Update ChangeLog files to match the current implementation
This commit adds description of the main changes from the forking of hostap-1.git for 1.x releases to the current master branch snapshot. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
c772d054c2
commit
1ae1570b5f
2 changed files with 314 additions and 0 deletions
|
@ -1,5 +1,95 @@
|
||||||
ChangeLog for hostapd
|
ChangeLog for hostapd
|
||||||
|
|
||||||
|
????-??-?? - v2.0
|
||||||
|
* added AP-STA-DISCONNECTED ctrl_iface event
|
||||||
|
* improved debug logging (human readable event names, interface name
|
||||||
|
included in more entries)
|
||||||
|
* added number of small changes to make it easier for static analyzers
|
||||||
|
to understand the implementation
|
||||||
|
* added a workaround for Windows 7 Michael MIC failure reporting and
|
||||||
|
use of the Secure bit in EAPOL-Key msg 3/4
|
||||||
|
* fixed number of small bugs (see git logs for more details)
|
||||||
|
* changed OpenSSL to read full certificate chain from server_cert file
|
||||||
|
* nl80211: number of updates to use new cfg80211/nl80211 functionality
|
||||||
|
- replace monitor interface with nl80211 commands
|
||||||
|
- additional information for driver-based AP SME
|
||||||
|
* EAP-pwd:
|
||||||
|
- fix KDF for group 21 and zero-padding
|
||||||
|
- added support for fragmentation
|
||||||
|
- increased maximum number of hunting-and-pecking iterations
|
||||||
|
* avoid excessive Probe Response retries for broadcast Probe Request
|
||||||
|
frames (only with drivers using hostapd SME/MLME)
|
||||||
|
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
|
||||||
|
* fixed WPS operation stopping on dual concurrent AP
|
||||||
|
* added wps_rf_bands configuration parameter for overriding RF Bands
|
||||||
|
value for WPS
|
||||||
|
* added support for getting per-device PSK from RADIUS Tunnel-Password
|
||||||
|
* added support for libnl 3.2 and newer
|
||||||
|
* increased initial group key handshake retransmit timeout to 500 ms
|
||||||
|
* added a workaround for 4-way handshake to update SNonce even after
|
||||||
|
having sent EAPOL-Key 3/4 to avoid issues with some supplicant
|
||||||
|
implementations that can change SNonce for each EAP-Key 2/4
|
||||||
|
* added a workaround for EAPOL-Key 4/4 using incorrect type value in
|
||||||
|
WPA2 mode (some deployed stations use WPA type in that message)
|
||||||
|
* added a WPS workaround for mixed mode AP Settings with Windows 7
|
||||||
|
* changed WPS AP PIN disabling mechanism to disable the PIN after 10
|
||||||
|
consecutive failures in addition to using the exponential lockout
|
||||||
|
period
|
||||||
|
* added support for WFA Hotspot 2.0
|
||||||
|
- GAS/ANQP advertisement of network information
|
||||||
|
- disable_dgaf parameter to disable downstream group-addressed
|
||||||
|
forwarding
|
||||||
|
* simplified licensing terms by selecting the BSD license as the only
|
||||||
|
alternative
|
||||||
|
* EAP-SIM: fixed re-authentication not to update pseudonym
|
||||||
|
* EAP-SIM: use Notification round before EAP-Failure
|
||||||
|
* EAP-AKA: added support for AT_COUNTER_TOO_SMALL
|
||||||
|
* EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
|
||||||
|
* EAP-AKA': fixed identity for MK derivation
|
||||||
|
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
|
||||||
|
breaks interoperability with older versions
|
||||||
|
* EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
|
||||||
|
* changed ANonce to be a random number instead of Counter-based
|
||||||
|
* added support for canceling WPS operations with hostapd_cli wps_cancel
|
||||||
|
* fixed EAP/WPS to PSK transition on reassociation in cases where
|
||||||
|
deauthentication is missed
|
||||||
|
* hlr_auc_gw enhancements:
|
||||||
|
- a new command line parameter -u can be used to enable updating of
|
||||||
|
SQN in Milenage file
|
||||||
|
- use 5 bit IND for SQN updates
|
||||||
|
- SQLite database can now be used to store Milenage information
|
||||||
|
* EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
|
||||||
|
and reauth data
|
||||||
|
* added support for Chargeable-User-Identity (RFC 4372)
