-
wpa (2:2.9.0-21) unstable; urgency=high
* Fix typos in the package descriptions.
Thanks to Beatrice Torracca (Closes: #982673).
* SECURITY ISSUE:
- P2P: Fix a corner case in peer addition based on PD Request.
-- Andrej Shadura <email address hidden> Thu, 25 Feb 2021 22:19:14 +0100
-
wpa (2:2.9.0-20build1) hirsute; urgency=medium
* No-change rebuild to drop the udeb package.
-- Matthias Klose <email address hidden> Mon, 22 Feb 2021 10:46:14 +0100
-
wpa (2:2.9.0-20) unstable; urgency=medium
* Add IgnoreOnIsolate=yes to keep wpa-supplicant running while
systemctl isolate (LP: #1576024)
* Disable -Werror for eapol_test.
* Update descriptions of the packages.
* Prefer pkgconf to pkg-config.
* Set Rules-Requires-Root: no.
* Remove the unused system-sleep hook.
* Remove get-orig-source/uscan-hook.
* Use execute_before/execute_after instead of overrides in a few places.
* Update descriptions in init scripts and service files.
* Update wpasupplicant.README.Debian.
* Actually delete an old patch not accepted upstream.
-- Andrej Shadura <email address hidden> Fri, 12 Feb 2021 16:09:13 +0100
-
wpa (2:2.9.0-17ubuntu3) hirsute; urgency=medium
* No change rebuild with fixed ownership.
-- Dimitri John Ledkov <email address hidden> Tue, 16 Feb 2021 15:23:07 +0000
-
wpa (2:2.9.0-17ubuntu2) hirsute; urgency=medium
* Pass -Wno-error=stringop-overflow -Wno-error=format-truncation to fix
build on s390x and ppc64el.
wpa (2:2.9.0-17ubuntu1) hirsute; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/wpa_service_ignore-on-isolate.patch: add
IgnoreOnIsolate=yes so that when switching "runlevels" in oem-config
will not kill off wpa and cause wireless to be unavailable on first
boot.
- debian/patches/session-ticket.patch: disable the TLS Session Ticket
extension to fix auth with 802.1x PEAP on some hardware.
- debian/patches/git_roaming_interface.patch: backport upstream fix
'dbus: Move roam metrics to the correct interface', should reduces
the number of events
- debian/patches/nl80211-Unbreak-mode-processing-due-to-presence-of-S.patch:
backport upstream fix (commit 52a1b28345123c374fd0127cbce623c41a760730)
for S1G band (LP #1912609)
- debian/patches/git_dbus_bridge.patch: Allow changing an interface
bridge via D-Bus (LP #1893563)
wpa (2:2.9.0-17) unstable; urgency=medium
[ Salvatore Bonaccorso ]
* P2P: Fix copying of secondary device types for P2P group client
(CVE-2021-0326) (Closes: #981971).
wpa (2:2.9.0-16) unstable; urgency=high
* Restrict eapoltest to linux-any kfreebsd-any.
* Add an upstream patch to fix a crash with a long P2P interface name
(Closes: #976091).
* Security fix: CVE-2020-12695.
A vulnerability in the UPnP SUBSCRIBE command can trigger the AP to
initiate a HTTP (TCP/IP) connection to an arbitrary URL or to trigger
misbehavior in hostapd and cause the process to either get terminated
or to start using more CPU resources.
The issue can also be mitigated by building hostapd without UPnP support
(CONFIG_WPS_UPNP=n) or disabling it at runtime by removing the upnp_iface
parameter.
(Closes: #976106)
* Refresh patches.
wpa (2:2.9.0-15) unstable; urgency=medium
* Don’t fail the build on -Warray-bounds.
wpa (2:2.9.0-14) unstable; urgency=medium
[ Paul Menzel ]
* Fix unknown key warnings NetworkManager configuration drop-in.
* Update NetworkManager configuration drop-in.
* Remove defaults from NetworkManager configuration drop-in.
Closes: #951268, #966811.
[ Andrej Shadura ]
* Add fixes proposed upstream:
- Fix error message for radius_accept_attr config option
- Update WPS credentials on SIGHUP
wpa (2:2.9.0-13) unstable; urgency=medium
* Apply upstream patches:
- Avoid sending invalid mgmt frames at startup
- Increase introspection buffer size for D-Bus
wpa (2:2.9.0-12) unstable; urgency=medium
* Add an upstream patch to fix the MAC randomisation issue with some cards
(LP: #1867908).
wpa (2:2.9.0-11) unstable; urgency=medium
* Actually add autopkgtest for libwpa-client-dev and libwpa_test.c.
wpa (2:2.9.0-10) unstable; urgency=medium
* Rename the package with the client library to libwpa-client-dev.
wpa (2:2.9.0-9) unstable; urgency=medium
[ Terry Burton ]
* Build and install eapol_test in eapoltest package (Closes: #700870)
[ Didier Raboud ]
* Backport upstream patch to fix build with Debian's VERSION_STR.
