summarylogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.SRCINFO16
-rw-r--r--0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch54
-rw-r--r--PKGBUILD10
3 files changed, 69 insertions, 11 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 307c2c39c9a5..eba440a5d8ec 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,5 +1,5 @@
pkgbase = linux-rc
- pkgver = 5.9.2rc1
+ pkgver = 5.9.3rc1
pkgrel = 1
url = https://www.kernel.org/
arch = x86_64
@@ -8,22 +8,24 @@ pkgbase = linux-rc
makedepends = kmod
makedepends = libelf
options = !strip
- source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.9.2-rc1.xz
- source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.9.2-rc1.sign
- source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.9.1.tar.xz
- source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.9.1.tar.sign
+ source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.9.3-rc1.xz
+ source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.9.3-rc1.sign
+ source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.9.2.tar.xz
+ source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.9.2.tar.sign
source = config
source = 0000-sphinx-workaround.patch
source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
+ source = 0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch
validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886
validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
- b2sums = 9d61bcbcca4f8ffc573a2634ebf0768f2d90bf85634690f976094b7f0910e97bd12f3593444939773f99823a32bb98f50385aa738401d6eaca7cfb319101d2ef
+ b2sums = 81fe0377fc38eeae02adfddef36262f1b834fcab6c8b3d96bfc8cb1d1822f8ae77dadfc7538252613069b12c90ca6dc158f7b23205e5982c5d9372f9c92182a4
b2sums = SKIP
- b2sums = 65eeccf077194ce03d5dbc1e8ea8f6022d709bc930945a49880fb87d71992e0614cf5ee92eb1b60fe2e3ed41fe17f0c176bbbad5f2cf0a2a349e1b08e6236558
+ b2sums = 22ba992df3a1d73fa16efb31bb0d62eacd106fb6f4d6dd1ebe522dc09b94c8df689cdb594ed105076ab5e1be4bd00eb834019dc19b6f58f6bee04f53e5de961e
b2sums = SKIP
b2sums = 040cd9c2871f38537f5acac43baff091f46b8143fe66552238484b584456afd7f2862337056e27d3d8e034bcd68e030a4e47a059e9c92e4a416443bab2bc59db
b2sums = b4e1377d97ad7e8144d6e55b6d43731e3271a5aec65b65ca6d81026a95f15f549b9303fb3c6f492099ca691e3f65f4cf7f0c3aa742df03b396d7f6d81813aa95
b2sums = 3c5cdf6da7ff5312bfe2a8dcd18e58c8e1a3408e1612be60417ed33866e9e70da77db88435fe49483c907c5ff45d4b9ed979aaa96d485cef976c6aa6fdaa834c
+ b2sums = c159ba9bfe9b400a604d1ee0b74aa19ee2e5fea96d0781fef48bb92c09909566a879ff9a68e101f0878d8dbd86d7bb6dfee91802ec837dfcc745237869bc1a1e
pkgname = linux-rc
pkgdesc = The release candidate kernel and modules
diff --git a/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch b/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch
new file mode 100644
index 000000000000..6e0f2eb501f5
--- /dev/null
+++ b/0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch
@@ -0,0 +1,54 @@
+From 5fbf98ceb5b2218ec764dd0d187953393732a5ef Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
+Date: Sat, 17 Oct 2020 23:08:18 +0400
+Subject: [PATCH 2/3] mac80211: fix regression where EAPOL frames were sent in
+ plaintext
+
+I've managed to reproduce the issue, or at least a related issue. Can
+you try the draft patch below and see if that fixes it?
+
+When sending EAPOL frames via NL80211 they are treated as injected
+frames in mac80211. Due to commit 1df2bdba528b ("mac80211: never drop
+injected frames even if normally not allowed") these injected frames
+were not assigned a sta context in the function ieee80211_tx_dequeue,
+causing certain wireless network cards to always send EAPOL frames in
+plaintext. This may cause compatibility issues with some clients or
+APs, which for instance can cause the group key handshake to fail and
+in turn would cause the station to get disconnected.
+
+This commit fixes this regression by assigning a sta context in
+ieee80211_tx_dequeue to injected frames as well.
+
+Note that sending EAPOL frames in plaintext is not a security issue
+since they contain their own encryption and authentication protection.
