Thanks Jouni! Can't wait to see this upstreamed by all the vendors now! On Thu, Feb 3, 2022 at 6:02 PM * Neustradamus * <neustradamus@xxxxxxxxxxx> wrote: > > Dear Jouni, > > I wish you a Happy New Year 2022! > > Thanks a lot for this new version "2.10 (2022-01-16)" of hostap/wpa_supplicant which arrives several years after the 2.9 (2019-08-07) with CVE fixes. > > A lot of people have requested it since a long time like me. > > We hope more releases now and minor releases at each CVE, security is very important. > > Regards, > > Neustradamus > > ________________________________________ > From: Hostap <hostap-bounces@xxxxxxxxxxxxxxxxxxx> on behalf of Jouni Malinen <j@xxxxx> > Sent: Sunday, January 16, 2022 22:20 > To: hostap@xxxxxxxxxxxxxxxxxxx > Subject: hostapd/wpa_supplicant - new release v2.10 > > New versions of wpa_supplicant and hostapd were just > released and are now available from https://w1.fi/ > > This release follows the v2.x style with the release being made directly > from the master branch and the master branch moving now to 2.11 > development. > > There has been quite a few new features and fixes since the 2.9 > release. The following ChangeLog entries highlight some of the main > changes: > > hostapd: > * SAE changes > - improved protection against side channel attacks > [https://w1.fi/security/2022-1/] > - added option send SAE Confirm immediately (sae_config_immediate=1) > after SAE Commit > - added support for the hash-to-element mechanism (sae_pwe=1 or > sae_pwe=2) > - fixed PMKSA caching with OKC > - added support for SAE-PK > * EAP-pwd changes > - improved protection against side channel attacks > [https://w1.fi/security/2022-1/] > * fixed WPS UPnP SUBSCRIBE handling of invalid operations > [https://w1.fi/security/2020-1/] > * fixed PMF disconnection protection bypass > [https://w1.fi/security/2019-7/] > * added support for using OpenSSL 3.0 > * fixed various issues in experimental support for EAP-TEAP server > * added configuration (max_auth_rounds, max_auth_rounds_short) to > increase the maximum number of EAP message exchanges (mainly to > support cases with very large certificates) for the EAP server > * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol) > * extended HE (IEEE 802.11ax) support, including 6 GHz support > * removed obsolete IAPP functionality > * fixed EAP-FAST server with TLS GCM/CCM ciphers > * dropped support for libnl 1.1 > * added support for nl80211 control port for EAPOL frame TX/RX > * fixed OWE key derivation with groups 20 and 21; this breaks backwards > compatibility for these groups while the default group 19 remains > backwards compatible; owe_ptk_workaround=1 can be used to enabled a > a workaround for the group 20/21 backwards compatibility > * added support for Beacon protection > * added support for Extended Key ID for pairwise keys > * removed WEP support from the default build (CONFIG_WEP=y can be used > to enable it, if really needed) > * added a build option to remove TKIP support (CONFIG_NO_TKIP=y) > * added support for Transition Disable mechanism to allow the AP to > automatically disable transition mode to improve security > * added support for PASN > * added EAP-TLS server support for TLS 1.3 (disabled by default for now) > * a large number of other fixes, cleanup, and extensions > > wpa_supplicant: > * SAE changes > - improved protection against side channel attacks > [https://w1.fi/security/2022-1/] > - added support for the hash-to-element mechanism (sae_pwe=1 or > sae_pwe=2); this is currently disabled by default, but will likely > get enabled by default in the future > - fixed PMKSA caching with OKC > - added support for SAE-PK > * EAP-pwd changes > - improved protection against side channel attacks > [https://w1.fi/security/2022-1/] > * fixed P2P provision discovery processing of a specially constructed > invalid frame > [https://w1.fi/security/2021-1/] > * fixed P2P group information processing of a specially constructed > invalid frame > [https://w1.fi/security/2020-2/] > * fixed PMF disconnection protection bypass in AP mode > [https://w1.fi/security/2019-7/] > * added support for using OpenSSL 3.0 > * increased the maximum number of EAP message exchanges (mainly to > support cases with very large certificates) > * fixed various issues in experimental support for EAP-TEAP peer > * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol) > * a number of MKA/MACsec fixes and extensions > * added support for SAE (WPA3-Personal) AP mode configuration > * added P2P support for EDMG (IEEE 802.11ay) channels > * fixed EAP-FAST peer with TLS GCM/CCM ciphers > * improved throughput estimation and BSS selection > * dropped support for libnl 1.1 > * added support for nl80211 control port for EAPOL frame TX/RX > * fixed OWE key derivation with groups 20 and 21; this breaks backwards > compatibility for these groups while the default group 19 remains > backwards compatible > * added support for Beacon protection > * added support for Extended Key ID for pairwise keys > * removed WEP support from the default build (CONFIG_WEP=y can be used > to enable it, if really needed) > * added a build option to remove TKIP support (CONFIG_NO_TKIP=y) > * added support for Transition Disable mechanism to allow the AP to > automatically disable transition mode to improve security > * extended D-Bus interface > * added support for PASN > * added a file-based backend for external password storage to allow > secret information to be moved away from the main configuration file > without requiring external tools > * added EAP-TLS peer support for TLS 1.3 (disabled by default for now) > * added support for SCS, MSCS, DSCP policy > * changed driver interface selection to default to automatic fallback > to other compiled in options > * a large number of other fixes, cleanup, and extensions > > > git-shortlog for 2.9 -> 2.10: > > There were 2509 commits, so the list would be a too long for this email. > Anyway, if you are interested in the details, they are available in the > hostap.git repository. diffstat has following to say about the changes: > 833 files changed, 94977 insertions(+), 33464 deletions(-) > > -- > Jouni Malinen PGP id EFC895FA > > _______________________________________________ > Hostap mailing list > Hostap@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/hostap > > _______________________________________________ > Hostap mailing list > Hostap@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/hostap _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