[ Andrew Lee (李健秋) ]
* Build libwpa-dev binary package which contains a static
libwpa_client library and the wpa_ctrl header with an example program.
[ Andrej Shadura ]
* Add a patch to provide the BIT() macro locally in wpa_ctrl.h.
* Patch the example to use stddef.h and wpa_ctrl.h from the global location.
* Add an autopkgtest for libwpa-dev and libwpa_test.c.
wpa (2:2.9.0-8) unstable; urgency=medium
* Reupload as 2.9.0 to undo an accidental experimental upload to unstable.
wpa (2:2.9-7) unstable; urgency=medium
* Apply upstream patches:
- trace: handle binutils bfd.h breakage
- Check for FT support when selecting FT suites (Closes: #942164)
wpa (2:2.9-6) unstable; urgency=medium
[ Debian Janitor ]
* Use secure URI in Homepage field.
* Move source package lintian overrides to debian/source.
* Use canonical URL in Vcs-Browser.
* Rely on pre-initialized dpkg-architecture variables.
* Update standards version to 4.4.1, no changes needed.
[ Andrej Shadura ]
* Disable CONFIG_DRIVER_MACSEC_QCA on kfreebsd.
wpa (2:2.9-5) unstable; urgency=medium
* Fix erroneously inverted logic in postinst.
wpa (2:2.9-4) unstable; urgency=medium
[ Helmut Grohne ]
* Fix FTCBFS: Don’t export CC=cc (Closes: #921998).
[ Andrej Shadura ]
* Don’t act in hostapd.postinst if we’re running in a chrootless root.
* Apply an upstream patch:
- wpa_supplicant: Do not try to detect PSK mismatch during PTK rekeying.
wpa (2:2.9-3) unstable; urgency=medium
* Add pkg.wpa.nogui and noudeb build profiles.
wpa (2:2.9-2) unstable; urgency=medium
* SECURITY UPDATE:
- AP mode PMF disconnection protection bypass.
More details:
+ https://w1.fi/security/2019-7/
Closes: #940080 (CVE-2019-16275)
-- Julian Andres Klode <email address hidden> Fri, 12 Feb 2021 12:40:45 +0100
-
wpa (2:2.9.0-17ubuntu1) hirsute; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/wpa_service_ignore-on-isolate.patch: add
IgnoreOnIsolate=yes so that when switching "runlevels" in oem-config
will not kill off wpa and cause wireless to be unavailable on first
boot.
- debian/patches/session-ticket.patch: disable the TLS Session Ticket
extension to fix auth with 802.1x PEAP on some hardware.
- debian/patches/git_roaming_interface.patch: backport upstream fix
'dbus: Move roam metrics to the correct interface', should reduces
the number of events
- debian/patches/nl80211-Unbreak-mode-processing-due-to-presence-of-S.patch:
backport upstream fix (commit 52a1b28345123c374fd0127cbce623c41a760730)
for S1G band (LP #1912609)
- debian/patches/git_dbus_bridge.patch: Allow changing an interface
bridge via D-Bus (LP #1893563)
wpa (2:2.9.0-17) unstable; urgency=medium
[ Salvatore Bonaccorso ]
* P2P: Fix copying of secondary device types for P2P group client
(CVE-2021-0326) (Closes: #981971).
wpa (2:2.9.0-16) unstable; urgency=high
* Restrict eapoltest to linux-any kfreebsd-any.
* Add an upstream patch to fix a crash with a long P2P interface name
(Closes: #976091).
* Security fix: CVE-2020-12695.
A vulnerability in the UPnP SUBSCRIBE command can trigger the AP to
initiate a HTTP (TCP/IP) connection to an arbitrary URL or to trigger
misbehavior in hostapd and cause the process to either get terminated
or to start using more CPU resources.
The issue can also be mitigated by building hostapd without UPnP support
(CONFIG_WPS_UPNP=n) or disabling it at runtime by removing the upnp_iface
parameter.
(Closes: #976106)
* Refresh patches.
wpa (2:2.9.0-15) unstable; urgency=medium
* Don’t fail the build on -Warray-bounds.
wpa (2:2.9.0-14) unstable; urgency=medium
[ Paul Menzel ]
* Fix unknown key warnings NetworkManager configuration drop-in.
* Update NetworkManager configuration drop-in.
* Remove defaults from NetworkManager configuration drop-in.
Closes: #951268, #966811.
