Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Update ChangeLog files for v2.6

This adds a summary of changes since the v2.5 release.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 8 years ago
parent
a26c9c2e71
commit
a1703947b1
2 changed files with 180 additions and 0 deletions
Split View Show Diff Stats
  1. 55 0
      hostapd/ChangeLog
  2. 125 0
      wpa_supplicant/ChangeLog

+ 55 - 0
hostapd/ChangeLog
View File 

@@ -1,5 +1,60 @@
 
 ChangeLog for hostapd
 
 
+????-??-?? - v2.6
 
+	* fixed EAP-pwd last fragment validation
 
+	  [http://w1.fi/security/2015-7/] (CVE-2015-5314)
 
+	* fixed WPS configuration update vulnerability with malformed passphrase
 
+	  [http://w1.fi/security/2016-1/] (CVE-2016-4476)
 
+	* extended channel switch support fot VHT bandwidth changes
 
+	* added support for configuring new ANQP-elements with
 
+	  anqp_elem=<InfoID>:<hexdump of payload>
 
+	* fixed Suite B 192-bit AKM to use proper PMK length
 
+	  (note: this makes old releases incompatible with the fixed behavior)
 
+	* added no_probe_resp_if_max_sta=1 parameter to disable Probe Response
 
+	  frame sending for not-associated STAs if max_num_sta limit has been
 
+	  reached
 
+	* added option (-S as command line argument) to request all interfaces
 
+	  to be started at the same time
 
+	* modified rts_threshold and fragm_threshold configuration parameters
 
+	  to allow -1 to be used to disable RTS/fragmentation
 
+	* EAP-pwd: added support for Brainpool Elliptic Curves
 
+	  (with OpenSSL 1.0.2 and newer)
 
+	* fixed EAPOL reauthentication after FT protocol run
 
+	* fixed FTIE generation for 4-way handshake after FT protocol run
 
+	* fixed and improved various FST operations
 
+	* TLS server
 
+	  - support SHA384 and SHA512 hashes
 
+	  - support TLS v1.2 signature algorithm with SHA384 and SHA512
 
+	  - support PKCS #5 v2.0 PBES2
 
+	  - support PKCS #5 with PKCS #12 style key decryption
 
+	  - minimal support for PKCS #12
 
+	  - support OCSP stapling (including ocsp_multi)
 
+	* added support for OpenSSL 1.1 API changes
 
+	* EAP-PEAP: support fast-connect crypto binding
 
+	* RADIUS
 
+	  - fix Called-Station-Id to not escape SSID
 
+	  - add Event-Timestamp to all Accounting-Request packets
 
+	  - add Acct-Session-Id to Accounting-On/Off
 
+	  - add Acct-Multi-Session-Id  ton Access-Request packets
 
+	  - add Service-Type (= Frames)
 
+	  - allow server to provide PSK instead of passphrase for WPA-PSK
 
+	    Tunnel_password case
 
+	  - update full message for interim accounting updates
 
+	  - add Acct-Delay-Time into Accounting messages
 
+	* started to postpone WNM-Notification frame sending by 100 ms so that
 
+	  the STA has some more time to configure the key before this frame is
 
+	  received after the 4-way handshake
 
+	* VHT: added interoperability workaround for 80+80 and 160 MHz channels
 
+	* extended VLAN support (per-STA vif, etc.)
 
+	* fixed PMKID derivation with SAE
 
+	* nl80211: added support for full station state operations
 
+	* added initial MBO support; number of extensions to WNM BSS Transition
 
+	  Management
 
+	* added initial functionality for location related operations
 
+	* added assocresp_elements parameter to allow vendor specific elements
 
+	  to be added into (Re)Association Response frames
 
+	* number of small fixes
 
+
 
 2015-09-27 - v2.5
 
 	* fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
 
 	  [http://w1.fi/security/2015-2/] (CVE-2015-4141)

+ 125 - 0
wpa_supplicant/ChangeLog
View File 

@@ -1,5 +1,130 @@
 
 ChangeLog for wpa_supplicant
 
 
+????-??-?? - v2.6
 
+	* fixed WNM Sleep Mode processing when PMF is not enabled
 
+	  [http://w1.fi/security/2015-6/] (CVE-2015-5310)
 
+	* fixed EAP-pwd last fragment validation
 
+	  [http://w1.fi/security/2015-7/] (CVE-2015-5315)
 
+	* fixed EAP-pwd unexpected Confirm message processing
 
+	  [http://w1.fi/security/2015-8/] (CVE-2015-5316)
 
+	* fixed WPS configuration update vulnerability with malformed passphrase
 
+	  [http://w1.fi/security/2016-1/] (CVE-2016-4476)
 
+	* fixed configuration update vulnerability with malformed parameters set
 
+	  over the local control interface
 
+	  [http://w1.fi/security/2016-1/] (CVE-2016-4477)
 
+	* fixed TK configuration to the driver in EAPOL-Key 3/4 retry case
 
+	* extended channel switch support for P2P GO
 
+	* started to throttle control interface event message bursts to avoid
 
+	  issues with monitor sockets running out of buffer space
 
+	* mesh mode fixes/improvements
 
+	  - generate proper AID for peer
 
+	  - enable WMM by default
 
+	  - add VHT support
 
+	  - fix PMKID derivation
 
+	  - improve robustness on various exchanges
 
+	  - fix peer link counting in reconnect case
 
+	  - add MESH_PEER_ADD and MESH_PEER_REMOVE commands
 
+	  - add support for PMKSA caching
 
+	* fixed PMKID derivation with SAE
 
+	* added support for requesting and fetching arbitrary ANQP-elements
 
+	  without internal support in wpa_supplicant for the specific element
 
+	  (anqp[265]=<hexdump> in "BSS <BSSID>" command output)
 
+	* P2P
 
+	  - filter control characters in group client device names to be
 
+	    consistent with other P2P peer cases
 
+	  - support VHT 80+80 MHz and 160 MHz
 
+	  - indicate group completion in P2P Client role after data association
 
+	    instead of already after the WPS provisioning step
 
+	  - improve group-join operation to use SSID, if known, to filter BSS
 
+	    entries
 
+	  - added optional ssid=<hexdump> argument to P2P_CONNECT for join case
 
+	  - added P2P_GROUP_MEMBER command to fetch client interface address
 
+	* P2PS
 
+	  - fix follow-on PD Response behavior
 
+	  - fix PD Response generation for unknown peer
 
+	  - fix persistent group reporting
 
+	  - add channel policy to PD Request
 
+	  - add group SSID to the P2PS-PROV-DONE event
 
+	  - allow "P2P_CONNECT <addr> p2ps" to be used without specifying the
 
+	    default PIN
 
+	* BoringSSL
 
+	  - support for OCSP stapling
 
+	  - support building of h20-osu-client
 
+	* D-Bus
 
+	  - add ExpectDisconnect()
 
+	  - add global config parameters as properties
 
+	  - add SaveConfig()
 
+	  - add VendorElemAdd(), VendorElemGet(), VendorElemRem()
 
+	* fixed Suite B 192-bit AKM to use proper PMK length
 
+	  (note: this makes old releases incompatible with the fixed behavior)
 
+	* improved PMF behavior for cases where the AP and STA has different
 
+	  configuration by not trying to connect in some corner cases where the
 
+	  connection cannot succeed
 
+	* added option to reopen debug log (e.g., to rotate the file) upon
 
+	  receipt of SIGHUP signal
 
+	* EAP-pwd: added support for Brainpool Elliptic Curves
 
+	  (with OpenSSL 1.0.2 and newer)
 
+	* fixed EAPOL reauthentication after FT protocol run
 
+	* fixed FTIE generation for 4-way handshake after FT protocol run
 
+	* extended INTERFACE_ADD command to allow certain type (sta/ap)
 
+	  interface to be created
 
+	* fixed and improved various FST operations
 
+	* added 80+80 MHz VHT support for IBSS/mesh
 
+	* fixed SIGNAL_POLL in IBSS and mesh cases
 
+	* added an option to abort an ongoing scan (used to speed up connection
 
+	  and can also be done with the new ABORT_SCAN command)
 
+	* TLS client
 
+	  - do not verify CA certificates when ca_cert is not specified
 
+	  - support validating server certificate hash
 
+	  - support SHA384 and SHA512 hashes
 
+	  - add signature_algorithms extension into ClientHello
 
+	  - support TLS v1.2 signature algorithm with SHA384 and SHA512
 
+	  - support server certificate probing
 
+	  - allow specific TLS versions to be disabled with phase2 parameter
 
+	  - support extKeyUsage
 
+	  - support PKCS #5 v2.0 PBES2
 
+	  - support PKCS #5 with PKCS #12 style key decryption
 
+	  - minimal support for PKCS #12
 
+	  - support OCSP stapling (including ocsp_multi)
 
+	* OpenSSL
 
+	  - support OpenSSL 1.1 API changes
 
+	  - drop support for OpenSSL 0.9.8
 
+	  - drop support for OpenSSL 1.0.0
 
+	* added support for multiple schedule scan plans (sched_scan_plans)
 
+	* added support for external server certificate chain validation
 
+	  (tls_ext_cert_check=1 in the network profile phase1 parameter)
 
+	* made phase2 parser more strict about correct use of auth=<val> and
 
+	  autheap=<val> values
 
+	* improved GAS offchannel operations with comeback request
 
+	* added SIGNAL_MONITOR command to request signal strength monitoring
 
+	  events
 
+	* added command for retrieving HS 2.0 icons with in-memory storage
 
+	  (REQ_HS20_ICON, GET_HS20_ICON, DEL_HS20_ICON commands and
 
+	  RX-HS20-ICON event)
 
+	* enabled ACS support for AP mode operations with wpa_supplicant
 
+	* EAP-PEAP: fixed interoperability issue with Windows 2012r2 server
 
+	  ("Invalid Compound_MAC in cryptobinding TLV")
 
+	* EAP-TTLS; fixed success after fragmented final Phase 2 message
 
+	* VHT: added interoperability workaround for 80+80 and 160 MHz channels
 
+	* WNM: workaround for broken AP operating class behavior
 
+	* added kqueue(2) support for eloop (CONFIG_ELOOP_KQUEUE)
 
+	* nl80211:
 
+	  - add support for full station state operations
 
+	  - do not add NL80211_ATTR_SMPS_MODE attribute if HT is disabled
 
+	  - add NL80211_ATTR_PREV_BSSID with Connect command
 
+	* added initial MBO support; number of extensions to WNM BSS Transition
 
+	  Management
 
+	* added support for PBSS/PCP and P2P on 60 GHz
 
+	* Interworking: add credential realm to EAP-TLS identity
 
+	* fixed EAPOL-Key Request Secure bit to be 1 if PTK is set
 
+	* HS 2.0: add support for configuring frame filters
 
+	* added POLL_STA command to check connectivity in AP mode
 
+	* added initial functionality for location related operations
 
+	* started to ignore pmf=1/2 parameter for non-RSN networks
 
+	* added wps_disabled=1 network profile parameter to allow AP mode to
 
+	  be started without enabling WPS
 
+	* number of small fixes
 
+
 
 2015-09-27 - v2.5
 
 	* fixed P2P validation of SSID element length before copying it
 
 	  [http://w1.fi/security/2015-1/] (CVE-2015-1863)