206b73d042
Update wpa 2.8 --> 2.9 hostapd: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching * added configuration of airtime policy * fixed FILS to and RSNE into (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * added support for regulatory WMM limitation (for ETSI) * added support for MACsec Key Agreement using IEEE 802.1X/PSK * added experimental support for EAP-TEAP server (RFC 7170) * added experimental support for EAP-TLS server with TLS v1.3 * added support for two server certificates/keys (RSA/ECC) * added AKMSuiteSelector into "STA <addr>" control interface data to determine with AKM was used for an association * added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and fast reauthentication use to be disabled * fixed an ECDH operation corner case with OpenSSL wpa_supplicant: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL MFC after: 1 week Security: https://w1.fi/security/2019-6/\ sae-eap-pwd-side-channel-attack-update.txt |
||
---|---|---|
.. | ||
amd | ||
apr | ||
apr-util | ||
atf | ||
bearssl | ||
binutils | ||
blacklist | ||
bmake | ||
bsnmp | ||
byacc | ||
bzip2 | ||
capsicum-test | ||
com_err | ||
compiler-rt | ||
cortex-strings | ||
dialog | ||
diff | ||
dma | ||
dtc | ||
ee | ||
elftoolchain | ||
expat | ||
file | ||
flex | ||
gcc | ||
gcclibs | ||
gdb | ||
gdtoa | ||
googletest | ||
gperf | ||
hyperv/tools | ||
ipfilter | ||
jemalloc | ||
ldns | ||
ldns-host | ||
less | ||
libarchive | ||
libbegemot | ||
libc-pwcache | ||
libc-vis | ||
libc++ | ||
libcxxrt | ||
libdivsufsort | ||
libevent | ||
libexecinfo | ||
libgnuregex | ||
libpcap | ||
libstdc++ | ||
libucl | ||
libunwind | ||
libxo | ||
llvm | ||
lua | ||
mandoc | ||
mknod | ||
mtree | ||
ncurses | ||
netbsd-tests | ||
netcat | ||
ngatm | ||
ntp | ||
nvi | ||
ofed | ||
one-true-awk | ||
openbsm | ||
opencsd/decoder | ||
openmp | ||
openpam | ||
openresolv | ||
opie | ||
pam_modules/pam_passwdqc | ||
pf | ||
pjdfstest | ||
pnpinfo | ||
processor-trace | ||
sendmail | ||
serf | ||
smbfs | ||
sqlite3 | ||
subversion | ||
tcp_wrappers | ||
tcpdump | ||
tcsh | ||
telnet | ||
tnftp | ||
traceroute | ||
tzcode | ||
tzdata | ||
unbound | ||
unvis | ||
vis | ||
wpa | ||
xz |