minipli-sources: v4.9.54 bump with injection patch this time

2026-05-02 03:30:48 +02:00 · 2017-10-13 10:07:36 +08:00 · 2017-10-13 10:07:36 +08:00 · 618be77ced
commit 618be77ced
parent 36683872dd
3 changed files with 184 additions and 0 deletions
--- a/sys-kernel/minipli-sources/Manifest
+++ b/sys-kernel/minipli-sources/Manifest
@ -1,5 +1,7 @@
 DIST genpatches-4.9-45.base.tar.xz 959052 SHA256 279bec7f62cdc68d7fbc28a86c937346553050f32bb781fc31b8d8d6f5d6948b SHA512 604bca804acc93ff69f44daf070ff753fc2a0fc6a3c181346b42188b0ca1a3db219acb961a56a02a2187dfaa53bea0dee6e3cb5b524bcb0e21f9d52d700de8d4 WHIRLPOOL e3e753a436e3447d18e965299d4b63ca59ca31ec0aec7351ac2f2e60f7a21318e90ef099793ffa1ea33f79d53f39ccf0d1d82376b4871498d5a8193d668e4ac9
 DIST genpatches-4.9-52.base.tar.xz 1005324 SHA256 2c82e925d4189ae88764ea5ebdade33eeab928ef3f17416639bbdeae847f666f SHA512 b7fb1f54548221e9cb62c4ef0a0c21452ac8bbfc0b44562365534010dfce809ddee7c87c06c43011b61f07dbea5d314a56182d73a37535954331357fda1c96f9 WHIRLPOOL d31a223bd1d4b21f72430b5e5fa18b5260ad63c599f949bc269787ae72ff90bc0c63ad2b69a4681f4177641ea2979dc04aab126f8f12f26b05af18be7b086e26
+DIST genpatches-4.9-56.base.tar.xz 1098340 SHA256 69e8104e4b2cf11d286d04b19a88d027ffbf94701cfc237f5737d0d907d2f4e4 SHA512 d0e54f6b904bce6cee767297fd3282ad8fbd002e2820cd211d35d00e71c1a0339f0715d352c6dc7972097ebeaa282c074f9e85ef953ad16f9a4f35f5ddc26e58 WHIRLPOOL c64fb7d0f811754166b5f8cdb08efd270ec6e1b57723fe8d1c206d5d184c8230b41d1f61c1e98300da0765327dc6feb2f3d8d5e36a8d26b9b1d5a2a3a6170c32
 DIST linux-4.9.tar.xz 93192404 SHA256 029098dcffab74875e086ae970e3828456838da6e0ba22ce3f64ef764f3d7f1a SHA512 bf67ff812cc3cb7e5059e82cc5db0d9a7c5637f7ed9a42e4730c715bf7047c81ed3a571225f92a33ef0b6d65f35595bc32d773356646df2627da55e9bc7f1f1a WHIRLPOOL 072505b29972ad120eb25a074217847c9c2813416c4903e605a0433574f5f87616dbea0b1454e4b19acc48107f11274b682958b1d773373156e99f8163e6606a
 DIST v4.9.44-unofficial_grsec-20170817112724.diff 9366519 SHA256 a1a80c0df7a4f39af63400228098ae4155399f4888a850b9f54eb3461ae3b5b5 SHA512 186309ceed995ce9af9666017bf08c71418123fd09f53ea1fa395587484c2b0fadb4a2e440235fcba5257bb1286f67326028f04cd8ee522abc42ac021bcd691b WHIRLPOOL 0ae217013fab80704f5e6120046746a13fa833dbc7cde208db6534fd50bdf42ccc44ab18128f7fce0f600e87fd2fd6d232e05813199ea2ed0417b9937f58c14f
 DIST v4.9.50-unofficial_grsec-20170914110214.diff 8813945 SHA256 14ba7e085211a6b7a45d20b5c636bd14b5e720e8fc27b23b95531253987b6369 SHA512 d750bd5e716bea30b0e75d27580ed5406fe9627d9c3027d7a85ae0ed33d8d8dcbc3c0f9e8463df955bb9f5bf82031450c77c2bebdd3b091686888740bd934406 WHIRLPOOL 6ed1078bb4966b7ae198b06a6d23acc075cd81be21264c715693d2cd320c3f12c69bc5048ad18b8befc2db9b4953c222a7ce69137c8526b0d508102c2c24c42a
+DIST v4.9.54-unofficial_grsec-20171009084953.diff 8813404 SHA256 a77616774d7b13d87dbcc8141bf05c77c736e9707c125f01f0ed9b7f7d979fea SHA512 6795690f6fc89ae6958a3fecc3b8b702aa387e7de904be27d8392fd8c66b2cc8e69ed09b68fd7f12ba16c6233997d06e555fc04bb0fa644f12ecbb4d0ca6857d WHIRLPOOL 1293936746cea90168119032a4d206502c433749233f56c22a0bda5982e7de14a943e8bc9027535c51623cedc493bb1de114358121d3c5d039bd77311432bf3d
--- a/sys-kernel/minipli-sources/files/grsec-wifi-injection-4.9.patch
+++ b/sys-kernel/minipli-sources/files/grsec-wifi-injection-4.9.patch
@ -0,0 +1,130 @@
+--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
+@@ -580,7 +580,8 @@ static int ieee80211_set_monitor_channel
+ 			ret = ieee80211_vif_use_channel(sdata, chandef,
+ 					IEEE80211_CHANCTX_EXCLUSIVE);
+ 		}
+-	} else if (local_read(&local->open_count) == local->monitors) {
+       // Patch: Always allow channel change, even if a normal virtual interface is present
+       } else /*if (local_read(&local->open_count) == local->monitors)*/ {
+ 		local->_oper_chandef = *chandef;
+ 		ieee80211_hw_config(local, 0);
+ 	}
+--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
+@@ -795,11 +795,19 @@ ieee80211_tx_h_sequence(struct ieee80211
+ 
+ 	/*
+ 	 * Packet injection may want to control the sequence
+-	 * number, if we have no matching interface then we
+-	 * neither assign one ourselves nor ask the driver to.
