Author: Dillon Brock
Revision Date: 2016-01-02 14:54:34 UTC

debian/patches/wpasupplicant_fix-improvement-typo-in-doc.patch:
change "much improvement" to "much improved" in wpa_supplicant doc
(LP: #1405452)

Author: Ricardo Salveti
Revision Date: 2015-10-07 10:21:39 UTC

debian/patches/dbus-fix-operations-for-p2p-mgmt.patch: fix operations
when P2P management interface is used (LP: #1482439)

Author: Ricardo Salveti
Revision Date: 2015-10-07 10:21:39 UTC

debian/patches/dbus-fix-operations-for-p2p-mgmt.patch: fix operations
when P2P management interface is used (LP: #1482439)

Author: Timo Jyrinki
Revision Date: 2015-08-03 19:04:56 UTC

* debian/config/wpasupplicant/linux:
  - Reduce the delta to Debian by removing the double setting of CONFIG_AP
    and CONFIG_P2P. The only actual delta is CONFIG_ANDROID_HAL.

Author: You-Sheng Yang
Revision Date: 2015-07-08 07:50:58 UTC

nl80211: install disconnect trigger at startup

This installs WoWLAN dissconnect trigger if supported. For WoWLAN
supported devices with kernel version 3.10 or newer, this keeps the
device from being disconnected before going to suspend, so that
NetworkManager won't be busy reconnecting the device during the
suspend-resume process.

Author: Marc Deslauriers
Revision Date: 2015-06-15 10:34:37 UTC

* SECURITY UPDATE: denial of service via WPS UPnP
  - debian/patches/CVE-2015-4141.patch: check chunk size in
    src/wps/httpread.c.
  - CVE-2015-4141
* SECURITY UPDATE: denial of service via AP mode WMM Action frame
  - debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
  - CVE-2015-4142
* SECURITY UPDATE: denial of service via EAP-pwd
  - debian/patches/CVE-2015-4143-4146.patch: check lengths in
    src/eap_peer/eap_pwd.c, src/eap_server/eap_server_pwd.c.
  - CVE-2015-4143
  - CVE-2015-4144
  - CVE-2015-4145
  - CVE-2015-4146

Author: Marc Deslauriers
Revision Date: 2015-06-15 10:34:37 UTC

* SECURITY UPDATE: denial of service via WPS UPnP
  - debian/patches/CVE-2015-4141.patch: check chunk size in
    src/wps/httpread.c.
  - CVE-2015-4141
* SECURITY UPDATE: denial of service via AP mode WMM Action frame
  - debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
  - CVE-2015-4142
* SECURITY UPDATE: denial of service via EAP-pwd
  - debian/patches/CVE-2015-4143-4146.patch: check lengths in
    src/eap_peer/eap_pwd.c, src/eap_server/eap_server_pwd.c.
  - CVE-2015-4143
  - CVE-2015-4144
  - CVE-2015-4145
  - CVE-2015-4146

Author: Marc Deslauriers
Revision Date: 2015-06-15 10:33:55 UTC

* SECURITY UPDATE: denial of service via WPS UPnP
  - debian/patches/CVE-2015-4141.patch: check chunk size in
    src/wps/httpread.c.
  - CVE-2015-4141
* SECURITY UPDATE: denial of service via AP mode WMM Action frame
  - debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
  - CVE-2015-4142
* SECURITY UPDATE: denial of service via EAP-pwd
  - debian/patches/CVE-2015-4143-4146.patch: check lengths in
    src/eap_peer/eap_pwd.c, src/eap_server/eap_server_pwd.c.
  - CVE-2015-4143
  - CVE-2015-4144
  - CVE-2015-4145
  - CVE-2015-4146

Author: Marc Deslauriers
Revision Date: 2015-06-15 10:33:55 UTC

* SECURITY UPDATE: denial of service via WPS UPnP
  - debian/patches/CVE-2015-4141.patch: check chunk size in
    src/wps/httpread.c.
  - CVE-2015-4141
* SECURITY UPDATE: denial of service via AP mode WMM Action frame
  - debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
  - CVE-2015-4142
* SECURITY UPDATE: denial of service via EAP-pwd
  - debian/patches/CVE-2015-4143-4146.patch: check lengths in
    src/eap_peer/eap_pwd.c, src/eap_server/eap_server_pwd.c.
  - CVE-2015-4143
  - CVE-2015-4144
  - CVE-2015-4145
  - CVE-2015-4146

