From c260174c5bfcdf7cc3bd6db0f2bd51cf7b1f8648 Mon Sep 17 00:00:00 2001 From: Andrew Gunnerson Date: Sun, 9 Apr 2023 12:16:33 -0400 Subject: T5151: hostap: Reintroduce Debian's allow-legacy-renegotiation.patch The Debian 12 upgrade in T5003 caused a regression for connecting to legacy networks that only support TLSv1.0/1.1 for EAP-TLS. This commit fixes one part of the issue by adding Debian's patch for allowing legacy renegotiation (SSL_OP_LEGACY_SERVER_CONNECT flag). The flag used to be allowed by default, but that changed with the openssl 3.0 upgrade in Debian 12. (This commit also updates `build.sh` to just overwrite `debian/patches/series` and not delete patch files since dpkg-buildpackage/quilt never applies unlisted patches.) Signed-off-by: Andrew Gunnerson --- packages/hostap/Jenkinsfile | 2 +- packages/hostap/build.sh | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'packages/hostap') diff --git a/packages/hostap/Jenkinsfile b/packages/hostap/Jenkinsfile index 1aeb4521..70c0e71b 100644 --- a/packages/hostap/Jenkinsfile +++ b/packages/hostap/Jenkinsfile @@ -21,7 +21,7 @@ def pkgList = [ ['name': 'wpa', - 'scmCommit': 'debian/2%2.10-10', + 'scmCommit': 'debian/2%2.10-12', 'scmUrl': 'https://salsa.debian.org/debian/wpa', 'buildCmd': '/bin/true'], ['name': 'hostap', diff --git a/packages/hostap/build.sh b/packages/hostap/build.sh index c66bda3d..e69236dd 100755 --- a/packages/hostap/build.sh +++ b/packages/hostap/build.sh @@ -16,9 +16,12 @@ fi echo "I: Copy Debian build instructions" cp -a ${SRC_DEB}/debian ${SRC} -# Preserve Debian's default of allowing TLSv1.0 for compatibility -find ${SRC}/debian/patches -mindepth 1 ! -name allow-tlsv1.patch -delete -echo 'allow-tlsv1.patch' > ${SRC}/debian/patches/series +# Preserve Debian's default of allowing TLSv1.0 and legacy renegotiation for +# compatibility with networks that use legacy crypto +cat > ${SRC}/debian/patches/series << EOF +allow-tlsv1.patch +allow-legacy-renegotiation.patch +EOF # Build Debian package cd ${SRC} -- cgit v1.2.3