Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

hostapd-2.6-lp150.1.3 RPM for ppc64le

From OpenSuSE Ports Leap 15.0 for ppc64le

Name: hostapd Distribution: openSUSE Leap 15.0
Version: 2.6 Vendor: openSUSE
Release: lp150.1.3 Build date: Wed May 9 09:22:03 2018
Group: Hardware/Wifi Build host: obs-power8-04
Size: 2160598 Source RPM: hostapd-2.6-lp150.1.3.src.rpm
Summary: Turns Your WLAN Card into a WPA capable Access Point
hostapd is a user space daemon for access point and authentication
servers. It implements IEEE 802.11 access point management, IEEE
802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and
RADIUS authentication server. Currently, hostapd supports HostAP,
madwifi, and prism54 drivers. It also supports wired IEEE 802.1X
authentication via any ethernet driver.




GPL-2.0 or BSD-3-Clause


* Wed Oct 18 2017
  - Fix KRACK attacks (bsc#1063479, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088):
    * rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
    * rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
    * rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
    * rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
    * rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
    * rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
    * rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
    * rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
* Sun Oct 02 2016
  - update to upstream release 2.6
    * fixed EAP-pwd last fragment validation
      [] (CVE-2015-5314)
    * fixed WPS configuration update vulnerability with malformed passphrase
      [] (CVE-2016-4476)
    * extended channel switch support for VHT bandwidth changes
    * added support for configuring new ANQP-elements with
      anqp_elem=<InfoID>:<hexdump of payload>
    * fixed Suite B 192-bit AKM to use proper PMK length
      (note: this makes old releases incompatible with the fixed behavior)
    * added no_probe_resp_if_max_sta=1 parameter to disable Probe Response
      frame sending for not-associated STAs if max_num_sta limit has been
    * added option (-S as command line argument) to request all interfaces
      to be started at the same time
    * modified rts_threshold and fragm_threshold configuration parameters
      to allow -1 to be used to disable RTS/fragmentation
    * EAP-pwd: added support for Brainpool Elliptic Curves
      (with OpenSSL 1.0.2 and newer)
    * fixed EAPOL reauthentication after FT protocol run
    * fixed FTIE generation for 4-way handshake after FT protocol run
    * fixed and improved various FST operations
    * TLS server
    - support SHA384 and SHA512 hashes
    - support TLS v1.2 signature algorithm with SHA384 and SHA512
    - support PKCS #5 v2.0 PBES2
    - support PKCS #5 with PKCS #12 style key decryption
    - minimal support for PKCS #12
    - support OCSP stapling (including ocsp_multi)
    * added support for OpenSSL 1.1 API changes
    - drop support for OpenSSL 0.9.8
    - drop support for OpenSSL 1.0.0
    * EAP-PEAP: support fast-connect crypto binding
    * RADIUS
    - fix Called-Station-Id to not escape SSID
    - add Event-Timestamp to all Accounting-Request packets
    - add Acct-Session-Id to Accounting-On/Off
    - add Acct-Multi-Session-Id  ton Access-Request packets
    - add Service-Type (= Frames)
    - allow server to provide PSK instead of passphrase for WPA-PSK
      Tunnel_password case
    - update full message for interim accounting updates
    - add Acct-Delay-Time into Accounting messages
    - add require_message_authenticator configuration option to require
      CoA/Disconnect-Request packets to be authenticated
    * started to postpone WNM-Notification frame sending by 100 ms so that
      the STA has some more time to configure the key before this frame is
      received after the 4-way handshake
    * VHT: added interoperability workaround for 80+80 and 160 MHz channels
    * extended VLAN support (per-STA vif, etc.)
