Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: hostapd | Distribution: openSUSE Tumbleweed |
Version: 2.11 | Vendor: openSUSE |
Release: 1.1 | Build date: Thu Aug 8 09:30:47 2024 |
Group: Hardware/Wifi | Build host: reproducible |
Size: 2301948 | Source RPM: hostapd-2.11-1.1.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://w1.fi/ | |
Summary: Daemon for running a WPA capable Access Point |
hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server. Currently, hostapd supports HostAP, madwifi, and prism54 drivers. It also supports wired IEEE 802.1X authentication via any ethernet driver.
BSD-3-Clause OR GPL-2.0-only
* Thu Aug 08 2024 chris@computersalat.de - 2024-07-20 - v2.11 * Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange * HE/IEEE 802.11ax/Wi-Fi 6 - various fixes * EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support * SAE: add support for fetching the password from a RADIUS server * support OpenSSL 3.0 API changes * support background radar detection and CAC with some additional drivers * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3) * EAP-SIM/AKA: support IMSI privacy * improve 4-way handshake operations - use Secure=1 in message 3 during PTK rekeying * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues * support new SAE AKM suites with variable length keys * support new AKM for 802.1X/EAP with SHA384 * extend PASN support for secure ranging * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible * improved ACS to cover additional channel types/bandwidths * extended Multiple BSSID support * fix beacon protection with FT protocol (incorrect BIGTK was provided) * support unsynchronized service discovery (USD) * add preliminary support for RADIUS/TLS * add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1) * fix SAE H2E rejected groups validation to avoid downgrade attacks * use stricter validation for some RADIUS messages * a large number of other fixes, cleanup, and extensions * Fri Mar 11 2022 Clemens Famulla-Conrad <cfamullaconrad@suse.com> - Adjust config * Enable SAE * Enable DPP * Enable wired driver * Enable Airtime policy support * Enable Fast Initial Link Setup (FILS) (IEEE 802.11ai) * Mon Jan 17 2022 Michael Ströder <michael@stroeder.com> - Removed obsolete patches: * CVE-2019-16275.patch * CVE-2020-12695.patch * CVE-2021-30004.patch - Update to version 2.10 * SAE changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] - added option send SAE Confirm immediately (sae_config_immediate=1) after SAE Commit - added support for the hash-to-element mechanism (sae_pwe=1 or sae_pwe=2) - fixed PMKSA caching with OKC - added support for SAE-PK * EAP-pwd changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] * fixed WPS UPnP SUBSCRIBE handling of invalid operations [https://w1.fi/security/2020-1/] * fixed PMF disconnection protection bypass [https://w1.fi/security/2019-7/] * added support for using OpenSSL 3.0 * fixed various issues in experimental support for EAP-TEAP server * added configuration (max_auth_rounds, max_auth_rounds_short) to increase the maximum number of EAP message exchanges (mainly to support cases with very large certificates) for the EAP server * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol) * extended HE (IEEE 802.11ax) support, including 6 GHz support * removed obsolete IAPP functionality * fixed EAP-FAST server with TLS GCM/CCM ciphers * dropped support for libnl 1.1 * added support for nl80211 control port for EAPOL frame TX/RX * fixed OWE key derivation with groups 20 and 21; this breaks backwards compatibility for these groups while the default group 19 remains backwards compatible; owe_ptk_workaround=1 can be used to enabled a a workaround for the group 20/21 backwards compatibility * added support for Beacon protection * added support for Extended Key ID for pairwise keys * removed WEP support from the default build (CONFIG_WEP=y can be used to enable it, if really needed) * added a build option to remove TKIP support (CONFIG_NO_TKIP=y) * added support for Transition Disable mechanism to allow the AP to automatically disable transition mode to improve security * added support for PASN * added EAP-TLS server support for TLS 1.3 (disabled by default for now) * a large number of other fixes, cleanup, and extensions * Fri Nov 26 2021 Clemens Famulla-Conrad <cfamullaconrad@suse.com> - Fix AppArmor profile -- allow access to /etc/ssl/openssl.cnf (bsc#1192959) * Fri Oct 15 2021 Johannes Segitz <jsegitz@suse.com> - Added hardening to systemd service(s) (bsc#1181400). Modified: * hostapd.service * Wed Jul 14 2021 Michael Ströder <michael@stroeder.com> - fixed AppArmor profile * Tue Apr 06 2021 Clemens Famulla-Conrad <cfamullaconrad@suse.com> - Add CVE-2021-30004.patch -- forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348) * Tue Feb 23 2021 Michael Ströder <michael@stroeder.com> - added AppArmor profile (source apparmor-usr.sbin.hostapd) * Tue Sep 29 2020 Clemens Famulla-Conrad <cfamullaconrad@suse.com> - Add CVE-2020-12695.patch -- UPnP SUBSCRIBE misbehavior in hostapd WPS AP (bsc#1172700) * Thu Apr 23 2020 Clemens Famulla-Conrad <cfamullaconrad@suse.com> - Add CVE-2019-16275.patch -- AP mode PMF disconnection protection bypass (bsc#1150934)
/etc/apparmor.d /etc/apparmor.d/usr.sbin.hostapd /etc/hostapd.accept /etc/hostapd.conf /etc/hostapd.deny /etc/hostapd.eap_user /etc/hostapd.radius_clients /etc/hostapd.sim_db /etc/hostapd.vlan /etc/hostapd.wpa_psk /usr/lib/systemd/system/hostapd.service /usr/sbin/hostapd /usr/sbin/hostapd_cli /usr/sbin/rchostapd /usr/share/doc/packages/hostapd /usr/share/doc/packages/hostapd/ChangeLog /usr/share/doc/packages/hostapd/README /usr/share/doc/packages/hostapd/hostapd.conf /usr/share/doc/packages/hostapd/wired.conf /usr/share/licenses/hostapd /usr/share/licenses/hostapd/COPYING /usr/share/man/man8/hostapd.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Nov 16 01:18:36 2024