Update version to v2.7 and copyright years to include 2018

Also add the ChangeLog entries for both hostapd and wpa_supplicant to
describe main changes between v2.6 and v2.7.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2018-12-02 20:56:31 +02:00
parent 55570efe35
commit c2c6c01bb8
20 changed files with 146 additions and 21 deletions

View File

@ -140,7 +140,7 @@ The license terms used for hostap.git files
Modified BSD license (no advertisement clause):
Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> and contributors
Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved.
Redistribution and use in source and binary forms, with or without

View File

@ -1,7 +1,7 @@
wpa_supplicant and hostapd
--------------------------
Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> and contributors
Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved.

2
README
View File

@ -1,7 +1,7 @@
wpa_supplicant and hostapd
--------------------------
Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> and contributors
Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved.
These programs are licensed under the BSD license (the one with

View File

@ -31,7 +31,7 @@ PROJECT_NAME = "wpa_supplicant / hostapd"
# This could be handy for archiving the generated documentation or
# if some version control system is used.
PROJECT_NUMBER = 2.6
PROJECT_NUMBER = 2.7
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
# base path where the generated documentation will be put.

View File

@ -1,5 +1,60 @@
ChangeLog for hostapd
2018-12-02 - v2.7
* fixed WPA packet number reuse with replayed messages and key
reinstallation
[http://w1.fi/security/2017-1/] (CVE-2017-13082)
* added support for FILS (IEEE 802.11ai) shared key authentication
* added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
and transition mode defined by WFA)
* added support for DPP (Wi-Fi Device Provisioning Protocol)
* FT:
- added local generation of PMK-R0/PMK-R1 for FT-PSK
(ft_psk_generate_local=1)
- replaced inter-AP protocol with a cleaner design that is more
easily extensible; this breaks backward compatibility and requires
all APs in the ESS to be updated at the same time to maintain FT
functionality
- added support for wildcard R0KH/R1KH
- replaced r0_key_lifetime (minutes) parameter with
ft_r0_key_lifetime (seconds)
- fixed wpa_psk_file use for FT-PSK
- fixed FT-SAE PMKID matching
- added expiration to PMK-R0 and PMK-R1 cache
- added IEEE VLAN support (including tagged VLANs)
- added support for SHA384 based AKM
* SAE
- fixed some PMKSA caching cases with SAE
- added support for configuring SAE password separately of the
WPA2 PSK/passphrase
- added option to require MFP for SAE associations
(sae_require_pmf=1)
- fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection
for SAE;
note: this is not backwards compatible, i.e., both the AP and
station side implementations will need to be update at the same
time to maintain interoperability
- added support for Password Identifier
* hostapd_cli: added support for command history and completion
* added support for requesting beacon report
* large number of other fixes, cleanup, and extensions
* added option to configure EAPOL-Key retry limits
(wpa_group_update_count and wpa_pairwise_update_count)
* removed all PeerKey functionality
* fixed nl80211 AP mode configuration regression with Linux 4.15 and
newer
* added support for using wolfSSL cryptographic library
* fixed some 20/40 MHz coexistence cases where the BSS could drop to
20 MHz even when 40 MHz would be allowed
* Hotspot 2.0
- added support for setting Venue URL ANQP-element (venue_url)
- added support for advertising Hotspot 2.0 operator icons
- added support for Roaming Consortium Selection element
- added support for Terms and Conditions
- added support for OSEN connection in a shared RSN BSS
* added support for using OpenSSL 1.1.1
* added EAP-pwd server support for salted passwords
2016-10-02 - v2.6
* fixed EAP-pwd last fragment validation
[http://w1.fi/security/2015-7/] (CVE-2015-5314)

View File

@ -2,7 +2,7 @@ hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP
Authenticator and RADIUS authentication server
================================================================
Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> and contributors
Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved.
This program is licensed under the BSD license (the one with

View File

@ -1,6 +1,6 @@
/*
* hostapd - command line interface for hostapd daemon
* Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi>
* Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@ -21,7 +21,7 @@
static const char *const hostapd_cli_version =
"hostapd_cli v" VERSION_STR "\n"
"Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi> and contributors";
"Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi> and contributors";
static struct wpa_ctrl *ctrl_conn;
static int hostapd_cli_quit = 0;

View File

@ -1,6 +1,6 @@
/*
* hostapd / main()
* Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi>
* Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@ -456,7 +456,7 @@ static void show_version(void)
"hostapd v" VERSION_STR "\n"
"User space daemon for IEEE 802.11 AP management,\n"
"IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n"
"Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> "
"Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> "
"and contributors\n");
}

View File

@ -9,6 +9,6 @@
#define GIT_VERSION_STR_POSTFIX ""
#endif /* GIT_VERSION_STR_POSTFIX */
#define VERSION_STR "2.7-devel" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX
#define VERSION_STR "2.7" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX
#endif /* VERSION_H */

