./net/wpa_gui, QT GUI for wpa_supplicant(8)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.6, Package name: wpa_gui-2.6, Maintainer: pkgsrc-users

wpa_supplicant is a WPA Supplicant for Linux, BSD, and Windows with
support for WPA and WPA2 (IEEE 802.11i / RSN). It is suitable for both
desktop/laptop computers and embedded systems. Supplicant is the
IEEE 802.1X/WPA component that is used in the client stations.

This package only includes the wpa_gui frontent for wpa_supplicant.

Required to run:

Required to build:
[x11/glproto] [x11/renderproto] [x11/xproto] [x11/qt4-tools] [x11/xf86vidmodeproto] [x11/xf86driproto] [x11/damageproto] [x11/inputproto] [x11/xextproto] [x11/randrproto] [x11/dri2proto] [x11/fixesproto4]

Master sites:

SHA1: 8189704e257c3e9f8300c49dc6e49a381b1d6299
RMD160: 2fb26394d22ac3acde2d9d7c6543af8eaac9c55a
Filesize: 2688.988 KB

Version history: (Expand)

CVS history: (Expand)

   2016-11-16 16:57:29 by Maya Rashish | Files touched by this commit (2) | Package updated
Log message:
wpa_gui: update to v2.6

ChangeLog for wpa_supplicant (and also _gui):

