Update version to v2.7 and copyright years to include 2018

Also add the ChangeLog entries for both hostapd and wpa_supplicant to
describe main changes between v2.6 and v2.7.

Signed-off-by: Jouni Malinen <j@w1.fi>

CONTRIBUTIONS

@@ -140,7 +140,7 @@ The license terms used for hostap.git files
 
 Modified BSD license (no advertisement clause):
 
-Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors
 All Rights Reserved.
 
 Redistribution and use in source and binary forms, with or without

COPYING

@@ -1,7 +1,7 @@
 wpa_supplicant and hostapd
 --------------------------
 
-Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors
 All Rights Reserved.
 
 

README

@@ -1,7 +1,7 @@
 wpa_supplicant and hostapd
 --------------------------
 
-Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors
 All Rights Reserved.
 
 These programs are licensed under the BSD license (the one with

doc/doxygen.conf

@@ -31,7 +31,7 @@ PROJECT_NAME           = "wpa_supplicant / hostapd"
 # This could be handy for archiving the generated documentation or
 # if some version control system is used.
 
-PROJECT_NUMBER         = 2.6
+PROJECT_NUMBER         = 2.7
 
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
 # base path where the generated documentation will be put.

hostapd/ChangeLog

@@ -1,5 +1,60 @@
 ChangeLog for hostapd
 
+2018-12-02 - v2.7
+	* fixed WPA packet number reuse with replayed messages and key
+	  reinstallation
+	  [http://w1.fi/security/2017-1/] (CVE-2017-13082)
+	* added support for FILS (IEEE 802.11ai) shared key authentication
+	* added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
+	  and transition mode defined by WFA)
+	* added support for DPP (Wi-Fi Device Provisioning Protocol)
+	* FT:
+	  - added local generation of PMK-R0/PMK-R1 for FT-PSK
+	    (ft_psk_generate_local=1)
+	  - replaced inter-AP protocol with a cleaner design that is more
+	    easily extensible; this breaks backward compatibility and requires
+	    all APs in the ESS to be updated at the same time to maintain FT
+	    functionality
+	  - added support for wildcard R0KH/R1KH
+	  - replaced r0_key_lifetime (minutes) parameter with
+	    ft_r0_key_lifetime (seconds)
+	  - fixed wpa_psk_file use for FT-PSK
+	  - fixed FT-SAE PMKID matching
+	  - added expiration to PMK-R0 and PMK-R1 cache
+	  - added IEEE VLAN support (including tagged VLANs)
+	  - added support for SHA384 based AKM
+	* SAE
+	  - fixed some PMKSA caching cases with SAE
+	  - added support for configuring SAE password separately of the
+	    WPA2 PSK/passphrase
+	  - added option to require MFP for SAE associations
+	    (sae_require_pmf=1)
+	  - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection
+	    for SAE;
+	    note: this is not backwards compatible, i.e., both the AP and
+	    station side implementations will need to be update at the same
+	    time to maintain interoperability
+	  - added support for Password Identifier
+	* hostapd_cli: added support for command history and completion
+	* added support for requesting beacon report
+	* large number of other fixes, cleanup, and extensions
+	* added option to configure EAPOL-Key retry limits
+	  (wpa_group_update_count and wpa_pairwise_update_count)
+	* removed all PeerKey functionality
+	* fixed nl80211 AP mode configuration regression with Linux 4.15 and
+	  newer
+	* added support for using wolfSSL cryptographic library
+	* fixed some 20/40 MHz coexistence cases where the BSS could drop to
+	  20 MHz even when 40 MHz would be allowed
+	* Hotspot 2.0
+	  - added support for setting Venue URL ANQP-element (venue_url)
+	  - added support for advertising Hotspot 2.0 operator icons
+	  - added support for Roaming Consortium Selection element
+	  - added support for Terms and Conditions
+	  - added support for OSEN connection in a shared RSN BSS
+	* added support for using OpenSSL 1.1.1
+	* added EAP-pwd server support for salted passwords
+
 2016-10-02 - v2.6
 	* fixed EAP-pwd last fragment validation
 	  [http://w1.fi/security/2015-7/] (CVE-2015-5314)

hostapd/README

@@ -2,7 +2,7 @@ hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP
 	  Authenticator and RADIUS authentication server
 ================================================================
 
-Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors
 All Rights Reserved.
 
