hardened-sources: Added wireless injection patch
This commit is contained in:
parent
55509db6e7
commit
40c6ef1e3f
8
sys-kernel/hardened-sources/Manifest
Normal file
8
sys-kernel/hardened-sources/Manifest
Normal file
@ -0,0 +1,8 @@
|
||||
AUX wireless_injection.patch 1049 RMD160 e864ee2e0c70ce344000baa8ee5fca3b23c3305a SHA1 85f7a1b141549b774f5631fba259bc414aeeffb8 SHA256 e04ed9997e1578cc1becd4ef9d9f2f6f606590aa91a56e42835963913e1b0f52
|
||||
DIST deblob-3.2 107602 RMD160 56f1dfe4f0254c802b49ea5220c4f67e56649852 SHA1 83421184d88d02e24de2adbc5debfb03454a7f4b SHA256 5db88405af6d51a77d84354afc3b2bdf673b1a5dcff37bb8db4ccbd12d91db20
|
||||
DIST deblob-check-3.2 423268 RMD160 8cb0c1b4a289db94543396c4445c4c7a35d2ba70 SHA1 01e50f824a577d15749f24643fdd136180342808 SHA256 9e67dd0885aa8ef356dbc15d487c8dea5a54f74c5b03a5d7946b65ee43f12638
|
||||
DIST genpatches-3.2-11.base.tar.bz2 210269 RMD160 634409abf6d2cfdacd7c4c2a7dcebc6acf9b17ea SHA1 64bed713dfb941f699e3c32f419475fb6e10cee3 SHA256 22eb160b9c3bf1fd04f6ab5a5e481ead4054c2a42ce274354b03a34bca1bc341
|
||||
DIST genpatches-3.2-11.extras.tar.bz2 17208 RMD160 8324da51ce71afb0d375f34b0dd05209079bd7a3 SHA1 c2f4e029aebbc0ae82221aa2643de06a2d08cbd8 SHA256 7f60ab18e2965d024b7a36327577bcc771061f2cfac221ed475a6fd6b2ab89c7
|
||||
DIST hardened-patches-3.2.11-1.extras.tar.bz2 504890 RMD160 be00ee149bb33bbeeaf0c9fa67fc1449704cb4ce SHA1 58ff19b7025356eff2395a5513f06df7f5138cbe SHA256 ee4fc083bc137b76f9d017b63497732c7e6985b16eedb1b6fcad1837411e684a
|
||||
DIST linux-3.2.tar.bz2 78147838 RMD160 15eb022305dfc8b0e1d59e396911fa86eb9c3bdf SHA1 3460afa971049aa79b8f914e1bfd619eedd19f55 SHA256 c881fc2b53cf0da7ca4538aa44623a7de043a41f76fd5d0f51a31f6ed699d463
|
||||
EBUILD hardened-sources-3.2.11.ebuild 1937 RMD160 2d4a037b5484c42b5c30472a16074cb886902e26 SHA1 b3f80a4f80e62cbbc9623627d03894ef17c24ba3 SHA256 7ac3467716818da717ce827dd79bc585ff2d1e5213c22afaa59a089968ce60e2
|
27
sys-kernel/hardened-sources/files/wireless_injection.patch
Normal file
27
sys-kernel/hardened-sources/files/wireless_injection.patch
Normal file
@ -0,0 +1,27 @@
|
||||
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
|
||||
index 0855cac..221bed6 100644
|
||||
--- a/net/mac80211/tx.c
|
||||
+++ b/net/mac80211/tx.c
|
||||
@@ -677,11 +677,19 @@ int tid;
|
||||
|
||||
/*
|
||||
* Packet injection may want to control the sequence
|
||||
- * number, if we have no matching interface then we
|
||||
- * neither assign one ourselves nor ask the driver to.
|
||||
+ * number, so if an injected packet is found, skip
|
||||
+ * renumbering it. Also make the packet NO_ACK to avoid
|
||||
+ * excessive retries (ACKing and retrying should be
|
||||
+ * handled by the injecting application).
|
||||
+ * FIXME This may break hostapd and some other injectors.
