Author: Marc Deslauriers
Revision Date: 2015-06-15 10:35:48 UTC

* SECURITY UPDATE: denial of service via AP mode WMM Action frame
  - debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
  - CVE-2015-4142

Author: Marc Deslauriers
Revision Date: 2015-06-15 10:35:48 UTC

* SECURITY UPDATE: denial of service via AP mode WMM Action frame
  - debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
  - CVE-2015-4142

Author: Mathieu Trudel-Lapierre
Revision Date: 2012-03-16 09:55:12 UTC

debian/wpasupplicant.postinst: don't fail package configuration if the
sendsig omission files can't be migrated from /lib/init/rw to /run.
Thanks to Anthony Fok for the patch. (LP: #935678)

Author: Mathieu Trudel-Lapierre
Revision Date: 2012-03-16 09:55:12 UTC

debian/wpasupplicant.postinst: don't fail package configuration if the
sendsig omission files can't be migrated from /lib/init/rw to /run.
Thanks to Anthony Fok for the patch. (LP: #935678)

Author: Marc Deslauriers
Revision Date: 2014-10-10 09:27:24 UTC

* SECURITY UPDATE: arbitrary command execution via unsanitized string
  passed to action scripts by wpa_cli
  - debian/patches/CVE-2014-3686.patch: added os_exec() helper to
    src/utils/os.h, src/utils/os_unix.c, src/utils/os_win32.c,
    use instead of system() in wpa_supplicant/wpa_cli.c.
  - CVE-2014-3686

Author: Marc Deslauriers
Revision Date: 2014-10-10 09:27:24 UTC

* SECURITY UPDATE: arbitrary command execution via unsanitized string
  passed to action scripts by wpa_cli
  - debian/patches/CVE-2014-3686.patch: added os_exec() helper to
    src/utils/os.h, src/utils/os_unix.c, src/utils/os_win32.c,
    use instead of system() in wpa_supplicant/wpa_cli.c.
  - CVE-2014-3686

Author: Mathieu Trudel-Lapierre
Revision Date: 2012-03-16 09:55:12 UTC

debian/wpasupplicant.postinst: don't fail package configuration if the
sendsig omission files can't be migrated from /lib/init/rw to /run.
Thanks to Anthony Fok for the patch. (LP: #935678)

Author: Mathieu Trudel-Lapierre
Revision Date: 2012-03-16 09:55:12 UTC

debian/wpasupplicant.postinst: don't fail package configuration if the
sendsig omission files can't be migrated from /lib/init/rw to /run.
Thanks to Anthony Fok for the patch. (LP: #935678)

Author: Mathieu Trudel-Lapierre
Revision Date: 2013-06-12 15:57:50 UTC

* Multiple patches to reduce the number of disconnections for WPA Enterprise
  roaming and Opportunistic Key Caching. (LP: #1187524)
* In debian/patches:
  0001-sme-fix-retry-after-auth-assoc-timeout-failure.patch,
  0002-sme-optimize-recovery-from-common-load-balancing-mechanisms.patch,
  0003-sme-blacklist-bss-on-first-failure-if-only-a-*.patch,
  0004-sme-extend-load-balancing-optimization-in-bss-blacklisting.patch,
  0005-sme-optimize-recovery-from-association-command-failures.patch,
  0006-sme-add-timers-for-authentication-and-association.patch,
  0007-sme-nl80211-set-cipher-suites.patch:
  Cherry-pick patches fixing SME (Session Management Entity) for the nl80211
  driver, which works as a basis for the OKC patches.
* In debian/patches:
  0001-pmkokc-Set-portValid-TRUE-on-association-for-driver-based-4.patch,
  0002-pmkokc-Clear-WPA-and-EAPOL-state-machine-config-pointer-on-.patch,
  0003-pmkokc-Clear-driver-PMKSA-cache-entry-on-PMKSA-cache-expira.patch,
  0004-pmkokc-Flush-PMKSA-cache-entries-and-invalidate-EAP-state-o.patch,
  0005-pmkokc-Fix-proactive_key_caching-configuration-to-WPA-code.patch,
  0006-pmkokc-RSN-Add-a-debug-message-when-considing-addition-of-O.patch,
  0007-pmkokc-Clear-OKC-based-PMKSA-caching-entries-if-PMK-is-chan.patch,
  0008-pmkokc-Move-wpa_sm_remove_pmkid-call-to-PMKSA-cache-entry-f.patch,
  0009-pmkokc-Use-PMKSA-cache-entries-with-only-a-single-network-c.patch,
  0010-pmkokc-PMKSA-Do-not-evict-active-cache-entry-when-adding-ne.patch,
  0011-pmkokc-PMKSA-Set-cur_pmksa-pointer-during-initial-associati.patch,
  0012-pmkokc-PMKSA-make-deauthentication-due-to-cache-entry-remov.patch,
  0013-pmkokc-PMKSA-update-current-cache-entry-due-to-association-.patch:
  Cherry-pick patches to properly do OKC (Opportunistic Key Caching) which
  helps maintaining connectivity on networks secured with WPA Enterprise,
  especially on nl80211-based drivers -- these patches require SME, and add
  or fix key caching and handling of the cache entries.
* debian/patches/force-enable-okc.patch: force Opportunistic Key Caching to
  be enabled.
* debian/patches/less-aggressive-roaming.patch: use less aggressive roaming
  settings to avoid switching to another AP unnecessarily, when the actual
  signal level difference is small.
* debian/patches/wpa_supplicant-dbus-null-error.patch: Don't send NULL to
  dbus_message_new_error().
* debian/patches/0001-nl80211-Fix-UNSPEC-signal-quality-reporting.patch: fix
  marking qual as invalid rather than signal level.
* debian/patches/wpa_supplicant-squelch-driver-disconnect-spam.patch: recover
  cleanly from streams of disconnect messages (like on iwl3945).
* debian/patches/wpa_supplicant-assoc-timeout.patch: increase association
  timeouts.

