Lines Matching +full:linux +full:- +full:stable +full:- +full:openssl
3 2022-01-16 - v2.10
5 - improved protection against side channel attacks
6 [https://w1.fi/security/2022-1/]
7 - added option send SAE Confirm immediately (sae_config_immediate=1)
9 - added support for the hash-to-element mechanism (sae_pwe=1 or
11 - fixed PMKSA caching with OKC
12 - added support for SAE-PK
13 * EAP-pwd changes
14 - improved protection against side channel attacks
15 [https://w1.fi/security/2022-1/]
17 [https://w1.fi/security/2020-1/]
19 [https://w1.fi/security/2019-7/]
20 * added support for using OpenSSL 3.0
21 * fixed various issues in experimental support for EAP-TEAP server
25 * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
28 * fixed EAP-FAST server with TLS GCM/CCM ciphers
43 * added EAP-TLS server support for TLS 1.3 (disabled by default for now)
46 2019-08-07 - v2.9
48 - disable use of groups using Brainpool curves
49 - improved protection against side channel attacks
50 [https://w1.fi/security/2019-6/]
51 * EAP-pwd changes
52 - disable use of groups using Brainpool curves
53 - improved protection against side channel attacks
54 [https://w1.fi/security/2019-6/]
55 * fixed FT-EAP initial mobility domain association using PMKSA caching
61 * added experimental support for EAP-TEAP server (RFC 7170)
62 * added experimental support for EAP-TLS server with TLS v1.3
66 * added eap_sim_id parameter to allow EAP-SIM/AKA server pseudonym and
68 * fixed an ECDH operation corner case with OpenSSL
70 2019-04-21 - v2.8
72 - added support for SAE Password Identifier
73 - changed default configuration to enable only group 19
76 - improved anti-clogging token mechanism and SAE authentication
80 - added Finite Cyclic Group field in status code 77 responses
81 - reject use of unsuitable groups based on new implementation guidance
84 - minimize timing and memory use differences in PWE derivation
85 [https://w1.fi/security/2019-1/] (CVE-2019-9494)
86 - fixed confirm message validation in error cases
87 [https://w1.fi/security/2019-3/] (CVE-2019-9496)
88 * EAP-pwd changes
89 - minimize timing and memory use differences in PWE derivation
90 [https://w1.fi/security/2019-2/] (CVE-2019-9495)
91 - verify peer scalar/element
92 [https://w1.fi/security/2019-4/] (CVE-2019-9497 and CVE-2019-9498)
93 - fix message reassembly issue with unexpected fragment
94 [https://w1.fi/security/2019-5/]
95 - enforce rand,mask generation rules more strictly
96 - fix a memory leak in PWE derivation
97 - disallow ECC groups with a prime under 256 bits (groups 25, 26, and
100 - added support for release number 3
101 - reject release 2 or newer association without PMF
104 * added Multi-AP protocol support
109 * added RSSI-based association rejection from OCE
112 - allow local VLAN management with remote RADIUS authentication
113 - add WPA/WPA2 passphrase/PSK -based VLAN assignment
114 * OpenSSL: allow systemwide policies to be overridden
118 * fixed FT and SA Query Action frame with AP-MLME-in-driver cases
119 * OWE: allow Diffie-Hellman Parameter element to be included with DPP
121 * RADIUS server: started to accept ERP keyName-NAI as user identity
125 2018-12-02 - v2.7
128 [http://w1.fi/security/2017-1/] (CVE-2017-13082)
132 * added support for DPP (Wi-Fi Device Provisioning Protocol)
134 - added local generation of PMK-R0/PMK-R1 for FT-PSK
136 - replaced inter-AP protocol with a cleaner design that is more
140 - added support for wildcard R0KH/R1KH
141 - replaced r0_key_lifetime (minutes) parameter with
143 - fixed wpa_psk_file use for FT-PSK
144 - fixed FT-SAE PMKID matching
145 - added expiration to PMK-R0 and PMK-R1 cache
146 - added IEEE VLAN support (including tagged VLANs)
147 - added support for SHA384 based AKM
149 - fixed some PMKSA caching cases with SAE
150 - added support for configuring SAE password separately of the
152 - added option to require MFP for SAE associations
154 - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection
