435 lines
19 KiB
Plaintext
435 lines
19 KiB
Plaintext
-------------------------------------------------------------------
|
|
Mon Nov 6 16:29:14 CET 2006 - jg@suse.de
|
|
|
|
- set IW_ENCODE_TEMP flag (needed to use dynamic WEP with airo
|
|
driver, bug 185528)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 6 11:52:37 CEST 2006 - jg@suse.de
|
|
|
|
- update to 0.4.9:
|
|
* fixed EAPOL re-authentication for sessions that used PMKSA
|
|
caching
|
|
* reject WPA/WPA2 message 3/4 if it does not include any valid
|
|
WPA/RSN IE
|
|
* driver_wext: added support for WE-21 change to SSID configuration
|
|
* driver_wext: fixed privacy configuration for static WEP keys mode
|
|
[Bug 140]
|
|
* driver_wext: added fallback to use SIOCSIWENCODE for setting
|
|
auth_alg if the driver does not support SIOCSIWAUTH
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 24 19:08:20 CET 2006 - jg@suse.de
|
|
|
|
- fixed static WEP key usage (bug 144268)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 16 10:04:31 CET 2006 - jg@suse.de
|
|
|
|
- update to 0.4.8 (bug 151151)
|
|
* added support for EAP-FAST key derivation using other ciphers than
|
|
RC4-128-SHA for authentication and AES128-SHA for provisioning
|
|
* fixed EAP-SIM and EAP-AKA pseudonym and fast re-authentication to
|
|
decrypt AT_ENCR_DATA attributes correctly
|
|
* added support for configuring CA certificate as DER file and as a
|
|
configuration blob
|
|
* fixed private key configuration as configuration blob and added
|
|
support for using PKCS#12 as a blob
|
|
* added support for loading trusted CA certificates from Windows
|
|
certificate store: ca_cert="cert_store://<name>", where <name> is
|
|
likely CA (Intermediate CA certificates) or ROOT (root certificates)
|
|
* fixed TLS library deinitialization after RSN pre-authentication not
|
|
to disable TLS library for normal authentication
|
|
* fixed PMKSA cache processing not to trigger deauthentication if the
|
|
current PMKSA cache entry is replaced with a valid new entry
|
|
* fixed PC/SC initialization for ap_scan != 1 modes (this fixes
|
|
EAP-SIM and EAP-AKA with real SIM/USIM card when using ap_scan=0 or
|
|
ap_scan=2)
|
|
* do not try to use USIM APDUs when initializing PC/SC for SIM card
|
|
access for a network that has not enabled EAP-AKA
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Feb 5 18:34:21 CET 2006 - ro@suse.de
|
|
|
|
- removed km_wlan from BuildRequires
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 25 21:42:51 CET 2006 - mls@suse.de
|
|
|
|
- converted neededforbuild to BuildRequires
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 17 19:32:07 CET 2006 - rml@suse.de
|
|
|
|
- Add patch (from upstream) fixing bad drivers that NULL out
|
|
the SSID and send the wrong length.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 10 12:27:27 CET 2006 - jg@suse.de
|
|
|
|
- added AP scan mode selection via control interface (patch
|
|
from rml@novell.com)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 21 12:41:52 CET 2005 - jg@suse.de
|
|
|
|
- update to 0.4.7, changes (shortened):
|
|
* l2_packet_pcap: fixed wired IEEE 802.1X authentication with
|
|
libpcap and WinPcap to receive frames sent to PAE group address
|
|
* disable EAP state machine when IEEE 802.1X authentication is
|
|
not used in order to get rid of bogus "EAP failed" messages
|
|
* fixed OpenSSL error reporting to go through all pending errors
|
|
to avoid confusing reports of old errors being reported at
|
|
later point during handshake
|
|
* fixed configuration file updating to not write empty variables
|
|
(e.g., proto or key_mgmt) that the file parser would not accept
|
|
* fixed ADD_NETWORK ctrl_iface command to use the same default
|
|
values for variables as empty network definitions read from
|
|
config file would get
|
|
* fixed EAP state machine to not discard EAP-Failure messages in
|
|
many cases (e.g., during TLS handshake)
|
|