View File

@ -1,5 +1,75 @@
ChangeLog for wpa_supplicant
2018-12-02 - v2.7
* fixed WPA packet number reuse with replayed messages and key
reinstallation
[https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
* fixed unauthenticated EAPOL-Key decryption in wpa_supplicant
[https://w1.fi/security/2018-1/] (CVE-2018-14526)
* added support for FILS (IEEE 802.11ai) shared key authentication
* added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
and transition mode defined by WFA)
* added support for DPP (Wi-Fi Device Provisioning Protocol)
* added support for RSA 3k key case with Suite B 192-bit level
* fixed Suite B PMKSA caching not to update PMKID during each 4-way
handshake
* fixed EAP-pwd pre-processing with PasswordHashHash
* added EAP-pwd client support for salted passwords
* fixed a regression in TDLS prohibited bit validation
* started to use estimated throughput to avoid undesired signal
strength based roaming decision
* MACsec/MKA:
- new macsec_linux driver interface support for the Linux
kernel macsec module
- number of fixes and extensions
* added support for external persistent storage of PMKSA cache
(PMKSA_GET/PMKSA_ADD control interface commands; and
MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)
* fixed mesh channel configuration pri/sec switch case
* added support for beacon report
* large number of other fixes, cleanup, and extensions
* added support for randomizing local address for GAS queries
(gas_rand_mac_addr parameter)
* fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel
* added option for using random WPS UUID (auto_uuid=1)
* added SHA256-hash support for OCSP certificate matching
* fixed EAP-AKA' to add AT_KDF into Synchronization-Failure
* fixed a regression in RSN pre-authentication candidate selection
* added option to configure allowed group management cipher suites
(group_mgmt network profile parameter)
* removed all PeerKey functionality
* fixed nl80211 AP and mesh mode configuration regression with
Linux 4.15 and newer
* added ap_isolate configuration option for AP mode
* added support for nl80211 to offload 4-way handshake into the driver
* added support for using wolfSSL cryptographic library
* SAE
- added support for configuring SAE password separately of the
WPA2 PSK/passphrase
- fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection
for SAE;
note: this is not backwards compatible, i.e., both the AP and
station side implementations will need to be update at the same
time to maintain interoperability
- added support for Password Identifier
- fixed FT-SAE PMKID matching
* Hotspot 2.0
- added support for fetching of Operator Icon Metadata ANQP-element
- added support for Roaming Consortium Selection element
- added support for Terms and Conditions
- added support for OSEN connection in a shared RSN BSS
- added support for fetching Venue URL information
* added support for using OpenSSL 1.1.1
* FT
- disabled PMKSA caching with FT since it is not fully functional
- added support for SHA384 based AKM
- added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128,
BIP-GMAC-256 in addition to previously supported BIP-CMAC-128
- fixed additional IE inclusion in Reassociation Request frame when
using FT protocol
2016-10-02 - v2.6
* fixed WNM Sleep Mode processing when PMF is not enabled
[http://w1.fi/security/2015-6/] (CVE-2015-5310)

View File

@ -1,7 +1,7 @@
WPA Supplicant
==============
Copyright (c) 2003-2017, Jouni Malinen <j@w1.fi> and contributors
Copyright (c) 2003-2018, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved.
This program is licensed under the BSD license (the one with

View File

@ -194,7 +194,7 @@ eapol_test -ctest.conf -a127.0.0.1 -p1812 -ssecret -r1
</refsect1>
<refsect1>
<title>Legal</title>
<para>wpa_supplicant is copyright (c) 2003-2017,
<para>wpa_supplicant is copyright (c) 2003-2018,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>

View File

@ -90,7 +90,7 @@
<refsect1>
<title>Legal</title>
<para>wpa_supplicant is copyright (c) 2003-2017,
<para>wpa_supplicant is copyright (c) 2003-2018,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>

View File

@ -345,7 +345,7 @@ CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
</refsect1>
<refsect1>
<title>Legal</title>
<para>wpa_supplicant is copyright (c) 2003-2017,
<para>wpa_supplicant is copyright (c) 2003-2018,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>

View File

@ -91,7 +91,7 @@
</refsect1>
<refsect1>
<title>Legal</title>
<para>wpa_supplicant is copyright (c) 2003-2017,
<para>wpa_supplicant is copyright (c) 2003-2018,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>

View File

@ -62,7 +62,7 @@
</refsect1>
<refsect1>
<title>Legal</title>
<para>wpa_supplicant is copyright (c) 2003-2017,
<para>wpa_supplicant is copyright (c) 2003-2018,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>

View File

@ -137,7 +137,7 @@ wpa_supplicant -i ath0 -c wpa_supplicant.conf
</refsect1>
<refsect1>
<title>Legal</title>
<para>wpa_supplicant is copyright (c) 2003-2017,
<para>wpa_supplicant is copyright (c) 2003-2018,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>

View File

@ -729,7 +729,7 @@ fi
</refsect1>
<refsect1>
<title>Legal</title>
<para>wpa_supplicant is copyright (c) 2003-2017,
<para>wpa_supplicant is copyright (c) 2003-2018,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>

View File

@ -1,6 +1,6 @@
/*
* WPA Supplicant - command line interface for wpa_supplicant daemon
* Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi>
* Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@ -29,7 +29,7 @@
static const char *const wpa_cli_version =
"wpa_cli v" VERSION_STR "\n"
"Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi> and contributors";
"Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi> and contributors";
#define VENDOR_ELEM_FRAME_ID \
" 0: Probe Req (P2P), 1: Probe Resp (P2P) , 2: Probe Resp (GO), " \

View File

@ -68,7 +68,7 @@
const char *const wpa_supplicant_version =
"wpa_supplicant v" VERSION_STR "\n"
"Copyright (c) 2003-2017, Jouni Malinen <j@w1.fi> and contributors";
"Copyright (c) 2003-2018, Jouni Malinen <j@w1.fi> and contributors";
const char *const wpa_supplicant_license =
"This software may be distributed under the terms of the BSD license.\n"