159 - added support for Password Identifier
163 * added option to configure EAPOL-Key retry limits
166 * fixed nl80211 AP mode configuration regression with Linux 4.15 and
172 - added support for setting Venue URL ANQP-element (venue_url)
173 - added support for advertising Hotspot 2.0 operator icons
174 - added support for Roaming Consortium Selection element
175 - added support for Terms and Conditions
176 - added support for OSEN connection in a shared RSN BSS
177 * added support for using OpenSSL 1.1.1
178 * added EAP-pwd server support for salted passwords
180 2016-10-02 - v2.6
181 * fixed EAP-pwd last fragment validation
182 [http://w1.fi/security/2015-7/] (CVE-2015-5314)
184 [http://w1.fi/security/2016-1/] (CVE-2016-4476)
186 * added support for configuring new ANQP-elements with
188 * fixed Suite B 192-bit AKM to use proper PMK length
191 frame sending for not-associated STAs if max_num_sta limit has been
193 * added option (-S as command line argument) to request all interfaces
196 to allow -1 to be used to disable RTS/fragmentation
197 * EAP-pwd: added support for Brainpool Elliptic Curves
198 (with OpenSSL 1.0.2 and newer)
200 * fixed FTIE generation for 4-way handshake after FT protocol run
203 - support SHA384 and SHA512 hashes
204 - support TLS v1.2 signature algorithm with SHA384 and SHA512
205 - support PKCS #5 v2.0 PBES2
206 - support PKCS #5 with PKCS #12 style key decryption
207 - minimal support for PKCS #12
208 - support OCSP stapling (including ocsp_multi)
209 * added support for OpenSSL 1.1 API changes
210 - drop support for OpenSSL 0.9.8
211 - drop support for OpenSSL 1.0.0
212 * EAP-PEAP: support fast-connect crypto binding
214 - fix Called-Station-Id to not escape SSID
215 - add Event-Timestamp to all Accounting-Request packets
216 - add Acct-Session-Id to Accounting-On/Off
217 - add Acct-Multi-Session-Id ton Access-Request packets
218 - add Service-Type (= Frames)
219 - allow server to provide PSK instead of passphrase for WPA-PSK
221 - update full message for interim accounting updates
222 - add Acct-Delay-Time into Accounting messages
223 - add require_message_authenticator configuration option to require
224 CoA/Disconnect-Request packets to be authenticated
225 * started to postpone WNM-Notification frame sending by 100 ms so that
227 received after the 4-way handshake
229 * extended VLAN support (per-STA vif, etc.)
232 - added support for full station state operations
233 - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use
241 - use Address 3 = wildcard BSSID in GAS response if a query from an
243 - fix TX status processing for Address 3 = wildcard BSSID
244 - add gas_address3 configuration parameter to control Address 3
246 * added command line parameter -i to override interface parameter in
253 2015-09-27 - v2.5
255 [http://w1.fi/security/2015-2/] (CVE-2015-4141)
257 [http://w1.fi/security/2015-3/] (CVE-2015-4142)
258 * fixed EAP-pwd server missing payload length validation
259 [http://w1.fi/security/2015-4/]
260 (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145)
262 [http://w1.fi/security/2015-5/]
264 - fixed vendor command handling to check OUI properly
265 * fixed hlr_auc_gw build with OpenSSL
268 * added support for hashed password (NtHash) in EAP-pwd server
270 * added EAP-EKE server support for deriving Session-Id
271 * set Acct-Session-Id to a random value to make it more likely to be
273 * added more 2.4 GHz channels for 20/40 MHz HT co-ex scan
278 * added support for CCMP-256 and GCMP-256 as group ciphers with FT
283 * fixed key derivation for Suite B 192-bit AKM (this breaks
289 2015-03-15 - v2.4
290 * allow OpenSSL cipher configuration to be set for internal EAP server
294 * fixed Accounting-Request to not include duplicated Acct-Session-Id
295 * add support for Acct-Multi-Session-Id in RADIUS Accounting messages
299 * add INTERFACE-ENABLED and INTERFACE-DISABLED ctrl_iface events
303 * add support for Suite B (128-bit and 192-bit level) key management and
306 * extend EAPOL-Key msg 1/4 retry workaround for changing SNonce
308 Request frames and BSS-TM-RESP event to indicate response to such
310 * add support for EAP Re-Authentication Protocol (ERP)
311 * fixed AP IE in EAPOL-Key 3/4 when both WPA and FT was enabled
313 * set stdout to be line-buffered
315 (VHT-MCS 8 and 9) on 2.4 GHz band
317 - extend Disconnect-Request processing to allow matching of multiple
319 - support Acct-Multi-Session-Id as an identifier
320 - allow PMKSA cache entry to be removed without association
333 2014-10-09 - v2.3
335 * fixed DFS and channel switch operation for multi-BSS cases
342 (Mobility-Domain-Id, WLAN-HESSID, WLAN-Pairwise-Cipher,
343 WLAN-Group-Cipher, WLAN-AKM-Suite, WLAN-Group-Mgmt-Pairwise-Cipher)
346 * fixed PMKSA cache timeout from Session-Timeout for WPA/WPA2 cases
350 (CVE-2014-3686)
352 2014-06-04 - v2.2
353 * fixed SAE confirm-before-commit validation to avoid a potential
357 - Operating Mode Notification
358 - Power Constraint element (local_pwr_constraint)
359 - Spectrum management capability (spectrum_mgmt_required=1)
360 - fix VHT80 segment picking in ACS
361 - fix vht_capab 'Maximum A-MPDU Length Exponent' handling
362 - fix VHT20
363 * fixed HT40 co-ex scan for some pri/sec channel switches
364 * extended HT40 co-ex support to allow dynamic channel width changes
366 * fixed HT40 co-ex support to check for overlapping 20 MHz BSS
367 * fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding;
368 this fixes password with include UTF-8 characters that use
369 three-byte encoding EAP methods that use NtPasswordHash
371 any AAA server certificate with id-kp-clientAuth even if
372 id-kp-serverAuth EKU was included
376 * enforce full EAP authentication after RADIUS Disconnect-Request by
378 * added support for NAS-IP-Address, NAS-identifier, and NAS-IPv6-Address
379 in RADIUS Disconnect-Request
381 entry with "-"
383 - support Hotspot 2.0 Release 2
393 - do not use Interworking filtering rules on Probe Request if
396 - AP interface teardown optimization
397 - support vendor specific driver command
402 - add SHA256-based cipher suites
403 - add DHE-RSA cipher suites
404 - fix X.509 validation of PKCS#1 signature to check for extra data
406 - add minimal RADIUS accounting server support (hostapd-as-server);
408 - allow authentication log to be written into SQLite database
409 - added option for TLS protocol testing of an EAP peer by simulating
411 - MAC ACL support for testing purposes
412 * fixed PTK derivation for CCMP-256 and GCMP-256
413 * extended WPS per-station PSK to support ER case
415 (group_mgmt_cipher=AES-128-CMAC (default), BIP-GMAC-128, BIP-GMAC-256,
416 BIP-CMAC-256)
419 * added support for postponing FT response in case PMK-R1 needs to be
422 ht_capab=[40-INTOLERANT]
425 * EAP-pwd fixes
426 - fix possible segmentation fault on EAP method deinit if an invalid
429 - there was a potential ctash due to freed memory being accessed
430 - failover to a backup server mechanism did not work properly
435 * fixed off-by-one bounds checking in printf_encode()
436 - this could result in deinial of service in some EAP server cases
439 2014-02-04 - v2.1
441 stronger password-based authentication with WPA2-Personal
443 - VHT configuration for nl80211
444 - support split wiphy dump
445 - driver-based MAC ACL
446 - QoS Mapping configuration
448 * allow ctrl_iface group to be specified on command line (-G<group>)
455 re-selection)
456 * added EAP-EKE server
458 * added option for using per-BSS (vif) configuration files with
459 -b<phyname>:<config file name>
463 * added support for sending debug info to Linux tracing (-T on command
470 - improved protocol
471 - option to fetch and report alternative carrier records for external
475 2013-01-12 - v2.0
476 * added AP-STA-DISCONNECTED ctrl_iface event
482 use of the Secure bit in EAPOL-Key msg 3/4
484 * changed OpenSSL to read full certificate chain from server_cert file