2016-10-02 - v2.6
        * fixed WNM Sleep Mode processing when PMF is not enabled
          [http://w1.fi/security/2015-6/] (CVE-2015-5310)
        * fixed EAP-pwd last fragment validation
          [http://w1.fi/security/2015-7/] (CVE-2015-5315)
        * fixed EAP-pwd unexpected Confirm message processing
          [http://w1.fi/security/2015-8/] (CVE-2015-5316)
        * fixed WPS configuration update vulnerability with malformed passphrase
          [http://w1.fi/security/2016-1/] (CVE-2016-4476)
        * fixed configuration update vulnerability with malformed parameters set
          over the local control interface
          [http://w1.fi/security/2016-1/] (CVE-2016-4477)
        * fixed TK configuration to the driver in EAPOL-Key 3/4 retry case
        * extended channel switch support for P2P GO
        * started to throttle control interface event message bursts to avoid
          issues with monitor sockets running out of buffer space
        * mesh mode fixes/improvements
          - generate proper AID for peer
          - enable WMM by default
          - add VHT support
          - fix PMKID derivation
          - improve robustness on various exchanges
          - fix peer link counting in reconnect case
          - improve mesh joining behavior
          - allow DTIM period to be configured
          - allow HT to be disabled (disable_ht=1)
          - add MESH_PEER_ADD and MESH_PEER_REMOVE commands
          - add support for PMKSA caching
          - add minimal support for SAE group negotiation
          - allow pairwise/group cipher to be configured in the network profile
          - use ieee80211w profile parameter to enable/disable PMF and derive
            a separate TX IGTK if PMF is enabled instead of using MGTK
          - fix AEK and MTK derivation
          - remove GTKdata and IGTKdata from Mesh Peering Confirm/Close
          - note: these changes are not fully backwards compatible for secure
            (RSN) mesh network
        * fixed PMKID derivation with SAE
        * added support for requesting and fetching arbitrary ANQP-elements
          without internal support in wpa_supplicant for the specific element
          (anqp[265]=<hexdump> in "BSS <BSSID>" command output)
        * P2P
          - filter control characters in group client device names to be
            consistent with other P2P peer cases
          - support VHT 80+80 MHz and 160 MHz
          - indicate group completion in P2P Client role after data association
            instead of already after the WPS provisioning step
          - improve group-join operation to use SSID, if known, to filter BSS
          - added optional ssid=<hexdump> argument to P2P_CONNECT for join case
          - added P2P_GROUP_MEMBER command to fetch client interface address
        * P2PS
          - fix follow-on PD Response behavior
          - fix PD Response generation for unknown peer
          - fix persistent group reporting
          - add channel policy to PD Request
          - add group SSID to the P2PS-PROV-DONE event
          - allow "P2P_CONNECT <addr> p2ps" to be used without \ 
specifying the
            default PIN
        * BoringSSL
          - support for OCSP stapling
          - support building of h20-osu-client
        * D-Bus
          - add ExpectDisconnect()
          - add global config parameters as properties
          - add SaveConfig()
          - add VendorElemAdd(), VendorElemGet(), VendorElemRem()
        * fixed Suite B 192-bit AKM to use proper PMK length
          (note: this makes old releases incompatible with the fixed behavior)
        * improved PMF behavior for cases where the AP and STA has different
          configuration by not trying to connect in some corner cases where the
          connection cannot succeed
        * added option to reopen debug log (e.g., to rotate the file) upon
          receipt of SIGHUP signal
        * EAP-pwd: added support for Brainpool Elliptic Curves
          (with OpenSSL 1.0.2 and newer)
        * fixed EAPOL reauthentication after FT protocol run
        * fixed FTIE generation for 4-way handshake after FT protocol run
        * extended INTERFACE_ADD command to allow certain type (sta/ap)
          interface to be created
        * fixed and improved various FST operations
        * added 80+80 MHz and 160 MHz VHT support for IBSS/mesh
        * fixed SIGNAL_POLL in IBSS and mesh cases
        * added an option to abort an ongoing scan (used to speed up connection
          and can also be done with the new ABORT_SCAN command)
        * TLS client
          - do not verify CA certificates when ca_cert is not specified
          - support validating server certificate hash
          - support SHA384 and SHA512 hashes
          - add signature_algorithms extension into ClientHello
          - support TLS v1.2 signature algorithm with SHA384 and SHA512
          - support server certificate probing
          - allow specific TLS versions to be disabled with phase2 parameter
          - support extKeyUsage
          - support PKCS #5 v2.0 PBES2
          - support PKCS #5 with PKCS #12 style key decryption
          - minimal support for PKCS #12
          - support OCSP stapling (including ocsp_multi)
        * OpenSSL
          - support OpenSSL 1.1 API changes
          - drop support for OpenSSL 0.9.8
          - drop support for OpenSSL 1.0.0
        * added support for multiple schedule scan plans (sched_scan_plans)
        * added support for external server certificate chain validation
          (tls_ext_cert_check=1 in the network profile phase1 parameter)
        * made phase2 parser more strict about correct use of auth=<val> and
          autheap=<val> values
        * improved GAS offchannel operations with comeback request
        * added SIGNAL_MONITOR command to request signal strength monitoring
        * added command for retrieving HS 2.0 icons with in-memory storage
          (REQ_HS20_ICON, GET_HS20_ICON, DEL_HS20_ICON commands and
          RX-HS20-ICON event)
        * enabled ACS support for AP mode operations with wpa_supplicant
        * EAP-PEAP: fixed interoperability issue with Windows 2012r2 server
          ("Invalid Compound_MAC in cryptobinding TLV")
        * EAP-TTLS: fixed success after fragmented final Phase 2 message
        * VHT: added interoperability workaround for 80+80 and 160 MHz channels
        * WNM: workaround for broken AP operating class behavior
        * added kqueue(2) support for eloop (CONFIG_ELOOP_KQUEUE)
        * nl80211:
          - add support for full station state operations
          - do not add NL80211_ATTR_SMPS_MODE attribute if HT is disabled
          - add NL80211_ATTR_PREV_BSSID with Connect command
          - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use
            unencrypted EAPOL frames
        * added initial MBO support; number of extensions to WNM BSS Transition
        * added support for PBSS/PCP and P2P on 60 GHz
        * Interworking: add credential realm to EAP-TLS identity
        * fixed EAPOL-Key Request Secure bit to be 1 if PTK is set
        * HS 2.0: add support for configuring frame filters
        * added POLL_STA command to check connectivity in AP mode
        * added initial functionality for location related operations
        * started to ignore pmf=1/2 parameter for non-RSN networks
        * added wps_disabled=1 network profile parameter to allow AP mode to
          be started without enabling WPS
        * wpa_cli: added action script support for AP-ENABLED and AP-DISABLED
        * improved Public Action frame addressing
          - add gas_address3 configuration parameter to control Address 3
        * number of small fixes
   2016-10-28 12:40:51 by David Brownlee | Files touched by this commit (1)
Log message:
No need to use ${PKGMANDIR} in PLIST (proxy wizd :)
   2016-10-28 08:24:35 by David Brownlee | Files touched by this commit (2) | Package updated
Log message:
Reduce some of the mystery of life for users of wpa_gui binary packages
- add the man page.

