Re: hostapd/wpa_supplicant - new release v2.10

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear Jouni,

I wish you a Happy New Year 2022!

Thanks a lot for this new version "2.10 (2022-01-16)" of hostap/wpa_supplicant which arrives several years after the 2.9 (2019-08-07) with CVE fixes.

A lot of people have requested it since a long time like me.

We hope more releases now and minor releases at each CVE, security is very important.

Regards,

Neustradamus

________________________________________
From: Hostap <hostap-bounces@xxxxxxxxxxxxxxxxxxx> on behalf of Jouni Malinen <j@xxxxx>
Sent: Sunday, January 16, 2022 22:20
To: hostap@xxxxxxxxxxxxxxxxxxx
Subject: hostapd/wpa_supplicant - new release v2.10

New versions of wpa_supplicant and hostapd were just
released and are now available from https://w1.fi/

This release follows the v2.x style with the release being made directly
from the master branch and the master branch moving now to 2.11
development.

There has been quite a few new features and fixes since the 2.9
release. The following ChangeLog entries highlight some of the main
changes:

hostapd:
* SAE changes
  - improved protection against side channel attacks
    [https://w1.fi/security/2022-1/]
  - added option send SAE Confirm immediately (sae_config_immediate=1)
    after SAE Commit
  - added support for the hash-to-element mechanism (sae_pwe=1 or
    sae_pwe=2)
  - fixed PMKSA caching with OKC
  - added support for SAE-PK
* EAP-pwd changes
  - improved protection against side channel attacks
    [https://w1.fi/security/2022-1/]
* fixed WPS UPnP SUBSCRIBE handling of invalid operations
  [https://w1.fi/security/2020-1/]
* fixed PMF disconnection protection bypass
  [https://w1.fi/security/2019-7/]
* added support for using OpenSSL 3.0
* fixed various issues in experimental support for EAP-TEAP server
* added configuration (max_auth_rounds, max_auth_rounds_short) to
  increase the maximum number of EAP message exchanges (mainly to
  support cases with very large certificates) for the EAP server
* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
* extended HE (IEEE 802.11ax) support, including 6 GHz support
* removed obsolete IAPP functionality
* fixed EAP-FAST server with TLS GCM/CCM ciphers
* dropped support for libnl 1.1
* added support for nl80211 control port for EAPOL frame TX/RX
* fixed OWE key derivation with groups 20 and 21; this breaks backwards
  compatibility for these groups while the default group 19 remains
  backwards compatible; owe_ptk_workaround=1 can be used to enabled a
  a workaround for the group 20/21 backwards compatibility
* added support for Beacon protection
* added support for Extended Key ID for pairwise keys
* removed WEP support from the default build (CONFIG_WEP=y can be used
  to enable it, if really needed)
* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
* added support for Transition Disable mechanism to allow the AP to
  automatically disable transition mode to improve security
* added support for PASN
* added EAP-TLS server support for TLS 1.3 (disabled by default for now)
* a large number of other fixes, cleanup, and extensions

wpa_supplicant:
* SAE changes
  - improved protection against side channel attacks
    [https://w1.fi/security/2022-1/]
  - added support for the hash-to-element mechanism (sae_pwe=1 or
    sae_pwe=2); this is currently disabled by default, but will likely
    get enabled by default in the future
  - fixed PMKSA caching with OKC
  - added support for SAE-PK
* EAP-pwd changes
  - improved protection against side channel attacks
  [https://w1.fi/security/2022-1/]
* fixed P2P provision discovery processing of a specially constructed
  invalid frame
  [https://w1.fi/security/2021-1/]
* fixed P2P group information processing of a specially constructed
  invalid frame
  [https://w1.fi/security/2020-2/]
* fixed PMF disconnection protection bypass in AP mode
  [https://w1.fi/security/2019-7/]
* added support for using OpenSSL 3.0
* increased the maximum number of EAP message exchanges (mainly to
  support cases with very large certificates)
* fixed various issues in experimental support for EAP-TEAP peer
* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
* a number of MKA/MACsec fixes and extensions
* added support for SAE (WPA3-Personal) AP mode configuration
* added P2P support for EDMG (IEEE 802.11ay) channels
* fixed EAP-FAST peer with TLS GCM/CCM ciphers
* improved throughput estimation and BSS selection
* dropped support for libnl 1.1
* added support for nl80211 control port for EAPOL frame TX/RX
* fixed OWE key derivation with groups 20 and 21; this breaks backwards
  compatibility for these groups while the default group 19 remains
  backwards compatible
* added support for Beacon protection
* added support for Extended Key ID for pairwise keys
* removed WEP support from the default build (CONFIG_WEP=y can be used
  to enable it, if really needed)
* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
* added support for Transition Disable mechanism to allow the AP to
  automatically disable transition mode to improve security
* extended D-Bus interface
* added support for PASN
* added a file-based backend for external password storage to allow
  secret information to be moved away from the main configuration file
  without requiring external tools
* added EAP-TLS peer support for TLS 1.3 (disabled by default for now)
* added support for SCS, MSCS, DSCP policy
* changed driver interface selection to default to automatic fallback
  to other compiled in options
* a large number of other fixes, cleanup, and extensions


git-shortlog for 2.9 -> 2.10:

There were 2509 commits, so the list would be a too long for this email.
Anyway, if you are interested in the details, they are available in the
hostap.git repository. diffstat has following to say about the changes:
 833 files changed, 94977 insertions(+), 33464 deletions(-)

--
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux