diff options
-rw-r--r-- | .SRCINFO | 22 | ||||
-rw-r--r-- | 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch | 10 | ||||
-rw-r--r-- | 0002-i2c-core-Restore-acpi_walk_dep_device_list-getting-c.patch | 70 | ||||
-rw-r--r-- | 0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch | 54 | ||||
-rw-r--r-- | PKGBUILD | 12 |
5 files changed, 76 insertions, 92 deletions
@@ -1,6 +1,6 @@ pkgbase = linux-ck - pkgver = 5.9.1 - pkgrel = 2 + pkgver = 5.9.2 + pkgrel = 1 url = https://wiki.archlinux.org/index.php/Linux-ck arch = x86_64 license = GPL2 @@ -8,24 +8,24 @@ pkgbase = linux-ck makedepends = kmod makedepends = libelf options = !strip - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.9.1.tar.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.9.1.tar.sign + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.9.2.tar.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.9.2.tar.sign source = config source = enable_additional_cpu_optimizations-20200615.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/20200615.tar.gz source = http://ck.kolivas.org/patches/5.0/5.9/5.9-ck1/patch-5.9-ck1.xz source = 0000-sphinx-workaround.patch source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch - source = 0002-i2c-core-Restore-acpi_walk_dep_device_list-getting-c.patch + source = 0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E - b2sums = 65eeccf077194ce03d5dbc1e8ea8f6022d709bc930945a49880fb87d71992e0614cf5ee92eb1b60fe2e3ed41fe17f0c176bbbad5f2cf0a2a349e1b08e6236558 + b2sums = 22ba992df3a1d73fa16efb31bb0d62eacd106fb6f4d6dd1ebe522dc09b94c8df689cdb594ed105076ab5e1be4bd00eb834019dc19b6f58f6bee04f53e5de961e b2sums = SKIP b2sums = ea3fda355bd421b68dff7e81b52bffe332c6e6030398ea84706fe29b39f9ce4a818128b4ed817b834df35f6237ae3e623fdea61b2fcb5b586990ea94eb4cd287 b2sums = c8d0697f99fe6105815217b8ec059d8f587415ea8dd2b88a65e1087feedf697341a64cd56810fde9e7aeada79125fc8235faccc7e7b06492c099e27a8abbe99c b2sums = c19099ad66168db4608dee44e1913c07c035bc002a91267abc2e1eadf1788ddb5be3b17e3fdfeddcba96526dfa2b9fcc43a5dd0f8236d94c864e6477924a6718 b2sums = b4e1377d97ad7e8144d6e55b6d43731e3271a5aec65b65ca6d81026a95f15f549b9303fb3c6f492099ca691e3f65f4cf7f0c3aa742df03b396d7f6d81813aa95 - b2sums = 3c5cdf6da7ff5312bfe2a8dcd18e58c8e1a3408e1612be60417ed33866e9e70da77db88435fe49483c907c5ff45d4b9ed979aaa96d485cef976c6aa6fdaa834c - b2sums = 5d54400c8cb1d2a2858684beba31a3b7b1a2695e1695b6382fc6eb3b54c858dae6d4a5b0c623a8cd1405000c8495eee72c1395b2a697c6ca7c24c2863c176b8d + b2sums = 065c46b01678f8f177e93652600bd0967592a5962a78ba1c77f7e0e4028ddaf0ad05ccacdce50d33176330e7e9adb5083ca747d86c01dc11a3bbabb3ac7e9f24 + b2sums = c159ba9bfe9b400a604d1ee0b74aa19ee2e5fea96d0781fef48bb92c09909566a879ff9a68e101f0878d8dbd86d7bb6dfee91802ec837dfcc745237869bc1a1e pkgname = linux-ck pkgdesc = The Linux-ck kernel and modules with the ck1 patchset featuring MuQSS CPU scheduler @@ -34,11 +34,11 @@ pkgname = linux-ck depends = initramfs optdepends = crda: to set the correct wireless channels of your country optdepends = linux-firmware: firmware images needed for some devices - provides = linux-ck=5.9.1 + provides = linux-ck=5.9.2 pkgname = linux-ck-headers pkgdesc = Headers and scripts for building modules for Linux-ck kernel depends = linux-ck - provides = linux-ck-headers=5.9.1 - provides = linux-headers=5.9.1 + provides = linux-ck-headers=5.9.2 + provides = linux-headers=5.9.2 diff --git a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch index 80364739ab93..e8550eddf230 100644 --- a/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch +++ b/0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch @@ -1,4 +1,4 @@ -From c7c51372f02b8b45275897e5728ef28a35b82658 Mon Sep 17 00:00:00 2001 +From 9dda33cd8d3d2feb086a5cb7f7392cda483939ee Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> Date: Mon, 16 Sep 2019 04:53:20 +0200 Subject: [PATCH 1/3] ZEN: Add sysctl and CONFIG to disallow unprivileged @@ -63,7 +63,7 @@ index d6a0b31b13dc..2420d38cbfb9 100644 bool "PID Namespaces" default y diff --git a/kernel/fork.c b/kernel/fork.c -index