* fixed a infinite loop in private key reading if the configured
|
|
file cannot be parsed successfully
|
|
* driver_madwifi: added support for madwifi-ng
|
|
* wpa_gui: do not display password/PSK field contents
|
|
* wpa_gui: added CA certificate configuration
|
|
* use longer timeout for IEEE 802.11 association to avoid problems
|
|
with drivers that may take more than five second to associate
|
|
- dropped obsolete madwifi patch
|
|
- dropped obsolete copy of wireless.h
|
|
- updated config file
|
|
- use $RPM_OPT_FLAGS and %jobs
|
|
- created subpackage wpa_supplicant-gui containing wpa_gui
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 8 15:22:13 CET 2005 - jg@suse.de
|
|
|
|
- do not build as root
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 4 18:16:50 CET 2005 - jg@suse.de
|
|
|
|
- added support for madwifi-ng
|
|
- compiling against Wireless Extensions v19
|
|
- removed obsolete config option CONFIG_XSUPPLICANT_IFACE
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 28 12:25:59 CEST 2005 - jg@suse.de
|
|
|
|
- update to 0.4.6, changes (shortened):
|
|
* allow fallback to WPA, if mixed WPA+WPA2 networks have mismatch
|
|
in RSN IE, but WPA IE would match with wpa_supplicant
|
|
configuration
|
|
* added support for named configuration blobs in order to avoid
|
|
having to use file system for external files (e.g., certificates)
|
|
* fixed RSN pre-authentication
|
|
* driver_madwifi: set IEEE80211_KEY_GROUP flag for group keys to
|
|
make sure the driver configures broadcast decryption correctly
|
|
* added ca_path (and ca_path2) configuration variables that can be
|
|
used to configure OpenSSL CA path, e.g., /etc/ssl/certs, for
|
|
using the system-wide trusted CA list
|
|
* added support for starting wpa_supplicant without a configuration
|
|
file
|
|
* added global control interface that can be optionally used for
|
|
adding and removing network interfaces dynamically
|
|
* wpa_gui:
|
|
- try to save configuration whenever something is modified
|
|
- added WEP key configuration
|
|
- added possibility to edit the current network configuration
|
|
* driver_ndis: fixed driver polling not to increase frequency on
|
|
each received EAPOL frame due to incorrectly cancelled timeout
|
|
* fixed driver_wext.c to filter wireless events based on ifindex
|
|
to avoid interfaces receiving events from other interfaces
|
|
* delay sending initial EAPOL-Start couple of seconds to speed
|
|
up authentication for the most common case of Authenticator
|
|
starting EAP authentication immediately after association
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 13 16:40:44 CEST 2005 - jg@suse.de
|
|
|
|
- update to 0.4.5, changes (shortened):
|
|
* added a workaround for clearing keys with ndiswrapper to allow
|
|
roaming from WPA enabled AP to plaintext one
|
|
* l2_packet_linux: use socket type SOCK_DGRAM instead of SOCK_RAW
|
|
for PF_PACKET in order to prepare for network devices that do
|
|
not use Ethernet headers (e.g., network stack with native IEEE
|
|
802.11 frames)
|
|
* use receipt of EAPOL-Key frame as a lower layer success indication
|
|
for EAP state machine to allow recovery from dropped EAP-Success
|
|
frame
|
|
* driver_wext: add support for WE-19
|
|
* added support for multiple configuration backends (CONFIG_BACKEND
|
|
option); currently, only 'file' is supported (i.e., the format used
|
|
in wpa_supplicant.conf)
|
|
* added support for updating configuration ('wpa_cli save_config')
|
|
* added GET_NETWORK ctrl_iface command
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 29 15:26:27 CEST 2005 - jg@suse.de
|
|
|
|
- update to 0.4.4 (bug 112977), changes (shortened):
|
|
* replaced OpenSSL patch for EAP-FAST support
|
|
(openssl-tls-extensions.patch) with a more generic and correct
|
|
patch
|
|
* allow non-WPA modes (e.g., IEEE 802.1X with dynamic WEP) to be
|
|
used with drivers that do not support WPA
|
|
* added support for enabling/disabling networks from the list of
|
|
