[ubuntu/eoan-proposed] wpa 2:2.8-2ubuntu1 (Accepted)
Julian Andres Klode
juliank at ubuntu.com
Wed May 8 10:05:13 UTC 2019
wpa (2:2.8-2ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/patches/wpa_service_ignore-on-isolate.patch: add
IgnoreOnIsolate=yes so that when switching "runlevels" in oem-config
will not kill off wpa and cause wireless to be unavailable on first
boot.
- debian/patches/session-ticket.patch: disable the TLS Session Ticket
extension to fix auth with 802.1x PEAP on some hardware.
* Dropped changes, upstream:
- debian/patches/CVE-2019-11555-1.patch: fix reassembly buffer handling
in src/eap_server/eap_server_pwd.c.
- debian/patches/CVE-2019-11555-2.patch: fix reassembly buffer handling
in src/eap_peer/eap_pwd.c.
- debian/patches/VU-871675/*.patch: backported upstream patches.
* Remove android-headers build-depends
wpa (2:2.8-2) experimental; urgency=medium
* Delete patches applied upstream.
* Apply upstream patch:
- Fix a regression in storing of external_auth SSID/BSSID
* Synchronise wpasupplicant configuration with the upstream.
wpa (2:2.8-1) experimental; urgency=medium
* Upload to experimental.
* New upstream release.
* Update the watch file.
* Drop debian/README-DPP, install shipped READMEs.
* Refresh patches.
wpa (2:2.7+git20190128+0c1e29f-5) unstable; urgency=high
* Fix security issue 2019-5:
- EAP-pwd message reassembly issue with unexpected fragment
(Closes: #927463, no CVE assigned).
wpa (2:2.7+git20190128+0c1e29f-4) unstable; urgency=high
* Apply security fixes (Closes: #926801):
- CVE-2019-9494: SAE cache attack against ECC groups (VU#871675)
- CVE-2019-9495: EAP-pwd cache attack against ECC groups
- CVE-2019-9496: SAE confirm missing state validation
- CVE-2019-9497: EAP-pwd server not checking for reflection attack
- CVE-2019-9498: EAP-pwd server missing commit validation for scalar/element
- CVE-2019-9499: EAP-pwd peer missing commit validation for scalar/element
For more details, see:
- https://w1.fi/security/2019-1/
- https://w1.fi/security/2019-2/
- https://w1.fi/security/2019-3/
- https://w1.fi/security/2019-4/
wpa (2:2.7+git20190128+0c1e29f-3) unstable; urgency=medium
* Print the warning and exit after sourcing /lib/lsb/init-functions
(Closes: #924666).
* Recognise multiple configs in DAEMON_CONF and verify them all.
* Fix ENGINE support with OpenSSL 1.1+ (Closes: #924632).
wpa (2:2.7+git20190128+0c1e29f-2) unstable; urgency=medium
* Apply an RFC patch to work around big endian keyidx.
This is likely to fix #919138, but more testing is needed.
wpa (2:2.7+git20190128+0c1e29f-1) unstable; urgency=medium
* Upload to unstable.
* New upstream snapshot 2.7+git20190128+0c1e29f.
* Add Files-Excluded to debian/copyright.
* Watch the upstream git.
* Refresh hostapd/wpasupplicant configs, enable CONFIG_GETRANDOM
(Closes: #914490)
wpa (2:2.7+git20190108+11ce7a1-2) experimental; urgency=medium
* Disable MBO, FILS, FILS_SK_PFS, MESH, they cause failures
with some drivers.
wpa (2:2.7+git20190108+11ce7a1-1) experimental; urgency=medium
* New upstream snapshot.
* Drop patches applied upstream.
wpa (2:2.7-3) unstable; urgency=medium
* Upload to unstable.
* Refresh dbus-available-sta.patch from the upstream.
* Since we use Type=forking, pass -B to hostapd (Closes: #918861).
* Apply upstream fixes for 802.1X 4-way handshake offload.
* Bump Standards-Version to 4.3.0.
