From cff80b4f7d3c0a47c052e8187d671710f48939e4 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 16 Jan 2022 22:46:15 +0200 Subject: [PATCH] Preparations for v2.10 release Update the version number for the build and also add the ChangeLog entries for both hostapd and wpa_supplicant to describe main changes between v2.9 and v2.10. Signed-off-by: Jouni Malinen --- doc/doxygen.conf | 2 +- hostapd/ChangeLog | 43 ++++++++++++++++++++++++++++++++ src/common/version.h | 2 +- wpa_supplicant/ChangeLog | 53 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 98 insertions(+), 2 deletions(-) diff --git a/doc/doxygen.conf b/doc/doxygen.conf index 3f0117393..54a77ec2f 100644 --- a/doc/doxygen.conf +++ b/doc/doxygen.conf @@ -31,7 +31,7 @@ PROJECT_NAME = "wpa_supplicant / hostapd" # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 2.9 +PROJECT_NUMBER = 2.10 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog index 34a8a0818..279298e4d 100644 --- a/hostapd/ChangeLog +++ b/hostapd/ChangeLog @@ -1,5 +1,48 @@ ChangeLog for hostapd +2022-01-16 - v2.10 + * SAE changes + - improved protection against side channel attacks + [https://w1.fi/security/2022-1/] + - added option send SAE Confirm immediately (sae_config_immediate=1) + after SAE Commit + - added support for the hash-to-element mechanism (sae_pwe=1 or + sae_pwe=2) + - fixed PMKSA caching with OKC + - added support for SAE-PK + * EAP-pwd changes + - improved protection against side channel attacks + [https://w1.fi/security/2022-1/] + * fixed WPS UPnP SUBSCRIBE handling of invalid operations + [https://w1.fi/security/2020-1/] + * fixed PMF disconnection protection bypass + [https://w1.fi/security/2019-7/] + * added support for using OpenSSL 3.0 + * fixed various issues in experimental support for EAP-TEAP server + * added configuration (max_auth_rounds, max_auth_rounds_short) to + increase the maximum number of EAP message exchanges (mainly to + support cases with very large certificates) for the EAP server + * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol) + * extended HE (IEEE 802.11ax) support, including 6 GHz support + * removed obsolete IAPP functionality + * fixed EAP-FAST server with TLS GCM/CCM ciphers + * dropped support for libnl 1.1 + * added support for nl80211 control port for EAPOL frame TX/RX + * fixed OWE key derivation with groups 20 and 21; this breaks backwards + compatibility for these groups while the default group 19 remains + backwards compatible; owe_ptk_workaround=1 can be used to enabled a + a workaround for the group 20/21 backwards compatibility + * added support for Beacon protection + * added support for Extended Key ID for pairwise keys + * removed WEP support from the default build (CONFIG_WEP=y can be used + to enable it, if really needed) + * added a build option to remove TKIP support (CONFIG_NO_TKIP=y) + * added support for Transition Disable mechanism to allow the AP to + automatically disable transition mode to improve security + * added support for PASN + * added EAP-TLS server support for TLS 1.3 (disabled by default for now) + * a large number of other fixes, cleanup, and extensions + 2019-08-07 - v2.9 * SAE changes - disable use of groups using Brainpool curves diff --git a/src/common/version.h b/src/common/version.h index 0235c9bf6..7502f58e0 100644 --- a/src/common/version.h +++ b/src/common/version.h @@ -9,6 +9,6 @@ #define GIT_VERSION_STR_POSTFIX "" #endif /* GIT_VERSION_STR_POSTFIX */ -#define VERSION_STR "2.10-devel" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX +#define VERSION_STR "2.10" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX #endif /* VERSION_H */ diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog index 5ca82457a..efcc6cd9c 100644 --- a/wpa_supplicant/ChangeLog +++ b/wpa_supplicant/ChangeLog @@ -1,5 +1,58 @@ ChangeLog for wpa_supplicant +2022-01-16 - v2.10 + * SAE changes + - improved protection against side channel attacks + [https://w1.fi/security/2022-1/] + - added support for the hash-to-element mechanism (sae_pwe=1 or + sae_pwe=2); this is currently disabled by default, but will likely + get enabled by default in the future + - fixed PMKSA caching with OKC + - added support for SAE-PK + * EAP-pwd changes + - improved protection against side channel attacks + [https://w1.fi/security/2022-1/] + * fixed P2P provision discovery processing of a specially constructed + invalid frame + [https://w1.fi/security/2021-1/] + * fixed P2P group information processing of a specially constructed + invalid frame + [https://w1.fi/security/2020-2/] + * fixed PMF disconnection protection bypass in AP mode + [https://w1.fi/security/2019-7/] + * added support for using OpenSSL 3.0 + * increased the maximum number of EAP message exchanges (mainly to + support cases with very large certificates) + * fixed various issues in experimental support for EAP-TEAP peer + * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol) + * a number of MKA/MACsec fixes and extensions + * added support for SAE (WPA3-Personal) AP mode configuration + * added P2P support for EDMG (IEEE 802.11ay) channels + * fixed EAP-FAST peer with TLS GCM/CCM ciphers + * improved throughput estimation and BSS selection + * dropped support for libnl 1.1 + * added support for nl80211 control port for EAPOL frame TX/RX + * fixed OWE key derivation with groups 20 and 21; this breaks backwards + compatibility for these groups while the default group 19 remains + backwards compatible + * added support for Beacon protection + * added support for Extended Key ID for pairwise keys + * removed WEP support from the default build (CONFIG_WEP=y can be used + to enable it, if really needed) + * added a build option to remove TKIP support (CONFIG_NO_TKIP=y) + * added support for Transition Disable mechanism to allow the AP to + automatically disable transition mode to improve security + * extended D-Bus interface + * added support for PASN + * added a file-based backend for external password storage to allow + secret information to be moved away from the main configuration file + without requiring external tools + * added EAP-TLS peer support for TLS 1.3 (disabled by default for now) + * added support for SCS, MSCS, DSCP policy + * changed driver interface selection to default to automatic fallback + to other compiled in options + * a large number of other fixes, cleanup, and extensions + 2019-08-07 - v2.9 * SAE changes - disable use of groups using Brainpool curves