diff options
-rw-r--r-- | 0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch | 53 | ||||
-rw-r--r-- | PKGBUILD | 9 |
2 files changed, 3 insertions, 59 deletions
diff --git a/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch b/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch deleted file mode 100644 index d4c5e1a..0000000 --- a/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 5fbf98ceb5b2218ec764dd0d187953393732a5ef Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be> -Date: Sat, 17 Oct 2020 23:08:18 +0400 -Subject: mac80211: fix regression where EAPOL frames were sent in plaintext - -I've managed to reproduce the issue, or at least a related issue. Can -you try the draft patch below and see if that fixes it? - -When sending EAPOL frames via NL80211 they are treated as injected -frames in mac80211. Due to commit 1df2bdba528b ("mac80211: never drop -injected frames even if normally not allowed") these injected frames -were not assigned a sta context in the function ieee80211_tx_dequeue, -causing certain wireless network cards to always send EAPOL frames in -plaintext. This may cause compatibility issues with some clients or -APs, which for instance can cause the group key handshake to fail and -in turn would cause the station to get disconnected. - -This commit fixes this regression by assigning a sta context in -ieee80211_tx_dequeue to injected frames as well. - -Note that sending EAPOL frames in plaintext is not a security issue -since they contain their own encryption and authentication protection. - -Fixes: 1df2bdba528b ("mac80211: never drop injected frames even if normally not allowed") ---- - net/mac80211/tx.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c -index dca01d7e6e3e..2a0725b548f6 100644 ---- a/net/mac80211/tx.c -+++ b/net/mac80211/tx.c -@@ -3613,13 +3613,14 @@ begin: - tx.skb = skb; - tx.sdata = vif_to_sdata(info->control.vif); - -- if (txq->sta && !(info->flags & IEEE80211_TX_CTL_INJECTED)) { -+ if (txq->sta) { - tx.sta = container_of(txq->sta, struct sta_info, sta); - /* - * Drop unicast frames to unauthorised stations unless they are -- * EAPOL frames from the local station. -+ * injected frames or EAPOL frames from the local station. - */ -- if (unlikely(ieee80211_is_data(hdr->frame_control) && -+ if (unlikely(!(info->flags & IEEE80211_TX_CTL_INJECTED) && -+ ieee80211_is_data(hdr->frame_control) && - !ieee80211_vif_is_mesh(&tx.sdata->vif) && - tx.sdata->vif.type != NL80211_IFTYPE_OCB && - !is_multicast_ether_addr(hdr->addr1) && --- -cgit v1.2.3-1-gf6bb5 - @@ -21,7 +21,7 @@ _custom=1 pkgbase=linux-ck _supver=5 _majver=9 -_minver=6 +_minver=8 _gccpatchver='20200615' _gccpatchger='10.1' _gccpatchker='5.8' @@ -31,7 +31,7 @@ _ckpatchversion=ck1 else pkgver=${_supver}.${_majver}.${_minver} fi -pkgrel=1.2 +pkgrel=1 pkgdesc='Linux-ck' url='https://kernel.org' #url='http://ck.kolivas.org/patches/' @@ -47,7 +47,6 @@ _srcname=linux-${pkgver} source=( https://www.kernel.org/pub/linux/kernel/v${_supver}.x/${_srcname}.tar.{xz,sign} 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch - 0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch linux-ck-patch-${_supver}.${_majver}-${_ckpatchversion}.xz::http://ck.kolivas.org/patches/${_supver}.0/${_supver}.${_majver}/${_supver}.${_majver}-${_ckpatchversion}/patch-${_supver}.${_majver}-${_ckpatchversion}.xz kernel_gcc_patch-${_gccpatchver}.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/${_gccpatchver}.tar.gz ath9k-regdom-hack.patch @@ -60,10 +59,9 @@ validpgpkeys=( '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) # https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc -b2sums=('c1a547d4af558bf364f2c1699e529deefeb5bd9322b7cfe8c034a0414d9e69dc96e27bd4011ce105f02d9787ca0e18e4c3d9c7581ccc486e45995f4fc493d932' +b2sums=('27b8820bbd7ea278b47e1c208efeeb41c890276ae59d33971ab0d8ba0081d45e57c579f9390c5e3019a4f3beebaf17a29a959e1b6cadb9e1824ea4e568f90205' 'SKIP' 'c1e9177debee553e03873dff9293e7a21a53297fc4b3df8b9f54a8839cf1c7d6803945fc7d64676fe8c04cb54ef331b59c4348fbc9915060162177be503d9e96' - '3006fa726027b57c421c959c4e6c2230cfa871df7a234d4b2061ed1db4784d0c296d90785a2c48f5c059f6e15ad58007773376440054ce6e60a00fc448b939b3' 'c19099ad66168db4608dee44e1913c07c035bc002a91267abc2e1eadf1788ddb5be3b17e3fdfeddcba96526dfa2b9fcc43a5dd0f8236d94c864e6477924a6718' 'c8d0697f99fe6105815217b8ec059d8f587415ea8dd2b88a65e1087feedf697341a64cd56810fde9e7aeada79125fc8235faccc7e7b06492c099e27a8abbe99c' 'b6ef77035611139fa9a6d5b8d30570e2781bb4da483bb569884b0bd0129b62e0b82a5a6776fefe43fee801c70d39de1ea4d4c177f7cedd5ac135e3c64f7b895a' @@ -88,7 +86,6 @@ prepare() { # Hotfixes echo "Applying hotfixes" patch -p1 -i ../0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch - patch -p1 -i ../0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch patch -p1 -i ../sphinx-workaround.patch |