wpa 2:2.4-1.1ubuntu1 source package in Ubuntu

Changelog

wpa (2:2.4-1.1ubuntu1) bionic; urgency=medium

  * Merge with Debian unstable; remaining changes:
    - debian/patches/wpa_service_ignore-on-isolate.patch: add
      IgnoreOnIsolate=yes so that when switching "runlevels" in oem-config
      will not kill off wpa and cause wireless to be unavailable on first
      boot.
    - debian/patches/session-ticket.patch: disable the TLS Session Ticket
      extension to fix auth with 802.1x PEAP on some hardware.
    - debian/patches/android_hal_fw_path_change.patch: add a DBus method
      for requesting a firmware change when working with the Android HAL;
      this is used to set a device in P2P or AP mode; conditional to
      CONFIG_ANDROID_HAL being enabled.
    - debian/config/wpasupplicant/linux: enable CONFIG_ANDROID_HAL.
    - debian/control: Build-Depends on android-headers to get the required
      wifi headers for the HAL support.
    - debian/patches/dbus-available-sta.patch: Make the list of connected
      stations available on DBus for hotspot mode; along with some of the
      station properties, such as rx/tx packets, bytes, capabilities, etc.

wpa (2:2.4-1.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix multiple issues in WPA protocol (CVE-2017-13077, CVE-2017-13078,
    CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
    CVE-2017-13086, CVE-2017-13087, CVE-2017-13088):
    - hostapd: Avoid key reinstallation in FT handshake
    - Prevent reinstallation of an already in-use group key
    - Extend protection of GTK/IGTK reinstallation of
    - Fix TK configuration to the driver in EAPOL-Key 3/4
    - Prevent installation of an all-zero TK
    - Fix PTK rekeying to generate a new ANonce
    - TDLS: Reject TPK-TK reconfiguration
    - WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode
    - WNM: Ignore WNM-Sleep Mode Response without pending
    - FT: Do not allow multiple Reassociation Response frames
    - TDLS: Ignore incoming TDLS Setup Response retries

wpa (2:2.4-1) unstable; urgency=medium

  [ Vincent Danjean ]
  * Build with libssl1.0-dev (Closes: #828601).
  * Add an upstream patch to fix hostapd in SMPS mode (Closes: #854719).

  [ Andrew Shadura ]
  * Don't install debian/system-sleep/wpasupplicant (originally introduced
    to fix LP: #1422143), it doesn't improve the state of the things,
    introduces regressions in some cases, and at all isn't supposed to
    work with how wpa-supplicant is started these days (Closes: #835648).
  * Bump the epoch to 2:, so that we can set the upstream version to
    what we really mean. It also has to be higher than 2.6 in unstable
    and 1:2.6 (what hostapd binary package in unstable has).
  * Drop the binary package epoch override.

wpa (2.5-2+v2.4-3) unstable; urgency=medium

  [ Helmut Grohne ]
  * Address FTCBFS: Set PKG_CONFIG (Closes: #836074).

  [ Andrew Shadura ]
  * Don't run wpa_cli suspend/resume if /run/wpa_supplicant isn't around
    (Closes: #835648).

wpa (2.5-2+v2.4-2) unstable; urgency=medium

  * Apply patches from upstream to unbreak dedicated P2P Device support
    (closes: #833402).
  * Reapply an accidentally lost patch to fix pkcs11 OpenSSL engine
    initialisation (Closes: #827253).
  * Retroactively redact the last changelog entry to represent the actual
    upload more accurately.

wpa (2.5-2+v2.4-1) unstable; urgency=medium

  [ Ricardo Salveti de Araujo ]
  * debian/patches/dbus-fix-operations-for-p2p-mgmt.patch: fix operations
    when P2P management interface is used (LP: #1482439)