+	 * number, so if an injected packet is found, skip
+	 * renumbering it. Also make the packet NO_ACK to avoid
+	 * excessive retries (ACKing and retrying should be
+	 * handled by the injecting application).
+	 * FIXME This may break hostapd and some other injectors.
+	 * This should be done using a radiotap flag.
+ 	 */
+-	if (unlikely(info->control.vif->type == NL80211_IFTYPE_MONITOR))
+	if (unlikely((info->flags & IEEE80211_TX_CTL_INJECTED) &&
+	   !(tx->sdata->u.mntr.flags & MONITOR_FLAG_COOK_FRAMES))) {
+		if (!ieee80211_has_morefrags(hdr->frame_control))
+			info->flags |= IEEE80211_TX_CTL_NO_ACK;
+ 		return TX_CONTINUE;
+	}
+ 
+ 	if (unlikely(ieee80211_is_ctl(hdr->frame_control)))
+ 		return TX_CONTINUE;
+@@ -1659,7 +1667,10 @@ void ieee80211_xmit(struct ieee80211_sub
+ 		}
+ 	}
+ 
+-	ieee80211_set_qos_hdr(sdata, skb);
+        // Don't overwrite QoS header in monitor mode
+        if (likely(info->control.vif->type != NL80211_IFTYPE_MONITOR)) {
+            ieee80211_set_qos_hdr(sdata, skb);
+        }
+ 	ieee80211_tx(sdata, sta, skb, false);
+ }
+ 
+--- a/net/wireless/chan.c
+++ b/net/wireless/chan.c
+@@ -857,8 +857,10 @@ int cfg80211_set_monitor_channel(struct
+ {
+ 	if (!rdev->ops->set_monitor_channel)
+ 		return -EOPNOTSUPP;
+-	if (!cfg80211_has_monitors_only(rdev))
+-		return -EBUSY;
+	// Always allow user to change channel, even if there is another normal
+	// virtual interface using the device.
+	//if (!cfg80211_has_monitors_only(rdev))
+	//	return -EBUSY;
+ 
+ 	return rdev_set_monitor_channel(rdev, chandef);
+ }
+--- a/drivers/net/wireless/zydas/zd1211rw/zd_mac.c
+++ b/drivers/net/wireless/zydas/zd1211rw/zd_mac.c
+@@ -242,14 +242,19 @@ void zd_mac_clear(struct zd_mac *mac)
+ static int set_rx_filter(struct zd_mac *mac)
+ {
+ 	unsigned long flags;
+-	u32 filter = STA_RX_FILTER;
+	struct zd_ioreq32 ioreqs[] = {
+		{CR_RX_FILTER, STA_RX_FILTER},
+		{ CR_SNIFFER_ON, 0U },
+	};
+ 
+ 	spin_lock_irqsave(&mac->lock, flags);
+-	if (mac->pass_ctrl)
+-		filter |= RX_FILTER_CTRL;
+	if (mac->pass_ctrl) {
+		ioreqs[0].value |= 0xFFFFFFFF;
+		ioreqs[1].value = 0x1;
+	}
+ 	spin_unlock_irqrestore(&mac->lock, flags);
+ 
+-	return zd_iowrite32(&mac->chip, CR_RX_FILTER, filter);
+	return zd_iowrite32a(&mac->chip, ioreqs, ARRAY_SIZE(ioreqs));
+ }
+ 
+ static int set_mac_and_bssid(struct zd_mac *mac)
+@@ -1057,7 +1062,8 @@ int zd_mac_rx(struct ieee80211_hw *hw, c
+ 	/* Caller has to ensure that length >= sizeof(struct rx_status). */
+ 	status = (struct rx_status *)
+ 		(buffer + (length - sizeof(struct rx_status)));
+-	if (status->frame_status & ZD_RX_ERROR) {
+	if ((status->frame_status & ZD_RX_ERROR) || 
+		(status->frame_status & ~0x21)) {
+ 		if (mac->pass_failed_fcs &&
+ 				(status->frame_status & ZD_RX_CRC32_ERROR)) {
+ 			stats.flag |= RX_FLAG_FAILED_FCS_CRC;
+@@ -1400,7 +1406,7 @@ struct ieee80211_hw *zd_mac_alloc_hw(str
