aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/ChangeLog
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2015-09-27 17:13:59 (GMT)
committerJouni Malinen <j@w1.fi>2015-09-27 19:02:05 (GMT)
commit49c36b708e780e05d3a709621a87b5747af1f9b3 (patch)
tree88df08bdf3a84373baf6a4898ed2da44f953e569 /wpa_supplicant/ChangeLog
parentb1f69186d2ebc7c29d6314fb3d326ab720018a81 (diff)
downloadhostap-49c36b708e780e05d3a709621a87b5747af1f9b3.zip
hostap-49c36b708e780e05d3a709621a87b5747af1f9b3.tar.gz
hostap-49c36b708e780e05d3a709621a87b5747af1f9b3.tar.bz2
Add ChangeLog entries for v2.5
Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'wpa_supplicant/ChangeLog')
-rw-r--r--wpa_supplicant/ChangeLog63
1 files changed, 63 insertions, 0 deletions
diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog
index 1ac79b4..facd90e 100644
--- a/wpa_supplicant/ChangeLog
+++ b/wpa_supplicant/ChangeLog
@@ -1,5 +1,68 @@
ChangeLog for wpa_supplicant
+2015-09-27 - v2.5
+ * fixed P2P validation of SSID element length before copying it
+ [http://w1.fi/security/2015-1/] (CVE-2015-1863)
+ * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
+ [http://w1.fi/security/2015-2/] (CVE-2015-4141)
+ * fixed WMM Action frame parser (AP mode)
+ [http://w1.fi/security/2015-3/] (CVE-2015-4142)
+ * fixed EAP-pwd peer missing payload length validation
+ [http://w1.fi/security/2015-4/]
+ (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
+ * fixed validation of WPS and P2P NFC NDEF record payload length
+ [http://w1.fi/security/2015-5/]
+ * nl80211:
+ - added VHT configuration for IBSS
+ - fixed vendor command handling to check OUI properly
+ - allow driver-based roaming to change ESS
+ * added AVG_BEACON_RSSI to SIGNAL_POLL output
+ * wpa_cli: added tab completion for number of commands
+ * removed unmaintained and not yet completed SChannel/CryptoAPI support
+ * modified Extended Capabilities element use in Probe Request frames to
+ include all cases if any of the values are non-zero
+ * added support for dynamically creating/removing a virtual interface
+ with interface_add/interface_remove
+ * added support for hashed password (NtHash) in EAP-pwd peer
+ * added support for memory-only PSK/passphrase (mem_only_psk=1 and
+ CTRL-REQ/RSP-PSK_PASSPHRASE)
+ * P2P
+ - optimize scan frequencies list when re-joining a persistent group
+ - fixed number of sequences with nl80211 P2P Device interface
+ - added operating class 125 for P2P use cases (this allows 5 GHz
+ channels 161 and 169 to be used if they are enabled in the current
+ regulatory domain)
+ - number of fixes to P2PS functionality
+ - do not allow 40 MHz co-ex PRI/SEC switch to force MCC
+ - extended support for preferred channel listing
+ * D-Bus:
+ - fixed WPS property of fi.w1.wpa_supplicant1.BSS interface
+ - fixed PresenceRequest to use group interface
+ - added new signals: FindStopped, WPS pbc-overlap,
+ GroupFormationFailure, WPS timeout, InvitationReceived
+ - added new methods: WPS Cancel, P2P Cancel, Reconnect, RemoveClient
+ - added manufacturer info
+ * added EAP-EKE peer support for deriving Session-Id
+ * added wps_priority configuration parameter to set the default priority
+ for all network profiles added by WPS
+ * added support to request a scan with specific SSIDs with the SCAN
+ command (optional "ssid <hexdump>" arguments)
+ * removed support for WEP40/WEP104 as a group cipher with WPA/WPA2
+ * fixed SAE group selection in an error case
+ * modified SAE routines to be more robust and PWE generation to be
+ stronger against timing attacks
+ * added support for Brainpool Elliptic Curves with SAE
+ * added support for CCMP-256 and GCMP-256 as group ciphers with FT
+ * fixed BSS selection based on estimated throughput
+ * added option to disable TLSv1.0 with OpenSSL
+ (phase1="tls_disable_tlsv1_0=1")
+ * added Fast Session Transfer (FST) module
+ * fixed OpenSSL PKCS#12 extra certificate handling
+ * fixed key derivation for Suite B 192-bit AKM (this breaks
+ compatibility with the earlier version)
+ * added RSN IE to Mesh Peering Open/Confirm frames
+ * number of small fixes
+
2015-03-15 - v2.4
* allow OpenSSL cipher configuration to be set for internal EAP server
(openssl_ciphers parameter)