-
wpasupplicant (0.7.3-6ubuntu2.5) precise-security; urgency=medium
* SECURITY UPDATE: Incorrect indication of disconnection in certain
situations
- debian/patches/CVE-2019-16275.patch: silently ignore management
frame from unexpected source address in src/ap/drv_callbacks.c,
src/ap/ieee882_11.c.
- CVE-2019-16275
-- <email address hidden> (Leonidas S. Barbosa) Tue, 17 Sep 2019 10:27:33 -0300
-
wpasupplicant (0.7.3-6ubuntu2.4) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via AP mode WMM Action frame
- debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
- CVE-2015-4142
-- Marc Deslauriers <email address hidden> Mon, 15 Jun 2015 10:35:48 -0400
-
wpasupplicant (0.7.3-6ubuntu2.3) precise-security; urgency=medium
* SECURITY UPDATE: arbitrary command execution via unsanitized string
passed to action scripts by wpa_cli
- debian/patches/CVE-2014-3686.patch: added os_exec() helper to
src/utils/os.h, src/utils/os_unix.c, src/utils/os_win32.c,
use instead of system() in wpa_supplicant/wpa_cli.c.
- CVE-2014-3686
-- Marc Deslauriers <email address hidden> Fri, 10 Oct 2014 09:23:53 -0400
-
wpasupplicant (0.7.3-6ubuntu2.2) precise-proposed; urgency=low
* Multiple patches to reduce the number of disconnections for WPA Enterprise
roaming and Opportunistic Key Caching. (LP: #1187524)
* In debian/patches:
0001-sme-fix-retry-after-auth-assoc-timeout-failure.patch,
0002-sme-optimize-recovery-from-common-load-balancing-mechanisms.patch,
0003-sme-blacklist-bss-on-first-failure-if-only-a-*.patch,
0004-sme-extend-load-balancing-optimization-in-bss-blacklisting.patch,
0005-sme-optimize-recovery-from-association-command-failures.patch,
0006-sme-add-timers-for-authentication-and-association.patch,
0007-sme-nl80211-set-cipher-suites.patch:
Cherry-pick patches fixing SME (Session Management Entity) for the nl80211
driver, which works as a basis for the OKC patches.
* In debian/patches:
0001-pmkokc-Set-portValid-TRUE-on-association-for-driver-based-4.patch,
0002-pmkokc-Clear-WPA-and-EAPOL-state-machine-config-pointer-on-.patch,
0003-pmkokc-Clear-driver-PMKSA-cache-entry-on-PMKSA-cache-expira.patch,
0004-pmkokc-Flush-PMKSA-cache-entries-and-invalidate-EAP-state-o.patch,
0005-pmkokc-Fix-proactive_key_caching-configuration-to-WPA-code.patch,
0006-pmkokc-RSN-Add-a-debug-message-when-considing-addition-of-O.patch,
0007-pmkokc-Clear-OKC-based-PMKSA-caching-entries-if-PMK-is-chan.patch,
0008-pmkokc-Move-wpa_sm_remove_pmkid-call-to-PMKSA-cache-entry-f.patch,
0009-pmkokc-Use-PMKSA-cache-entries-with-only-a-single-network-c.patch,
0010-pmkokc-PMKSA-Do-not-evict-active-cache-entry-when-adding-ne.patch,
0011-pmkokc-PMKSA-Set-cur_pmksa-pointer-during-initial-associati.patch,
0012-pmkokc-PMKSA-make-deauthentication-due-to-cache-entry-remov.patch,
0013-pmkokc-PMKSA-update-current-cache-entry-due-to-association-.patch:
Cherry-pick patches to properly do OKC (Opportunistic Key Caching) which
helps maintaining connectivity on networks secured with WPA Enterprise,
especially on nl80211-based drivers -- these patches require SME, and add
or fix key caching and handling of the cache entries.
* debian/patches/force-enable-okc.patch: force Opportunistic Key Caching to
be enabled.
* debian/patches/less-aggressive-roaming.patch: use less aggressive roaming
settings to avoid switching to another AP unnecessarily, when the actual
signal level difference is small.
* debian/patches/wpa_supplicant-dbus-null-error.patch: Don't send NULL to
dbus_message_new_error().
* debian/patches/0001-nl80211-Fix-UNSPEC-signal-quality-reporting.patch: fix
marking qual as invalid rather than signal level.
* debian/patches/wpa_supplicant-squelch-driver-disconnect-spam.patch: recover
cleanly from streams of disconnect messages (like on iwl3945).
* debian/patches/wpa_supplicant-assoc-timeout.patch: increase association
timeouts.
-- Mathieu Trudel-Lapierre <email address hidden> Wed, 12 Jun 2013 15:57:50 -0400
-
wpasupplicant (0.7.3-6ubuntu2.1) precise-proposed; urgency=low
* debian/patches/session-ticket.patch: disable the TLS Session Ticket
extension to fix auth with 802.1x PEAP on some hardware. (LP: #969343)
-- Mathieu Trudel-Lapierre <email address hidden> Mon, 17 Sep 2012 17:08:22 -0400
-
wpasupplicant (0.7.3-6ubuntu2) precise; urgency=low
* debian/wpasupplicant.postinst: don't fail package configuration if the
sendsig omission files can't be migrated from /lib/init/rw to /run.
