lp://staging/ubuntu/trusty-security/wpa

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

15. By Marc Deslauriers on 2015-06-15

* SECURITY UPDATE: denial of service via WPS UPnP
  - debian/patches/CVE-2015-4141.patch: check chunk size in
    src/wps/httpread.c.
  - CVE-2015-4141
* SECURITY UPDATE: denial of service via AP mode WMM Action frame
  - debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
  - CVE-2015-4142
* SECURITY UPDATE: denial of service via EAP-pwd
  - debian/patches/CVE-2015-4143-4146.patch: check lengths in
    src/eap_peer/eap_pwd.c, src/eap_server/eap_server_pwd.c.
  - CVE-2015-4143
  - CVE-2015-4144
  - CVE-2015-4145
  - CVE-2015-4146

14. By Marc Deslauriers on 2015-04-20

* SECURITY UPDATE: memcpy overflow in P2P functionality
  - debian/patches/CVE-2015-1863.patch: validate SID element length in
    src/p2p/p2p.c.
  - CVE-2015-1863

13. By Marc Deslauriers on 2014-10-10

* SECURITY UPDATE: arbitrary command execution via unsanitized string
  passed to action scripts by wpa_cli and hostapd_cli
  - debian/patches/CVE-2014-3686.patch: added os_exec() helper to
    src/utils/os.h, src/utils/os_unix.c, src/utils/os_win32.c,
    use instead of system() in wpa_supplicant/wpa_cli.c,
    hostapd/hostapd_cli.c.
  - CVE-2014-3686

12. By Mathieu Trudel-Lapierre on 2014-03-04

* New upstream release (LP: #1099755)
* debian/get-orig-source: update for new git repository for the current
  hostap/wpasupplicant versions.
* Dropped patches due to being applied upstream and included in the current
  source tarball:
  - debian/patches/11_wpa_gui_ftbfs_gcc_4_7.patch
  - debian/patches/13_human_readable_signal.patch
  - debian/patches/git_deinit_p2p_context_on_mgmt_remove_ff1f9c8.patch
  - debian/patches/libnl3-includes.patch
* debian/patches/git_accept_client_cert_from_server.patch: revert the commit:
  "OpenSSL: Do not accept SSL Client certificate for server", which breaks
  many AAA servers that include both client and server EKUs. Cherry-picked
  from hostap git commit b62d5b5.

11. By Mathieu Trudel-Lapierre on 2013-11-18

debian/patches/git_deinit_p2p_context_on_mgmt_remove_ff1f9c8.patch:
deinitialize the P2P context when the management interface gets removed for
whatever reason, such as a suspend/resume cycle. (LP: #1210785)

10. By Mathieu Trudel-Lapierre on 2013-10-30

debian/config/wpasupplicant/linux: enable EAP-FAST (LP: #34982)

9. By Mathieu Trudel-Lapierre on 2013-08-08

* debian/config/wpasupplicant/linux:
  - Enable CONFIG_AP_MODE (AP mode support) (LP: #1209511).
  - Enable CONFIG_P2P (Wi-Fi Direct support).

8. By Logan Rosen on 2012-11-30

* Merge from Debian unstable. Remaining changes:
  - Enable CONFIG_IBSS_RSN, so that we can turn back on "secure" adhoc
    support in NetworkManager using IBSS RSN (WPA2).
  - debian/wpasupplicant.postinst, debian/hostapd.postinst: Only move
    sendsigs.omit.d/*.pid if the target isn't the same as the source (as is
    the case when /lib/init/rw is a symlink to /run)
  - debian/patches/dbus-activation-cmdline.patch: have wpasupplicant create
    a pid file in /run/sendsigs.omit.d when activated by DBus.
  - debian/patches/session-ticket.patch: disable the TLS Session Ticket
    extension to fix auth with 802.1x PEAP on some hardware.

7. By Mathieu Trudel-Lapierre on 2012-09-12

debian/patches/session-ticket.patch: disable the TLS Session Ticket
extension to fix auth with 802.1x PEAP on some hardware. (LP: #969343)

6. By Mathieu Trudel-Lapierre on 2012-09-07

Enable CONFIG_IBSS_RSN, so that we can turn back on "secure" adhoc support
in NetworkManager using IBSS RSN (WPA2). (LP: #1046918)