wpa (2:2.7+git20190128+0c1e29f-6+deb10u3) buster-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * WPS UPnP: Do not allow event subscriptions with URLs to other networks
    (CVE-2020-12695) (Closes: #976106)
  * WPS UPnP: Fix event message generation using a long URL path
    (CVE-2020-12695) (Closes: #976106)
  * WPS UPnP: Handle HTTP initiation failures for events more properly
    (CVE-2020-12695) (Closes: #976106)
  * P2P: Fix copying of secondary device types for P2P group client
    (CVE-2021-0326) (Closes: #981971)
  * P2P: Fix a corner case in peer addition based on PD Request
    (CVE-2021-27803)

 -- Salvatore Bonaccorso <carnil@debian.org>  Fri, 16 Apr 2021 15:07:06 +0200

wpa (2:2.7+git20190128+0c1e29f-6+deb10u2) buster; urgency=medium

  * Apply upstream patches:
    - Do not try to detect PSK mismatch during PTK rekeying.
      Fixes the 4-way WPA handshake in some situations.
    - Check for FT support when selecting FT suites.
      Closes: #942164.
    - Fix RTM NEW/DELLINK IFLA_IFNAME copy for maximum ifname length.
      Fixes the MAC randomisation issue with some cards.
      LP: #1867908.

 -- Andrej Shadura <andrewsh@debian.org>  Tue, 24 Mar 2020 11:26:58 +0100

wpa (2:2.7+git20190128+0c1e29f-6+deb10u1) buster-security; urgency=medium

  * SECURITY UPDATE:
    - AP mode PMF disconnection protection bypass.
      More details:
       + https://w1.fi/security/2019-7/
      Closes: #940080 (CVE-2019-16275)
    - Timing-based side-channel attack against WPA3's Dragonfly handshake
      when using Brainpool curves.
      More details:
       + https://w1.fi/security/2019-6/
       + https://wpa3.mathyvanhoef.com/
      Closes: #934180 (CVE-2019-13377)

 -- Andrej Shadura <andrewsh@debian.org>  Tue, 17 Sep 2019 11:58:08 +0200

wpa (2:2.7+git20190128+0c1e29f-6) unstable; urgency=medium

  * Make sure the hostapd unit is masked when there’s no configuration
    file available (Closes: #928948)

 -- Andrej Shadura <andrewsh@debian.org>  Thu, 06 Jun 2019 15:16:29 +0200

wpa (2:2.7+git20190128+0c1e29f-5) unstable; urgency=high

  * Fix security issue 2019-5:
    - EAP-pwd message reassembly issue with unexpected fragment
      (Closes: #927463, no CVE assigned).

 -- Andrej Shadura <andrewsh@debian.org>  Fri, 26 Apr 2019 14:55:52 +0200

wpa (2:2.7+git20190128+0c1e29f-4) unstable; urgency=high

  * Apply security fixes (Closes: #926801):
    - CVE-2019-9494: SAE cache attack against ECC groups (VU#871675)
    - CVE-2019-9495: EAP-pwd cache attack against ECC groups
    - CVE-2019-9496: SAE confirm missing state validation
    - CVE-2019-9497: EAP-pwd server not checking for reflection attack
    - CVE-2019-9498: EAP-pwd server missing commit validation for scalar/element
    - CVE-2019-9499: EAP-pwd peer missing commit validation for scalar/element

    For more details, see:
    - https://w1.fi/security/2019-1/
    - https://w1.fi/security/2019-2/
    - https://w1.fi/security/2019-3/
    - https://w1.fi/security/2019-4/

 -- Andrej Shadura <andrewsh@debian.org>  Wed, 10 Apr 2019 19:00:22 +0200

wpa (2:2.7+git20190128+0c1e29f-3) unstable; urgency=medium

  * Print the warning and exit after sourcing /lib/lsb/init-functions
    (Closes: #924666).
  * Recognise multiple configs in DAEMON_CONF and verify them all.
  * Fix ENGINE support with OpenSSL 1.1+ (Closes: #924632).

 -- Andrej Shadura <andrewsh@debian.org>  Fri, 15 Mar 2019 17:44:51 +0100

wpa (2:2.7+git20190128+0c1e29f-2) unstable; urgency=medium

  * Apply an RFC patch to work around big endian keyidx.
    This is likely to fix #919138, but more testing is needed.

 -- Andrej Shadura <andrewsh@debian.org>  Tue, 19 Feb 2019 19:14:56 +0100

wpa (2:2.7+git20190128+0c1e29f-1) unstable; urgency=medium

  * Upload to unstable.
  * New upstream snapshot 2.7+git20190128+0c1e29f.
  * Add Files-Excluded to debian/copyright.
  * Watch the upstream git.
  * Refresh hostapd/wpasupplicant configs, enable CONFIG_GETRANDOM
    (Closes: #914490)

 -- Andrej Shadura <andrewsh@debian.org>  Tue, 29 Jan 2019 18:11:01 +0100

wpa (2:2.7+git20190108+11ce7a1-2) experimental; urgency=medium

  * Disable MBO, FILS, FILS_SK_PFS, MESH, they cause failures
    with some drivers.

 -- Andrej Shadura <andrewsh@debian.org>  Tue, 22 Jan 2019 17:45:26 +0100

wpa (2:2.7+git20190108+11ce7a1-1) experimental; urgency=medium

  * New upstream snapshot.
  * Drop patches applied upstream.

 -- Andrej Shadura <andrewsh@debian.org>  Fri, 11 Jan 2019 00:35:23 +0100

wpa (2:2.7-3) unstable; urgency=medium

  * Upload to unstable.
  * Refresh dbus-available-sta.patch from the upstream.
  * Since we use Type=forking, pass -B to hostapd (Closes: #918861).
  * Apply upstream fixes for 802.1X 4-way handshake offload.
  * Bump Standards-Version to 4.3.0.
  * Use debhelper-compat (= 12).
  * Drop dh_systemd_enable calls and overrides.
  * Move manual installs into .install as much as possible.
  * Drop ancient preinst scripts.
  * Add Pre-Depends to hostapd.
  * Display a warning if DAEMON_CONF is not /etc/hostapd/hostapd.conf.
  * Default to /etc/hostapd/hostapd.conf.
  * Update README.Debian in hostapd.

 -- Andrej Shadura <andrewsh@debian.org>  Fri, 11 Jan 2019 00:17:14 +0100

wpa (2:2.7-2) experimental; urgency=medium

  * Re-enable TLSv1.0 and security level 1 for wpasupplicant
    (Closes: #907518, #911297).
  * Enable more build-time options.
  * Flip CONFIG_DRIVER_MACSEC_QCA on Linux and kFreeBSD
  * Add DPP README.
  * Make wpa_supplicant reproducible.

 -- Andrej Shadura <andrewsh@debian.org>  Sat, 15 Dec 2018 15:31:57 +0100

wpa (2:2.7-1) experimental; urgency=medium

  * New upstream version 2.7.
  * Enable FILS.
  * Add debian/upstream/signing-key.asc, update debian/watch to
    verify PGP signatures on tarballs.

 -- Andrej Shadura <andrewsh@debian.org>  Mon, 03 Dec 2018 19:36:56 +0100

wpa (2:2.7~git20181004+1dd66fc-1) experimental; urgency=medium

  * New upstream snapshot 2.7~git20181004+1dd66fc.

 -- Andrej Shadura <andrewsh@debian.org>  Sun, 07 Oct 2018 11:14:08 +0200

wpa (2:2.7~git20180706+420b5dd-1) experimental; urgency=medium

  * New upstream snapshot 2.7~git20180706+420b5dd.
  * Disable dbus-available-sta.patch since it is not ready for use yet.
  * Enable OWE, DPP and SAE

 -- Andrej Shadura <andrewsh@debian.org>  Sun, 22 Jul 2018 17:02:30 +0200

wpa (2:2.7~git20180606+b915f2c-1) experimental; urgency=medium

  * New upstream snapshot 2.7~git20180606+b915f2c.
  * Remove dbus changes to StaAuthorized/StaDeauthorized after discussions
    with the upstream.

 -- Andrej Shadura <andrewsh@debian.org>  Fri, 08 Jun 2018 14:48:51 +0200

wpa (2:2.7~git20180504+60a5737-1) experimental; urgency=medium

  * New upstream snapshot 2.7~git20180504+60a5737.
  * Synchronise configs from the upstream.
  * Drop patches previously cherry-picked from the upstream.
  * Support ACS (Closes: #885957).

 -- Andrej Shadura <andrewsh@debian.org>  Mon, 07 May 2018 19:57:47 +0200

wpa (2:2.6-21) unstable; urgency=medium

  * Fix a typo in the patch.

 -- Andrej Shadura <andrewsh@debian.org>  Sat, 15 Dec 2018 17:38:19 +0100

wpa (2:2.6-20) unstable; urgency=medium

  * Rework the TLSv1.0 patch.

 -- Andrej Shadura <andrewsh@debian.org>  Sat, 15 Dec 2018 15:53:58 +0100

wpa (2:2.6-19) unstable; urgency=medium

  [ Ondřej Nový ]
  * d/copyright: Use https protocol in Format field
  * d/changelog: Remove trailing whitespaces

  [ Andrej Shadura ]
  * Re-enable TLSv1.0 and security level 1 for wpasupplicant.
    (Closes: #907518, #911297).
  * Modernise debian/rules.

 -- Andrej Shadura <andrewsh@debian.org>  Sat, 15 Dec 2018 15:21:08 +0100

wpa (2:2.6-18) unstable; urgency=high

  * Fix NL80211_ATTR_SMPS_MODE encoding (Closes: #903952)
  * SECURITY UPDATE:
    - CVE-2018-14526: Ignore unauthenticated encrypted EAPOL-Key data
      (Closes: #905739)

 -- Andrej Shadura <andrewsh@debian.org>  Wed, 08 Aug 2018 22:50:11 +0200

wpa (2:2.6-17) unstable; urgency=medium

  * Fix get-orig-source so that it can produce pre-release snapshots.
  * Remove dbus changes to StaAuthorized/StaDeauthorized after discussions
    with the upstream.

 -- Andrej Shadura <andrewsh@debian.org>  Fri, 08 Jun 2018 14:30:54 +0200

wpa (2:2.6-16) unstable; urgency=medium

  * Fix README.Debian: MyNetWork, not NETBEER (Closes: #791333).
  * Restart hostapd on a failure after 2s.
  * Add a template for per-interface hostapd services (Closes: #889508).
  * Merge a patch from Ubuntu:
    - debian/patches/dbus-available-sta.patch: Make the list of connected
      stations available on DBus for hotspot mode; along with some of the
      station properties, such as rx/tx packets, bytes, capabilities, etc.

 -- Andrej Shadura <andrewsh@debian.org>  Mon, 07 May 2018 15:32:41 +0200

wpa (2:2.6-15) unstable; urgency=medium

  * Update debian/control:
    - Update Maintainer field to point to $package@packages.debian.org
    - Update Vcs-* fields to point to salsa.d.o
    - Drop no longer active uploaders.

 -- Andrew Shadura <andrewsh@debian.org>  Thu, 28 Dec 2017 11:26:28 +0100

wpa (2:2.6-14) unstable; urgency=medium

  * Replace the PEM fix patch by Lukasz Siudut with an upstream patch.
    Thanks to David Benjamin <davidben@google.com>.
  * Apply patches from Beniamino Galvani:
    - Fix race condition in detecting MAC address change
    - Update MAC address when driver detects a change
  * Disable WNM to resolve a compatibility issue with wl.
    Thanks to YOSHINO Yoshihito <yy.y.ja.jp@gmail.com>.
    Hopefully really closes: #833507.

 -- Andrew Shadura <andrewsh@debian.org>  Thu, 28 Dec 2017 09:51:29 +0100

wpa (2:2.6-13) unstable; urgency=medium

  * Fix a typo in functions.sh (Closes: #883659).

 -- Andrew Shadura <andrewsh@debian.org>  Thu, 07 Dec 2017 18:24:27 +0100

wpa (2:2.6-12) unstable; urgency=medium

  * Add wl to the blacklist for MAC randomisation. (Closes: #833507)
  * Blacklist an out-of-tree driver for Realtek RTL8188EU too.

 -- Andrew Shadura <andrewsh@debian.org>  Tue, 05 Dec 2017 12:32:27 +0100

wpa (2:2.6-11) unstable; urgency=medium

  * Unbreak EAP-TLS.
    Thanks to Dmitry Borodaenko <angdraug@debian.org>

 -- Andrew Shadura <andrewsh@debian.org>  Thu, 30 Nov 2017 11:21:43 +0100

wpa (2:2.6-10) unstable; urgency=medium

  * Mask hostapd every time it has no valid configuration.

 -- Andrew Shadura <andrewsh@debian.org>  Tue, 28 Nov 2017 12:28:13 +0100

wpa (2:2.6-9) unstable; urgency=medium

  * Tell NetworkManager to not touch MAC addresses on unsupported drivers.
    Hopefully, this will fix #849077.

 -- Andrew Shadura <andrewsh@debian.org>  Tue, 28 Nov 2017 11:27:52 +0100

wpa (2:2.6-8) unstable; urgency=medium

  * Revert "Build wpa_supplicant with interface matching support."
    (Closes: #882716).
  * Drop override_dh_builddeb.
  * Use dh 10.
  * Prevent hostapd from failing on the package install when there
    isn't a valid configuration file yet (Closes: #882740):
    - Don't enable hostapd.service by default.
    - Mask hostapd.service on the first install.

 -- Andrew Shadura <andrewsh@debian.org>  Sun, 26 Nov 2017 19:38:57 +0000

wpa (2:2.6-7) unstable; urgency=medium

  * Upload to unstable.
  * Optional AP side workaround for key reinstallation attacks (LP: #1730399).

 -- Andrew Shadura <andrewsh@debian.org>  Fri, 24 Nov 2017 16:29:25 +0000

wpa (2:2.6-6) experimental; urgency=medium

  [ Reiner Herrmann ]
  * Port wpa_gui to Qt5 (Closes: #875233).

  [ Andrew Shadura ]
  * Add a service file for hostapd.
  * Build wpa_supplicant with interface matching support (Closes: #879208).

  [ Benedikt Wildenhain (BO) ]
  * Install wpa_supplicant-wired@.service (Closes: #871488).

  [ Jan-Benedict Glaw ]
  * Consider all ifupdown configuration, not only /etc/network/interfaces
    (Closes: #853293).

 -- Andrew Shadura <andrewsh@debian.org>  Fri, 24 Nov 2017 16:00:19 +0000

wpa (2:2.6-5) experimental; urgency=medium

  [ Yves-Alexis Perez ]
  * Fix multiple issues in WPA protocol (CVE-2017-13077, CVE-2017-13078,
    CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
    CVE-2017-13086, CVE-2017-13087, CVE-2017-13088):
    - hostapd: Avoid key reinstallation in FT handshake
    - Prevent reinstallation of an already in-use group key
    - Extend protection of GTK/IGTK reinstallation of
    - Fix TK configuration to the driver in EAPOL-Key 3/4
    - Prevent installation of an all-zero TK
    - Fix PTK rekeying to generate a new ANonce
    - TDLS: Reject TPK-TK reconfiguration
    - WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode
    - WNM: Ignore WNM-Sleep Mode Response without pending
    - FT: Do not allow multiple Reassociation Response frames
    - TDLS: Ignore incoming TDLS Setup Response retries

 -- Andrew Shadura <andrewsh@debian.org>  Fri, 20 Oct 2017 15:34:09 +0100

wpa (2:2.6-4) experimental; urgency=medium

  * Upload to experimental.
  * Bump the epoch to 2:, as the upload to unstable had to bump epoch.

 -- Andrew Shadura <andrewsh@debian.org>  Fri, 24 Feb 2017 16:45:48 +0100

wpa (2:2.4-1.1) unstable; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix multiple issues in WPA protocol (CVE-2017-13077, CVE-2017-13078,
    CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
    CVE-2017-13086, CVE-2017-13087, CVE-2017-13088):
    - hostapd: Avoid key reinstallation in FT handshake
    - Prevent reinstallation of an already in-use group key
    - Extend protection of GTK/IGTK reinstallation of
    - Fix TK configuration to the driver in EAPOL-Key 3/4
    - Prevent installation of an all-zero TK
    - Fix PTK rekeying to generate a new ANonce
    - TDLS: Reject TPK-TK reconfiguration
    - WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode
    - WNM: Ignore WNM-Sleep Mode Response without pending
    - FT: Do not allow multiple Reassociation Response frames
    - TDLS: Ignore incoming TDLS Setup Response retries

 -- Yves-Alexis Perez <corsac@debian.org>  Mon, 16 Oct 2017 10:28:41 +0200

wpa (2:2.4-1) unstable; urgency=medium

  [ Vincent Danjean ]
  * Build with libssl1.0-dev (Closes: #828601).
  * Add an upstream patch to fix hostapd in SMPS mode (Closes: #854719).

