diff options
author | Andrew Gunnerson <accounts+github@chiller3.com> | 2023-04-09 12:16:33 -0400 |
---|---|---|
committer | Andrew Gunnerson <accounts+github@chiller3.com> | 2023-04-09 12:51:23 -0400 |
commit | c260174c5bfcdf7cc3bd6db0f2bd51cf7b1f8648 (patch) | |
tree | ef7eb3bf3e4a55edb55da35f7856bf8c5853046f /packages/hostap | |
parent | e36e5e77ae370aa85555a6eb328b5ab59713d639 (diff) | |
download | vyos-build-c260174c5bfcdf7cc3bd6db0f2bd51cf7b1f8648.tar.gz vyos-build-c260174c5bfcdf7cc3bd6db0f2bd51cf7b1f8648.zip |
T5151: hostap: Reintroduce Debian's allow-legacy-renegotiation.patch
The Debian 12 upgrade in T5003 caused a regression for connecting to
legacy networks that only support TLSv1.0/1.1 for EAP-TLS. This commit
fixes one part of the issue by adding Debian's patch for allowing legacy
renegotiation (SSL_OP_LEGACY_SERVER_CONNECT flag). The flag used to be
allowed by default, but that changed with the openssl 3.0 upgrade in
Debian 12.
(This commit also updates `build.sh` to just overwrite
`debian/patches/series` and not delete patch files since
dpkg-buildpackage/quilt never applies unlisted patches.)
Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
Diffstat (limited to 'packages/hostap')
-rw-r--r-- | packages/hostap/Jenkinsfile | 2 | ||||
-rwxr-xr-x | packages/hostap/build.sh | 9 |
2 files changed, 7 insertions, 4 deletions
diff --git a/packages/hostap/Jenkinsfile b/packages/hostap/Jenkinsfile index 1aeb4521..70c0e71b 100644 --- a/packages/hostap/Jenkinsfile +++ b/packages/hostap/Jenkinsfile @@ -21,7 +21,7 @@ def pkgList = [ ['name': 'wpa', - 'scmCommit': 'debian/2%2.10-10', + 'scmCommit': 'debian/2%2.10-12', 'scmUrl': 'https://salsa.debian.org/debian/wpa', 'buildCmd': '/bin/true'], ['name': 'hostap', diff --git a/packages/hostap/build.sh b/packages/hostap/build.sh index c66bda3d..e69236dd 100755 --- a/packages/hostap/build.sh +++ b/packages/hostap/build.sh @@ -16,9 +16,12 @@ fi echo "I: Copy Debian build instructions" cp -a ${SRC_DEB}/debian ${SRC} -# Preserve Debian's default of allowing TLSv1.0 for compatibility -find ${SRC}/debian/patches -mindepth 1 ! -name allow-tlsv1.patch -delete -echo 'allow-tlsv1.patch' > ${SRC}/debian/patches/series +# Preserve Debian's default of allowing TLSv1.0 and legacy renegotiation for +# compatibility with networks that use legacy crypto +cat > ${SRC}/debian/patches/series << EOF +allow-tlsv1.patch +allow-legacy-renegotiation.patch +EOF # Build Debian package cd ${SRC} |