Cumulative patch from commit f10ff62e4eda7917a8e28fe492fd98723a5e97c4
f10ff62 Describe preferred mechanism for submitting contributions
fcdb359 Use "STATUS-NO_EVENTS" instead of "STATUS" in get_wpa_status function
73ed03f wpa_supplicant: Add GTK RSC relaxation workaround
ea6030c Restore previous wpa_state in scan-only result handler
1e74ae4 WNM: Clear BSS TM data if already associated with preferred candidate
d129b02 EAP-pwd: Add support for Brainpool Elliptic Curves
a34eace dbus: Remove unused dict helper functions
cdcb2d0 wpa_cli: Add support for vendor_elem_* commands
17b7032 EAP peer: Clear ignore flag in INITIALIZE state
1f1e619 Add test programs for checking libwpa_client linking
736b7cb wpa_supplicant/Makefile: Fix libwpa_client build
2e38079 TLS: Fix memory leak with multiple TLS server instances
7b0f550 eap_sim_db: Implement eap_sim_db_expire_pending()
45c3e72 Add frequency to operating class determination for 5 GHz 100..140
e50c50d dbus: Expose interface globals via D-Bus properties
1aa0fb7 dbus: Pass property description to getters/setters
c93b7e1 RSN: Check result of EAPOL-Key frame send request
95be79f Allow -1 as value to disable frag_threshold
bc50bb0 Extend the range of values for the RTS threshold
053693d hostapd: Add feature to start all interfaces at the same time in sync
9578413 Reserve QCA vendor specific nl80211 commands 110..114
5d4c508 Assign QCA commands and attributes for Tx power scaling and OTA testing
5d1d69a P2P: Filter control chars in group client device name similarly to peer
f67d1a0 TDLS: Do not send error case of TPK M3 if TX fails
1248e58 wpa_supplicant: Reopen debug log file upon receipt of SIGHUP signal
d8fd633 Do not write ERROR level log entries if debug file is not used
67deaa5 l2_packet: Add build option to disable Linux packet socket workaround
fa46426 RSN: Do not try to connect if PMF disabled and AP requires it
8acbe7f WNM: Verify WNM Sleep Mode element length
dacd789 WNM: Mark set TFS buffer const
...
f24b979 OpenSSL: Merge error returns
84d6a17 TLS: Remove unused tls_capabilities()
7867227 ms_funcs: Merge similar return cases
3596361 hw_features: Merge similar return case in check_40mhz_2g4()
aac1efe Reject the initial 4-way handshake if initial GTK setup fails
2da5256 Add backtrace-based error path testing mechanism
55413ce P2P: Do not allow 40 MHz co-ex PRI/SEC switch to force MCC
Next patches were skipped due to explicit cherry-pick:
bddc51e RSN: Stop connection attempt on apparent PMK mismatch
3fdaaa8 Throttle control interface event message bursts
a530fe7 Add wpa_supplicant EVENT_TEST control interface command
ee1e3f5 hostapd: Global control interface notifications
2e95cfc Add debug prints for wpa_supplicant ctrl_iface socket send operations
ce7d0eb Update AP WPA/RSN IE on all associations if driver can select BSS
844dfeb QCA vendor command support to set band to driver
Change-Id: I909996c5afcd3b5d123ea1e23c0e1212021f7625
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog
index 1ac79b4..facd90e 100644
--- a/wpa_supplicant/ChangeLog
+++ b/wpa_supplicant/ChangeLog
@@ -1,5 +1,68 @@
ChangeLog for wpa_supplicant
+2015-09-27 - v2.5
+ * fixed P2P validation of SSID element length before copying it
+ [http://w1.fi/security/2015-1/] (CVE-2015-1863)
+ * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
+ [http://w1.fi/security/2015-2/] (CVE-2015-4141)
+ * fixed WMM Action frame parser (AP mode)
+ [http://w1.fi/security/2015-3/] (CVE-2015-4142)
+ * fixed EAP-pwd peer missing payload length validation
+ [http://w1.fi/security/2015-4/]
+ (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
+ * fixed validation of WPS and P2P NFC NDEF record payload length
+ [http://w1.fi/security/2015-5/]
+ * nl80211:
+ - added VHT configuration for IBSS
+ - fixed vendor command handling to check OUI properly
+ - allow driver-based roaming to change ESS
+ * added AVG_BEACON_RSSI to SIGNAL_POLL output
+ * wpa_cli: added tab completion for number of commands
+ * removed unmaintained and not yet completed SChannel/CryptoAPI support
+ * modified Extended Capabilities element use in Probe Request frames to
+ include all cases if any of the values are non-zero
+ * added support for dynamically creating/removing a virtual interface
+ with interface_add/interface_remove
+ * added support for hashed password (NtHash) in EAP-pwd peer
+ * added support for memory-only PSK/passphrase (mem_only_psk=1 and
+ CTRL-REQ/RSP-PSK_PASSPHRASE)
+ * P2P
+ - optimize scan frequencies list when re-joining a persistent group
+ - fixed number of sequences with nl80211 P2P Device interface
+ - added operating class 125 for P2P use cases (this allows 5 GHz
+ channels 161 and 169 to be used if they are enabled in the current
+ regulatory domain)
+ - number of fixes to P2PS functionality
+ - do not allow 40 MHz co-ex PRI/SEC switch to force MCC
+ - extended support for preferred channel listing
+ * D-Bus:
+ - fixed WPS property of fi.w1.wpa_supplicant1.BSS interface
+ - fixed PresenceRequest to use group interface
+ - added new signals: FindStopped, WPS pbc-overlap,
+ GroupFormationFailure, WPS timeout, InvitationReceived
+ - added new methods: WPS Cancel, P2P Cancel, Reconnect, RemoveClient
+ - added manufacturer info
+ * added EAP-EKE peer support for deriving Session-Id
+ * added wps_priority configuration parameter to set the default priority
+ for all network profiles added by WPS
+ * added support to request a scan with specific SSIDs with the SCAN
+ command (optional "ssid <hexdump>" arguments)
+ * removed support for WEP40/WEP104 as a group cipher with WPA/WPA2
+ * fixed SAE group selection in an error case
+ * modified SAE routines to be more robust and PWE generation to be
+ stronger against timing attacks
+ * added support for Brainpool Elliptic Curves with SAE
+ * added support for CCMP-256 and GCMP-256 as group ciphers with FT
+ * fixed BSS selection based on estimated throughput
+ * added option to disable TLSv1.0 with OpenSSL
+ (phase1="tls_disable_tlsv1_0=1")
+ * added Fast Session Transfer (FST) module
+ * fixed OpenSSL PKCS#12 extra certificate handling
+ * fixed key derivation for Suite B 192-bit AKM (this breaks
+ compatibility with the earlier version)
+ * added RSN IE to Mesh Peering Open/Confirm frames
+ * number of small fixes
+
2015-03-15 - v2.4
* allow OpenSSL cipher configuration to be set for internal EAP server
(openssl_ciphers parameter)