#1078924 hostapd: please package new upstream 2.11

Package:
hostapd
Source:
hostapd
Description:
access point and authentication server for Wi-Fi and Ethernet
Submitter:
Martin-Éric Racine
Date:
2026-01-22 18:45:01 UTC
Severity:
normal
#1078924#5
Date:
2024-08-17 19:42:56 UTC
From:
To:
Upstream recently produced release 2.11, as per <https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog>:

ChangeLog for wpa_supplicant

2024-07-20 - v2.11
	* Wi-Fi Easy Connect
	  - add support for DPP release 3
	  - allow Configurator parameters to be provided during config exchange
	* MACsec
	  - add support for GCM-AES-256 cipher suite
	  - remove incorrect EAP Session-Id length constraint
	  - add hardware offload support for additional drivers
	* HE/IEEE 802.11ax/Wi-Fi 6
	  - support BSS color updates
	  - various fixes
	* EHT/IEEE 802.11be/Wi-Fi 7
	  - add preliminary support
	* support OpenSSL 3.0 API changes
	* improve EAP-TLS support for TLSv1.3
	* EAP-SIM/AKA: support IMSI privacy
	* improve mitigation against DoS attacks when PMF is used
	* improve 4-way handshake operations
	  - discard unencrypted EAPOL frames in additional cases
	  - use Secure=1 in message 2 during PTK rekeying
	* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
	  to avoid interoperability issues
	* support new SAE AKM suites with variable length keys
	* support new AKM for 802.1X/EAP with SHA384
	* improve cross-AKM roaming with driver-based SME/BSS selection
	* PASN
	  - extend support for secure ranging
	  - allow PASN implementation to be used with external programs for
	    Wi-Fi Aware
	* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
	  - this is based on additional details being added in the IEEE 802.11
	    standard
	  - the new implementation is not backwards compatible, but PMKSA
	    caching with FT-EAP was, and still is, disabled by default
	* support a pregenerated MAC (mac_addr=3) as an alternative mechanism
	  for using per-network random MAC addresses
	* EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1)
	  to improve security for still unfortunately common invalid
	  configurations that do not set ca_cert
	* extend SCS support for QoS Characteristics
	* extend MSCS support
	* support unsynchronized service discovery (USD)
	* add support for explicit SSID protection in 4-way handshake
	  (a mitigation for CVE-2023-52424; disabled by default for now, can be
	  enabled with ssid_protection=1)
	  - in addition, verify SSID after key setup when beacon protection is
	    used
	* fix SAE H2E rejected groups validation to avoid downgrade attacks
	* a large number of other fixes, cleanup, and extensions

2022-01-16 - v2.10

- -- System Information:
Debian Release: 12.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-23-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=fi_FI.utf8, LC_CTYPE=fi_FI.utf8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages hostapd depends on:
ii  init-system-helpers  1.65.2
ii  libc6                2.36-9+deb12u7
ii  libnl-3-200          3.7.0-0.2+b1
ii  libnl-genl-3-200     3.7.0-0.2+b1
ii  libnl-route-3-200    3.7.0-0.2+b1
ii  libssl3              3.0.13-1~deb12u1

hostapd recommends no packages.

hostapd suggests no packages.

