From 1ae1570b5f978f5f1c02b5522893f1de199348b1 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 18 Nov 2012 21:30:38 +0200 Subject: [PATCH] Update ChangeLog files to match the current implementation This commit adds description of the main changes from the forking of hostap-1.git for 1.x releases to the current master branch snapshot. Signed-hostap: Jouni Malinen --- hostapd/ChangeLog | 90 ++++++++++++++++ wpa_supplicant/ChangeLog | 224 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 314 insertions(+) diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog index 9fc05f75e..e73932513 100644 --- a/hostapd/ChangeLog +++ b/hostapd/ChangeLog @@ -1,5 +1,95 @@ ChangeLog for hostapd +????-??-?? - v2.0 + * added AP-STA-DISCONNECTED ctrl_iface event + * improved debug logging (human readable event names, interface name + included in more entries) + * added number of small changes to make it easier for static analyzers + to understand the implementation + * added a workaround for Windows 7 Michael MIC failure reporting and + use of the Secure bit in EAPOL-Key msg 3/4 + * fixed number of small bugs (see git logs for more details) + * changed OpenSSL to read full certificate chain from server_cert file + * nl80211: number of updates to use new cfg80211/nl80211 functionality + - replace monitor interface with nl80211 commands + - additional information for driver-based AP SME + * EAP-pwd: + - fix KDF for group 21 and zero-padding + - added support for fragmentation + - increased maximum number of hunting-and-pecking iterations + * avoid excessive Probe Response retries for broadcast Probe Request + frames (only with drivers using hostapd SME/MLME) + * added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y) + * fixed WPS operation stopping on dual concurrent AP + * added wps_rf_bands configuration parameter for overriding RF Bands + value for WPS + * added support for getting per-device PSK from RADIUS Tunnel-Password + * added support for libnl 3.2 and newer + * increased initial group key handshake retransmit timeout to 500 ms + * added a workaround for 4-way handshake to update SNonce even after + having sent EAPOL-Key 3/4 to avoid issues with some supplicant + implementations that can change SNonce for each EAP-Key 2/4 + * added a workaround for EAPOL-Key 4/4 using incorrect type value in + WPA2 mode (some deployed stations use WPA type in that message) + * added a WPS workaround for mixed mode AP Settings with Windows 7 + * changed WPS AP PIN disabling mechanism to disable the PIN after 10 + consecutive failures in addition to using the exponential lockout + period + * added support for WFA Hotspot 2.0 + - GAS/ANQP advertisement of network information + - disable_dgaf parameter to disable downstream group-addressed + forwarding + * simplified licensing terms by selecting the BSD license as the only + alternative + * EAP-SIM: fixed re-authentication not to update pseudonym + * EAP-SIM: use Notification round before EAP-Failure + * EAP-AKA: added support for AT_COUNTER_TOO_SMALL + * EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized + * EAP-AKA': fixed identity for MK derivation + * EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this + breaks interoperability with older versions + * EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id + * changed ANonce to be a random number instead of Counter-based + * added support for canceling WPS operations with hostapd_cli wps_cancel + * fixed EAP/WPS to PSK transition on reassociation in cases where + deauthentication is missed + * hlr_auc_gw enhancements: + - a new command line parameter -u can be used to enable updating of + SQN in Milenage file + - use 5 bit IND for SQN updates + - SQLite database can now be used to store Milenage information + * EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms + and reauth data + * added support for Chargeable-User-Identity (RFC 4372) + * added radius_auth_req_attr and radius_acct_req_attr configuration + parameters to allow adding/overriding of RADIUS attributes in + Access-Request and Accounting-Request packets + * added support for RADIUS dynamic authorization server (RFC 5176) + * added initial support for WNM operations + - BSS max idle period + - WNM-Sleep Mode + * added new WPS NFC ctrl_iface mechanism + - removed obsoleted WPS_OOB command (including support for deprecated + UFD config_method) + * added FT support for drivers that implement MLME internally + * added SA Query