 This program is licensed under the BSD license (the one with

hostapd/hostapd_cli.c

@@ -1,6 +1,6 @@
 /*
  * hostapd - command line interface for hostapd daemon
- * Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
  *
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
@@ -21,7 +21,7 @@
 
 static const char *const hostapd_cli_version =
 "hostapd_cli v" VERSION_STR "\n"
-"Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi> and contributors";
+"Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi> and contributors";
 
 static struct wpa_ctrl *ctrl_conn;
 static int hostapd_cli_quit = 0;

hostapd/main.c

@@ -1,6 +1,6 @@
 /*
  * hostapd / main()
- * Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi>
  *
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
@@ -456,7 +456,7 @@ static void show_version(void)
 		"hostapd v" VERSION_STR "\n"
 		"User space daemon for IEEE 802.11 AP management,\n"
 		"IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n"
-		"Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> "
+		"Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> "
 		"and contributors\n");
 }
 

src/common/version.h

@@ -9,6 +9,6 @@
 #define GIT_VERSION_STR_POSTFIX ""
 #endif /* GIT_VERSION_STR_POSTFIX */
 
-#define VERSION_STR "2.7-devel" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX
+#define VERSION_STR "2.7" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX
 
 #endif /* VERSION_H */

wpa_supplicant/ChangeLog

@@ -1,5 +1,75 @@
 ChangeLog for wpa_supplicant
 
+2018-12-02 - v2.7
+	* fixed WPA packet number reuse with replayed messages and key
+	  reinstallation
+	  [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078,
+	  CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
+	  CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
+	* fixed unauthenticated EAPOL-Key decryption in wpa_supplicant
+	  [https://w1.fi/security/2018-1/] (CVE-2018-14526)
+	* added support for FILS (IEEE 802.11ai) shared key authentication
+	* added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
+	  and transition mode defined by WFA)
+	* added support for DPP (Wi-Fi Device Provisioning Protocol)
+	* added support for RSA 3k key case with Suite B 192-bit level
+	* fixed Suite B PMKSA caching not to update PMKID during each 4-way
+	  handshake
+	* fixed EAP-pwd pre-processing with PasswordHashHash
+	* added EAP-pwd client support for salted passwords
+	* fixed a regression in TDLS prohibited bit validation
+	* started to use estimated throughput to avoid undesired signal
+	  strength based roaming decision
+	* MACsec/MKA:
+	  - new macsec_linux driver interface support for the Linux
+	    kernel macsec module
+	  - number of fixes and extensions
+	* added support for external persistent storage of PMKSA cache
+	  (PMKSA_GET/PMKSA_ADD control interface commands; and
+	   MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)
+	* fixed mesh channel configuration pri/sec switch case
+	* added support for beacon report
+	* large number of other fixes, cleanup, and extensions
+	* added support for randomizing local address for GAS queries
+	  (gas_rand_mac_addr parameter)
+	* fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel
+	* added option for using random WPS UUID (auto_uuid=1)
+	* added SHA256-hash support for OCSP certificate matching
+	* fixed EAP-AKA' to add AT_KDF into Synchronization-Failure
+	* fixed a regression in RSN pre-authentication candidate selection
+	* added option to configure allowed group management cipher suites
+	  (group_mgmt network profile parameter)
+	* removed all PeerKey functionality
+	* fixed nl80211 AP and mesh mode configuration regression with
+	  Linux 4.15 and newer
+	* added ap_isolate configuration option for AP mode
+	* added support for nl80211 to offload 4-way handshake into the driver
+	* added support for using wolfSSL cryptographic library
+	* SAE
+	  - added support for configuring SAE password separately of the
+	    WPA2 PSK/passphrase
+	  - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection
+	    for SAE;
+	    note: this is not backwards compatible, i.e., both the AP and
+	    station side implementations will need to be update at the same
+	    time to maintain interoperability
+	  - added support for Password Identifier
+	  - fixed FT-SAE PMKID matching
+	* Hotspot 2.0
+	  - added support for fetching of Operator Icon Metadata ANQP-element
+	  - added support for Roaming Consortium Selection element
+	  - added support for Terms and Conditions
+	  - added support for OSEN connection in a shared RSN BSS
+	  - added support for fetching Venue URL information
+	* added support for using OpenSSL 1.1.1
+	* FT
+	  - disabled PMKSA caching with FT since it is not fully functional
+	  - added support for SHA384 based AKM
+	  - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128,
+	    BIP-GMAC-256 in addition to previously supported BIP-CMAC-128
+	  - fixed additional IE inclusion in Reassociation Request frame when
+	    using FT protocol
+
 2016-10-02 - v2.6
 	* fixed WNM Sleep Mode processing when PMF is not enabled
 	  [http://w1.fi/security/2015-6/] (CVE-2015-5310)

wpa_supplicant/README

@@ -1,7 +1,7 @@
 WPA Supplicant
 ==============
 
-Copyright (c) 2003-2017, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2003-2018, Jouni Malinen <j@w1.fi> and contributors
 All Rights Reserved.
 
