Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

ChangeLog entries for v2.2

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 10 years ago
parent
d4b951f31b
commit
6a98f67369
2 changed files with 207 additions and 0 deletions
Split View Show Diff Stats
  1. 87 0
      hostapd/ChangeLog
  2. 120 0
      wpa_supplicant/ChangeLog

+ 87 - 0
hostapd/ChangeLog
View File 

@@ -1,5 +1,92 @@
 
 ChangeLog for hostapd
 
 
+2014-06-04 - v2.2
 
+	* fixed SAE confirm-before-commit validation to avoid a potential
 
+	  segmentation fault in an unexpected message sequence that could be
 
+	  triggered remotely
 
+	* extended VHT support
 
+	  - Operating Mode Notification
 
+	  - Power Constraint element (local_pwr_constraint)
 
+	  - Spectrum management capability (spectrum_mgmt_required=1)
 
+	  - fix VHT80 segment picking in ACS
 
+	  - fix vht_capab 'Maximum A-MPDU Length Exponent' handling
 
+	  - fix VHT20
 
+	* fixed HT40 co-ex scan for some pri/sec channel switches
 
+	* extended HT40 co-ex support to allow dynamic channel width changes
 
+	  during the lifetime of the BSS
 
+	* fixed HT40 co-ex support to check for overlapping 20 MHz BSS
 
+	* fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding;
 
+	  this fixes password with include UTF-8 characters that use
 
+	  three-byte encoding EAP methods that use NtPasswordHash
 
+	* reverted TLS certificate validation step change in v2.1 that rejected
 
+	  any AAA server certificate with id-kp-clientAuth even if
 
+	  id-kp-serverAuth EKU was included
 
+	* fixed STA validation step for WPS ER commands to prevent a potential
 
+	  crash if an ER sends an unexpected PutWLANResponse to a station that
 
+	  is disassociated, but not fully removed
 
+	* enforce full EAP authentication after RADIUS Disconnect-Request by
 
+	  removing the PMKSA cache entry
 
+	* added support for NAS-IP-Address, NAS-identifier, and NAS-IPv6-Address
 
+	  in RADIUS Disconnect-Request
 
+	* added mechanism for removing addresses for MAC ACLs by prefixing an
 
+	  entry with "-"
 
+	* Interworking/Hotspot 2.0 enhancements
 
+	  - support Hotspot 2.0 Release 2
 
+	    * OSEN network for online signup connection
 
+	    * subscription remediation (based on RADIUS server request or
 
+	      control interface HS20_WNM_NOTIF for testing purposes)
 
+	    * Hotspot 2.0 release number indication in WFA RADIUS VSA
 
+	    * deauthentication request (based on RADIUS server request or
 
+	      control interface WNM_DEAUTH_REQ for testing purposes)
 
+	    * Session Info URL RADIUS AVP to trigger ESS Disassociation Imminent
 
+	    * hs20_icon config parameter to configure icon files for OSU
 
+	    * osu_* config parameters for OSU Providers list
 
+	  - do not use Interworking filtering rules on Probe Request if
 
+	    Interworking is disabled to avoid interop issues
 
+	* added/fixed nl80211 functionality
 
+	  - AP interface teardown optimization
 
+	  - support vendor specific driver command
 
+	    (VENDOR <vendor id> <sub command id> [<hex formatted data>])
 
+	* fixed PMF protection of Deauthentication frame when this is triggered
 
+	  by session timeout
 
+	* internal TLS implementation enhancements/fixes
 
+	  - add SHA256-based cipher suites
 
+	  - add DHE-RSA cipher suites
 
+	  - fix X.509 validation of PKCS#1 signature to check for extra data
 
+	* RADIUS server functionality
 
+	  - add minimal RADIUS accounting server support (hostapd-as-server);
 
+	    this is mainly to enable testing coverage with hwsim scripts
 
+	  - allow authentication log to be written into SQLite databse
 
+	  - added option for TLS protocol testing of an EAP peer by simulating
 
+	    various misbehaviors/known attacks
 
+	  - MAC ACL support for testing purposes
 
+	* fixed PTK derivation for CCMP-256 and GCMP-256
 
+	* extended WPS per-station PSK to support ER case
 
+	* added option to configure the management group cipher
 
+	  (group_mgmt_cipher=AES-128-CMAC (default), BIP-GMAC-128, BIP-GMAC-256,
 
+	  BIP-CMAC-256)
 