  [ Andrew Shadura ]
  * Don't install debian/system-sleep/wpasupplicant (originally introduced
    to fix LP: #1422143), it doesn't improve the state of the things,
    introduces regressions in some cases, and at all isn't supposed to
    work with how wpa-supplicant is started these days (Closes: #835648).
  * Bump the epoch to 2:, so that we can set the upstream version to
    what we really mean. It also has to be higher than 2.6 in unstable
    and 1:2.6 (what hostapd binary package in unstable has).
  * Drop the binary package epoch override.

 -- Andrew Shadura <andrewsh@debian.org>  Mon, 20 Feb 2017 11:55:11 +0100

wpa (2.6-3) unstable; urgency=medium

  * Cherry-pick the following patches from the upstream:
    - WPS: Force BSSID for WPS provisioning step connection
    - Check for NULL qsort() base pointers
    - Always propagate scan results to all interfaces
    - wpa_supplicant: Restore permanent MAC address on reassociation
    - nl80211: Update channel information after channel switch notification
    - Extend ieee80211_freq_to_channel_ext() to cover channels 52-64
    - Use estimated throughput to avoid signal based roaming decision
    - Use random MAC address for scanning only in non-connected state

 -- Andrew Shadura <andrewsh@debian.org>  Thu, 26 Jan 2017 17:53:41 +0100

wpa (2.6-2) unstable; urgency=medium

  * Upload to unstable.
  * Restore the patch descriptions.
  * Don't install debian/system-sleep/wpasupplicant (originally introduced
    to fix LP: #1422143), it doesn't improve the state of the things,
    introduces regressions in some cases, and at all isn't supposed to
    work with how wpa-supplicant is started these days.

 -- Andrew Shadura <andrewsh@debian.org>  Tue, 20 Dec 2016 21:50:26 +0100

wpa (2.6-1) experimental; urgency=medium

  [ Andrew Shadura ]
  * New upstream version (Closes: #828601,  #832034).
  * Add gbp.conf.

  [ Julian Wollrath ]
  * Refresh patches.

 -- Andrew Shadura <andrewsh@debian.org>  Thu, 20 Oct 2016 18:28:10 +0200

wpa (2.5-2+v2.4-3) unstable; urgency=medium

  [ Helmut Grohne ]
  * Address FTCBFS: Set PKG_CONFIG (Closes: #836074).

  [ Andrew Shadura ]
  * Don't run wpa_cli suspend/resume if /run/wpa_supplicant isn't around
    (Closes: #835648).

 -- Andrew Shadura <andrewsh@debian.org>  Wed, 14 Sep 2016 11:11:01 +0200

wpa (2.5-2+v2.4-2) unstable; urgency=medium

  * Apply patches from upstream to unbreak dedicated P2P Device support
    (closes: #833402).
  * Reapply an accidentally lost patch to fix pkcs11 OpenSSL engine
    initialisation (Closes: #827253).
  * Retroactively redact the last changelog entry to represent the actual
    upload more accurately.

 -- Andrew Shadura <andrewsh@debian.org>  Tue, 09 Aug 2016 20:11:27 +0200

wpa (2.5-2+v2.4-1) unstable; urgency=medium

  [ Ricardo Salveti de Araujo ]
  * debian/patches/dbus-fix-operations-for-p2p-mgmt.patch: fix operations
    when P2P management interface is used (LP: #1482439)

  [ Stefan Lippers-Hollmann ]
  * wpasupplicant: install systemd unit (Closes: #766746).
  * wpasupplicant: configure driver fallback for networkd.
  * import changelogs from the security queues.
  * move previous patch for CVE-2015-1863 into a new subdirectory,
    debian/patches/2015-1/.
  * replace the Debian specific patch "wpasupplicant: fix systemd unit
    dependencies" with a backport of its official upstream change "systemd:
    Order wpa_supplicant before network.target".
  * fix dependency odering when invoked with DBus, by making sure that DBus
    isn't shut down before wpa_supplicant, as that would also bring down
    wireless links which are still holding open NFS shares. Thanks to Facundo
    Gaich <facugaich@gmail.com> and Michael Biebl <biebl@debian.org>
    (Closes: #785579).
  * import NMU changelogs and integrate NMU changes.
  * Add patches to address CVE-2016-4476 and CVE-2016-4477, thanks to Salvatore
    Bonaccorso <carnil@debian.org> (Closes: #823411):
    - WPS: Reject a Credential with invalid passphrase
    - Reject psk parameter set with invalid passphrase character
    - Remove newlines from wpa_supplicant config network output
    - Reject SET_CRED commands with newline characters in the string values
    - Reject SET commands with newline characters in the string values
  * use --buildsystem=qmake_qt4 (available since dh 8.9.1) for debhelper
    (Closes: #823171).
  * fix clean target, by splitting the find call into individual searches.
  * building wpa in a current unstable chroot using debhelper >= 9.20151219
    will introduce automatic dbgsym packages, thereby indirectly providing
    the requested debug packages for stretch and upwards (Closes: #729934).
    Don't add a versioned build-dependency in order to avoid unnecessary
    complications with backports.
  * change Vcs-Browser location to prefer https, but keep the unsecure tag for
    Vcs-Svn, as there is no option allowing to pull from the svn+ssh://
    location without an alioth account, this only makes lintian partially happy
    in regards to vcs-field-uses-insecure-uri.
  * debian/*: fix spelling errors noticed by lintian.
  * drop the obsolete Debian menu entry for wpa_gui, according to the tech-ctte
    decision on #741573.
  * fix debian/get-orig-source for wpa 2.6~.
  * add debian/watch file for the custom tarball generation.

  [ Paul Donohue ]
  * debian/ifupdown/functions.sh: Fix handling for "wpa-roam". Call ifquery
    instead of directly parsing /run/*/ifstate files to work with current
    ifupdown. (Closes: #545766, LP: #1545363)

  [ Martin Pitt ]
  * Add debian/system-sleep/wpasupplicant: Call wpa_cli suspend/resume
    before/after suspend, like the pm-utils hook. In some cases this brings
    back missing Wifi connection after resuming. (LP: #1422143)

  [ Andrew Shadura ]
  * Backout 2.5 release, switch to 2.4 (see #833507 for details).
  * New upstream release (Closes: #806889).
  * Refresh patches, drop patches applied upstream.
  * Update Vcs-* to point to Git.

 -- Andrew Shadura <andrewsh@debian.org>  Fri, 05 Aug 2016 20:45:14 +0200

wpa (2.5-2) unstable; urgency=medium

  * Apply patches from upstream to unbreak dedicated P2P Device support
    (hopefully closes: #833402).

 -- Andrew Shadura <andrewsh@debian.org>  Thu, 04 Aug 2016 11:17:37 +0300

wpa (2.5-1) unstable; urgency=medium

  [ Stefan Lippers-Hollmann ]
  * wpasupplicant: install systemd unit (Closes: #766746).
  * wpasupplicant: configure driver fallback for networkd.
  * import changelogs from the security queues.
  * move previous patch for CVE-2015-1863 into a new subdirectory,
    debian/patches/2015-1/.
  * fix dependency ordering when invoked with DBus, by making sure that DBus
    isn't shut down before wpa_supplicant, as that would also bring down
    wireless links which are still holding open NFS shares. Thanks to Facundo
    Gaich <facugaich@gmail.com> and Michael Biebl <biebl@debian.org>
    (Closes: #785579).
  * import NMU changelogs and integrate NMU changes.
  * Add patches to address CVE-2016-4476 and CVE-2016-4477, thanks to Salvatore
    Bonaccorso <carnil@debian.org> (Closes: #823411):
    - WPS: Reject a Credential with invalid passphrase
    - Reject psk parameter set with invalid passphrase character
    - Remove newlines from wpa_supplicant config network output
    - Reject SET_CRED commands with newline characters in the string values
    - Reject SET commands with newline characters in the string values
  * use --buildsystem=qmake_qt4 (available since dh 8.9.1) for debhelper
    (Closes: #823171).
  * fix clean target, by splitting the find call into individual searches.
  * building wpa in a current unstable chroot using debhelper >= 9.20151219
    will introduce automatic dbgsym packages, thereby indirectly providing
    the requested debug packages for stretch and upwards (Closes: #729934).
    Don't add a versioned build-dependency in order to avoid unnecessary
    complications with backports.
  * change Vcs-Browser location to prefer https
  * debian/*: fix spelling errors noticed by lintian.
  * drop the obsolete Debian menu entry for wpa_gui, according to the tech-ctte
    decision on #741573.
  * fix debian/get-orig-source for wpa 2.6~.
  * add debian/watch file for the custom tarball generation.

  [ Paul Donohue ]
  * debian/ifupdown/functions.sh: Fix handling for "wpa-roam". Call ifquery
    instead of directly parsing /run/*/ifstate files to work with current
    ifupdown. (Closes: #545766, LP: #1545363)

  [ Martin Pitt ]
  * Add debian/system-sleep/wpasupplicant: Call wpa_cli suspend/resume
    before/after suspend, like the pm-utils hook. In some cases this brings
    back missing Wifi connection after resuming. (LP: #1422143)

  [ Andrew Shadura ]
  * New upstream release (Closes: #806889).
  * Refresh patches, drop patches applied upstream.
  * Fix pkcs11 OpenSSL engine initialisation (Closes: #827253).
  * Update Vcs-* to point to Git.

 -- Andrew Shadura <andrewsh@debian.org>  Sun, 31 Jul 2016 18:05:59 +0300

wpa (2.3-2.4) unstable; urgency=medium

  * Non-maintainer upload.
  * Add patches to address CVE-2016-4476 and CVE-2016-4477, thanks to
    Salvatore Bonaccorso <carnil@debian.org> (Closes: #823411):
    - WPS: Reject a Credential with invalid passphrase
    - Reject psk parameter set with invalid passphrase character
    - Remove newlines from wpa_supplicant config network output
    - Reject SET_CRED commands with newline characters in the string values
    - Reject SET commands with newline characters in the string values
  * Refresh patches to apply cleanly.

 -- Andrew Shadura <andrewsh@debian.org>  Thu, 21 Jul 2016 09:01:51 +0200

wpa (2.3-2.3) unstable; urgency=high

  * Non-maintainer upload.
  * Add patch to address CVE-2015-5310.
    CVE-2015-5310: wpa_supplicant unauthorized WNM Sleep Mode GTK control.
    (Closes: #804707)
  * Add patches to address CVE-2015-5314 and CVE-2015-5315.
    CVE-2015-5314: hostapd: EAP-pwd missing last fragment length validation.
    CVE-2015-5315: wpa_supplicant: EAP-pwd missing last fragment length
    validation. (Closes: #804708)
  * Add patch to address CVE-2015-5316.
    CVE-2015-5316: EAP-pwd peer error path failure on unexpected Confirm
    message. (Closes: #804710)

 -- Salvatore Bonaccorso <carnil@debian.org>  Thu, 12 Nov 2015 20:54:12 +0100

wpa (2.3-2.2) unstable; urgency=high

  * Non-maintainer upload.
  * Add patch to address CVE-2015-4141.
    CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer
    encoding. (Closes: #787372)
  * Add patch to address CVE-2015-4142.
    CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing.
    (Closes: #787373)
  * Add patches to address CVE-2015-414{3,4,5,6}
    CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-4146: EAP-pwd missing
    payload length validation. (Closes: #787371)
  * Add patch to address 2015-5 vulnerability.
    NFC: Fix payload length validation in NDEF record parser (Closes: #795740)
  * Thanks to Julian Wollrath <jwollrath@web.de> for the initial debdiff
    provided in #787371.

 -- Salvatore Bonaccorso <carnil@debian.org>  Sat, 31 Oct 2015 14:13:50 +0100

wpa (2.3-2.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Import four patches from upstream git (wpasupplicant_band_selection_*.patch),
    manually unfuzzed, to improve 2.4/5 GHz band selection. (Closes: #795722)

 -- Steinar H. Gunderson <sesse@debian.org>  Sun, 30 Aug 2015 14:47:56 +0200

wpa (2.3-2) unstable; urgency=high

  * remove Kel Modderman from Uploaders as per his request, many thanks for
    all past efforts Kel.
  * fix systemd unit dependencies for wpasupplicant, it needs to be started
    before the network target (Closes: 780552), many thanks to Michael Biebl
    <biebl@debian.org> for reporting and suggesting the patch.
  * hostapd: avoid segfault with driver=wired, by merging upstream commit
    e9b783d58c23a7bb50b2f25bce7157f1f3b5d58b "Fix hostapd operation without
    hw_mode driver data."
  * import "P2P: Validate SSID element length before copying it
    (CVE-2015-1863)" from upstream (Closes: #783148).

 -- Stefan Lippers-Hollmann <s.l-h@gmx.de>  Thu, 23 Apr 2015 05:02:21 +0200

wpa (2.3-1) unstable; urgency=medium

  * New upstream release:
    - fixed by the new upstream version:
      + wpa: arbitrary command execution via action scripts (Closes: #765352).
        wpasupplicant: fixed wpa_cli action script execution to use more
        robust mechanism (CVE-2014-3686).
        hostapd: fixed hostapd_cli action script execution to use more robust
        mechanism (CVE-2014-3686).
      + wpasupplicant: MAC addressing changing broken after updating to 2.2-1
        (Closes: #763775).
      + drop ap_config_c_fix-typo-for-capabilities, applied upstream.
    - backport "Include ieee802_11_common.c in wpa_supplicant build
      unconditionally" from HEAD, to fix a newly introduced FTBS on, at least,
      kfreebsd.
  * bump standards version to 3.9.6, no changes necessary.

 -- Stefan Lippers-Hollmann <s.l-h@gmx.de>  Tue, 14 Oct 2014 21:29:37 +0200

wpa (2.2-1) unstable; urgency=medium

  * New upstream release:
    - import suggested changes from Gerald Turner <gturner@unzane.com> (see
      #718651 for details).
      + disable ACS for hostapd on kfreebsd-any (FTBS).
    - fixed by the new upstream version:
      + wpa_supplicant: OpenSSL: tls_connection_handshake - Failed to read
      (Closes: #561081).
      + wpasupplicant: new upstream release 2.2 (Closes: #718651).
      + wpasupplicant: -s option not documented in man page (Closes: #608135).
    - refresh patches:
      + drop 13_human_readable_signal.patch, applied upstream.
      + drop hostapd_fix-WDS-VLAN-bridge-handling.patch, applied upstream.
      + drop fix-spelling-s-algorith-algorithm.patch, applied upstream.
    - adapt build configs for hostapd/ wpa_supplicant 2.2:
      + sync with updated upstream defconfigs.
      + keep Hotspot 2.0 support disabled for the time being.
      + hostapd: keep sqlite3 support disabled for the time being.
    - update debian/copyright manually, the wpa v2 branch was relicensed from
      (BSD-3-clause || GPL-2) to BSD-3-clause only (for the most part). This
      doesn't change the licensing state as the BSD-3-clause license is
      compatible with GPL-2.
  * drop pre-wheezy /lib/init/rw/sendsigs.omit.d/ migration support, invert the
    versioned initscripts dependency to a versioned breaks relation.
  * migrate from /var/run/ to /run/.
  * adapt get-orig-source for wpa 2.2.
  * drop version qualifiers for libnl3 build dependencies, as they're
    fullfilled by wheezy.
  * drop version qualifiers for the lsb-base build dependency, as they're
    fullfilled by squeeze.
  * shorten short description for hostapd.
  * sort debian/control entries.
  * make lintian happy (invalid-short-name-in-dep5-copyright bsd) and call it
    BSD-3-clause.
  * enable DEBUG_SYSLOG and set DEBUG_SYSLOG_FACILITY=LOG_DAEMON, as requested
    by Cyril Brulebois <kibi@debian.org> to improve logging options for d-i and
    netcfg (Closes: #761922).
  * fix various typos around "existence", thanks to A. Costa <agcosta@gis.net>,
    (Closes: #683636).
  * ap_config.c: fix typo for "capabilities".
  * remove no longer required lintian override (spelling-error-in-binary for
    the).

