ChangeLog for hostapd
-????-??-?? - v0.6.4
+2009-11-21 - v0.7.0
+ * increased hostapd_cli ping interval to 5 seconds and made this
+ configurable with a new command line options (-G<seconds>)
+ * driver_nl80211: use Linux socket filter to improve performance
+ * added support for external Registrars with WPS (UPnP transport)
+ * 802.11n: scan for overlapping BSSes before starting 20/40 MHz channel
+ * driver_nl80211: fixed STA accounting data collection (TX/RX bytes
+ reported correctly; TX/RX packets not yet available from kernel)
+ * added support for WPS USBA out-of-band mechanism with USB Flash
+ Drives (UFD) (CONFIG_WPS_UFD=y)
+ * fixed EAPOL/EAP reauthentication when using an external RADIUS
+ authentication server
+ * fixed TNC with EAP-TTLS
+ * fixed IEEE 802.11r key derivation function to match with the standard
+ (note: this breaks interoperability with previous version) [Bug 303]
+ * fixed SHA-256 based key derivation function to match with the
+ standard when using CCMP (for IEEE 802.11r and IEEE 802.11w)
+ (note: this breaks interoperability with previous version) [Bug 307]
+ * added number of code size optimizations to remove unnecessary
+ functionality from the program binary based on build configuration
+ (part of this automatic; part configurable with CONFIG_NO_* build
+ options)
+ * use shared driver wrapper files with wpa_supplicant
+ * driver_nl80211: multiple updates to provide support for new Linux
+ nl80211/mac80211 functionality
+ * updated management frame protection to use IEEE Std 802.11w-2009
+ * fixed number of small WPS issues and added workarounds to
+ interoperate with common deployed broken implementations
+ * added some IEEE 802.11n co-existance rules to disable 40 MHz channels
+ or modify primary/secondary channels if needed based on neighboring
+ networks
+ * added support for NFC out-of-band mechanism with WPS
+ * added preliminary support for IEEE 802.11r RIC processing
+
+2009-01-06 - v0.6.7
+ * added support for Wi-Fi Protected Setup (WPS)
+ (hostapd can now be configured to act as an integrated WPS Registrar
+ and provision credentials for WPS Enrollees using PIN and PBC
+ methods; external wireless Registrar can configure the AP, but
+ external WLAN Manager Registrars are not supported); WPS support can
+ be enabled by adding CONFIG_WPS=y into .config and setting the
+ runtime configuration variables in hostapd.conf (see WPS section in
+ the example configuration file); new hostapd_cli commands wps_pin and
+ wps_pbc are used to configure WPS negotiation; see README-WPS for
+ more details
+ * added IEEE 802.11n HT capability configuration (ht_capab)
+ * added support for generating Country IE based on nl80211 regulatory
+ information (added if ieee80211d=1 in configuration)
+ * fixed WEP authentication (both Open System and Shared Key) with
+ mac80211
+ * added support for EAP-AKA' (draft-arkko-eap-aka-kdf)
+ * added support for using driver_test over UDP socket
+ * changed EAP-GPSK to use the IANA assigned EAP method type 51
+ * updated management frame protection to use IEEE 802.11w/D7.0
+ * fixed retransmission of EAP requests if no response is received
+
+2008-11-23 - v0.6.6
+ * added a new configuration option, wpa_ptk_rekey, that can be used to
+ enforce frequent PTK rekeying, e.g., to mitigate some attacks against
+ TKIP deficiencies
+ * updated OpenSSL code for EAP-FAST to use an updated version of the
+ session ticket overriding API that was included into the upstream
+ OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is
+ needed with that version anymore)
+ * changed channel flags configuration to read the information from
+ the driver (e.g., via driver_nl80211 when using mac80211) instead of
+ using hostapd as the source of the regulatory information (i.e.,
+ information from CRDA is now used with mac80211); this allows 5 GHz
+ channels to be used with hostapd (if allowed in the current
+ regulatory domain)
+ * fixed EAP-TLS message processing for the last TLS message if it is
+ large enough to require fragmentation (e.g., if a large Session
+ Ticket data is included)
+ * fixed listen interval configuration for nl80211 drivers
+
+2008-11-01 - v0.6.5
+ * added support for SHA-256 as X.509 certificate digest when using the
+ internal X.509/TLSv1 implementation
+ * fixed EAP-FAST PAC-Opaque padding (0.6.4 broke this for some peer
+ identity lengths)
+ * fixed internal TLSv1 implementation for abbreviated handshake (used
+ by EAP-FAST server)
+ * added support for setting VLAN ID for STAs based on local MAC ACL
+ (accept_mac_file) as an alternative for RADIUS server-based
+ configuration
+ * updated management frame protection to use IEEE 802.11w/D6.0
+ (adds a new association ping to protect against unauthenticated
+ authenticate or (re)associate request frames dropping association)
+ * added support for using SHA256-based stronger key derivation for WPA2
+ (IEEE 802.11w)
+ * added new "driver wrapper" for RADIUS-only configuration
+ (driver=none in hostapd.conf; CONFIG_DRIVER_NONE=y in .config)
+ * fixed WPA/RSN IE validation to verify that the proto (WPA vs. WPA2)
+ is enabled in configuration
+ * changed EAP-FAST configuration to use separate fields for A-ID and
+ A-ID-Info (eap_fast_a_id_info) to allow A-ID to be set to a fixed
+ 16-octet len binary value for better interoperability with some peer
+ implementations; eap_fast_a_id is now configured as a hex string
+ * driver_nl80211: Updated to match the current Linux mac80211 AP mode
+ configuration (wireless-testing.git and Linux kernel releases
+ starting from 2.6.29)
+
+2008-08-10 - v0.6.4
* added peer identity into EAP-FAST PAC-Opaque and skip Phase 2
Identity Request if identity is already known
* added support for EAP Sequences in EAP-FAST Phase 2
(this version implements the EAP-TNC method and EAP-TTLS/EAP-FAST
changes needed to run two methods in sequence (IF-T) and the IF-IMV
and IF-TNCCS interfaces from TNCS)
+ * added support for optional cryptobinding with PEAPv0
+ * added fragmentation support for EAP-TNC
+ * added support for fragmenting EAP-TTLS/PEAP/FAST Phase 2 (tunneled)
+ data
+ * added support for opportunistic key caching (OKC)
2008-02-22 - v0.6.3
* fixed Reassociation Response callback processing when using internal