[ubuntu/hirsute-proposed] wpa 2:2.9.0-17ubuntu2 (Accepted)
Julian Andres Klode
juliank at ubuntu.com
Fri Feb 12 11:43:11 UTC 2021
wpa (2:2.9.0-17ubuntu2) hirsute; urgency=medium
* Pass -Wno-error=stringop-overflow -Wno-error=format-truncation to fix
build on s390x and ppc64el.
wpa (2:2.9.0-17ubuntu1) hirsute; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/wpa_service_ignore-on-isolate.patch: add
IgnoreOnIsolate=yes so that when switching "runlevels" in oem-config
will not kill off wpa and cause wireless to be unavailable on first
boot.
- debian/patches/session-ticket.patch: disable the TLS Session Ticket
extension to fix auth with 802.1x PEAP on some hardware.
- debian/patches/git_roaming_interface.patch: backport upstream fix
'dbus: Move roam metrics to the correct interface', should reduces
the number of events
- debian/patches/nl80211-Unbreak-mode-processing-due-to-presence-of-S.patch:
backport upstream fix (commit 52a1b28345123c374fd0127cbce623c41a760730)
for S1G band (LP #1912609)
- debian/patches/git_dbus_bridge.patch: Allow changing an interface
bridge via D-Bus (LP #1893563)
wpa (2:2.9.0-17) unstable; urgency=medium
[ Salvatore Bonaccorso ]
* P2P: Fix copying of secondary device types for P2P group client
(CVE-2021-0326) (Closes: #981971).
wpa (2:2.9.0-16) unstable; urgency=high
* Restrict eapoltest to linux-any kfreebsd-any.
* Add an upstream patch to fix a crash with a long P2P interface name
(Closes: #976091).
* Security fix: CVE-2020-12695.
A vulnerability in the UPnP SUBSCRIBE command can trigger the AP to
initiate a HTTP (TCP/IP) connection to an arbitrary URL or to trigger
misbehavior in hostapd and cause the process to either get terminated
or to start using more CPU resources.
The issue can also be mitigated by building hostapd without UPnP support
(CONFIG_WPS_UPNP=n) or disabling it at runtime by removing the upnp_iface
parameter.
(Closes: #976106)
* Refresh patches.
wpa (2:2.9.0-15) unstable; urgency=medium
* Don’t fail the build on -Warray-bounds.
wpa (2:2.9.0-14) unstable; urgency=medium
[ Paul Menzel ]
* Fix unknown key warnings NetworkManager configuration drop-in.
* Update NetworkManager configuration drop-in.
* Remove defaults from NetworkManager configuration drop-in.
Closes: #951268, #966811.
[ Andrej Shadura ]
* Add fixes proposed upstream:
- Fix error message for radius_accept_attr config option
- Update WPS credentials on SIGHUP
wpa (2:2.9.0-13) unstable; urgency=medium
* Apply upstream patches:
- Avoid sending invalid mgmt frames at startup
- Increase introspection buffer size for D-Bus
wpa (2:2.9.0-12) unstable; urgency=medium
* Add an upstream patch to fix the MAC randomisation issue with some cards
(LP: #1867908).
wpa (2:2.9.0-11) unstable; urgency=medium
* Actually add autopkgtest for libwpa-client-dev and libwpa_test.c.
wpa (2:2.9.0-10) unstable; urgency=medium
* Rename the package with the client library to libwpa-client-dev.
wpa (2:2.9.0-9) unstable; urgency=medium
[ Terry Burton ]
* Build and install eapol_test in eapoltest package (Closes: #700870)
[ Didier Raboud ]
* Backport upstream patch to fix build with Debian's VERSION_STR.
[ Andrew Lee (李健秋) ]
* Build libwpa-dev binary package which contains a static
libwpa_client library and the wpa_ctrl header with an example program.
[ Andrej Shadura ]
* Add a patch to provide the BIT() macro locally in wpa_ctrl.h.