 -- Stefan Lippers-Hollmann <s.l-h@gmx.de>  Wed, 17 Sep 2014 04:52:36 +0200

wpa (1.1-1) unstable; urgency=medium

  * New upstream release:
    - drop 11_wpa_gui_ftbfs_gcc_4_7, applied upstream.
    - drop EAP-TLS-server_fix-TLS-Message-length-validation, applied upstream.
    - fixes:
      - EAP access point constantly roaming with proactive key caching
        (Closes: #711063).
  * enable IBSS RSN, thanks to Nicolas Cavallari <batchman@free.fr>
    (Closes: #678147).
  * enable simple AP support for wpasupplicant, thanks to Patrik Flykt
    <patrik.flykt@linux.intel.com> (Closes: #690536).
  * use the readline6, wpa_cli doesn't link to openssl.
  * link with --as-needed.
  * compress binaries with xz.
  * debian/get-orig-source: switch to xz compressed upstream tarballs.
  * debian/get-orig-source: adapt for the post 1.x upstream branch.
  * debian/get-orig-source: support named snapshots, see debian/README.source
    for detailed syntax and semantics.
  * debian/README.source: explain fetching git snapshots by specifying their
    git hash.
  * debian/README.source: update to match current reality and apply grammar
    fixes.
  * debian/README.source: drop trailing whitespace.
  * fix hardening flags, thanks a lot to Florent Daigniere
    <nextgens@freenetproject.org> (Closes: #725865).
  * debian/control: fold dependencies.
  * bump standards version to 3.9.5, no changes necessary.
  * reflect reality and adapt the maintainer mail address not to claim
    representing Ubuntu.
  * drop wheezy-specific comments in the configuration files.
  * glob 'wpa-password' as well and hide its debugging output, this hopefully
    closes: #728092.
  * enable EAP-FAST, openssl in Debian is now new enough (Closes: #685685).
  * update to new alioth URIs (vcs-field-not-canonical).
  * add Keywords entry for desktop files (desktop-entry-lacks-keywords-entry).
  * functions.sh: s/particuarly/particularly/, thanks to Vincent Lefevre
    <vincent@vinc17.net> (Closes: #734422).
  * fix FTBS using gcc-4.8 by linking with -ldl on kfreebsd-any; the udeb
    packages don't provide EAP support and are therefore unaffected. This is
    already accounted for by the upstream Makefile, however wrongly depending
    on !CONFIG_DRIVER_BSD, while it is actually depending on the target libc
    rather than the kernel (Closes: #737465). Thanks to Cyril Brulebois
    <kibi@debian.org> and Steven Chamberlain <steven@pyro.eu.org>.
  * import "hostapd: Fix WDS VLAN bridge handling" by Felix Fietkau
    <nbd@openwrt.org> from upstream, thanks to Mark Hindley
    <mark@hindley.org.uk> (Closes: #737109).
  * drop build-conflicts with libqt3-dev as the package is no longer available
    >= lenny, thanks to Michael Biebl <biebl@debian.org>.
  * drop pre-dependency on dpkg (>= 1.15.6~), data.tar.xz-member-without-dpkg-
    pre-depends is no longer a problem after Ubuntu lucid is EOL. Thanks to
    Michael Biebl for noticing.
  * drop build-dependency on libdbus-glib-1-dev, it is no longer required for
    dbus-binding-tool, thanks to Michael Biebl.
  * allow parallel building.
  * fix spelling s/algorith/algorithm/.
  * add lintian overrides for false positive spelling complaints.

 -- Stefan Lippers-Hollmann <s.l-h@gmx.de>  Fri, 21 Feb 2014 01:07:28 +0100

wpa (1.0-3.1) unstable; urgency=low

  * Non-Maintainer Upload
  * enable IBSS RSN, thanks to Nicolas Cavallari <batchman@free.fr>
    (Closes: #678147).

 -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Thu, 05 Dec 2013 13:56:15 -0500

wpa (1.0-3) unstable; urgency=high

  * ship forgotten README-P2P.
  * revert to GNU readline for wpa_cli, instead of using the internal readline
    implementation added in wpa 1~. Prefer libreadline-gplv2-dev, because libnl
    is GPL-2 (only) - switching back to the internal readline implementation is
    targeted for wheezy+1 (Closes: #677993, #678077).
  * Fix DoS via specially crafted EAP-TLS messages with longer message
    length than TLS data length (CVE-2012-4445, DSA 2557-1, Closes: #689990).

 -- Stefan Lippers-Hollmann <s.l-h@gmx.de>  Mon, 08 Oct 2012 17:48:04 +0200

wpa (1.0-2) unstable; urgency=low

  * Really enable hardened build flags, thanks Simon Ruderich
    <simon@ruderich.org>. (Closes: #657332)
  * Do not suppress compilation output, set V=1.

 -- Kel Modderman <kel@otaku42.de>  Mon, 14 May 2012 06:39:13 +1000

wpa (1.0-1) unstable; urgency=low

  [ Stefan Lippers-Hollmann ]
  * New upstream release, no code changes since 1.0~rc3.
  * upload to unstable, to fix FTBS with gcc-4.7.
  * update debian/README.source.

  [ Kel Modderman ]
  * No longer explicitly add --as-needed to LDFLAGS, it is no longer
    required since wpa_cli stopped linking to libreadline (WPA_CLI_EDIT=y).

 -- Kel Modderman <kel@otaku42.de>  Fri, 11 May 2012 13:58:51 +1000

wpa (1.0~rc3-1) experimental; urgency=low

  [ Stefan Lippers-Hollmann ]
  * import new upstream snapshot 1.0-rc3:
    - fixes:
      - hostapd: Fails to authenticate on wpa2 password (Closes: #483924)
      - hostapd: EAPOL reauthentication/rekeying timeout loop when using WMM
        (Closes: #655129, #659059)
    - rebase patches:
      - libnl3-includes
    - update hostapd configs.
    - update wpa_supplicant configs.
  * merge source packages for hostapd and wpasupplicant under the new name
    "wpa", which is also used by upstream.
  * restrict wpasupplicant to linux-any and kfreebsd-any, hurd lacks kernel
    support.
  * bump standards version to 3.9.3, no changes necessary.
  * update dep-5 version to final 1.0, no changes necessary:
    - order licenses alphabetically.
  * build-depend on docbook-to-man explicitly.
  * convert packaging to Multi-Arch, bump compat level to 9 and debhelper
    build-dependency accordingly; all binaries are Multi-Arch=foreign.
  * update debian/copyright for wpa 1.0~rc2 and merged sources.
  * fix clean target and make sure to succeed building twice in a row.
  * drop build-dependency on libreadline-dev, it's no longer needed with
    WPA_CLI_EDIT.
  * remove watch file, there is no corresponding upstream tarballs at the
    moment.
  * add (temporary?) get-orig-source target to debian/rules, which fetches the
    last tagged upstream version corresponding to debian/changelog.
    - add a lintian override for this, upstream doesn't want to release
      tarballs at the moment.
  * use epoche only for hostapd binaries.

  [ Kel Modderman ]
  * export BINDIR=/sbin, the build system now requires it when patching
    D-Bus/systemd configuration.
  * quieten the upstream build system so that errors/warning are more visible.
  * assist with adaptation of debian/rules for merge of wpa_supplicant/hostapd:
    - add docbook-utils to build dependency list and make documentation from
      sgml source
    - ensure shared code under src/ is cleaned between wpa_supplicant/hostapd
      builds
    - put wpa_supplicant/hostapd ifupdown hooks in their own namespace, adapt
      installation of ifupdown hooks
  * drop the netdev_wrapper script from wpagui and associated patch
  * install systemd service unit file
  * refresh D-Bus service activation file patch which starts process with
    syslog and control socket support, also patch systemd service file
  * drop 09_dbus_emit_change_events.patch, applied upstream.
  * fix ftbfs with gcc/g++ 4.7 (Closes: 667416)
  * enable hardened build flags. (Closes: #657332)
  * remove DEB_BUILD_OPTIONS=noopt handling from debian/rules, no longer
    required since dpkg-buildflags honors it.
  * Add ability to set CC for cross building support (untested).
  * Remove Faidon Liambotis <paravoid@debian.org> from Uploaders as per
    his request, many thanks for all past efforts Faidon.
  * Only build manpages from docbook source, we do not currently use the
    html or pdf products.

 -- Kel Modderman <kel@otaku42.de>  Sat, 21 Apr 2012 15:59:32 +1000

wpasupplicant (0.7.3-6) unstable; urgency=low

  * add "hostap: Allow linking with libnl-3" from Ben Greear
    <greearb@candelatech.com> to allow building against libnl3 3.2.
  * raise versioned build-dependency to (>= 3.2.3-2~), we need
    libnl-genl-3-200-udeb and expect it in /lib/.
  * switch build dependency from libnl3-dev to libnl-3-dev && libnl-genl-3-dev
    accordingly.
  * symlink /usr/share/doc/wpasupplicant/ to /usr/share/doc/wpa_supplicant,
    which is referred to from upstream documentation (Closes: #537375,
    #616120).
  * enable BGSCAN_SIMPLE (Closes: #650834).
  * add "For MS-CHAP, convert the password from UTF-8 to UCS-2" from
    Evan Broder <ebroder@mokafive.com>, accepted upstream into hostap-1.git
    (Closes: #649202).

 -- Stefan Lippers-Hollmann <s.l-h@gmx.de>  Mon, 19 Dec 2011 23:31:20 +0100

wpasupplicant (0.7.3-5) unstable; urgency=low

  * restrict wpasupplicant-udeb to linux-any, until a udeb for libpcap0.8 gets
    available for kfreebsd-any (Closes: #644823).
  * build-depend on libncurses5-dev explicitly, as it is no longer pulled in
    indirectly.

 -- Stefan Lippers-Hollmann <s.l-h@gmx.de>  Fri, 14 Oct 2011 10:35:42 +0200

wpasupplicant (0.7.3-4) unstable; urgency=low

  [ Kel Modderman ]
  * Support /run/sendsigs.omit.d/ (Closes: #633040):
    - depend on initscripts (>= 2.88dsf-13.3)
    - create new omission pid files in /run/sendsigs.omit.d/ unconditionally
    - migrate existing omission pid files from /lib/init/rw/ to
      /run/sendsigs.omit.d/
  * ACK NMU (Closes: #610931)
    - add wpasupplicant-udeb
    - build against libnl3
  * Improve integration of the udeb addition with existing debian/rules:
    - build the required binary in the build target in similar way to standard
      package build
    - install binary manually in dh_auto_install override rather than
      wpasupplicant-udeb.install to handle renaming of binary
    - sync udeb CFLAGS with the standard build
    - allow potential for non-linux udebs, add a kfreebsd udeb configuration
      snippet
  * Filter the numerous hyphen-used-as-minus-sign informational messages
    from lintian output.
  * Add preferred options to debian/source/local-options to assist with quilt
    patch management.
  * Add patch for wpa_gui-qt4 which displays scan results signal strength in
    dBm with bar indicator. (Closes: #630681)

  [ Stefan Lippers-Hollmann ]
  * make wpasupplicant-udeb arch=any, an initial kfreebsd udeb config is now
    provided as well.
  * use Package-Type instead of XC-Package-Type for wpasupplicant-udeb,
    dpkg-dev >1.15.7 is available in squeeze.
  * add a dependency on ${misc:Depends} for the udeb package as well.
  * adapt debian/copyright to recent changes (r174) in DEP-5 and use the new
    anonscm URL.
  * don't use /run/sendsigs.omit.d/ if it hasn't already been created by
    mountkernfs.sh (e.g. when using systemd), thanks to Michael Biebl.

 -- Stefan Lippers-Hollmann <s.l-h@gmx.de>  Mon, 26 Sep 2011 23:30:00 +0200

wpasupplicant (0.7.3-3.1) unstable; urgency=low

  * Non-maintainer upload with the agreement of Kel Modderman.

  [ Stefan Lippers-Hollmann ]
  * bump standards version to 3.9.2, no changes necessary.

  [ Gaudenz Steinlin ]
  * Add wpasupplicant-udeb for debian-installer. Thanks to
    Mathew Palmer for providing the initial patch. (Closes: #610931)
  * Build against libnl3

 -- Gaudenz Steinlin <gaudenz@debian.org>  Sat, 30 Jul 2011 14:10:31 +0200

wpasupplicant (0.7.3-3) unstable; urgency=low

  * Restore code which loop waits for wpa_supplicant generated PID and
    UNIX socket on the filesystem before proceeeding with execution of
    ifupdown script. (Closes: #622757, #622589)
  * On DISCONNECTED event using wpa-roam, do not immediately issue
    reassociation command. (Closes: #622821)
  * Enable CONFIG_IEEE80211W in build configuration. (Closes: #622587)

 -- Kel Modderman <kel@otaku42.de>  Sun, 17 Apr 2011 21:07:58 +1000

wpasupplicant (0.7.3-2) unstable; urgency=low

  * Upload to unstable.
  * Remove 08_pcsc_dynamic.patch and forget the idea about dynamically
    loading libpcsc. (Closes: #618719)
  * Build with support for pcsc and link with libpcsc. Reopens #531592
    and #612715.

 -- Kel Modderman <kel@otaku42.de>  Tue, 12 Apr 2011 22:37:40 +1000

wpasupplicant (0.7.3-1) experimental; urgency=low

  [ Kel Modderman ]
  * ACK NMU (Closes: #582917) and integrate changelog.
  * New upstream release (Closes: #591371).
    - nl80211 driver interface doesn't use WEXT compat layer
      (Closes: #570688)
  * Adjust debian/watch for 0.7.X series of upstream.
  * Drop patches applied upstream:
    - 11_syslog.patch
    - 18_wpa_gui_wps_ap_avail_annoyance.patch
    - 20_wpa_msg_ctrl_wps.patch
    - 21_kfreebsd.patch
    - 30_cfg80211_association_optimisation.patch
  * Refresh patch series and merge with new upstream.
  * Change build configuration:
    - remove all comments from our config
    - enable new D-Bus interface
    - disable experimental feature CONFIG_EAP_PSK
    - enable CONFIG_AP, which allows hostapd-like functionality
  * Install D-Bus service activation file for new interface.
  * Set default driver type to nl80211,wext in ifupdown glue.
  * Remove duplicate handling of wpa-mode in ifupdown/functions.sh.
  * Add support for scan_freq and freq_list in ifupdown/functions.sh.
  * Install pm-utils action script to notify wpa_supplicant of susepnd
    and resume events.
  * Remove pm-utils stuff from debian/ifupdown/action_wpa.sh.
  * Remove sleep loops which wait for creation of interface specific
    control sockets, these are now created before the process is
    backgrounded (http://w1.fi/bugz/show_bug.cgi?id=283).
  * After a disconnected event, attempt to reassociate to a network
    when using wpa-roam.
  * Add statement to debian/copyright about our choice to distribute
    this software under BSD license and link with openssl.
  * Override lintian in the case of possible-gpl-code-linked-with-
    openssl.
  * Establish control interface when D-Bus activated wpa_supplicant
    daemon starts. (Closes: #606051)
  * Update all patches with DEP-3 compliant header information.
  * Cherry pick upstream commit which fixes up emission of change events
    over D-bus. (Closes: #617199)
  * Add patch to load libpcsclite1 via dlopen(), making pcsc support
    optional. (Closes: #612842, #612715, #583671, #531592)
  * Set build config option CONFIG_PCSC=dyn to use above mentioned feature.
  * Add patch to wpa_gui to use KDE's KNotify when running under KDE.
    (Closes: #582793)
  * Adjust versioned debhelper build-depends to (>> 8).
  * Use architecture wildcards in debian/control.
  * Adjust wpagui versioned dependency on wpasupplicant to >= 0.7.3 to
    make sure all new UI features are supported.

  [ Stefan Lippers-Hollmann ]
  * Add myself to uploaders.
  * Bump policy version to 3.9.1:
    - Include full text of the employed BSD license variant and no longer
      refer to Debian's common license template.
  * Bump compat level to 8 and debhelper build-depends to >= 7.9.3~
    accordingly, retaining backportability for squeeze (plain lenny isn't an
    option due to simplified dh7 usage).
  * Refresh patch series and merge with new upstream (0.7.3).
  * Drop patches applied upstream:
    - patches/10_wpa_gui_qt4_network_id_qregexp.patch
    - patches/11_wpa_supplicant_enable_network_tweak.patch
  * update machine readable debian/copyright to be compatible with DEP5 r135.
  * initial update of existing debian/copyright entries.

 -- Kel Modderman <kel@otaku42.de>  Tue, 08 Mar 2011 22:02:17 +1000

wpasupplicant (0.6.10-2.1) unstable; urgency=low

  * Non-maintainer upload approved by Kel Modderman.
  * Added patch 31_fallback_to_full_EAP_authentication.patch (closes: #582917).

 -- Micha Lenk <micha@debian.org>  Sun, 28 Nov 2010 12:22:01 +0100

wpasupplicant (0.6.10-2) unstable; urgency=low

  * Switch to source format 3.0 (quilt), drop quilt build dependency
    and remove '--with quilt' from dh command in debian/rules.
  * Fix "FTBFS on kfreebsd-gnu" with addition of 21_kfreebsd.patch.
    Thanks to work by Stefan Lippers-Hollmann and Petr Salinger.
    (Closes: #480572)
  * Disable experimental feature CONFIG_IEEE80211W (management frame
    protection) due to it not being supported by any driver but ath9k
    and it generating ioctl errors which cause much concern among users
    for little to no benefit.
  * Add traling blank line to debian/NEWS to assist apt-listchanges as
    per lintian advice.
  * Cherry pick 30_cfg80211_association_optimisation.patch from upstream
    git. Add cfg80211-specific optimization to avoid silly behavior.