    * fixed PMKID derivation with SAE
    * nl80211
    - added support for full station state operations
    - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use
      unencrypted EAPOL frames
    * added initial MBO support; number of extensions to WNM BSS Transition
    * added initial functionality for location related operations
    * added assocresp_elements parameter to allow vendor specific elements
      to be added into (Re)Association Response frames
    * improved Public Action frame addressing
    - use Address 3 = wildcard BSSID in GAS response if a query from an
      unassociated STA used that address
    - fix TX status processing for Address 3 = wildcard BSSID
    - add gas_address3 configuration parameter to control Address 3
    * added command line parameter -i to override interface parameter in
    * added command completion support to hostapd_cli
    * added passive client taxonomy determination (CONFIG_TAXONOMY=y
      compile option and "SIGNATURE <addr>" control interface command)
    * number of small fixes
  - renamed hostapd-2.5-defconfig.patch to hostapd-2.6-defconfig.patch
* Sun Oct 18 2015
  - update to upstream release 2.5
  - removed 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
    (CVE-2015-1863) because it's fixed in upstream release 2.5
  - rebased hostapd-2.4-defconfig.patch -> hostapd-2.5-defconfig.patch
    ChangeLog for hostapd since 2.4:
    2015-09-27 - v2.5
    * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
    [] (CVE-2015-4141 bsc#930077)
    * fixed WMM Action frame parser
    [] (CVE-2015-4142 bsc#930078)
    * fixed EAP-pwd server missing payload length validation
    (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, bsc#930079)
    * fixed validation of WPS and P2P NFC NDEF record payload length
    * nl80211:
    - fixed vendor command handling to check OUI properly
    * fixed hlr_auc_gw build with OpenSSL
    * hlr_auc_gw: allow Milenage RES length to be reduced
    * disable HT for a station that does not support WMM/QoS
    * added support for hashed password (NtHash) in EAP-pwd server
    * fixed and extended dynamic VLAN cases
    * added EAP-EKE server support for deriving Session-Id
    * set Acct-Session-Id to a random value to make it more likely to be
    unique even if the device does not have a proper clock
    * added more 2.4 GHz channels for 20/40 MHz HT co-ex scan
    * modified SAE routines to be more robust and PWE generation to be
    stronger against timing attacks
    * added support for Brainpool Elliptic Curves with SAE
    * increases maximum value accepted for cwmin/cwmax
    * added support for CCMP-256 and GCMP-256 as group ciphers with FT
    * added Fast Session Transfer (FST) module
    * removed optional fields from RSNE when using FT with PMF
    (workaround for interoperability issues with iOS 8.4)
    * added EAP server support for TLS session resumption
    * fixed key derivation for Suite B 192-bit AKM (this breaks
    compatibility with the earlier version)
    * added mechanism to track unconnected stations and do minimal band
    * number of small fixes
* Thu Apr 23 2015
  - update version 2.4
  - added 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
    for CVE-2015-1863
  - updated URLs
  - require pkg-config and libnl3-devel during build
  - replaced hostapd-2.3-defconfig.patch by hostapd-2.4-defconfig.patch
    ChangeLog for hostapd since 2.3:
    2015-03-15 - v2.4
    * allow OpenSSL cipher configuration to be set for internal EAP server
      (openssl_ciphers parameter)
    * fixed number of small issues based on hwsim test case failures and
      static analyzer reports
    * fixed Accounting-Request to not include duplicated Acct-Session-Id
    * add support for Acct-Multi-Session-Id in RADIUS Accounting messages
    * add support for PMKSA caching with SAE
    * add support for generating BSS Load element (bss_load_update_period)
    * fixed channel switch from VHT to HT
    * add INTERFACE-ENABLED and INTERFACE-DISABLED ctrl_iface events
    * add support for learning STA IPv4/IPv6 addresses and configuring
      ProxyARP support
    * dropped support for the madwifi driver interface
    * add support for Suite B (128-bit and 192-bit level) key management and
      cipher suites
    * fixed a regression with driver=wired
    * extend EAPOL-Key msg 1/4 retry workaround for changing SNonce
    * add BSS_TM_REQ ctrl_iface command to send BSS Transition Management