+	* fixed AP mode default TXOP Limit values for AC_VI and AC_VO (these
 
+	  were rounded incorrectly)
 
+	* added support for postponing FT response in case PMK-R1 needs to be
 
+	  pulled from R0KH
 
+	* added option to advertise 40 MHz intolerant HT capability with
 
+	  ht_capab=[40-INTOLERANT]
 
+	* remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled
 
+	  whenever CONFIG_WPS=y is set
 
+	* EAP-pwd fixes
 
+	  - fix possible segmentation fault on EAP method deinit if an invalid
 
+	    group is negotiated
 
+	* fixed RADIUS client retransmit/failover behavior
 
+	  - there was a potential ctash due to freed memory being accessed
 
+	  - failover to a backup server mechanism did not work properly
 
+	* fixed a possible crash on double DISABLE command when multiple BSSes
 
+	  are enabled
 
+	* fixed a memory leak in SAE random number generation
 
+	* fixed GTK rekeying when the station uses FT protocol
 
+	* fixed off-by-one bounds checking in printf_encode()
 
+	  - this could result in deinial of service in some EAP server cases
 
+	* various bug fixes
 
+
 
 2014-02-04 - v2.1
 
 	* added support for simultaneous authentication of equals (SAE) for
 
 	  stronger password-based authentication with WPA2-Personal

+ 120 - 0
wpa_supplicant/ChangeLog
View File 

@@ -1,5 +1,125 @@
 
 ChangeLog for wpa_supplicant
 
 
+2014-06-04 - v2.2
 
+	* added DFS indicator to get_capability freq
 
+	* added/fixed nl80211 functionality
 
+	  - BSSID/frequency hint for driver-based BSS selection
 
+	  - fix tearing down WDS STA interfaces
 
+	  - support vendor specific driver command
 
+	    (VENDOR <vendor id> <sub command id> [<hex formatted data>])
 
+	  - GO interface teardown optimization
 
+	  - allow beacon interval to be configured for IBSS
 
+	  - add SHA256-based AKM suites to CONNECT/ASSOCIATE commands
 
+	* removed unused NFC_RX_HANDOVER_REQ and NFC_RX_HANDOVER_SEL control
 
+	  interface commands (the more generic NFC_REPORT_HANDOVER is now used)
 
+	* fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding;
 
+	  this fixes password with include UTF-8 characters that use
 
+	  three-byte encoding EAP methods that use NtPasswordHash
 
+	* fixed couple of sequencies where radio work items could get stuck,
 
+	  e.g., when rfkill blocking happens during scanning or when
 
+	  scan-for-auth workaround is used
 
+	* P2P enhancements/fixes
 
+	  - enable enable U-APSD on GO automatically if the driver indicates
 
+	    support for this
 
+	  - fixed some service discovery cases with broadcast queries not being
 
+	    sent to all stations
 
+	  - fixed Probe Request frame triggering invitation to trigger only a
 
+	    single invitation instance even if multiple Probe Request frames are
 
+	    received
 
+	  - fixed a potential NULL pointer dereference crash when processing an
 
+	    invalid Invitation Request frame
 
+	  - add optional configuration file for the P2P_DEVICE parameters
 
+	  - optimize scan for GO during persistent group invocation
 
+	  - fix possible segmentation fault when PBC overlap is detected while
 
+	    using a separate P2P group interface
 
+	  - improve GO Negotiation robustness by allowing GO Negotiation
 
+	    Confirmation to be retransmitted
 
+	  - do use freed memory on device found event when P2P NFC
 
+	* added phase1 network parameter options for disabling TLS v1.1 and v1.2
 
+	  to allow workarounds with misbehaving AAA servers
 
+	  (tls_disable_tlsv1_1=1 and tls_disable_tlsv1_2=1)
 
+	* added support for OCSP stapling to validate AAA server certificate
 
+	  during TLS exchange
 
+	* Interworking/Hotspot 2.0 enhancements
 
+	  - prefer the last added network in Interworking connection to make the
 
+	    behavior more consistent with likely user expectation
 
+	  - roaming partner configuration (roaming_partner within a cred block)
 
+	  - support Hotspot 2.0 Release 2
 
+	    * "hs20_anqp_get <BSSID> 8" to request OSU Providers list
 
+	    * "hs20_icon_request <BSSID> <icon filename>" to request icon files
 
+	    * "fetch_osu" and "cancel_osu_fetch" to start/stop full OSU provider
 
+	      search (all suitable APs in scan results)
 