* Use debhelper-compat (= 12).
* Drop dh_systemd_enable calls and overrides.
* Move manual installs into .install as much as possible.
* Drop ancient preinst scripts.
* Add Pre-Depends to hostapd.
* Display a warning if DAEMON_CONF is not /etc/hostapd/hostapd.conf.
* Default to /etc/hostapd/hostapd.conf.
* Update README.Debian in hostapd.
wpa (2:2.7-2) experimental; urgency=medium
* Re-enable TLSv1.0 and security level 1 for wpasupplicant
(Closes: #907518, #911297).
* Enable more build-time options.
* Flip CONFIG_DRIVER_MACSEC_QCA on Linux and kFreeBSD
* Add DPP README.
* Make wpa_supplicant reproducible.
wpa (2:2.7-1) experimental; urgency=medium
* New upstream version 2.7.
* Enable FILS.
* Add debian/upstream/signing-key.asc, update debian/watch to
verify PGP signatures on tarballs.
wpa (2:2.7~git20181004+1dd66fc-1) experimental; urgency=medium
* New upstream snapshot 2.7~git20181004+1dd66fc.
wpa (2:2.7~git20180706+420b5dd-1) experimental; urgency=medium
* New upstream snapshot 2.7~git20180706+420b5dd.
* Disable dbus-available-sta.patch since it is not ready for use yet.
* Enable OWE, DPP and SAE
wpa (2:2.7~git20180606+b915f2c-1) experimental; urgency=medium
* New upstream snapshot 2.7~git20180606+b915f2c.
* Remove dbus changes to StaAuthorized/StaDeauthorized after discussions
with the upstream.
wpa (2:2.7~git20180504+60a5737-1) experimental; urgency=medium
* New upstream snapshot 2.7~git20180504+60a5737.
* Synchronise configs from the upstream.
* Drop patches previously cherry-picked from the upstream.
* Support ACS (Closes: #885957).
Date: Wed, 08 May 2019 11:57:47 +0200
Changed-By: Julian Andres Klode <juliank at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/wpa/2:2.8-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 08 May 2019 11:57:47 +0200
Source: wpa
Architecture: source
Version: 2:2.8-2ubuntu1
Distribution: eoan
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Julian Andres Klode <juliank at ubuntu.com>
Closes: 885957 907518 911297 914490 918861 924632 924666 926801 927463
Changes:
wpa (2:2.8-2ubuntu1) eoan; urgency=low
.
* Merge from Debian unstable. Remaining changes:
- debian/patches/wpa_service_ignore-on-isolate.patch: add
IgnoreOnIsolate=yes so that when switching "runlevels" in oem-config
will not kill off wpa and cause wireless to be unavailable on first
boot.
- debian/patches/session-ticket.patch: disable the TLS Session Ticket
extension to fix auth with 802.1x PEAP on some hardware.
* Dropped changes, upstream:
- debian/patches/CVE-2019-11555-1.patch: fix reassembly buffer handling
in src/eap_server/eap_server_pwd.c.
- debian/patches/CVE-2019-11555-2.patch: fix reassembly buffer handling
in src/eap_peer/eap_pwd.c.
- debian/patches/VU-871675/*.patch: backported upstream patches.
* Remove android-headers build-depends
.
wpa (2:2.8-2) experimental; urgency=medium
.
* Delete patches applied upstream.
* Apply upstream patch:
- Fix a regression in storing of external_auth SSID/BSSID
* Synchronise wpasupplicant configuration with the upstream.
.
wpa (2:2.8-1) experimental; urgency=medium
.
* Upload to experimental.
* New upstream release.
* Update the watch file.
* Drop debian/README-DPP, install shipped READMEs.
* Refresh patches.
.
wpa (2:2.7+git20190128+0c1e29f-5) unstable; urgency=high
.
* Fix security issue 2019-5:
- EAP-pwd message reassembly issue with unexpected fragment
(Closes: #927463, no CVE assigned).
.
wpa (2:2.7+git20190128+0c1e29f-4) unstable; urgency=high
.