      Request frames and BSS-TM-RESP event to indicate response to such
    * add support for EAP Re-Authentication Protocol (ERP)
    * fixed AP IE in EAPOL-Key 3/4 when both WPA and FT was enabled
    * fixed a regression in HT 20/40 coex Action frame parsing
    * set stdout to be line-buffered
    * add support for vendor specific VHT extension to enable 256 QAM rates
      (VHT-MCS 8 and 9) on 2.4 GHz band
    - extend Disconnect-Request processing to allow matching of multiple
    - support Acct-Multi-Session-Id as an identifier
    - allow PMKSA cache entry to be removed without association
    * expire hostapd STA entry if kernel does not have a matching entry
    * allow chanlist to be used to specify a subset of channels for ACS
    * improve ACS behavior on 2.4 GHz band and allow channel bias to be
      configured with acs_chan_bias parameter
    * do not reply to a Probe Request frame that includes DSS Parameter Set
      element in which the channel does not match the current operating
    * add UPDATE_BEACON ctrl_iface command; this can be used to force Beacon
      frame contents to be updated and to start beaconing on an interface
      that used start_disabled=1
    * fixed some RADIUS server failover cases
* Mon Jan 05 2015
  - update version 2.3
  - removed patch hostapd-2.1-be-host_to_le.patch because it
    seems obsolete
  - hostapd-2.1-defconfig.patch rediffed and renamed to hostapd-2.3-defconfig.patch
    ChangeLog for hostapd since 2.1:
    2014-10-09 - v2.3
    * fixed number of minor issues identified in static analyzer warnings
    * fixed DFS and channel switch operation for multi-BSS cases
    * started to use constant time comparison for various password and hash
    values to reduce possibility of any externally measurable timing
    * extended explicit clearing of freed memory and expired keys to avoid
    keeping private data in memory longer than necessary
    * added support for number of new RADIUS attributes from RFC 7268
    (Mobility-Domain-Id, WLAN-HESSID, WLAN-Pairwise-Cipher,
    WLAN-Group-Cipher, WLAN-AKM-Suite, WLAN-Group-Mgmt-Pairwise-Cipher)
    * fixed GET_CONFIG wpa_pairwise_cipher value
    * added code to clear bridge FDB entry on station disconnection
    * fixed PMKSA cache timeout from Session-Timeout for WPA/WPA2 cases
    * fixed OKC PMKSA cache entry fetch to avoid a possible infinite loop
    in case the first entry does not match
    * fixed hostapd_cli action script execution to use more robust mechanism
    2014-06-04 - v2.2
    * fixed SAE confirm-before-commit validation to avoid a potential
    segmentation fault in an unexpected message sequence that could be
    triggered remotely
    * extended VHT support
    - Operating Mode Notification
    - Power Constraint element (local_pwr_constraint)
    - Spectrum management capability (spectrum_mgmt_required=1)
    - fix VHT80 segment picking in ACS
    - fix vht_capab 'Maximum A-MPDU Length Exponent' handling
    - fix VHT20
    * fixed HT40 co-ex scan for some pri/sec channel switches
    * extended HT40 co-ex support to allow dynamic channel width changes
    during the lifetime of the BSS
    * fixed HT40 co-ex support to check for overlapping 20 MHz BSS
    * fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding;
    this fixes password with include UTF-8 characters that use
    three-byte encoding EAP methods that use NtPasswordHash
    * reverted TLS certificate validation step change in v2.1 that rejected
    any AAA server certificate with id-kp-clientAuth even if
    id-kp-serverAuth EKU was included
    * fixed STA validation step for WPS ER commands to prevent a potential
    crash if an ER sends an unexpected PutWLANResponse to a station that
    is disassociated, but not fully removed
    * enforce full EAP authentication after RADIUS Disconnect-Request by
    removing the PMKSA cache entry
    * added support for NAS-IP-Address, NAS-identifier, and NAS-IPv6-Address
    in RADIUS Disconnect-Request
    * added mechanism for removing addresses for MAC ACLs by prefixing an
    entry with "-"
    * Interworking/Hotspot 2.0 enhancements
    - support Hotspot 2.0 Release 2
    * OSEN network for online signup connection
    * subscription remediation (based on RADIUS server request or
    control interface HS20_WNM_NOTIF for testing purposes)
    * Hotspot 2.0 release number indication in WFA RADIUS VSA
    * deauthentication request (based on RADIUS server request or