|
||||||
|
* added radius_auth_req_attr and radius_acct_req_attr configuration
|
||||||
|
parameters to allow adding/overriding of RADIUS attributes in
|
||||||
|
Access-Request and Accounting-Request packets
|
||||||
|
* added support for RADIUS dynamic authorization server (RFC 5176)
|
||||||
|
* added initial support for WNM operations
|
||||||
|
- BSS max idle period
|
||||||
|
- WNM-Sleep Mode
|
||||||
|
* added new WPS NFC ctrl_iface mechanism
|
||||||
|
- removed obsoleted WPS_OOB command (including support for deprecated
|
||||||
|
UFD config_method)
|
||||||
|
* added FT support for drivers that implement MLME internally
|
||||||
|
* added SA Query support for drivers that implement MLME internally
|
||||||
|
* removed default ACM=1 from AC_VO and AC_VI
|
||||||
|
* changed VENDOR-TEST EAP method to use proper private enterprise number
|
||||||
|
(this will not interoperate with older versions)
|
||||||
|
* added hostapd.conf parameter vendor_elements to allow arbitrary vendor
|
||||||
|
specific elements to be added to the Beacon and Probe Response frames
|
||||||
|
* added support for configuring GCMP cipher for IEEE 802.11ad
|
||||||
|
* added support for 256-bit AES with internal TLS implementation
|
||||||
|
* changed EAPOL transmission to use AC_VO if WMM is active
|
||||||
|
* fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
|
||||||
|
correctly; invalid messages could have caused the hostapd process to
|
||||||
|
terminate before this fix [CVE-2012-4445]
|
||||||
|
* limit number of active wildcard PINs for WPS Registrar to one to avoid
|
||||||
|
confusing behavior with multiple wildcard PINs
|
||||||
|
* added a workaround for WPS PBC session overlap detection to avoid
|
||||||
|
interop issues with deployed station implementations that do not
|
||||||
|
remove active PBC indication from Probe Request frames properly
|
||||||
|
|
||||||
2012-05-10 - v1.0
|
2012-05-10 - v1.0
|
||||||
* Add channel selection support in hostapd. See hostapd.conf.
|
* Add channel selection support in hostapd. See hostapd.conf.
|
||||||
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
|
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
|
||||||
|
|
|
@ -1,5 +1,229 @@
|
||||||
ChangeLog for wpa_supplicant
|
ChangeLog for wpa_supplicant
|
||||||
|
|
||||||
|
????-??-?? - v2.0
|
||||||
|
* removed Qt3-based wpa_gui (obsoleted by wpa_qui-qt4)
|
||||||
|
* removed unmaintained driver wrappers broadcom, iphone, osx, ralink,
|
||||||
|
hostap, madwifi (hostap and madwifi remain available for hostapd;
|
||||||
|
their wpa_supplicant functionality is obsoleted by wext)
|
||||||
|
* improved debug logging (human readable event names, interface name
|
||||||
|
included in more entries)
|
||||||
|
* changed AP mode behavior to enable WPS only for open and
|
||||||
|
WPA/WPA2-Personal configuration
|
||||||
|
* improved P2P concurrency operations
|
||||||
|
- better coordination of concurrent scan and P2P search operations
|
||||||
|
- avoid concurrent remain-on-channel operation requests by canceling
|
||||||
|
previous operations prior to starting a new one
|
||||||
|
- reject operations that would require multi-channel concurrency if
|
||||||
|
the driver does not support it
|
||||||
|
- add parameter to select whether STA or P2P connection is preferred
|
||||||
|
if the driver cannot support both at the same time
|
||||||
|
- allow driver to indicate channel changes
|
||||||
|
- added optional delay=<search delay in milliseconds> parameter for
|
||||||
|
p2p_find to avoid taking all radio resources
|
||||||
|
- use 500 ms p2p_find search delay by default during concurrent
|
||||||
|
operations
|
||||||
|
- allow all channels in GO Negotiation if the driver supports
|
||||||
|
multi-channel concurrency
|
||||||
|
* added number of small changes to make it easier for static analyzers
|
||||||
|
to understand the implementation
|
||||||
|
* fixed number of small bugs (see git logs for more details)
|
||||||
|
* nl80211: number of updates to use new cfg80211/nl80211 functionality
|
||||||
|
- replace monitor interface with nl80211 commands for AP mode
|
||||||
|
