Opened 3 years ago

Closed 3 years ago

#11405 closed enhancement (fixed)

wpa_supplicant-2.7

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: normal Milestone: 8.4
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (3)

comment:1 by Bruce Dubbs, 3 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 3 years ago

2018-12-02 - v2.7

  • fixed WPA packet number reuse with replayed messages and key reinstallation https://w1.fi/security/2017-1/ (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
  • fixed unauthenticated EAPOL-Key decryption in wpa_supplicant https://w1.fi/security/2018-1/ (CVE-2018-14526)
  • added support for FILS (IEEE 802.11ai) shared key authentication
  • added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA)
  • added support for DPP (Wi-Fi Device Provisioning Protocol)
  • added support for RSA 3k key case with Suite B 192-bit level
  • fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake
  • fixed EAP-pwd pre-processing with PasswordHashHash
  • added EAP-pwd client support for salted passwords
  • fixed a regression in TDLS prohibited bit validation
  • started to use estimated throughput to avoid undesired signal strength based roaming decision
  • MACsec/MKA:
    • new macsec_linux driver interface support for the Linux kernel macsec module
    • number of fixes and extensions
  • added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands; and

MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)

  • fixed mesh channel configuration pri/sec switch case
  • added support for beacon report
  • large number of other fixes, cleanup, and extensions
  • added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter)
  • fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel
  • added option for using random WPS UUID (auto_uuid=1)
  • added SHA256-hash support for OCSP certificate matching
  • fixed EAP-AKA' to add AT_KDF into Synchronization-Failure
  • fixed a regression in RSN pre-authentication candidate selection
  • added option to configure allowed group management cipher suites (group_mgmt network profile parameter)
  • removed all PeerKey functionality
  • fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer
  • added ap_isolate configuration option for AP mode
  • added support for nl80211 to offload 4-way handshake into the driver
  • added support for using wolfSSL cryptographic library
  • SAE
    • added support for configuring SAE password separately of the WPA2 PSK/passphrase
    • fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability
    • added support for Password Identifier
    • fixed FT-SAE PMKID matching
  • Hotspot 2.0
    • added support for fetching of Operator Icon Metadata ANQP-element
    • added support for Roaming Consortium Selection element
    • added support for Terms and Conditions
    • added support for OSEN connection in a shared RSN BSS
    • added support for fetching Venue URL information
  • added support for using OpenSSL 1.1.1
  • FT
    • disabled PMKSA caching with FT since it is not fully functional
    • added support for SHA384 based AKM
    • added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128
    • fixed additional IE inclusion in Reassociation Request frame when using FT protocol

comment:3 by Bruce Dubbs, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at revision 20849.

Note: See TracTickets for help on using tickets.