lp:~timo-jyrinki/ubuntu/wily/wpa/reduce_debian_config_delta

Created by Timo Jyrinki and last modified
Get this branch:
bzr branch lp:~timo-jyrinki/ubuntu/wily/wpa/reduce_debian_config_delta
Only Timo Jyrinki can upload to this branch. If you are Timo Jyrinki please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Timo Jyrinki
Status:
Development

Recent revisions

21. By Timo Jyrinki

* debian/config/wpasupplicant/linux:
  - Reduce the delta to Debian by removing the double setting of CONFIG_AP
    and CONFIG_P2P. The only actual delta is CONFIG_ANDROID_HAL.

20. By Mathieu Trudel-Lapierre

* New upstream release.
* Merge with Debian unstable; remaining changes:
  - debian/patches/session-ticket.patch: disable the TLS Session Ticket
    extension to fix auth with 802.1x PEAP on some hardware.
  - debian/patches/android_hal_fw_path_change.patch: add a DBus method for
    requesting a firmware change when working with the Android HAL; this is
    used to set a device in P2P or AP mode; conditional to CONFIG_ANDROID_HAL
    being enabled.
  - debian/config/wpasupplicant/linux: enable CONFIG_ANDROID_HAL.
  - debian/control: Build-Depends on android-headers to get the required wifi
    headers for the HAL support.
  - debian/patches/dbus-available-sta.patch: Make the list of connected
    stations available on DBus for hotspot mode; along with some of the
    station properties, such as rx/tx packets, bytes, capabilities, etc.
  - debian/patches/CVE-2015-4141.patch: check chunk size: src/wps/httpread.c
    - CVE-2015-4141
  - debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
    - CVE-2015-4142
  - debian/patches/CVE-2015-4143-4146.patch: check lengths in
      src/eap_peer/eap_pwd.c, src/eap_server/eap_server_pwd.c.
    - CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146
  - debian/config/wpasupplicant/linux:
    - Enable CONFIG_AP_MODE (AP mode support) (LP: #1209511).
    - Enable CONFIG_P2P (Wi-Fi Direct support).
* debian/patches/wpa_supplicant-MACsec-fix-build-failure-for-IEEE8021.patch,
  debian/patches/include-ieee802_11_common.c-in-wpa_supplicant-build-.patch,
  d/p/hostapd_fix-hostapd-operation-without-hw_mode-driver-data.patch:
  dropped patches included upstream.
* Refreshed all patches.

19. By Marc Deslauriers

* SECURITY UPDATE: memcpy overflow in P2P functionality
  - debian/patches/CVE-2015-1863.patch: validate SID element length in
    src/p2p/p2p.c.
  - CVE-2015-1863
* SECURITY UPDATE: denial of service via WPS UPnP
  - debian/patches/CVE-2015-4141.patch: check chunk size in
    src/wps/httpread.c.
  - CVE-2015-4141
* SECURITY UPDATE: denial of service via AP mode WMM Action frame
  - debian/patches/CVE-2015-4142.patch: check length in src/ap/wmm.c.
  - CVE-2015-4142
* SECURITY UPDATE: denial of service via EAP-pwd
  - debian/patches/CVE-2015-4143-4146.patch: check lengths in
    src/eap_peer/eap_pwd.c, src/eap_server/eap_server_pwd.c.
  - CVE-2015-4143
  - CVE-2015-4144
  - CVE-2015-4145
  - CVE-2015-4146

18. By Martin Pitt

Cherry-pick from Debian svn:
Add wpasupplicant_fix-systemd-unit-dependencies.patch: Fix systemd unit
dependencies for wpasupplicant, it needs to be started before the network
target (Closes: 780552, LP: #1431774).

17. By Mathieu Trudel-Lapierre

debian/patches/dbus-available-sta.patch: Make the list of connected
stations available on DBus for hotspot mode; along with some of the
station properties, such as rx/tx packets, bytes, capabilities, etc.

16. By Mathieu Trudel-Lapierre

* debian/patches/android_hal_fw_path_change.patch: add a DBus method for
  requesting a firmware change when working with the Android HAL; this is
  used to set a device in P2P or AP mode; conditional to CONFIG_ANDROID_HAL
  being enabled.
* debian/config/wpasupplicant/linux: enable CONFIG_ANDROID_HAL.
* debian/control: Build-Depends on android-headers to get the required wifi
  headers for the HAL support.

15. By Marc Deslauriers

* SECURITY UPDATE: arbitrary command execution via unsanitized string
  passed to action scripts by wpa_cli and hostapd_cli
  - debian/patches/CVE-2014-3686.patch: added os_exec() helper to
    src/utils/os.h, src/utils/os_unix.c, src/utils/os_win32.c,
    use instead of system() in wpa_supplicant/wpa_cli.c,
    hostapd/hostapd_cli.c.
  - CVE-2014-3686

14. By Mathieu Trudel-Lapierre

debian/patches/git_update_scan_res_for_apscan_1_068e3877.patch: update
scan results when using ap_scan=1; this avoids 4-way handshake failures
while roaming. (LP: #1348105)

13. By Colin Watson

No-change rebuild with pkg-create-dbgsym 0.65 so that the full set of
debug symbol packages are generated.

12. By Mathieu Trudel-Lapierre

* New upstream release (LP: #1099755)
* debian/get-orig-source: update for new git repository for the current
  hostap/wpasupplicant versions.
* Dropped patches due to being applied upstream and included in the current
  source tarball:
  - debian/patches/11_wpa_gui_ftbfs_gcc_4_7.patch
  - debian/patches/13_human_readable_signal.patch
  - debian/patches/git_deinit_p2p_context_on_mgmt_remove_ff1f9c8.patch
  - debian/patches/libnl3-includes.patch
* debian/patches/git_accept_client_cert_from_server.patch: revert the commit:
  "OpenSSL: Do not accept SSL Client certificate for server", which breaks
  many AAA servers that include both client and server EKUs. Cherry-picked
  from hostap git commit b62d5b5.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/wily/wpa
This branch contains Public information 
Everyone can see this information.

Subscribers