* Apply security fixes (Closes: #926801):
- CVE-2019-9494: SAE cache attack against ECC groups (VU#871675)
- CVE-2019-9495: EAP-pwd cache attack against ECC groups
- CVE-2019-9496: SAE confirm missing state validation
- CVE-2019-9497: EAP-pwd server not checking for reflection attack
- CVE-2019-9498: EAP-pwd server missing commit validation for scalar/element
- CVE-2019-9499: EAP-pwd peer missing commit validation for scalar/element
.
For more details, see:
- https://w1.fi/security/2019-1/
- https://w1.fi/security/2019-2/
- https://w1.fi/security/2019-3/
- https://w1.fi/security/2019-4/
.
wpa (2:2.7+git20190128+0c1e29f-3) unstable; urgency=medium
.
* Print the warning and exit after sourcing /lib/lsb/init-functions
(Closes: #924666).
* Recognise multiple configs in DAEMON_CONF and verify them all.
* Fix ENGINE support with OpenSSL 1.1+ (Closes: #924632).
.
wpa (2:2.7+git20190128+0c1e29f-2) unstable; urgency=medium
.
* Apply an RFC patch to work around big endian keyidx.
This is likely to fix #919138, but more testing is needed.
.
wpa (2:2.7+git20190128+0c1e29f-1) unstable; urgency=medium
.
* Upload to unstable.
* New upstream snapshot 2.7+git20190128+0c1e29f.
* Add Files-Excluded to debian/copyright.
* Watch the upstream git.
* Refresh hostapd/wpasupplicant configs, enable CONFIG_GETRANDOM
(Closes: #914490)
.
wpa (2:2.7+git20190108+11ce7a1-2) experimental; urgency=medium
.
* Disable MBO, FILS, FILS_SK_PFS, MESH, they cause failures
with some drivers.
.
wpa (2:2.7+git20190108+11ce7a1-1) experimental; urgency=medium
.
* New upstream snapshot.
* Drop patches applied upstream.
.
wpa (2:2.7-3) unstable; urgency=medium
.
* Upload to unstable.
* Refresh dbus-available-sta.patch from the upstream.
* Since we use Type=forking, pass -B to hostapd (Closes: #918861).
* Apply upstream fixes for 802.1X 4-way handshake offload.
* Bump Standards-Version to 4.3.0.
* Use debhelper-compat (= 12).
* Drop dh_systemd_enable calls and overrides.
* Move manual installs into .install as much as possible.
* Drop ancient preinst scripts.
* Add Pre-Depends to hostapd.
* Display a warning if DAEMON_CONF is not /etc/hostapd/hostapd.conf.
* Default to /etc/hostapd/hostapd.conf.
* Update README.Debian in hostapd.
.
wpa (2:2.7-2) experimental; urgency=medium
.
* Re-enable TLSv1.0 and security level 1 for wpasupplicant
(Closes: #907518, #911297).
* Enable more build-time options.
* Flip CONFIG_DRIVER_MACSEC_QCA on Linux and kFreeBSD
* Add DPP README.
* Make wpa_supplicant reproducible.
.
wpa (2:2.7-1) experimental; urgency=medium
.
* New upstream version 2.7.
* Enable FILS.
* Add debian/upstream/signing-key.asc, update debian/watch to
verify PGP signatures on tarballs.
.
wpa (2:2.7~git20181004+1dd66fc-1) experimental; urgency=medium
.
* New upstream snapshot 2.7~git20181004+1dd66fc.
.
wpa (2:2.7~git20180706+420b5dd-1) experimental; urgency=medium
.
* New upstream snapshot 2.7~git20180706+420b5dd.
* Disable dbus-available-sta.patch since it is not ready for use yet.
* Enable OWE, DPP and SAE
.
wpa (2:2.7~git20180606+b915f2c-1) experimental; urgency=medium
.
* New upstream snapshot 2.7~git20180606+b915f2c.
* Remove dbus changes to StaAuthorized/StaDeauthorized after discussions
with the upstream.