Author: Mathieu Trudel-Lapierre
Revision Date: 2012-03-16 09:55:12 UTC

debian/wpasupplicant.postinst: don't fail package configuration if the
sendsig omission files can't be migrated from /lib/init/rw to /run.
Thanks to Anthony Fok for the patch. (LP: #935678)

Author: Mathieu Trudel-Lapierre
Revision Date: 2012-03-16 09:55:12 UTC

debian/wpasupplicant.postinst: don't fail package configuration if the
sendsig omission files can't be migrated from /lib/init/rw to /run.
Thanks to Anthony Fok for the patch. (LP: #935678)

Author: Mathieu Trudel-Lapierre
Revision Date: 2012-09-12 13:49:21 UTC

Add DEP-3 tags for the session-ticket patch.

Author: Pau Oliva
Revision Date: 2012-06-20 17:25:22 UTC

Add missing patch file fix_driver_wext_for_broadcom_wl.patch

Author: Mathieu Trudel-Lapierre
Revision Date: 2012-03-16 09:55:12 UTC

debian/wpasupplicant.postinst: don't fail package configuration if the
sendsig omission files can't be migrated from /lib/init/rw to /run.
Thanks to Anthony Fok for the patch. (LP: #935678)

Author: Mathieu Trudel-Lapierre
Revision Date: 2012-03-16 09:55:12 UTC

debian/wpasupplicant.postinst: don't fail package configuration if the
sendsig omission files can't be migrated from /lib/init/rw to /run.
Thanks to Anthony Fok for the patch. (LP: #935678)

Author: Mathieu Trudel-Lapierre
Revision Date: 2012-01-06 11:49:41 UTC

debian/patches/git_dbus_smartcard_eapol_d719934.patch: cherry-pick a patch
from Git to correctly re-initialize pointers in the WPA state machine to
avoid crashing when smartcard parameters change over DBUS (LP: #528087)

Author: Mathieu Trudel-Lapierre
Revision Date: 2012-01-06 16:52:51 UTC

debian/patches/git_dbus_smartcard_eapol_d719934.patch: cherry-pick a patch
from Git to correctly re-initialize pointers in the WPA state machine to
avoid crashing when smartcard parameters change over DBUS (LP: #528087)

Author: Gaudenz Steinlin
Revision Date: 2011-07-30 14:10:31 UTC

* Non-maintainer upload with the agreement of Kel Modderman.

[ Stefan Lippers-Hollmann ]
* bump standards version to 3.9.2, no changes necessary.

[ Gaudenz Steinlin ]
* Add wpasupplicant-udeb for debian-installer. Thanks to
  Mathew Palmer for providing the initial patch. (Closes: #610931)
* Build against libnl3

Author: Mathieu Trudel-Lapierre
Revision Date: 2010-11-22 09:43:43 UTC

* Get wpasupplicant 0.7.3 from Debian's SVN. Leaving 0.7.3-1 as unreleased
  for now.
* Build-Depend on debhelper 8, since the packaging from Debian uses compat 8.

Author: Kel Modderman
Revision Date: 2010-02-27 11:30:53 UTC

* Switch to source format 3.0 (quilt), drop quilt build dependency
  and remove '--with quilt' from dh command in debian/rules.
* Fix "FTBFS on kfreebsd-gnu" with addition of 21_kfreebsd.patch.
  Thanks to work by Stefan Lippers-Hollmann and Petr Salinger.
  (Closes: #480572)
* Disable experimental feature CONFIG_IEEE80211W (management frame
  protection) due to it not being supported by any driver but ath9k
  and it generating ioctl errors which cause much concern among users
  for little to no benefit.
* Add traling blank line to debian/NEWS to assist apt-listchanges as
  per lintian advice.
* Cherry pick 30_cfg80211_association_optimisation.patch from upstream
  git. Add cfg80211-specific optimization to avoid silly behavior.

