-
wpa (2:2.6-21ubuntu3.3) disco-security; urgency=medium
* SECURITY UPDATE: Incorrect indication of disconnection in certain
situations
- debian/patches/CVE-2019-16275.patch: silently ignore management
frame from unexpected source address in src/ap/drv_callbacks.c,
src/ap/ieee882_11.c.
- CVE-2019-16275
-- <email address hidden> (Leonidas S. Barbosa) Tue, 17 Sep 2019 08:52:38 -0300
-
wpa (2:2.6-21ubuntu3.2) disco-security; urgency=medium
* SECURITY UPDATE: SAE/EAP-pwd side-channel attack w/Brainpool curves
- debian/patches/CVE-2019-13377-2.patch: use const_time_memcmp() for
pwd_value >= prime comparison in src/eap_common/eap_pwd_common.c.
- debian/patches/CVE-2019-13377-3.patch: use BN_bn2binpad() or
BN_bn2bin_padded() if available in src/crypto/crypto_openssl.c.
- debian/patches/CVE-2019-13377-5.patch: run through prf result
processing even if it >= prime in src/eap_common/eap_pwd_common.c.
- debian/patches/CVE-2019-13377-pre6.patch: disallow ECC groups with a
prime under 256 bits in src/eap_common/eap_pwd_common.c.
- debian/patches/CVE-2019-13377-6.patch: disable use of groups using
Brainpool curves in src/eap_common/eap_pwd_common.c.
- CVE-2019-13377
-- Marc Deslauriers <email address hidden> Tue, 13 Aug 2019 13:59:04 -0400
-
wpa (2:2.6-21ubuntu3.1) disco-security; urgency=medium
* SECURITY UPDATE: EAP-pwd DoS via unexpected fragment
- debian/patches/CVE-2019-11555-1.patch: fix reassembly buffer handling
in src/eap_server/eap_server_pwd.c.
- debian/patches/CVE-2019-11555-2.patch: fix reassembly buffer handling
in src/eap_peer/eap_pwd.c.
- CVE-2019-11555
-- Marc Deslauriers <email address hidden> Wed, 01 May 2019 09:57:53 -0400
-
wpa (2:2.6-21ubuntu3) disco; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/VU-871675/*.patch: backported upstream patches.
- CVE-2019-9495
- CVE-2019-9497
- CVE-2019-9498
- CVE-2019-9499
-- Marc Deslauriers <email address hidden> Wed, 10 Apr 2019 12:54:21 -0400
-
wpa (2:2.6-21ubuntu2) disco; urgency=medium
* No-change rebuild for readline soname change.
-- Matthias Klose <email address hidden> Mon, 14 Jan 2019 20:07:20 +0000
-
wpa (2:2.6-21ubuntu1) disco; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/wpa_service_ignore-on-isolate.patch: add
IgnoreOnIsolate=yes so that when switching "runlevels" in oem-config
will not kill off wpa and cause wireless to be unavailable on first
boot.
- debian/patches/session-ticket.patch: disable the TLS Session Ticket
extension to fix auth with 802.1x PEAP on some hardware.
* Dropped Android integration (LP: #1734568):
- debian/patches/android_hal_fw_path_change.patch: add a DBus method
for requesting a firmware change when working with the Android HAL;
this is used to set a device in P2P or AP mode; conditional to
CONFIG_ANDROID_HAL being enabled.
- debian/config/wpasupplicant/linux: enable CONFIG_ANDROID_HAL.
- debian/control: Build-Depends on android-headers to get the required
wifi headers for the HAL support.
wpa (2:2.6-21) unstable; urgency=medium
* Fix a typo in the patch.
wpa (2:2.6-20) unstable; urgency=medium
* Rework the TLSv1.0 patch.
wpa (2:2.6-19) unstable; urgency=medium
[ Ondřej Nový ]
* d/copyright: Use https protocol in Format field
* d/changelog: Remove trailing whitespaces
[ Andrej Shadura ]
* Re-enable TLSv1.0 and security level 1 for wpasupplicant.
(Closes: #907518, #911297).
* Modernise debian/rules.
-- Julian Andres Klode <email address hidden> Mon, 07 Jan 2019 08:28:15 +0100
-
wpa (2:2.6-18ubuntu1) cosmic; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/wpa_service_ignore-on-isolate.patch: add
IgnoreOnIsolate=yes so that when switching "runlevels" in oem-config
will not kill off wpa and cause wireless to be unavailable on first
boot.
- debian/patches/session-ticket.patch: disable the TLS Session Ticket
extension to fix auth with 802.1x PEAP on some hardware.
- debian/patches/android_hal_fw_path_change.patch: add a DBus method
for requesting a firmware change when working with the Android HAL;
this is used to set a device in P2P or AP mode; conditional to
CONFIG_ANDROID_HAL being enabled.
- debian/config/wpasupplicant/linux: enable CONFIG_ANDROID_HAL.
- debian/control: Build-Depends on android-headers to get the required
wifi headers for the HAL support.
wpa (2:2.6-18) unstable; urgency=high
* Fix NL80211_ATTR_SMPS_MODE encoding (Closes: #903952)
* SECURITY UPDATE:
- CVE-2018-14526: Ignore unauthenticated encrypted EAPOL-Key data
(Closes: #905739)
wpa (2:2.6-17) unstable; urgency=medium
* Fix get-orig-source so that it can produce pre-release snapshots.
* Remove dbus changes to StaAuthorized/StaDeauthorized after discussions
with the upstream.
-- Julian Andres Klode <email address hidden> Thu, 16 Aug 2018 11:22:10 +0200