486 - replace monitor interface with nl80211 commands
487 - additional information for driver-based AP SME
488 * EAP-pwd:
489 - fix KDF for group 21 and zero-padding
490 - added support for fragmentation
491 - increased maximum number of hunting-and-pecking iterations
498 * added support for getting per-device PSK from RADIUS Tunnel-Password
501 * added a workaround for 4-way handshake to update SNonce even after
502 having sent EAPOL-Key 3/4 to avoid issues with some supplicant
503 implementations that can change SNonce for each EAP-Key 2/4
504 * added a workaround for EAPOL-Key 4/4 using incorrect type value in
511 - GAS/ANQP advertisement of network information
512 - disable_dgaf parameter to disable downstream group-addressed
516 * EAP-SIM: fixed re-authentication not to update pseudonym
517 * EAP-SIM: use Notification round before EAP-Failure
518 * EAP-AKA: added support for AT_COUNTER_TOO_SMALL
519 * EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized
520 * EAP-AKA': fixed identity for MK derivation
521 * EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this
523 * EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id
524 * changed ANonce to be a random number instead of Counter-based
529 - a new command line parameter -u can be used to enable updating of
531 - use 5 bit IND for SQN updates
532 - SQLite database can now be used to store Milenage information
533 * EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms
535 * added support for Chargeable-User-Identity (RFC 4372)
538 Access-Request and Accounting-Request packets
541 - BSS max idle period
542 - WNM-Sleep Mode
544 - removed obsoleted WPS_OOB command (including support for deprecated
549 * changed VENDOR-TEST EAP method to use proper private enterprise number
554 * added support for 256-bit AES with internal TLS implementation
556 * fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length
558 terminate before this fix [CVE-2012-4445]
565 * added Acct-Session-Id attribute into Access-Request messages
566 * fixed EAPOL frame transmission to non-QoS STAs with nl80211
570 2012-05-10 - v1.0
584 isolation can be used to prevent low-level bridging of frames
591 * Add support for writing debug log to a file using "-f" option. Also
592 add relog CLI command to re-open the log file.
598 - Add wds_bridge command for specifying bridge for WDS STA
600 - Add relog command for reopening log file.
601 - Send AP-STA-DISCONNECTED event when an AP disconnects a station
603 - Add wps_config ctrl_interface command for configuring AP. This
607 - Many WPS/WPS ER commands - see WPS/WPS ER sections for details.
608 - Add command get version, that returns hostapd version string.
619 - Send AP Settings as a wrapped Credential attribute to ctrl_iface
620 in WPS-NEW-AP-SETTINGS.
621 - Dispatch more WPS events through hostapd ctrl_iface.
622 - Add mechanism for indicating non-standard WPS errors.
623 - Change concurrent radio AP to use only one WPS UPnP instance.
624 - Add wps_check_pin command for processing PIN from user input.
627 - Add hostap_cli get_config command to display current AP config.
628 - Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at
630 - Disable AP PIN after 10 consecutive failures. Slow down attacks
632 - Allow AP to start in Enrollee mode without AP PIN for probing,
634 - Add Config Error into WPS-FAIL events to provide more info
636 - When controlling multiple interfaces:
637 - apply WPS commands to all interfaces configured to use WPS
638 - apply WPS config changes to all interfaces that use WPS
639 - when an attack is detected on any interface, disable AP PIN on
642 - Show SetSelectedRegistrar events as ctrl_iface events.
643 - Add special AP Setup Locked mode to allow read only ER.
647 - Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool
649 - Add build option CONFIG_WPS_STRICT to allow disabling of WPS
651 - Add support for AuthorizedMACs attribute.
653 - Allow TDLS use or TDLS channel switching in the BSS to be
666 -ddd to enable.