Author: Alexander Sack
Revision Date: 2010-03-07 01:11:22 UTC

rebuild rest of main for armel armv7/thumb2 optimization;
UbuntuSpec:mobile-lucid-arm-gcc-v7-thumb2

Author: Matthias Klose
Revision Date: 2009-09-19 22:43:56 UTC

Build-depend on libreadline-dev instead of libreadline5-dev.

Author: Colin Watson
Revision Date: 2009-04-09 02:31:17 UTC

* Operate reasonably when /var is not yet mounted read-write (LP: #44194):
  - 07_syslog.patch: Backport syslog logging support from upstream.
  - 08_syslog_supplement.patch: Add a few more bits missing from the
    upstream patch, based on
    http://cvs.fedoraproject.org/viewvc/rpms/wpa_supplicant/OLPC-2/wpa_supplicant-0.5.7-use-syslog.patch.
    Compile with -DCONFIG_DEBUG_SYSLOG if CONFIG_DEBUG_SYSLOG is set in
    the configuration file.
  - Enable CONFIG_DEBUG_SYSLOG.
  - debian/ifupdown/functions.sh: Set WPA_SUP_LOGFILE to "syslog" by
    default, and use the -s option in this case.
  - debian/ifupdown/functions.sh: Silence wpa_log_* if /var/log is not yet
    writable; there is little we can do in this case (logger is in /usr,
    so may well also be unusable), and the user can always get more
    information by reconnecting later.

Author: Reinhard Tartler
Revision Date: 2008-08-27 10:10:20 UTC

Bugfix: wpasupplicant crashes (closes: #485769). Patch taken from
upstream git.

Author: Reinhard Tartler
Revision Date: 2008-03-12 17:40:06 UTC

* 10_set_channel_in_adhoc_mode: make wpasupplicant set the frequency when.
  LP: #112009. Patch prepared by Kel Modderman for debian.
* 10_silence_siocsiwauth_icotl_failure: patch taken from upstream.
  when using the wext driver, the error message on the SIOCSIWAUTH ioctl
  is no longer printed via stderr, but properly in the debug log.
  Patch prepared by Kel Modderman for debian.

Author: Reinhard Tartler
Revision Date: 2007-08-26 16:06:57 UTC

* New upstream release
* remove patch 11_erroneous_manpage_ref, applied upstream
* remove patch 25_wpas_dbus_unregister_iface_fix, applied upstream

[ Alexander Sack ]
* bumping upstream version to replace development version 0.6.0 with
  this package from stable release branch.
* attempt to fix wierd timeout and high latency issues by going
  back to stable upstream version (0.5.9) (LP: #140763,
  LP: #141233).

Author: Reinhard Tartler
Revision Date: 2007-04-01 10:53:37 UTC

Apply patch from upstream after private email discussion:
http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=33673d3f43da6f5ec0f0aa5a8245a1617b6eb2fd#patch1
Fixes LP: #98895, #98925

Author: kelmo
Revision Date: 2006-08-10 01:03:38 UTC

* STDIN was not given to external mapping script correctly. Use the power of
  eval to fix the issue. [wpa_action.sh]
* Fix stupid debian/control error: duplicate Suggests fields.

Author: Reinhard Tartler
Revision Date: 2006-06-13 18:47:07 UTC

* Apply patch from Kel Modderman for /etc/wpa_supplicant/ifupdown.sh
  + use wpa_cli command add_network instead of some arcane awk magic
  + fix some obvious typos

Author: Reinhard Tartler
Revision Date: 2006-04-27 10:40:57 UTC

[ Kel Modderman ]
* Orphaned daemons that are spawned during an ifup process that is
  manually terminated are now checked for and killed.
* Don't make noise when we are not using the manual inet method and
  wpa-action is used.
* Warn about non-executable action script.
* Ensure wpa_cli actfile is destroyed before launching action script.
* Make start-stop-daemon verbose when VERBOSITY is set.
* Fix typo in Readme.Debian, that referred to a non-existant location.
  (Closes: #364829)
* Add upstream fix for static wep keys with wext interfaces.
  (http://hostap.epitest.fi/bugz/show_bug.cgi?id=140)

[ Reinhard Tartler ]
* This is branched of revision 310 of debian/trunk
* tested snapshot fix https://launchpad.net/bugs/41480
* made ifupdown.sh quiet on success without --verbose

Author: Daniel T Chen
Revision Date: 2005-10-02 18:24:42 UTC

New upstream version.

Author: Kyle McMartin
Revision Date: 2005-02-15 00:51:28 UTC

* New upstream release.
* This release fixes a crash due to a buffer overflow, caused by
  a missing validation step on EAPOL-Key frames. Receiving malformed
  frames trigger the crash. More information available in the notes:
  http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html
* Fix some badness with the init script. Missed the -B option
  to daemonize wpa_supplicant... pidfile is not currently being used
  as it requires modifying wpa_supplicant.
* patches/
  - 12_ipw_open_aps (closes: #295143)
    + merge patch against driver_ipw to fix association with
      open access points.