Bump pkgrevision
   2016-09-13 19:24:30 by Maya Rashish | Files touched by this commit (1)
Log message:
wpa_gui: drop maintainership

this package has serious vulnerabilities but has not released a new
version to address them, so manual patches from upstream must be applied.
I can't address it myself.
   2016-08-18 00:00:48 by Maya Rashish | Files touched by this commit (1)
Log message:
wpa_gui: better explanation in MESSAGE, don't suggest the unsafe option
   2016-08-17 23:48:33 by Maya Rashish | Files touched by this commit (1)
Log message:
wpa_gui: add forgotten patch.
   2016-08-17 23:48:06 by Maya Rashish | Files touched by this commit (2)
Log message:
wpa_gui: take maintainership, add MESSAGE explaining requirements to usage
   2016-08-17 23:46:45 by Maya Rashish | Files touched by this commit (3) | Package updated
Log message:
Update to wpa_gui v2.5

2015-09-27 - v2.5
        * fixed P2P validation of SSID element length before copying it
          [http://w1.fi/security/2015-1/] (CVE-2015-1863)
        * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding
          [http://w1.fi/security/2015-2/] (CVE-2015-4141)
        * fixed WMM Action frame parser (AP mode)
          [http://w1.fi/security/2015-3/] (CVE-2015-4142)
        * fixed EAP-pwd peer missing payload length validation
          (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)
        * fixed validation of WPS and P2P NFC NDEF record payload length
        * nl80211:
          - added VHT configuration for IBSS
          - fixed vendor command handling to check OUI properly
          - allow driver-based roaming to change ESS
        * added AVG_BEACON_RSSI to SIGNAL_POLL output
        * wpa_cli: added tab completion for number of commands
        * removed unmaintained and not yet completed SChannel/CryptoAPI support
        * modified Extended Capabilities element use in Probe Request frames to
          include all cases if any of the values are non-zero
        * added support for dynamically creating/removing a virtual interface
          with interface_add/interface_remove
        * added support for hashed password (NtHash) in EAP-pwd peer
        * added support for memory-only PSK/passphrase (mem_only_psk=1 and
        * P2P
          - optimize scan frequencies list when re-joining a persistent group
          - fixed number of sequences with nl80211 P2P Device interface
          - added operating class 125 for P2P use cases (this allows 5 GHz
            channels 161 and 169 to be used if they are enabled in the current
            regulatory domain)
          - number of fixes to P2PS functionality
          - do not allow 40 MHz co-ex PRI/SEC switch to force MCC
          - extended support for preferred channel listing
        * D-Bus:
          - fixed WPS property of fi.w1.wpa_supplicant1.BSS interface
          - fixed PresenceRequest to use group interface
          - added new signals: FindStopped, WPS pbc-overlap,
            GroupFormationFailure, WPS timeout, InvitationReceived
          - added new methods: WPS Cancel, P2P Cancel, Reconnect, RemoveClient
          - added manufacturer info
        * added EAP-EKE peer support for deriving Session-Id
        * added wps_priority configuration parameter to set the default priority
          for all network profiles added by WPS
        * added support to request a scan with specific SSIDs with the SCAN
          command (optional "ssid <hexdump>" arguments)
        * removed support for WEP40/WEP104 as a group cipher with WPA/WPA2
        * fixed SAE group selection in an error case
        * modified SAE routines to be more robust and PWE generation to be
          stronger against timing attacks
        * added support for Brainpool Elliptic Curves with SAE
        * added support for CCMP-256 and GCMP-256 as group ciphers with FT
        * fixed BSS selection based on estimated throughput
        * added option to disable TLSv1.0 with OpenSSL
        * added Fast Session Transfer (FST) module
        * fixed OpenSSL PKCS#12 extra certificate handling
        * fixed key derivation for Suite B 192-bit AKM (this breaks
          compatibility with the earlier version)
        * added RSN IE to Mesh Peering Open/Confirm frames
        * number of small fixes