 -- Kel Modderman <kel@otaku42.de>  Sat, 27 Feb 2010 11:30:53 +1000

wpasupplicant (0.6.10-1) unstable; urgency=low

  * New upstream release.
    - wpa_msg_ctrl helper which can send messages to the control interface
      without logging when running in non-debug mode. Used for
      CTRL-EVENT-SCAN-RESULTS. (Closes: #539915) (LP: #352118)
  * Remove members of pkg-wpa-devel team from Uploaders who no longer
    participate in maintenance. Thanks for their past work. (Closes: #529501)
  * Disable building of atmel driver backend, neither atmel_{cs,pci},
    nor at76c50x-usb ever used it and atmelwlandriver is not in Debian
    and has been abandoned upstream in 2005. Thanks to Stefan Lippers-
    Hollmann for doing the research.
  * Remove a few traces of ath/madwifi from debian/NEWS and
    debian/README.Debian, thanks again to Stefan Lippers-Hollmann.
  * Prefix etc/pm/sleep.d/ pm-utils hook in the 50 - 74 sequence range to
    comply with sequencing rules as per pm-action(8) (LP: #307493). Provide
    the symlink to our hook in /usr/lib/pm-utils/sleep.d/ rather than
    /etc/pm/sleep.d/. (Closes: #557344)
  * Modify wpa_action and associated functions to use logger(1) instead of
    piping to /var/log/wpa_action.$IFACE.log.
  * Ensure removal of obsolete logrotate conffiles now that all
    wpa_supplicant/wpa_cli output is logged to syslog.
  * Support help action in action_wpa.sh. (Closes: #548995)
  * Build-depend on libreadline-dev instead of libreadline5-dev.
    (Closes: #553891)
  * Do not use sed to comment all network blocks out in the example
    wpa_supplicant.conf.
  * Do not strip upstream manual pages from source tree, do no generate
    them at build time, do not build-depend on dockbook. We currently do
    not modify them, so these build-dependencies and steps are expensive.
  * Convert debian/rules to use dh
    - build depend on debhelper (>= 7.4.12~) for dh override support, qmake
      build class support and --builddirectory argument support
    - install wpagui files via debian/wpagui.install
    - rename debian/ifupdown/wpa_action.sh to debian/ifupdown/wpa_action
      and install via debian/wpasupplicant.install
    - install wpasupplicant ifupdown scripts via debian/wpasupplicant.install
  * CFLAGS, CXXFLAGS, LDFLAGS and V are exported by debian/rules.
  * Remove uupdate command from debian/watch, it is not useful.
  * Add ${misc:Depends} to debian/control for debhelpers to use as required.
  * Remove debian/get-git-snapshot and debian/rules target.
  * Bump Standards-Version to 3.8.4, no extra changes required.
  * wpa_action shell functions no longer require an ifupdown state file
    to function as future providers of ifup/ifdown may not need or
    provide it.
  * wpa_action shell functions ifup and ifdown create and delete the
    wpa_supplicant sendsigs omission file thus removing the need for
    /etc/init.d/wpa-ifupdown. Remove /etc/init.d/wpa-ifupdown on upgrade
    via maintainer scripts. (Closes: #545173)
  * Drop debian/patches/10_multi_driver.patch due to its invasiveness -
    it may make future patches which fix serious issues harder to apply
    while providing an experimental feature only.
  * Add debian/patches/18_wpa_gui_wps_ap_avail_annoyance.patch to stop
    notifying about WPS_EVENT_AP_* events via wpa_gui tray status
    bubbles - they are too frequent.
  * Cherry pick 20_wpa_msg_ctrl_wps.patch from upstream to avoid too frequent
    logging of WPS events.
  * Drop debian/patches/05_qmake_version_makefile.patch, use qmake build
    class in debian/rules, Build-Depend on qt4-qmake and Build-Conflict
    with libqt3-dev.
  * Ensure wpa_supplicant/wpa_gui-qt4 is really clean, qmake seems to leave
    some crumbs (.obj, .moc & .ui).
  * Adjust debian/watch to scan for the 0.6.X stable releases only.
  * Remove debian/wpasupplicant.postrm - it is no longer needed to
    handle purge of log files, none are created anymore.
  * Enable make concurrency via dh --parallel option in debian/rules.

 -- Kel Modderman <kel@otaku42.de>  Tue, 16 Feb 2010 21:26:26 +1000

wpasupplicant (0.6.9-3) unstable; urgency=low

  * Drop debian/patches/12_syslog_supplement.patch. It adds code which
    attempts to prettify output but doesn't handle large output well.
    (Closes: #528639)

 -- Kel Modderman <kel@otaku42.de>  Sat, 16 May 2009 03:47:08 +1000

wpasupplicant (0.6.9-2) unstable; urgency=low

  * Add debian/patches/07_dbus_service_syslog.patch to enable syslog
    logging when wpa_supplicant is started via D-Bus.
  * Start wpa_supplicant with default level of verbosity via ifupdown
    hooks, rather than in quiet mode.
  * Merge some differences from wpasupplicant_0.6.6-2ubuntu1.patch, with
    very minor modification:
    - 12_syslog_supplement.patch: Add a few more bits missing from the
      upstream patch, based on
      http://cvs.fedoraproject.org/viewvc/rpms/wpa_supplicant/OLPC-2/wpa_supplicant-0.5.7-use-syslog.patch.
      Compile with -DCONFIG_DEBUG_SYSLOG if CONFIG_DEBUG_SYSLOG is set in
      the configuration file.
    - Enable CONFIG_DEBUG_SYSLOG in debian/config/* (rather than
      CFLAGS += -DCONFIG_DEBUG_SYSLOG).
    - debian/ifupdown/functions.sh: Silence wpa_log_* if /var/log is not yet
      writable; there is little we can do in this case (logger is in /usr,
      so may well also be unusable), and the user can always get more
      information by reconnecting later.
    - Thanks to Colin Watson <cjwatson@ubuntu.com>
  * Sync common build configuration options between debian/config/kfreebsd and
    debian/config/linux.
  * Add patch description to
    debian/patches/06_wpa_gui_menu_exec_path.patch.

 -- Kel Modderman <kel@otaku42.de>  Mon, 13 Apr 2009 23:25:17 +1000

wpasupplicant (0.6.9-1) unstable; urgency=low

  * New upstream release
  * Drop patches applied upstream:
    - 10_wpa_gui_qt4_wps_tab_cleanups.patch
    - 11_wpa_gui_qt4_qsession.patch
  * Refresh debian/patches/04_append_mmd_to_default_cflags.patch to
    apply.
  * Refresh all other patches to apply without offset.
  * Activate CONFIG_DRIVER_NL80211 in debian/config/linux.
  * Sync debian/config/linux with wpa_supplicant/defconfig.
  * Add libnl-dev to build dependencies.
  * Modify debian/wpasupplicant.postrm and debian/wpasupplicant.postinst
    to set -e in body of script rather than in shebang line as per
    pedantic lintian suggestion.
  * Upload to unstable.
  * Add copyright information for src/wps/wps* to debian/copyright.
  * Add note about linkage with OpenSSL and impact it has on the choice
    of BSD license in lieu of GPL imcompatibility to debian/copyright.
  * Add copyright information about src/wps/httpread.* to
    debian/copyright.
  * Bump Standards-Version to 3.8.1, no other changes required.
  * Instead of patching upstream to append -MMD compiler flag set that
    as default in debian/rules. Purge
    debian/patches/04_append_mmd_to_default_cflags.patch.
  * Backport syslog support patch from 0.7.X development branch. Patch
    name is debian/patches/11_syslog.patch.
  * Backport patch from 0.7.X to allow multiple driver wrappers to be
    tried until one works. This will allow some kind of transition
    smoothing as drivers transition from wext -> nl80211 in the future.
  * Remove debian/patches/03_dbus_service_activation_logfile.patch,
    wpa_supplicant can now log to syslog instead.
  * Update copyright info in debian/ifupdown/*.
  * When starting wpa_supplicant via ifupdown hook script, do not log to
    file by default now that we have syslog support.
  * Update README.Debian for nl80211 driver and change in logging behaviour.

 -- Kel Modderman <kel@otaku42.de>  Sat, 28 Mar 2009 03:46:12 +1000

wpasupplicant (0.6.7-1) experimental; urgency=low

  * New upstream release.
  * Enable CONFIG_WPS in debian/config/*.
  * Install README-WPS to docs directory.
  * Refresh debian/copyright for new years which are covered by
    copyright.
  * Refresh debian/patches/05_qmake_version_makefile.patch and
    debian/patches/01_use_pkg-config_for_pcsc-lite_module.patch.
  * Add debian/patches/10_wpa_gui_qt4_wps_tab_cleanups.patch to cleanup
    a couple of minor glitches with new wpa_gui-qt4 WPS additions.
  * Add debian/patches/11_wpa_gui_qt4_qsession.patch to enhance wpa_gui
    with session saving support.

 -- Kel Modderman <kel@otaku42.de>  Mon, 02 Feb 2009 06:57:36 +1000

wpasupplicant (0.6.6-2) experimental; urgency=low

  [ Martin Pitt ]
  * debian/ifupdown/action_wpa.sh: pm-utils now supplies a second
    argument to the hooks, thus telling ifplugd and pm-utils apart by
    the number of arguments does not work any more. Fix up the script
    to just evaluate the arguments themselves, to work with current
    and older pm-utils. This unbreaks suspend. (LP: #307312)
    (Closes: #508526, #509484)

  [ Kel Modderman ]
  * It has been reported by Alexander E. Patrakov <patrakov@gmail.com> that
    WEP keys are set in quick time in newer wpa_supplicant releases and no
    longer cause problems attempting to connect to specific access point
    during boot sequence. (Closes: #489948)
  * Do not start wpa_gui in system tray per default when executed from menu
    system (discussion with upstream resulted in desire to have app opened in
    foreground, no need to diverge from that).

 -- Kel Modderman <kel@otaku42.de>  Sun, 28 Dec 2008 23:53:53 +1000

wpasupplicant (0.6.6-1) experimental; urgency=low

  * New upstream release.
  * Update debian/copyright to include copyright holders of new source files
    (src/drivers/driver_roboswitch.*).
  * Drop patches applied upstream:
    - debian/patches/10_ftbfs_gcc_4.4.patch
    - debian/patches/20_delay_mic_error_report.patch
  * Add libqt4-svg to Dependencies of wpagui for tray icon support.
    (Closes: #505492)

 -- Kel Modderman <kel@otaku42.de>  Mon, 08 Dec 2008 00:47:32 +1000

wpasupplicant (0.6.5-2) experimental; urgency=low

  * Bugfix: "Missing -d in testing for a directory in init script".
    Thanks to Braun Gábor <braung@renyi.hu> for reporting and the patch.
    (Closes: #506328)

 -- Reinhard Tartler <siretart@tauware.de>  Tue, 02 Dec 2008 20:52:16 +0100

wpasupplicant (0.6.5-1) experimental; urgency=low

  * New upstream release.
  * Purge patches applied upstream.
  * Modify 20_wpa_gui_menu_exec_path.patch to use the new -t command line
    option and start wpa_gui in the system tray and avoid desktop startup
    notifications.
  * When using wpa-roam and connecting to an interface for which an id_str
    is defined but no matching /e/n/i logical interfaces has been configured,
    try to configure the default logical interface.
  * Adjust debian/ifupdown/functions.sh to use not depend on /sbin/ip to use
    ip.
  * Rename 20_wpa_gui_menu_exec_path.patch to
    06_wpa_gui_menu_exec_path.patch, it will possibly be a long term
    patch.
  * Update debian/copyright for new files, as well as better conformance with
    proposed copyright format.
  * Cleanup wording of README.Debian paragraph which explains how to debug
    wpa_supplicant via logging.
  * Reduce difference with wpa_supplicant/defconfig, adding sections for
    new options, updating option description, and removal of
    CONFIG_EAP_WSC which had previously been removed from
    wpa_supplicant.
  * Refresh debian/patches/01_use_pkg-config_for_pcsc-lite_module.patch and
    debian/patches/05_qmake_version_makefile.patch to apply without offset.
  * Add 10_ftbfs_gcc_4.4.patch to include header files required for
    compilation with GCC 4.4, thanks to Martin Michlmayr. (Closes: #505041)
  * Add 20_delay_mic_error_report.patch, an upstream commit which adds a
    mitigation mechanism for certain attacks against TKIP by delaying Michael
    MIC error reports by a random amount of time between 0 and 60 seconds.
  * Enable CONFIG_DELAYED_MIC_ERROR_REPORT in debian/config/linux.

 -- Kel Modderman <kel@otaku42.de>  Sun, 09 Nov 2008 21:19:13 +1000

wpasupplicant (0.6.4-3) experimental; urgency=low

  * Target at experimental due to current archive conditions with respect to
    stable release freeze.
  * Install /etc/wpa_supplicant/action_wpa.sh to enhance wpa-roam integration
    with pm-utils and ifplugd. (Closes: #488538)
  * wpa_gui need not depend stricly upon the same binary version of
    wpa_supplicant, it just requires a version of wpa_supplicant which support
    the set of ctrl_interface commands that are used, which to the best of my
    knowledge is (>= 0.6.2-1). [debian/control]
  * Cleanup short description of wpasupplicant, and improve short description
    of wpagui. [debian/control]
  * Add a series of patches to enhance wpa_gui-qt4:
     - 10_wpa_gui_icons.patch
     - 11_desktop_entry.patch
     - 12_wpa_gui_icons_resource.patch
     - 13_remove_qPixmapFromMimeSource_ref.patch
     - 14_qsystemtray_icon.patch
     - 15_tray_status_state.patch
     - 16_wpa_gui_icon_touchup.patch
  * Install icon and menu entry for wpa_gui. [debian/rules] (Closes: #498923)
  * Add a shell script wrapper, debian/wpa_gui/netdev_wrapper, which will be
    used by the menu entry to try and exec /usr/sbin/wpa_gui with best
    estimated privilege level. Install it to /usr/share/wpagui/netdev_wrapper.
    [debian/rules]
  * Add 20_wpa_gui_menu_exec_path.patch to modify exec path of wpa_gui.desktop
    to point at our new wrapper, /usr/share/wpagui/netdev_wrapper.
  * Add debian menu file for wpa_gui, it also uses the netdev_wrapper.
  * Create xpm icons from new upstream icon build system, and store them in
    debian/wpa_gui/*.xpm to avoid creating them during package build because
    inkscape and imagemagick would be required which are quite large and
    uneccessary build dependencies. Leave a note in debian/rules to remind
    us about their origin and the reasoning behind this decision.
  * wpagui package Recommends: menu, as menu provides su-to-root, which we
    may need. [debian/control]
  * Add two upstream patches to improve the retrieval of scan results from
    userspace:
     - 07_restore_scanreq_if_initassoc_failed.patch
     - 08_only_use_cached_scan_results_if_nonempty.patch
  * Refresh patch series to apply without offset.

 -- Kel Modderman <kel@otaku42.de>  Thu, 25 Sep 2008 07:52:06 +1000

wpasupplicant (0.6.4-2) unstable; urgency=low

  * Bugfix: wpasupplicant crashes (closes: #485769). Patch taken from
    upstream git.

 -- Reinhard Tartler <siretart@tauware.de>  Wed, 27 Aug 2008 10:10:20 +0200

wpasupplicant (0.6.4-1) unstable; urgency=low

  [ Kel Modderman ]
  * New upstream release
  * Retroactively cleanse past changelog entries of information indicating
    that they were not released, as they were.
  * Use short option for grep (-q) and sed (-n) instead of the busybox
    incompatible --quiet as per advice of Charles-Henri Gros.
  * wpa_action: on connected action, call wpa_hysteresis_event before
    ifup, so that a disconnected action may still be effective should
    the ifup take a long time (eg. dhcp request takes a long time and
    eventually fails).

  [ Alessio Treglia <quadrispro@ubuntu.com> ]
  * Added build-depends on libdbus-glib-1-dev, fixes FTBFS (LP: #256274).

 -- Reinhard Tartler <siretart@tauware.de>  Sat, 16 Aug 2008 10:09:01 +0200

wpasupplicant (0.6.4~git20080716.93ef879-1) unstable; urgency=low

  [ Kel Modderman ]
  * New upstream git snapshot.
  * Drop patches applied upstream:
    - 10_silence_siocsiwauth_icotl_failure.patch
    - 11_avoid_dbus_version_namespace.patch
    - 12_fix_potential_use_after_free.patch
    - 13_defined_IEEE8021X_EAPOL.patch
    - 14_fix_compile_without_eap.patch
    - 15_silence_out_of_bounds_warnings.patch
    - 41_manpage_format_fixes.patch
    - 42_manpage_explain_available_drivers.patch
    - 43_remove_w_from_help.patch
    - 50_wext_dont_overwrite_bss_freq.patch
    - 51_dont_reschedule_specific_scans_for_hidden_ssids.patch
    - 52_handle_mac80211_mode_switch.patch
    - 53_give_adhoc_assoc_more_time.patch
  * Drop -20_wpa_gui_qt4_disable_link_prl.patch, the qt4 linking problem has
    been fixed by our qt4 maintainers.
  * Refresh remaining patch series.
  * Increase Standards_version to 3.8.0. Explain in debian/README.Debian-source
    that the `debian/rules patch` command is required to prepare the source
    tree for building.
  * Cleanup debian/wpasupplicant.links, removing trailing whitespace and
    leading / from target symlink pathname.
  * Remove debian/README.Debian, the information therin was irrelevant for the
    current release cycle, and is better explained by the README.modes
    document.
  * Move debian/README.modes to debian/README.Debian, and create a backwards
    compat symlink (/usr/share/doc/wpasupplicant/README.modes.gz ->
    README.Debian.gz) to avoid breaking current online documentation.
  * Fix spelling error in new debian/README.Debian found by lintian.
  * Don't install the wpa_supplicant/eap_testing.txt document, it contains
    information about development features and testing that is not possible
    with what is provided by the wpasupplicant package.
  * Remove the QMAKE variable from debian/rules, it is no longer used with
    upstream build system.
  * Remove debian/wpagui.install and instead invoke dh_install explicitly in
    debian/rules, making use of the WPAGUI variable, to have the correct
    version of wpa_gui installed (assist in switch to-fro different QT ports).
  * Remove possible bashisms (local(x, y)) from debian/ifupdown/functions.sh.
  * Add rudimentary locking system when wpa_action(8) calls ifup/ifdown, so
    that /etc/network/if-*.d/wpasupplicant can differentiate between admin
    calling ifup/ifdown or wpa_action. (Closes: #488078, #373180)
  * When wpa_action calls ifup/ifdown, use verbose command line option for
    more detailed log of what hook scripts are executed.
  * wpa-ifupdown.init should always stop wpa_action daemon, ifupdown is only
    guaranteed to stop it if interface is currently configured.
  * Move debian/README.Debian-source to debian/README.source, as policy seem
    to prefer this filename now as of version 3.8.0.

