Accepting request 1198031 from Base:System

- 2024-07-20 - v2.11 * Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange * HE/IEEE 802.11ax/Wi-Fi 6 - various fixes * EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support * SAE: add support for fetching the password from a RADIUS server * support OpenSSL 3.0 API changes * support background radar detection and CAC with some additional drivers * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3) * EAP-SIM/AKA: support IMSI privacy * improve 4-way handshake operations - use Secure=1 in message 3 during PTK rekeying * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues * support new SAE AKM suites with variable length keys * support new AKM for 802.1X/EAP with SHA384 * extend PASN support for secure ranging * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible * improved ACS to cover additional channel types/bandwidths * extended Multiple BSSID support * fix beacon protection with FT protocol (incorrect BIGTK was provided) * support unsynchronized service discovery (USD) OBS-URL: https://build.opensuse.org/request/show/1198031 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hostapd?expand=0&rev=48
2024-09-02 11:13:41 +00:00 · 2024-09-02 11:13:41 +00:00 · d8f2b01ffd
commit d8f2b01ffd
parent 3096b54644 e97fd0f1ba
6 changed files with 66 additions and 25 deletions
--- a/hostapd-2.10.tar.gz
+++ b/hostapd-2.10.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:206e7c799b678572c2e3d12030238784bc4a9f82323b0156b4c9466f1498915d
-size 2440435
--- a/hostapd-2.10.tar.gz.asc
+++ b/hostapd-2.10.tar.gz.asc
@ -1,6 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iF0EABECAB0WIQTsSqCpkaXyRkWC1S0rbvQy78iV+gUCYeSJ0QAKCRArbvQy78iV
-+ryaAJ9Dg6Jolf9k10113AamARgeJObKPgCdGhRdfhroyDzd5qglBkDB0wDsqXc=
-=N0h0
-----END PGP SIGNATURE-----
--- a/hostapd-2.11.tar.gz
+++ b/hostapd-2.11.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2b3facb632fd4f65e32f4bf82a76b4b72c501f995a4f62e330219fe7aed1747a
+size 2708343
--- a/hostapd-2.11.tar.gz.asc
+++ b/hostapd-2.11.tar.gz.asc
@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iF0EABECAB0WIQTsSqCpkaXyRkWC1S0rbvQy78iV+gUCZpwBjgAKCRArbvQy78iV
+kn0AJ425X6Qa2egH+GcGYD/W0Im31POWACfTus+8lK5KJGLsOuXcPGCazUGkl0=
+=2w57
+-----END PGP SIGNATURE-----
--- a/hostapd.changes
+++ b/hostapd.changes
@ -1,3 +1,44 @@
+-------------------------------------------------------------------
+Thu Aug  8 07:30:47 UTC 2024 - chris@computersalat.de
+
+- 2024-07-20 - v2.11
+  * Wi-Fi Easy Connect
+    - add support for DPP release 3
+    - allow Configurator parameters to be provided during config
+      exchange
+  * HE/IEEE 802.11ax/Wi-Fi 6
+    - various fixes
+  * EHT/IEEE 802.11be/Wi-Fi 7
+    - add preliminary support
+  * SAE: add support for fetching the password from a RADIUS server
+  * support OpenSSL 3.0 API changes
+  * support background radar detection and CAC with some additional
+    drivers
+  * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
+  * EAP-SIM/AKA: support IMSI privacy
+  * improve 4-way handshake operations
+    - use Secure=1 in message 3 during PTK rekeying
+  * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
+    to avoid interoperability issues
+  * support new SAE AKM suites with variable length keys
+  * support new AKM for 802.1X/EAP with SHA384
+  * extend PASN support for secure ranging
+  * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
+    - this is based on additional details being added in the IEEE 802.11
+    standard
+    - the new implementation is not backwards compatible
+  * improved ACS to cover additional channel types/bandwidths
+  * extended Multiple BSSID support
+  * fix beacon protection with FT protocol (incorrect BIGTK was provided)
+  * support unsynchronized service discovery (USD)
+  * add preliminary support for RADIUS/TLS
+  * add support for explicit SSID protection in 4-way handshake
+    (a mitigation for CVE-2023-52424; disabled by default for now, can be
+     enabled with ssid_protection=1)
+  * fix SAE H2E rejected groups validation to avoid downgrade attacks
+  * use stricter validation for some RADIUS messages
+  * a large number of other fixes, cleanup, and extensions
+
 -------------------------------------------------------------------
 Fri Mar 11 21:35:37 UTC 2022 - Clemens Famulla-Conrad <cfamullaconrad@suse.com>

@ -96,7 +137,7 @@ Tue Sep 29 12:52:10 UTC 2020 - Clemens Famulla-Conrad <cfamullaconrad@suse.com>
 Thu Apr 23 22:14:35 UTC 2020 - Clemens Famulla-Conrad <cfamullaconrad@suse.com>

 - Add CVE-2019-16275.patch -- AP mode PMF disconnection protection bypass
-  (bsc#1150934) 
+  (bsc#1150934)

 -------------------------------------------------------------------
 Thu Sep  5 17:58:05 UTC 2019 - Michael Ströder <michael@stroeder.com>
@ -654,7 +695,7 @@ ChangeLog for hostapd since 2.1:
 -------------------------------------------------------------------
 Tue May 27 19:57:16 UTC 2014 - crrodriguez@opensuse.org

- Update hostapd-2.1-defconfig.patch and spec file 
+- Update hostapd-2.1-defconfig.patch and spec file
  to build with libnl3 instead of libnl1

 -------------------------------------------------------------------
@ -669,7 +710,7 @@ Wed Apr 16 15:50:48 UTC 2014 - i@marguerite.su
 Wed Oct  2 15:33:43 UTC 2013 - dvaleev@suse.com

