hostapd/wpa_supplicant - new release v2.10

Colton Conor colton.conor at gmail.com
Fri Feb 4 04:23:16 PST 2022 

Thanks Jouni! Can't wait to see this upstreamed by all the vendors now!

On Thu, Feb 3, 2022 at 6:02 PM * Neustradamus *
<neustradamus at hotmail.com> wrote:
>
> Dear Jouni,
>
> I wish you a Happy New Year 2022!
>
> Thanks a lot for this new version "2.10 (2022-01-16)" of hostap/wpa_supplicant which arrives several years after the 2.9 (2019-08-07) with CVE fixes.
>
> A lot of people have requested it since a long time like me.
>
> We hope more releases now and minor releases at each CVE, security is very important.
>
> Regards,
>
> Neustradamus
>
> ________________________________________
> From: Hostap <hostap-bounces at lists.infradead.org> on behalf of Jouni Malinen <j at w1.fi>
> Sent: Sunday, January 16, 2022 22:20
> To: hostap at lists.infradead.org
> Subject: hostapd/wpa_supplicant - new release v2.10
>
> New versions of wpa_supplicant and hostapd were just
> released and are now available from https://w1.fi/
>
> This release follows the v2.x style with the release being made directly
> from the master branch and the master branch moving now to 2.11
> development.
>
> There has been quite a few new features and fixes since the 2.9
> release. The following ChangeLog entries highlight some of the main
> changes:
>
> hostapd:
> * SAE changes
>   - improved protection against side channel attacks
>     [https://w1.fi/security/2022-1/]
>   - added option send SAE Confirm immediately (sae_config_immediate=1)
>     after SAE Commit
>   - added support for the hash-to-element mechanism (sae_pwe=1 or
>     sae_pwe=2)
>   - fixed PMKSA caching with OKC
>   - added support for SAE-PK
> * EAP-pwd changes
>   - improved protection against side channel attacks
>     [https://w1.fi/security/2022-1/]
> * fixed WPS UPnP SUBSCRIBE handling of invalid operations
>   [https://w1.fi/security/2020-1/]
> * fixed PMF disconnection protection bypass
>   [https://w1.fi/security/2019-7/]
> * added support for using OpenSSL 3.0
> * fixed various issues in experimental support for EAP-TEAP server
> * added configuration (max_auth_rounds, max_auth_rounds_short) to
>   increase the maximum number of EAP message exchanges (mainly to
>   support cases with very large certificates) for the EAP server
> * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
> * extended HE (IEEE 802.11ax) support, including 6 GHz support
> * removed obsolete IAPP functionality
> * fixed EAP-FAST server with TLS GCM/CCM ciphers
> * dropped support for libnl 1.1
> * added support for nl80211 control port for EAPOL frame TX/RX
> * fixed OWE key derivation with groups 20 and 21; this breaks backwards
>   compatibility for these groups while the default group 19 remains
>   backwards compatible; owe_ptk_workaround=1 can be used to enabled a
>   a workaround for the group 20/21 backwards compatibility
> * added support for Beacon protection
> * added support for Extended Key ID for pairwise keys
> * removed WEP support from the default build (CONFIG_WEP=y can be used
>   to enable it, if really needed)
> * added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
> * added support for Transition Disable mechanism to allow the AP to
>   automatically disable transition mode to improve security
> * added support for PASN
> * added EAP-TLS server support for TLS 1.3 (disabled by default for now)
> * a large number of other fixes, cleanup, and extensions
>
> wpa_supplicant:
> * SAE changes
>   - improved protection against side channel attacks
>     [https://w1.fi/security/2022-1/]
>   - added support for the hash-to-element mechanism (sae_pwe=1 or
>     sae_pwe=2); this is currently disabled by default, but will likely
>     get enabled by default in the future
>   - fixed PMKSA caching with OKC
>   - added support for SAE-PK
> * EAP-pwd changes
>   - improved protection against side channel attacks
>   [https://w1.fi/security/2022-1/]
> * fixed P2P provision discovery processing of a specially constructed
>   invalid frame
>   [https://w1.fi/security/2021-1/]
> * fixed P2P group information processing of a specially constructed
>   invalid frame
>   [https://w1.fi/security/2020-2/]
> * fixed PMF disconnection protection bypass in AP mode
>   [https://w1.fi/security/2019-7/]
> * added support for using OpenSSL 3.0
> * increased the maximum number of EAP message exchanges (mainly to
>   support cases with very large certificates)
> * fixed various issues in experimental support for EAP-TEAP peer
> * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
> * a number of MKA/MACsec fixes and extensions
> * added support for SAE (WPA3-Personal) AP mode configuration
> * added P2P support for EDMG (IEEE 802.11ay) channels
> * fixed EAP-FAST peer with TLS GCM/CCM ciphers
> * improved throughput estimation and BSS selection
> * dropped support for libnl 1.1
> * added support for nl80211 control port for EAPOL frame TX/RX
> * fixed OWE key derivation with groups 20 and 21; this breaks backwards
>   compatibility for these groups while the default group 19 remains
>   backwards compatible
> * added support for Beacon protection
> * added support for Extended Key ID for pairwise keys
> * removed WEP support from the default build (CONFIG_WEP=y can be used
>   to enable it, if really needed)
> * added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
> * added support for Transition Disable mechanism to allow the AP to
>   automatically disable transition mode to improve security
> * extended D-Bus interface
> * added support for PASN
> * added a file-based backend for external password storage to allow
>   secret information to be moved away from the main configuration file
>   without requiring external tools
> * added EAP-TLS peer support for TLS 1.3 (disabled by default for now)
> * added support for SCS, MSCS, DSCP policy
> * changed driver interface selection to default to automatic fallback
>   to other compiled in options
> * a large number of other fixes, cleanup, and extensions
>
>
> git-shortlog for 2.9 -> 2.10:
>
> There were 2509 commits, so the list would be a too long for this email.
> Anyway, if you are interested in the details, they are available in the
> hostap.git repository. diffstat has following to say about the changes:
>  833 files changed, 94977 insertions(+), 33464 deletions(-)
>
> --
> Jouni Malinen                                            PGP id EFC895FA
>
> _______________________________________________
> Hostap mailing list
> Hostap at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/hostap
>
> _______________________________________________
> Hostap mailing list
> Hostap at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/hostap

More information about the Hostap mailing list