Preparations for v2.10 release

Update the version number for the build and also add the ChangeLog
entries for both hostapd and wpa_supplicant to describe main changes
between v2.9 and v2.10.

Signed-off-by: Jouni Malinen <j@w1.fi>

doc/doxygen.conf

@@ -31,7 +31,7 @@ PROJECT_NAME           = "wpa_supplicant / hostapd"
 # This could be handy for archiving the generated documentation or
 # if some version control system is used.
 
-PROJECT_NUMBER         = 2.9
+PROJECT_NUMBER         = 2.10
 
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
 # base path where the generated documentation will be put.

hostapd/ChangeLog

@@ -1,5 +1,48 @@
 ChangeLog for hostapd
 
+2022-01-16 - v2.10
+	* SAE changes
+	  - improved protection against side channel attacks
+	    [https://w1.fi/security/2022-1/]
+	  - added option send SAE Confirm immediately (sae_config_immediate=1)
+	    after SAE Commit
+	  - added support for the hash-to-element mechanism (sae_pwe=1 or
+	    sae_pwe=2)
+	  - fixed PMKSA caching with OKC
+	  - added support for SAE-PK
+	* EAP-pwd changes
+	  - improved protection against side channel attacks
+	    [https://w1.fi/security/2022-1/]
+	* fixed WPS UPnP SUBSCRIBE handling of invalid operations
+	  [https://w1.fi/security/2020-1/]
+	* fixed PMF disconnection protection bypass
+	  [https://w1.fi/security/2019-7/]
+	* added support for using OpenSSL 3.0
+	* fixed various issues in experimental support for EAP-TEAP server
+	* added configuration (max_auth_rounds, max_auth_rounds_short) to
+	  increase the maximum number of EAP message exchanges (mainly to
+	  support cases with very large certificates) for the EAP server
+	* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
+	* extended HE (IEEE 802.11ax) support, including 6 GHz support
+	* removed obsolete IAPP functionality
+	* fixed EAP-FAST server with TLS GCM/CCM ciphers
+	* dropped support for libnl 1.1
+	* added support for nl80211 control port for EAPOL frame TX/RX
+	* fixed OWE key derivation with groups 20 and 21; this breaks backwards
+	  compatibility for these groups while the default group 19 remains
+	  backwards compatible; owe_ptk_workaround=1 can be used to enabled a
+	  a workaround for the group 20/21 backwards compatibility
+	* added support for Beacon protection
+	* added support for Extended Key ID for pairwise keys
+	* removed WEP support from the default build (CONFIG_WEP=y can be used
+	  to enable it, if really needed)
+	* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
+	* added support for Transition Disable mechanism to allow the AP to
+	  automatically disable transition mode to improve security
+	* added support for PASN
+	* added EAP-TLS server support for TLS 1.3 (disabled by default for now)
+	* a large number of other fixes, cleanup, and extensions
+
 2019-08-07 - v2.9
 	* SAE changes
 	  - disable use of groups using Brainpool curves

src/common/version.h

@@ -9,6 +9,6 @@
 #define GIT_VERSION_STR_POSTFIX ""
 #endif /* GIT_VERSION_STR_POSTFIX */
 
-#define VERSION_STR "2.10-devel" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX
+#define VERSION_STR "2.10" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX
 
 #endif /* VERSION_H */

wpa_supplicant/ChangeLog

@@ -1,5 +1,58 @@
 ChangeLog for wpa_supplicant
 
+2022-01-16 - v2.10
+	* SAE changes
+	  - improved protection against side channel attacks
+	    [https://w1.fi/security/2022-1/]
+	  - added support for the hash-to-element mechanism (sae_pwe=1 or
+	    sae_pwe=2); this is currently disabled by default, but will likely
+	    get enabled by default in the future
+	  - fixed PMKSA caching with OKC
+	  - added support for SAE-PK
+	* EAP-pwd changes
+	  - improved protection against side channel attacks
+	  [https://w1.fi/security/2022-1/]
+	* fixed P2P provision discovery processing of a specially constructed
+	  invalid frame
+	  [https://w1.fi/security/2021-1/]
+	* fixed P2P group information processing of a specially constructed
+	  invalid frame
+	  [https://w1.fi/security/2020-2/]
+	* fixed PMF disconnection protection bypass in AP mode
+	  [https://w1.fi/security/2019-7/]
+	* added support for using OpenSSL 3.0
+	* increased the maximum number of EAP message exchanges (mainly to
+	  support cases with very large certificates)
+	* fixed various issues in experimental support for EAP-TEAP peer
+	* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
+	* a number of MKA/MACsec fixes and extensions
+	* added support for SAE (WPA3-Personal) AP mode configuration
+	* added P2P support for EDMG (IEEE 802.11ay) channels
+	* fixed EAP-FAST peer with TLS GCM/CCM ciphers
+	* improved throughput estimation and BSS selection
+	* dropped support for libnl 1.1
+	* added support for nl80211 control port for EAPOL frame TX/RX
+	* fixed OWE key derivation with groups 20 and 21; this breaks backwards
+	  compatibility for these groups while the default group 19 remains
+	  backwards compatible
+	* added support for Beacon protection
+	* added support for Extended Key ID for pairwise keys
+	* removed WEP support from the default build (CONFIG_WEP=y can be used
+	  to enable it, if really needed)
+	* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
+	* added support for Transition Disable mechanism to allow the AP to
+	  automatically disable transition mode to improve security
+	* extended D-Bus interface
+	* added support for PASN
+	* added a file-based backend for external password storage to allow
+	  secret information to be moved away from the main configuration file
+	  without requiring external tools
+	* added EAP-TLS peer support for TLS 1.3 (disabled by default for now)
+	* added support for SCS, MSCS, DSCP policy
+	* changed driver interface selection to default to automatic fallback
+	  to other compiled in options
+	* a large number of other fixes, cleanup, and extensions
+
 2019-08-07 - v2.9
 	* SAE changes
 	  - disable use of groups using Brainpool curves