diff options
-rw-r--r-- | .SRCINFO | 16 | ||||
-rw-r--r-- | 0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch | 54 | ||||
-rw-r--r-- | PKGBUILD | 10 |
3 files changed, 69 insertions, 11 deletions
@@ -1,5 +1,5 @@ pkgbase = linux-rc - pkgver = 5.9.2rc1 + pkgver = 5.9.3rc1 pkgrel = 1 url = https://www.kernel.org/ arch = x86_64 @@ -8,22 +8,24 @@ pkgbase = linux-rc makedepends = kmod makedepends = libelf options = !strip - source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.9.2-rc1.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.9.2-rc1.sign - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.9.1.tar.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.9.1.tar.sign + source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.9.3-rc1.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.9.3-rc1.sign + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.9.2.tar.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.9.2.tar.sign source = config source = 0000-sphinx-workaround.patch source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch + source = 0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E - b2sums = 9d61bcbcca4f8ffc573a2634ebf0768f2d90bf85634690f976094b7f0910e97bd12f3593444939773f99823a32bb98f50385aa738401d6eaca7cfb319101d2ef + b2sums = 81fe0377fc38eeae02adfddef36262f1b834fcab6c8b3d96bfc8cb1d1822f8ae77dadfc7538252613069b12c90ca6dc158f7b23205e5982c5d9372f9c92182a4 b2sums = SKIP - b2sums = 65eeccf077194ce03d5dbc1e8ea8f6022d709bc930945a49880fb87d71992e0614cf5ee92eb1b60fe2e3ed41fe17f0c176bbbad5f2cf0a2a349e1b08e6236558 + b2sums = 22ba992df3a1d73fa16efb31bb0d62eacd106fb6f4d6dd1ebe522dc09b94c8df689cdb594ed105076ab5e1be4bd00eb834019dc19b6f58f6bee04f53e5de961e b2sums = SKIP b2sums = 040cd9c2871f38537f5acac43baff091f46b8143fe66552238484b584456afd7f2862337056e27d3d8e034bcd68e030a4e47a059e9c92e4a416443bab2bc59db b2sums = b4e1377d97ad7e8144d6e55b6d43731e3271a5aec65b65ca6d81026a95f15f549b9303fb3c6f492099ca691e3f65f4cf7f0c3aa742df03b396d7f6d81813aa95 b2sums = 3c5cdf6da7ff5312bfe2a8dcd18e58c8e1a3408e1612be60417ed33866e9e70da77db88435fe49483c907c5ff45d4b9ed979aaa96d485cef976c6aa6fdaa834c + b2sums = c159ba9bfe9b400a604d1ee0b74aa19ee2e5fea96d0781fef48bb92c09909566a879ff9a68e101f0878d8dbd86d7bb6dfee91802ec837dfcc745237869bc1a1e pkgname = linux-rc pkgdesc = The release candidate kernel and modules diff --git a/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch b/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch new file mode 100644 index 000000000000..6e0f2eb501f5 --- /dev/null +++ b/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch @@ -0,0 +1,54 @@ +From 5fbf98ceb5b2218ec764dd0d187953393732a5ef Mon Sep 17 00:00:00 2001 +From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be> +Date: Sat, 17 Oct 2020 23:08:18 +0400 +Subject: [PATCH 2/3] mac80211: fix regression where EAPOL frames were sent in + plaintext + +I've managed to reproduce the issue, or at least a related issue. Can +you try the draft patch below and see if that fixes it? + +When sending EAPOL frames via NL80211 they are treated as injected +frames in mac80211. Due to commit 1df2bdba528b ("mac80211: never drop +injected frames even if normally not allowed") these injected frames +were not assigned a sta context in the function ieee80211_tx_dequeue, +causing