    control interface WNM_DEAUTH_REQ for testing purposes)
    * Session Info URL RADIUS AVP to trigger ESS Disassociation Imminent
    * hs20_icon config parameter to configure icon files for OSU
    * osu_* config parameters for OSU Providers list
    - do not use Interworking filtering rules on Probe Request if
    Interworking is disabled to avoid interop issues
    * added/fixed nl80211 functionality
    - AP interface teardown optimization
    - support vendor specific driver command
    (VENDOR <vendor id> <sub command id> [<hex formatted data>])
    * fixed PMF protection of Deauthentication frame when this is triggered
    by session timeout
    * internal TLS implementation enhancements/fixes
    - add SHA256-based cipher suites
    - add DHE-RSA cipher suites
    - fix X.509 validation of PKCS#1 signature to check for extra data
    * RADIUS server functionality
    - add minimal RADIUS accounting server support (hostapd-as-server);
    this is mainly to enable testing coverage with hwsim scripts
    - allow authentication log to be written into SQLite databse
    - added option for TLS protocol testing of an EAP peer by simulating
    various misbehaviors/known attacks
    - MAC ACL support for testing purposes
    * fixed PTK derivation for CCMP-256 and GCMP-256
    * extended WPS per-station PSK to support ER case
    * added option to configure the management group cipher
    (group_mgmt_cipher=AES-128-CMAC (default), BIP-GMAC-128, BIP-GMAC-256,
    * fixed AP mode default TXOP Limit values for AC_VI and AC_VO (these
    were rounded incorrectly)
    * added support for postponing FT response in case PMK-R1 needs to be
    pulled from R0KH
    * added option to advertise 40 MHz intolerant HT capability with
    * remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled
    whenever CONFIG_WPS=y is set
    * EAP-pwd fixes
    - fix possible segmentation fault on EAP method deinit if an invalid
    group is negotiated
    * fixed RADIUS client retransmit/failover behavior
    - there was a potential ctash due to freed memory being accessed
    - failover to a backup server mechanism did not work properly
    * fixed a possible crash on double DISABLE command when multiple BSSes
    are enabled
    * fixed a memory leak in SAE random number generation
    * fixed GTK rekeying when the station uses FT protocol
    * fixed off-by-one bounds checking in printf_encode()
    - this could result in deinial of service in some EAP server cases
    * various bug fixes
* Tue May 27 2014
  - Update hostapd-2.1-defconfig.patch and spec file
    to build with libnl3 instead of libnl1
* Wed Apr 16 2014
  - update version 2.1
    * see for details.
  - change hostapd.diff to hostapd-2.1-defconfig.patch
  - remove patch: hostapd-tmp.diff, no longer needed.
* Wed Oct 02 2013
  - fix host_to_le32 undefined on BigEndian architectures
* Thu Apr 18 2013
  - Do not package /etc/init.d
  - Do not install init file since package contains a service file and
    is only build for Factory
  - Cleanup spec file
  - Use /run instead of /var/run
* Wed Apr 17 2013
  - license update: GPL-2.0 or BSD-3-Clause
    README makes it clear that this is a dual license - i.e. choice of either
* Tue Apr 09 2013
  - update to version 2.0
  - fix corrected file name hostapd.dif to hostapd.diff
  - in default config includes all features (IEEE 802.11w, Hotspot 2.0, IEEE 802.11ac, WPS, etc.)
* Tue Nov 06 2012
  - Add Native systemd units
* Tue May 15 2012
  - update to version 1.0
  - respin hostapd.dif to fit the new defconfig
  - change the file permission of the config files with passwords
    to 600 (bnc#740964)
* Wed Oct 12 2011
  - update to version 0.7.3
  - don't use /tmp for dump file in default config
  - verbose build
  - fix build for older distros
  - enable driver 'none' for radius only mode
  - add init script
* Fri Sep 30 2011
  - cross-build fix: use %__cc macro
* Fri Sep 16 2011
  - Select libnl-1_1-devel
* Sun Oct 31 2010
  - Use %_smp_mflags
* Wed Jun 09 2010
  - udpated to release 0.6.10
  - updated hostapd.dif
  - git-commit-eb1f744.diff:
    * Move DTIM period configuration into Beacon set operation; fixes
      "Could not set DTIM period for kernel driver; wlan0: Unable to
      setup interface.rmdir[ctrl_interface]: No such file or
      directory" error when using "nl80211" driver



Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Nov 9 10:26:55 2021