Update version to v2.7 and copyright years to include 2018

Also add the ChangeLog entries for both hostapd and wpa_supplicant to
describe main changes between v2.6 and v2.7.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2018-12-02 20:56:31 +02:00
parent 55570efe35
commit c2c6c01bb8
20 changed files with 146 additions and 21 deletions

View File

@ -140,7 +140,7 @@ The license terms used for hostap.git files
Modified BSD license (no advertisement clause): Modified BSD license (no advertisement clause):
Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> and contributors Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved. All Rights Reserved.
Redistribution and use in source and binary forms, with or without Redistribution and use in source and binary forms, with or without

View File

@ -1,7 +1,7 @@
wpa_supplicant and hostapd wpa_supplicant and hostapd
-------------------------- --------------------------
Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> and contributors Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved. All Rights Reserved.

2
README
View File

@ -1,7 +1,7 @@
wpa_supplicant and hostapd wpa_supplicant and hostapd
-------------------------- --------------------------
Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> and contributors Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved. All Rights Reserved.
These programs are licensed under the BSD license (the one with These programs are licensed under the BSD license (the one with

View File

@ -31,7 +31,7 @@ PROJECT_NAME = "wpa_supplicant / hostapd"
# This could be handy for archiving the generated documentation or # This could be handy for archiving the generated documentation or
# if some version control system is used. # if some version control system is used.
PROJECT_NUMBER = 2.6 PROJECT_NUMBER = 2.7
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
# base path where the generated documentation will be put. # base path where the generated documentation will be put.

View File

@ -1,5 +1,60 @@
ChangeLog for hostapd ChangeLog for hostapd
2018-12-02 - v2.7
* fixed WPA packet number reuse with replayed messages and key
reinstallation
[http://w1.fi/security/2017-1/] (CVE-2017-13082)
* added support for FILS (IEEE 802.11ai) shared key authentication
* added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
and transition mode defined by WFA)
* added support for DPP (Wi-Fi Device Provisioning Protocol)
* FT:
- added local generation of PMK-R0/PMK-R1 for FT-PSK
(ft_psk_generate_local=1)
- replaced inter-AP protocol with a cleaner design that is more
easily extensible; this breaks backward compatibility and requires
all APs in the ESS to be updated at the same time to maintain FT
functionality
- added support for wildcard R0KH/R1KH
- replaced r0_key_lifetime (minutes) parameter with
ft_r0_key_lifetime (seconds)
- fixed wpa_psk_file use for FT-PSK
- fixed FT-SAE PMKID matching
- added expiration to PMK-R0 and PMK-R1 cache
- added IEEE VLAN support (including tagged VLANs)
- added support for SHA384 based AKM
* SAE
- fixed some PMKSA caching cases with SAE
- added support for configuring SAE password separately of the
WPA2 PSK/passphrase
- added option to require MFP for SAE associations
(sae_require_pmf=1)
- fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection
for SAE;
note: this is not backwards compatible, i.e., both the AP and
station side implementations will need to be update at the same
time to maintain interoperability
- added support for Password Identifier
* hostapd_cli: added support for command history and completion
* added support for requesting beacon report
* large number of other fixes, cleanup, and extensions
* added option to configure EAPOL-Key retry limits
(wpa_group_update_count and wpa_pairwise_update_count)
* removed all PeerKey functionality
* fixed nl80211 AP mode configuration regression with Linux 4.15 and
newer
* added support for using wolfSSL cryptographic library
* fixed some 20/40 MHz coexistence cases where the BSS could drop to
20 MHz even when 40 MHz would be allowed
* Hotspot 2.0
- added support for setting Venue URL ANQP-element (venue_url)
- added support for advertising Hotspot 2.0 operator icons
- added support for Roaming Consortium Selection element
- added support for Terms and Conditions
- added support for OSEN connection in a shared RSN BSS
* added support for using OpenSSL 1.1.1
* added EAP-pwd server support for salted passwords
2016-10-02 - v2.6 2016-10-02 - v2.6
* fixed EAP-pwd last fragment validation * fixed EAP-pwd last fragment validation
[http://w1.fi/security/2015-7/] (CVE-2015-5314) [http://w1.fi/security/2015-7/] (CVE-2015-5314)

View File

@ -2,7 +2,7 @@ hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP
Authenticator and RADIUS authentication server Authenticator and RADIUS authentication server
================================================================ ================================================================
Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> and contributors Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved. All Rights Reserved.
This program is licensed under the BSD license (the one with This program is licensed under the BSD license (the one with

View File

@ -1,6 +1,6 @@
/* /*
* hostapd - command line interface for hostapd daemon * hostapd - command line interface for hostapd daemon
* Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi> * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
* *
* This software may be distributed under the terms of the BSD license. * This software may be distributed under the terms of the BSD license.
* See README for more details. * See README for more details.
@ -21,7 +21,7 @@
static const char *const hostapd_cli_version = static const char *const hostapd_cli_version =
"hostapd_cli v" VERSION_STR "\n" "hostapd_cli v" VERSION_STR "\n"
"Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi> and contributors"; "Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi> and contributors";
static struct wpa_ctrl *ctrl_conn; static struct wpa_ctrl *ctrl_conn;
static int hostapd_cli_quit = 0; static int hostapd_cli_quit = 0;

