From c2c6c01bb8b6fafc2074b46a53c4eab2c145ac6f Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 2 Dec 2018 20:56:31 +0200 Subject: [PATCH] Update version to v2.7 and copyright years to include 2018 Also add the ChangeLog entries for both hostapd and wpa_supplicant to describe main changes between v2.6 and v2.7. Signed-off-by: Jouni Malinen --- CONTRIBUTIONS | 2 +- COPYING | 2 +- README | 2 +- doc/doxygen.conf | 2 +- hostapd/ChangeLog | 55 +++++++++++++++ hostapd/README | 2 +- hostapd/hostapd_cli.c | 4 +- hostapd/main.c | 4 +- src/common/version.h | 2 +- wpa_supplicant/ChangeLog | 70 +++++++++++++++++++ wpa_supplicant/README | 2 +- wpa_supplicant/doc/docbook/eapol_test.sgml | 2 +- .../doc/docbook/wpa_background.sgml | 2 +- wpa_supplicant/doc/docbook/wpa_cli.sgml | 2 +- wpa_supplicant/doc/docbook/wpa_gui.sgml | 2 +- .../doc/docbook/wpa_passphrase.sgml | 2 +- wpa_supplicant/doc/docbook/wpa_priv.sgml | 2 +- .../doc/docbook/wpa_supplicant.sgml | 2 +- wpa_supplicant/wpa_cli.c | 4 +- wpa_supplicant/wpa_supplicant.c | 2 +- 20 files changed, 146 insertions(+), 21 deletions(-) diff --git a/CONTRIBUTIONS b/CONTRIBUTIONS index 1dc754797..053e8ecda 100644 --- a/CONTRIBUTIONS +++ b/CONTRIBUTIONS @@ -140,7 +140,7 @@ The license terms used for hostap.git files Modified BSD license (no advertisement clause): -Copyright (c) 2002-2017, Jouni Malinen and contributors +Copyright (c) 2002-2018, Jouni Malinen and contributors All Rights Reserved. Redistribution and use in source and binary forms, with or without diff --git a/COPYING b/COPYING index 945bdc088..55815d401 100644 --- a/COPYING +++ b/COPYING @@ -1,7 +1,7 @@ wpa_supplicant and hostapd -------------------------- -Copyright (c) 2002-2017, Jouni Malinen and contributors +Copyright (c) 2002-2018, Jouni Malinen and contributors All Rights Reserved. diff --git a/README b/README index 43b684c38..6586d72ea 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ wpa_supplicant and hostapd -------------------------- -Copyright (c) 2002-2017, Jouni Malinen and contributors +Copyright (c) 2002-2018, Jouni Malinen and contributors All Rights Reserved. These programs are licensed under the BSD license (the one with diff --git a/doc/doxygen.conf b/doc/doxygen.conf index c519094fa..af9a459f0 100644 --- a/doc/doxygen.conf +++ b/doc/doxygen.conf @@ -31,7 +31,7 @@ PROJECT_NAME = "wpa_supplicant / hostapd" # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 2.6 +PROJECT_NUMBER = 2.7 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog index d2b669b58..f1366b4a9 100644 --- a/hostapd/ChangeLog +++ b/hostapd/ChangeLog @@ -1,5 +1,60 @@ ChangeLog for hostapd +2018-12-02 - v2.7 + * fixed WPA packet number reuse with replayed messages and key + reinstallation + [http://w1.fi/security/2017-1/] (CVE-2017-13082) + * added support for FILS (IEEE 802.11ai) shared key authentication + * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; + and transition mode defined by WFA) + * added support for DPP (Wi-Fi Device Provisioning Protocol) + * FT: + - added local generation of PMK-R0/PMK-R1 for FT-PSK + (ft_psk_generate_local=1) + - replaced inter-AP protocol with a cleaner design that is more + easily extensible; this breaks backward compatibility and requires + all APs in the ESS to be updated at the same time to maintain FT + functionality + - added support for wildcard R0KH/R1KH + - replaced r0_key_lifetime (minutes) parameter with + ft_r0_key_lifetime (seconds) + - fixed wpa_psk_file use for FT-PSK + - fixed FT-SAE PMKID matching + - added expiration to PMK-R0 and PMK-R1 cache + - added IEEE VLAN support (including tagged VLANs) + - added support for SHA384 based AKM + * SAE + - fixed some PMKSA caching cases with SAE + - added support for configuring SAE password separately of the + WPA2 PSK/passphrase + - added option to require MFP for SAE associations + (sae_require_pmf=1) + - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection + for SAE; + note: this is not