* Patch the example to use stddef.h and wpa_ctrl.h from the global location.
* Add an autopkgtest for libwpa-dev and libwpa_test.c.
wpa (2:2.9.0-8) unstable; urgency=medium
* Reupload as 2.9.0 to undo an accidental experimental upload to unstable.
wpa (2:2.9-7) unstable; urgency=medium
* Apply upstream patches:
- trace: handle binutils bfd.h breakage
- Check for FT support when selecting FT suites (Closes: #942164)
wpa (2:2.9-6) unstable; urgency=medium
[ Debian Janitor ]
* Use secure URI in Homepage field.
* Move source package lintian overrides to debian/source.
* Use canonical URL in Vcs-Browser.
* Rely on pre-initialized dpkg-architecture variables.
* Update standards version to 4.4.1, no changes needed.
[ Andrej Shadura ]
* Disable CONFIG_DRIVER_MACSEC_QCA on kfreebsd.
wpa (2:2.9-5) unstable; urgency=medium
* Fix erroneously inverted logic in postinst.
wpa (2:2.9-4) unstable; urgency=medium
[ Helmut Grohne ]
* Fix FTCBFS: Don’t export CC=cc (Closes: #921998).
[ Andrej Shadura ]
* Don’t act in hostapd.postinst if we’re running in a chrootless root.
* Apply an upstream patch:
- wpa_supplicant: Do not try to detect PSK mismatch during PTK rekeying.
wpa (2:2.9-3) unstable; urgency=medium
* Add pkg.wpa.nogui and noudeb build profiles.
wpa (2:2.9-2) unstable; urgency=medium
* SECURITY UPDATE:
- AP mode PMF disconnection protection bypass.
More details:
+ https://w1.fi/security/2019-7/
Closes: #940080 (CVE-2019-16275)
Date: Fri, 12 Feb 2021 12:40:45 +0100
Changed-By: Julian Andres Klode <juliank at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/wpa/2:2.9.0-17ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 12 Feb 2021 12:40:45 +0100
Source: wpa
Architecture: source
Version: 2:2.9.0-17ubuntu2
Distribution: hirsute
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Julian Andres Klode <juliank at ubuntu.com>
Closes: 700870 921998 940080 942164 951268 966811 976091 976106 981971
Launchpad-Bugs-Fixed: 1867908
Changes:
wpa (2:2.9.0-17ubuntu2) hirsute; urgency=medium
.
* Pass -Wno-error=stringop-overflow -Wno-error=format-truncation to fix
build on s390x and ppc64el.
.
wpa (2:2.9.0-17ubuntu1) hirsute; urgency=low
.
* Merge from Debian unstable. Remaining changes:
- debian/patches/wpa_service_ignore-on-isolate.patch: add
IgnoreOnIsolate=yes so that when switching "runlevels" in oem-config
will not kill off wpa and cause wireless to be unavailable on first
boot.
- debian/patches/session-ticket.patch: disable the TLS Session Ticket
extension to fix auth with 802.1x PEAP on some hardware.
- debian/patches/git_roaming_interface.patch: backport upstream fix
'dbus: Move roam metrics to the correct interface', should reduces
the number of events
- debian/patches/nl80211-Unbreak-mode-processing-due-to-presence-of-S.patch:
backport upstream fix (commit 52a1b28345123c374fd0127cbce623c41a760730)
for S1G band (LP #1912609)
- debian/patches/git_dbus_bridge.patch: Allow changing an interface
bridge via D-Bus (LP #1893563)
.
wpa (2:2.9.0-17) unstable; urgency=medium
.
[ Salvatore Bonaccorso ]
* P2P: Fix copying of secondary device types for P2P group client
(CVE-2021-0326) (Closes: #981971).
.
wpa (2:2.9.0-16) unstable; urgency=high
.
* Restrict eapoltest to linux-any kfreebsd-any.
* Add an upstream patch to fix a crash with a long P2P interface name
(Closes: #976091).
* Security fix: CVE-2020-12695.