|
||||
+ * This should be done using a radiotap flag.
|
||||
*/
|
||||
- if (unlikely(info->control.vif->type == NL80211_IFTYPE_MONITOR))
|
||||
+ if (unlikely((info->flags & IEEE80211_TX_CTL_INJECTED) &&
|
||||
+ !(tx->sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES))) {
|
||||
+ if (!ieee80211_has_morefrags(hdr->frame_control))
|
||||
+ info->flags |= IEEE80211_TX_CTL_NO_ACK;
|
||||
return TX_CONTINUE;
|
||||
+ }
|
||||
|
||||
if (unlikely(ieee80211_is_ctl(hdr->frame_control)))
|
||||
return TX_CONTINUE;
|
52
sys-kernel/hardened-sources/hardened-sources-3.2.11.ebuild
Normal file
52
sys-kernel/hardened-sources/hardened-sources-3.2.11.ebuild
Normal file
@ -0,0 +1,52 @@
|
||||
# Copyright 1999-2012 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/sys-kernel/hardened-sources/hardened-sources-3.2.11.ebuild,v 1.2 2012/04/19 22:13:17 blueness Exp $
|
||||
|
||||
EAPI="4"
|
||||
|
||||
ETYPE="sources"
|
||||
K_WANT_GENPATCHES="base extras"
|
||||
K_GENPATCHES_VER="11"
|
||||
K_DEBLOB_AVAILABLE="1"
|
||||
|
||||
inherit kernel-2
|
||||
detect_version
|
||||
|
||||
HGPV="${KV_MAJOR}.${KV_MINOR}.${KV_PATCH}-1"
|
||||
HGPV_URI="http://dev.gentoo.org/~blueness/hardened-sources/hardened-patches/hardened-patches-${HGPV}.extras.tar.bz2"
|
||||
SRC_URI="${KERNEL_URI} ${HGPV_URI} ${GENPATCHES_URI} ${ARCH_URI}"
|
||||
|
||||
UNIPATCH_LIST="${DISTDIR}/hardened-patches-${HGPV}.extras.tar.bz2"
|
||||
UNIPATCH_LIST+=" ${FILESDIR}/wireless_injection.patch"
|
||||
UNIPATCH_EXCLUDE="4200_fbcondecor-0.9.6.patch"
|
||||
! use xtpax && UNIPATCH_EXCLUDE+=" 4425_grsec_enable_xtpax.patch"
|
||||
|
||||
DESCRIPTION="Hardened kernel sources (kernel series ${KV_MAJOR}.${KV_MINOR})"
|
||||
HOMEPAGE="http://www.gentoo.org/proj/en/hardened/"
|
||||
IUSE="deblob -xtpax"
|
||||
|
||||
KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc x86"
|
||||
|
||||
RDEPEND=">=sys-devel/gcc-4.5"
|
||||
|
||||
pkg_postinst() {
|
||||
kernel-2_pkg_postinst
|
||||
|
||||
local GRADM_COMPAT="sys-apps/gradm-2.9"
|
||||
|
||||
ewarn
|
||||
ewarn "Hardened Gentoo provides three different predefined grsecurity level:"
|
||||
ewarn "[server], [workstation], and [virtualization]. Those who intend to"
|
||||
ewarn "use one of these predefined grsecurity levels should read the help"
|
||||
ewarn "associated with the level. Because some options require >=gcc-4.5,"
|
||||
ewarn "users with more, than one version of gcc installed should use gcc-config"
|
||||
ewarn "to select a compatible version."
|
||||
ewarn
|
||||
ewarn "Users of grsecurity's RBAC system must ensure they are using"
|
||||
ewarn "${GRADM_COMPAT}, which is compatible with ${PF}."
|
||||
ewarn "It is strongly recommended that the following command is issued"
|
||||
ewarn "prior to booting a ${PF} kernel for the first time:"
|
||||
ewarn
|
||||
ewarn "emerge -na =${GRADM_COMPAT}*"
|
||||
ewarn
|
||||
}
|
Loading…
Reference in New Issue
Block a user