mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
Update CVE patchers for ranged versions, patching 1 CVE
This commit is contained in:
parent
7c31506e56
commit
79daadb5ef
78
Patches/Linux_CVEs/CVE-2017-13080/ANY/0.patch
Normal file
78
Patches/Linux_CVEs/CVE-2017-13080/ANY/0.patch
Normal file
@ -0,0 +1,78 @@
|
||||
From 6bd7e74005e90ef79402a9c94e1044f845aa49f1 Mon Sep 17 00:00:00 2001
|
||||
From: Johannes Berg <johannes.berg@intel.com>
|
||||
Date: Tue, 5 Sep 2017 14:54:54 +0200
|
||||
Subject: [PATCH] mac80211: accept key reinstall without changing anything
|
||||
|
||||
When a key is reinstalled we can reset the replay counters
|
||||
etc. which can lead to nonce reuse and/or replay detection
|
||||
being impossible, breaking security properties, as described
|
||||
in the "KRACK attacks".
|
||||
|
||||
In particular, CVE-2017-13080 applies to GTK rekeying that
|
||||
happened in firmware while the host is in D3, with the second
|
||||
part of the attack being done after the host wakes up. In
|
||||
this case, the wpa_supplicant mitigation isn't sufficient
|
||||
since wpa_supplicant doesn't know the GTK material.
|
||||
|
||||
In case this happens, simply silently accept the new key
|
||||
coming from userspace but don't take any action on it since
|
||||
it's the same key; this keeps the PN replay counters intact.
|
||||
|
||||
Change-Id: If973789c12d2afcd9192f796e27bc9598c5dd1c0
|
||||
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
||||
---
|
||||
net/mac80211/key.c | 20 +++++++++++++++++---
|
||||
1 file changed, 17 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/net/mac80211/key.c b/net/mac80211/key.c
|
||||
index 5bb600d93d7..cebe30315d9 100644
|
||||
--- a/net/mac80211/key.c
|
||||
+++ b/net/mac80211/key.c
|
||||
@@ -3,6 +3,7 @@
|
||||
* Copyright 2005-2006, Devicescape Software, Inc.
|
||||
* Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
|
||||
* Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
|
||||
+ * Copyright 2015-2017 Intel Deutschland GmbH
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
@@ -452,9 +453,6 @@ int ieee80211_key_link(struct ieee80211_key *key,
|
||||
|
||||
pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
|
||||
idx = key->conf.keyidx;
|
||||
- key->local = sdata->local;
|
||||
- key->sdata = sdata;
|
||||
- key->sta = sta;
|
||||
|
||||
if (sta) {
|
||||
/*
|
||||
@@ -491,6 +489,21 @@ int ieee80211_key_link(struct ieee80211_key *key,
|
||||
else
|
||||
old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
|
||||
|
||||
+ /*
|
||||
+ * Silently accept key re-installation without really installing the
|
||||
+ * new version of the key to avoid nonce reuse or replay issues.