A vulnerability in the UPnP SUBSCRIBE command can trigger the AP to
initiate a HTTP (TCP/IP) connection to an arbitrary URL or to trigger
misbehavior in hostapd and cause the process to either get terminated
or to start using more CPU resources.
The issue can also be mitigated by building hostapd without UPnP support
(CONFIG_WPS_UPNP=n) or disabling it at runtime by removing the upnp_iface
parameter.
(Closes: #976106)
* Refresh patches.
.
wpa (2:2.9.0-15) unstable; urgency=medium
.
* Don’t fail the build on -Warray-bounds.
.
wpa (2:2.9.0-14) unstable; urgency=medium
.
[ Paul Menzel ]
* Fix unknown key warnings NetworkManager configuration drop-in.
* Update NetworkManager configuration drop-in.
* Remove defaults from NetworkManager configuration drop-in.
Closes: #951268, #966811.
.
[ Andrej Shadura ]
* Add fixes proposed upstream:
- Fix error message for radius_accept_attr config option
- Update WPS credentials on SIGHUP
.
wpa (2:2.9.0-13) unstable; urgency=medium
.
* Apply upstream patches:
- Avoid sending invalid mgmt frames at startup
- Increase introspection buffer size for D-Bus
.
wpa (2:2.9.0-12) unstable; urgency=medium
.
* Add an upstream patch to fix the MAC randomisation issue with some cards
(LP: #1867908).
.
wpa (2:2.9.0-11) unstable; urgency=medium
.
* Actually add autopkgtest for libwpa-client-dev and libwpa_test.c.
.
wpa (2:2.9.0-10) unstable; urgency=medium
.
* Rename the package with the client library to libwpa-client-dev.
.
wpa (2:2.9.0-9) unstable; urgency=medium
.
[ Terry Burton ]
* Build and install eapol_test in eapoltest package (Closes: #700870)
.
[ Didier Raboud ]
* Backport upstream patch to fix build with Debian's VERSION_STR.
.
[ Andrew Lee (李健秋) ]
* Build libwpa-dev binary package which contains a static
libwpa_client library and the wpa_ctrl header with an example program.
.
[ Andrej Shadura ]
* Add a patch to provide the BIT() macro locally in wpa_ctrl.h.
* Patch the example to use stddef.h and wpa_ctrl.h from the global location.
* Add an autopkgtest for libwpa-dev and libwpa_test.c.
.
wpa (2:2.9.0-8) unstable; urgency=medium
.
* Reupload as 2.9.0 to undo an accidental experimental upload to unstable.
.
wpa (2:2.9-7) unstable; urgency=medium
.
* Apply upstream patches:
- trace: handle binutils bfd.h breakage
- Check for FT support when selecting FT suites (Closes: #942164)
.
wpa (2:2.9-6) unstable; urgency=medium
.
[ Debian Janitor ]
* Use secure URI in Homepage field.
* Move source package lintian overrides to debian/source.
* Use canonical URL in Vcs-Browser.
* Rely on pre-initialized dpkg-architecture variables.
* Update standards version to 4.4.1, no changes needed.
.
[ Andrej Shadura ]
* Disable CONFIG_DRIVER_MACSEC_QCA on kfreebsd.
.
wpa (2:2.9-5) unstable; urgency=medium
.
* Fix erroneously inverted logic in postinst.
.
wpa (2:2.9-4) unstable; urgency=medium
.
[ Helmut Grohne ]
* Fix FTCBFS: Don’t export CC=cc (Closes: #921998).
.
[ Andrej Shadura ]
* Don’t act in hostapd.postinst if we’re running in a chrootless root.
* Apply an upstream patch:
- wpa_supplicant: Do not try to detect PSK mismatch during PTK rekeying.
.
wpa (2:2.9-3) unstable; urgency=medium
.
* Add pkg.wpa.nogui and noudeb build profiles.
.
wpa (2:2.9-2) unstable; urgency=medium
.
* SECURITY UPDATE:
- AP mode PMF disconnection protection bypass.