[ Andrej Shadura ]
* Add fixes proposed upstream:
- Fix error message for radius_accept_attr config option
- Update WPS credentials on SIGHUP
wpa (2:2.9.0-13) unstable; urgency=medium
* Apply upstream patches:
- Avoid sending invalid mgmt frames at startup
- Increase introspection buffer size for D-Bus
wpa (2:2.9.0-12) unstable; urgency=medium
* Add an upstream patch to fix the MAC randomisation issue with some cards
(LP: #1867908).
wpa (2:2.9.0-11) unstable; urgency=medium
* Actually add autopkgtest for libwpa-client-dev and libwpa_test.c.
wpa (2:2.9.0-10) unstable; urgency=medium
* Rename the package with the client library to libwpa-client-dev.
wpa (2:2.9.0-9) unstable; urgency=medium
[ Terry Burton ]
* Build and install eapol_test in eapoltest package (Closes: #700870)
[ Didier Raboud ]
* Backport upstream patch to fix build with Debian's VERSION_STR.
[ Andrew Lee (李健秋) ]
* Build libwpa-dev binary package which contains a static
libwpa_client library and the wpa_ctrl header with an example program.
[ Andrej Shadura ]
* Add a patch to provide the BIT() macro locally in wpa_ctrl.h.
* Patch the example to use stddef.h and wpa_ctrl.h from the global location.
* Add an autopkgtest for libwpa-dev and libwpa_test.c.
wpa (2:2.9.0-8) unstable; urgency=medium
* Reupload as 2.9.0 to undo an accidental experimental upload to unstable.
wpa (2:2.9-7) unstable; urgency=medium
* Apply upstream patches:
- trace: handle binutils bfd.h breakage
- Check for FT support when selecting FT suites (Closes: #942164)
wpa (2:2.9-6) unstable; urgency=medium
[ Debian Janitor ]
* Use secure URI in Homepage field.
* Move source package lintian overrides to debian/source.
* Use canonical URL in Vcs-Browser.
* Rely on pre-initialized dpkg-architecture variables.
* Update standards version to 4.4.1, no changes needed.
[ Andrej Shadura ]
* Disable CONFIG_DRIVER_MACSEC_QCA on kfreebsd.
wpa (2:2.9-5) unstable; urgency=medium
* Fix erroneously inverted logic in postinst.
wpa (2:2.9-4) unstable; urgency=medium
[ Helmut Grohne ]
* Fix FTCBFS: Don’t export CC=cc (Closes: #921998).
[ Andrej Shadura ]
* Don’t act in hostapd.postinst if we’re running in a chrootless root.
* Apply an upstream patch:
- wpa_supplicant: Do not try to detect PSK mismatch during PTK rekeying.
wpa (2:2.9-3) unstable; urgency=medium
* Add pkg.wpa.nogui and noudeb build profiles.
wpa (2:2.9-2) unstable; urgency=medium
* SECURITY UPDATE:
- AP mode PMF disconnection protection bypass.
More details:
+ https://w1.fi/security/2019-7/
Closes: #940080 (CVE-2019-16275)
-- Julian Andres Klode <email address hidden> Fri, 12 Feb 2021 11:25:17 +0100
-
wpa (2:2.9-1ubuntu10) hirsute; urgency=medium
* debian/patches/git_dbus_bridge.patch
- Allow changing an interface bridge via D-Bus (lp: #1893563)
[ Andrej Shadura ]
* Security fix: CVE-2020-12695.
A vulnerability in the UPnP SUBSCRIBE command can trigger the AP to
initiate a HTTP (TCP/IP) connection to an arbitrary URL or to trigger
misbehavior in hostapd and cause the process to either get terminated
or to start using more CPU resources.
The issue can also be mitigated by building hostapd without UPnP support
(CONFIG_WPS_UPNP=n) or disabling it at runtime by removing the upnp_iface
parameter.
(Closes: #976106)
[ Paolo Pisati ]
* debian/patches/nl80211-Unbreak-mode-processing-due-to-presence-of-S.patch:
- backport upstream fix (commit 52a1b28345123c374fd0127cbce623c41a760730)
for S1G band (lp: #1912609)
-- Sebastien Bacher <email address hidden> Thu, 28 Jan 2021 15:10:07 +0100
-
wpa (2:2.9-1ubuntu9) hirsute; urgency=medium
* debian/patches/git_name_limit.patch:
- backport a fix for a segfault which is impacting the GNOME display
sharing option (lp: #1899041)
-- Sebastien Bacher <email address hidden> Tue, 01 Dec 2020 13:53:43 +0100
-
wpa (2:2.9-1ubuntu8) groovy; urgency=medium
* debian/patches/Check-for-FT-support-when-selecting-FT-suites.patch:
- Backport upstream fix "Check for FT support when selecting FT suites" to
fix drivers without FT support (lp: #1881549).
-- Kai-Heng Feng <email address hidden> Wed, 10 Jun 2020 11:48:39 +0800