all configured networks
|
|
* added support for adding and removing network from the current
|
|
configuration
|
|
* added support for setting network configuration parameters
|
|
through the control interface
|
|
* fixed parsing of strings that include both " and # within double
|
|
quoted area (e.g., "start"#end")
|
|
* removed interface for external EAPOL/EAP supplicant
|
|
* fixed build with CONFIG_DNET_PCAP=y on Linux
|
|
* l2_packet: moved different implementations into separate files
|
|
* added support for using ap_scan=2 mode with multiple network
|
|
blocks
|
|
* fixed a potential issue in RSN pre-authentication ending up using
|
|
freed memory if pre-authentication times out
|
|
* added support for querying private key password (EAP-TLS) through
|
|
the control interface (wpa_cli/wpa_gui) if one is not included in
|
|
the configuration file
|
|
* driver_broadcom: fixed couple of memory leaks in scan result
|
|
processing
|
|
* EAP-PAX is now registered as EAP type 46
|
|
* fixed EAP-PAX MAC calculation
|
|
* fixed EAP-PAX CK and ICK key derivation
|
|
* added support for using password with EAP-PAX
|
|
* added support for arbitrary driver interface parameters through the
|
|
configuration file with a new driver_param field
|
|
* added possibility to override l2_packet module with driver
|
|
interface API (new send_eapol handler)
|
|
* fixed ctrl_interface_group processing for the case where gid is
|
|
entered as a number, not group name
|
|
* driver_test: added support for testing hostapd with wpa_supplicant
|
|
by using test driver interface without any kernel drivers or
|
|
network cards
|
|
* added support for EAP-MSCHAPv2 password retries within the same
|
|
EAP authentication session
|
|
* added support for password changes with EAP-MSCHAPv2
|
|
* added support for reading additional certificates from PKCS#12
|
|
files and adding them to the certificate chain
|
|
* fixed association with IEEE 802.1X (no WPA) when dynamic WEP keys
|
|
were used
|
|
* display EAP Notification messages to user through control
|
|
interface with "CTRL-EVENT-EAP-NOTIFICATION" prefix
|
|
* added 'disconnect' command to control interface for setting
|
|
wpa_supplicant in state where it will not associate before
|
|
'reassociate' command has been used
|
|
* added support for getting scan results through control interface
|
|
* added support for wired authentication (IEEE 802.1X on wired
|
|
Ethernet); driver interface 'wired'
|
|
* added support for sending TLS alerts
|
|
* added support for 'any' SSID wildcard; if ssid is not configured or
|
|
is set to an empty string, any SSID will be accepted for non-WPA AP
|
|
* added support for asking PIN (for SIM) from frontends (e.g.,
|
|
wpa_cli);
|
|
* added support for using external devices (e.g., a smartcard) for
|
|
private key operations in EAP-TLS (CONFIG_SMARTCARD=y in .config);
|
|
* added experimental support for EAP-PAX
|
|
* added monitor mode for wpa_cli
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 11 15:46:53 CEST 2005 - jg@suse.de
|
|
|
|
- update to 0.3.9, changes:
|
|
* modified the EAP workaround that accepts EAP-Success with
|
|
incorrect Identifier to be even less strict about verification
|
|
in order to interoperate with some authentication servers
|
|
* fixed RSN IE in 4-Way Handshake message 2/4 for the case where
|
|
Authenticator rejects PMKSA caching attempt and the driver is
|
|
not using assoc_info events
|
|
* fixed a possible double free in EAP-TTLS fast-reauthentication
|
|
when identity or password is entered through control interface
|
|
* added -P<pid file> argument for wpa_supplicant to write the
|
|
current process id into a file
|
|
* driver_madwifi: fixed association in plaintext mode
|
|
* driver_madwifi: added preliminary support for compiling against
|
|
'BSD' branch of madwifi CVS tree
|
|
* added EAP workaround for PEAPv1 session resumption: allow outer,
|
|
i.e., not tunneled, EAP-Success to terminate session since; this