backwards compatible, i.e., both the AP and + station side implementations will need to be update at the same + time to maintain interoperability + - added support for Password Identifier + * hostapd_cli: added support for command history and completion + * added support for requesting beacon report + * large number of other fixes, cleanup, and extensions + * added option to configure EAPOL-Key retry limits + (wpa_group_update_count and wpa_pairwise_update_count) + * removed all PeerKey functionality + * fixed nl80211 AP mode configuration regression with Linux 4.15 and + newer + * added support for using wolfSSL cryptographic library + * fixed some 20/40 MHz coexistence cases where the BSS could drop to + 20 MHz even when 40 MHz would be allowed + * Hotspot 2.0 + - added support for setting Venue URL ANQP-element (venue_url) + - added support for advertising Hotspot 2.0 operator icons + - added support for Roaming Consortium Selection element + - added support for Terms and Conditions + - added support for OSEN connection in a shared RSN BSS + * added support for using OpenSSL 1.1.1 + * added EAP-pwd server support for salted passwords + 2016-10-02 - v2.6 * fixed EAP-pwd last fragment validation [http://w1.fi/security/2015-7/] (CVE-2015-5314) diff --git a/hostapd/README b/hostapd/README index 298391b7f..ae5317698 100644 --- a/hostapd/README +++ b/hostapd/README @@ -2,7 +2,7 @@ hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator and RADIUS authentication server ================================================================ -Copyright (c) 2002-2017, Jouni Malinen and contributors +Copyright (c) 2002-2018, Jouni Malinen and contributors All Rights Reserved. This program is licensed under the BSD license (the one with diff --git a/hostapd/hostapd_cli.c b/hostapd/hostapd_cli.c index e9f8b8ca4..489da397c 100644 --- a/hostapd/hostapd_cli.c +++ b/hostapd/hostapd_cli.c @@ -1,6 +1,6 @@ /* * hostapd - command line interface for hostapd daemon - * Copyright (c) 2004-2017, Jouni Malinen + * Copyright (c) 2004-2018, Jouni Malinen * * This software may be distributed under the terms of the BSD license. * See README for more details. @@ -21,7 +21,7 @@ static const char *const hostapd_cli_version = "hostapd_cli v" VERSION_STR "\n" -"Copyright (c) 2004-2017, Jouni Malinen and contributors"; +"Copyright (c) 2004-2018, Jouni Malinen and contributors"; static struct wpa_ctrl *ctrl_conn; static int hostapd_cli_quit = 0; diff --git a/hostapd/main.c b/hostapd/main.c index 38b6cdefa..414dfe424 100644 --- a/hostapd/main.c +++ b/hostapd/main.c @@ -1,6 +1,6 @@ /* * hostapd / main() - * Copyright (c) 2002-2017, Jouni Malinen + * Copyright (c) 2002-2018, Jouni Malinen * * This software may be distributed under the terms of the BSD license. * See README for more details. @@ -456,7 +456,7 @@ static void show_version(void) "hostapd v" VERSION_STR "\n" "User space daemon for IEEE 802.11 AP management,\n" "IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n" - "Copyright (c) 2002-2017, Jouni Malinen " + "Copyright (c) 2002-2018, Jouni Malinen " "and contributors\n"); } diff --git a/src/common/version.h b/src/common/version.h index 16c100432..2f47903d4 100644 --- a/src/common/version.h +++ b/src/common/version.h @@ -9,6 +9,6 @@ #define GIT_VERSION_STR_POSTFIX "" #endif /* GIT_VERSION_STR_POSTFIX */ -#define VERSION_STR "2.7-devel" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX +#define VERSION_STR "2.7" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX #endif /* VERSION_H */ diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog index f28055f40..bf4daaa4c 100644 --- a/wpa_supplicant/ChangeLog +++ b/wpa_supplicant/ChangeLog @@ -1,5 +1,75 @@ ChangeLog for wpa_supplicant +2018-12-02 - v2.7 + * fixed WPA packet number reuse with replayed messages and key + reinstallation + [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, + CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, + CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) + * fixed