+ 	ieee80211_hw_set(hw, MFP_CAPABLE);
+ 	ieee80211_hw_set(hw, HOST_BROADCAST_PS_BUFFERING);
+ 	ieee80211_hw_set(hw, RX_INCLUDES_FCS);
+-	ieee80211_hw_set(hw, SIGNAL_UNSPEC);
+	ieee80211_hw_set(hw, SIGNAL_DBM);
+ 
+ 	hw->wiphy->interface_modes =
+ 		BIT(NL80211_IFTYPE_MESH_POINT) |
+--- a/drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c
+++ b/drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c
+@@ -251,8 +251,17 @@ static void rtl8187_tx(struct ieee80211_
+ 	flags |= RTL818X_TX_DESC_FLAG_NO_ENC;
+ 
+ 	flags |= ieee80211_get_tx_rate(dev, info)->hw_value << 24;
+
+	// When this flag is set the firmware waits untill ALL fragments have
+	// reached the USB device. Then it sends the first fragment and waits
+	// for ACKS's. Of course in monitor mode it won't detect these ACK's.
+ 	if (ieee80211_has_morefrags(tx_hdr->frame_control))
+-		flags |= RTL818X_TX_DESC_FLAG_MOREFRAG;
+	{
+		// If info->control.vif is NULL it's most likely in monitor mode
+		if (likely(info->control.vif != NULL && info->control.vif->type != NL80211_IFTYPE_MONITOR)) {
+			flags |= RTL818X_TX_DESC_FLAG_MOREFRAG;
+		}
+	}
+ 
+ 	/* HW will perform RTS-CTS when only RTS flags is set.
+ 	 * HW will perform CTS-to-self when both RTS and CTS flags are set.
--- a/sys-kernel/minipli-sources/minipli-sources-4.9.54.ebuild
+++ b/sys-kernel/minipli-sources/minipli-sources-4.9.54.ebuild
@ -0,0 +1,52 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+ETYPE="sources"
+K_WANT_GENPATCHES="base"
+K_GENPATCHES_VER="56"
+#K_DEBLOB_AVAILABLE="1"
+
+inherit kernel-2
+detect_version
+
+HGPV="20171009084953"
+HGPV_URI="https://github.com/minipli/linux-unofficial_grsec/releases/download/v${PV}-unofficial_grsec/v${PV}-unofficial_grsec-${HGPV}.diff"
+
+SRC_URI="${KERNEL_URI} ${HGPV_URI} ${GENPATCHES_URI} ${ARCH_URI}"
+
+UNIPATCH_LIST="${DISTDIR}/v${PV}-unofficial_grsec-${HGPV}.diff"
+UNIPATCH_EXCLUDE="
+	1500_XATTR_USER_PREFIX.patch
+	1520_CVE-2017-6074-dccp-skb-freeing-fix.patch
+	2900_dev-root-proc-mount-fix.patch"
+
+DESCRIPTION="Unofficial forward ports of the last publicly available grsecurity patch (kernel series ${KV_MAJOR}.${KV_MINOR})"
+HOMEPAGE="https://github.com/minipli/linux-unofficial_grsec"
+IUSE="deblob injection"
+
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+
+RDEPEND=">=sys-devel/gcc-4.5"
+
+src_prepare(){
+	#apply hardened-adapted patch
+	#section: b/net/mac80211/cfg.c
+	use injection && epatch "${FILESDIR}/grsec-wifi-injection-4.9.patch"
+}
+
+pkg_postinst() {
+	kernel-2_pkg_postinst
+
+	local GRADM_COMPAT="sys-apps/gradm-3.1*"
+
+	ewarn
+	ewarn "Users of grsecurity's RBAC system must ensure they are using"
+	ewarn "${GRADM_COMPAT}, which is compatible with ${PF}."
+	ewarn "It is strongly recommended that the following command is issued"
+	ewarn "prior to booting a ${PF} kernel for the first time:"
+	ewarn
+	ewarn "emerge -na =${GRADM_COMPAT}"
+	ewarn
+}