--- - branch: MAIN date: Wed Nov 16 15:07:34 UTC 2016 files: - new: '1.17' old: '1.16' path: pkgsrc/net/wpa_supplicant/Makefile pathrev: pkgsrc/net/wpa_supplicant/Makefile@1.17 type: modified - new: '1.9' old: '1.8' path: pkgsrc/net/wpa_supplicant/distinfo pathrev: pkgsrc/net/wpa_supplicant/distinfo@1.9 type: modified - new: '0' old: '1.1' path: pkgsrc/net/wpa_supplicant/patches/patch-src_utils_common.h pathrev: pkgsrc/net/wpa_supplicant/patches/patch-src_utils_common.h@0 type: deleted id: 20161116T150734Z.991eb03beb6593f3e2f21183f0edaa7214d31a02 log: "wpa_supplicant: update to v2.6\n\nChangeLog for wpa_supplicant\n\n2016-10-02 - v2.6\n\t* fixed WNM Sleep Mode processing when PMF is not enabled\n\t [http://w1.fi/security/2015-6/] (CVE-2015-5310)\n\t* fixed EAP-pwd last fragment validation\n\t [http://w1.fi/security/2015-7/] (CVE-2015-5315)\n\t* fixed EAP-pwd unexpected Confirm message processing\n\t [http://w1.fi/security/2015-8/] (CVE-2015-5316)\n\t* fixed WPS configuration update vulnerability with malformed passphrase\n\t [http://w1.fi/security/2016-1/] (CVE-2016-4476)\n\t* fixed configuration update vulnerability with malformed parameters set\n\t over the local control interface\n\t [http://w1.fi/security/2016-1/] (CVE-2016-4477)\n\t* fixed TK configuration to the driver in EAPOL-Key 3/4 retry case\n\t* extended channel switch support for P2P GO\n\t* started to throttle control interface event message bursts to avoid\n\t issues with monitor sockets running out of buffer space\n\t* mesh mode fixes/improvements\n\t - generate proper AID for peer\n\t - enable WMM by default\n\t \ - add VHT support\n\t - fix PMKID derivation\n\t - improve robustness on various exchanges\n\t - fix peer link counting in reconnect case\n\t - improve mesh joining behavior\n\t - allow DTIM period to be configured\n\t - allow HT to be disabled (disable_ht=1)\n\t - add MESH_PEER_ADD and MESH_PEER_REMOVE commands\n\t \ - add support for PMKSA caching\n\t - add minimal support for SAE group negotiation\n\t \ - allow pairwise/group cipher to be configured in the network profile\n\t - use ieee80211w profile parameter to enable/disable PMF and derive\n\t a separate TX IGTK if PMF is enabled instead of using MGTK\n\t incorrectly\n\t - fix AEK and MTK derivation\n\t - remove GTKdata and IGTKdata from Mesh Peering Confirm/Close\n\t \ - note: these changes are not fully backwards compatible for secure\n\t (RSN) mesh network\n\t* fixed PMKID derivation with SAE\n\t* added support for requesting and fetching arbitrary ANQP-elements\n\t without internal support in wpa_supplicant for the specific element\n\t (anqp[265]= in \"BSS \" command output)\n\t* P2P\n\t - filter control characters in group client device names to be\n\t consistent with other P2P peer cases\n\t - support VHT 80+80 MHz and 160 MHz\n\t - indicate group completion in P2P Client role after data association\n\t \ instead of already after the WPS provisioning step\n\t - improve group-join operation to use SSID, if known, to filter BSS\n\t entries\n\t - added optional ssid= argument to P2P_CONNECT for join case\n\t - added P2P_GROUP_MEMBER command to fetch client interface address\n\t* P2PS\n\t - fix follow-on PD Response behavior\n\t - fix PD Response generation for unknown peer\n\t - fix persistent group reporting\n\t - add channel policy to PD Request\n\t - add group SSID to the P2PS-PROV-DONE event\n\t - allow \"P2P_CONNECT p2ps\" to be used without specifying the\n\t default PIN\n\t* BoringSSL\n\t - support for OCSP stapling\n\t - support building of h20-osu-client\n\t* D-Bus\n\t - add ExpectDisconnect()\n\t \ - add global config parameters as properties\n\t - add SaveConfig()\n\t - add VendorElemAdd(), VendorElemGet(), VendorElemRem()\n\t* fixed Suite B 192-bit AKM to use proper PMK length\n\t (note: this makes old releases incompatible with the fixed behavior)\n\t* improved