View File

@ -1,6 +1,6 @@
/* /*
* hostapd / main() * hostapd / main()
* Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> * Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi>
* *
* This software may be distributed under the terms of the BSD license. * This software may be distributed under the terms of the BSD license.
* See README for more details. * See README for more details.
@ -456,7 +456,7 @@ static void show_version(void)
"hostapd v" VERSION_STR "\n" "hostapd v" VERSION_STR "\n"
"User space daemon for IEEE 802.11 AP management,\n" "User space daemon for IEEE 802.11 AP management,\n"
"IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n" "IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n"
"Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> " "Copyright (c) 2002-2018, Jouni Malinen <j@w1.fi> "
"and contributors\n"); "and contributors\n");
} }

View File

@ -9,6 +9,6 @@
#define GIT_VERSION_STR_POSTFIX "" #define GIT_VERSION_STR_POSTFIX ""
#endif /* GIT_VERSION_STR_POSTFIX */ #endif /* GIT_VERSION_STR_POSTFIX */
#define VERSION_STR "2.7-devel" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX #define VERSION_STR "2.7" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX
#endif /* VERSION_H */ #endif /* VERSION_H */

View File

@ -1,5 +1,75 @@
ChangeLog for wpa_supplicant ChangeLog for wpa_supplicant
2018-12-02 - v2.7
* fixed WPA packet number reuse with replayed messages and key
reinstallation
[https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
* fixed unauthenticated EAPOL-Key decryption in wpa_supplicant
[https://w1.fi/security/2018-1/] (CVE-2018-14526)
* added support for FILS (IEEE 802.11ai) shared key authentication
* added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
and transition mode defined by WFA)
* added support for DPP (Wi-Fi Device Provisioning Protocol)
* added support for RSA 3k key case with Suite B 192-bit level
* fixed Suite B PMKSA caching not to update PMKID during each 4-way
handshake
* fixed EAP-pwd pre-processing with PasswordHashHash
* added EAP-pwd client support for salted passwords
* fixed a regression in TDLS prohibited bit validation
* started to use estimated throughput to avoid undesired signal
strength based roaming decision
* MACsec/MKA:
- new macsec_linux driver interface support for the Linux
kernel macsec module
- number of fixes and extensions
* added support for external persistent storage of PMKSA cache
(PMKSA_GET/PMKSA_ADD control interface commands; and
MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)
* fixed mesh channel configuration pri/sec switch case
* added support for beacon report
* large number of other fixes, cleanup, and extensions
* added support for randomizing local address for GAS queries
(gas_rand_mac_addr parameter)
* fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel
* added option for using random WPS UUID (auto_uuid=1)
* added SHA256-hash support for OCSP certificate matching
* fixed EAP-AKA' to add AT_KDF into Synchronization-Failure
* fixed a regression in RSN pre-authentication candidate selection
* added option to configure allowed group management cipher suites
(group_mgmt network profile parameter)
* removed all PeerKey functionality
* fixed nl80211 AP and mesh mode configuration regression with
Linux 4.15 and newer
* added ap_isolate configuration option for AP mode
* added support for nl80211 to offload 4-way handshake into the driver
* added support for using wolfSSL cryptographic library
* SAE
- added support for configuring SAE password separately of the
WPA2 PSK/passphrase
- fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection
for SAE;
note: this is not backwards compatible, i.e., both the AP and
station side implementations will need to be update at the same
time to maintain interoperability
- added support for Password Identifier
- fixed FT-SAE PMKID matching
* Hotspot 2.0
- added support for fetching of Operator Icon Metadata ANQP-element
- added support for Roaming Consortium Selection element
- added support for Terms and Conditions
- added support for OSEN connection in a shared RSN BSS
- added support for fetching Venue URL information
* added support for using OpenSSL 1.1.1
* FT
- disabled PMKSA caching with FT since it is not fully functional
- added support for SHA384 based AKM
- added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128,
BIP-GMAC-256 in addition to previously supported BIP-CMAC-128
- fixed additional IE inclusion in Reassociation Request frame when
using FT protocol
2016-10-02 - v2.6 2016-10-02 - v2.6
* fixed WNM Sleep Mode processing when PMF is not enabled * fixed WNM Sleep Mode processing when PMF is not enabled
[http://w1.fi/security/2015-6/] (CVE-2015-5310) [http://w1.fi/security/2015-6/] (CVE-2015-5310)