2015-03-15 - v2.4
        * allow OpenSSL cipher configuration to be set for internal EAP server
          (openssl_ciphers parameter)
        * fixed number of small issues based on hwsim test case failures and
          static analyzer reports
        * P2P:
          - add new=<0/1> flag to P2P-DEVICE-FOUND events
          - add passive channels in invitation response from P2P Client
          - enable nl80211 P2P_DEVICE support by default
          - fix regresssion in disallow_freq preventing search on social
          - fix regressions in P2P SD query processing
          - try to re-invite with social operating channel if no common channels
            in invitation
          - allow cross connection on parent interface (this fixes number of
            use cases with nl80211)
          - add support for P2P services (P2PS)
          - add p2p_go_ctwindow configuration parameter to allow GO CTWindow to
            be configured
        * increase postponing of EAPOL-Start by one second with AP/GO that
          supports WPS 2.0 (this makes it less likely to trigger extra roundtrip
          of identity frames)
        * add support for PMKSA caching with SAE
        * add support for control mesh BSS (IEEE 802.11s) operations
        * fixed number of issues with D-Bus P2P commands
        * fixed regression in ap_scan=2 special case for WPS
        * fixed macsec_validate configuration
        * add a workaround for incorrectly behaving APs that try to use
          EAPOL-Key descriptor version 3 when the station supports PMF even if
          PMF is not enabled on the AP
        * allow TLS v1.1 and v1.2 to be negotiated by default; previous behavior
          of disabling these can be configured to work around issues with broken
          servers with phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1"
        * add support for Suite B (128-bit and 192-bit level) key management and
          cipher suites
        * add WMM-AC support (WMM_AC_ADDTS/WMM_AC_DELTS)
        * improved BSS Transition Management processing
        * add support for neighbor report
        * add support for link measurement
        * fixed expiration of BSS entry with all-zeros BSSID
        * add optional LAST_ID=x argument to LIST_NETWORK to allow all
          configured networks to be listed even with huge number of network
        * add support for EAP Re-Authentication Protocol (ERP)
        * fixed EAP-IKEv2 fragmentation reassembly
        * improved PKCS#11 configuration for OpenSSL
        * set stdout to be line-buffered
        * add TDLS channel switch configuration
        * add support for MAC address randomization in scans with nl80211
        * enable HT for IBSS if supported by the driver
        * add BSSID black and white lists (bssid_blacklist, bssid_whitelist)
        * add support for domain_suffix_match with GnuTLS
        * add OCSP stapling client support with GnuTLS
        * include peer certificate in EAP events even without a separate probe
          operation; old behavior can be restored with cert_in_cb=0
        * add peer ceritficate alt subject name to EAP events
        * add domain_match network profile parameter (similar to
          domain_suffix_match, but full match is required)
        * enable AP/GO mode HT Tx STBC automatically based on driver support
        * add ANQP-QUERY-DONE event to provide information on ANQP parsing
        * allow passive scanning to be forced with passive_scan=1
        * add a workaround for Linux packet socket behavior when interface is in
        * increase 5 GHz band preference in BSS selection (estimate SNR, if info
          not available from driver; estimate maximum throughput based on common
          HT/VHT/specific TX rate support)
        * add INTERWORKING_ADD_NETWORK ctrl_iface command; this can be used to
          implement Interworking network selection behavior in upper layers
          software components
        * add optional reassoc_same_bss_optim=1 (disabled by default)
          optimization to avoid unnecessary Authentication frame exchange
        * extend TDLS frame padding workaround to cover all packets
        * allow wpa_supplicant to recover nl80211 functionality if the cfg80211
          module gets removed and reloaded without restarting wpa_supplicant
        * allow hostapd DFS implementation to be used in wpa_supplicant AP mode