669 - Add support for TLS v1.1 (RFC 4346). Enable with build parameter
671 - Add domainComponent parser for X.509 names
677 2010-04-18 - v0.7.2
680 * bsd: Cleaned up driver wrapper and added various low-level
683 * EAP-TNC: add Flags field into fragment acknowledgement (needed to
686 * cleaned up driver wrapper API for multi-BSS operations
687 * nl80211: fix multi-BSS and VLAN operations
704 2010-01-16 - v0.7.1
706 is not fully backwards compatible, so out-of-tree driver wrappers
717 * EAP-FAST server: piggyback Phase 2 start with the end of Phase 1
720 * added support for WDS (4-address frame) mode with per-station virtual
725 * fixed PKCS#12 use with OpenSSL 1.0.0
731 2009-11-21 - v0.7.0
733 configurable with a new command line options (-G<seconds>)
734 * driver_nl80211: use Linux socket filter to improve performance
739 * added support for WPS USBA out-of-band mechanism with USB Flash
743 * fixed TNC with EAP-TTLS
746 * fixed SHA-256 based key derivation function to match with the
754 * driver_nl80211: multiple updates to provide support for new Linux
756 * updated management frame protection to use IEEE Std 802.11w-2009
759 * added some IEEE 802.11n co-existence rules to disable 40 MHz channels
762 * added support for NFC out-of-band mechanism with WPS
765 2009-01-06 - v0.6.7
766 * added support for Wi-Fi Protected Setup (WPS)
774 wps_pbc are used to configure WPS negotiation; see README-WPS for
781 * added support for EAP-AKA' (draft-arkko-eap-aka-kdf)
783 * changed EAP-GPSK to use the IANA assigned EAP method type 51
787 2008-11-23 - v0.6.6
791 * updated OpenSSL code for EAP-FAST to use an updated version of the
793 OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is
801 * fixed EAP-TLS message processing for the last TLS message if it is
806 2008-11-01 - v0.6.5
807 * added support for SHA-256 as X.509 certificate digest when using the
809 * fixed EAP-FAST PAC-Opaque padding (0.6.4 broke this for some peer
812 by EAP-FAST server)
814 (accept_mac_file) as an alternative for RADIUS server-based
819 * added support for using SHA256-based stronger key derivation for WPA2
821 * added new "driver wrapper" for RADIUS-only configuration
825 * changed EAP-FAST configuration to use separate fields for A-ID and
826 A-ID-Info (eap_fast_a_id_info) to allow A-ID to be set to a fixed
827 16-octet len binary value for better interoperability with some peer
829 * driver_nl80211: Updated to match the current Linux mac80211 AP mode
830 configuration (wireless-testing.git and Linux kernel releases
833 2008-08-10 - v0.6.4
834 * added peer identity into EAP-FAST PAC-Opaque and skip Phase 2
836 * added support for EAP Sequences in EAP-FAST Phase 2
837 * added support for EAP-TNC (Trusted Network Connect)
838 (this version implements the EAP-TNC method and EAP-TTLS/EAP-FAST
839 changes needed to run two methods in sequence (IF-T) and the IF-IMV
840 and IF-TNCCS interfaces from TNCS)
842 * added fragmentation support for EAP-TNC
843 * added support for fragmenting EAP-TTLS/PEAP/FAST Phase 2 (tunneled)
847 2008-02-22 - v0.6.3
851 * copy optional Proxy-State attributes into RADIUS response when acting
856 * fixed EAP-SIM/AKA realm processing to allow decorated usernames to
858 * added a workaround for EAP-SIM/AKA peers that include incorrect null
860 * fixed EAP-SIM/AKA protected result indication to include AT_COUNTER
863 * fixed EAP-SIM Start response processing for fast reauthentication
865 * added support for pending EAP processing in EAP-{PEAP,TTLS,FAST}
866 phase 2 to allow EAP-SIM and EAP-AKA to be used as the Phase 2 method
868 2008-01-01 - v0.6.2
869 * fixed EAP-SIM and EAP-AKA message parser to validate attribute
875 * added support for protecting EAP-AKA/Identity messages with
878 EAP-SIM and EAP-AKA (eap_sim_aka_result_ind=1)