Thanks to Anthony Fok for the patch. (LP: #935678)
-- Mathieu Trudel-Lapierre <email address hidden> Fri, 16 Mar 2012 09:55:12 -0400
-
wpasupplicant (0.7.3-6ubuntu1) precise; urgency=low
* debian/patches/dbus-activation-cmdline.patch: have wpasupplicant create
a pid file in /run/sendsigs.omit.d when activated by DBus. (LP: #869635)
-- Mathieu Trudel-Lapierre <email address hidden> Thu, 16 Feb 2012 16:21:29 -0500
-
wpasupplicant (0.7.3-6) unstable; urgency=low
* add "hostap: Allow linking with libnl-3" from Ben Greear
<email address hidden> to allow building against libnl3 3.2.
* raise versioned build-dependency to (>= 3.2.3-2~), we need
libnl-genl-3-200-udeb and expect it in /lib/.
* switch build dependency from libnl3-dev to libnl-3-dev && libnl-genl-3-dev
accordingly.
* symlink /usr/share/doc/wpasupplicant/ to /usr/share/doc/wpa_supplicant,
which is referred to from upstream documentation (Closes: #537375,
#616120).
* enable BGSCAN_SIMPLE (Closes: #650834).
* add "For MS-CHAP, convert the password from UTF-8 to UCS-2" from
Evan Broder <email address hidden>, accepted upstream into hostap-1.git
(Closes: #649202).
-- Stefan Lippers-Hollmann <email address hidden> Mon, 19 Dec 2011 23:31:20 +0100
-
wpasupplicant (0.7.3-5ubuntu1) precise; urgency=low
* Release 0.7.3-6 from Debian's pkg-wpa SVN to Ubuntu Precise as
0.7.3-5ubuntu1. Leaving 0.7.3-6 as UNRELEASED for now.
-- Mathieu Trudel-Lapierre <email address hidden> Tue, 20 Dec 2011 21:10:04 -0500
-
wpasupplicant (0.7.3-5) unstable; urgency=low
* restrict wpasupplicant-udeb to linux-any, until a udeb for libpcap0.8 gets
available for kfreebsd-any (Closes: #644823).
* build-depend on libncurses5-dev explicitly, as it is no longer pulled in
indirectly.
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 28 Oct 2011 09:07:59 +0000
-
wpasupplicant (0.7.3-4) unstable; urgency=low
[ Kel Modderman ]
* Support /run/sendsigs.omit.d/ (Closes: #633040):
- depend on initscripts (>= 2.88dsf-13.3)
- create new omission pid files in /run/sendsigs.omit.d/ unconditionally
- migrate existing omission pid files from /lib/init/rw/ to
/run/sendsigs.omit.d/
* ACK NMU (Closes: #610931)
- add wpasupplicant-udeb
- build against libnl3
* Improve integration of the udeb addition with existing debian/rules:
- build the required binary in the build target in similar way to standard
package build
- install binary manually in dh_auto_install override rather than
wpasupplicant-udeb.install to handle renaming of binary
- sync udeb CFLAGS with the standard build
- allow potential for non-linux udebs, add a kfreebsd udeb configuration
snippet
* Filter the numerous hyphen-used-as-minus-sign informational messages
from lintian output.
* Add preferred options to debian/source/local-options to assist with quilt
patch management.
* Add patch for wpa_gui-qt4 which displays scan results signal strength in
dBm with bar indicator. (Closes: #630681)
[ Stefan Lippers-Hollmann ]
* make wpasupplicant-udeb arch=any, an initial kfreebsd udeb config is now
provided as well.
* use Package-Type instead of XC-Package-Type for wpasupplicant-udeb,
dpkg-dev >1.15.7 is available in squeeze.
* add a dependency on ${misc:Depends} for the udeb package as well.
* adapt debian/copyright to recent changes (r174) in DEP-5 and use the new
anonscm URL.
* don't use /run/sendsigs.omit.d/ if it hasn't already been created by
mountkernfs.sh (e.g. when using systemd), thanks to Michael Biebl.
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 17 Oct 2011 16:42:30 +0000
-
wpasupplicant (0.7.3-3.1) unstable; urgency=low
* Non-maintainer upload with the agreement of Kel Modderman.
[ Stefan Lippers-Hollmann ]
* bump standards version to 3.9.2, no changes necessary.
[ Gaudenz Steinlin ]
* Add wpasupplicant-udeb for debian-installer. Thanks to
Mathew Palmer for providing the initial patch. (Closes: #610931)
* Build against libnl3
-- Colin Watson <email address hidden> Mon, 08 Aug 2011 15:41:41 +0000