View File

@ -1,7 +1,7 @@
WPA Supplicant WPA Supplicant
============== ==============
Copyright (c) 2003-2017, Jouni Malinen <j@w1.fi> and contributors Copyright (c) 2003-2018, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved. All Rights Reserved.
This program is licensed under the BSD license (the one with This program is licensed under the BSD license (the one with

View File

@ -194,7 +194,7 @@ eapol_test -ctest.conf -a127.0.0.1 -p1812 -ssecret -r1
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>Legal</title> <title>Legal</title>
<para>wpa_supplicant is copyright (c) 2003-2017, <para>wpa_supplicant is copyright (c) 2003-2018,
Jouni Malinen <email>j@w1.fi</email> and Jouni Malinen <email>j@w1.fi</email> and
contributors. contributors.
All Rights Reserved.</para> All Rights Reserved.</para>

View File

@ -90,7 +90,7 @@
<refsect1> <refsect1>
<title>Legal</title> <title>Legal</title>
<para>wpa_supplicant is copyright (c) 2003-2017, <para>wpa_supplicant is copyright (c) 2003-2018,
Jouni Malinen <email>j@w1.fi</email> and Jouni Malinen <email>j@w1.fi</email> and
contributors. contributors.
All Rights Reserved.</para> All Rights Reserved.</para>

View File

@ -345,7 +345,7 @@ CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>Legal</title> <title>Legal</title>
<para>wpa_supplicant is copyright (c) 2003-2017, <para>wpa_supplicant is copyright (c) 2003-2018,
Jouni Malinen <email>j@w1.fi</email> and Jouni Malinen <email>j@w1.fi</email> and
contributors. contributors.
All Rights Reserved.</para> All Rights Reserved.</para>

View File

@ -91,7 +91,7 @@
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>Legal</title> <title>Legal</title>
<para>wpa_supplicant is copyright (c) 2003-2017, <para>wpa_supplicant is copyright (c) 2003-2018,
Jouni Malinen <email>j@w1.fi</email> and Jouni Malinen <email>j@w1.fi</email> and
contributors. contributors.
All Rights Reserved.</para> All Rights Reserved.</para>

View File

@ -62,7 +62,7 @@
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>Legal</title> <title>Legal</title>
<para>wpa_supplicant is copyright (c) 2003-2017, <para>wpa_supplicant is copyright (c) 2003-2018,
Jouni Malinen <email>j@w1.fi</email> and Jouni Malinen <email>j@w1.fi</email> and
contributors. contributors.
All Rights Reserved.</para> All Rights Reserved.</para>

View File

@ -137,7 +137,7 @@ wpa_supplicant -i ath0 -c wpa_supplicant.conf
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>Legal</title> <title>Legal</title>
<para>wpa_supplicant is copyright (c) 2003-2017, <para>wpa_supplicant is copyright (c) 2003-2018,
Jouni Malinen <email>j@w1.fi</email> and Jouni Malinen <email>j@w1.fi</email> and
contributors. contributors.
All Rights Reserved.</para> All Rights Reserved.</para>

View File

@ -729,7 +729,7 @@ fi
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>Legal</title> <title>Legal</title>
<para>wpa_supplicant is copyright (c) 2003-2017, <para>wpa_supplicant is copyright (c) 2003-2018,
Jouni Malinen <email>j@w1.fi</email> and Jouni Malinen <email>j@w1.fi</email> and
contributors. contributors.
All Rights Reserved.</para> All Rights Reserved.</para>

View File

@ -1,6 +1,6 @@
/* /*
* WPA Supplicant - command line interface for wpa_supplicant daemon * WPA Supplicant - command line interface for wpa_supplicant daemon
* Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi> * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
* *
* This software may be distributed under the terms of the BSD license. * This software may be distributed under the terms of the BSD license.
* See README for more details. * See README for more details.
@ -29,7 +29,7 @@
static const char *const wpa_cli_version = static const char *const wpa_cli_version =
"wpa_cli v" VERSION_STR "\n" "wpa_cli v" VERSION_STR "\n"
"Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi> and contributors"; "Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi> and contributors";
#define VENDOR_ELEM_FRAME_ID \ #define VENDOR_ELEM_FRAME_ID \
" 0: Probe Req (P2P), 1: Probe Resp (P2P) , 2: Probe Resp (GO), " \ " 0: Probe Req (P2P), 1: Probe Resp (P2P) , 2: Probe Resp (GO), " \

View File

@ -68,7 +68,7 @@
const char *const wpa_supplicant_version = const char *const wpa_supplicant_version =
"wpa_supplicant v" VERSION_STR "\n" "wpa_supplicant v" VERSION_STR "\n"
"Copyright (c) 2003-2017, Jouni Malinen <j@w1.fi> and contributors"; "Copyright (c) 2003-2018, Jouni Malinen <j@w1.fi> and contributors";
const char *const wpa_supplicant_license = const char *const wpa_supplicant_license =
"This software may be distributed under the terms of the BSD license.\n" "This software may be distributed under the terms of the BSD license.\n"