Fri Jan 4 21:44:44 UTC 201920190104214444

a/hwdata-0.319-noarch-1.txz:  Upgraded.
d/doxygen-1.8.14-x86_64-3.txz:  Upgraded.
  Reverted (for now) to avoid segfault in doxygen-1.8.15.
l/libwpg-0.3.3-x86_64-1.txz:  Upgraded.
l/libxml2-2.9.9-x86_64-1.txz:  Upgraded.
l/libxslt-1.1.33-x86_64-1.txz:  Upgraded.
l/python-pillow-5.4.0-x86_64-1.txz:  Upgraded.
x/xterm-342-x86_64-1.txz:  Upgraded.
testing/packages/wpa_supplicant-2.7-x86_64-3.txz:  Rebuilt.
  Apply TLSv1 patch from Debian and make some config changes to fix
  WPA2-Enterprise. Once we have some testing results on this we'll consider
  moving it back into the main tree. Thanks to gablek.

1 files changed, 22 insertions, 0 deletions

diff --git a/testing/source/wpa_supplicant/patches/allow-tlsv1.patch b/testing/source/wpa_supplicant/patches/allow-tlsv1.patch
new file mode 100644
index 000000000..eb5fb7818
--- /dev/null
+++ b/testing/source/wpa_supplicant/patches/allow-tlsv1.patch
@@ -0,0 +1,22 @@
+From: Andrej Shadura <andrewsh@debian.org>
+Subject: Enable TLSv1.0 by default
+
+OpenSSL 1.1.1 disables TLSv1.0 by default and sets the security level to 2.
+Some older networks may support for TLSv1.0 and less secure cyphers.
+
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -988,6 +988,13 @@
+ 		os_free(data);
+ 		return NULL;
+ 	}
++
++#ifndef EAP_SERVER_TLS
++	/* Enable TLSv1.0 by default to allow connecting to legacy
++	 * networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */
++	SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION);
++#endif
++
+ 	data->ssl = ssl;
+ 	if (conf)
+ 		data->tls_session_lifetime = conf->tls_session_lifetime;