hostapd-2.11-2.1 RPM for aarch64

From OpenSuSE Ports Tumbleweed for aarch64

hostapd is a user space daemon for access point and authentication
servers. It implements IEEE 802.11 access point management, IEEE
802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and
RADIUS authentication server. Currently, hostapd supports HostAP,
madwifi, and prism54 drivers. It also supports wired IEEE 802.1X
authentication via any ethernet driver.

Provides

• hostapd
• config(hostapd)
• hostapd(aarch-64)

Requires

• /bin/sh
• /bin/sh
• /bin/sh
• /bin/sh
• config(hostapd) = 2.11-2.1
• ld-linux-aarch64.so.1()(64bit)
• ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.17)(64bit)
• libc.so.6(GLIBC_2.25)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• libcrypto.so.3()(64bit)
• libcrypto.so.3(OPENSSL_3.0.0)(64bit)
• libm.so.6()(64bit)
• libm.so.6(GLIBC_2.29)(64bit)
• libnl-3.so.200()(64bit)
• libnl-3.so.200(libnl_3)(64bit)
• libnl-3.so.200(libnl_3_2_27)(64bit)
• libnl-genl-3.so.200()(64bit)
• libnl-genl-3.so.200(libnl_3)(64bit)
• libnl-route-3.so.200()(64bit)
• libnl-route-3.so.200(libnl_3)(64bit)
• libsqlite3.so.0()(64bit)
• libssl.so.3()(64bit)
• libssl.so.3(OPENSSL_3.0.0)(64bit)
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• systemd
• systemd
• systemd
• systemd