support for drivers that implement MLME internally + * removed default ACM=1 from AC_VO and AC_VI + * changed VENDOR-TEST EAP method to use proper private enterprise number + (this will not interoperate with older versions) + * added hostapd.conf parameter vendor_elements to allow arbitrary vendor + specific elements to be added to the Beacon and Probe Response frames + * added support for configuring GCMP cipher for IEEE 802.11ad + * added support for 256-bit AES with internal TLS implementation + * changed EAPOL transmission to use AC_VO if WMM is active + * fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length + correctly; invalid messages could have caused the hostapd process to + terminate before this fix [CVE-2012-4445] + * limit number of active wildcard PINs for WPS Registrar to one to avoid + confusing behavior with multiple wildcard PINs + * added a workaround for WPS PBC session overlap detection to avoid + interop issues with deployed station implementations that do not + remove active PBC indication from Probe Request frames properly + 2012-05-10 - v1.0 * Add channel selection support in hostapd. See hostapd.conf. * Add support for IEEE 802.11v Time Advertisement mechanism with UTC diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog index 650b8a0e7..6a5ab17a3 100644 --- a/wpa_supplicant/ChangeLog +++ b/wpa_supplicant/ChangeLog @@ -1,5 +1,229 @@ ChangeLog for wpa_supplicant +????-??-?? - v2.0 + * removed Qt3-based wpa_gui (obsoleted by wpa_qui-qt4) + * removed unmaintained driver wrappers broadcom, iphone, osx, ralink, + hostap, madwifi (hostap and madwifi remain available for hostapd; + their wpa_supplicant functionality is obsoleted by wext) + * improved debug logging (human readable event names, interface name + included in more entries) + * changed AP mode behavior to enable WPS only for open and + WPA/WPA2-Personal configuration + * improved P2P concurrency operations + - better coordination of concurrent scan and P2P search operations + - avoid concurrent remain-on-channel operation requests by canceling + previous operations prior to starting a new one + - reject operations that would require multi-channel concurrency if + the driver does not support it + - add parameter to select whether STA or P2P connection is preferred + if the driver cannot support both at the same time + - allow driver to indicate channel changes + - added optional delay= parameter for + p2p_find to avoid taking all radio resources + - use 500 ms p2p_find search delay by default during concurrent + operations + - allow all channels in GO Negotiation if the driver supports + multi-channel concurrency + * added number of small changes to make it easier for static analyzers + to understand the implementation + * fixed number of small bugs (see git logs for more details) + * nl80211: number of updates to use new cfg80211/nl80211 functionality + - replace monitor interface with nl80211 commands for AP mode + - additional information for driver-based AP SME + - STA entry authorization in RSN IBSS + * EAP-pwd: + - fixed KDF for group 21 and zero-padding + - added support for fragmentation + - increased maximum number of hunting-and-pecking iterations + * avoid excessive Probe Response retries for broadcast Probe Request + frames (only with drivers using wpa_supplicant AP mode SME/MLME) + * added "GET country" ctrl_iface command + * do not save an invalid network block in wpa_supplicant.conf to avoid + problems reading the file on next start + * send STA connected/disconnected ctrl_iface events to both the P2P + group and parent interfaces + * added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y) + * added "SET pno <1/0>" ctrl_iface command to start/stop preferred + network offload with sched_scan driver command + * merged in number of changes from Android repository for P2P, nl80211, + and build parameters + * changed P2P GO mode configuration to use driver capabilities to + automatically enable HT operations when supported + * added "wpa_cli status wps" command to fetch WPA2-Personal passhrase + for WPS use cases in AP mode + * EAP-AKA: keep pseudonym identity across EAP exchanges to match EAP-SIM + behavior + * improved reassociation behavior in cases where association is rejected + or when an AP disconnects us to handle common load balancing + mechanisms + - try to avoid extra scans when the needed information is available + * added optional "join" argument for p2p_prov_disc ctrl_iface