2014-10-09 - v2.3
        * fixed number of minor issues identified in static analyzer warnings
        * fixed wfd_dev_info to be more careful and not read beyond the buffer
          when parsing invalid information for P2P-DEVICE-FOUND
        * extended P2P and GAS query operations to support drivers that have
          maximum remain-on-channel time below 1000 ms (500 ms is the current
          minimum supported value)
        * added p2p_search_delay parameter to make the default p2p_find delay
        * improved P2P operating channel selection for various multi-channel
          concurrency cases
        * fixed some TDLS failure cases to clean up driver state
        * fixed dynamic interface addition cases with nl80211 to avoid adding
          ifindex values to incorrect interface to skip foreign interface events
        * added TDLS workaround for some APs that may add extra data to the
          end of a short frame
        * fixed EAP-AKA' message parser with multiple AT_KDF attributes
        * added configuration option (p2p_passphrase_len) to allow longer
          passphrases to be generated for P2P groups
        * fixed IBSS channel configuration in some corner cases
        * improved HT/VHT/QoS parameter setup for TDLS
        * modified D-Bus interface for P2P peers/groups
        * started to use constant time comparison for various password and hash
          values to reduce possibility of any externally measurable timing
        * extended explicit clearing of freed memory and expired keys to avoid
          keeping private data in memory longer than necessary
        * added optional scan_id parameter to the SCAN command to allow manual
          scan requests for active scans for specific configured SSIDs
        * fixed CTRL-EVENT-REGDOM-CHANGE event init parameter value
        * added option to set Hotspot 2.0 Rel 2 update_identifier in network
          configuration to support external configuration
        * modified Android PNO functionality to send Probe Request frames only
          for hidden SSIDs (based on scan_ssid=1)
        * added generic mechanism for adding vendor elements into frames at
        * added fields to show unrecognized vendor elements in P2P_PEER
        * removed EAP-TTLS/MSCHAPv2 interoperability workaround so that
          MS-CHAP2-Success is required to be present regardless of
          eap_workaround configuration
        * modified EAP fast session resumption to allow results to be used only
          with the same network block that generated them
        * extended freq_list configuration to apply for sched_scan as well as
          normal scan
        * modified WPS to merge mixed-WPA/WPA2 credentials from a single session
        * fixed nl80211/RTM_DELLINK processing when a P2P GO interface is
          removed from a bridge
        * fixed number of small P2P issues to make negotiations more robust in
          corner cases
        * added experimental support for using temporary, random local MAC
          address (mac_addr and preassoc_mac_addr parameters); this is disabled
          by default (i.e., previous behavior of using permanent address is
          maintained if configuration is not changed)
        * added D-Bus interface for setting/clearing WFD IEs
        * fixed TDLS AID configuration for VHT
        * modified -m<conf> configuration file to be used only for the P2P
          non-netdev management device and do not load this for the default
          station interface or load the station interface configuration for
          the P2P management interface
        * fixed external MAC address changes while wpa_supplicant is running
        * started to enable HT (if supported by the driver) for IBSS
        * fixed wpa_cli action script execution to use more robust mechanism