+
+Fixes: 1df2bdba528b ("mac80211: never drop injected frames even if normally not allowed")
+---
+ net/mac80211/tx.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
+index dca01d7e6e3e..2a0725b548f6 100644
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -3613,13 +3613,14 @@ struct sk_buff *ieee80211_tx_dequeue(struct ieee80211_hw *hw,
+ tx.skb = skb;
+ tx.sdata = vif_to_sdata(info->control.vif);
+
+- if (txq->sta && !(info->flags & IEEE80211_TX_CTL_INJECTED)) {
++ if (txq->sta) {
+ tx.sta = container_of(txq->sta, struct sta_info, sta);
+ /*
+ * Drop unicast frames to unauthorised stations unless they are
+- * EAPOL frames from the local station.
++ * injected frames or EAPOL frames from the local station.
+ */
+- if (unlikely(ieee80211_is_data(hdr->frame_control) &&
++ if (unlikely(!(info->flags & IEEE80211_TX_CTL_INJECTED) &&
++ ieee80211_is_data(hdr->frame_control) &&
+ !ieee80211_vif_is_mesh(&tx.sdata->vif) &&
+ tx.sdata->vif.type != NL80211_IFTYPE_OCB &&
+ !is_multicast_ether_addr(hdr->addr1) &&
+--
+2.29.1
+
diff --git a/PKGBUILD b/PKGBUILD
index 2fbead268008..4ec03de19aa5 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -7,7 +7,7 @@ _srcname=linux-5.9
_major=5.9
### on initial release this is null otherwise it is the current stable subversion
### ie 1,2,3 corresponding $_major.1, $_major.3 etc
-_minor=1
+_minor=2
_minorc=$((_minor+1))
### on initial release this is just $_major
_fullver=$_major.$_minor
@@ -30,18 +30,20 @@ source=(
config # the main kernel config file
0000-sphinx-workaround.patch
0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch
+ 0002-mac80211-fix-regression-where-EAPOL-frames-were-sent.patch
)
validpgpkeys=(
'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
'647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
)
-b2sums=('9d61bcbcca4f8ffc573a2634ebf0768f2d90bf85634690f976094b7f0910e97bd12f3593444939773f99823a32bb98f50385aa738401d6eaca7cfb319101d2ef'
+b2sums=('81fe0377fc38eeae02adfddef36262f1b834fcab6c8b3d96bfc8cb1d1822f8ae77dadfc7538252613069b12c90ca6dc158f7b23205e5982c5d9372f9c92182a4'
'SKIP'
- '65eeccf077194ce03d5dbc1e8ea8f6022d709bc930945a49880fb87d71992e0614cf5ee92eb1b60fe2e3ed41fe17f0c176bbbad5f2cf0a2a349e1b08e6236558'
+ '22ba992df3a1d73fa16efb31bb0d62eacd106fb6f4d6dd1ebe522dc09b94c8df689cdb594ed105076ab5e1be4bd00eb834019dc19b6f58f6bee04f53e5de961e'
'SKIP'
'040cd9c2871f38537f5acac43baff091f46b8143fe66552238484b584456afd7f2862337056e27d3d8e034bcd68e030a4e47a059e9c92e4a416443bab2bc59db'
'b4e1377d97ad7e8144d6e55b6d43731e3271a5aec65b65ca6d81026a95f15f549b9303fb3c6f492099ca691e3f65f4cf7f0c3aa742df03b396d7f6d81813aa95'
- '3c5cdf6da7ff5312bfe2a8dcd18e58c8e1a3408e1612be60417ed33866e9e70da77db88435fe49483c907c5ff45d4b9ed979aaa96d485cef976c6aa6fdaa834c')
+ '3c5cdf6da7ff5312bfe2a8dcd18e58c8e1a3408e1612be60417ed33866e9e70da77db88435fe49483c907c5ff45d4b9ed979aaa96d485cef976c6aa6fdaa834c'
+ 'c159ba9bfe9b400a604d1ee0b74aa19ee2e5fea96d0781fef48bb92c09909566a879ff9a68e101f0878d8dbd86d7bb6dfee91802ec837dfcc745237869bc1a1e')
export KBUILD_BUILD_HOST=archlinux