PMF behavior for cases where the AP and STA has different\n\t configuration by not trying to connect in some corner cases where the\n\t connection cannot succeed\n\t* added option to reopen debug log (e.g., to rotate the file) upon\n\t receipt of SIGHUP signal\n\t* EAP-pwd: added support for Brainpool Elliptic Curves\n\t (with OpenSSL 1.0.2 and newer)\n\t* fixed EAPOL reauthentication after FT protocol run\n\t* fixed FTIE generation for 4-way handshake after FT protocol run\n\t* extended INTERFACE_ADD command to allow certain type (sta/ap)\n\t interface to be created\n\t* fixed and improved various FST operations\n\t* added 80+80 MHz and 160 MHz VHT support for IBSS/mesh\n\t* fixed SIGNAL_POLL in IBSS and mesh cases\n\t* added an option to abort an ongoing scan (used to speed up connection\n\t and can also be done with the new ABORT_SCAN command)\n\t* TLS client\n\t - do not verify CA certificates when ca_cert is not specified\n\t - support validating server certificate hash\n\t - support SHA384 and SHA512 hashes\n\t - add signature_algorithms extension into ClientHello\n\t \ - support TLS v1.2 signature algorithm with SHA384 and SHA512\n\t - support server certificate probing\n\t - allow specific TLS versions to be disabled with phase2 parameter\n\t - support extKeyUsage\n\t - support PKCS #5 v2.0 PBES2\n\t \ - support PKCS #5 with PKCS #12 style key decryption\n\t - minimal support for PKCS #12\n\t - support OCSP stapling (including ocsp_multi)\n\t* OpenSSL\n\t \ - support OpenSSL 1.1 API changes\n\t - drop support for OpenSSL 0.9.8\n\t \ - drop support for OpenSSL 1.0.0\n\t* added support for multiple schedule scan plans (sched_scan_plans)\n\t* added support for external server certificate chain validation\n\t (tls_ext_cert_check=1 in the network profile phase1 parameter)\n\t* made phase2 parser more strict about correct use of auth= and\n\t autheap= values\n\t* improved GAS offchannel operations with comeback request\n\t* added SIGNAL_MONITOR command to request signal strength monitoring\n\t events\n\t* added command for retrieving HS 2.0 icons with in-memory storage\n\t (REQ_HS20_ICON, GET_HS20_ICON, DEL_HS20_ICON commands and\n\t RX-HS20-ICON event)\n\t* enabled ACS support for AP mode operations with wpa_supplicant\n\t* EAP-PEAP: fixed interoperability issue with Windows 2012r2 server\n\t (\"Invalid Compound_MAC in cryptobinding TLV\")\n\t* EAP-TTLS: fixed success after fragmented final Phase 2 message\n\t* VHT: added interoperability workaround for 80+80 and 160 MHz channels\n\t* WNM: workaround for broken AP operating class behavior\n\t* added kqueue(2) support for eloop (CONFIG_ELOOP_KQUEUE)\n\t* nl80211:\n\t - add support for full station state operations\n\t - do not add NL80211_ATTR_SMPS_MODE attribute if HT is disabled\n\t \ - add NL80211_ATTR_PREV_BSSID with Connect command\n\t - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use\n\t unencrypted EAPOL frames\n\t* added initial MBO support; number of extensions to WNM BSS Transition\n\t Management\n\t* added support for PBSS/PCP and P2P on 60 GHz\n\t* Interworking: add credential realm to EAP-TLS identity\n\t* fixed EAPOL-Key Request Secure bit to be 1 if PTK is set\n\t* HS 2.0: add support for configuring frame filters\n\t* added POLL_STA command to check connectivity in AP mode\n\t* added initial functionality for location related operations\n\t* started to ignore pmf=1/2 parameter for non-RSN networks\n\t* added wps_disabled=1 network profile parameter to allow AP mode to\n\t be started without enabling WPS\n\t* wpa_cli: added action script support for AP-ENABLED and AP-DISABLED\n\t events\n\t* improved Public Action frame addressing\n\t \ - add gas_address3 configuration parameter to control Address 3\n\t behavior\n\t* number of small fixes\n" module: pkgsrc subject: 'CVS commit: pkgsrc/net/wpa_supplicant' unixtime: '1479308854' user: maya