2014-06-04 - v2.2
        * added DFS indicator to get_capability freq
        * added/fixed nl80211 functionality
          - BSSID/frequency hint for driver-based BSS selection
          - fix tearing down WDS STA interfaces
          - support vendor specific driver command
            (VENDOR <vendor id> <sub command id> [<hex formatted \ 
          - GO interface teardown optimization
          - allow beacon interval to be configured for IBSS
          - add SHA256-based AKM suites to CONNECT/ASSOCIATE commands
        * removed unused NFC_RX_HANDOVER_REQ and NFC_RX_HANDOVER_SEL control
          interface commands (the more generic NFC_REPORT_HANDOVER is now used)
        * fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding;
          this fixes password with include UTF-8 characters that use
          three-byte encoding EAP methods that use NtPasswordHash
        * fixed couple of sequencies where radio work items could get stuck,
          e.g., when rfkill blocking happens during scanning or when
          scan-for-auth workaround is used
        * P2P enhancements/fixes
          - enable enable U-APSD on GO automatically if the driver indicates
            support for this
          - fixed some service discovery cases with broadcast queries not being
            sent to all stations
          - fixed Probe Request frame triggering invitation to trigger only a
            single invitation instance even if multiple Probe Request frames are
          - fixed a potential NULL pointer dereference crash when processing an
            invalid Invitation Request frame
          - add optional configuration file for the P2P_DEVICE parameters
          - optimize scan for GO during persistent group invocation
          - fix possible segmentation fault when PBC overlap is detected while
            using a separate P2P group interface
          - improve GO Negotiation robustness by allowing GO Negotiation
            Confirmation to be retransmitted
          - do use freed memory on device found event when P2P NFC
        * added phase1 network parameter options for disabling TLS v1.1 and v1.2
          to allow workarounds with misbehaving AAA servers
          (tls_disable_tlsv1_1=1 and tls_disable_tlsv1_2=1)
        * added support for OCSP stapling to validate AAA server certificate
          during TLS exchange
        * Interworking/Hotspot 2.0 enhancements
          - prefer the last added network in Interworking connection to make the
            behavior more consistent with likely user expectation
          - roaming partner configuration (roaming_partner within a cred block)
          - support Hotspot 2.0 Release 2
            * "hs20_anqp_get <BSSID> 8" to request OSU Providers list
            * "hs20_icon_request <BSSID> <icon filename>" \ 
to request icon files
            * "fetch_osu" and "cancel_osu_fetch" to \ 
start/stop full OSU provider
              search (all suitable APs in scan results)
            * OSEN network for online signup connection
            * min_{dl,ul}_bandwidth_{home,roaming} cred parameters
            * max_bss_load cred parameter
            * req_conn_capab cred parameter
            * sp_priority cred parameter
            * ocsp cred parameter
            * slow down automatic connection attempts on EAP failure to meet
              required behavior (no more than 10 retries within a 10-minute
            * sample implementation of online signup client (both SPP and
              OMA-DM protocols) (hs20/client/*)
          - fixed GAS indication for additional comeback delay with status
            code 95
          - extend ANQP_GET to accept Hotspot 2.0 subtypes
            ANQP_GET <addr> <info id>[,<info id>]...
          - add control interface events CRED-ADDED <id>,
            CRED-MODIFIED <id> <field>, CRED-REMOVED <id>
          - add "GET_CRED <id> <field>" command
          - enable FT for the connection automatically if the AP advertises
            support for this
          - fix a case where auto_interworking=1 could end up stopping scanning
        * fixed TDLS interoperability issues with supported operating class in
          some deployed stations
        * internal TLS implementation enhancements/fixes
          - add SHA256-based cipher suites
          - add DHE-RSA cipher suites
          - fix X.509 validation of PKCS#1 signature to check for extra data
        * fixed PTK derivation for CCMP-256 and GCMP-256
        * added "reattach" command for fast reassociate-back-to-same-BSS
        * allow PMF to be enabled for AP mode operation with the ieee80211w
        * added "get_capability tdls" command
        * added option to set config blobs through control interface with
          "SET blob <name> <hexdump>"
        * D-Bus interface extensions/fixes
          - make p2p_no_group_iface configurable
          - declare ServiceDiscoveryRequest method properly
          - export peer's device address as a property
          - make reassociate command behave like the control interface one,
            i.e., to allow connection from disconnected state
        * added optional "freq=<channel ranges>" parameter to SET pno
        * added optional "freq=<channel ranges>" parameter to \ 
        * fixed OBSS scan result processing for 20/40 MHz co-ex report
        * remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled
          whenever CONFIG_WPS=y is set
        * fixed regression in parsing of WNM Sleep Mode exit key data
        * fixed potential segmentation fault and memory leaks in WNM neighbor
          report processing
        * EAP-pwd fixes
          - fragmentation of PWD-Confirm-Resp
          - fix memory leak when fragmentation is used
          - fix possible segmentation fault on EAP method deinit if an invalid
            group is negotiated
        * added MACsec/IEEE Std 802.1X-2010 PAE implementation (currently
          available only with the macsec_qca driver wrapper)
        * fixed EAP-SIM counter-too-small message
        * added 'dup_network <id_s> <id_d> <name>' command; \ 
this can be used to
          clone the psk field without having toextract it from wpa_supplicant
        * fixed GSM authentication on USIM
        * added support for usin epoll in eloop (CONFIG_ELOOP_EPOLL=y)
        * fixed some concurrent virtual interface cases with dedicated P2P
          management interface to not catch events from removed interface (this
          could result in the management interface getting disabled)
        * fixed a memory leak in SAE random number generation
        * fixed off-by-one bounds checking in printf_encode()
          - this could result in some control interface ATTACH command cases
            terminating wpa_supplicant
        * fixed EAPOL-Key exchange when GCMP is used with SHA256-based AKM
        * various bug fixes

