Changes in README-NAN-USD http://nxr.netbsd.org/rss/src/external/bsd/wpa/dist/wpa_supplicant/README-NAN-USD en Copyright 2005 Java branches: 1.1.1;<br/>Initial revision /src/external/bsd/wpa/dist/wpa_supplicant/README-NAN-USD - 1.1 Wed Sep 18 15:02:55 UTC 2024 christos branches: 1.1.1.1.4;<br/>Import wpa_supplicant hand hostapd 2.11. Previous was 2.9<br/><br/>1. Changes for hostapd:<br/><br/>2024-07-20 - v2.11<br/> * Wi-Fi Easy Connect<br/> - add support for DPP release 3<br/> - allow Configurator parameters to be provided during config exchange<br/> * HE/IEEE 802.11ax/Wi-Fi 6<br/> - various fixes<br/> * EHT/IEEE 802.11be/Wi-Fi 7<br/> - add preliminary support<br/> * SAE: add support for fetching the password from a RADIUS server<br/> * support OpenSSL 3.0 API changes<br/> * support background radar detection and CAC with some additional<br/> drivers<br/> * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)<br/> * EAP-SIM/AKA: support IMSI privacy<br/> * improve 4-way handshake operations<br/> - use Secure=1 in message 3 during PTK rekeying<br/> * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases<br/> to avoid interoperability issues<br/> * support new SAE AKM suites with variable length keys<br/> * support new AKM for 802.1X/EAP with SHA384<br/> * extend PASN support for secure ranging<br/> * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)<br/> - this is based on additional details being added in the IEEE 802.11<br/> standard<br/> - the new implementation is not backwards compatible<br/> * improved ACS to cover additional channel types/bandwidths<br/> * extended Multiple BSSID support<br/> * fix beacon protection with FT protocol (incorrect BIGTK was provided)<br/> * support unsynchronized service discovery (USD)<br/> * add preliminary support for RADIUS/TLS<br/> * add support for explicit SSID protection in 4-way handshake<br/> (a mitigation for CVE-2023-52424; disabled by default for now, can be<br/> enabled with ssid_protection=1)<br/> * fix SAE H2E rejected groups validation to avoid downgrade attacks<br/> * use stricter validation for some RADIUS messages<br/> * a large number of other fixes, cleanup, and extensions<br/><br/>2022-01-16 - v2.10<br/> * SAE changes<br/> - improved protection against side channel attacks<br/> [https://w1.fi/security/2022-1/]<br/> - added option send SAE Confirm immediately (sae_config_immediate=1)<br/> after SAE Commit<br/> - added support for the hash-to-element mechanism (sae_pwe=1 or<br/> sae_pwe=2)<br/> - fixed PMKSA caching with OKC<br/> - added support for SAE-PK<br/> * EAP-pwd changes<br/> - improved protection against side channel attacks<br/> [https://w1.fi/security/2022-1/]<br/> * fixed WPS UPnP SUBSCRIBE handling of invalid operations<br/> [https://w1.fi/security/2020-1/]<br/> * fixed PMF disconnection protection bypass<br/> [https://w1.fi/security/2019-7/]<br/> * added support for using OpenSSL 3.0<br/> * fixed various issues in experimental support for EAP-TEAP server<br/> * added configuration (max_auth_rounds, max_auth_rounds_short) to<br/> increase the maximum number of EAP message exchanges (mainly to<br/> support cases with very large certificates) for the EAP server<br/> * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)<br/> * extended HE (IEEE 802.11ax) support, including 6 GHz support<br/> * removed obsolete IAPP functionality<br/> * fixed EAP-FAST server with TLS GCM/CCM ciphers<br/> * dropped support for libnl 1.1<br/> * added support for nl80211 control port for EAPOL frame TX/RX<br/> * fixed OWE key derivation with groups 20 and 21; this breaks backwards<br/> compatibility for these groups while the default group 19 remains<br/> backwards compatible; owe_ptk_workaround=1 can be used to enabled a<br/> a workaround for the group 20/21 backwards compatibility<br/> * added support for Beacon protection<br/> * added support for Extended Key ID for pairwise keys<br/> * removed WEP support from the default build (CONFIG_WEP=y can be used<br/> to enable it, if really needed)<br/> * added a build option to remove TKIP support (CONFIG_NO_TKIP=y)<br/> * added support for Transition Disable mechanism to allow the AP to<br/> automatically disable transition mode to improve security<br/> * added support for PASN<br/> * added EAP-TLS server support for TLS 1.3 (disabled by default for now)<br/> * a large number of other fixes, cleanup, and extensions<br/><br/><br/>2. Changes for wpa_supplicant<br/><br/>2024-07-20 - v2.11<br/> * Wi-Fi Easy Connect<br/> - add support for DPP release 3<br/> - allow Configurator parameters to be provided during config exchange<br/> * MACsec<br/> - add support for GCM-AES-256 cipher suite<br/> - remove incorrect EAP Session-Id length constraint<br/> - add hardware offload support for additional drivers<br/> * HE/IEEE 802.11ax/Wi-Fi 6<br/> - support BSS color updates<br/> - various fixes<br/> * EHT/IEEE 802.11be/Wi-Fi 7<br/> - add preliminary support<br/> * support OpenSSL 