diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2019-01-04 21:44:44 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2019-01-05 08:59:47 +0100 |
commit | b595b3d8f623b3c668d13768cde5e711a78f6485 (patch) | |
tree | e2f2643de207d72ae3719cae555753e63f16f6f5 /testing | |
parent | b66dbcf50c5c89b5d222a9da91ffa5e6b9592891 (diff) | |
download | current-b595b3d8f623b3c668d13768cde5e711a78f6485.tar.gz current-b595b3d8f623b3c668d13768cde5e711a78f6485.tar.xz |
Fri Jan 4 21:44:44 UTC 201920190104214444
a/hwdata-0.319-noarch-1.txz: Upgraded.
d/doxygen-1.8.14-x86_64-3.txz: Upgraded.
Reverted (for now) to avoid segfault in doxygen-1.8.15.
l/libwpg-0.3.3-x86_64-1.txz: Upgraded.
l/libxml2-2.9.9-x86_64-1.txz: Upgraded.
l/libxslt-1.1.33-x86_64-1.txz: Upgraded.
l/python-pillow-5.4.0-x86_64-1.txz: Upgraded.
x/xterm-342-x86_64-1.txz: Upgraded.
testing/packages/wpa_supplicant-2.7-x86_64-3.txz: Rebuilt.
Apply TLSv1 patch from Debian and make some config changes to fix
WPA2-Enterprise. Once we have some testing results on this we'll consider
moving it back into the main tree. Thanks to gablek.
Diffstat (limited to '')
-rw-r--r-- | testing/source/wpa_supplicant/config/dot.config | 9 | ||||
-rw-r--r-- | testing/source/wpa_supplicant/patches/allow-tlsv1.patch | 22 | ||||
-rwxr-xr-x | testing/source/wpa_supplicant/wpa_supplicant.SlackBuild | 5 |
3 files changed, 31 insertions, 5 deletions
diff --git a/testing/source/wpa_supplicant/config/dot.config b/testing/source/wpa_supplicant/config/dot.config index 94871afde..966a98c27 100644 --- a/testing/source/wpa_supplicant/config/dot.config +++ b/testing/source/wpa_supplicant/config/dot.config @@ -32,7 +32,7 @@ CONFIG_DRIVER_WEXT=y CONFIG_DRIVER_NL80211=y # QCA vendor extensions to nl80211 -#CONFIG_DRIVER_NL80211_QCA=y +CONFIG_DRIVER_NL80211_QCA=y # driver_nl80211.c requires libnl. If you are compiling it yourself # you may need to point hostapd to your version of libnl. @@ -310,14 +310,14 @@ CONFIG_IEEE80211W=y # internal = Internal TLSv1 implementation (experimental) # linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) # none = Empty template -#CONFIG_TLS=openssl +CONFIG_TLS=openssl # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) # can be enabled to get a stronger construction of messages when block ciphers # are used. It should be noted that some existing TLS v1.0 -based # implementation may not be compatible with TLS v1.1 message (ClientHello is # sent prior to negotiating which version will be used) -#CONFIG_TLSV11=y +CONFIG_TLSV11=y # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) # can be enabled to enable use of stronger crypto algorithms. It should be @@ -328,7 +328,8 @@ CONFIG_IEEE80211W=y # Select which ciphers to use by default with OpenSSL if the user does not # specify them. -CONFIG_TLS_DEFAULT_CIPHERS="PROFILE=SYSTEM:3DES" +#CONFIG_TLS_DEFAULT_CIPHERS="PROFILE=SYSTEM:3DES" +CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT@SECLEVEL=1" # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of diff --git a/testing/source/wpa_supplicant/patches/allow-tlsv1.patch b/testing/source/wpa_supplicant/patches/allow-tlsv1.patch new file mode 100644 index 000000000..eb5fb7818 --- /dev/null +++ b/testing/source/wpa_supplicant/patches/allow-tlsv1.patch @@ -0,0 +1,22 @@ +From: Andrej Shadura <andrewsh@debian.org> +Subject: Enable TLSv1.0 by default + +OpenSSL 1.1.1 disables TLSv1.0 by default and sets the security level to 2. +Some older networks may support for TLSv1.0 and less secure cyphers. + +--- a/src/crypto/tls_openssl.c ++++ b/src/crypto/tls_openssl.c +@@ -988,6 +988,13 @@ + os_free(data); + return NULL; + } ++ ++#ifndef EAP_SERVER_TLS ++ /* Enable TLSv1.0 by default to allow connecting to legacy ++ * networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */ ++ SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION); ++#endif ++ + data->ssl = ssl; + if (conf) + data->tls_session_lifetime = conf->tls_session_lifetime; diff --git a/testing/source/wpa_supplicant/wpa_supplicant.SlackBuild b/testing/source/wpa_supplicant/wpa_supplicant.SlackBuild index c248c1300..492ddb722 100755 --- a/testing/source/wpa_supplicant/wpa_supplicant.SlackBuild +++ b/testing/source/wpa_supplicant/wpa_supplicant.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=wpa_supplicant VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} SRCVERSION=$(printf $VERSION | tr _ -) @@ -92,6 +92,9 @@ zcat $CWD/patches/wpa_supplicant-gui-qt4.patch.gz | patch -p1 --verbose || exit zcat $CWD/patches/wpa_supplicant-quiet-scan-results-message.patch.gz | patch -p1 --verbose || exit 1 zcat $CWD/patches/wpa_supplicant-2.7-fix-undefined-remove-ie.patch.gz | patch -p1 --verbose || exit 1 +# Allow legacy tls to avoid breaking WPA2-Enterprise: +zcat $CWD/patches/allow-tlsv1.patch.gz | patch -p1 --verbose || exit 1 + cd wpa_supplicant # Create the configuration file for building wpa_supplicant: |