|
|
can be disabled with eap_workaround=0
|
|
* driver_ipw: updated driver structures to match with ipw2200-1.0.4
|
|
(note: ipw2100-1.1.0 is likely to require an update to work with
|
|
this)
|
|
* driver_broadcom: fixed couple of memory leaks in scan result
|
|
processing
|
|
- removed pidfile patch in favour of the new upstream
|
|
implementation
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 21 11:36:26 CET 2005 - jg@suse.de
|
|
|
|
- creating directory /var/run/wpa_supplicant when needed (bug 74023)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 14 09:58:59 CET 2005 - jg@suse.de
|
|
|
|
- update to 0.3.8, changes:
|
|
* fixed EAPOL-Key validation to drop packets with invalid Key
|
|
Data Length; such frames could have crashed wpa_supplicant due
|
|
to buffer overflow
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 7 17:00:37 CET 2005 - jg@suse.de
|
|
|
|
- update to 0.3.7-pre, changes:
|
|
* fixed WPA/RSN IE verification in message 3 of 4-Way Handshake
|
|
when using drivers that take care of AP selection (e.g., when
|
|
using ap_scan=2)
|
|
* fixed reprocessing of pending request after ctrl_iface requests
|
|
for identity/password/otp
|
|
* fixed ctrl_iface requests for identity/password/otp in Phase 2
|
|
of EAP-PEAP and EAP-TTLS
|
|
* all drivers using driver_wext: set interface up and select
|
|
Managed mode when starting wpa_supplicant; set interface down
|
|
when exiting
|
|
* renamed driver_ipw2100.c to driver_ipw.c since it now supports
|
|
both ipw2100 and ipw2200
|
|
* fixed a busy loop introduced in v0.3.5 for scan result
|
|
processing when no matching AP is found
|
|
* added a workaround for an interoperability issue with a Cisco AP
|
|
when using WPA2-PSK
|
|
* fixed non-WPA IEEE 802.1X to use the same authentication timeout
|
|
as WPA with IEEE 802.1X
|
|
* fixed issues with 64-bit CPUs and SHA1 cleanup in previous
|
|
version (e.g., segfault when processing EAPOL-Key frames)
|
|
* fixed EAP workaround and fast reauthentication configuration for
|
|
RSN pre-authentication
|
|
* added support for blacklisting APs that fail or timeout
|
|
authentication in ap_scan=1 mode so that all APs are tried in
|
|
cases where the ones with strongest signal level are failing
|
|
authentication
|
|
* fixed CA certificate loading after a failed EAP-TLS/PEAP/TTLS
|
|
authentication attempt
|
|
* added preliminary support for IBSS (ad-hoc) mode configuration
|
|
* added optional support for GNU Readline and History Libraries
|
|
for wpa_cli (CONFIG_READLINE)
|
|
* added couple of workarounds for interoperability issues with a
|
|
Cisco AP when using WPA2
|
|
* fixed private key loading for cases where passphrase is not set
|
|
* improved recovery from PMKID mismatches by requesting full EAP
|
|
authentication in case of failed PMKSA caching attempt
|
|
* driver_ndis: added support for NDIS NdisMIncidateStatus() events
|
|
* driver_ndis: use ADD_WEP/REMOVE_WEP when configuring WEP keys
|
|
* added support for driver interfaces to replace the interface
|
|
name based on driver/OS specific mapping, e.g., in case of
|
|
driver_ndis, this allows the beginning of the adapter
|
|
description to be used as the interface name
|
|
* driver_ndis: enable radio before starting scanning, disable
|
|
radio when exiting
|
|
* added KEY_MGMT_802_1X_NO_WPA as a new key_mgmt type so that
|
|
driver interface can distinguish plaintext and IEEE 802.1X
|
|
(no WPA) authentication
|
|
* fixed static WEP key configuration to use broadcast/default type
|
|
for all keys
|
|
* driver_ndis: added legacy WPA capability detection for non-WPA2
|
|
drivers
|
|
* added support for setting static WEP keys for IEEE 802.1X
|
|
without dynamic WEP keying (eapol_flags=0)
|
|
* added support for reading PKCS#12 (PFX) files (as a replacement
|
|
for PEM/DER) to get certificate and private key (CONFIG_PKCS12)
|
|
* added new ap_scan mode, ap_scan=2, for drivers that take care of
|
|
