src/usr.sbin/wpa, branch main FreeBSD source tree wpa_supplicant.conf.5: Remove removed variables 2026-02-05T15:46:53+00:00 Felix Johnson fjohnson@felix-johnson.com 2026-02-05T15:46:49+00:00 c5ee920c3f35c5f0f485a7a274d87ebd91469892 2005-09-25 - wpa_supplicant v0.4.5 removed "server_nai" 2008-02-22 - wpa_supplicant v0.6.3 removed "eappsk" and "nai" PR: 284126 MFC after: 3 days Reviewed by: carlavilla, ziaee Reported by: J.R. Oldroyd <fbsd@opal.com> Differential Revision: https://reviews.freebsd.org/D49010 
2005-09-25 - wpa_supplicant v0.4.5 removed "server_nai"
2008-02-22 - wpa_supplicant v0.6.3 removed "eappsk" and "nai"

PR:			284126
MFC after:		3 days
Reviewed by:		carlavilla, ziaee
Reported by:		J.R. Oldroyd <fbsd@opal.com>
Differential Revision:	https://reviews.freebsd.org/D49010
wpa_supplicant: xref relevant wpa_passphrase(8) 2024-10-15T20:18:02+00:00 Alexander Ziaee concussious@runbox.com 2024-10-12T15:41:03+00:00 5c59e40bc419870659946156b45a390cabd69c02 Reviewed by: mhorne MFC after: 3 days Pull Request: https://github.com/freebsd/freebsd-src/pull/1461 
Reviewed by:	mhorne
MFC after:	3 days
Pull Request:	https://github.com/freebsd/freebsd-src/pull/1461
Update Makefile.depend files 2024-10-14T17:26:17+00:00 Simon J. Gerraty sjg@FreeBSD.org 2024-10-14T17:24:54+00:00 a64729f5077d77e13b9497cb33ecb3c82e606ee8 After building packages we have a number of new and updated Makefile.depend files Reviewed by: stevek 
After building packages we have a number of new
and updated Makefile.depend files

Reviewed by:	stevek
wpa: Fix gcc build 2024-07-24T15:04:33+00:00 Cy Schubert cy@FreeBSD.org 2024-07-24T15:04:33+00:00 8880825df1f805fc02dbb8476df8183d4ec3781c Order of libraries still matters with GCC toolchains. Moving the wpapasn library before the wpacommon specification resolves the link problem. This issue was not detected by make universe. Fixes: a90b9d015907 MFC after: 2 months X-MFC with: a90b9d015907 
Order of libraries still matters with GCC toolchains. Moving the
wpapasn library before the wpacommon specification resolves the link
problem.

This issue was not detected by make universe.

Fixes:		a90b9d015907
MFC after:	2 months
X-MFC with:	a90b9d015907
wpa: Import 2.11 2024-07-23T19:49:40+00:00 Cy Schubert cy@FreeBSD.org 2024-07-21T18:59:44+00:00 a90b9d0159070121c221b966469c3e36d912bf82 Following is a changelog of new features and fixes to wpa: hostapd: * Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange * HE/IEEE 802.11ax/Wi-Fi 6 - various fixes * EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support * SAE: add support for fetching the password from a RADIUS server * support OpenSSL 3.0 API changes * support background radar detection and CAC with some additional drivers * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3) * EAP-SIM/AKA: support IMSI privacy * improve 4-way handshake operations - use Secure=1 in message 3 during PTK rekeying * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues * support new SAE AKM suites with variable length keys * support new AKM for 802.1X/EAP with SHA384 * extend PASN support for secure ranging * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible * improved ACS to cover additional channel types/bandwidths * extended Multiple BSSID support * fix beacon protection with FT protocol (incorrect BIGTK was provided) * support unsynchronized service discovery (USD) * add preliminary support for RADIUS/TLS * add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1) * fix SAE H2E rejected groups validation to avoid downgrade attacks * use stricter validation for some RADIUS messages * a large number of other fixes, cleanup, and extensions wpa_supplicant: * Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange * MACsec - add support for GCM-AES-256 cipher suite - remove incorrect EAP Session-Id length constraint - add hardware offload support for additional drivers * HE/IEEE 802.11ax/Wi-Fi 6 - support BSS color updates - various fixes * EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support * support OpenSSL 3.0 API changes * improve EAP-TLS support for TLSv1.3 * EAP-SIM/AKA: support IMSI privacy * improve mitigation against DoS attacks when PMF is used * improve 4-way handshake operations - discard unencrypted EAPOL frames in additional cases - use Secure=1 in message 2 during PTK rekeying * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues * support new SAE AKM suites with variable length keys * support new AKM for 802.1X/EAP with SHA384 * improve cross-AKM roaming with driver-based SME/BSS selection * PASN - extend support for secure ranging - allow PASN implementation to be used with external programs for Wi-Fi Aware * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible, but PMKSA caching with FT-EAP was, and still is, disabled by default * support a pregenerated MAC (mac_addr=3) as an alternative mechanism for using per-network random MAC addresses * EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1) to improve security for still unfortunately common invalid configurations that do not set ca_cert * extend SCS support for QoS Characteristics * extend MSCS support * support unsynchronized service discovery (USD) * add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1) - in addition, verify SSID after key setup when beacon protection is used * fix SAE H2E rejected groups validation to avoid downgrade attacks * a large number of other fixes, cleanup, and extensions MFC after: 2 months Merge commit '6377230b3cf4f238dcd0dc2d76ff25943d3040e5' 
Following is a changelog of new features and fixes to wpa:

hostapd:
* Wi-Fi Easy Connect
  - add support for DPP release 3
  - allow Configurator parameters to be provided during config exchange
* HE/IEEE 802.11ax/Wi-Fi 6
  - various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
  - add preliminary support
* SAE: add support for fetching the password from a RADIUS server
* support OpenSSL 3.0 API changes
* support background radar detection and CAC with some additional
  drivers
* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
* EAP-SIM/AKA: support IMSI privacy
* improve 4-way handshake operations
  - use Secure=1 in message 3 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
  to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* extend PASN support for secure ranging
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
  - this is based on additional details being added in the IEEE 802.11
    standard
  - the new implementation is not backwards compatible
* improved ACS to cover additional channel types/bandwidths
* extended Multiple BSSID support
* fix beacon protection with FT protocol (incorrect BIGTK was provided)
* support unsynchronized service discovery (USD)
* add preliminary support for RADIUS/TLS
* add support for explicit SSID protection in 4-way handshake
  (a mitigation for CVE-2023-52424; disabled by default for now, can be
  enabled with ssid_protection=1)
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* use stricter validation for some RADIUS messages
* a large number of other fixes, cleanup, and extensions

wpa_supplicant:
* Wi-Fi Easy Connect
  - add support for DPP release 3
  - allow Configurator parameters to be provided during config exchange
* MACsec
  - add support for GCM-AES-256 cipher suite
  - remove incorrect EAP Session-Id length constraint
  - add hardware offload support for additional drivers
* HE/IEEE 802.11ax/Wi-Fi 6
  - support BSS color updates
  - various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
  - add preliminary support
* support OpenSSL 3.0 API changes
* improve EAP-TLS support for TLSv1.3
* EAP-SIM/AKA: support IMSI privacy
* improve mitigation against DoS attacks when PMF is used
* improve 4-way handshake operations
  - discard unencrypted EAPOL frames in additional cases
  - use Secure=1 in message 2 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
  to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* improve cross-AKM roaming with driver-based SME/BSS selection
* PASN
  - extend support for secure ranging
  - allow PASN implementation to be used with external programs for
    Wi-Fi Aware
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
  - this is based on additional details being added in the IEEE 802.11
    standard
  - the new implementation is not backwards compatible, but PMKSA
    caching with FT-EAP was, and still is, disabled by default
* support a pregenerated MAC (mac_addr=3) as an alternative mechanism
  for using per-network random MAC addresses
* EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1)
  to improve security for still unfortunately common invalid
  configurations that do not set ca_cert
* extend SCS support for QoS Characteristics
* extend MSCS support
* support unsynchronized service discovery (USD)
* add support for explicit SSID protection in 4-way handshake
  (a mitigation for CVE-2023-52424; disabled by default for now, can be
  enabled with ssid_protection=1)
  - in addition, verify SSID after key setup when beacon protection is
    used
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* a large number of other fixes, cleanup, and extensions

MFC after:	2 months

Merge commit '6377230b3cf4f238dcd0dc2d76ff25943d3040e5'
Remove residual blank line at start of Makefile 2024-07-15T22:43:39+00:00 Warner Losh imp@FreeBSD.org 2024-07-15T04:46:32+00:00 e9ac41698b2f322d55ccf9da50a3596edb2c1800 This is a residual of the $FreeBSD$ removal. MFC After: 3 days (though I'll just run the command on the branches) Sponsored by: Netflix 
This is a residual of the $FreeBSD$ removal.

MFC After: 3 days (though I'll just run the command on the branches)
Sponsored by: Netflix
wpa_cli.8: describe better + tag spdx + linter nit 2024-06-27T14:55:41+00:00 Alexander Ziaee concussious@runbox.com 2024-06-18T05:00:05+00:00 18a27dd64129f4b11ba458065bb5bb883f6b4c6e "how do I switch active wifi network on console" "% apropos wifi" MFC after: 3 days Reviewed by: mhorne, imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1299 
"how do I switch active wifi network on console"
"% apropos wifi"

MFC after:	3 days
Reviewed by:	mhorne, imp
Pull Request:	https://github.com/freebsd/freebsd-src/pull/1299
dirdeps: Update Makefile.depend* files with empty contents 2023-10-29T21:01:04+00:00 Stephen J. Kiernan stevek@FreeBSD.org 2023-10-29T21:01:04+00:00 5e3190f700637fcfc1a52daeaa4a031fdd2557c7 Some Makefile.depend* files were committed with no contents or empty DIRDEPS list, but they should have DIRDEPS with some contents. 
Some Makefile.depend* files were committed with no contents or empty
DIRDEPS list, but they should have DIRDEPS with some contents.
Remove $FreeBSD$: two-line nroff pattern 2023-08-16T17:55:10+00:00 Warner Losh imp@FreeBSD.org 2023-08-16T17:55:10+00:00 fa9896e082a1046ff4fbc75fcba4d18d1f2efc19 Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/ 
Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
Remove $FreeBSD$: one-line sh pattern 2023-08-16T17:55:03+00:00 Warner Losh imp@FreeBSD.org 2023-08-16T17:55:03+00:00 d0b2dbfa0ecf2bbc9709efc5e20baf8e4b44bbbf Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/ 
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/