- additional information for driver-based AP SME
|
||||||
|
- STA entry authorization in RSN IBSS
|
||||||
|
* EAP-pwd:
|
||||||
|
- fixed KDF for group 21 and zero-padding
|
||||||
|
- added support for fragmentation
|
||||||
|
- increased maximum number of hunting-and-pecking iterations
|
||||||
|
* avoid excessive Probe Response retries for broadcast Probe Request
|
||||||
|
frames (only with drivers using wpa_supplicant AP mode SME/MLME)
|
||||||
|
* added "GET country" ctrl_iface command
|
||||||
|
* do not save an invalid network block in wpa_supplicant.conf to avoid
|
||||||
|
problems reading the file on next start
|
||||||
|
* send STA connected/disconnected ctrl_iface events to both the P2P
|
||||||
|
group and parent interfaces
|
||||||
|
* added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y)
|
||||||
|
* added "SET pno <1/0>" ctrl_iface command to start/stop preferred
|
||||||
|
network offload with sched_scan driver command
|
||||||
|
* merged in number of changes from Android repository for P2P, nl80211,
|
||||||
|
and build parameters
|
||||||
|
* changed P2P GO mode configuration to use driver capabilities to
|
||||||
|
automatically enable HT operations when supported
|
||||||
|
* added "wpa_cli status wps" command to fetch WPA2-Personal passhrase
|
||||||
|
for WPS use cases in AP mode
|
||||||
|
* EAP-AKA: keep pseudonym identity across EAP exchanges to match EAP-SIM
|
||||||
|
behavior
|
||||||
|
* improved reassociation behavior in cases where association is rejected
|
||||||
|
or when an AP disconnects us to handle common load balancing
|
||||||
|
mechanisms
|
||||||
|
- try to avoid extra scans when the needed information is available
|
||||||
|
* added optional "join" argument for p2p_prov_disc ctrl_iface command
|
||||||
|
* added group ifname to P2P-PROV-DISC-* events
|
||||||
|
* added P2P Device Address to AP-STA-DISCONNECTED event and use
|
||||||
|
p2p_dev_addr parameter name with AP-STA-CONNECTED
|
||||||
|
* added workarounds for WPS PBC overlap detection for some P2P use cases
|
||||||
|
where deployed stations work incorrectly
|
||||||
|
* optimize WPS connection speed by disconnecting prior to WPS scan and
|
||||||
|
by using single channel scans when AP channel is known
|
||||||
|
* PCSC and SIM/USIM improvements:
|
||||||
|
- accept 0x67 (Wrong length) as a response to READ RECORD to fix
|
||||||
|
issues with some USIM cards
|
||||||
|
- try to read MNC length from SIM/USIM
|
||||||
|
- build realm according to 3GPP TS 23.003 with identity from the SIM
|
||||||
|
- allow T1 protocol to be enabled
|
||||||
|
* added more WPS and P2P information available through D-Bus
|
||||||
|
* improve P2P negotiation robustness
|
||||||
|
- extra waits to get ACK frames through
|
||||||
|
- longer timeouts for cases where deployed devices have been
|
||||||
|
identified have issues meeting the specification requirements
|
||||||
|
- more retries for some P2P frames
|
||||||
|
- handle race conditions in GO Negotiation start by both devices
|
||||||
|
- ignore unexpected GO Negotiation Response frame
|
||||||
|
* added support for libnl 3.2 and newer
|
||||||
|
* added P2P persistent group info to P2P_PEER data
|
||||||
|
* maintain a list of P2P Clients for persistent group on GO
|
||||||
|
* AP: increased initial group key handshake retransmit timeout to 500 ms
|
||||||
|
* added optional dev_id parameter for p2p_find
|
||||||
|
* added P2P-FIND-STOPPED ctrl_iface event
|
||||||
|
* fixed issues in WPA/RSN element validation when roaming with ap_scan=1
|
||||||
|
and driver-based BSS selection
|
||||||
|
* do not expire P2P peer entries while connected with the peer in a
|
||||||
|
group
|
||||||
|
* fixed WSC element inclusion in cases where P2P is disabled
|
||||||
|
* AP: added a WPS workaround for mixed mode AP Settings with Windows 7
|
||||||
|
* EAP-SIM: fixed AT_COUNTER_TOO_SMALL use
|
||||||
|
* EAP-SIM/AKA: append realm to pseudonym identity
|
||||||
|
* EAP-SIM/AKA: store pseudonym identity in network configuration to
|
||||||
|
allow it to persist over multiple EAP sessions and wpa_supplicant
|
||||||
|
restarts
|
||||||
|
* EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
|
||||||
|
breaks interoperability with older versions
|
||||||
|
* added support for WFA Hotspot 2.0
|
||||||
|
- GAS/ANQP to fetch network information
|
||||||
|
- credential configuration and automatic network selections based on
|
||||||
|
credential match with ANQP information
|
||||||
|
* limited PMKSA cache entries to be used only with the network context
|
||||||
|
that was used to create them
|
||||||
|
* adjusted bgscan_simple fast-scan backoff to avoid too frequent
|
||||||
|
background scans
|
||||||
|
* removed ctrl_iface event on P2P PD Response in join-group case
|
||||||
|
* added option to fetch BSS table entry based on P2P Device Address
|
||||||
|
("BSS p2p_dev_addr=<P2P Device Address>")
|
||||||
|
* added BSS entry age to ctrl_iface BSS command output
|
||||||
|
* added optional MASK=0xH option for ctrl_iface BSS command to select
|
||||||
|
which fields are included in the response
|
||||||
|
* added optional RANGE=ALL|N1-N2 option for ctrl_iface BSS command to
|
||||||
|
fetch information about several BSSes in one call
|
||||||
|
* simplified licensing terms by selecting the BSD license as the only
|
||||||
|
alternative
|
||||||
|
* added "P2P_SET disallow_freq <freq list>" ctrl_iface command to
|
||||||
|
disable channels from P2P use
|
||||||
|
* added p2p_pref_chan configuration parameter to allow preferred P2P
|
||||||
|
channels to be specified
|
||||||
|
* added support for advertising immediate availability of a WPS
|
||||||
|
credential for P2P use cases
|
||||||
|
* optimized scan operations for P2P use cases (use single channel scan
|
||||||
|
for a specific SSID when possible)
|
||||||
|
* EAP-TTLS: fixed peer challenge generation for MSCHAPv2
|
||||||
|
* SME: do not use reassociation after explicit disconnection request
|
||||||
|
(local or a notification from an AP)
|
||||||
|
* added support for sending debug info to Linux tracing (-T on command
|
||||||
|
line)
|
||||||
|
* added support for using Deauthentication reason code 3 as an
|
||||||
|
indication of P2P group termination
|
||||||
|
* added wps_vendor_ext_m1 configuration parameter to allow vendor
|
||||||
|
specific attributes to be added to WPS M1
|
||||||
|
* started using separate TLS library context for tunneled TLS
|
||||||
|
(EAP-PEAP/TLS, EAP-TTLS/TLS, EAP-FAST/TLS) to support different CA
|
||||||
|
certificate configuration between Phase 1 and Phase 2
|
||||||
|
* added optional "auto" parameter for p2p_connect to request automatic
|
||||||
|
GO Negotiation vs. join-a-group selection
|
||||||
|
* added disabled_scan_offload parameter to disable automatic scan
|
||||||
|
offloading (sched_scan)
|
||||||
|
* added optional persistent=<network id> parameter for p2p_connect to
|
||||||
|
allow forcing of a specific SSID/passphrase for GO Negotiation
|
||||||
|
* added support for OBSS scan requests and 20/40 BSS coexistence reports
|
||||||
|
* reject PD Request for unknown group
|
||||||
|
* removed scripts and notes related to Windows binary releases (which
|
||||||
|
have not been used starting from 1.x)
|
||||||
|
* added initial support for WNM operations
|
||||||
|
- Keep-alive based on BSS max idle period
|
||||||
|
- WNM-Sleep Mode
|
||||||
|
* added autoscan module to control scanning behavior while not connected
|
||||||
|
- autoscan_periodic and autoscan_exponential modules
|
||||||
|
* added new WPS NFC ctrl_iface mechanism
|
||||||
|
- added initial support NFC connection handover
|
||||||
|
- removed obsoleted WPS_OOB command (including support for deprecated
|
||||||
|
UFD config_method)
|
||||||
|
* added optional framework for external password storage ("ext:<name>")
|
||||||
|
* wpa_cli: added optional support for controlling wpa_supplicant
|
||||||
|
remotely over UDP (CONFIG_CTRL_IFACE=udp-remote) for testing purposes
|
||||||
|
* wpa_cli: extended tab completion to more commands
|
||||||
|
* changed SSID output to use printf-escaped strings instead of masking
|
||||||
|
of non-ASCII characters
|
||||||
|
- SSID can now be configured in the same format: ssid=P"abc\x00test"
|
||||||
|
* removed default ACM=1 from AC_VO and AC_VI