association, but need to be configured with security policy and
|
|
SSID, e.g., ndiswrapper and NDIS driver
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 13 12:32:51 CET 2005 - jg@suse.de
|
|
|
|
- update to 0.2.6, changes:
|
|
* added driver interface for Intel ipw2100 driver
|
|
* fixed a bug in PMKSA cache processing: skip sending of
|
|
EAPOL-Start only if there is a PMKSA cache entry for the
|
|
current AP
|
|
* fixed error handling for case where reading of scan results
|
|
fails: must schedule a new scan or wpa_supplicant will remain
|
|
waiting forever
|
|
* set pairwise/group cipher suite for non-WPA IEEE 802.1X to
|
|
WEP-104 if keys are not configured to be used; this fixes
|
|
IEEE 802.1X mode with drivers that use this information to
|
|
configure whether Privacy bit can be in Beacon frames
|
|
(e.g., ndiswrapper)
|
|
* improved downgrade attack detection in IE verification of
|
|
msg 3/4: verify both WPA and RSN IEs, if present, not only the
|
|
selected one; reject the AP if an RSN IE is found in msg 3/4,
|
|
but not in Beacon or Probe Response frame, and RSN is enabled in
|
|
wpa_supplicant configuration
|
|
* fixed WPA msg 3/4 processing to allow Key Data field contain
|
|
other IEs than just one WPA IE
|
|
* modified association event handler to set portEnabled = FALSE
|
|
before clearing port Valid in order to reset EAP state machine
|
|
and avoid problems with new authentication getting ignored because
|
|
of state machines ending up in AUTHENTICATED/SUCCESS state based
|
|
on old information
|
|
- removed obsolete ipw2100 patch
|
|
- added wpa_supplicant.fig to filelist
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 22 12:47:44 CEST 2004 - jg@suse.de
|
|
|
|
- update to 0.2.5, changes:
|
|
* wpa_cli: fixed parsing of -p <path> command line argument
|
|
* fixed parsing of wep_tx_keyidx
|
|
* fixed couple of errors in PCSC handling that could have caused
|
|
random-looking errors for EAP-SIM
|
|
* PEAPv1: fixed tunneled EAP-Success reply handling to reply with
|
|
TLS ACK, not tunneled EAP-Success
|
|
* PEAPv1: added support for terminating PEAP authentication on
|
|
tunneled EAP-Success message
|
|
* PEAPv1: changed phase1 option peaplabel to use default to 0, i.e.,
|
|
to the old label for key derivation; previously, the default was 1,
|
|
but it looks like most existing PEAPv1 implementations use the old
|
|
label which is thus more suitable default option
|
|
* changed SSID configuration in driver_wext.c (used by many driver
|
|
interfaces) to use ssid_len+1 as the length for SSID since some
|
|
Linux drivers expect this
|
|
* fixed couple of unaligned reads in scan result parsing to fix WPA
|
|
connection on some platforms (e.g., ARM)
|
|
- disabled madwifi support on ppc
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 29 00:36:22 CEST 2004 - jg@suse.de
|
|
|
|
- added support for ipw2100 driver
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 31 16:57:27 CEST 2004 - jg@suse.de
|
|
|
|
- added support for writing pid-file
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 2 18:52:39 CEST 2004 - jg@suse.de
|
|
|
|
- fixed build on non-x86 platforms
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 2 17:35:57 CEST 2004 - jg@suse.de
|
|
|
|
- update to version 0.2.4, important changes:
|
|
- support for new EAP authentication methods:
|
|
EAP-TTLS/EAP-MD5-Challenge
|
|
EAP-TTLS/EAP-GTC
|
|
EAP-TTLS/EAP-MSCHAPv2
|
|
EAP-TTLS/EAP-TLS
|
|
EAP-TTLS/MSCHAPv2
|
|
EAP-TTLS/MSCHAP
|
|
EAP-TTLS/PAP
|
|
EAP-TTLS/CHAP
|
|
EAP-PEAP/TLS
|
|
EAP-PEAP/GTC
|
|
EAP-PEAP/MD5-Challenge
|
|
EAP-GTC
|
|
EAP-TTLS/EAP-OTP, EAP-PEAPv0/OTP, EAP-PEAPv1/OTP, EAP-OTP
|
|
- support for ATMEL AT76C5XXX driver
|
|
- support for madwifi driver
|
|
- lots of minor changes, see ChangeLog
|
|
- added km_wlan to needforbuild (driver source of madwifi is
|
|
needed)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 17 14:40:13 CEST 2004 - jg@suse.de
|
|
|
|
- Initial package
|