More details:
+ https://w1.fi/security/2019-7/
Closes: #940080 (CVE-2019-16275)
Checksums-Sha1:
9c90957e0e3f082f4909905ede22c24d0d38d87b 2814 wpa_2.9.0-17ubuntu2.dsc
8c4bafede40b32890ab65ac120e1c24757878248 2347080 wpa_2.9.0.orig.tar.xz
d3aaab1ed825a5f7db97a47bf482662a595f8b4d 100396 wpa_2.9.0-17ubuntu2.debian.tar.xz
833e466c1417381e7978cbcb74d4dd5003687083 14068 wpa_2.9.0-17ubuntu2_source.buildinfo
Checksums-Sha256:
0dea55170cc07dde3d6f9758b3c1f9cdd88ab0696bea07b82674456fc9e7b89b 2814 wpa_2.9.0-17ubuntu2.dsc
4032da92d97cb555053d94d514d590d0ce066ca13ba5ef144063450bc56161a7 2347080 wpa_2.9.0.orig.tar.xz
e6c8f9413c53cd74508b5d26d9d771970425234f1d1cd35c92d31dda2d716b54 100396 wpa_2.9.0-17ubuntu2.debian.tar.xz
57772c672948a92235583b98ea915477e4d78ae57dbb55c55822c3428ad60965 14068 wpa_2.9.0-17ubuntu2_source.buildinfo
Files:
e9a22d0e25d81c58dd6998b612a60772 2814 net optional wpa_2.9.0-17ubuntu2.dsc
132953a85df36d0fca4df129b036ca06 2347080 net optional wpa_2.9.0.orig.tar.xz
afccfd2082a381a1ba8bbce27707b749 100396 net optional wpa_2.9.0-17ubuntu2.debian.tar.xz
cc874e4538252b1c42dec8d90c1eda71 14068 net optional wpa_2.9.0-17ubuntu2_source.buildinfo
Original-Maintainer: Debian wpasupplicant Maintainers <wpa at packages.debian.org>
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAmAmaaUTHGp1bGlhbmtA
dWJ1bnR1LmNvbQAKCRBvpFjdHbA/cQh0EACaJ8Vjes4soKcPcIExhUPLDkDn5CjV
ARFcnW+iHexS4tl2SWuD9RYIQJNnPLep66ZCUjiS5WIkz2qLDdathKA4tHIPgsoS
n9XkrrZv3LCOWMwlv1IZ/SSdSx48SZ9uyE3OTJJ67FZxJ2RwMpamT4DcBtrHUp/Q
NJRawy3FxNC1w8peXGNrk/IJwOFWrW+5sDiCNrD3HhlVoaJxL8kIMsxHYXARPmCL
/yk6or2BLYofsbvmGH2IzJdjNIBz4qHGKorpE/ZGBAp1mM5MkGwfLEOxi3Lh4EoO
6X5Yj10fRqFmBnuHVhiqlAziXWg07J2TBmZlmix1DATQYDrdAj71AruxiXAbLFvR
ex+Cusng5NnAhlfdwx2c1DJ48/6nz2Fa7PUKOr0mDtzZdnmX2qF/GUy54ancdmH0
Jy6FTYkH+im+yW6ZQZpWuozehL6p/iLoPSzgfZ0ikMTG6HcRbPnL9tjL9IPVf3fr
y1Wi/Qo3rJft3DhDC/VPkuAMJQR8RRP7CpcDOHjXfSErjVnp2/3MExiPXf++FKTU
je/japk6z8qmDtoOUqDuPBSrs7wHVWgOxdx9H3P85zimHjpS++MTC4GaRE86C46j
55tElNYYJ580jaqDSbb+T1mlTZz3cgqpUFZxSwowSm4jyFyiwwf8IPb3SxlVNU1r
e+cZ0H0Z13ke+A==
=UOzH
-----END PGP SIGNATURE-----
More information about the Hirsute-changes
mailing list