 - fix host_to_le32 undefined on BigEndian architectures
-  (hostapd-be-host_to_le.patch) 
+  (hostapd-be-host_to_le.patch)

 -------------------------------------------------------------------
 Thu Apr 18 08:05:13 UTC 2013 - aj@suse.com
@ -697,12 +738,12 @@ Tue Apr  9 17:49:22 UTC 2013 - avm-xandry@yandex.ru
 -------------------------------------------------------------------
 Tue Nov  6 04:41:17 UTC 2012 - crrodriguez@opensuse.org

- Add Native systemd units 
+- Add Native systemd units

 -------------------------------------------------------------------
 Tue May 15 04:55:22 UTC 2012 - glin@suse.com

- update to version 1.0 
+- update to version 1.0
 - respin hostapd.dif to fit the new defconfig
 - change the file permission of the config files with passwords
  to 600 (bnc#740964)
@ -735,7 +776,7 @@ Sun Oct 31 12:37:02 UTC 2010 - jengelh@medozas.de
 -------------------------------------------------------------------
 Wed Jun  9 05:32:08 CEST 2010 - sndirsch@suse.de

- udpated to release 0.6.10 
+- udpated to release 0.6.10
 - updated hostapd.dif
 - git-commit-eb1f744.diff:
  * Move DTIM period configuration into Beacon set operation; fixes
@ -746,7 +787,7 @@ Wed Jun  9 05:32:08 CEST 2010 - sndirsch@suse.de
 -------------------------------------------------------------------
 Wed Sep 24 00:58:59 CEST 2008 - ro@suse.de

- drop buildreq for madwifi (dropped package) 
+- drop buildreq for madwifi (dropped package)

 -------------------------------------------------------------------
 Tue Sep 23 01:14:12 CEST 2008 - ro@suse.de
@ -843,7 +884,7 @@ Mon Sep 18 14:13:31 CEST 2006 - jg@suse.de
 -------------------------------------------------------------------
 Sun Feb  5 19:37:30 CET 2006 - ro@suse.de

- use madwifi-devel in BuildRequires 
+- use madwifi-devel in BuildRequires

 -------------------------------------------------------------------
 Sun Feb  5 17:09:48 CET 2006 - aj@suse.de
@ -936,7 +977,7 @@ Mon Aug 22 15:21:31 CEST 2005 - jg@suse.de
 -------------------------------------------------------------------
 Sun Aug  7 22:13:32 CEST 2005 - ro@suse.de

- fix build with current wireless drivers 
+- fix build with current wireless drivers

 -------------------------------------------------------------------
 Mon Jul 11 16:34:25 CEST 2005 - jg@suse.de
@ -1044,7 +1085,7 @@ Mon Feb  7 14:43:27 CET 2005 - jg@suse.de
    external RADIUS authentication server
 - hostap-driver: update to version 0.3.7-pre, changes:
  * improved suspend operation: disable firmware (hostap_cs) and
-    generate disconnect event to trigger wpa_supplicant to 
+    generate disconnect event to trigger wpa_supplicant to
    reassociate immediately after resume
  * added new ioctl command for hostapd to clear station specific
    accounting data when starting a new accounting session
@ -1162,7 +1203,7 @@ Mon May 17 18:15:57 CEST 2004 - jg@suse.de
  * added new hostapd.conf variable, nas_identifier, that can be
    used to add an optional RADIUS Attribute, NAS-Identifier, into
    authentication and accounting messages
-  * added support for Accounting-On and Accounting-Off messages         
+  * added support for Accounting-On and Accounting-Off messages
 - update hostap-utils to 0.2.1:
  * hostap_rid: fixed handling of failed RID reads
  * fixed prism2_srec not to allow combination of volatile and
@ -1180,7 +1221,7 @@ Mon May 17 18:15:57 CEST 2004 - jg@suse.de
    association status in Managed mode
  * added alternative TKIP implementation which uses Michael MIC
    implementation in CryptoAPI instead of Host AP specific
-    implementation                                                      
+    implementation
  * added support for RSN (IEEE 802.11i/WPA2)
  * dropped support for Linux 2.2.x and old Linux 2.4.x kernels
  * fixed hostap_cs unregistration when PC Card is removed while
@ -1193,7 +1234,7 @@ Mon May 17 18:15:57 CEST 2004 - jg@suse.de
  * added crypto hooks for full MSDU encrypt/decrypt
  * fixed iwspy support with Linux wireless ext v16
  * fixed IEEE 802.11 defragmentation when using host-based WEP
-    decryption and bridging packets between two associated STAs         
+    decryption and bridging packets between two associated STAs
  * added driver support for WPA Authenticator/Supplicant
  * added minimal support for ethtool
 - fixed bug in hostap-driver Makefile which prevented hostap_cs.ko
@ -1256,7 +1297,7 @@ Sun Feb 29 12:28:30 CET 2004 - jg@suse.de
 -------------------------------------------------------------------
 Mon Jan 26 15:01:49 CET 2004 - jg@suse.de

- removed kernel-source from neededforbuild 
+- removed kernel-source from neededforbuild

 -------------------------------------------------------------------
 Fri Jan  9 18:44:30 CET 2004 - jg@suse.de
--- a/hostapd.spec
+++ b/hostapd.spec
@ -1,7 +1,7 @@
 #
 # spec file for package hostapd
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -18,7 +18,7 @@

 %bcond_without  apparmor
 Name:           hostapd
-Version:        2.10
+Version:        2.11
 Release:        0
 Summary:        Daemon for running a WPA capable Access Point
 License:        BSD-3-Clause OR GPL-2.0-only