wpa (2.4-0ubuntu6) xenial; urgency=medium * debian/patches/wpasupplicant_band_selection_aa517ae2.patch: add the last missing 5 GHz band selection related cherry-pick from Debian that was not included in wpa 2.4 (LP: #1517040) -- Timo Jyrinki Tue, 19 Jan 2016 12:36:00 +0200 wpa (2.4-0ubuntu5) xenial; urgency=medium * SECURITY UPDATE: unauthorized WNM Sleep Mode GTK control - debian/patches/CVE-2015-5310.patch: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use in wpa_supplicant/wnm_sta.c. - CVE-2015-5310 * SECURITY UPDATE: EAP-pwd missing last fragment length validation - debian/patches/CVE-2015-5315-1.patch: Fix last fragment length validation in src/eap_peer/eap_pwd.c. - debian/patches/CVE-2015-5315-2.patch: Fix last fragment length validation in src/eap_server/eap_server_pwd.c. - CVE-2015-5315 * SECURITY UPDATE: EAP-pwd peer error path failure on unexpected Confirm message - debian/patches/CVE-2015-5316.patch: fix error path in src/eap_peer/eap_pwd.c. - CVE-2015-5316 * SECURITY UPDATE: denial of service in NDEF record parser - debian/patches/CVE-2015-8041.patch: validate payload lengths in src/wps/ndef.c. - CVE-2015-8041 -- Marc Deslauriers Tue, 10 Nov 2015 13:38:25 -0500 wpa (2.4-0ubuntu4) xenial; urgency=medium * Add debian/system-sleep/wpasupplicant: Call wpa_cli suspend/resume before/after suspend, like the pm-utils hook. In some cases this brings back missing Wifi connection after resuming. (LP: #1422143) -- Martin Pitt Mon, 26 Oct 2015 14:24:30 +0100 wpa (2.4-0ubuntu3) wily; urgency=medium * debian/patches/dbus-fix-operations-for-p2p-mgmt.patch: fix operations when P2P management interface is used (LP: #1482439) -- Ricardo Salveti de Araujo Wed, 07 Oct 2015 10:21:39 -0300 wpa (2.4-0ubuntu2) wily; urgency=medium * debian/config/wpasupplicant/linux: - Reduce the delta to Debian by removing the double setting of CONFIG_AP and CONFIG_P2P. The only actual delta is CONFIG_ANDROID_HAL. -- Timo Jyrinki Mon, 03 Aug 2015 22:03:51 +0300 wpa (2.4-0ubuntu1) wily; urgency=medium * New upstream release. * Merge with Debian unstable; remaining changes: - debian/patches/session-ticket.patch: disable the TLS Session Ticket extension to fix auth with 802.1x PEAP on some hardware. - debian/patches/android_hal_fw_path_change.patch: add a DBus method for requesting a firmware change when working with the Android HAL; this is used to set a device in P2P or AP mode; conditional to CONFIG_ANDROID_HAL being enabled. - debian/config/wpasupplicant/linux: enable CONFIG_ANDROID_HAL. - debian/control: Build-Depends on android-headers to get the required wifi headers for the HAL support. - debian/patches/dbus-available-sta.patch: Make the list of connected stations available on DBus for hotspot mode; along with some of the station properties, such as rx/tx packets, bytes, capabilities, etc. - debian/patches/CVE-2015-4141.patch: check chunk size: src/wps/httpread.c - CVE-2015-4141 - debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c. - CVE-2015-4142 - debian/patches/CVE-2015-4143-4146.patch: check lengths in src/eap_peer/eap_pwd.c, src/eap_server/eap_server_pwd.c. - CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146 - debian/config/wpasupplicant/linux: - Enable CONFIG_AP_MODE (AP mode support) (LP: #1209511). - Enable CONFIG_P2P (Wi-Fi Direct support). * debian/patches/wpa_supplicant-MACsec-fix-build-failure-for-IEEE8021.patch, debian/patches/include-ieee802_11_common.c-in-wpa_supplicant-build-.patch, d/p/hostapd_fix-hostapd-operation-without-hw_mode-driver-data.patch: dropped patches included upstream. * Refreshed all patches. -- Mathieu Trudel-Lapierre Mon, 27 Jul 2015 17:29:24 -0400 wpa (2.3-2) unstable; urgency=high * remove Kel Modderman from Uploaders as per his request, many thanks for all past efforts Kel. * fix systemd unit dependencies for wpasupplicant, it needs to be started before the network target (Closes: 780552), many thanks to Michael Biebl for reporting and suggesting the patch. * hostapd: avoid segfault with