879 * added support for configuring EAP-TTLS phase 2 non-EAP methods in
882 enabled with new method names TTLS-PAP, TTLS-CHAP, TTLS-MSCHAP,
883 TTLS-MSCHAPV2
886 -d (or -dd) command line arguments
887 * added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt);
890 2007-11-24 - v0.6.1
896 * added support for EAP-FAST server method to the integrated EAP
898 * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
899 draft (draft-ietf-emu-eap-gpsk-07.txt)
908 2007-05-28 - v0.6.0
910 * updated EAP-SAKE to RFC 4763 and the IANA-allocated EAP type 48
911 * updated EAP-PSK to use the IANA-allocated EAP type 47
912 * fixed EAP-PSK bit ordering of the Flags field
913 * fixed configuration reloading (SIGHUP) to re-initialize WPA PSKs
915 * fixed EAP-TTLS AVP parser processing for too short AVP lengths
917 * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
918 draft (draft-ietf-emu-eap-gpsk-04.txt)
923 if a better quality triplets are needed, GSM-Milenage should be used
925 * fixed EAP-MSCHAPv2 server to use a space between S and M parameters
927 * added support for sending EAP-AKA Notifications in error cases
934 2006-11-24 - v0.5.6
939 pre-authentication
940 * added support for dynamic VLAN configuration (i.e., selecting VLAN-ID
941 for each STA based on RADIUS Access-Accept attributes); this requires
948 * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
949 draft (draft-ietf-emu-eap-gpsk-01.txt)
954 * hlr_auc_gw: added support for GSM-Milenage (for EAP-SIM)
955 * hlr_auc_gw: added support for reading per-IMSI Milenage keys and
958 EAP-SIM/EAP-AKA
962 2006-08-27 - v0.5.5
966 * fixed hostapd to add PMKID KDE into 4-Way Handshake Message 1 when
968 * added -P<pid file> argument for hostapd to write the current process
972 2006-06-20 - v0.5.4
976 * added support for EAP Generalized Pre-Shared Key (EAP-GPSK,
977 draft-clancy-emu-eap-shared-secret-00.txt)
978 * fixed a segmentation fault when RSN pre-authentication was completed
981 2006-04-27 - v0.5.3
989 * added support for EAP-SAKE (no EAP method number allocated yet, so
990 this is using the same experimental type 255 as EAP-PSK)
991 * fixed EAP-MSCHAPv2 message length validation
993 2006-03-19 - v0.5.2
996 vsyslog on some CPU -- C library combinations
997 * moved HLR/AuC gateway implementation for EAP-SIM/AKA into an external
1004 hardcoded AKA authentication data); this can be used to test EAP-SIM
1005 and EAP-AKA
1007 to make it possible to test EAP-AKA with real USIM cards (this is
1011 madwifi-ng svn r1453 and newer; this fixes RSN that was apparently
1019 2006-01-29 - v0.5.1
1025 2005-12-18 - v0.5.0 (beginning of 0.5.x development releases)
1033 * improved EAP-SIM database interface to allow external request to GSM
1035 * added support for using EAP-SIM pseudonyms and fast re-authentication
1036 * added support for EAP-AKA in the integrated EAP authenticator
1038 user database to allow EAP-SIM/AKA selection without extra roundtrip
1039 for EAP-Nak negotiation
1042 authentication (hash:<16-octet hex value>); added nt_password_hash
1045 2005-11-20 - v0.4.7 (beginning of 0.4.x stable releases)
1054 * driver_madwifi: added support for madwifi-ng
1056 2005-10-27 - v0.4.6
1058 User-Name attribute from Access-Accept message, if that is included,
1059 for the RADIUS accounting messages (e.g., for EAP-PEAP/TTLS to get
1067 condition in which EAPOL-Start message could trigger hostapd to send
1068 two EAP-Response/Identity frames to the authentication server
1070 2005-09-25 - v0.4.5
1073 * added experimental support for EAP-PSK
1074 * added support for WE-19 (hostap, madwifi)
1076 2005-08-21 - v0.4.4
1080 2005-06-26 - v0.4.3
1081 * fixed PMKSA caching to copy User-Name and Class attributes so that
1084 4-Way Handshake if WPA-PSK is used
1088 2005-06-12 - v0.4.2
1089 * EAP-PAX is now registered as EAP type 46
1090 * fixed EAP-PAX MAC calculation
