|
|
|
@ -1,5 +1,68 @@
|
|
|
|
|
ChangeLog for wpa_supplicant
|
|
|
|
|
|
|
|
|
|
2015-09-27 - v2.5
|
|
|
|
|
* fixed P2P validation of SSID element length before copying it
|
|
|
|
|
[http://w1.fi/security/2015-1/] (CVE-2015-1863)
|
|
|
|
|
* fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
|
|
|
|
|
[http://w1.fi/security/2015-2/] (CVE-2015-4141)
|
|
|
|
|
* fixed WMM Action frame parser (AP mode)
|
|
|
|
|
[http://w1.fi/security/2015-3/] (CVE-2015-4142)
|
|
|
|
|
* fixed EAP-pwd peer missing payload length validation
|
|
|
|
|
[http://w1.fi/security/2015-4/]
|
|
|
|
|
(CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
|
|
|
|
|
* fixed validation of WPS and P2P NFC NDEF record payload length
|
|
|
|
|
[http://w1.fi/security/2015-5/]
|
|
|
|
|
* nl80211:
|
|
|
|
|
- added VHT configuration for IBSS
|
|
|
|
|
- fixed vendor command handling to check OUI properly
|
|
|
|
|
- allow driver-based roaming to change ESS
|
|
|
|
|
* added AVG_BEACON_RSSI to SIGNAL_POLL output
|
|
|
|
|
* wpa_cli: added tab completion for number of commands
|
|
|
|
|
* removed unmaintained and not yet completed SChannel/CryptoAPI support
|
|
|
|
|
* modified Extended Capabilities element use in Probe Request frames to
|
|
|
|
|
include all cases if any of the values are non-zero
|
|
|
|
|
* added support for dynamically creating/removing a virtual interface
|
|
|
|
|
with interface_add/interface_remove
|
|
|
|
|
* added support for hashed password (NtHash) in EAP-pwd peer
|
|
|
|
|
* added support for memory-only PSK/passphrase (mem_only_psk=1 and
|
|
|
|
|
CTRL-REQ/RSP-PSK_PASSPHRASE)
|
|
|
|
|
* P2P
|
|
|
|
|
- optimize scan frequencies list when re-joining a persistent group
|
|
|
|
|
- fixed number of sequences with nl80211 P2P Device interface
|
|
|
|
|
- added operating class 125 for P2P use cases (this allows 5 GHz
|
|
|
|
|
channels 161 and 169 to be used if they are enabled in the current
|
|
|
|
|
regulatory domain)
|
|
|
|
|
- number of fixes to P2PS functionality
|
|
|
|
|
- do not allow 40 MHz co-ex PRI/SEC switch to force MCC
|
|
|
|
|
- extended support for preferred channel listing
|
|
|
|
|
* D-Bus:
|
|
|
|
|
- fixed WPS property of fi.w1.wpa_supplicant1.BSS interface
|
|
|
|
|
- fixed PresenceRequest to use group interface
|
|
|
|
|
- added new signals: FindStopped, WPS pbc-overlap,
|
|
|
|
|
GroupFormationFailure, WPS timeout, InvitationReceived
|
|
|
|
|
- added new methods: WPS Cancel, P2P Cancel, Reconnect, RemoveClient
|
|
|
|
|
- added manufacturer info
|
|
|
|
|
* added EAP-EKE peer support for deriving Session-Id
|
|
|
|
|
* added wps_priority configuration parameter to set the default priority
|
|
|
|
|
for all network profiles added by WPS
|
|
|
|
|
* added support to request a scan with specific SSIDs with the SCAN
|
|
|
|
|
command (optional "ssid <hexdump>" arguments)
|
|
|
|
|
* removed support for WEP40/WEP104 as a group cipher with WPA/WPA2
|
|
|
|
|
* fixed SAE group selection in an error case
|
|
|
|
|
* modified SAE routines to be more robust and PWE generation to be
|
|
|
|
|
stronger against timing attacks
|
|
|
|
|
* added support for Brainpool Elliptic Curves with SAE
|
|
|
|
|
* added support for CCMP-256 and GCMP-256 as group ciphers with FT
|
|
|
|
|
* fixed BSS selection based on estimated throughput
|
|
|
|
|
* added option to disable TLSv1.0 with OpenSSL
|
|
|
|
|
(phase1="tls_disable_tlsv1_0=1")
|
|
|
|
|
* added Fast Session Transfer (FST) module
|
|
|
|
|
* fixed OpenSSL PKCS#12 extra certificate handling
|
|
|
|
|
* fixed key derivation for Suite B 192-bit AKM (this breaks
|
|
|
|
|
compatibility with the earlier version)
|
|
|
|
|
* added RSN IE to Mesh Peering Open/Confirm frames
|
|
|
|
|
* number of small fixes
|
|
|
|
|
|
|
|
|
|
2015-03-15 - v2.4
|
|
|
|
|
* allow OpenSSL cipher configuration to be set for internal EAP server
|
|
|
|
|
(openssl_ciphers parameter)
|
|
|
|
|