- -- no debconf information
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAmbA/T8ACgkQrh+Cd8S0
17YQVg//XqMLT4aNKoAYX8gCasy1N1jslOKSj3DXEwGpGLDdNbb4O+j0pG3tDBl0
BYgdWDeUA75gDlTWCziinxag91Gmft5+t6yv1airdaU1+LKzIfUFJeJs6rGH4hJ5
qefwW3g9fs45k179ECoeYNl8RBPzdObLMEVfzYghFzYIiY4KJyo4bR7ZQrQzAfb2
oizoBajNaoXWhHLxMv8h8RXc2jq4YvHvFa+ZHjPuEBqaMdhyfNmibkcPeHJVQyal
mAPha6eEZgzWcUYcb262Y2oPq73hvCteUejhWdk+Cir7eTNKvsOCXDaPcmrzeq13
VdL5TOaX7mSj++eLCnZMhUMlsuzjXjnvOFZfEzDeoK1iGxc0V10pP2t71TnJfeU4
DwHPa+UyahEleXIEbYWSoG6yrp7SUOiyzAerJCKj41bNUP28FuA2Lpt9QtHmngsY
l7dMv5QlH3qH0Ofv0Yse6iNMpI23kYk0bEiVKibnL26wFhWDKWNTcxiFW45ah3be
NnP5DELCYgoTVoXpzxde3sdEk+nBwXRfiGatkSvmXkRcfdy/3F46EuIyM8zYN2WK
0Uh+ZucuZauqbM8/fiZYy+M61PVK8T5bYlKqhdBSumOnT4eIr7F210MsPuIl//u0
7m00u35iyE8//vGUDC7r0V+jP5u4QdQGAXh9yJ4piaSRTrOPjSo=
=bVWi
-----END PGP SIGNATURE-----

#1078924#10
Date:
2024-08-17 19:47:25 UTC
From:
To:
Hi,

Thanks, I have noticed this myself a week ago. Some users reported regressions, I want this new release to brew a little bit elsewhere before uploading it :) Or maybe I can do experimental ~now and then see how it goes.

#1078924#15
Date:
2024-08-17 20:07:01 UTC
From:
To:
la 17. elok. 2024 klo 22.47 Andrej Shadura (andrew@shadura.me) kirjoitti:

Pushing to experimental could work. It wouldn't disturb unstable/testing.

Martin-Éric

#1078924#20
Date:
2024-11-20 19:47:43 UTC
From:
To:
Hello,

May I know if the package be uploaded to experimental as the plan?

Thanks,
Kaichuan

#1078924#25
Date:
2024-11-30 18:04:47 UTC
From:
To:
Hello,

With a new stable release coming up, it would be great to get 2.11
into the repository - 2.10 is getting outdated (2022). Perhaps start
with experimental for a month and then shift 2.11 to Sid?

Thanks for your work.

#1078924#30
Date:
2025-04-21 21:40:03 UTC
From:
To:
Hello,

With the trixie release looming, it would be great to ship hostapd
2.11 instead of the 2022-era 2.10. Just a kind request to package the
update in the coming weeks.

Thanks.

#1078924#35
Date:
2025-06-02 14:57:38 UTC
From:
To:
reassign src:wpa
#1078924#48
Date:
2025-06-19 22:22:13 UTC
From:
To:
May I ask for an update on the chances of getting 2.11 (and WiFi 7) into
Trixie?

#1078924#53
Date:
2025-06-20 06:28:18 UTC
From:
To:
Hello,

We're in a deep freeze, so 2.11 will not be getting into Trixie.

#1078924#58
Date:
2026-01-01 12:20:20 UTC
From:
To:

I would also like to update to version 2.11.

When I used wpasupplicant 2:2.10-25, I could not connect to a Wi-Fi network
generated by a 4G router. However, I was able to connect after replacing it
with iwd 3.10-1. Perhaps this issue has been resolved in the latest version
of wpasupplicant. Could you please update to this version?

Best,
Amr

#1078924#63
Date:
2026-01-10 10:10:41 UTC
From:
To:
Es gibt eine Familienspende in Höhe von 1.850.000,00 USD von Cheng Charlie
Saephan. Bitte antworten Sie für weitere Informationen. Denken Sie daran,
Ihrer Familie und den Bedürftigen in Ihrer Umgebung Gutes zu tun.

Dies ist bereits der zweite Versuch, Sie zu erreichen. Bitte antworten Sie
für weitere Details.

#1078924#68
Date:
2026-01-22 18:43:26 UTC
From:
To:
Now that Trixie has been released is there anything holding up 2.11 making
it to experimental or unstable? There are some fixes in 2.10 that we need
at work.