  [ Reinhard Tartler ]
  * lower debhelper compat level to 6 to ease backporting

 -- Kel Modderman <kel@otaku42.de>  Wed, 16 Jul 2008 22:59:25 +1000

wpasupplicant (0.6.3-2) unstable; urgency=low

  * Add patch to remove -w option from help output, it has been removed in
    previous versions. (Closes: #472853)
  * Correctly refer to wpa-debug-level (not wpa-verbosity-level) ifupdown
    parameter to control logging output. (Closes: #474440)
  * Apply patch to permit package build on GNU/kFreeBSD.
    - add debian/config.kfreebsd build configuration file
    - adapt debian/rules to use debian/config/kfreebsd when building for
      kfreebsd DEB_HOST_ARCH_OS
  * Fix arch specific build dependency declarations introduced by GNU/kFreeBSD
    compat patch.
  * Build depend on debhelper >= 7, adjust debian/compat to suit.
  * Simplify debian/rules, cleaning up the sanitization of
    README.wpa_supplicant.conf, clean , build and install targets.
  * Span the Build-Depends field of debian/control over multiple lines.
  * Add debian/patches/13_defined_IEEE8021X_EAPOL.patch to allow compilation
    when CONFIG_IEEE8021X_EAPOL is not defined and allow people attempting to
    progress on wpasuplicant udeb (and netcfg integration) to move on.
  * Add 14_fix_compile_without_eap.patch to fix another FTBFS when
    IEEE8021X_EAPOL is not defined.
  * Rename debian/extra-examples/ to debian/examples/.
  * Slightly modify the way get-git-snapshot is invoked by debian/rules.
  * Create debian/config/ directory to contain various build configuration
    files for different targets (eg. udeb, kfreebsd, linux).
  * Disable building of test driver backend, no development can sanely be done
    with this binary package.
  * Disable building of hostap driver backend, the version of hostap driver in
    existence since Linux 2.6.14 (or before) uses the wext driver backend.
  * Provide code in ./debian/ifupdown/functions.sh that warns about invalid
    wpa-driver choice, and falls back to the usage of a default backend.
  * Modify debian/README.modes to not contain blurb about which driver_backend
    to use, wext should almost _always_ be used.
  * Refresh debian/patches/14_fix_compile_without_eap.patch with what was
    applied upstream.
  * Add 50_wext_dont_overwrite_bss_freq.patch to fix handling of channel and
    frequency information returned by mac80211 using drivers in ad-hoc mode.
  * 51_dont_reschedule_specific_scans_for_hidden_ssids.patch to optimize scan
    rescheduling in order to better detect hidden SSIDs.
  * Simplify debian/rules handling of wpa_supplicant/.config, just cp it in as
    needed in build target. Move dh_install into install target. These will
    make integration of possible future udeb cleaner.
  * Add 52_handle_mac80211_mode_switch.patch to enhance handling of mode
    switching for mac80211 using interfaces.
  * Add 53_give_adhoc_assoc_more_time.patch to give adhoc associations a bit
    more time.
  * Add 15_silence_out_of_bounds_warnings.patch to silence gcc-4.3 warnings
    about accessing out of bounds array index.
  * Purge debian/madwifi-headers/* and no longer activate the driver_madwifi
    backend of wpa_supplicant. Remove reference to it in support
    documentation. If "wpa-driver madwifi" is used in an /e/n/i stanza print a
    warning and use "wext" instead.

 -- Kel Modderman <kel@otaku42.de>  Mon, 09 Jun 2008 09:30:23 +1000

wpasupplicant (0.6.3-1) unstable; urgency=low

  * New upstream release.
  * Drop patches applied upstream:
    - debian/patches/30_wpa_gui_qt4_eventhistoryui_rework.patch
    - debian/patches/31_wpa_gui_qt4_eventhistory_always_scrollbar.patch
    - debian/patches/32_wpa_gui_qt4_eventhistory_scroll_with_events.patch
    - debian/patches/40_dbus_ssid_data.patch
  * Tidy up the clean target of debian/rules. Now that the madwifi headers are
    handled differently we no longer need to do any cleanup.
  * Fix formatting error in debian/ifupdown/wpa_action.8 to make lintian
    quieter.
  * Add patch to fix formatting errors in manpages build from sgml source. Use
    <emphasis> tags to hightlight keywords instead of surrounding them in
    strong quotes.
    - debian/patches/41_manpage_format_fixes.patch
  * wpasupplicant binary package no longer suggests pcscd, guessnet, iproute
    or wireless-tools, nor does it recommend dhcp3-client. These are not
    needed.
  * Add debian/patches/10_silence_siocsiwauth_icotl_failure.patch to disable
    ioctl failure messages that occur under normal conditions.
  * Cherry pick two upstream git commits concerning the dbus interface:
    - debian/patches/11_avoid_dbus_version_namespace.patch
    - debian/patches/12_fix_potential_use_after_free.patch
  * Add debian/patches/42_manpage_explain_available_drivers.patch to explain
    that not all of the driver backends are available in the provided
    wpa_supplicant binary, and that the canonical list of supported driver
    backends can be retrieved from the wpa_supplicant -h (help) output.
    (Closes: #466910)
  * Add debian/patches/20_wpa_gui_qt4_disable_link_prl.patch to remove
    link_prl CONFIG compile flag added by qmake-qt4 >= 4.3.4-2 to avoid excess
    linking.

 -- Kel Modderman <kel@otaku42.de>  Wed, 12 Mar 2008 20:03:04 +1000

wpasupplicant (0.6.2+git20080206.g8c0dad4-1) unstable; urgency=low

  [ Kel Modderman ]
  * New Upstream git snapshot.
    - fixes infinite loop in EAPOL state machine when dynamic wep keys are
      used (Closes: #464514)
  * install-stamp was not properly implimented, fix it up. [debian/rules]
  * Drop patches to ctrl interface bss scan results iterator that will not be
    applied upstream. The iterator will be redesigned to not suffer from the
    identified problem of one bssid being encountered in more than one cell
    of the scan results.
    - debian/patches/84_ctrl_iface_scan_bss_count.patch
    - debian/patches/85_ctrl_iface_scan_bss_count_warning.patch
    - debian/patches/94_wpa_gui_qt4_scanres_bss_count.patch
  * Drop patches applied upstream.
    - debian/patches/30_src_clean_existing_dirs.patch
    - debian/patches/31_ctrl_iface_x86_64_compile_warning.patch
    - debian/patches/93_wpa_gui_qt4_scanres_really_remove_qtimer.patch
  * wpa_gui should depend on the wpa_supplicant binary from the same build,
    therefore set versioned dependency of wpasupplicant (= ${binary:Version})
    for the wpagui package. [debian/control]
  * Reimpliment 70_wpa_gui_qt4_wpagui_scroll_follow_eventhistory.patch in the
    form of three patch series for resubmission to upstream.
    - debian/patches/30_wpa_gui_qt4_eventhistoryui_rework.patch
    - debian/patches/31_wpa_gui_qt4_eventhistory_always_scrollbar.patch
    - debian/patches/32_wpa_gui_qt4_eventhistory_scroll_with_events.patch

  [ Reinhard Tartler ]
  * move debian/patches/01_debian_wpa_roam_example.patch to
    debian/extra-examples/wpa-roam.conf to have the example as proper file
    instead of a diff.
  * Add documentation headers to the files in debian/patches/*
  * Don't manage wpasupplicant/.config as patch system, but have it as
    debian/config instead. therefore remove 00_defconfig.patch and
    21_config_driver_madwifi.patch
  * move madwifi headers from debian/patches/20_madwifi_headers to
    debian/madwifi-headers. also update debian/copyright.
  * remove ${misc:Depends}. Nothing does use it and generates an unnecessary
    warning.
  * use -Wl,--as-needed to avoid unnecessary linking to ncurses,
    libpthread and libdl.
  * use pkg-config for detecting how to link against pcsc-lite
    - debian/patches/01_use_pkg-config_for_pcsc-lite_module

 -- Reinhard Tartler <siretart@tauware.de>  Sat, 09 Feb 2008 23:21:37 +0100

wpasupplicant (0.6.2+git20080202.gde6ccd7-1) unstable; urgency=low

  * New Upstream git snapshot.
    - the -w (wait for interface) option has been removed (Closes: #350963)
    - wpa_gui has been massively enhanced
  * Drop all patches applied to upstream git.
  * Add debian/patches/30_src_clean_existing_dirs.patch to adjust upstream
    build system for removal of src/wps (as done in upstream build_release
    script).
  * Make sure wpa_supplicant process is checked for and killed by wpa_action
    on stop or down actions.
  * Update debian/NEWS to alert users about the removal of the -w command line
    option.
  * Truncate debian/NEWS, none of the items are relevant for current upgrade
    paths, nor do they hold any historical relevance.
  * Clarify the license of the debian packaging. No license was initially
    given until now, so we could assume the original packager contributed the
    packaging under the same terms as the upstream license (BSD | GPL-2).
  * /etc/init.d/wpa-ifupdown must stop before sendsigs does when using
    dependency based init system. Add $remote_fs to Required-Stop keyword of
    LSB header in debian/wpasupplicant.wpa-ifupdown.init.
  * Add debian/patches/38_dbus_blob_support.patch to allow support for loading
    of blobs via the D-Bus interface. Patch cherry picked from upstream git.
  * Move README.wpa_supplicant.conf from examples to docs. Generate the file
    in the wpa_supplicant/ directory.
  * Add ${misc:depends} to Depends field of our packages to ensure we do not
    miss out on any substvars that debhelper may provide us with.
  * Add debian/patches/39_wpa_gui_qt4_closeevent.patch to improve handling of
    wpa_gui-qt4 exit, both from File->exit and the X button on the titlebar.
  * Start daemon in quiet mode by default, the scan event is being written to
    logfile far too often. [debian/ifupdown/functions.sh]
  * When starting daemon with debug option, include timestamps in logfile.
    [debian/ifupdown/functions.sh]
  * Simplfy return check in init_wpa_supplicant(), init_wpa_cli()
    kill_wpa_supplicant() and kill_wpa_cli() reduce one level of indentation
    for each function. [debian/ifupdown/functions.sh]
  * Add patch to invoke versioned qmake binary when preparing the Makefile for
    wpa_gui/wpa_gui-qt4 or else a failure to build from source can be possible
    when more than one QT version is installed. (Closes: #463547)
    - debian/patches/05_qmake_version_makefile.patch

 -- Kel Modderman <kel@otaku42.de>  Mon, 04 Feb 2008 16:00:38 +1000

wpasupplicant (0.6.2-1) experimental; urgency=low

  * New upstream release.
  * Allow "wpa-key-mgmt NONE" to form a network block via the wpa_cli calls in
    wpa_conf() of functions.sh.
  * Overhaul wpa_key_check_and_set() function of functions.sh to better handle
    wep keys. Function now does similar checking of wep keys that it does for
    wpa keys. Valid wep keys can be hex of length 10|26|32|58 or ascii with
    length of at least 5.
  * Check wpa_cli return value in wpa_cli() function of functions.sh.
  * Adjust Standards-Version to 3.7.3, no extra changes required.
  * Switch to quilt patch management from dpatch:
    - build-depend on quilt, adjust debian/rules accordingly
    - debian/madwifi/mk-madwifi-header-patch becomes obsolete, removed
  * Remove debian/defconfig.sh, and re-impliment it in patch form again, but
    this time with a patch management system that can be used more naturally.
    This also allows an oppurtunity to go over our default build
    configuration.
  * Add svn:ignore property for .pc quilt by-product.
  * Ensure src/drivers/driver_madwifi/ directory is purged from source tree in
    clean target of debian/rules.
  * /var/lock/wpa_action.*.lock was not used in a version of wpasupplicant
    package in a stable release, no longer need to handle its removal in
    postrm anymore.
  * Activate support for PC/SC interface for smartcards along with SIM and AKA
    EAP methods. Build-depend on libpcsclite-dev. Suggest pcscd.
  * Update email address in debian/ifupdown/wpa_action.8 manpage.
  * Sanitize whitepsace in debian/README.modes, swapping tabs for 8 spaces,
    improving layout of basic tables. Fix a couple of typo's too.
  * Clarify in debian/README.modes the URI to BTS discussions. Also add a note
    that using ap_scan=2 requires explicit security policies to be set for
    each network.
  * dbus-wpa_supplicant.service now provided by upstream.
  * Impliment debian/examples/wpa_supplicant.conf.template in patch form. It
    is planned to expand this small template into a more usable and
    documented beginning point for the wpa-roam schema.
  * Add useful comments to the new wpa-roam.conf example configuration file.
  * README.modes now gives sound advice to setup the roaming daemon to be used
    with the netdev group, and offers advice on howto set various data
    sensitive conffiles to be readable only by owner. (Closes: #428620)
  * wpa_gui manpage exists in upstream, remove debian/wpa_gui.8.
  * If the path to ctrl_interface directory can be determined from the
    supplied configuration, do not append the -C option to wpa_supplicant
    start-stop-daemon command in ifupdown.sh. This breaks the new DIR= GROUP=
    ctrl_interface syntax.
  * Add initial subsection to README.modes about "Interacting with
    wpa_supplicant with wpa_cli and wpa_gui".
  * Activate CONFIG_IEEE80211R, CONFIG_IEEE80211W and CONFIG_EAP_WSC in the
    default build configuration.
  * Log wpa_supplicant output to /var/log/wpa_supplicant.$IFACE.log per
    default when using ifupdown to manage wpa_supplicant. wpa_supplicant
    supports logging somewhere via -f cli option. (Closes: #317180)
  * Add support for managing debug level of wpa_supplicant via the ifupdown
    scripts.
  * Enhance README.modes with new supplicant debugging methods.
  * Build the wpa_gui-qt4 variant now that it doesn't require qt3 support
    code. It also closes all child windows on File->Exit. (Closes: #426924)
  * wpasupplicant now Suggests wpagui.
  * wpa_action now logs to an interface specific logfile, and the logrotate
    rule was updated to take care of both the old and new locations.
  * Update copyright headers of ifupdown scripts, also add a few more code
    comments, a statement of purpose and package ownership as well as some
    other trivial cleanups.
  * Remove upgrade removal of conffiles from wpasupplicant versions that exist
    in oldstable and before. The preinst part of the upgrade handling was
    removed in pkg-wpa commit r852.
  * Create sendsigs omission pidfile in /lib/init/rw/sendsigs.omit.d/ for
    wpa_supplicant and wpa_cli processes managed by ifupdown. Determine
    runlevel when wpa_cli roaming daemon is active, and allow ot to be killed
    in runlevels 0 and 6. This allows wpa_supplicant process to survive until
    networking is stopped. (Closes: #401645)
  * Add debian/patches/03_dbus_service_activation_customise.patch to start
    wpa_supplicant with "-f /var/log/wpa_supplicant.log" per default.
  * Add debian/patches/30_scan_even_when_disconnected.patch to allow scan
    request to succeed even when interface is in disconnected state.
  * Modify debian/copyright to be machine-interpretable. Annotate all
    copyright holders in new format.
  * State clearly in debian/copyright that the BSD license has been chosen by
    us, the maintainers, as there is no exception to link against OpenSSL in
    the text of the given GPL-2 license.
  * No license had been chosen for the debian packaging information, so GPL-2+
    has been chosen and recorded in debian/copyright.
  * Add debian/README.Debian-source to document handling of upstream manual
    pages.
  * Build upstream manual pages from sgml source. Build-Depend on docbook and
    docbook-utils.
  * Add debian/patches/31_wpa_gui_qt4_select_any.patch to allow selection of
    any network already defined in network combobox when more than 1 network
    is defined.
  * Modify debian/wpasupplicant.wpa-ifupdown.init to be no-op when sendsigs
    omission interface is supported.
  * Add debian/patches/32_append_mmd_to_default_cflags.patch to assist in
    allowing CFLAGS to be overriden without possible bad effects on upstream
    build system.

