Preparations for v2.10 release

Update the version number for the build and also add the ChangeLog
entries for both hostapd and wpa_supplicant to describe main changes
between v2.9 and v2.10.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/doc/doxygen.conf b/doc/doxygen.conf
index 3f01173930c4272c4e154b21576934e02a097f2c..54a77ec2f1ecbdbb1c6a262b7703ca0dc98b22f8 100644 (file)
--- a/doc/doxygen.conf
+++ b/doc/doxygen.conf
@@ -31,7 +31,7 @@ PROJECT_NAME           = "wpa_supplicant / hostapd"
 # This could be handy for archiving the generated documentation or
 # if some version control system is used.
 
-PROJECT_NUMBER         = 2.9
+PROJECT_NUMBER         = 2.10
 
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
 # base path where the generated documentation will be put.

diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog
index 34a8a081879d2e29792fdac263eb419d3283214a..279298e4d4d44f5f07af707454dc8e72073813c3 100644 (file)
--- a/hostapd/ChangeLog
+++ b/hostapd/ChangeLog
@@ -1,5 +1,48 @@
 ChangeLog for hostapd
 
+2022-01-16 - v2.10
+       * SAE changes
+         - improved protection against side channel attacks
+           [https://w1.fi/security/2022-1/]
+         - added option send SAE Confirm immediately (sae_config_immediate=1)
+           after SAE Commit
+         - added support for the hash-to-element mechanism (sae_pwe=1 or
+           sae_pwe=2)
+         - fixed PMKSA caching with OKC
+         - added support for SAE-PK
+       * EAP-pwd changes
+         - improved protection against side channel attacks
+           [https://w1.fi/security/2022-1/]
+       * fixed WPS UPnP SUBSCRIBE handling of invalid operations
+         [https://w1.fi/security/2020-1/]
+       * fixed PMF disconnection protection bypass
+         [https://w1.fi/security/2019-7/]
+       * added support for using OpenSSL 3.0
+       * fixed various issues in experimental support for EAP-TEAP server
+       * added configuration (max_auth_rounds, max_auth_rounds_short) to
+         increase the maximum number of EAP message exchanges (mainly to
+         support cases with very large certificates) for the EAP server
+       * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
+       * extended HE (IEEE 802.11ax) support, including 6 GHz support
+       * removed obsolete IAPP functionality
+       * fixed EAP-FAST server with TLS GCM/CCM ciphers
+       * dropped support for libnl 1.1
+       * added support for nl80211 control port for EAPOL frame TX/RX
+       * fixed OWE key derivation with groups 20 and 21; this breaks backwards
+         compatibility for these groups while the default group 19 remains
+         backwards compatible; owe_ptk_workaround=1 can be used to enabled a
+         a workaround for the group 20/21 backwards compatibility
+       * added support for Beacon protection
+       * added support for Extended Key ID for pairwise keys
+       * removed WEP support from the default build (CONFIG_WEP=y can be used
+         to enable it, if really needed)
+       * added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
+       * added support for Transition Disable mechanism to allow the AP to
+         automatically disable transition mode to improve security
+       * added support for PASN
+       * added EAP-TLS server support for TLS 1.3 (disabled by default for now)
+       * a large number of other fixes, cleanup, and extensions
+
 2019-08-07 - v2.9
        * SAE changes
          - disable use of groups using Brainpool curves

diff --git a/src/common/version.h b/src/common/version.h
index 0235c9bf6776af8976a4647c89b4b7fdb5517020..7502f58e0b874ec327635f63d63a738e26e3fb65 100644 (file)
--- a/src/common/version.h
+++ b/src/common/version.h
@@ -9,6 +9,6 @@
 #define GIT_VERSION_STR_POSTFIX ""
 #endif /* GIT_VERSION_STR_POSTFIX */
 
-#define VERSION_STR "2.10-devel" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX
+#define VERSION_STR "2.10" VERSION_STR_POSTFIX GIT_VERSION_STR_POSTFIX
 
 #endif /* VERSION_H */

diff --git a/wpa_supplicant/ChangeLog b/wpa_supplicant/ChangeLog
index 5ca82457ad1bd5291de8a21d05c479cae9e85758..efcc6cd9c9ba31b541807d0a6023b7fd56a60b98 100644 (file)
--- a/wpa_supplicant/ChangeLog
+++ b/wpa_supplicant/ChangeLog
@@ -1,5 +1,58 @@
 ChangeLog for wpa_supplicant
 
+2022-01-16 - v2.10
+       * SAE changes
+         - improved protection against side channel attacks
+           [https://w1.fi/security/2022-1/]
+         - added support for the hash-to-element mechanism (sae_pwe=1 or
+           sae_pwe=2); this is currently disabled by default, but will likely
+           get enabled by default in the future
+         - fixed PMKSA caching with OKC
+         - added support for SAE-PK
+       * EAP-pwd changes
+         - improved protection against side channel attacks
+         [https://w1.fi/security/2022-1/]
+       * fixed P2P provision discovery processing of a specially constructed
+         invalid frame
+         [https://w1.fi/security/2021-1/]
+       * fixed P2P group information processing of a specially constructed
+         invalid frame
+         [https://w1.fi/security/2020-2/]
+       * fixed PMF disconnection protection bypass in AP mode
+         [https://w1.fi/security/2019-7/]
+       * added support for using OpenSSL 3.0
+       * increased the maximum number of EAP message exchanges (mainly to
+         support cases with very large certificates)
+       * fixed various issues in experimental support for EAP-TEAP peer
+       * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
+       * a number of MKA/MACsec fixes and extensions
+       * added support for SAE (WPA3-Personal) AP mode configuration
+       * added P2P support for EDMG (IEEE 802.11ay) channels
+       * fixed EAP-FAST peer with TLS GCM/CCM ciphers
+       * improved throughput estimation and BSS selection
+       * dropped support for libnl 1.1
+       * added support for nl80211 control port for EAPOL frame TX/RX
+       * fixed OWE key derivation with groups 20 and 21; this breaks backwards
+         compatibility for these groups while the default group 19 remains
+         backwards compatible
+       * added support for Beacon protection
+       * added support for Extended Key ID for pairwise keys
+       * removed WEP support from the default build (CONFIG_WEP=y can be used
+         to enable it, if really needed)
+       * added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
+       * added support for Transition Disable mechanism to allow the AP to
+         automatically disable transition mode to improve security
+       * extended D-Bus interface
+       * added support for PASN
+       * added a file-based backend for external password storage to allow
+         secret information to be moved away from the main configuration file
+         without requiring external tools
+       * added EAP-TLS peer support for TLS 1.3 (disabled by default for now)
+       * added support for SCS, MSCS, DSCP policy
+       * changed driver interface selection to default to automatic fallback
+         to other compiled in options
+       * a large number of other fixes, cleanup, and extensions
+
 2019-08-07 - v2.9
        * SAE changes
          - disable use of groups using Brainpool curves