command + * added group ifname to P2P-PROV-DISC-* events + * added P2P Device Address to AP-STA-DISCONNECTED event and use + p2p_dev_addr parameter name with AP-STA-CONNECTED + * added workarounds for WPS PBC overlap detection for some P2P use cases + where deployed stations work incorrectly + * optimize WPS connection speed by disconnecting prior to WPS scan and + by using single channel scans when AP channel is known + * PCSC and SIM/USIM improvements: + - accept 0x67 (Wrong length) as a response to READ RECORD to fix + issues with some USIM cards + - try to read MNC length from SIM/USIM + - build realm according to 3GPP TS 23.003 with identity from the SIM + - allow T1 protocol to be enabled + * added more WPS and P2P information available through D-Bus + * improve P2P negotiation robustness + - extra waits to get ACK frames through + - longer timeouts for cases where deployed devices have been + identified have issues meeting the specification requirements + - more retries for some P2P frames + - handle race conditions in GO Negotiation start by both devices + - ignore unexpected GO Negotiation Response frame + * added support for libnl 3.2 and newer + * added P2P persistent group info to P2P_PEER data + * maintain a list of P2P Clients for persistent group on GO + * AP: increased initial group key handshake retransmit timeout to 500 ms + * added optional dev_id parameter for p2p_find + * added P2P-FIND-STOPPED ctrl_iface event + * fixed issues in WPA/RSN element validation when roaming with ap_scan=1 + and driver-based BSS selection + * do not expire P2P peer entries while connected with the peer in a + group + * fixed WSC element inclusion in cases where P2P is disabled + * AP: added a WPS workaround for mixed mode AP Settings with Windows 7 + * EAP-SIM: fixed AT_COUNTER_TOO_SMALL use + * EAP-SIM/AKA: append realm to pseudonym identity + * EAP-SIM/AKA: store pseudonym identity in network configuration to + allow it to persist over multiple EAP sessions and wpa_supplicant + restarts + * EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this + breaks interoperability with older versions + * added support for WFA Hotspot 2.0 + - GAS/ANQP to fetch network information + - credential configuration and automatic network selections based on + credential match with ANQP information + * limited PMKSA cache entries to be used only with the network context + that was used to create them + * adjusted bgscan_simple fast-scan backoff to avoid too frequent + background scans + * removed ctrl_iface event on P2P PD Response in join-group case + * added option to fetch BSS table entry based on P2P Device Address + ("BSS p2p_dev_addr=") + * added BSS entry age to ctrl_iface BSS command output + * added optional MASK=0xH option for ctrl_iface BSS command to select + which fields are included in the response + * added optional RANGE=ALL|N1-N2 option for ctrl_iface BSS command to + fetch information about several BSSes in one call + * simplified licensing terms by selecting the BSD license as the only + alternative + * added "P2P_SET disallow_freq " ctrl_iface command to + disable channels from P2P use + * added p2p_pref_chan configuration parameter to allow preferred P2P + channels to be specified + * added support for advertising immediate availability of a WPS + credential for P2P use cases + * optimized scan operations for P2P use cases (use single channel scan + for a specific SSID when possible) + * EAP-TTLS: fixed peer challenge generation for MSCHAPv2 + * SME: do not use reassociation after explicit disconnection request + (local or a notification from an AP) + * added support for sending debug info to Linux tracing (-T on command + line) + * added support for using Deauthentication reason code 3 as an + indication of P2P group termination + * added wps_vendor_ext_m1 configuration parameter to allow vendor + specific attributes to be added to WPS M1 + * started using separate TLS library context for tunneled TLS + (EAP-PEAP/TLS, EAP-TTLS/TLS, EAP-FAST/TLS) to support different CA + certificate configuration between Phase 1 and Phase 2 + * added optional "auto" parameter for p2p_connect to request automatic + GO Negotiation vs. join-a-group selection + * added disabled_scan_offload parameter to disable automatic scan + offloading (sched_scan) + * added optional persistent= parameter for p2p_connect to + allow forcing of a specific SSID/passphrase for GO Negotiation + * added support for OBSS scan