 -- Kel Modderman <kel@otaku42.de>  Tue, 08 Jan 2008 22:51:36 +1000

wpasupplicant (0.6.1~git20071119-1) unstable; urgency=low

  * New upstream git snapshot.
    - support for dbus >= 1.1.1 dbus_watch_get_unix_fd() api
  * Convert to non-cdbs traditional debhelper-centric debian/rules and remove
    build dependency on cdbs. This converges with style of hostapd package.
  * Correct poorly formatted debian/NEWS entry that was causing lintian to
    complain.
  * Cleanup files in ./debian/*
    - move debian/wpa_supplicant.conf.template to debian/examples/
    - move debian/mk-madwifi-header-patch to debian/madwifi/
    - move debian/dbus-wpa_supplicant.service to debian/dbus/
    - rename debian/dot.config.mk to debian/defconfig.mk
  * Remove MADWIFI variable from debian/defconfig.mk.
  * No longer build "ndiswrapper" or "ipw" backends. Etch shipped with a
    kernel in which neither of these backends could work (> Linux 2.6.14) so
    it is about time we no longer pretended to support for them.
  * Activate D-Bus system activation support. Install the service file into
    /usr/share/dbus-1/system-service/. The filename reflects the service bus
    name of "fi.epitest.hostap.WPASupplicant". In addition, the service must
    be started by root user. Thanks to Michael Biebl. (Closes: #412179)
  * Build depend on docbook and docbook-utils to generate upstream manpages
    from sgml source.
  * Upstream wpa_cli(8) is no longer incorrect with regard to CONNECTED and
    DISCONNECTED signal events. (Closes: #432904)
  * Drop debian/patches/10_fix_non_wpa_zero_len_ssid.dpatch and
    debian/patches/50_fix_wext_tsf_stack_overflow.dpatch, applied upstream.
  * debian/patches/40_debian_doc_examples.dpatch does not apply to git
    snapshot, remove it and rethink how we can best integrate our debian
    specific bits.
  * wpa_action: check status with respect to ifupdown after CONNECTED event
    has ensued. If the interface is not recorded in ifupdown's state file
    attempt reassociation. (Closes: #428304).
  * Adjust logic when using sed to determine ctrl_interface socket directory
    from the configfile to handle ctrl_interface=DIR= GROUP= syntax.

 -- Kel Modderman <kel@otaku42.de>  Thu, 22 Nov 2007 17:10:29 +1000

wpasupplicant (0.6.0-4) unstable; urgency=low

  * Fix stack overflow condition that could exist if driver reported bad tsf
    data in iwevent and scan results. (Closes: #442387)
  * Update Vcs fields of debian/control to format of current consensus.
  * Add Homepage field to debian/control.

 -- Kel Modderman <kel@otaku42.de>  Tue, 16 Oct 2007 18:12:03 +1000

wpasupplicant (0.6.0-3) unstable; urgency=low

  * Add debian/mk-madwifi-header-patch, a quick and dirty bash script for
    generating the madwifi header patch.
  * Fix typo in README.modes, wpa-default-iface is really
    wpa-roam-default-iface. (Closes: #435718)
  * Simplify debian/dot.config.mk.
  * Confirm that the ifupdown scripts do set ssid when wpa-ssid is used with a
    value in /etc/network/interfaces. (Closes: #367655)
  * Truncate default build .config. Make madwifi config option conditional on
    MADWIFI variable.
  * Add 10_fix_non_wpa_zero_len_ssid.dpatch to fix regression inhibiting
    selection of non-WPA zero length ssid. (Closes: #431102)
  * Fix debian-rules-ignores-make-clean-error lintian error.

 -- Kel Modderman <kel@otaku42.de>  Sat, 25 Aug 2007 00:23:50 +1000

wpasupplicant (0.6.0-2) unstable; urgency=low

  * Really allow 'wpa-conf managed' to pass through.

 -- Kel Modderman <kel@otaku42.de>  Wed, 04 Jul 2007 17:18:45 +1000

wpasupplicant (0.6.0-1) unstable; urgency=low

  [Kel Modderman]
  * New upstream release.
    - restructured source layout
  * Adjust debian/wpasupplicant.examples, debian/wpagui.install,
    debian/wpasupplicant.install, debian/wpasupplicant.manpages, and
    debian/wpasupplicant.docs for new layout.
  * Redjust debian/patches/30_dbus_policy.dpatch and
    debian/patches/40_debian_doc_examples.dpatch to apply against new layout.
  * Drop debian/patches/10_config.dpatch and
    debian/patches/21_madwifi_includes.dpatch.
  * Introduce makefile fragment for wpa_supplicant .config creation. Call it
    from debian/rules. It is named debian/dot.config.mk.
  * Add WPADIR variable to debian/rules, adjust build and install targets to
    use WPADIR.
  * Update madwifi_headers patch with code from current madwifi SVN trunk.
  * Damage control: allow 'wpa-conf managed' to pass through without failure
    for those people who followed the poor example outlined in the hidden
    ssid's section of README.modes. Also remove the offending line from the
    documentaion. (Closes: #428137)

  [Reinhard Tartler]
  * Fix building wpagui.
  * remove debian/wpasupplicant.preinst, since we don't support upgrades
    from oldstable. This way we don't need to look at /var/lib/dpkg/status
    anymore, which is unreliable anyway. Makes lintian happy.

 -- Reinhard Tartler <siretart@tauware.de>  Sun, 17 Jun 2007 10:33:31 +0100

wpasupplicant (0.6.0~cvs20070224-3) unstable; urgency=low

  * Add netdev group if it does not exist, since we provide a dbus
    configuration file that insists on using that group. (Closes: #418641)

 -- Kel Modderman <kel@otaku42.de>  Sun, 22 Apr 2007 19:19:07 +1000

wpasupplicant (0.6.0~cvs20070224-2) unstable; urgency=low

  [Kel Modderman]
  * Update XS-Vcs fields of debian/control to reflect pkg-wpa archive change.
  * Update debian/copyright with new upstream URL's and Jouni's new email
    address.
  * Rename madwifi related dpatches to match that of hostapd source package.
  * Update debian/watch with new upstream release URL.

  [Reinhard Tartler]
  * Remove the prerm script as discussed on pkg-wpa-devel@
  * upload to unstable

 -- Kel Modderman <kel@otaku42.de>  Mon, 09 Apr 2007 18:09:08 +1000

wpasupplicant (0.6.0~cvs20070224-1) experimental; urgency=low

  * New upstream development release. (Closes: #401809)
  * wpa_supplicant no longer segfaults on failure to initialize a network
    interface. (Closes: #403301, #403313)
  * Fixes EAP-PEAP/TTLS/FAST to use the correct EAP identifier in tunnelled
    identity request. (Closes: #402619)
  * Drop deprecated init script example. debian/wpa_supplicant.init-daemon.
  * Drop debian/patches/10_orinoco_wep_key_fix.dpatch as the appropriate
    driver fix has been included in mainline linux since 2.6.19-rc.
  * Drop debian/patches/21_madwifiold_20060207_includes.dpatch,
    madwifi-old is deprecated upstream.
  * Remove false instructions from NEWS file regarding madwifi-old support
    that has since been discarded from the source package.
  * Drop debian/patches/11_erroneous_manpage_ref.dpatch,
    applied upstream.
  * Remove wpa-stakey code from conf_wpasupplicant() in functions.sh since it
    is removed from upstream.
  * Allow 'wpa-essid' to do the same thing as 'wpa-ssid'. (Closes: #403316)
  * Update Uploader: email address.
  * Update private madwifi includes to r2156 of madwifi.org SVN trunk.
  * Make a large note in README.modes wpa-roam documentation that a
    ctrl_interface MUST be defined for the roaming setup to function.
    (Closes: #407936).
  * Activate wpa_supplicant's dbus interface by installing
    dbus-wpa_supplicant.conf to the appropriate location. (Closes: #412179)
  * Add debian/patches/30_dbus_policy.dpatch to allow access control to
    wpa_supplicant's dbus interface via the netdev group. (Michael Biebl).
  * Install a service file to /usr/share/dbus-1/services/ for dbus aware
    applications that may take advantage of that in the future (Michael
    Biebl).
  * Add support to ifupdown.sh for `wpa-mode' and `wpa-frequency' options used
    in IBSS mode. Note that ifupdown.sh does not do any sanity checking for
    the other many requirements for using wpa_supplicant in IBSS mode.
  * Update XS-Vcs-* fields in control file, add Vcs-Browser token.
  * Move debian spcific ifupdown sh glue into debian/ifupdown/.
  * Have prerm gracefully bring down interfaces under the influence of
    wpa_supplicant via wpa-ifupdown init script.
  * Remove unrequired `unset' usage in wpa-ifupdown.init, discard stderr of
    find invocations.
  * Don't stop dbus wpasupplicant daemon via wpa-ifupdown.
  * Suggest wireless-tools. (Closes: #413689)

 -- Kel Modderman <kel@otaku42.de>  Thu,  8 Mar 2007 03:23:51 +1000

wpasupplicant (0.5.5-4) unstable; urgency=low

  * Settings for wired networks are no longer ignored by functions.sh.
    (Closes: #401413)

 -- Kel Modderman <kelmo@kanotixguide.org>  Sun, 10 Dec 2006 01:25:11 +1000

wpasupplicant (0.5.5-3) unstable; urgency=low

  * Make needlessly global shell function variables local. Use local
    consistently. [debian/functions.sh]
  * Enhance error message when wpa-conf or wpa-roam mode is requested, but the
    supplied configuration file is not readable or incorrect.
    [debian/ifupdown.sh]
  * Exchange bogus copyright holder information of functions.sh, ifupdown.sh
    and wpa_action.sh for information reflecting the _group_ behind them.
  * Force ap_scan=0 for "wired" IEEE8021X type authentication.
    [debian/functions.sh]
  * Add debian specific location for example wpa_supplicant.conf files to
    wpa_supplicant.conf(8). (Closes: #396005)
  * Fix typo in wpa_supplicant(8) that referred to non-existant manpage.
    (Closes: #389948)
  * Update madwifi private includes to latest (r1794).
  * Add XS-X-Vcs-Svn field to debian/control file.
  * Shunt env var IFACE to WPA_IFACE in the ifupdown.sh, wpa_action.sh and
    function.sh scripts. This allows further flexibility, such as the ability
    to start wpa_supplicant on an arbitary interface specified by a
    'wpa-iface' line in /etc/network/interfaces.

 -- Kel Modderman <kelmo@kanotixguide.org>  Fri, 10 Nov 2006 11:12:56 +1000

wpasupplicant (0.5.5-2) unstable; urgency=low

  * Update madwifi headers to latest SVN. (Closes: #388316)
  * Remove failed attempt at action locking. [debian/functions.sh,
    debian/wpa_action.sh]
  * Add hysteresis checking functions, to avoid "event loops" while
    using wpa-roam. [debian/functions.sh, debian/wpa_action.sh]
  * Change of co-maintainer email address.
  * Add ishex() function to functions.sh to determine wpa-psk value type in
    plaintext or hex. This effectively eliminates the need for the bogus and
    somewhat confusing wpa-passphrase contruct specific to our scripts and
    allows wpa-psk to work with either a 8 to 63 character long plaintext
    string or 64 character long hex string.
  * Adjust README.modes to not refer to the redundant wpa-passphrase stuff.
  * Add big fat NOTE about acceptable wpa-psk's to top of example gallery.
  * Strip surrounding quotes from wpa-ssid if present, instead of just whining
    about them.
  * Update email address in copyright blurb of functions.sh, ifupdown.sh and
    wpa_action.sh.

 -- Kel Modderman <kelmo@kanotixguide.org>  Thu,  5 Oct 2006 08:04:01 +1000

wpasupplicant (0.5.5-1) unstable; urgency=low

  * wpa_supplicant(8) now describes the -P (PID file) line option in the
    manpage. (Closes: #381721)
  * wpa_passphrase(8) is clearer about describing its purpose.
  * Start a paragraph in README.modes containing information about best
    security practises while using and configuring wpa_supplicant. For now
    it briefly covers the topic of file permissions. (Closes: #382241)
  * Implement PSK and ASCII passphrase key sanity checking, and warn user
    about suspicious key lengths (managed mode only).
  * Add leading example network conf, using wpa-passphrase, to README.modes.
  * README.Debian documentation changes as sugested by Eduard Bloch
    (Closes: #382314)
    - reordered sections by importance for a new user, this ensures wext info
      for ipw drivers is obvious (Closes: #384299)
    - rewrote the first chapter to give a fluent introduction, refered to
      wireless-tools doc
    - add missing .gz to README.notes path (Closes: #386603)
  * Reshuffle of README.modes, moving How It Works section toward the latter
    end to avoid stopping people from missing out on important info.
  * Rename 'Notes About Managed Mode' to 'Important Notes About Managed Mode'.
  * Clarify the status of madwifi and 'wext' in README.modes.
    (Closes: #382651)
  * Return exit status of daemon start commands.
  * Further cleanup of ifupdown.sh, move functions to head of script.
  * wpa-ifupdown no longer checks interface state.
  * Touch logfile before redirecting output to it via exec, to make sure it is
    writeable.
  * Split common code into /etc/wpa_supplicant/ifupdown_common.sh, so that
    ifupdown.sh and wpa_action.sh may share it.
  * Add 'wpa_action iface check' option, to test if interface is under
    influence of wpa_cli or not..
  * Start wpa_cli daemon from post-up to avoid a race condition with the
    roaming daemon where association occurred before the master interface
    state was recorded. This would cause the mapped logical interface to fail
    on ifup, as wpa_action would fail to detect the state of the master
    interface, thus not supply the --force option. This is where a stateless
    ifupdown would really help.
  * Make conf_wpa_supplicant no-act for roaming daemon. This is important, so
    that we do not attach wpa_cli to the ctrl_interface socket and initiate
    roaming before state is tracked.
  * Add hints about 'auto' and 'allow-hotplug' options with respect to the
    roaming interface in README.modes. (Closes: #384501)
  * Drop patchset for commenting out large wpa_supplicant.conf, use sed
    instead.
  * Active dbus interface via CONFIG_CTRL_IFACE_DBUS, add build-dep of
    libdbus-1-dev to debian/control.
  * Upstream now provides a connect-to-open-ssid example in the large
    wpa_supplicant.conf file, therefore there is no need to maintain such an
    example. Rename wpa_connect_open_ap.conf to wpa_supplicant.conf.template
    and adjust docs to use this as a starting point for the wpa-roam daemon.
  * Install wpa_passphrase to /usr/bin, there is no need for it in early boot.
  * Build qt4 wpa_gui from wpa_gui dir rather than pure qt4 variant
    (wpa_gui-qt4) as per Jouni's advice.
  * Add versioned dependency on lsb-base >= 3.0-6 for use of log_action_* in
    wpa-ifupdown.init. (Closes: #386164)
  * Use correct terminology when describing wpa-roam in wpa_action(8).
    (Closes: #386813)

 -- Kel Modderman <kelrin@tpg.com.au>  Mon, 11 Sep 2006 19:23:05 +1000

wpasupplicant (0.5.4-5) unstable; urgency=low

  * STDIN was not given to external mapping script correctly. Use the power of
    eval to fix the issue. [wpa_action.sh]
  * Fix stupid debian/control error: duplicate Suggests fields.

 -- Kel Modderman <kelrin@tpg.com.au>  Thu, 10 Aug 2006 01:03:38 +1000

wpasupplicant (0.5.4-4) unstable; urgency=low

  * Add support to wpa_action.sh and ifupdown.sh for allowing external mapping
    logic to be used as opposed to the id_str logic. Thanks to Felix Homman
    for the great insight while implementing this feature.
  * Add a timeout loop of max 60s when waiting for an action to finish.
    [wpa_action.sh]
  * Minor cleanups wrt code comments and function placement in ifupdown.sh.
  * Suggest guessnet, now that it can directly "plug in" to wpa_action. Also
    demote iproute from Recommends to Suggests, it is not important by any
    means and was only added to honour a wishlist request.
  * Prepare for ctrl_interface socket changes in 0.5.5. It can be provided by
    'DIR=foo GID=bar' or 'ctrl_interface=foo' in wpa_supplicant.conf. Our sed
    check for this path in ifupdown.sh should now support both alternatives.
  * Move LOCKFILE and LOGFILE into WPA_ namespace. [wpa_action.sh]
  * Use semi-colon instead of comma for verbose output as that seems to be a
    standard among many different applications.

