wpa-supplicant: Update to version 2.11

- Update from version 2.10 to 2.11
- Update of rootfile not required
- Changelog
    2.11
	* Wi-Fi Easy Connect
	  - add support for DPP release 3
	  - allow Configurator parameters to be provided during config exchange
	* MACsec
	  - add support for GCM-AES-256 cipher suite
	  - remove incorrect EAP Session-Id length constraint
	  - add hardware offload support for additional drivers
	* HE/IEEE 802.11ax/Wi-Fi 6
	  - support BSS color updates
	  - various fixes
	* EHT/IEEE 802.11be/Wi-Fi 7
	  - add preliminary support
	* support OpenSSL 3.0 API changes
	* improve EAP-TLS support for TLSv1.3
	* EAP-SIM/AKA: support IMSI privacy
	* improve mitigation against DoS attacks when PMF is used
	* improve 4-way handshake operations
	  - discard unencrypted EAPOL frames in additional cases
	  - use Secure=1 in message 2 during PTK rekeying
	* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
	  to avoid interoperability issues
	* support new SAE AKM suites with variable length keys
	* support new AKM for 802.1X/EAP with SHA384
	* improve cross-AKM roaming with driver-based SME/BSS selection
	* PASN
	  - extend support for secure ranging
	  - allow PASN implementation to be used with external programs for
	    Wi-Fi Aware
	* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
	  - this is based on additional details being added in the IEEE 802.11
	    standard
	  - the new implementation is not backwards compatible, but PMKSA
	    caching with FT-EAP was, and still is, disabled by default
	* support a pregenerated MAC (mac_addr=3) as an alternative mechanism
	  for using per-network random MAC addresses
	* EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1)
	  to improve security for still unfortunately common invalid
	  configurations that do not set ca_cert
	* extend SCS support for QoS Characteristics
	* extend MSCS support
	* support unsynchronized service discovery (USD)
	* add support for explicit SSID protection in 4-way handshake
	  (a mitigation for CVE-2023-52424; disabled by default for now, can be
	  enabled with ssid_protection=1)
	  - in addition, verify SSID after key setup when beacon protection is
	    used
	* fix SAE H2E rejected groups validation to avoid downgrade attacks
	* a large number of other fixes, cleanup, and extensions

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/lfs/wpa_supplicant b/lfs/wpa_supplicant
index f3c12992d913cd86035b622e3bb66493941df03b..38a1476198439ea349cd574daa9ffdac1a75547a 100644 (file)
--- a/lfs/wpa_supplicant
+++ b/lfs/wpa_supplicant
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.10
+VER        = 2.11
 
 THISAPP    = wpa_supplicant-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 7f6045e5dcf24f7ccf1ea75c99541f9d68fadaea858a6ca11a95c997de14e33b3aa89138e748664579b5a4ea493d247cf6613da3c5fae49a4dbb5cd58dace752
+$(DL_FILE)_BLAKE2 = 71bd0d11cd31eb5bc6beb51caf0f1399856ea188f316d2330053a2d8c81869057811e9f500828e8981eabd0af38f30a18a3ae584d744005c78681c82fa910abf
 
 install : $(TARGET)