driver=wired, by merging upstream commit e9b783d58c23a7bb50b2f25bce7157f1f3b5d58b "Fix hostapd operation without hw_mode driver data." * import "P2P: Validate SSID element length before copying it (CVE-2015-1863)" from upstream (Closes: #783148). -- Stefan Lippers-Hollmann Thu, 23 Apr 2015 05:02:21 +0200 wpa (2.3-1) unstable; urgency=medium * New upstream release: - fixed by the new upstream version: + wpa: arbitrary command execution via action scripts (Closes: #765352). wpasupplicant: fixed wpa_cli action script execution to use more robust mechanism (CVE-2014-3686). hostapd: fixed hostapd_cli action script execution to use more robust mechanism (CVE-2014-3686). + wpasupplicant: MAC addressing changing broken after updating to 2.2-1 (Closes: #763775). + drop ap_config_c_fix-typo-for-capabilities, applied upstream. - backport "Include ieee802_11_common.c in wpa_supplicant build unconditionally" from HEAD, to fix a newly introduced FTBS on, at least, kfreebsd. * bump standards version to 3.9.6, no changes necessary. -- Stefan Lippers-Hollmann Tue, 14 Oct 2014 21:29:37 +0200 wpa (2.2-1) unstable; urgency=medium * New upstream release: - import suggested changes from Gerald Turner (see #718651 for details). + disable ACS for hostapd on kfreebsd-any (FTBS). - fixed by the new upstream version: + wpa_supplicant: OpenSSL: tls_connection_handshake - Failed to read (Closes: #561081). + wpasupplicant: new upstream release 2.2 (Closes: #718651). + wpasupplicant: -s option not documented in man page (Closes: #608135). - refresh patches: + drop 13_human_readable_signal.patch, applied upstream. + drop hostapd_fix-WDS-VLAN-bridge-handling.patch, applied upstream. + drop fix-spelling-s-algorith-algorithm.patch, applied upstream. - adapt build configs for hostapd/ wpa_supplicant 2.2: + sync with updated upstream defconfigs. + keep Hotspot 2.0 support disabled for the time being. + hostapd: keep sqlite3 support disabled for the time being. - update debian/copyright manually, the wpa v2 branch was relicensed from (BSD-3-clause || GPL-2) to BSD-3-clause only (for the most part). This doesn't change the licensing state as the BSD-3-clause license is compatible with GPL-2. * drop pre-wheezy /lib/init/rw/sendsigs.omit.d/ migration support, invert the versioned initscripts dependency to a versioned breaks relation. * migrate from /var/run/ to /run/. * adapt get-orig-source for wpa 2.2. * drop version qualifiers for libnl3 build dependencies, as they're fullfilled by wheezy. * drop version qualifiers for the lsb-base build dependency, as they're fullfilled by squeeze. * shorten short description for hostapd. * sort debian/control entries. * make lintian happy (invalid-short-name-in-dep5-copyright bsd) and call it BSD-3-clause. * enable DEBUG_SYSLOG and set DEBUG_SYSLOG_FACILITY=LOG_DAEMON, as requested by Cyril Brulebois to improve logging options for d-i and netcfg (Closes: #761922). * fix various typos around "existence", thanks to A. Costa , (Closes: #683636). * ap_config.c: fix typo for "capabilities". * remove no longer required lintian override (spelling-error-in-binary for the). -- Stefan Lippers-Hollmann Wed, 17 Sep 2014 04:52:36 +0200 wpa (2.1-0ubuntu8) wily; urgency=medium * SECURITY UPDATE: memcpy overflow in P2P functionality - debian/patches/CVE-2015-1863.patch: validate SID element length in src/p2p/p2p.c. - CVE-2015-1863 * SECURITY UPDATE: denial of service via WPS UPnP - debian/patches/CVE-2015-4141.patch: check chunk size in src/wps/httpread.c. - CVE-2015-4141 * SECURITY UPDATE: denial of service via AP mode WMM Action frame - debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c. - CVE-2015-4142 * SECURITY UPDATE: denial of service via EAP-pwd - debian/patches/CVE-2015-4143-4146.patch: check lengths in src/eap_peer/eap_pwd.c, src/eap_server/eap_server_pwd.c. - CVE-2015-4143 - CVE-2015-4144 - CVE-2015-4145 - CVE-2015-4146 -- Marc Deslauriers Mon, 15 Jun 2015 10:21:54 -0400 # For older changelog entries, run 'apt-get changelog wpasupplicant'