hostapd/wpa_supplicant - new development release v0.4.6

[Jouni Malinen]

New versions of wpa_supplicant and hostapd were just released and are
now available from http://hostap.epitest.fi/

This release is from the new development branch (0.4.x). Please note
that the 0.3.x branch continues to be the current source of stable
releases.

This version had bit more changes than originally planned, so I ended
up doing one more development release from 0.4.x branch. Anyway, this
is expected to be the final development release from this branch and
the next release is going to mark the start of 0.4.x stable branch. I'm
going to be applying only obvious bug fixes to the 0.4 code. If anything
larger is going to be committed to CVS, a new branch will be created for
0.4.x releases so that CVS trunk can be freed for development.

Now would be a good time to start testing 0.4.x versions if you have
not yet done that, so that potentially remaining issues in the current
implementation can be resolved before the first stable 0.4 release. I
would expect this release to happen in couple of weeks to a month from
now.


hostapd:
* added support for replacing user identity from EAP with RADIUS
  User-Name attribute from Access-Accept message, if that is included,
  for the RADIUS accounting messages (e.g., for EAP-PEAP/TTLS to get
  tunneled identity into accounting messages when the RADIUS server
  does not support better way of doing this with Class attribute)
* driver_madwifi: fixed EAPOL packet receive for configuration where
  ath# is part of a bridge interface
* added a configuration file and log analyzer script for logwatch
* fixed EAPOL state machine step function to process all state
  transitions before processing new events; this resolves a race
  condition in which EAPOL-Start message could trigger hostapd to send
  two EAP-Response/Identity frames to the authentication server

wpa_supplicant:
* allow fallback to WPA, if mixed WPA+WPA2 networks have mismatch in
  RSN IE, but WPA IE would match with wpa_supplicant configuration
* added support for named configuration blobs in order to avoid having
  to use file system for external files (e.g., certificates);
  variables can be set to "blob://<blob name>" instead of file path to
  use a named blob; supported fields: pac_file, client_cert,
  private_key
* fixed RSN pre-authentication (it was broken in the clean up of WPA
  state machine interface in v0.4.5)
* driver_madwifi: set IEEE80211_KEY_GROUP flag for group keys to make
  sure the driver configures broadcast decryption correctly
* added ca_path (and ca_path2) configuration variables that can be used
  to configure OpenSSL CA path, e.g., /etc/ssl/certs, for using the
  system-wide trusted CA list
* added support for starting wpa_supplicant without a configuration
  file (-C argument must be used to set ctrl_interface parameter for
  this case; in addition, -p argument can be used to provide
  driver_param; these new arguments can also be used with a
  configuration to override the values from the configuration)
* added global control interface that can be optionally used for adding
  and removing network interfaces dynamically (-g command line argument
  for both wpa_supplicant and wpa_cli) without having to restart
  wpa_supplicant process
* wpa_gui:
  - try to save configuration whenever something is modified
  - added WEP key configuration
  - added possibility to edit the current network configuration
* driver_ndis: fixed driver polling not to increase frequency on each
  received EAPOL frame due to incorrectly cancelled timeout
* added simple configuration file examples (in examples subdirectory)
* fixed driver_wext.c to filter wireless events based on ifindex to
  avoid interfaces receiving events from other interfaces
* delay sending initial EAPOL-Start couple of seconds to speed up
  authentication for the most common case of Authenticator starting
  EAP authentication immediately after association

-- 
Jouni Malinen                                            PGP id EFC895FA