM for 802.1X/EAP with SHA384
+  * extend PASN support for secure ranging
+  * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
+    - this is based on additional details being added in the IEEE 802.11
+    standard
+    - the new implementation is not backwards compatible
+  * improved ACS to cover additional channel types/bandwidths
+  * extended Multiple BSSID support
+  * fix beacon protection with FT protocol (incorrect BIGTK was provided)
+  * support unsynchronized service discovery (USD)
+  * add preliminary support for RADIUS/TLS
+  * add support for explicit SSID protection in 4-way handshake
+    (a mitigation for CVE-2023-52424; disabled by default for now, can be
+     enabled with ssid_protection=1)
+  * fix SAE H2E rejected groups validation to avoid downgrade attacks
+  * use stricter validation for some RADIUS messages
+  * a large number of other fixes, cleanup, and extensions
+
 -------------------------------------------------------------------
 Fri Mar 11 21:35:37 UTC 2022 - Clemens Famulla-Conrad <cfamullaconrad@suse.com>

--- a/hostapd.spec
+++ b/hostapd.spec
@ -1,7 +1,7 @@
 #
 # spec file for package hostapd
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -18,7 +18,7 @@

 %bcond_without  apparmor
 Name:           hostapd
-Version:        2.10
+Version:        2.11
 Release:        0
 Summary:        Daemon for running a WPA capable Access Point
 License:        BSD-3-Clause OR GPL-2.0-only