da8d360fb032..e1a347df77ac 100644 +index a9ce750578ca..0da8704c3d91 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -96,6 +96,10 @@ @@ -77,7 +77,7 @@ index da8d360fb032..e1a347df77ac 100644 #include <asm/pgalloc.h> #include <linux/uaccess.h> #include <asm/mmu_context.h> -@@ -1841,6 +1845,10 @@ static __latent_entropy struct task_struct *copy_process( +@@ -1860,6 +1864,10 @@ static __latent_entropy struct task_struct *copy_process( if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); @@ -88,7 +88,7 @@ index da8d360fb032..e1a347df77ac 100644 /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. -@@ -2900,6 +2908,12 @@ int ksys_unshare(unsigned long unshare_flags) +@@ -2921,6 +2929,12 @@ int ksys_unshare(unsigned long unshare_flags) if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; @@ -150,5 +150,5 @@ index 87804e0371fe..66b5afb0d0ee 100644 static DEFINE_MUTEX(userns_state_mutex); -- -2.28.0 +2.29.1 diff --git a/0002-i2c-core-Restore-acpi_walk_dep_device_list-getting-c.patch b/0002-i2c-core-Restore-acpi_walk_dep_device_list-getting-c.patch deleted file mode 100644 index 34551ba72b3d..000000000000 --- a/0002-i2c-core-Restore-acpi_walk_dep_device_list-getting-c.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 94d41d2b670111855a361a35806ebac8d2444042 Mon Sep 17 00:00:00 2001 -From: Hans de Goede <hdegoede@redhat.com> -Date: Wed, 14 Oct 2020 16:41:58 +0200 -Subject: [PATCH 2/3] i2c: core: Restore acpi_walk_dep_device_list() getting - called after registering the ACPI i2c devs - -Commit 21653a4181ff ("i2c: core: Call i2c_acpi_install_space_handler() -before i2c_acpi_register_devices()")'s intention was to only move the -acpi_install_address_space_handler() call to the point before where -the ACPI declared i2c-children of the adapter where instantiated by -i2c_acpi_register_devices(). - -But i2c_acpi_install_space_handler() had a call to -acpi_walk_dep_device_list() hidden (that is I missed it) at the end -of it, so as an unwanted side-effect now acpi_walk_dep_device_list() -was also being called before i2c_acpi_register_devices(). - -Move the acpi_walk_dep_device_list() call to the end of -i2c_acpi_register_devices(), so that it is once again called *after* -the i2c_client-s hanging of the adapter have been created. - -This fixes the Microsoft Surface Go 2 hanging at boot. - -Fixes: 21653a4181ff ("i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices()") -Suggested-by: Maximilian Luz <luzmaximilian@gmail.com> -Reported-and-tested-by: Kieran Bingham <kieran.bingham@ideasonboard.com> -Signed-off-by: Hans de Goede <hdegoede@redhat.com> ---- - drivers/i2c/i2c-core-acpi.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c -index e627d7b2790f..37c510d9347a 100644 ---- a/drivers/i2c/i2c-core-acpi.c -+++ b/drivers/i2c/i2c-core-acpi.c -@@ -264,6 +264,7 @@ static acpi_status i2c_acpi_add_device(acpi_handle handle, u32 level, - void i2c_acpi_register_devices(struct i2c_adapter *adap) - { - acpi_status status; -+ acpi_handle handle; - - if (!has_acpi_companion(&adap->dev)) - return; -@@ -274,6 +275,15 @@ void i2c_acpi_register_devices(struct i2c_adapter *adap) - adap, NULL); - if (ACPI_FAILURE(status)) - dev_warn(&adap->dev, "failed to enumerate I2C slaves\n"); -+ -+ if (!adap->dev.parent) -+ return; -+ -+ handle = ACPI_HANDLE(adap->dev.parent); -+ if (!handle) -+ return; -+ -+ acpi_walk_dep_device_list(handle); - } - - static const struct acpi_device_id i2c_acpi_force_400khz_device_ids[] = { -@@ -719,7 +729,6 @@ int i2c_acpi_install_space_handler(struct i2c_adapter *adapter) - return -ENOMEM; - } - -- acpi_walk_dep_device_list(handle); - return 0; - } - --- -2.28.0 - diff --git a/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch b/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch new file mode 100644 index 000000000000..6e0f2eb501f5 --- /dev/null +++ b/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch @@ -0,0 +1,54 @@ +From 5fbf98ceb5b2218ec764dd0d187953393732a5ef Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be> +Date: Sat, 17 Oct 2020 23:08:18 +0400 +Subject: [PATCH 2/3] mac80211: fix regression where EAPOL frames were sent in + plaintext + +I've managed to reproduce the issue, or at least a related issue. Can +you try the draft patch below and see if that fixes it? + +When sending EAPOL frames via NL80211 they are treated as injected +frames in mac80211. Due to commit 1df2bdba528b ("mac80211: never drop +injected frames even if normally not allowed") these injected frames +were not assigned a sta context in the function ieee80211_tx_dequeue, +causing certain wireless network cards to always send EAPOL frames in +plaintext. This may cause compatibility issues with some clients or +APs, which for instance can cause the group key handshake to fail and +in turn would cause the station to get disconnected. + +This commit fixes this regression by assigning a sta context in +ieee80211_tx_dequeue to injected frames as well. + +Note that sending EAPOL frames in plaintext is not a security issue +since they contain their own encryption and authentication protection. + +Fixes: 1df2bdba528b ("mac80211: never drop injected frames even if normally not allowed") +--- + net/mac80211/tx.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c +index dca01d7e6e3e..2a0725b548f6 100644 +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -3613,13 +3613,14 @@ struct sk_buff *ieee80211_tx_dequeue(struct ieee80211_hw *hw, + tx.skb = skb; + tx.sdata = vif_to_sdata(info->control.vif); + +- if (txq->sta && !(info->flags & IEEE80211_TX_CTL_INJECTED)) { ++ if (txq->sta) { + tx.sta = container_of(txq->sta, struct sta_info, sta); + /* + * Drop unicast frames to unauthorised stations unless they are +- * EAPOL frames from the local station. ++ * injected frames or EAPOL frames from the local station. + */ +- if (unlikely(ieee80211_is_data(hdr->frame_control) && ++ if (unlikely(!(info->flags & IEEE80211_TX_CTL_INJECTED) && ++ ieee80211_is_data(hdr->frame_control) && + !ieee80211_vif_is_mesh(&tx.sdata->vif) && + tx.sdata->vif.type != NL80211_IFTYPE_OCB && + !is_multicast_ether_addr(hdr->addr1) && +-- +2.29.1 + @@ -64,8 +64,8 @@ _localmodcfg= ### IMPORTANT: Do no edit below this line unless you know what you're doing pkgbase=linux-ck -pkgver=5.9.1 -pkgrel=2 +pkgver=5.9.2 +pkgrel=1 _ckpatchversion=1 arch=(x86_64) url="https://wiki.archlinux.org/index.php/Linux-ck" @@ -83,20 +83,20 @@ source=( "http://ck.kolivas.org/patches/5.0/5.9/5.9-ck${_ckpatchversion}/$_ckpatch.xz" 0000-sphinx-workaround.patch 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch - 0002-i2c-core-Restore-acpi_walk_dep_device_list-getting-c.patch + 0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) -b2sums=('65eeccf077194ce03d5dbc1e8ea8f6022d709bc930945a49880fb87d71992e0614cf5ee92eb1b60fe2e3ed41fe17f0c176bbbad5f2cf0a2a349e1b08e6236558' +b2sums=('22ba992df3a1d73fa16efb31bb0d62eacd106fb6f4d6dd1ebe522dc09b94c8df689cdb594ed105076ab5e1be4bd00eb834019dc19b6f58f6bee04f53e5de961e' 'SKIP' 'ea3fda355bd421b68dff7e81b52bffe332c6e6030398ea84706fe29b39f9ce4a818128b4ed817b834df35f6237ae3e623fdea61b2fcb5b586990ea94eb4cd287' 'c8d0697f99fe6105815217b8ec059d8f587415ea8dd2b88a65e1087feedf697341a64cd56810fde9e7aeada79125fc8235faccc7e7b06492c099e27a8abbe99c' 'c19099ad66168db4608dee44e1913c07c035bc002a91267abc2e1eadf1788ddb5be3b17e3fdfeddcba96526dfa2b9fcc43a5dd0f8236d94c864e6477924a6718' 'b4e1377d97ad7e8144d6e55b6d43731e3271a5aec65b65ca6d81026a95f15f549b9303fb3c6f492099ca691e3f65f4cf7f0c3aa742df03b396d7f6d81813aa95' - '3c5cdf6da7ff5312bfe2a8dcd18e58c8e1a3408e1612be60417ed33866e9e70da77db88435fe49483c907c5ff45d4b9ed979aaa96d485cef976c6aa6fdaa834c' - '5d54400c8cb1d2a2858684beba31a3b7b1a2695e1695b6382fc6eb3b54c858dae6d4a5b0c623a8cd1405000c8495eee72c1395b2a697c6ca7c24c2863c176b8d') + '065c46b01678f8f177e93652600bd0967592a5962a78ba1c77f7e0e4028ddaf0ad05ccacdce50d33176330e7e9adb5083ca747d86c01dc11a3bbabb3ac7e9f24' + 'c159ba9bfe9b400a604d1ee0b74aa19ee2e5fea96d0781fef48bb92c09909566a879ff9a68e101f0878d8dbd86d7bb6dfee91802ec837dfcc745237869bc1a1e') export KBUILD_BUILD_HOST=archlinux export KBUILD_BUILD_USER=$pkgbase |