3.0 API changes<br/> * improve EAP-TLS support for TLSv1.3<br/> * EAP-SIM/AKA: support IMSI privacy<br/> * improve mitigation against DoS attacks when PMF is used<br/> * improve 4-way handshake operations<br/> - discard unencrypted EAPOL frames in additional cases<br/> - use Secure=1 in message 2 during PTK rekeying<br/> * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases<br/> to avoid interoperability issues<br/> * support new SAE AKM suites with variable length keys<br/> * support new AKM for 802.1X/EAP with SHA384<br/> * improve cross-AKM roaming with driver-based SME/BSS selection<br/> * PASN<br/> - extend support for secure ranging<br/> - allow PASN implementation to be used with external programs for<br/> Wi-Fi Aware<br/> * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)<br/> - this is based on additional details being added in the IEEE 802.11<br/> standard<br/> - the new implementation is not backwards compatible, but PMKSA<br/> caching with FT-EAP was, and still is, disabled by default<br/> * support a pregenerated MAC (mac_addr=3) as an alternative mechanism<br/> for using per-network random MAC addresses<br/> * EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1)<br/> to improve security for still unfortunately common invalid<br/> configurations that do not set ca_cert<br/> * extend SCS support for QoS Characteristics<br/> * extend MSCS support<br/> * support unsynchronized service discovery (USD)<br/> * add support for explicit SSID protection in 4-way handshake<br/> (a mitigation for CVE-2023-52424; disabled by default for now, can be<br/> enabled with ssid_protection=1)<br/> - in addition, verify SSID after key setup when beacon protection is<br/> used<br/> * fix SAE H2E rejected groups validation to avoid downgrade attacks<br/> * a large number of other fixes, cleanup, and extensions<br/><br/>2022-01-16 - v2.10<br/> * SAE changes<br/> - improved protection against side channel attacks<br/> [https://w1.fi/security/2022-1/]<br/> - added support for the hash-to-element mechanism (sae_pwe=1 or<br/> sae_pwe=2); this is currently disabled by default, but will likely<br/> get enabled by default in the future<br/> - fixed PMKSA caching with OKC<br/> - added support for SAE-PK<br/> * EAP-pwd changes<br/> - improved protection against side channel attacks<br/> [https://w1.fi/security/2022-1/]<br/> * fixed P2P provision discovery processing of a specially constructed<br/> invalid frame<br/> [https://w1.fi/security/2021-1/]<br/> * fixed P2P group information processing of a specially constructed<br/> invalid frame<br/> [https://w1.fi/security/2020-2/]<br/> * fixed PMF disconnection protection bypass in AP mode<br/> [https://w1.fi/security/2019-7/]<br/> * added support for using OpenSSL 3.0<br/> * increased the maximum number of EAP message exchanges (mainly to<br/> support cases with very large certificates)<br/> * fixed various issues in experimental support for EAP-TEAP peer<br/> * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)<br/> * a number of MKA/MACsec fixes and extensions<br/> * added support for SAE (WPA3-Personal) AP mode configuration<br/> * added P2P support for EDMG (IEEE 802.11ay) channels<br/> * fixed EAP-FAST peer with TLS GCM/CCM ciphers<br/> * improved throughput estimation and BSS selection<br/> * dropped support for libnl 1.1<br/> * added support for nl80211 control port for EAPOL frame TX/RX<br/> * fixed OWE key derivation with groups 20 and 21; this breaks backwards<br/> compatibility for these groups while the default group 19 remains<br/> backwards compatible<br/> * added support for Beacon protection<br/> * added support for Extended Key ID for pairwise keys<br/> * removed WEP support from the default build (CONFIG_WEP=y can be used<br/> to enable it, if really needed)<br/> * added a build option to remove TKIP support (CONFIG_NO_TKIP=y)<br/> * added support for Transition Disable mechanism to allow the AP to<br/> automatically disable transition mode to improve security<br/> * extended D-Bus interface<br/> * added support for PASN<br/> * added a file-based backend for external password storage to allow<br/> secret information to be moved away from the main configuration file<br/> without requiring external tools<br/> * added EAP-TLS peer support for TLS 1.3 (disabled by default for now)<br/> * added support for SCS, MSCS, DSCP policy<br/> * changed driver interface selection to default to automatic fallback<br/> to other compiled in options<br/> * a large number of other fixes, cleanup, and extensions /src/external/bsd/wpa/dist/wpa_supplicant/README-NAN-USD - 1.1.1.1 Wed Sep 18 15:02:55 UTC 2024 christos Sync with HEAD /src/external/bsd/wpa/dist/wpa_supplicant/README-NAN-USD - 1.1.1.1.4.2 Sat Aug 02 05:24:22 UTC 2025 perseant file README-NAN-USD was added on branch perseant-exfatfs on 2025-08-02 05:24:22 +0000 /src/external/bsd/wpa/dist/wpa_supplicant/README-NAN-USD - 1.1.1.1.4.1 Wed Sep 18 15:02:55 UTC 2024 perseant