Author: Marc Deslauriers
Revision Date: 2015-06-15 10:32:33 UTC

* SECURITY UPDATE: denial of service via WPS UPnP
  - debian/patches/CVE-2015-4141.patch: check chunk size in
    src/wps/httpread.c.
  - CVE-2015-4141
* SECURITY UPDATE: denial of service via AP mode WMM Action frame
  - debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
  - CVE-2015-4142
* SECURITY UPDATE: denial of service via EAP-pwd
  - debian/patches/CVE-2015-4143-4146.patch: check lengths in
    src/eap_peer/eap_pwd.c, src/eap_server/eap_server_pwd.c.
  - CVE-2015-4143
  - CVE-2015-4144
  - CVE-2015-4145
  - CVE-2015-4146

Author: Marc Deslauriers
Revision Date: 2015-06-15 10:32:33 UTC

* SECURITY UPDATE: denial of service via WPS UPnP
  - debian/patches/CVE-2015-4141.patch: check chunk size in
    src/wps/httpread.c.
  - CVE-2015-4141
* SECURITY UPDATE: denial of service via AP mode WMM Action frame
  - debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
  - CVE-2015-4142
* SECURITY UPDATE: denial of service via EAP-pwd
  - debian/patches/CVE-2015-4143-4146.patch: check lengths in
    src/eap_peer/eap_pwd.c, src/eap_server/eap_server_pwd.c.
  - CVE-2015-4143
  - CVE-2015-4144
  - CVE-2015-4145
  - CVE-2015-4146

Author: Martin Pitt
Revision Date: 2015-03-27 14:07:35 UTC

Cherry-pick from Debian svn:
Add wpasupplicant_fix-systemd-unit-dependencies.patch: Fix systemd unit
dependencies for wpasupplicant, it needs to be started before the network
target (Closes: 780552, LP: #1431774).

Author: Martin Pitt
Revision Date: 2015-03-27 14:07:35 UTC

Cherry-pick from Debian svn:
Add wpasupplicant_fix-systemd-unit-dependencies.patch: Fix systemd unit
dependencies for wpasupplicant, it needs to be started before the network
target (Closes: 780552, LP: #1431774).

Author: Marc Deslauriers
Revision Date: 2014-10-10 09:15:39 UTC

* SECURITY UPDATE: arbitrary command execution via unsanitized string
  passed to action scripts by wpa_cli and hostapd_cli
  - debian/patches/CVE-2014-3686.patch: added os_exec() helper to
    src/utils/os.h, src/utils/os_unix.c, src/utils/os_win32.c,
    use instead of system() in wpa_supplicant/wpa_cli.c,
    hostapd/hostapd_cli.c.
  - CVE-2014-3686

Author: Marc Deslauriers
Revision Date: 2014-10-10 09:15:39 UTC

* SECURITY UPDATE: arbitrary command execution via unsanitized string
  passed to action scripts by wpa_cli and hostapd_cli
  - debian/patches/CVE-2014-3686.patch: added os_exec() helper to
    src/utils/os.h, src/utils/os_unix.c, src/utils/os_win32.c,
    use instead of system() in wpa_supplicant/wpa_cli.c,
    hostapd/hostapd_cli.c.
  - CVE-2014-3686

Author: Seth Forshee
Revision Date: 2014-07-29 19:20:01 UTC

* debian/patches/nl80211-Do-not-indicate-scan-started-event-on-scan_f.patch:
  Fix for condition which can cause radio work items to get stuck.
  Cherry-picked from hostap git commit 1b5df9e.
* debian/patches/wpa_supplicant-Complete-radio-works-on-disable-event.patch:
  Fix problems when an interface is rfkill blocked during ongoing radio
  work. Cherry-picked from hostap git commit a6cff8b.
* debian/patches/wpa_supplicant-Fix-radio_remove_interface.patch: Ensure
  pending radio work is removed when an interface is removed from a radio.
  Cherry-picked from hostap git commit c46235a.

Author: Mathieu Trudel-Lapierre
Revision Date: 2014-03-04 16:13:24 UTC

* New upstream release (LP: #1099755)
* debian/get-orig-source: update for new git repository for the current
  hostap/wpasupplicant versions.
* Dropped patches due to being applied upstream and included in the current
  source tarball:
  - debian/patches/11_wpa_gui_ftbfs_gcc_4_7.patch
  - debian/patches/13_human_readable_signal.patch
  - debian/patches/git_deinit_p2p_context_on_mgmt_remove_ff1f9c8.patch
  - debian/patches/libnl3-includes.patch
* debian/patches/git_accept_client_cert_from_server.patch: revert the commit:
  "OpenSSL: Do not accept SSL Client certificate for server", which breaks
  many AAA servers that include both client and server EKUs. Cherry-picked
  from hostap git commit b62d5b5.

