wpa 2:2.8-2ubuntu1 source package in Ubuntu

Changelog

wpa (2:2.8-2ubuntu1) eoan; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/patches/wpa_service_ignore-on-isolate.patch: add
      IgnoreOnIsolate=yes so that when switching "runlevels" in oem-config
      will not kill off wpa and cause wireless to be unavailable on first
      boot.
    - debian/patches/session-ticket.patch: disable the TLS Session Ticket
      extension to fix auth with 802.1x PEAP on some hardware.
  * Dropped changes, upstream:
    - debian/patches/CVE-2019-11555-1.patch: fix reassembly buffer handling
      in src/eap_server/eap_server_pwd.c.
    - debian/patches/CVE-2019-11555-2.patch: fix reassembly buffer handling
      in src/eap_peer/eap_pwd.c.
    - debian/patches/VU-871675/*.patch: backported upstream patches.
  * Remove android-headers build-depends

wpa (2:2.8-2) experimental; urgency=medium

  * Delete patches applied upstream.
  * Apply upstream patch:
    - Fix a regression in storing of external_auth SSID/BSSID
  * Synchronise wpasupplicant configuration with the upstream.

wpa (2:2.8-1) experimental; urgency=medium

  * Upload to experimental.
  * New upstream release.
  * Update the watch file.
  * Drop debian/README-DPP, install shipped READMEs.
  * Refresh patches.

wpa (2:2.7+git20190128+0c1e29f-5) unstable; urgency=high

  * Fix security issue 2019-5:
    - EAP-pwd message reassembly issue with unexpected fragment
      (Closes: #927463, no CVE assigned).

wpa (2:2.7+git20190128+0c1e29f-4) unstable; urgency=high

  * Apply security fixes (Closes: #926801):
    - CVE-2019-9494: SAE cache attack against ECC groups (VU#871675)
    - CVE-2019-9495: EAP-pwd cache attack against ECC groups
    - CVE-2019-9496: SAE confirm missing state validation
    - CVE-2019-9497: EAP-pwd server not checking for reflection attack
    - CVE-2019-9498: EAP-pwd server missing commit validation for scalar/element
    - CVE-2019-9499: EAP-pwd peer missing commit validation for scalar/element

    For more details, see:
    - https://w1.fi/security/2019-1/
    - https://w1.fi/security/2019-2/
    - https://w1.fi/security/2019-3/
    - https://w1.fi/security/2019-4/

wpa (2:2.7+git20190128+0c1e29f-3) unstable; urgency=medium

  * Print the warning and exit after sourcing /lib/lsb/init-functions
    (Closes: #924666).
  * Recognise multiple configs in DAEMON_CONF and verify them all.
  * Fix ENGINE support with OpenSSL 1.1+ (Closes: #924632).

wpa (2:2.7+git20190128+0c1e29f-2) unstable; urgency=medium

  * Apply an RFC patch to work around big endian keyidx.
    This is likely to fix #919138, but more testing is needed.

wpa (2:2.7+git20190128+0c1e29f-1) unstable; urgency=medium

  * Upload to unstable.
  * New upstream snapshot 2.7+git20190128+0c1e29f.
  * Add Files-Excluded to debian/copyright.
  * Watch the upstream git.
  * Refresh hostapd/wpasupplicant configs, enable CONFIG_GETRANDOM
    (Closes: #914490)

wpa (2:2.7+git20190108+11ce7a1-2) experimental; urgency=medium

  * Disable MBO, FILS, FILS_SK_PFS, MESH, they cause failures
    with some drivers.

wpa (2:2.7+git20190108+11ce7a1-1) experimental; urgency=medium

  * New upstream snapshot.
  * Drop patches applied upstream.

wpa (2:2.7-3) unstable; urgency=medium

  * Upload to unstable.
  * Refresh dbus-available-sta.patch from the upstream.
  * Since we use Type=forking, pass -B to hostapd (Closes: #918861).
  * Apply upstream fixes for 802.1X 4-way handshake offload.
  * Bump Standards-Version to 4.3.0.
  * Use debhelper-compat (= 12).
  * Drop dh_systemd_enable calls and overrides.
  * Move manual installs into .install as much as possible.
  * Drop ancient preinst scripts.
  * Add Pre-Depends to hostapd.
  * Display a warning if DAEMON_CONF is not /etc/hostapd/hostapd.conf.
  * Default to /etc/hostapd/hostapd.conf.
  * Update README.Debian in hostapd.

wpa (2:2.7-2) experimental; urgency=medium

  * Re-enable TLSv1.0 and security level 1 for wpasupplicant
    (Closes: #907518, #911297).
  * Enable more build-time options.
  * Flip CONFIG_DRIVER_MACSEC_QCA on Linux and kFreeBSD
  * Add DPP README.
  * Make wpa_supplicant reproducible.

wpa (2:2.7-1) experimental; urgency=medium

  * New upstream version 2.7.
  * Enable FILS.
  * Add debian/upstream/signing-key.asc, update debian/watch to
    verify PGP signatures on tarballs.

wpa (2:2.7~git20181004+1dd66fc-1) experimental; urgency=medium

  * New upstream snapshot 2.7~git20181004+1dd66fc.

wpa (2:2.7~git20180706+420b5dd-1) experimental; urgency=medium

  * New upstream snapshot 2.7~git20180706+420b5dd.
  * Disable dbus-available-sta.patch since it is not ready for use yet.
  * Enable OWE, DPP and SAE

wpa (2:2.7~git20180606+b915f2c-1) experimental; urgency=medium

  * New upstream snapshot 2.7~git20180606+b915f2c.
  * Remove dbus changes to StaAuthorized/StaDeauthorized after discussions
    with the upstream.

wpa (2:2.7~git20180504+60a5737-1) experimental; urgency=medium

  * New upstream snapshot 2.7~git20180504+60a5737.
  * Synchronise configs from the upstream.
  * Drop patches previously cherry-picked from the upstream.
  * Support ACS (Closes: #885957).

 -- Julian Andres Klode <email address hidden>  Wed, 08 May 2019 11:57:47 +0200