[arch-commits] Commit in linux-hardened/trunk (3 files)

Levente Polyak anthraxx at archlinux.org
Tue Nov 10 19:25:28 UTC 2020


    Date: Tuesday, November 10, 2020 @ 19:25:28
  Author: anthraxx
Revision: 400112

upgpkg: linux-hardened 5.9.7.a-1

Modified:
  linux-hardened/trunk/PKGBUILD
  linux-hardened/trunk/config
Deleted:
  linux-hardened/trunk/mac80211-fix-regression-where-EAPOL-frames-were-sent-in-plaintext.patch

-------------------------------------------------------------------------+
 PKGBUILD                                                                |   12 +-
 config                                                                  |    4 
 mac80211-fix-regression-where-EAPOL-frames-were-sent-in-plaintext.patch |   48 ----------
 3 files changed, 7 insertions(+), 57 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-11-10 19:11:04 UTC (rev 400111)
+++ PKGBUILD	2020-11-10 19:25:28 UTC (rev 400112)
@@ -4,7 +4,7 @@
 # Contributor: Thomas Baechler <thomas at archlinux.org>
 
 pkgbase=linux-hardened
-pkgver=5.9.6.a
+pkgver=5.9.7.a
 pkgrel=1
 pkgdesc='Security-Hardened Linux'
 url='https://github.com/anthraxx/linux-hardened'
@@ -21,7 +21,6 @@
   https://github.com/anthraxx/${pkgbase}/releases/download/${pkgver}/${pkgbase}-${pkgver}.patch{,.sig}
   config         # the main kernel config file
   sphinx-workaround.patch
-  mac80211-fix-regression-where-EAPOL-frames-were-sent-in-plaintext.patch
 )
 validpgpkeys=(
   'ABAF11C65A2970B130ABE3C479BE3E4300411886'  # Linus Torvalds
@@ -29,13 +28,12 @@
   '65EEFE022108E2B708CBFCF7F9E712E59AF5F22A'  # Daniel Micay
   'E240B57E2C4630BA768E2F26FC1B547C8D8172C8'  # Levente Polyak
 )
-sha256sums=('6cc182fe19a8f3958c24d453f4ab68eb73fb5cfb8af4c95b02f3db049e655370'
+sha256sums=('dea843ecac95c8780fba92005fec360e0491cb1aacc18097bcd9b169e91869b7'
             'SKIP'
-            '7676a79e0a0f1f990e9b6637e456454f5d96436b3473bbaa93e27b70d79445c0'
+            '841ad13232835eb4aee9fea67630210c8d9eb6fa44c8f2b04a043a3f9ace64e9'
             'SKIP'
-            '7ee9ebfa9ccd1391808a3d387be8a8db7e335f8b448ec41f9148d3665eac56d1'
-            '8cb21e0b3411327b627a9dd15b8eb773295a0d2782b1a41b2a8839d1b2f5778c'
-            'ce35d788ec6bbcb04ddb826a946fb155f9a69b62e4518092bf0530f2d2d2b151')
+            '69060a0aeba96971b503905de7c71fd0f9718875693f3349df8fd7983fae9132'
+            '8cb21e0b3411327b627a9dd15b8eb773295a0d2782b1a41b2a8839d1b2f5778c')
 
 export KBUILD_BUILD_HOST=archlinux
 export KBUILD_BUILD_USER=$pkgbase

Modified: config
===================================================================
--- config	2020-11-10 19:11:04 UTC (rev 400111)
+++ config	2020-11-10 19:25:28 UTC (rev 400112)
@@ -1,11 +1,11 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 5.9.6 Kernel Configuration
+# Linux/x86 5.9.7 Kernel Configuration
 #
 CONFIG_CC_VERSION_TEXT="gcc (GCC) 10.2.0"
 CONFIG_CC_IS_GCC=y
 CONFIG_GCC_VERSION=100200
-CONFIG_LD_VERSION=235000000
+CONFIG_LD_VERSION=235010000
 CONFIG_CLANG_VERSION=0
 CONFIG_CC_CAN_LINK=y
 CONFIG_CC_CAN_LINK_STATIC=y

Deleted: mac80211-fix-regression-where-EAPOL-frames-were-sent-in-plaintext.patch
===================================================================
--- mac80211-fix-regression-where-EAPOL-frames-were-sent-in-plaintext.patch	2020-11-10 19:11:04 UTC (rev 400111)
+++ mac80211-fix-regression-where-EAPOL-frames-were-sent-in-plaintext.patch	2020-11-10 19:25:28 UTC (rev 400112)
@@ -1,48 +0,0 @@
-From d30a6f983b360a08f962f5b3199b733df2e02418 Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef at kuleuven.be>
-Date: Sat, 17 Oct 2020 23:08:18 +0400
-Subject: mac80211: fix regression where EAPOL frames were sent in plaintext
-
-When sending EAPOL frames via NL80211 they are treated as injected
-frames in mac80211. Due to commit 1df2bdba528b ("mac80211: never drop
-injected frames even if normally not allowed") these injected frames
-were not assigned a sta context in the function ieee80211_tx_dequeue,
-causing certain wireless network cards to always send EAPOL frames in
-plaintext. This may cause compatibility issues with some clients or
-APs, which for instance can cause the group key handshake to fail and
-in turn would cause the station to get disconnected.
-
-This commit fixes this regression by assigning a sta context in
-ieee80211_tx_dequeue to injected frames as well.
-
-Note that sending EAPOL frames in plaintext is not a security issue
-since they contain their own encryption and authentication protection.
-
-Fixes: 1df2bdba528b ("mac80211: never drop injected frames even if normally not allowed")
----
- net/mac80211/tx.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
-index 282b0bc201ee..aa486e202a57 100644
---- a/net/mac80211/tx.c
-+++ b/net/mac80211/tx.c
-@@ -3613,13 +3613,14 @@ begin:
- 	tx.skb = skb;
- 	tx.sdata = vif_to_sdata(info->control.vif);
- 
--	if (txq->sta && !(info->flags & IEEE80211_TX_CTL_INJECTED)) {
-+	if (txq->sta) {
- 		tx.sta = container_of(txq->sta, struct sta_info, sta);
- 		/*
- 		 * Drop unicast frames to unauthorised stations unless they are
--		 * EAPOL frames from the local station.
-+		 * injected frames or EAPOL frames from the local station.
- 		 */
--		if (unlikely(ieee80211_is_data(hdr->frame_control) &&
-+		if (unlikely(!(info->flags & IEEE80211_TX_CTL_INJECTED) &&
-+			     ieee80211_is_data(hdr->frame_control) &&
- 			     !ieee80211_vif_is_mesh(&tx.sdata->vif) &&
- 			     tx.sdata->vif.type != NL80211_IFTYPE_OCB &&
- 			     !is_multicast_ether_addr(hdr->addr1) &&
--- 


More information about the arch-commits mailing list