Author: Mathieu Trudel-Lapierre
Revision Date: 2014-03-04 16:13:24 UTC

* New upstream release (LP: #1099755)
* debian/get-orig-source: update for new git repository for the current
  hostap/wpasupplicant versions.
* Dropped patches due to being applied upstream and included in the current
  source tarball:
  - debian/patches/11_wpa_gui_ftbfs_gcc_4_7.patch
  - debian/patches/13_human_readable_signal.patch
  - debian/patches/git_deinit_p2p_context_on_mgmt_remove_ff1f9c8.patch
  - debian/patches/libnl3-includes.patch
* debian/patches/git_accept_client_cert_from_server.patch: revert the commit:
  "OpenSSL: Do not accept SSL Client certificate for server", which breaks
  many AAA servers that include both client and server EKUs. Cherry-picked
  from hostap git commit b62d5b5.

Author: Mathieu Trudel-Lapierre
Revision Date: 2013-12-04 11:20:38 UTC

debian/patches/git_deinit_p2p_context_on_mgmt_remove_ff1f9c8.patch:
deinitialize the P2P context when the management interface gets removed for
whatever reason, such as a suspend/resume cycle. (LP: #1210785)

Author: Mathieu Trudel-Lapierre
Revision Date: 2013-12-04 11:20:38 UTC

debian/patches/git_deinit_p2p_context_on_mgmt_remove_ff1f9c8.patch:
deinitialize the P2P context when the management interface gets removed for
whatever reason, such as a suspend/resume cycle. (LP: #1210785)

Author: Mathieu Trudel-Lapierre
Revision Date: 2013-08-08 10:20:17 UTC

* debian/config/wpasupplicant/linux:
  - Enable CONFIG_AP_MODE (AP mode support) (LP: #1209511).
  - Enable CONFIG_P2P (Wi-Fi Direct support).

Author: Logan Rosen
Revision Date: 2012-11-30 11:49:00 UTC

* Merge from Debian unstable. Remaining changes:
  - Enable CONFIG_IBSS_RSN, so that we can turn back on "secure" adhoc
    support in NetworkManager using IBSS RSN (WPA2).
  - debian/wpasupplicant.postinst, debian/hostapd.postinst: Only move
    sendsigs.omit.d/*.pid if the target isn't the same as the source (as is
    the case when /lib/init/rw is a symlink to /run)
  - debian/patches/dbus-activation-cmdline.patch: have wpasupplicant create
    a pid file in /run/sendsigs.omit.d when activated by DBus.
  - debian/patches/session-ticket.patch: disable the TLS Session Ticket
    extension to fix auth with 802.1x PEAP on some hardware.

Author: Logan Rosen
Revision Date: 2012-11-30 11:49:00 UTC

* Merge from Debian unstable. Remaining changes:
  - Enable CONFIG_IBSS_RSN, so that we can turn back on "secure" adhoc
    support in NetworkManager using IBSS RSN (WPA2).
  - debian/wpasupplicant.postinst, debian/hostapd.postinst: Only move
    sendsigs.omit.d/*.pid if the target isn't the same as the source (as is
    the case when /lib/init/rw is a symlink to /run)
  - debian/patches/dbus-activation-cmdline.patch: have wpasupplicant create
    a pid file in /run/sendsigs.omit.d when activated by DBus.
  - debian/patches/session-ticket.patch: disable the TLS Session Ticket
    extension to fix auth with 802.1x PEAP on some hardware.

Author: Mathieu Trudel-Lapierre
Revision Date: 2012-09-12 15:57:50 UTC

debian/patches/session-ticket.patch: disable the TLS Session Ticket
extension to fix auth with 802.1x PEAP on some hardware. (LP: #969343)

Author: Mathieu Trudel-Lapierre
Revision Date: 2012-07-09 15:48:03 UTC

debian/patches/fix_driver_wext_for_broadcom_wl.patch: Add a workaround for
Broadcom wl driver's first failing scan (LP: #994739)

Author: Pau Oliva
Revision Date: 2012-07-09 14:47:07 UTC

debian/patches/fix_driver_wext_for_broadcom_wl.patch: Add a workaround for
Broadcom wl driver's first failing scan (LP: #994739)