|
||||||
|
* added optional "ht40" argument for P2P ctrl_iface commands to allow
|
||||||
|
40 MHz channels to be requested on the 5 GHz band
|
||||||
|
* added optional parameters for p2p_invite command to specify channel
|
||||||
|
when reinvoking a persistent group as the GO
|
||||||
|
* improved FIPS mode builds with OpenSSL
|
||||||
|
- "make fips" with CONFIG_FIPS=y to build wpa_supplicant with the
|
||||||
|
OpenSSL FIPS object module
|
||||||
|
- replace low level OpenSSL AES API calls to use EVP
|
||||||
|
- use OpenSSL keying material exporter when possible
|
||||||
|
- do not export TLS keys in FIPS mode
|
||||||
|
- remove MD5 from CONFIG_FIPS=y builds
|
||||||
|
- use OpenSSL function for PKBDF2 passphrase-to-PSK
|
||||||
|
- use OpenSSL HMAC implementation
|
||||||
|
- mix RAND_bytes() output into random_get_bytes() to force OpenSSL
|
||||||
|
DRBG to be used in FIPS mode
|
||||||
|
- use OpenSSL CMAC implementation
|
||||||
|
* added mechanism to disable TLS Session Ticket extension
|
||||||
|
- a workaround for servers that do not support TLS extensions that
|
||||||
|
was enabled by default in recent OpenSSL versions
|
||||||
|
- tls_disable_session_ticket=1
|
||||||
|
- automatically disable TLS Session Ticket extension by default when
|
||||||
|
using EAP-TLS/PEAP/TTLS (i.e., only use it with EAP-FAST)
|
||||||
|
* changed VENDOR-TEST EAP method to use proper private enterprise number
|
||||||
|
(this will not interoperate with older versions)
|
||||||
|
* disable network block temporarily on authentication failures
|
||||||
|
* improved WPS AP selection during WPS PIN iteration
|
||||||
|
* added support for configuring GCMP cipher for IEEE 802.11ad
|
||||||
|
* added support for Wi-Fi Display extensions
|
||||||
|
- WFD_SUBELEMENT_SET ctrl_iface command to configure WFD subelements
|
||||||
|
- SET wifi_display <0/1> to disable/enable WFD support
|
||||||
|
- WFD service discovery
|
||||||
|
- an external program is needed to manage the audio/video streaming
|
||||||
|
and codecs
|
||||||
|
* optimized scan result use for network selection
|
||||||
|
- use the internal BSS table instead of raw scan results
|
||||||
|
- allow unnecessary scans to be skipped if fresh information is
|
||||||
|
available (e.g., after GAS/ANQP round for Interworking)
|
||||||
|
* added support for 256-bit AES with internal TLS implementation
|
||||||
|
* allow peer to propose channel in P2P invitation process for a
|
||||||
|
persistent group
|
||||||
|
* added disallow_aps parameter to allow BSSIDs/SSIDs to be disallowed
|
||||||
|
from network selection
|
||||||
|
* re-enable the networks disabled during WPS operations
|
||||||
|
* allow P2P functionality to be disabled per interface (p2p_disabled=1)
|
||||||
|
* added secondary device types into P2P_PEER output
|
||||||
|
* added an option to disable use of a separate P2P group interface
|
||||||
|
(p2p_no_group_iface=1)
|
||||||
|
* fixed P2P Bonjour SD to match entries with both compressed and not
|
||||||
|
compressed domain name format and support multiple Bonjour PTR matches
|
||||||
|
for the same key
|
||||||
|
* use deauthentication instead of disassociation for all disconnection
|
||||||
|
operations; this removes the now unused disassociate() wpa_driver_ops
|
||||||
|
callback
|
||||||
|
* optimized PSK generation on P2P GO by caching results to avoid
|
||||||
|
multiple PBKDF2 operations
|
||||||
|
* added okc=1 global configuration parameter to allow OKC to be enabled
|
||||||
|
by default for all network blocks
|
||||||
|
* added a workaround for WPS PBC session overlap detection to avoid
|
||||||
|
interop issues with deployed station implementations that do not
|
||||||
|
remove active PBC indication from Probe Request frames properly
|
||||||
|
|
||||||
2012-05-10 - v1.0
|
2012-05-10 - v1.0
|
||||||
* bsd: Add support for setting HT values in IFM_MMASK.
|
* bsd: Add support for setting HT values in IFM_MMASK.
|
||||||
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
|
* Delay STA entry removal until Deauth/Disassoc TX status in AP mode.
|
||||||
|
|
Loading…
Reference in a new issue