1091 * fixed EAP-PAX CK and ICK key derivation
1098 2005-05-22 - v0.4.1
1108 * fixed RADIUS Class attribute processing to only use Access-Accept
1113 using integrated EAP authenticator for EAP-TLS; new hostapd.conf
1116 2005-04-25 - v0.4.0 (beginning of 0.4.x development releases)
1118 EAP-Request/Identity message (ASCII-0 (nul) in eap_message)
1119 (e.g., to implement draft-adrange-eap-network-discovery-07.txt)
1120 * fixed a bug which caused some RSN pre-authentication cases to use
1134 * added experimental support for EAP-PAX
1138 2005-02-12 - v0.3.7 (beginning of 0.3.x stable releases)
1140 2005-01-23 - v0.3.5
1143 * fixed PEAPv1 to use tunneled EAP-Success/Failure instead of EAP-TLV
1161 2005-01-09 - v0.3.4
1163 authentication (EAP-PEAP, EAP-TTLS)
1164 * fixed EAPOL-Start processing to trigger WPA reauthentication
1167 2005-01-02 - v0.3.3
1168 * added support for EAP-PEAP in the integrated EAP authenticator
1169 * added support for EAP-GTC in the integrated EAP authenticator
1172 for EAP-TLS and EAP-PEAP
1173 * added support for EAP-TTLS in the integrated EAP authenticator
1174 * added support for EAP-SIM in the integrated EAP authenticator
1181 2004-12-19 - v0.3.2
1185 * added support for EAP-MSCHAPv2 in the integrated EAP authenticator
1187 2004-12-12 - v0.3.1
1188 * added support for integrated EAP-TLS authentication (new hostapd.conf
1195 2004-12-05 - v0.3.0 (beginning of 0.3.x development releases)
1196 * added support for Acct-{Input,Output}-Gigawords
1197 * added support for Event-Timestamp (in RADIUS Accounting-Requests)
1200 * made EAP re-authentication period configurable (eap_reauth_period)
1204 IEEE 802.11i pre-authentication
1205 * added support for multiple WPA pre-shared keys (e.g., one for each
1219 * fixed an alignment issue that could cause SHA-1 to fail on some
1220 platforms (e.g., Intel ixp425 with a compiler that does not 32-bit
1228 * finished update from IEEE 802.1X-2001 to IEEE 802.1X-REV (now d11)
1232 (instead of broadcast) for IAPP ADD-notify (moved from draft 3 to
1233 IEEE 802.11F-2003)
1238 * dual-licensed hostapd (GPLv2 and BSD licenses)
1246 external RADIUS authentication server; currently, only EAP-MD5 is
1257 2004-07-17 - v0.2.4 (beginning of 0.2.x stable releases)
1258 * fixed some accounting cases where Accounting-Start was sent when
1261 2004-06-20 - v0.2.3
1262 * modified RADIUS client to re-connect the socket in case of certain
1270 2004-05-31 - v0.2.2
1272 * fixed group rekeying to send zero TSC in EAPOL-Key messages to fix
1276 * send canned EAP failure if RADIUS server sends Access-Reject without
1278 * fixed mixed WPA-PSK and WPA-EAP mode to work with WPA-PSK (i.e., do
1279 not start EAPOL state machines if the STA selected to use WPA-PSK)
1281 2004-05-06 - v0.2.1
1283 - based on IEEE 802.11i/D10.0 but modified to interoperate with WPA
1285 - supports WPA-only, RSN-only, and mixed WPA/RSN mode
1286 - both WPA-PSK and WPA-RADIUS/EAP are supported
1287 - PMKSA caching and pre-authentication
1288 - new hostapd.conf variables: wpa, wpa_psk, wpa_passphrase,
1294 2004-02-15 - v0.2.0
1295 * added support for Acct-Interim-Interval:
1296 - draft-ietf-radius-acct-interim-01.txt
1297 - use Acct-Interim-Interval attribute from Access-Accept if local
1299 - allow different update intervals for each STA
1302 * reset sta->timeout_next after successful association to make sure
1304 STA immediately (e.g., if STA deauthenticates and re-associates
1307 add an optional RADIUS Attribute, NAS-Identifier, into authentication
1309 * added support for Accounting-On and Accounting-Off messages
1310 * fixed accounting session handling to send Accounting-Start only once
1311 per session and not to send Accounting-Stop if the session was not
1313 * fixed Accounting-Stop statistics in cases where the message was