 -- Kel Modderman <kelrin@tpg.com.au>  Tue,  8 Aug 2006 20:04:11 +1000

wpasupplicant (0.5.4-3) unstable; urgency=low

  * UNRELEASED
  * Further optimisation of ifupdown.sh, use return values in
    init_wpa_supplicant() to dictate if further commands should follow, rather
    than exiting immediately.
  * Standardize echo'ing in ifupdown.sh. Add a wpa_msg() function to take care
    of "verbose|action|stdout|stderr" messages.
  * Add a 5 second timeout loop to init_wpa_supplicant() that waits for the
    ctrl_interface socket to be established before allowing wpa_cli to launch,
    and avoid a race condition. This means other functions no longer need to
    test for existence of the ctrl_interface socket. [ifupdown.sh]
  * Rename WPA_DRIVER to WPA_SUP_DRIVER to conform with name scheme of other
    similar variables. [ifupdown.sh]
  * Add (untested) wpa-bridge support to ifupdown.sh. This is an experimental
    upstream feature.
  * Major refactoring of wpa_action.sh, with all related commands put into
    independent shell functions.
  * Improve feedback from wpa_action.sh when used interactively. Give usage
    statement instead of simply returning "insufficient parameters".
  * 'wpa_action reload' is logged after the action. It is called interactively,
    and should also give interactive feedback. Same for 'wpa_action stop'.
  * Remove superfluous check for /var/log, and put logging initialisation into
    its own function, log_init(). [wpa_action.sh]
  * Shut `ip addr flush dev "$IFACE" up', it almost always has nothing to flush.
  * wpa-ifupdown init script now takes care of all interfaces while displaying
    only one line.
  * Don't set -e in wpa_action.sh. wpa-ifupdown script no longer takes exit
    status into account, and I'd prefer to account for all possible avenues of
    exit possible and log all encountered problems.
  * Really fix #375599, by containing the CTRL_IFACE_DIR path in WPA_SUP_CONF
    always, customised or not. The WPA_CTRL_IFACE socket was not being created
    when ommitted from the wpa_supplicant.conf file.
  * Add 'wpa-maint-debug' to enable set -x in ifupdown.sh, so that we can easy
    track down vague problems.
  * Slightly modify the way in which madwifi is activated. The default config
    we apply does not activate madwifi by default any longer, it is done via
    seperate patches; 20_include_madwifi modifies the .config file to activate
    the driver_madwifi backend, and adds the required CFLAGS to find the
    includes that are later added via one of the 21_madwifi*_includes patches.
  * Update madwifi includes to that of the current offering in the debian
    archive, r1680.
  * Implement basic locking for wpa_action action's for when the user callable
    "stop" action is executed while wpa_action is busy configuring the device.
    The wpa_cli daemon is killed, then wpa_action waits for the current action
    to finish gracefully before killing wpa_suppliant. This helps avoid
    inconsistencies with ifupdown when volatile conditions are experienced as
    part of the roaming setup (for example, driver problems causing connection
    loops).
  * Rename WPA_CLI_ACTFILE to WPA_CLI_LOCKFILE in ifupdown.sh.
  * Condemn the use of wpa-action scripts:
    - add NEWS item describing the superior alternative: wpa-roam
    - remove example action scripts
    - remove conf_wpa_cli() from ifupdown.sh
  * Condense README.Debian and NEWS, so that they contain only relevant items,
    and do not repeat the same information.
  * Massive enhancement of README.modes, in an attempt to relay the
    information about how this package, and wpa_supplicant work in debian with
    the greatest of clarity.
  * Harden tests for daemon pidfiles. No longer be satisfied that a pidfile
    exists, but use start-stop-daemon to test its validity by sending a signal
    0. Remove pidfiles that do not pass the test.
  * Fix stupid $DAEMON_VEROSITY typo that was used consistently throughout
    script. [ifupdown.sh]
  * Assoctiate "down" with the stop action of wpa_action.
  * Thanks Marc Haber for reading over docs and notifying of some of the
    follwoing issues.
    - Fix typo "automattically" in README.modes.
    - Remove bogus pre-up example from wpa_action(8) and README.modes
    - Explain in more detail how /etc/wpa_supplicant/ifupdown.sh works in
      README.modes.
  * Add "The Logfile" section to README.modes.
  * Add patch from upstream to fix writing of stakey, peerkey, and id_str
    network configuration variables into the configuration file when
    update_config=1 is set. Thanks to Felix for reporting.

 -- Kel Modderman <kelrin@tpg.com.au>  Thu,  3 Aug 2006 15:58:24 +1000

wpasupplicant (0.5.4-2) unstable; urgency=low

  [ Kel Modderman ]
  * End testing period. The 0.5 branch of wpa_supplicant upstream has proven
    to be non disruptive to users' configurations over the past few weeks,
    lets now allow this to propogate to testing. (Closes: #374342)
  * Clean up the LSB Init header block. Provide all fields as per LSB Init
    Script Comment Convention specification.
  * Do not use /usr/bin/env to interrogate the environment for IF_WPA
    variables, /usr may not be mounted at time of invocation. Use `set'
    (shell built-in) instead. (Closes: #376243)
  * Exit if IFSTATE_FILE or INTERFACES_FILE do not exist. Also, look for
    ifstate file in /var/run/network to remain compatible with Ubuntu's
    ifupdown divergence. (lp#51351)
  * Add a similar IFSTATE_FILE test to wpa-ifupdown.init, to remain compatible
    with Ubuntu. (lp#51351)
  * Update wpa_action.8 with the behaviour of wpa_action when IFSTATE_FILE or
    INTERFACES_FILE cannot be found, and the pathnames searched for their
    existence.
  * Mention wpa_cli(8) in Custom Action Script section of README.Debian, as it
    contains information about environment variables available to the script
    at runtime.
  * Also clarify dhclient wpacli-action script usage, to avoid people
    mistakenly cp'ing the skeleton script.
  * Add some info about howto revert installation of deprecated init script to
    NEWS file.
  * Add 'wpa-verbosity' switch, so that setting 'wpa-verbosity 1' in an
    interfaces stanza will cause wpa_supplicant's ifupdown hook to be loud.
    This was overlooked when #361586 was closed some time ago.
  * Remove return value hack in wpa_action, use set -e to exit on error
    instead. (Closes: #376553)
  * Not only flush IFACE when iproute is installed, but also use /sbin/ip to
    set 'up' operstate as well.
  * Default to wext without exception. Remove the check for wireless extensions
    via /proc/net/wireless, and prevent driver type of "wired" from being
    selected in the case that the iface may not be "prepared" yet.
    (Closes: #376651)
  * Remove duplicating pidfile shell var's in wpa_action.sh by simply making
    them global.

  [ Reinhard Tartler ]
  * Note that ap_scap=2 can help speeding up associations (Closes: #368770)
  * wpa_action: flush the ip addr, if the package iproute is installed
  * wpa_action: add action 'reload' to reload the wpa_supplicant configuration
  * debian/control: add iproute to Recommends

 -- Kel Modderman <kelrin@tpg.com.au>  Wed,  5 Jul 2006 18:42:06 +1000

wpasupplicant (0.5.4-1) unstable; urgency=low

  * New upstream release.
  * WPA_CRTL_DIR environment variable is now exported to action scripts, we
    will use it to print a status report after a CONNECTED event.
  * Make logfile contents easier to read by adding a break between each ACTION
    event.
  * Recommend dhcp3-client, it handles consecutive wpa_action events with more
    grace than dhcp-client by not starting multiple dhclient processes on the
    same interface.
  * Don't remove wpa_action logfile on 'stop'.
  * Enhance wpa_action(8) to better explain the concept of a LOGICAL
    interface.
  * Install wpa_passphrase to /bin. (Closes: #373948)
  * Manpages have been slightly enhanced, and now briefly explain wpa_cli
    action environment variables and wpa_supplicant -C and -g options.
    (Closes: #372615)
  * Rename wpa_cli daemon pidfile to wpa_action.IFACE.pid for wpa-roam.
  * Further env variable testing cleanups to ifupdown.sh.
  * Global rename of WPA_COMMON_CTRL_IFACE to WPA_CTRL_DIR, as this is used
    for the same purposes upstream.
  * No longer penalise users for not having ctrl_interface explicitly
    contained within their wpa_supplicant.conf. (Closes: #375599)
  * Move WPA_ACTION_SCRIPT sanity checking into init_wpa_supplicant() to avoid
    ifupdown.sh exiting when bringing down an interface when ifup previously
    failed due to a missing or non-executable action script.
  * Add numerous code comments to ifupdown.sh.
  * Move WPA_CLI_OPTIONS and WPA_SUP_OPTIONS into their respective init()
    functions.
  * wpa_action now logs 'stop' events to file, updated manpage.
  * Split wpa_action logging into two parts, event and environment. Only
    wpa_cli events will echo env var's.
  * wpa_action exits with retval of ifdown command on 'stop' event.
  * Add workaround for sendsigs (initscripts) terminating wpa_supplicant
    processes before networking is shutdown gracefully. An init script
    wpa-ifupdown is called at sequence number 15 in runlevels 0 and 6 to bring
    down all interfaces that were started via ifupdown.sh.

 -- Kel Modderman <kelrin@tpg.com.au>  Tue, 27 Jun 2006 20:29:33 +1000

wpasupplicant (0.5.3+20060522-3) unstable; urgency=low

  [Reinhard Tartler]
  * review and make the warnings in debian/NEWS even more obvious.
  * advertise the manpage wpa_action(8) and the implemented roaming solution
    better.

  [Kel Modderman]
  * Bugfix: /etc/network/ifstate is not guarenteed to exist, we should grep
    /etc/network/run/ifstate in wpa_action. (Closes: #373179)
  * Include madwifi old development headers and provide a series of steps to
    enable support for users of the madwifi-old driver in debian/NEWS.
  * Restore init script example and information about its usage.
  * Use INTERFACES_FILE and IFSTATE_FILE in wpa_action.sh. Thanks for idea
    from Modestas Vainius.

 -- Kel Modderman <kelrin@tpg.com.au>  Wed, 14 Jun 2006 01:13:08 +1000

wpasupplicant (0.5.3+20060522-2) experimental; urgency=low

  * Warn user and exit when wpa-roam is not started with manual inet METHOD.
  * Remove awk line to "guess" a network_id, instead create the new block and
    store output of wpa_cli in WPA_ID. (make sure that -i IFACE is used)
  * Rename wpa_cli_wrapper() to wpa_cli() and make it absoluetly generic,
    including only the IFACE and path to ctrl_iface socket.
  * Introduce wpa_cli_do() and rewrite conf_wpa_supplicant() to enhance
    readability and maintainability.
  * Make WPA_ID variable local to conf_wpa_supplicant()
  * Exit with status 1 when wpa-action fails.
  * Move test's into init/conf/kill function header and clean up phase
    specific case constructs at the tail of ifupdown.sh.
  * Ensure lang barrier does not interfere with wpa_cli, use LC_ALL=C.
  * Add patch from Dan Williams that works around a problem specific to wep
    keys and orinoco chipsets.
  * Update madwifing_includes dpatch to latest madwifi.org svn.
  * Add WPAGUI to debian/rules, so that only one change has to be made to use
    a different wpa_gui target. Remove $(WPAGUI)/Makefile in clean target.
  * Purge and forget about the old init example script.

 -- Kel Modderman <kelrin@tpg.com.au>  Sat, 10 Jun 2006 22:25:58 +1000

wpasupplicant (0.5.3+20060522-1) experimental; urgency=low

  * New upstream development snapshot.
  * Oops: Disable CONFIG_EAP_SAKE. (Closes: #366937)
  * Rename debian/wpasupplicant.ifupdown to debian/ifupdown.sh. There is no
    need for that script to be named that way, as it may falsely seem to be
    handled by a debhelper target.
  * Don't attempt to send terminate signal via wpa_cli when start-stop-daemon
    can be used.
  * Use debhelper 5 compat level.
  * Use wpa_gui-qt4, and build-depend on libqt4-dev.
  * Use WPA_ID instead of NW_ID to make variable similar with what upstream
    uses for a similar purpose (unique identifier).
  * Add ifupdown environment var's to verbose output to assist in debugging.
  * Fix some typo's (engine_id, key_id) in ifupdown.sh.
  * ifupdown.sh no longer busy-loops when using an action script with
    wpa-action-timeout 0. Thanks to Elmar Hoffmann!
  * Allow wpa_cli action daemon to engage before configuring wpa_supplicant
    via wpa_cli set_network commands to avoid a possibly racy condition.
  * Move VERBOSITY variable to the beginning of ifupdown.sh, with the others.
  * Indent shell code in wpacli-action-* scripts.
  * Bumb Standards-Version to 3.7.2.
  * Allow for future PHASE specific stuff in start MODE of ifupdown.sh.
  * Move the action script sanity checks out of init_wpa_supplicant into
    common section of ifupdown.sh.
  * Create wpa_cli_wrapper to assist in major code clean up and future
    maintenance of ifupdown.sh.
  * Support madwifi-ng private ioctl's with the inclusion of the headers from
    madwifi.org svn trunk. (At the expense of not supporting the madwifi-old
    driver, which is deprecated by upstream madwifi)
  * Add wpa_action.sh to provide /sbin/wpa_action and facilitate roaming via
    ifupdown and network settings defined in /etc/network/interfaces (refer to
    wpa_action(8) for more details).

 -- Kel Modderman <kelrin@tpg.com.au>  Sun, 28 May 2006 20:33:38 +1000

wpasupplicant (0.5.3-1) experimental; urgency=low

  * New upstream development release.
  * Orphaned daemons that are spawned during an ifup process that is
    manually terminated are now checked for and killed.
  * Don't make noise when we are not using the manual inet method and
    wpa-action is used.
  * Warn about non-executable action script.
  * Ensure wpa_cli actfile is destroyed.
  * Make start-stop-daemon verbose when VERBOSITY is set.
  * Renumber dpatches for sanity.
  * Make ifupdown script modular; split into shell functions.
  * Fix typo in README.Debian, referring to a non-existant location.
  * Disconnect and terminate existing ctrl_interface sockets.

 -- Kel Modderman <kelrin@tpg.com.au>  Sat, 29 Apr 2006 14:53:51 +1000

wpasupplicant (0.5.2-3) experimental; urgency=low

  [ Kel Modderman ]
  * Remove bad information about wpa-driver-file in docs.
  * Actually fall back to wext as DRIVER type in example init script.
  * Fix typo in debian/control, remove suggests of dhcp*-client alltogether.
  * Remove bogus commands to set eapol_version and fast_reauth. They cannot be
    set via wpa_cli.
  * Make preauthenticate a global wpa_cli setting, rather than a per-ssid one.
  * Kill dhclient process after a DISCONNECT signal in dhclient action script
    example.
  * Document that the action script must must be executable.
  * Fix check for wireless extensions for when there is not whitespace after
    $IFACE:.
  * grep for $IFACE in /proc/net/dev to verify it is a valid network interface.
  * Improve documentation about wpa-driver, and further clarify that all
    wpa_cli commands should be supported in e/n/i by prefixing them with
    "wpa-".
  * Add a note about wpa-action-timeout.

  [ Reinhard Tartler ]
  * remove last reference to /etc/default/wpasupplicant. It is gone, don't
    revive zombies!
  * small cleanups in debian/rules
  * further clarifications in README.Debian

 -- Kel Modderman <kelrin@tpg.com.au>  Tue, 11 Apr 2006 22:05:06 +1000

wpasupplicant (0.5.2-2) experimental; urgency=low

  [ Kel Modderman ]
  * Bump debian revision to upgrade over the previously version uploaded to
    experimental, which has sufficiently changed since that time to warrant
    rebasing the package upon the 0.4.8-1 release to unstable.
  * Make ifupdown script exit silently when binaries are not found or
    executable.
  * When ifupdown exits with an error status, do not hide the echo'd problem
    description behind the VERBOSITY environment variable.
  * Remove check for wpa_cli pidfile when executing an action script. This
    check was racy, and not always successful. Sometimes, the device was
    marked as up without allowing the action script a chance to finish.
  * Improve feedback for wpa_cli action script daemon.
  * Ensure WPA_CLI_ACTFILE is removed when wpa_cli is terminated.
  * Fix typo in ifupdown script that later propogated into some example
    information in README.debian (wpa-apscan should have been wpa-ap-scan).
    Provide backwards compatibility for this change for those who already
    followed the example.
  * Check for existing pidfiles before executing daemons via ifupdown.

  [ Reinhard Tartler ]
  * enable driver test
  * add eap_testing.txt to documentation
  * enhance Readme.txt

 -- Kel Modderman <kelrin@tpg.com.au>  Tue,  4 Apr 2006 06:40:35 +1000

wpasupplicant (0.4.8-1) unstable; urgency=low

  [ Reinhard Tartler ]
  * Finally bringing in the new Upstream version with the ap scan patch for
    wpa-cli, required by network-manager (Closes: #356072)
  * Dropping Mode 3 (start by init script) (Closes: #356842, #357760)
  * add hint for associating to hidden ssids (Closes: #358137)
  * add a note for faciliating debugging connection problems
  * add this note to README.modes as well.
  * remove or backup obsolete conffiles
    /etc/network/if-p{re-up,ost-down}.d/wpasupplicant
  * install the wpasupplicant.conf(5) manpage (Closes: #358138)
  * don't start wpa_supplicant for loopback interface (Closes: #359814)
  * add explanation about action scripts, mentioning that we expect now
    the action script to create a file indicating that the interface is ready
    for use.
  * add warning in NEWS.Debian that upgrading to this package requires
    manual intervention by the local admin.
  * move old 'default configuration' to /usr/share/doc/wpasupplicant/examples
    as example for connecting to open APs.
  * remove version restriction from preinst. This means that obsoleted
    conffiles are always removed!
  * moved the ifupdown script to /etc/wpa_supplicant/ifupdown.sh
  * added note about binaries beeing moved to /sbin

  [ Scott James Remnant ]
  * Undo 0.4.8-0ubuntu2's replacement of the preinst/postinst/postrm triad,
    which replaced the upgrade-failure proof and policy compliant code with
    "something else".
  * Restore change to ifupdown script that makes "wpa-conf" unnecessary.
  * Move /etc/wpa_supplicant.conf to /etc/wpa_supplicant/wpa_supplicant.conf
    if the user has modified it, otherwise remove it and install the new file.
  * Remove 0_ from if-*.d symlink names as we don't force an order or
    even serialisation.

