- updated to 2.6 / 2016-10-02
* fixed WNM Sleep Mode processing when PMF is not enabled
[http://w1.fi/security/2015-6/] (CVE-2015-5310 bsc#952254)
* fixed EAP-pwd last fragment validation
[http://w1.fi/security/2015-7/] (CVE-2015-5315 bsc#953115)
* fixed EAP-pwd unexpected Confirm message processing
[http://w1.fi/security/2015-8/] (CVE-2015-5316 bsc#953115)
* fixed WPS configuration update vulnerability with malformed passphrase
[http://w1.fi/security/2016-1/] (CVE-2016-4476 bsc#978172)
* fixed configuration update vulnerability with malformed parameters set
over the local control interface
[http://w1.fi/security/2016-1/] (CVE-2016-4477 bsc#978175)
* fixed TK configuration to the driver in EAPOL-Key 3/4 retry case
* extended channel switch support for P2P GO
* started to throttle control interface event message bursts to avoid
issues with monitor sockets running out of buffer space
* mesh mode fixes/improvements
- generate proper AID for peer
- enable WMM by default
- add VHT support
- fix PMKID derivation
- improve robustness on various exchanges
- fix peer link counting in reconnect case
- improve mesh joining behavior
- allow DTIM period to be configured
- allow HT to be disabled (disable_ht=1)
- add MESH_PEER_ADD and MESH_PEER_REMOVE commands
- add support for PMKSA caching
- add minimal support for SAE group negotiation
- allow pairwise/group cipher to be configured in the network profile
OBS-URL: https://build.opensuse.org/request/show/433620
OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=68
- Previous update did not include version 2.5 tarball
or changed the version number in spec, only the changelog
and removed patches.
- config: set CONFIG_NO_RANDOM_POOL=y, we have a reliable·
random number generator by using /dev/urandom, no need to
keep an internal random number pool which draws entropy from
/dev/random.
- config: prefer using epoll(7) instead of select(2)
by setting CONFIG_ELOOP_EPOLL=y
- wpa_supplicant-getrandom.patch: Prefer to use the getrandom(2)
system call to collect entropy. if it is not present disable
buffering when reading /dev/urandom, otherwise each os_get_random()
call will request BUFSIZ of entropy instead of the few needed bytes.
OBS-URL: https://build.opensuse.org/request/show/360174
OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=60
- Update to 1.1
* Fix EAPOL supplicant port authorization with PMKSA caching.
* Fix EAPOL processing when STA switches between multi-BSSes.
* Fix EAP-FAST with OpenSSL 1.0.1.
* EAP-pwd: Increase maximum number of hunting-and-pecking
iterations, which results in less authentication attempts
failing.
* Set state to DISCONNECTED on AP creation errors. Previously the
supplicant would stay in SCANNING state forever.
* Fix REMOVE_NETWORK to not run operations with invalid
current_ssid.
* EAP-SIM peer: Fix AT_COUNTER_TOO_SMALL use.
* Interworking: Fix PLMN matching with multiple entries to compare
all entries, not just the first one.
* Handle long configuration file lines more gracefully.
* Fix adding extra IEs in sched scan.
* PMKSA: Set cur_pmksa pointer during initial association.
* PMKSA: Do not evict the active cache entry when adding new ones.
* Set state consistently to DISCONNECTED on auth/assoc failures.
* Fix BSSID enforcement with driver-based BSS selection. Set BSSID
and channel when the network block has an explicit bssid
parameter to select which BSS is to be used.
* wpa_gui: Fix compilation with gcc/g++ 4.7.
* EAP-AKA'
- Update to RFC 5448 in the leading characters used in the
username. This will make EAP-AKA' not interoperate between the
earlier draft version and the new version.
- Fix SIM/USIM determination to support EAP-AKA'.
* dbus:
- Add global capabilities property.
OBS-URL: https://build.opensuse.org/request/show/145628
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/wpa_supplicant?expand=0&rev=47
- Update to 1.0
* Delay STA entry removal until Deauth/Disassoc TX status
in AP mode. This allows the driver to use PS buffering of
Deauthentication and Disassociation frames when the STA
is in power save sleep. Only available with drivers that
provide TX status events for Deauth/Disassoc frames
(nl80211).
* Drop oldest unknown BSS table entries first. This makes
it less likely to hit connection issues in environments
with huge number of visible APs.
* Add systemd support.
* Add support for setting the syslog facility from the
config file at build time.
* atheros: Add support for IEEE 802.11w configuration.
* AP mode: Allow enable HT20 if driver supports it, by
setting the config parameter ieee80211n.
* Allow AP mode to disconnect STAs based on low ACK
condition (when the data connection is not working
properly, e.g., due to the STA going outside the range
of the AP).
* nl80211:
- Support GTK rekey offload.
- Support PMKSA candidate events. This adds support for
RSN pre-authentication with nl80211 interface and
drivers that handle roaming internally.
* Improved dbus interface
* New wpa_cli commands to setup the scan interval and
to support P2P and WPS/WPS ER
* AP mode: Add max_num_sta config option, which can be used
to limit the number of stations allowed to connect to the
OBS-URL: https://build.opensuse.org/request/show/121034
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/wpa_supplicant?expand=0&rev=45
