hostapd and wpa_supplicant 2.11 were released on 20-Jul-2024. https://lists.infradead.org/pipermail/hostap/2024-July/042847.html hostapd: * Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange * HE/IEEE 802.11ax/Wi-Fi 6 - various fixes * EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support * SAE: add support for fetching the password from a RADIUS server * support OpenSSL 3.0 API changes * support background radar detection and CAC with some additional drivers * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3) * EAP-SIM/AKA: support IMSI privacy * improve 4-way handshake operations - use Secure=1 in message 3 during PTK rekeying * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues * support new SAE AKM suites with variable length keys * support new AKM for 802.1X/EAP with SHA384 * extend PASN support for secure ranging * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible * improved ACS to cover additional channel types/bandwidths * extended Multiple BSSID support * fix beacon protection with FT protocol (incorrect BIGTK was provided) * support unsynchronized service discovery (USD) * add preliminary support for RADIUS/TLS * add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1) * fix SAE H2E rejected groups validation to avoid downgrade attacks * use stricter validation for some RADIUS messages * a large number of other fixes, cleanup, and extensions wpa_supplicant: * Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange * MACsec - add support for GCM-AES-256 cipher suite - remove incorrect EAP Session-Id length constraint - add hardware offload support for additional drivers * HE/IEEE 802.11ax/Wi-Fi 6 - support BSS color updates - various fixes * EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support * support OpenSSL 3.0 API changes * improve EAP-TLS support for TLSv1.3 * EAP-SIM/AKA: support IMSI privacy * improve mitigation against DoS attacks when PMF is used * improve 4-way handshake operations - discard unencrypted EAPOL frames in additional cases - use Secure=1 in message 2 during PTK rekeying * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues * support new SAE AKM suites with variable length keys * support new AKM for 802.1X/EAP with SHA384 * improve cross-AKM roaming with driver-based SME/BSS selection * PASN - extend support for secure ranging - allow PASN implementation to be used with external programs for Wi-Fi Aware * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible, but PMKSA caching with FT-EAP was, and still is, disabled by default * support a pregenerated MAC (mac_addr=3) as an alternative mechanism for using per-network random MAC addresses * EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1) to improve security for still unfortunately common invalid configurations that do not set ca_cert * extend SCS support for QoS Characteristics * extend MSCS support * support unsynchronized service discovery (USD) * add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1) - in addition, verify SSID after key setup when beacon protection is used * fix SAE H2E rejected groups validation to avoid downgrade attacks * a large number of other fixes, cleanup, and extensions
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd7a5cbd5907d0ca44b418ce6d413a2d02173ab1 commit fd7a5cbd5907d0ca44b418ce6d413a2d02173ab1 Author: Christopher Byrne <salah.coronya@gmail.com> AuthorDate: 2025-02-22 00:39:22 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-02-22 23:29:03 +0000 net-wireless/wpa_supplicant: add 2.11 This contains a patch to fix certain brcmfmac adapters. It reverts commit 41638606054a09867fe3f9a2b5523aa4678cbfa5 "Mark authorization completed on driver indication during 4-way HS offload". Bug: https://bugs.gentoo.org/948052 Bug: https://bugs.gentoo.org/937452 Closes: https://bugs.gentoo.org/939007 Signed-off-by: Christopher Byrne <salah.coronya@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/40693 Signed-off-by: Sam James <sam@gentoo.org> net-wireless/wpa_supplicant/Manifest | 1 + ...-authorization-completed-on-driver-indica.patch | 53 +++ .../wpa_supplicant/wpa_supplicant-2.11.ebuild | 480 +++++++++++++++++++++ 3 files changed, 534 insertions(+) Additionally, it has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fb011c163847b686b9b8be56c2994b3dcedf6f8b commit fb011c163847b686b9b8be56c2994b3dcedf6f8b Author: Christopher Byrne <salah.coronya@gmail.com> AuthorDate: 2025-02-21 23:22:10 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-02-22 23:29:02 +0000 net-wireless/hostapd: add 2.11 Bug: https://bugs.gentoo.org/939007 Signed-off-by: Christopher Byrne <salah.coronya@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> net-wireless/hostapd/Manifest | 1 + net-wireless/hostapd/hostapd-2.11.ebuild | 265 +++++++++++++++++++++++++++++++ 2 files changed, 266 insertions(+)