  [ Stefan Lippers-Hollmann ]
  * wpasupplicant: install systemd unit (Closes: #766746).
  * wpasupplicant: configure driver fallback for networkd.
  * import changelogs from the security queues.
  * move previous patch for CVE-2015-1863 into a new subdirectory,
    debian/patches/2015-1/.
  * replace the Debian specific patch "wpasupplicant: fix systemd unit
    dependencies" with a backport of its official upstream change "systemd:
    Order wpa_supplicant before network.target".
  * fix dependency odering when invoked with DBus, by making sure that DBus
    isn't shut down before wpa_supplicant, as that would also bring down
    wireless links which are still holding open NFS shares. Thanks to Facundo
    Gaich <email address hidden> and Michael Biebl <email address hidden>
    (Closes: #785579).
  * import NMU changelogs and integrate NMU changes.
  * Add patches to address CVE-2016-4476 and CVE-2016-4477, thanks to Salvatore
    Bonaccorso <email address hidden> (Closes: #823411):
    - WPS: Reject a Credential with invalid passphrase
    - Reject psk parameter set with invalid passphrase character
    - Remove newlines from wpa_supplicant config network output
    - Reject SET_CRED commands with newline characters in the string values
    - Reject SET commands with newline characters in the string values
  * use --buildsystem=qmake_qt4 (available since dh 8.9.1) for debhelper
    (Closes: #823171).
  * fix clean target, by splitting the find call into individual searches.
  * building wpa in a current unstable chroot using debhelper >= 9.20151219
    will introduce automatic dbgsym packages, thereby indirectly providing
    the requested debug packages for stretch and upwards (Closes: #729934).
    Don't add a versioned build-dependency in order to avoid unnecessary
    complications with backports.
  * change Vcs-Browser location to prefer https, but keep the unsecure tag for
    Vcs-Svn, as there is no option allowing to pull from the svn+ssh://
    location without an alioth account, this only makes lintian partially happy
    in regards to vcs-field-uses-insecure-uri.
  * debian/*: fix spelling errors noticed by lintian.
  * drop the obsolete Debian menu entry for wpa_gui, according to the tech-ctte
    decision on #741573.
  * fix debian/get-orig-source for wpa 2.6~.
  * add debian/watch file for the custom tarball generation.

  [ Paul Donohue ]
  * debian/ifupdown/functions.sh: Fix handling for "wpa-roam". Call ifquery
    instead of directly parsing /run/*/ifstate files to work with current
    ifupdown. (Closes: #545766, LP: #1545363)

  [ Martin Pitt ]
  * Add debian/system-sleep/wpasupplicant: Call wpa_cli suspend/resume
    before/after suspend, like the pm-utils hook. In some cases this brings
    back missing Wifi connection after resuming. (LP: #1422143)

  [ Andrew Shadura ]
  * Backout 2.5 release, switch to 2.4 (see #833507 for details).
  * New upstream release (Closes: #806889).
  * Refresh patches, drop patches applied upstream.
  * Update Vcs-* to point to Git.

wpa (2.3-2.4) unstable; urgency=medium

  * Non-maintainer upload.
  * Add patches to address CVE-2016-4476 and CVE-2016-4477, thanks to
    Salvatore Bonaccorso <email address hidden> (Closes: #823411):
    - WPS: Reject a Credential with invalid passphrase
    - Reject psk parameter set with invalid passphrase character
    - Remove newlines from wpa_supplicant config network output
    - Reject SET_CRED commands with newline characters in the string values
    - Reject SET commands with newline characters in the string values
  * Refresh patches to apply cleanly.

wpa (2.3-2.3) unstable; urgency=high

  * Non-maintainer upload.
  * Add patch to address CVE-2015-5310.
    CVE-2015-5310: wpa_supplicant unauthorized WNM Sleep Mode GTK control.
    (Closes: #804707)
  * Add patches to address CVE-2015-5314 and CVE-2015-5315.
    CVE-2015-5314: hostapd: EAP-pwd missing last fragment length validation.
    CVE-2015-5315: wpa_supplicant: EAP-pwd missing last fragment length
    validation. (Closes: #804708)
  * Add patch to address CVE-2015-5316.
    CVE-2015-5316: EAP-pwd peer error path failure on unexpected Confirm
    message. (Closes: #804710)

wpa (2.3-2.2) unstable; urgency=high

  * Non-maintainer upload.
  * Add patch to address CVE-2015-4141.
    CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer
    encoding. (Closes: #787372)
  * Add patch to address CVE-2015-4142.
    CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing.
    (Closes: #787373)
  * Add patches to address CVE-2015-414{3,4,5,6}
    CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing
    payload length validation. (Closes: #787371)
  * Add patch to address 2015-5 vulnerability.
    NFC: Fix payload length validation in NDEF record parser (Closes: #795740)
  * Thanks to Julian Wollrath <email address hidden> for the initial debdiff
    provided in #787371.

wpa (2.3-2.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Import four patches from upstream git (wpasupplicant_band_selection_*.patch),
    manually unfuzzed, to improve 2.4/5 GHz band selection. (Closes: #795722)

 -- Marc Deslauriers <email address hidden>  Fri, 10 Nov 2017 08:20:13 -0500