+	    * OSEN network for online signup connection
 
+	    * min_{dl,ul}_bandwidth_{home,roaming} cred parameters
 
+	    * max_bss_load cred parameter
 
+	    * req_conn_capab cred parameter
 
+	    * sp_priority cred parameter
 
+	    * ocsp cred parameter
 
+	    * slow down automatic connection attempts on EAP failure to meet
 
+	      required behavior (no more than 10 retries within a 10-minute
 
+	      interval)
 
+	    * sample implementation of online signup client (both SPP and
 
+	      OMA-DM protocols) (hs20/client/*)
 
+	  - fixed GAS indication for additional comeback delay with status
 
+	    code 95
 
+	  - extend ANQP_GET to accept Hotspot 2.0 subtypes
 
+	    ANQP_GET <addr> <info id>[,<info id>]...
 
+	    [,hs20:<subtype>][...,hs20:<subtype>]
 
+	  - add control interface events CRED-ADDED <id>,
 
+	    CRED-MODIFIED <id> <field>, CRED-REMOVED <id>
 
+	  - add "GET_CRED <id> <field>" command
 
+	  - enable FT for the connection automatically if the AP advertises
 
+	    support for this
 
+	  - fix a case where auto_interworking=1 could end up stopping scanning
 
+	* fixed TDLS interoperability issues with supported operating class in
 
+	  some deployed stations
 
+	* internal TLS implementation enhancements/fixes
 
+	  - add SHA256-based cipher suites
 
+	  - add DHE-RSA cipher suites
 
+	  - fix X.509 validation of PKCS#1 signature to check for extra data
 
+	* fixed PTK derivation for CCMP-256 and GCMP-256
 
+	* added "reattach" command for fast reassociate-back-to-same-BSS
 
+	* allow PMF to be enabled for AP mode operation with the ieee80211w
 
+	  parameter
 
+	* added "get_capability tdls" command
 
+	* added option to set config blobs through control interface with
 
+	  "SET blob <name> <hexdump>"
 
+	* D-Bus interface extensions/fixes
 
+	  - make p2p_no_group_iface configurable
 
+	  - declare ServiceDiscoveryRequest method properly
 
+	  - export peer's device address as a property
 
+	  - make reassociate command behave like the control interface one,
 
+	    i.e., to allow connection from disconnected state
 
+	* added optional "freq=<channel ranges>" parameter to SET pno
 
+	* added optional "freq=<channel ranges>" parameter to SELECT_NETWORK
 
+	* fixed OBSS scan result processing for 20/40 MHz co-ex report
 
+	* remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled
 
+	  whenever CONFIG_WPS=y is set
 
+	* fixed regression in parsing of WNM Sleep Mode exit key data
 
+	* fixed potential segmentation fault and memory leaks in WNM neighbor
 
+	  report processing
 
+	* EAP-pwd fixes
 
+	  - fragmentation of PWD-Confirm-Resp
 
+	  - fix memory leak when fragmentation is used
 
+	  - fix possible segmentation fault on EAP method deinit if an invalid
 
+	    group is negotiated
 
+	* added MACsec/IEEE Std 802.1X-2010 PAE implementation (currently
 
+	  available only with the macsec_qca driver wrapper)
 
+	* fixed EAP-SIM counter-too-small message
 
+	* added 'dup_network <id_s> <id_d> <name>' command; this can be used to
 
+	  clone the psk field without having toextract it from wpa_supplicant
 
+	* fixed GSM authentication on USIM
 
+	* added support for usin epoll in eloop (CONFIG_ELOOP_EPOLL=y)
 
+	* fixed some concurrent virtual interface cases with dedicated P2P
 
+	  management interface to not catch events from removed interface (this
 
+	  could result in the management interface getting disabled)
 
+	* fixed a memory leak in SAE random number generation
 
+	* fixed off-by-one bounds checking in printf_encode()
 
+	  - this could result in some control interface ATTACH command cases
 
+	    terminating wpa_supplicant
 
+	* fixed EAPOL-Key exchange when GCMP is used with SHA256-based AKM
 
+	* various bug fixes
 
+
 
 2014-02-04 - v2.1
 
 	* added support for simultaneous authentication of equals (SAE) for
 
 	  stronger password-based authentication with WPA2-Personal