  [ Kel Modderman ]
  * Remove check for /proc/net/packet. (Closes: M#37121)
  * Add timeout loop when launching a wpa_cli action script in conjunction
    with the manual inet METHOD, to allow other ifupdown hooks to
    post-configure the interface just as they would have if using a standard
    method such as dhcp or static. Introduce WPA_CLI_ACTFILE to allow a
    wpa_cli action script to signal connected state to ifupdown.
  * Add skeleton wpa_cli action script to examples.
  * Simplify wpasupplicant.examples.
  * Don't install wpa_supplcant.defconf as the default wpa_supplicant conffile,
    our users don't want that file interrogated by anyone, even dpkg.

 -- Reinhard Tartler <siretart@tauware.de>  Fri, 31 Mar 2006 10:58:16 +0200

wpasupplicant (0.4.8-0ubuntu3) dapper; urgency=low

  * Add 40_ctrl_iface_hide_keys.dpatch to hide passwords and PINs from
    our logfiles, preventing an information disclosure vulnerability.

 -- Adam Conrad <adconrad@ubuntu.com>  Wed, 29 Mar 2006 23:49:26 +1100

wpasupplicant (0.4.8-0ubuntu2) dapper; urgency=low

  [ Kel Modderman ] - done in debian experimental for version 0.5.2-1
  * New upstream release.
  * Add myself to Uploaders.
  * Convert to cdbs.
    - rewrite debian/rules to take advantage of cdbs
    - update control file build-deps
  * Update README.modes.
    - clarify that wext is used by default, when no driver is specified
    - fix exmaple of wpa-psk using a plaintext string
    - fix typo's
  * Fold pre-up scripts into one, and symlink from
    /etc/network/if-{pre-up,down}.d/wpasupplicant
  * Use VERBOSITY of ifupdown to assist debugging of wpa stanza's in
    /etc/network/interfaces.
  * Add support for wpa_cli action scripts.
  * Use start-stop-daemon to initiate wpa_supplicant and wpa_cli background
    processes.
  * Daemons now create pidfiles.
  * Quote tested var's in wpasupplicant.init.
  * Quote all var's in wpsupplicant.default for uniformity.
  * Move wpa_* to /sbin.
  * Conffile for wpa_supplicant now installed to
    /etc/wpa_supplicant/wpa_supplicant.conf. That directory will hold any
    other files that we may require to use wpa_supplicant.
  * Don't start wpasupplicant pre-up if the current kernel lacks support for
    "Packet Socket" (CONFIG_PACKET=y).
  * Fix blunders in the init script.
    - typo, $PIFFILE should have been $PIDFILE
    - init script exited when a configuration file WAS found
  * Force init daemon's pidfile to be the same as wpasupplicant.ifupdown uses,
    to avoid duplicate wpa_supplicant processes binding to the same interface.
  * Remove the margin for error from the init daemon, by forcing the default
    variables to be set. Helpful and informative comments were placed in the
    default file. The init script will exit if these variables are not set
    correctly. (Closes: #357957)
  * Add comment to defconf about ctrl_interface and wpa_cli.
  * Add comments to previously uncommented dpatch's.
  * Include proof-of-concept dhlcient wpa-action script. Suggest
    dhcp(3)-client.
  * Thanks to Henrik Brix Andersen from gentoo for the ideas and inspriration
    for some of the above changes.

  [ Reinhard Tartler ]
  * compile wpa_gui with qt3 rather than qt4. (in order to faciliate
    backporting to sarge)
  * revert to debhelper 4
  * take the complete packaging from our experimental branch. The last upload
    did not document all changes properly (see the list above), and had still
    a lot of issues.
  * fixing typo in the preinst

 -- Reinhard Tartler <siretart@tauware.de>  Mon, 27 Mar 2006 15:28:22 +0200

wpasupplicant (0.5.1-1) experimental; urgency=low

  [ Reinhard Tartler ]
  * New Upstream Release. This is the current development branch of
    wpasupplicant.
  * revised the init script for supporting roaming mode
  * introduce README.modes explaining the differnet modes of operation
  * install manpage wpa_supplicant.conf(5) (Closes: #358138)
  * make wpasupplicant create a PID file (Closes: #355052)
  * Revise wpasupplicant.postinst (Closes: #322176)

  [ Kel Modderman ]
  * New experimental ifupdown scripts. (Closes: #322176, #356205, #356144)
  * Drop wpasupplicant.{postrm,postinst,override,docs}.
  * Use dh_installchangelogs to handle upstream changelog.
  * Enforce permissions on installed files.
  * Clean up handling of madwifi includes
    - dpatch contains description of origin
    - dpatch does not modify upstream, use CFLAGS to include madwifi headers
  * Add wpa_background manpage provided by upstream.

 -- Kel Modderman <kelrin@tpg.com.au>  Tue, 14 Mar 2006 23:00:47 +1000

wpasupplicant (0.4.8-0ubuntu1) dapper; urgency=low

  * New upstream release:
    - Various bug fixes
    - Support for EAP-FAST key derivation using other ciphers than
      RC4-128-SHA for authentication and AES128-SHA for provisioning.
    - UVF exception granted by Kamion.

  * Packaging and configuration is based on Debian Experimental however,
    making this package something of a bastard love child of what's in
    Debian.
  * Deliberately dropped support for wpasupplicant being run at startup to
    make it easier for Ubuntu to support.  It's now run on a per-interface
    basis when the interface is brought up.
    Consult /usr/share/doc/wpasupplicant/README.Debian for documentation
    if upgrading from universe.
  * Unlike Debian the wpa-conf /etc/network/interfaces is only needed for
    explicitly giving a configuration file; simply include any setting
    for wpa to be used.
  * Binaries moved to /sbin for seb128.

 -- Scott James Remnant <scott@ubuntu.com>  Thu, 23 Mar 2006 23:29:57 +0000

wpasupplicant (0.4.7-4) unstable; urgency=low

  [Daniel T Chen]

  * Convert rcS.d script to use /etc/network/if-p{ost-down,re-up}.d
    instead. Remove the rcS.d script installed in 0.4.7-0ubuntu{1,2}.
    If you manually modified /etc/network/interfaces to use the pre-up
    and post-down directives with wpasupplicant, please remove them.
    Thanks to Scott James Remnant for the guidance. (Closes: #304032)

  [Kel Modderman - submitted via bug #353530] (Closes: #353530)

  * Use upstream manpages.
  * added watch file
  * cleanups in debian/rules
  * Install wpagui manpage to man8
  * Use qmake-qt4 directly, to avoid ftbfs on systems with other qt
    versions installed.

  [Reinhard Tartler]

  * Merged with ubuntu package
  * added myself to Uploaders
  * use debhelper 5
  * remove debian/wpasupplicant.conffiles, debhelper handles this on its own
  * renamed ChangeLog.gz to changelog.gz, (Policy 12.7)
  * installed lintian override for possible multiple calling of update-rc.d.
    This is necessary to support different upgrade paths.
  * revised postinst, so that updating initskript links happens in when
    configuring the package only
  * introduce debian/NEWS, documenting importants bits of debian/changelogs,
    and a bit about future development of wpasupplicant
  * verified working WPA EAP-TLS on ipw2200. (Closes: #317548)
  * /etc/init.d/wpasupplicant is now a initscript which is not started on
    startup by default. (see changes by Daniel T Chen). lintian is not happy
    about this, so another lintian override was added

 -- Reinhard Tartler <siretart@tauware.de>  Fri, 24 Feb 2006 18:27:52 +0100

wpasupplicant (0.4.7-3) unstable; urgency=low

  * Another brown paper bag release.
  * Fix mistype of $CONFIG_FILE variable name in default script. Also make
    this the same variable checked for existence in the init script, as that
    was another bug I missed. (closes: #350900)

 -- Kyle McMartin <kyle@debian.org>  Wed, 01 Feb 2006 09:21:41 -0500

wpasupplicant (0.4.7-2) unstable; urgency=low

  * Brown paper bag release.
  * Add description for wpagui binary package...

 -- Kyle McMartin <kyle@debian.org>  Sat, 28 Jan 2006 16:51:56 -0500

wpasupplicant (0.4.7-1) unstable; urgency=low

  * New upstream version. (closes: #347347)
  * New binary package, wpa_gui; build-deps on Qt4. (closes: #332654)
  * Move wpasupplicant to run in rcS, before networking. This will likely
    upset a few people, but as wpasupplicant can wait for the interface to
    exist before doing anything, it shouldn't cause any real problems.
    (closes: #310136)
  * Document in default config file that EAP-FAST will not work
    without a patch to OpenSSL. (closes: #322174)
  * Comment out most of the default config file, some people kept the
    whole file verbatim, causing OpenSSL to try and load some uncommon
    libraries people likely didn't have installed, resulting in
    wpasupplicant segfaulting (closes: #330138, #336423)
  * Also for #336423, Suggest: libengine-pkcs11-openssl, and document why.
  * Make more noise when the daemon fails to run. (closes: #346265)
  * Don't advertise that -i may not be required in default/wpasupplicant,
    this option was removed as it did not scale to handle multiple
    interfaces. (closes: #322175)
  * Document typical location of config file in manpage. Note,
    wpasupplicant no longer implicitly finds a config file. (closes: #315963)
  * Add simple WPA-PSK example to default config file. (closes: #331533)
  * Split up $OPTIONS in default/wpasupplicant. (closes: #331533)

 -- Kyle McMartin <kyle@debian.org>  Sat, 28 Jan 2006 02:30:27 -0500

wpasupplicant (0.4.6-0.2) unstable; urgency=low

  * New upstream version (closes: #335487).
  * This version is designed for Wireless Extensions 19 and so will work
    with Linux kernel 2.6.14.  Closes: #338131.
  * Note that WPA support was added in Wireless Extensions 18 and should
    therefore exist in new (2.6.14-compliant) drivers, including
    ipw2200 v1.0.8. In order to take advantage of this new support you need to
    invoke wpasupplicant with the wext driver ("-D wext" in
    /etc/default/wpasupplicant for instance, instead of "-D ipw" say).
    Probably closes also #304087 and #317548, but I'm not going to confirm
    that just for an NMU.
  * Added comments to README.Debian amounting to the above.
  * Borrowed some of Norbert Preining's improvements:
        - add debhelper token to postrm script
        - fix address of FSF in copyright file
        - bump standards version to 3.6.2
        (Kyle, when you get back to this package, find Norbert's other changes
        upgrading to debhelper 4 in bug #338131).
  * Set NMU version to 0.2 for Norbert's convenience.
  * Marked /etc/init.d/wpasupplicant as a conffile (should really use
    debhelper4 to take care of this, but I'm not going to make the other
    changes needed for this).

 -- Drew Parsons <dparsons@debian.org>  Thu, 10 Nov 2005 20:34:35 +1100

wpasupplicant (0.4.4-1) unstable; urgency=low

  * New upstream version.
  * Ship a default /etc/wpa_supplicant.conf which associates with any
    open access point. (closes: #287220, #322171, #315964)
  * /etc/default/wpasupplicant is no longer mode 755 (closes: #315031)
  * Add a postrm script, oops, overlooked this initially... (closes: #327522)
  * Fix hyphen/minus in man pages. (closes: #296310)
  * patches/
    - 01_config
      + update
      + Enable wired driver. (closes: #325296)
      + Add EAP_FAST to config, but comment it out. EAP_FAST requires a patch
        to openssl before it is compileable.
    - 10_madwifi_includes
      + update from madwifi CVS. (closes: #326226)

 -- Kyle McMartin <kyle@debian.org>  Sat, 24 Sep 2005 12:35:02 -0400

wpasupplicant (0.4.2-1) unstable; urgency=low

  * New upstream release.
  * Add debhelper flag to postinst.

 -- Kyle McMartin <kyle@debian.org>  Sat, 18 Jun 2005 19:04:02 -0400

wpasupplicant (0.4.1-0) unstable; urgency=low

  * New upstream release.
  * This release was not uploaded.

 -- Kyle McMartin <kyle@debian.org>  Sun, 29 May 2005 17:40:11 -0400

wpasupplicant (0.4.0-1) unstable; urgency=low

  * New upstream release.
  * patches/
    - 12_ipw_open_aps
      + remove patch: It seems to cause problems with associating with
        open access points.
    - 11_madwifi_open_aps
      + remove patch, fixed upstream
          driver_madwifi: fixed association in plaintext mode

 -- Kyle McMartin <kyle@debian.org>  Sat, 30 Apr 2005 11:28:01 -0400

wpasupplicant (0.3.8-1) unstable; urgency=low

  * New upstream release.
  * This release fixes a crash due to a buffer overflow, caused by
    a missing validation step on EAPOL-Key frames. Receiving malformed
    frames trigger the crash. More information available in the notes:
    http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html
  * Fix some badness with the init script. Missed the -B option
    to daemonize wpa_supplicant... pidfile is not currently being used
    as it requires modifying wpa_supplicant.
  * patches/
    - 12_ipw_open_aps (closes: #295143)
      + merge patch against driver_ipw to fix association with
        open access points.

 -- Kyle McMartin <kyle@debian.org>  Tue, 15 Feb 2005 00:51:28 -0500

wpasupplicant (0.3.7-1) unstable; urgency=low

  * New upstream stable release.
  * Add preliminary init script for wpasupplicant. Currently it will
    start after pcmcia, for obvious reasons. (closes: #287219)
  * patches/
    - 11_madwifi_open_aps (closes: #294909)
      + merge patch against driver_madwifi to fix association with
        open access points.

 -- Kyle McMartin <kyle@debian.org>  Sat, 12 Feb 2005 22:56:11 -0500

wpasupplicant (0.3.2-2) unstable; urgency=low

  * patches/
    - 06_default_ifname
      + support a default interface specified in wpa_supplicant.conf

 -- Kyle McMartin <kyle@debian.org>  Sun, 23 Jan 2005 03:26:01 -0500

wpasupplicant (0.3.2-1) unstable; urgency=low

  * New upstream release.
  * From upstream changelog, and verified: (closes: #286443)
    + fixed private key loading for cases where passphrase is not set

 -- Kyle McMartin <kyle@debian.org>  Mon, 20 Dec 2004 10:22:11 -0500

wpasupplicant (0.3.1-2) unstable; urgency=low

  * Add CONFIG_CTRL_IFACE=y option to maintain old configuration file
    compatibility.

 -- Kyle McMartin <kyle@debian.org>  Sat, 18 Dec 2004 14:03:19 -0500

wpasupplicant (0.3.1-1) unstable; urgency=low

  * The "Kyle is a lazy, lazy, lazy hacker" release.
  * Removed patch for ipw2100, as it's been integrated
    upstream. (closes: #281979)
  * Remove default wpa_supplicant.conf from /etc, since we aren't
    installing a configuration file that will work by default. Instead,
    it has been moved to /usr/share/doc/wpasupplicant/examples.
  * Enable a few more options. Unfortunately support for Broadcom's wl.o
    must be disabled, since it requires a header file with an
    "All Rights Reserved" copyright. LinuxAnt DriverLoader is similarly
    disabled, though NDISWrapper is supported.

 -- Kyle McMartin <kyle@debian.org>  Thu, 16 Dec 2004 12:39:01 -0500

wpasupplicant (0.2.5-2) unstable; urgency=low

  * Merged patch from Lorenzo Martignoni, to enable support for
    WPA on the Intel IPW2100 wireless chipset (aka: Centrino).

 -- Kyle McMartin <kyle@debian.org>  Sat, 23 Oct 2004 15:21:11 -0400

wpasupplicant (0.2.5-1) unstable; urgency=low

  * New upstream version. (closes: #276368)

 -- Kyle McMartin <kyle@debian.org>  Tue, 12 Oct 2004 09:10:19 -0400

wpasupplicant (0.2.4-2) unstable; urgency=low

  * patches/
    - 01_config
      + enable TLS support (and various other non-default configurations)
    - 05_default_conf
      + patch to use "/etc/wpa_supplicant.conf" by default, instead of
        prompting for the configuration on the command line.
  * Add Build-Depends on libssl-dev, used by various EAPs.

 -- Kyle McMartin <kyle@debian.org>  Sun, 12 Sep 2004 11:16:19 -0400

wpasupplicant (0.2.4-1) unstable; urgency=low

  * Initial release.
  * patches/
    - 01_config
      + default configuration
    - 10_madwifi
      + support for wireless cards using the madwifi driver

 -- Kyle McMartin <kyle@debian.org>  Sun, 5 Sep 2004 13:19:27 -0400