- update to upstream release 2.6
* fixed EAP-pwd last fragment validation
[http://w1.fi/security/2015-7/] (CVE-2015-5314)
* fixed WPS configuration update vulnerability with malformed passphrase
[http://w1.fi/security/2016-1/] (CVE-2016-4476)
* extended channel switch support for VHT bandwidth changes
* added support for configuring new ANQP-elements with
anqp_elem=<InfoID>:<hexdump of payload>
* fixed Suite B 192-bit AKM to use proper PMK length
(note: this makes old releases incompatible with the fixed behavior)
* added no_probe_resp_if_max_sta=1 parameter to disable Probe Response
frame sending for not-associated STAs if max_num_sta limit has been
reached
* added option (-S as command line argument) to request all interfaces
to be started at the same time
* modified rts_threshold and fragm_threshold configuration parameters
to allow -1 to be used to disable RTS/fragmentation
* EAP-pwd: added support for Brainpool Elliptic Curves
(with OpenSSL 1.0.2 and newer)
* fixed EAPOL reauthentication after FT protocol run
* fixed FTIE generation for 4-way handshake after FT protocol run
* fixed and improved various FST operations
* TLS server
- support SHA384 and SHA512 hashes
- support TLS v1.2 signature algorithm with SHA384 and SHA512
- support PKCS #5 v2.0 PBES2
- support PKCS #5 with PKCS #12 style key decryption
- minimal support for PKCS #12
- support OCSP stapling (including ocsp_multi)
* added support for OpenSSL 1.1 API changes
OBS-URL: https://build.opensuse.org/request/show/433344
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hostapd?expand=0&rev=31
- update to upstream release 2.5
- removed 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
(CVE-2015-1863) because it's fixed in upstream release 2.5
- rebased hostapd-2.4-defconfig.patch -> hostapd-2.5-defconfig.patch
ChangeLog for hostapd since 2.4:
2015-09-27 - v2.5
* fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
[http://w1.fi/security/2015-2/] (CVE-2015-4141 bsc#930077)
* fixed WMM Action frame parser
[http://w1.fi/security/2015-3/] (CVE-2015-4142 bsc#930078)
* fixed EAP-pwd server missing payload length validation
[http://w1.fi/security/2015-4/]
(CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, bsc#930079)
* fixed validation of WPS and P2P NFC NDEF record payload length
[http://w1.fi/security/2015-5/]
* nl80211:
- fixed vendor command handling to check OUI properly
* fixed hlr_auc_gw build with OpenSSL
* hlr_auc_gw: allow Milenage RES length to be reduced
* disable HT for a station that does not support WMM/QoS
* added support for hashed password (NtHash) in EAP-pwd server
* fixed and extended dynamic VLAN cases
* added EAP-EKE server support for deriving Session-Id
* set Acct-Session-Id to a random value to make it more likely to be
unique even if the device does not have a proper clock
* added more 2.4 GHz channels for 20/40 MHz HT co-ex scan
* modified SAE routines to be more robust and PWE generation to be
stronger against timing attacks
* added support for Brainpool Elliptic Curves with SAE
* increases maximum value accepted for cwmin/cwmax
OBS-URL: https://build.opensuse.org/request/show/345591
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hostapd?expand=0&rev=30
- update version 2.3
- removed patch hostapd-2.1-be-host_to_le.patch because it
seems obsolete
- hostapd-2.1-defconfig.patch rediffed and renamed to hostapd-2.3-defconfig.patch
ChangeLog for hostapd since 2.1:
2014-10-09 - v2.3
* fixed number of minor issues identified in static analyzer warnings
* fixed DFS and channel switch operation for multi-BSS cases
* started to use constant time comparison for various password and hash
values to reduce possibility of any externally measurable timing
differences
* extended explicit clearing of freed memory and expired keys to avoid
keeping private data in memory longer than necessary
* added support for number of new RADIUS attributes from RFC 7268
(Mobility-Domain-Id, WLAN-HESSID, WLAN-Pairwise-Cipher,
WLAN-Group-Cipher, WLAN-AKM-Suite, WLAN-Group-Mgmt-Pairwise-Cipher)
* fixed GET_CONFIG wpa_pairwise_cipher value
* added code to clear bridge FDB entry on station disconnection
* fixed PMKSA cache timeout from Session-Timeout for WPA/WPA2 cases
* fixed OKC PMKSA cache entry fetch to avoid a possible infinite loop
in case the first entry does not match
* fixed hostapd_cli action script execution to use more robust mechanism
(CVE-2014-3686)
2014-06-04 - v2.2
* fixed SAE confirm-before-commit validation to avoid a potential
segmentation fault in an unexpected message sequence that could be
triggered remotely
* extended VHT support
- Operating Mode Notification
- Power Constraint element (local_pwr_constraint)
OBS-URL: https://build.opensuse.org/request/show/280170
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hostapd?expand=0&rev=28