unauthenticated EAPOL-Key decryption in wpa_supplicant + [https://w1.fi/security/2018-1/] (CVE-2018-14526) + * added support for FILS (IEEE 802.11ai) shared key authentication + * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; + and transition mode defined by WFA) + * added support for DPP (Wi-Fi Device Provisioning Protocol) + * added support for RSA 3k key case with Suite B 192-bit level + * fixed Suite B PMKSA caching not to update PMKID during each 4-way + handshake + * fixed EAP-pwd pre-processing with PasswordHashHash + * added EAP-pwd client support for salted passwords + * fixed a regression in TDLS prohibited bit validation + * started to use estimated throughput to avoid undesired signal + strength based roaming decision + * MACsec/MKA: + - new macsec_linux driver interface support for the Linux + kernel macsec module + - number of fixes and extensions + * added support for external persistent storage of PMKSA cache + (PMKSA_GET/PMKSA_ADD control interface commands; and + MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case) + * fixed mesh channel configuration pri/sec switch case + * added support for beacon report + * large number of other fixes, cleanup, and extensions + * added support for randomizing local address for GAS queries + (gas_rand_mac_addr parameter) + * fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel + * added option for using random WPS UUID (auto_uuid=1) + * added SHA256-hash support for OCSP certificate matching + * fixed EAP-AKA' to add AT_KDF into Synchronization-Failure + * fixed a regression in RSN pre-authentication candidate selection + * added option to configure allowed group management cipher suites + (group_mgmt network profile parameter) + * removed all PeerKey functionality + * fixed nl80211 AP and mesh mode configuration regression with + Linux 4.15 and newer + * added ap_isolate configuration option for AP mode + * added support for nl80211 to offload 4-way handshake into the driver + * added support for using wolfSSL cryptographic library + * SAE + - added support for configuring SAE password separately of the + WPA2 PSK/passphrase + - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection + for SAE; + note: this is not backwards compatible, i.e., both the AP and + station side implementations will need to be update at the same + time to maintain interoperability + - added support for Password Identifier + - fixed FT-SAE PMKID matching + * Hotspot 2.0 + - added support for fetching of Operator Icon Metadata ANQP-element + - added support for Roaming Consortium Selection element + - added support for Terms and Conditions + - added support for OSEN connection in a shared RSN BSS + - added support for fetching Venue URL information + * added support for using OpenSSL 1.1.1 + * FT + - disabled PMKSA caching with FT since it is not fully functional + - added support for SHA384 based AKM + - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, + BIP-GMAC-256 in addition to previously supported BIP-CMAC-128 + - fixed additional IE inclusion in Reassociation Request frame when + using FT protocol + 2016-10-02 - v2.6 * fixed WNM Sleep Mode processing when PMF is not enabled [http://w1.fi/security/2015-6/] (CVE-2015-5310) diff --git a/wpa_supplicant/README b/wpa_supplicant/README index 730714beb..2a3265f21 100644 --- a/wpa_supplicant/README +++ b/wpa_supplicant/README @@ -1,7 +1,7 @@ WPA Supplicant ============== -Copyright (c) 2003-2017, Jouni Malinen and contributors +Copyright (c) 2003-2018, Jouni Malinen and contributors All Rights Reserved. This program is licensed under the BSD license (the one with diff --git a/wpa_supplicant/doc/docbook/eapol_test.sgml b/wpa_supplicant/doc/docbook/eapol_test.sgml index 25cfd0688..ae6bafecf 100644 --- a/wpa_supplicant/doc/docbook/eapol_test.sgml +++ b/wpa_supplicant/doc/docbook/eapol_test.sgml @@ -194,7 +194,7 @@ eapol_test -ctest.conf -a127.0.0.1 -p1812 -ssecret -r1 Legal - wpa_supplicant is copyright (c) 2003-2017, + wpa_supplicant is copyright (c) 2003-2018, Jouni Malinen j@w1.fi and contributors. All Rights Reserved. diff --git a/wpa_supplicant/doc/docbook/wpa_background.sgml b/wpa_supplicant/doc/docbook/wpa_background.sgml index fa94ae4dd..d3e4dbe2a 100644 --- a/wpa_supplicant/doc/docbook/wpa_background.sgml +++ b/wpa_supplicant/doc/docbook/wpa_background.sgml @@ -90,7 +90,7 @@ Legal - wpa_supplicant is copyright (c) 2003-2017, + wpa_supplicant is copyright (c) 2003-2018, Jouni Malinen j@w1.fi and contributors. All Rights Reserved. diff --git a/wpa_supplicant/doc/docbook/wpa_cli.sgml b/wpa_supplicant/doc/docbook/wpa_cli.sgml index be3045a6a..766dd2cc1 100644 --- a/wpa_supplicant/doc/docbook/wpa_cli.sgml +++ b/wpa_supplicant/doc/docbook/wpa_cli.sgml @@ -345,7 +345,7 @@ CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar Legal - wpa_supplicant is copyright (c) 2003-2017, + wpa_supplicant is copyright (c) 2003-2018, Jouni Malinen j@w1.fi and contributors. All Rights Reserved. diff --git a/wpa_supplicant/doc/docbook/wpa_gui.sgml b/wpa_supplicant/doc/docbook/wpa_gui.sgml index cee9ed688..91662d54a 100644 --- a/wpa_supplicant/doc/docbook/wpa_gui.sgml +++ b/wpa_supplicant/doc/docbook/wpa_gui.sgml @@ -91,7 +91,7 @@ Legal - wpa_supplicant is copyright (c) 2003-2017, + wpa_supplicant is copyright (c) 2003-2018, Jouni Malinen j@w1.fi and contributors. All Rights Reserved. diff --git a/wpa_supplicant/doc/docbook/wpa_passphrase.sgml b/wpa_supplicant/doc/docbook/wpa_passphrase.sgml index 6667a0771..2f86b0bdf 100644 --- a/wpa_supplicant/doc/docbook/wpa_passphrase.sgml +++ b/wpa_supplicant/doc/docbook/wpa_passphrase.sgml @@ -62,7 +62,7 @@ Legal - wpa_supplicant is copyright (c) 2003-2017, + wpa_supplicant is copyright (c) 2003-2018, Jouni Malinen j@w1.fi and contributors. All Rights Reserved. diff --git a/wpa_supplicant/doc/docbook/wpa_priv.sgml b/wpa_supplicant/doc/docbook/wpa_priv.sgml index 3796b937d..4a5f319db 100644 --- a/wpa_supplicant/doc/docbook/wpa_priv.sgml +++ b/wpa_supplicant/doc/docbook/wpa_priv.sgml @@ -137,7 +137,7 @@ wpa_supplicant -i ath0 -c wpa_supplicant.conf Legal - wpa_supplicant is copyright (c) 2003-2017, + wpa_supplicant is copyright (c) 2003-2018, Jouni Malinen j@w1.fi and contributors. All Rights Reserved. diff --git a/wpa_supplicant/doc/docbook/wpa_supplicant.sgml b/wpa_supplicant/doc/docbook/wpa_supplicant.sgml index 80b3878f8..eeb9c0730 100644 --- a/wpa_supplicant/doc/docbook/wpa_supplicant.sgml +++ b/wpa_supplicant/doc/docbook/wpa_supplicant.sgml @@ -729,7 +729,7 @@ fi Legal - wpa_supplicant is copyright (c) 2003-2017, + wpa_supplicant is copyright (c) 2003-2018, Jouni Malinen j@w1.fi and contributors. All Rights Reserved. diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c index 05e3ebf2f..779355440 100644 --- a/wpa_supplicant/wpa_cli.c +++ b/wpa_supplicant/wpa_cli.c @@ -1,6 +1,6 @@ /* * WPA Supplicant - command line interface for wpa_supplicant daemon - * Copyright (c) 2004-2017, Jouni Malinen + * Copyright (c) 2004-2018, Jouni Malinen * * This software may be distributed under the terms of the BSD license. * See README for more details. @@ -29,7 +29,7 @@ static const char *const wpa_cli_version = "wpa_cli v" VERSION_STR "\n" -"Copyright (c) 2004-2017, Jouni Malinen and contributors"; +"Copyright (c) 2004-2018, Jouni Malinen and contributors"; #define VENDOR_ELEM_FRAME_ID \ " 0: Probe Req (P2P), 1: Probe Resp (P2P) , 2: Probe Resp (GO), " \ diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index a4b28671b..e587d7e3c 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -68,7 +68,7 @@ const char *const wpa_supplicant_version = "wpa_supplicant v" VERSION_STR "\n" -"Copyright (c) 2003-2017, Jouni Malinen and contributors"; +"Copyright (c) 2003-2018, Jouni Malinen and contributors"; const char *const wpa_supplicant_license = "This software may be distributed under the terms of the BSD license.\n"