diff options
author | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2020-11-11 14:54:53 -0800 |
---|---|---|
committer | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2020-11-11 14:54:53 -0800 |
commit | 61d31fe6f1c3e1a479104f1c2a636e8d408c187d (patch) | |
tree | c3c973fd4c3431c7c392b98f80f75ccdff296590 | |
parent | Remove more needless config lines (diff) | |
download | linux-libre-61d31fe6f1c3e1a479104f1c2a636e8d408c187d.tar.xz |
Updated to 5.9.8
-rw-r--r-- | 0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch | 53 | ||||
-rw-r--r-- | PKGBUILD | 9 |
2 files changed, 3 insertions, 59 deletions
diff --git a/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch b/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch deleted file mode 100644 index d4c5e1a..0000000 --- a/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 5fbf98ceb5b2218ec764dd0d187953393732a5ef Mon Sep 17 00:00:00 2001 -From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be> -Date: Sat, 17 Oct 2020 23:08:18 +0400 -Subject: mac80211: fix regression where EAPOL frames were sent in plaintext - -I've managed to reproduce the issue, or at least a related issue. Can -you try the draft patch below and see if that fixes it? - -When sending EAPOL frames via NL80211 they are treated as injected -frames in mac80211. Due to commit 1df2bdba528b ("mac80211: never drop -injected frames even if normally not allowed") these injected frames -were not assigned a sta context in the function ieee80211_tx_dequeue, -causing certain wireless network cards to always send EAPOL frames in -plaintext. This may cause compatibility issues with some clients or -APs, which for instance can cause the group key handshake to fail and -in turn would cause the station to get disconnected. - -This commit fixes this regression by assigning a sta context in -ieee80211_tx_dequeue to injected frames as well. - -Note that sending EAPOL frames in plaintext is not a security issue -since they contain their own encryption and authentication protection. - -Fixes: 1df2bdba528b ("mac80211: never drop injected frames even if normally not allowed") ---- - net/mac80211/tx.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c -index dca01d7e6e3e..2a0725b548f6 100644 ---- a/net/mac80211/tx.c -+++ b/net/mac80211/tx.c -@@ -3613,13 +3613,14 @@ begin: - tx.skb = skb; - tx.sdata = vif_to_sdata(info->control.vif); - -- if (txq->sta && !(info->flags & IEEE80211_TX_CTL_INJECTED)) { -+ if (txq->sta) { - tx.sta = container_of(txq->sta, struct sta_info, sta); - /* - * Drop unicast frames to unauthorised stations unless they are -- * EAPOL frames from the local station. -+ * injected frames or EAPOL frames from the local station. - */ -- if (unlikely(ieee80211_is_data(hdr->frame_control) && -+ if (unlikely(!(info->flags & IEEE80211_TX_CTL_INJECTED) && -+ ieee80211_is_data(hdr->frame_control) && - !ieee80211_vif_is_mesh(&tx.sdata->vif) && - tx.sdata->vif.type != NL80211_IFTYPE_OCB && - !is_multicast_ether_addr(hdr->addr1) && --- -cgit v1.2.3-1-gf6bb5 - @@ -15,7 +15,7 @@ pkgbase=linux-libre _supver=5 _majver=9 -_minver=6 +_minver=8 _gccpatchver='20200615' _gccpatchger='10.1' _gccpatchker='5.8' @@ -24,7 +24,7 @@ _gccpatchker='5.8' else pkgver=${_supver}.${_majver}.${_minver} fi -pkgrel=1.2 +pkgrel=1 pkgdesc='Linux-libre' url='https://linux-libre.fsfla.org/' arch=(x86_64) @@ -41,7 +41,6 @@ _gnupkgver=${pkgver}-gnu source=( https://linux-libre.fsfla.org/pub/linux-libre/releases/${_gnumajver}/linux-libre-${_gnumajver}.tar.xz{,.sign} 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch - 0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch kernel_gcc_patch-${_gccpatchver}.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/${_gccpatchver}.tar.gz ath9k-regdom-hack.patch raid6-default-algo.patch @@ -57,13 +56,12 @@ validpgpkeys=( b2sums=('30280a22cba46ea899ad6dcd8093630f51684a111759e87db1bf857398cb861c37581734a8ac8b2b083ea477429e47e8b47b0d5a1cb648b9a9f17ec4abf91e17' 'SKIP' 'c1e9177debee553e03873dff9293e7a21a53297fc4b3df8b9f54a8839cf1c7d6803945fc7d64676fe8c04cb54ef331b59c4348fbc9915060162177be503d9e96' - '3006fa726027b57c421c959c4e6c2230cfa871df7a234d4b2061ed1db4784d0c296d90785a2c48f5c059f6e15ad58007773376440054ce6e60a00fc448b939b3' 'c8d0697f99fe6105815217b8ec059d8f587415ea8dd2b88a65e1087feedf697341a64cd56810fde9e7aeada79125fc8235faccc7e7b06492c099e27a8abbe99c' 'b6ef77035611139fa9a6d5b8d30570e2781bb4da483bb569884b0bd0129b62e0b82a5a6776fefe43fee801c70d39de1ea4d4c177f7cedd5ac135e3c64f7b895a' 'fde132f3705d908e6f2147c78a2193289916d72304ca5efa2229d79fc3e57a857314ce94e71425caef2f7f7b6cf87f05ef86335dc8bd4be78e7035afe608005a' 'c2cf7bf2e10792c07ae8fdfa2158df164208a8e5a83e4c2709a909a309a45cfd9d075c561ea720c0cc522317c8f3029686a639211191ddc21b664573a98bbfe4' 'b4e1377d97ad7e8144d6e55b6d43731e3271a5aec65b65ca6d81026a95f15f549b9303fb3c6f492099ca691e3f65f4cf7f0c3aa742df03b396d7f6d81813aa95' - '3871811ccd7528cefaedaa19b799bb0116994282f290684d92ac3f0d9cf6daea42accf6d194ee29554118d68c601237724744a207e83d2c8750ebe8153335276' + 'ede1484e12ae87f4ddf2f1fc84f14d804e5f077f34453097fee5a8c5ca91d7fd497aa84fe1e239b9b481583c83b6d988a8f8400b948567e249d032753d941bb1' 'SKIP') export KBUILD_BUILD_HOST=arc4linux @@ -83,7 +81,6 @@ prepare() { # Hotfixes echo "Applying hotfixes" patch -p1 -i ../0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch - patch -p1 -i ../0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch patch -p1 -i ../sphinx-workaround.patch |