certain wireless network cards to always send EAPOL frames in +plaintext. This may cause compatibility issues with some clients or +APs, which for instance can cause the group key handshake to fail and +in turn would cause the station to get disconnected. + +This commit fixes this regression by assigning a sta context in +ieee80211_tx_dequeue to injected frames as well. + +Note that sending EAPOL frames in plaintext is not a security issue +since they contain their own encryption and authentication protection. + +Fixes: 1df2bdba528b ("mac80211: never drop injected frames even if normally not allowed") +--- + net/mac80211/tx.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c +index dca01d7e6e3e..2a0725b548f6 100644 +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -3613,13 +3613,14 @@ struct sk_buff *ieee80211_tx_dequeue(struct ieee80211_hw *hw, + tx.skb = skb; + tx.sdata = vif_to_sdata(info->control.vif); + +- if (txq->sta && !(info->flags & IEEE80211_TX_CTL_INJECTED)) { ++ if (txq->sta) { + tx.sta = container_of(txq->sta, struct sta_info, sta); + /* + * Drop unicast frames to unauthorised stations unless they are +- * EAPOL frames from the local station. ++ * injected frames or EAPOL frames from the local station. + */ +- if (unlikely(ieee80211_is_data(hdr->frame_control) && ++ if (unlikely(!(info->flags & IEEE80211_TX_CTL_INJECTED) && ++ ieee80211_is_data(hdr->frame_control) && + !ieee80211_vif_is_mesh(&tx.sdata->vif) && + tx.sdata->vif.type != NL80211_IFTYPE_OCB && + !is_multicast_ether_addr(hdr->addr1) && +-- +2.29.1 + @@ -7,7 +7,7 @@ _srcname=linux-5.9 _major=5.9 ### on initial release this is null otherwise it is the current stable subversion ### ie 1,2,3 corresponding $_major.1, $_major.3 etc -_minor=1 +_minor=2 _minorc=$((_minor+1)) ### on initial release this is just $_major _fullver=$_major.$_minor @@ -30,18 +30,20 @@ source=( config # the main kernel config file 0000-sphinx-workaround.patch 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch + 0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) -b2sums=('9d61bcbcca4f8ffc573a2634ebf0768f2d90bf85634690f976094b7f0910e97bd12f3593444939773f99823a32bb98f50385aa738401d6eaca7cfb319101d2ef' +b2sums=('81fe0377fc38eeae02adfddef36262f1b834fcab6c8b3d96bfc8cb1d1822f8ae77dadfc7538252613069b12c90ca6dc158f7b23205e5982c5d9372f9c92182a4' 'SKIP' - '65eeccf077194ce03d5dbc1e8ea8f6022d709bc930945a49880fb87d71992e0614cf5ee92eb1b60fe2e3ed41fe17f0c176bbbad5f2cf0a2a349e1b08e6236558' + '22ba992df3a1d73fa16efb31bb0d62eacd106fb6f4d6dd1ebe522dc09b94c8df689cdb594ed105076ab5e1be4bd00eb834019dc19b6f58f6bee04f53e5de961e' 'SKIP' '040cd9c2871f38537f5acac43baff091f46b8143fe66552238484b584456afd7f2862337056e27d3d8e034bcd68e030a4e47a059e9c92e4a416443bab2bc59db' 'b4e1377d97ad7e8144d6e55b6d43731e3271a5aec65b65ca6d81026a95f15f549b9303fb3c6f492099ca691e3f65f4cf7f0c3aa742df03b396d7f6d81813aa95' - '3c5cdf6da7ff5312bfe2a8dcd18e58c8e1a3408e1612be60417ed33866e9e70da77db88435fe49483c907c5ff45d4b9ed979aaa96d485cef976c6aa6fdaa834c') + '3c5cdf6da7ff5312bfe2a8dcd18e58c8e1a3408e1612be60417ed33866e9e70da77db88435fe49483c907c5ff45d4b9ed979aaa96d485cef976c6aa6fdaa834c' + 'c159ba9bfe9b400a604d1ee0b74aa19ee2e5fea96d0781fef48bb92c09909566a879ff9a68e101f0878d8dbd86d7bb6dfee91802ec837dfcc745237869bc1a1e') export KBUILD_BUILD_HOST=archlinux |