From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.toke.dk (mail.toke.dk [52.28.52.200]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id A8A113CB35 for ; Thu, 8 Aug 2019 15:07:58 -0400 (EDT) From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023; t=1565291277; bh=kk9fNOk3pt5xtnm3GZA4rN+5b6t/S6oeDqKEig8/p/o=; h=From:To:Subject:References:Date:From; b=X6doIPcSuKE6PRKCpdzkkOZU5TvaZXFTYFZWycOOIi9dA31Sprhb4jLPP+U+Tz6sE ilGoNPSJRN2rvsNREEiFqYBW9V8/WaG3ZJz1LE/pjiv5kBPYThQ5swSH1BZVkugPTO dcq/XNDy19BcHmzUIn55q3/NwpRJXA0IDrwlSy33+d5CKJKYlfzmXkHD5wY4BilCN7 QPPHQc7EUgDTcKi0+5+36TyPDBW2aeHf33Q3DDjYGBGSDPUz6QcE+sfH3LP2h/HNMU 0rCUkLl6pysKhQmBMMK2eUx5isP4HiZAFk6QjwuvydueBCwQKzDktsGntBuaaK6rLn EeL0nquu71ugQ== To: make-wifi-fast@lists.bufferbloat.net References: <20190807144435.GA11354@w1.fi> Date: Thu, 08 Aug 2019 21:07:56 +0200 X-Clacks-Overhead: GNU Terry Pratchett Message-ID: <871rxvtr03.fsf@toke.dk> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Subject: [Make-wifi-fast] Fwd: hostapd/wpa_supplicant - new release v2.9 X-BeenThere: make-wifi-fast@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Aug 2019 19:07:58 -0000 --=-=-= Content-Type: text/plain FYI - the airtime policy feature is included in this hostapd release. -Toke --=-=-= Content-Type: message/rfc822 Content-Disposition: inline Delivered-To: thoiland@gapps.redhat.com Received: by 2002:a2e:878d:0:0:0:0:0 with SMTP id n13csp7340207lji; Wed, 7 Aug 2019 07:44:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqwF5uPBXHmyZgUqT5h296bBi84+yKRiFk01PrKHFRdTmron4uG2rhTxo+rB+Fk9oZ1oZ80p X-Received: by 2002:aed:3f10:: with SMTP id p16mr8507935qtf.110.1565189097490; Wed, 07 Aug 2019 07:44:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565189097; cv=none; d=google.com; s=arc-20160816; b=ERGH7rjMdm7hFvouiTooG/LWqMevBtwm9GacPhcyyNHnR1v9kj9HHu9FeWyzhn8Cco 6idYtnHFWznJLZtAQZaP2qsqHeRHxAbgtnl1MFSGnFl7TWsQb1iXchYNI3eVYS8qKsTj yK2Jsi0l7KYMiodrEa+uy+yYH3DK2cwgnWnEMe25nvL9c9n3fPG69BG8Z+TE8V9vbA2o B+m165vD3q0z+rNG7K2MT/gb82ajfz57ZFDhb7WWNyHbQ+wJFgCftqoB6tm6x07Hbhq5 YpJjm/CdkYRIyK4+8qWNG5c9LM0pHpZx3+0Z22ACCyUuWkrV0VYq/MBf+b6ErE6Kvwzn LLHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence :content-disposition:mime-version:message-id:subject:to:from:date :dkim-signature:delivered-to; bh=b1nyZ9OV7R7nLocL0y+S756MpZTFhKVu+l7X10+9V5Q=; b=iO61i8L6CPLnd1tO7XEe+8aTEXVbxmoPrSyFqgZYeSvrUtxGRkQJKjTN8K1ICF6sG8 qnsGA1kTntHzfqUX2WIhTkf7SQOSzDNEU4jCPBp2QeOgbNvFixr2Osme7kZe17GhHW1E 1fBuD7XH7G44G3V7X2F0bufE9m+0AALbEjNfz1jxMH8Mfsj8ey/ekKKVID420477ra4o Ban8Ho5OCTo8HJk6sBvzMOPtZ9YJyvKAzHmKJdZtXylov49YL2rNSjVlaSQ8j3Dc3Pq6 dc+v7gmBQpYwh5d31MudQMfeyNbkm5ZIbL2iYCBuJhGiFVStqz6mIghhiPlnWGJrkksy MosA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.infradead.org header.s=bombadil.20170209 header.b=lqs+95wc; spf=pass (google.com: best guess record for domain of hostap-bounces+toke=redhat.com@lists.infradead.org designates 198.137.202.133 as permitted sender) smtp.mailfrom="hostap-bounces+toke=redhat.com@lists.infradead.org" Return-Path: Received: from mx1.redhat.com (mx1.redhat.com. [209.132.183.28]) by mx.google.com with ESMTPS id n49si2439509qtf.49.2019.08.07.07.44.57 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Aug 2019 07:44:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of hostap-bounces+toke=redhat.com@lists.infradead.org designates 198.137.202.133 as permitted sender) client-ip=198.137.202.133; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.infradead.org header.s=bombadil.20170209 header.b=lqs+95wc; spf=pass (google.com: best guess record for domain of hostap-bounces+toke=redhat.com@lists.infradead.org designates 198.137.202.133 as permitted sender) smtp.mailfrom="hostap-bounces+toke=redhat.com@lists.infradead.org" Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A7775806A2 for ; Wed, 7 Aug 2019 14:44:56 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id A16C019C7F; Wed, 7 Aug 2019 14:44:56 +0000 (UTC) Delivered-To: toke@redhat.com Received: from mx1.redhat.com (ext-mx19.extmail.prod.ext.phx2.redhat.com [10.5.110.48]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 99D9219C77 for ; Wed, 7 Aug 2019 14:44:54 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 48BEA3001FB6 for ; Wed, 7 Aug 2019 14:44:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Subject:To:From :Date:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=b1nyZ9OV7R7nLocL0y+S756MpZTFhKVu+l7X10+9V5Q=; b=lqs+95wc9j8gyw cnTOz2ysWSgZq9ejsjlgvBSnOOx22EaBPQy1P4/JMpMzbGTW9wM+dXSTX6DLboZVcJf4MiNgwOcaD u+XiC6aJAhvllay8NPGHnapEZNxwUD6VZdqE/BoX9OluNDDxnEyRp8TxocNgRaBz1RXSP/YFeCaSM oiL8o5wfZh2TSh+Ik5VQ/pdx9EU3ULJ3xqPrK4amhKGXFQGd0tMmw/IGSa2DfXrj0lBEGy/LPED2p atSJ74Z2l4sX3ZIpr6cWtoyQRQFU5LclWv1IZeE4BhUkjLliGZ2lJtat2JRaggcZ5BsdsXJwXaihH +6mOn3HVbnrBLNTotmrA==; Received: from mail.w1.fi ([212.71.239.96] helo=li674-96.members.linode.com) by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux)) id 1hvNBD-0001GW-2n for hostap@lists.infradead.org; Wed, 07 Aug 2019 14:44:44 +0000 X-Virus-Scanned: Debian amavisd-new at w1.fi Received: by jm (sSMTP sendmail emulation); Wed, 07 Aug 2019 17:44:35 +0300 Date: Wed, 7 Aug 2019 17:44:35 +0300 From: Jouni Malinen To: hostap@lists.infradead.org Subject: hostapd/wpa_supplicant - new release v2.9 X-Clacks-Overhead: GNU Terry Pratchett Message-ID: <20190807144435.GA11354@w1.fi> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190807_074443_387570_4AE32E42 X-CRM114-Status: GOOD ( 16.95 ) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+toke=redhat.com@lists.infradead.org X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 238 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Wed, 07 Aug 2019 14:44:51 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Wed, 07 Aug 2019 14:44:51 +0000 (UTC) for IP:'198.137.202.133' DOMAIN:'bombadil.infradead.org' HELO:'bombadil.infradead.org' FROM:'redhat.com@lists.infradead.org' RCPT:'' X-RedHat-Spam-Score: -3.05 (DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE) 198.137.202.133 bombadil.infradead.org 198.137.202.133 bombadil.infradead.org X-Scanned-By: MIMEDefang 2.84 on 10.5.110.48 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Wed, 07 Aug 2019 14:44:56 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain New versions of wpa_supplicant and hostapd were just released and are now available from https://w1.fi/ This release follows the v2.x style with the release being made directly from the master branch and the master branch moving now to 2.10 development. There has been quite a few new features and fixes since the 2.8 release. The following ChangeLog entries highlight some of the main changes: hostapd: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching * added configuration of airtime policy * fixed FILS to and RSNE into (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * added support for regulatory WMM limitation (for ETSI) * added support for MACsec Key Agreement using IEEE 802.1X/PSK * added experimental support for EAP-TEAP server (RFC 7170) * added experimental support for EAP-TLS server with TLS v1.3 * added support for two server certificates/keys (RSA/ECC) * added AKMSuiteSelector into "STA " control interface data to determine with AKM was used for an association * added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and fast reauthentication use to be disabled * fixed an ECDH operation corner case with OpenSSL wpa_supplicant: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL git-shortlog for 2.8 -> 2.9: There were 362 commits, so the list would be a too long for this email. Anyway, if you are interested in the details, they are available in the hostap.git repository. diffstat has following to say about the changes: 327 files changed, 19554 insertions(+), 2352 deletions(-) -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@lists.infradead.org http://lists.infradead.org/mailman/listinfo/hostap --=-=-=--