 This program is licensed under the BSD license (the one with

wpa_supplicant/doc/docbook/eapol_test.sgml

@@ -194,7 +194,7 @@ eapol_test -ctest.conf -a127.0.0.1 -p1812 -ssecret -r1
   </refsect1>
   <refsect1>
     <title>Legal</title>
-    <para>wpa_supplicant is copyright (c) 2003-2017,
+    <para>wpa_supplicant is copyright (c) 2003-2018,
     Jouni Malinen <email>j@w1.fi</email> and
     contributors.
     All Rights Reserved.</para>

wpa_supplicant/doc/docbook/wpa_background.sgml

@@ -90,7 +90,7 @@
 
   <refsect1>
     <title>Legal</title>
-    <para>wpa_supplicant is copyright (c) 2003-2017,
+    <para>wpa_supplicant is copyright (c) 2003-2018,
     Jouni Malinen <email>j@w1.fi</email> and
     contributors.
     All Rights Reserved.</para>

wpa_supplicant/doc/docbook/wpa_cli.sgml

@@ -345,7 +345,7 @@ CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
   </refsect1>
   <refsect1>
     <title>Legal</title>
-    <para>wpa_supplicant is copyright (c) 2003-2017,
+    <para>wpa_supplicant is copyright (c) 2003-2018,
     Jouni Malinen <email>j@w1.fi</email> and
     contributors.
     All Rights Reserved.</para>

wpa_supplicant/doc/docbook/wpa_gui.sgml

@@ -91,7 +91,7 @@
   </refsect1>
   <refsect1>
     <title>Legal</title>
-    <para>wpa_supplicant is copyright (c) 2003-2017,
+    <para>wpa_supplicant is copyright (c) 2003-2018,
     Jouni Malinen <email>j@w1.fi</email> and
     contributors.
     All Rights Reserved.</para>

wpa_supplicant/doc/docbook/wpa_passphrase.sgml

@@ -62,7 +62,7 @@
   </refsect1>
   <refsect1>
     <title>Legal</title>
-    <para>wpa_supplicant is copyright (c) 2003-2017,
+    <para>wpa_supplicant is copyright (c) 2003-2018,
     Jouni Malinen <email>j@w1.fi</email> and
     contributors.
     All Rights Reserved.</para>

wpa_supplicant/doc/docbook/wpa_priv.sgml

@@ -137,7 +137,7 @@ wpa_supplicant -i ath0 -c wpa_supplicant.conf
   </refsect1>
   <refsect1>
     <title>Legal</title>
-    <para>wpa_supplicant is copyright (c) 2003-2017,
+    <para>wpa_supplicant is copyright (c) 2003-2018,
     Jouni Malinen <email>j@w1.fi</email> and
     contributors.
     All Rights Reserved.</para>

wpa_supplicant/doc/docbook/wpa_supplicant.sgml

@@ -729,7 +729,7 @@ fi
   </refsect1>
   <refsect1>
     <title>Legal</title>
-    <para>wpa_supplicant is copyright (c) 2003-2017,
+    <para>wpa_supplicant is copyright (c) 2003-2018,
     Jouni Malinen <email>j@w1.fi</email> and
     contributors.
     All Rights Reserved.</para>

wpa_supplicant/wpa_cli.c

@@ -1,6 +1,6 @@
 /*
  * WPA Supplicant - command line interface for wpa_supplicant daemon
- * Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
  *
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
@@ -29,7 +29,7 @@
 
 static const char *const wpa_cli_version =
 "wpa_cli v" VERSION_STR "\n"
-"Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi> and contributors";
+"Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi> and contributors";
 
 #define VENDOR_ELEM_FRAME_ID \
 	"  0: Probe Req (P2P), 1: Probe Resp (P2P) , 2: Probe Resp (GO), " \

wpa_supplicant/wpa_supplicant.c

@@ -68,7 +68,7 @@
 
 const char *const wpa_supplicant_version =
 "wpa_supplicant v" VERSION_STR "\n"
-"Copyright (c) 2003-2017, Jouni Malinen <j@w1.fi> and contributors";
+"Copyright (c) 2003-2018, Jouni Malinen <j@w1.fi> and contributors";
 
 const char *const wpa_supplicant_license =
 "This software may be distributed under the terms of the BSD license.\n"