.
wpa (2:2.7~git20180504+60a5737-1) experimental; urgency=medium
.
* New upstream snapshot 2.7~git20180504+60a5737.
* Synchronise configs from the upstream.
* Drop patches previously cherry-picked from the upstream.
* Support ACS (Closes: #885957).
Checksums-Sha1:
078107304b27288dd15d19fcffdba5992f39ff1b 2522 wpa_2.8-2ubuntu1.dsc
68bfbb72810639aaec00f706b747cacae1c0b130 2303436 wpa_2.8.orig.tar.xz
76df9332989ba8154f4176523985c8d17f079e5e 85740 wpa_2.8-2ubuntu1.debian.tar.xz
472161d0b10f808d0757b349e76173b84256c080 10952 wpa_2.8-2ubuntu1_source.buildinfo
Checksums-Sha256:
e1e5e262fbfd6435fbe2d7a8811adc115ecfaac5a5be3f909cdf1dd81fd438be 2522 wpa_2.8-2ubuntu1.dsc
bdce00ad67810b56bf8da73214dd298aab8a4f873d5fca167f53501209b222c2 2303436 wpa_2.8.orig.tar.xz
b620dfb0fae9f6a735abfc39a86cfe63989e7aec40793b046921fdd48c21c397 85740 wpa_2.8-2ubuntu1.debian.tar.xz
ab24427b3696887c5e92edfa34dd81cb660c4ec4eb89726eeee42b8e9179c59c 10952 wpa_2.8-2ubuntu1_source.buildinfo
Files:
56777663bedf4a127d7a039128e88f13 2522 net optional wpa_2.8-2ubuntu1.dsc
cf7c5b401e02108acf2ddfb522775d5a 2303436 net optional wpa_2.8.orig.tar.xz
d82eeca4a603388d98552e5dbdc9e5a7 85740 net optional wpa_2.8-2ubuntu1.debian.tar.xz
b63d73eb51ec033b35410633987b6082 10952 net optional wpa_2.8-2ubuntu1_source.buildinfo
Original-Maintainer: Debian wpasupplicant Maintainers <wpa at packages.debian.org>
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAlzSqCwTHGp1bGlhbmtA
dWJ1bnR1LmNvbQAKCRBvpFjdHbA/cf/tD/9nheFej/tYJfRFa9z5WrQ/Uu7LIxrd
/l7J2xHHVBAwDDau8fi+iQ/75v/eh8jRn75+MiVL41cDLvAb3gTsLmqfG/aWDcMq
cNyZOpQkwYyrE1ggsJscVdLV5NdIJ6BotXVWXhdLCRPKn6sidyAp27Hxz6X/vOCx
ZY0B25W7eMS6iEDKm1des6L8BkYrodZggkc9K1n7wJ0ROWN4TN00aIEDUgcaekRg
ctxJd7sYnU62acYA9+Dzrlp5QbA5CAKHTRN2OJsj9grUeSrom3Q/JXZh/wXAEHU7
pZ89czOxzXef4rNoVLFxaANVBRXyT5Va6ICJNp1PQidb+kAQOiy7kvcFgZN5447P
y7YUitNNwPZB/v+Act1/okKaB1n6o2pKFPfFgEfCoKEaL0JrBMVO7KPk4qzAu5+y
Ey3ZZSJ12HYPq9hMSMShBD8N95tnJmcNcITJIYQ1P0R6679xCKvI97L3SHB5zObH
7LBjytove1WD/WMrvffm3J/EGPGLHmwscWwzbepd2cq3CBfxt4LWBsc7HCzQwqX2
f8G/qf4AXLFWaKthTD2818clqWip0Ygg8y6swwdHtak1YQ3G21ymMjDTmCIGngeY
hzYlIqraVseGs7wJM8uT4mm/2ADTEcbZLtpiUXAQ74o/xicGyjaTmOwBjj05WaaI
mxzg+zA/eEniDQ==
=YO+f
-----END PGP SIGNATURE-----
More information about the Eoan-changes
mailing list