License

BSD-3-Clause OR GPL-2.0-only

Changelog

* Thu Mar 13 2025 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
  - CVE-2025-24912: hostapd fails to process crafted RADIUS packets
    properly (bsc#1239461)
    [+ CVE-2025-24912.patch]
* Thu Aug 08 2024 chris@computersalat.de
  - 2024-07-20 - v2.11
    * Wi-Fi Easy Connect
    - add support for DPP release 3
    - allow Configurator parameters to be provided during config
      exchange
    * HE/IEEE 802.11ax/Wi-Fi 6
    - various fixes
    * EHT/IEEE 802.11be/Wi-Fi 7
    - add preliminary support
    * SAE: add support for fetching the password from a RADIUS server
    * support OpenSSL 3.0 API changes
    * support background radar detection and CAC with some additional
      drivers
    * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
    * EAP-SIM/AKA: support IMSI privacy
    * improve 4-way handshake operations
    - use Secure=1 in message 3 during PTK rekeying
    * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
      to avoid interoperability issues
    * support new SAE AKM suites with variable length keys
    * support new AKM for 802.1X/EAP with SHA384
    * extend PASN support for secure ranging
    * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
    - this is based on additional details being added in the IEEE 802.11
      standard
    - the new implementation is not backwards compatible
    * improved ACS to cover additional channel types/bandwidths
    * extended Multiple BSSID support
    * fix beacon protection with FT protocol (incorrect BIGTK was provided)
    * support unsynchronized service discovery (USD)
    * add preliminary support for RADIUS/TLS
    * add support for explicit SSID protection in 4-way handshake
      (a mitigation for CVE-2023-52424; disabled by default for now, can be
      enabled with ssid_protection=1)
    * fix SAE H2E rejected groups validation to avoid downgrade attacks
    * use stricter validation for some RADIUS messages
    * a large number of other fixes, cleanup, and extensions
* Fri Mar 11 2022 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
  - Adjust config
    * Enable SAE
    * Enable DPP
    * Enable wired driver
    * Enable Airtime policy support
    * Enable Fast Initial Link Setup (FILS) (IEEE 802.11ai)
* Mon Jan 17 2022 Michael Ströder <michael@stroeder.com>
  - Removed obsolete patches:
    * CVE-2019-16275.patch
    * CVE-2020-12695.patch
    * CVE-2021-30004.patch
  - Update to version 2.10
    * SAE changes
    - improved protection against side channel attacks
      [https://w1.fi/security/2022-1/]
    - added option send SAE Confirm immediately (sae_config_immediate=1)
      after SAE Commit
    - added support for the hash-to-element mechanism (sae_pwe=1 or
      sae_pwe=2)
    - fixed PMKSA caching with OKC
    - added support for SAE-PK
    * EAP-pwd changes
    - improved protection against side channel attacks
      [https://w1.fi/security/2022-1/]
    * fixed WPS UPnP SUBSCRIBE handling of invalid operations
      [https://w1.fi/security/2020-1/]
    * fixed PMF disconnection protection bypass
      [https://w1.fi/security/2019-7/]
    * added support for using OpenSSL 3.0
    * fixed various issues in experimental support for EAP-TEAP server
    * added configuration (max_auth_rounds, max_auth_rounds_short) to
      increase the maximum number of EAP message exchanges (mainly to
      support cases with very large certificates) for the EAP server
    * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
    * extended HE (IEEE 802.11ax) support, including 6 GHz support
    * removed obsolete IAPP functionality
    * fixed EAP-FAST server with TLS GCM/CCM ciphers
    * dropped support for libnl 1.1
    * added support for nl80211 control port for EAPOL frame TX/RX
    * fixed OWE key derivation with groups 20 and 21; this breaks backwards
      compatibility for these groups while the default group 19 remains
      backwards compatible; owe_ptk_workaround=1 can be used to enabled a
      a workaround for the group 20/21 backwards compatibility
    * added support for Beacon protection
    * added support for Extended Key ID for pairwise keys
    * removed WEP support from the default build (CONFIG_WEP=y can be used
      to enable it, if really needed)
    * added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
    * added support for Transition Disable mechanism to allow the AP to
      automatically disable transition mode to improve security
    * added support for PASN
    * added EAP-TLS server support for TLS 1.3 (disabled by default for now)
    * a large number of other fixes, cleanup, and extensions
* Fri Nov 26 2021 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
  - Fix AppArmor profile -- allow access to /etc/ssl/openssl.cnf
    (bsc#1192959)
* Fri Oct 15 2021 Johannes Segitz <jsegitz@suse.com>
  - Added hardening to systemd service(s) (bsc#1181400). Modified:
    * hostapd.service
* Wed Jul 14 2021 Michael Ströder <michael@stroeder.com>
  - fixed AppArmor profile
* Tue Apr 06 2021 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
  - Add CVE-2021-30004.patch -- forging attacks may occur because
    AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c
    (bsc#1184348)
* Tue Feb 23 2021 Michael Ströder <michael@stroeder.com>
  - added AppArmor profile (source apparmor-usr.sbin.hostapd)
* Tue Sep 29 2020 Clemens Famulla-Conrad <cfamullaconrad@suse.com>
  - Add CVE-2020-12695.patch -- UPnP SUBSCRIBE misbehavior in hostapd WPS AP
    (bsc#1172700)

Files

/etc/apparmor.d
/etc/apparmor.d/usr.sbin.hostapd
/etc/hostapd.accept
/etc/hostapd.conf
/etc/hostapd.deny
/etc/hostapd.eap_user
/etc/hostapd.radius_clients
/etc/hostapd.sim_db
/etc/hostapd.vlan
/etc/hostapd.wpa_psk
/usr/lib/systemd/system/hostapd.service
/usr/sbin/hostapd
/usr/sbin/hostapd_cli
/usr/sbin/rchostapd
/usr/share/doc/packages/hostapd
/usr/share/doc/packages/hostapd/ChangeLog
/usr/share/doc/packages/hostapd/README
/usr/share/doc/packages/hostapd/hostapd.conf
/usr/share/doc/packages/hostapd/wired.conf
/usr/share/licenses/hostapd
/usr/share/licenses/hostapd/COPYING
/usr/share/man/man8/hostapd.8.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Oct 23 23:06:42 2025