2014-02-04 - v2.1
        * added support for simultaneous authentication of equals (SAE) for
          stronger password-based authentication with WPA2-Personal
        * improved P2P negotiation and group formation robustness
          - avoid unnecessary Dialog Token value changes during retries
          - avoid more concurrent scanning cases during full group formation
          - do not use potentially obsolete scan result data from driver
            cache for peer discovery/updates
          - avoid undesired re-starting of GO negotiation based on Probe
            Request frames
          - increase GO Negotiation and Invitation timeouts to address busy
            environments and peers that take long time to react to messages,
            e.g., due to power saving
          - P2P Device interface type
        * improved P2P channel selection (use more peer information and allow
          more local options)
        * added support for optional per-device PSK assignment by P2P GO
          (wpa_cli p2p_set per_sta_psk <0/1>)
        * added P2P_REMOVE_CLIENT for removing a client from P2P groups
          (including persistent groups); this can be used to securely remove
          a client from a group if per-device PSKs are used
        * added more configuration flexibility for allowed P2P GO/client
          channels (p2p_no_go_freq list and p2p_add_cli_chan=0/1)
        * added nl80211 functionality
          - VHT configuration for nl80211
          - MFP (IEEE 802.11w) information for nl80211 command API
          - support split wiphy dump
          - FT (IEEE 802.11r) with driver-based SME
          - use advertised number of supported concurrent channels
          - QoS Mapping configuration
        * improved TDLS negotiation robustness
        * added more TDLS peer parameters to be configured to the driver
        * optimized connection time by allowing recently received scan results
          to be used instead of having to run through a new scan
        * fixed ctrl_iface BSS command iteration with RANGE argument and no
          exact matches; also fixed argument parsing for some cases with
          multiple arguments
        * added 'SCAN TYPE=ONLY' ctrl_iface command to request manual scan
          without executing roaming/network re-selection on scan results
        * added Session-Id derivation for EAP peer methods
        * added fully automated regression testing with mac80211_hwsim
        * changed configuration parser to reject invalid integer values
        * allow AP/Enrollee to be specified with BSSID instead of UUID for
          WPS ER operations
        * disable network block temporarily on repeated connection failures
        * changed the default driver interface from wext to nl80211 if both are
          included in the build
        * remove duplicate networks if WPS provisioning is run multiple times
        * remove duplicate networks when Interworking network selection uses the
          same network
        * added global freq_list configuration to allow scan frequencies to be
          limited for all cases instead of just for a specific network block
        * added support for BSS Transition Management
        * added option to use "IFNAME=<ifname> " prefix to use \ 
the global
          control interface connection to perform per-interface commands;
          similarly, allow global control interface to be used as a monitor
          interface to receive events from all interfaces
        * fixed OKC-based PMKSA cache entry clearing
        * fixed TKIP group key configuration with FT
        * added support for using OCSP stapling to validate server certificate
          (ocsp=1 as optional and ocsp=2 as mandatory)
        * added EAP-EKE peer
        * added peer restart detection for IBSS RSN
        * added domain_suffix_match (and domain_suffix_match2 for Phase 2
          EAP-TLS) to specify additional constraint for the server certificate
          domain name
        * added support for external SIM/USIM processing in EAP-SIM, EAP-AKA,
          and EAP-AKA' (CTRL-REQ-SIM and CTRL-RSP-SIM commands over control
        * added global bgscan configuration option as a default for all network
          blocks that do not specify their own bgscan parameters
        * added D-Bus methods for TDLS
        * added more control to scan requests
          - "SCAN freq=<freq list>" can be used to specify which \ 
channels are
            scanned (comma-separated frequency ranges in MHz)
          - "SCAN passive=1" can be used to request a passive scan (no \ 
            Request frames are sent)
          - "SCAN use_id" can be used to request a scan id to be \ 
returned and
            included in event messages related to this specific scan operation
          - "SCAN only_new=1" can be used to request the driver/cfg80211 to
            report only BSS entries that have been updated during this scan
          - these optional arguments to the SCAN command can be combined with
            each other
        * modified behavior on externally triggered scans
          - avoid concurrent operations requiring full control of the radio when
            an externally triggered scan is detected
          - do not use results for internal roaming decision
        * added a new cred block parameter 'temporary' to allow credential
          blocks to be stored separately even if wpa_supplicant configuration
          file is used to maintain other network information
        * added "radio work" framework to schedule exclusive radio \ 
          for off-channel functionality
          - reduce issues with concurrent operations that try to control which
            channel is used
          - allow external programs to request exclusive radio control in a way
            that avoids conflicts with wpa_supplicant
        * added support for using Protected Dual of Public Action frames for
          GAS/ANQP exchanges when associated with PMF
        * added support for WPS+NFC updates and P2P+NFC
          - improved protocol for WPS
          - P2P group formation/join based on NFC connection handover
          - new IPv4 address assignment for P2P groups (ip_addr_* configuration
            parameters on the GO) to replace DHCP
          - option to fetch and report alternative carrier records for external
            NFC operations
        * various bug fixes