requests and 20/40 BSS coexistence reports + * reject PD Request for unknown group + * removed scripts and notes related to Windows binary releases (which + have not been used starting from 1.x) + * added initial support for WNM operations + - Keep-alive based on BSS max idle period + - WNM-Sleep Mode + * added autoscan module to control scanning behavior while not connected + - autoscan_periodic and autoscan_exponential modules + * added new WPS NFC ctrl_iface mechanism + - added initial support NFC connection handover + - removed obsoleted WPS_OOB command (including support for deprecated + UFD config_method) + * added optional framework for external password storage ("ext:") + * wpa_cli: added optional support for controlling wpa_supplicant + remotely over UDP (CONFIG_CTRL_IFACE=udp-remote) for testing purposes + * wpa_cli: extended tab completion to more commands + * changed SSID output to use printf-escaped strings instead of masking + of non-ASCII characters + - SSID can now be configured in the same format: ssid=P"abc\x00test" + * removed default ACM=1 from AC_VO and AC_VI + * added optional "ht40" argument for P2P ctrl_iface commands to allow + 40 MHz channels to be requested on the 5 GHz band + * added optional parameters for p2p_invite command to specify channel + when reinvoking a persistent group as the GO + * improved FIPS mode builds with OpenSSL + - "make fips" with CONFIG_FIPS=y to build wpa_supplicant with the + OpenSSL FIPS object module + - replace low level OpenSSL AES API calls to use EVP + - use OpenSSL keying material exporter when possible + - do not export TLS keys in FIPS mode + - remove MD5 from CONFIG_FIPS=y builds + - use OpenSSL function for PKBDF2 passphrase-to-PSK + - use OpenSSL HMAC implementation + - mix RAND_bytes() output into random_get_bytes() to force OpenSSL + DRBG to be used in FIPS mode + - use OpenSSL CMAC implementation + * added mechanism to disable TLS Session Ticket extension + - a workaround for servers that do not support TLS extensions that + was enabled by default in recent OpenSSL versions + - tls_disable_session_ticket=1 + - automatically disable TLS Session Ticket extension by default when + using EAP-TLS/PEAP/TTLS (i.e., only use it with EAP-FAST) + * changed VENDOR-TEST EAP method to use proper private enterprise number + (this will not interoperate with older versions) + * disable network block temporarily on authentication failures + * improved WPS AP selection during WPS PIN iteration + * added support for configuring GCMP cipher for IEEE 802.11ad + * added support for Wi-Fi Display extensions + - WFD_SUBELEMENT_SET ctrl_iface command to configure WFD subelements + - SET wifi_display <0/1> to disable/enable WFD support + - WFD service discovery + - an external program is needed to manage the audio/video streaming + and codecs + * optimized scan result use for network selection + - use the internal BSS table instead of raw scan results + - allow unnecessary scans to be skipped if fresh information is + available (e.g., after GAS/ANQP round for Interworking) + * added support for 256-bit AES with internal TLS implementation + * allow peer to propose channel in P2P invitation process for a + persistent group + * added disallow_aps parameter to allow BSSIDs/SSIDs to be disallowed + from network selection + * re-enable the networks disabled during WPS operations + * allow P2P functionality to be disabled per interface (p2p_disabled=1) + * added secondary device types into P2P_PEER output + * added an option to disable use of a separate P2P group interface + (p2p_no_group_iface=1) + * fixed P2P Bonjour SD to match entries with both compressed and not + compressed domain name format and support multiple Bonjour PTR matches + for the same key + * use deauthentication instead of disassociation for all disconnection + operations; this removes the now unused disassociate() wpa_driver_ops + callback + * optimized PSK generation on P2P GO by caching results to avoid + multiple PBKDF2 operations + * added okc=1 global configuration parameter to allow OKC to be enabled + by default for all network blocks + * added a workaround for WPS PBC session overlap detection to avoid + interop issues with deployed station implementations that do not + remove active PBC indication from Probe Request frames properly + 2012-05-10 - v1.0 * bsd: Add support for setting HT values in IFM_MMASK. * Delay STA entry removal until Deauth/Disassoc TX status in AP mode.