|
||||
+ */
|
||||
+ if (old_key && key->conf.keylen == old_key->conf.keylen &&
|
||||
+ !memcmp(key->conf.key, old_key->conf.key, key->conf.keylen)) {
|
||||
+ ieee80211_key_free_unused(key);
|
||||
+ ret = 0;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ key->local = sdata->local;
|
||||
+ key->sdata = sdata;
|
||||
+ key->sta = sta;
|
||||
+
|
||||
increment_tailroom_need_count(sdata);
|
||||
|
||||
__ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
|
||||
@@ -500,6 +513,7 @@ int ieee80211_key_link(struct ieee80211_key *key,
|
||||
|
||||
ret = ieee80211_key_enable_hw_accel(key);
|
||||
|
||||
+ out:
|
||||
mutex_unlock(&sdata->local->key_mtx);
|
||||
|
||||
return ret;
|
@ -3,8 +3,9 @@ cd $base"kernel/amazon/hdx-common"
|
||||
git apply $cvePatches/CVE-2012-6704/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-1739/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-4656/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-7822/3.2-^3.16/0.patch
|
||||
git apply $cvePatches/CVE-2014-8709/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-9420/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-9420/3.2-^3.18/1.patch
|
||||
git apply $cvePatches/CVE-2014-9781/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-9876/3.4/1.patch
|
||||
git apply $cvePatches/CVE-2014-9880/ANY/0.patch
|
||||
|
@ -2,7 +2,7 @@
|
||||
cd $base"kernel/google/marlin"
|
||||
git apply $cvePatches/CVE-2014-9900/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-2041/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-7515/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-7515/^4.4/0.patch
|
||||
git apply $cvePatches/CVE-2015-8966/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-10088/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-10153/ANY/0.patch
|
||||
|
@ -3,7 +3,7 @@ cd $base"kernel/htc/flounder"
|
||||
git apply $cvePatches/CVE-2014-9892/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-9900/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-4177/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-7515/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-7515/^4.4/0.patch
|
||||
git apply $cvePatches/CVE-2015-8944/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-2475/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-8453/ANY/0.patch
|
||||
|
@ -0,0 +1,61 @@
|
||||
#!/bin/bash
|
||||
cd $base"kernel/huawei/angler"
|
||||
git apply $cvePatches/CVE-2014-8160/^3.18/0.patch
|
||||
git apply $cvePatches/CVE-2014-8173/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-9781/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-2041/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-4170/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-4177/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-7515/^4.4/0.patch
|
||||
git apply $cvePatches/CVE-2015-7550/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-0805/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-10231/ANY/1.patch
|
||||
git apply $cvePatches/CVE-2016-10233/3.10/1.patch
|
||||
git apply $cvePatches/CVE-2016-2063/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-2185/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-2186/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-2187/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-2384/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-2475/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-2544/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-2545/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-2547/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-2549/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-3070/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-3134/3.10/0.patch
|
||||
git apply $cvePatches/CVE-2016-3136/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-3137/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-3138/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-3140/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-3672/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-3689/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-3857/3.10/0.patch
|
||||
git apply $cvePatches/CVE-2016-5342/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-5345/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-5859/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-5867/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-5870/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-6672/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-8404/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-9604/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2017-0436/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2017-0510/3.10/0.patch
|
||||
git apply $cvePatches/CVE-2017-0516/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2017-0523/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2017-0537/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2017-0648/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2017-1000365/3.10/0.patch
|
||||
git apply $cvePatches/CVE-2017-15265/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2017-2618/3.10/0.patch
|
||||
git apply $cvePatches/CVE-2017-2671/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2017-5669/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2017-5967/3.10/1.patch
|
||||
git apply $cvePatches/CVE-2017-6345/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2017-6348/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2017-6951/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2017-7472/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2017-7487/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2017-8280/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2017-9242/ANY/0.patch
|
||||
git apply $cvePatches/LVT-2017-0003/3.10/0.patch
|
||||
cd $base
|
@ -1,12 +1,12 @@
|
||||
#!/bin/bash
|
||||
cd $base"kernel/lge/bullhead"
|
||||
git apply $cvePatches/CVE-2014-8160/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-8160/^3.18/0.patch
|
||||
git apply $cvePatches/CVE-2014-8173/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-9781/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-2041/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-4170/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-4177/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-7515/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-7515/^4.4/0.patch
|
||||
git apply $cvePatches/CVE-2015-7550/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-0805/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-10231/ANY/1.patch
|
||||
|
@ -1,16 +1,16 @@
|
||||
#!/bin/bash
|
||||
cd $base"kernel/moto/shamu"
|
||||
git apply $cvePatches/CVE-2014-8160/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-8160/^3.18/0.patch
|
||||
git apply $cvePatches/CVE-2014-8173/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-9420/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-9683/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-9420/3.2-^3.18/1.patch
|
||||
git apply $cvePatches/CVE-2014-9683/3.2-^3.18/1.patch
|
||||
git apply $cvePatches/CVE-2014-9715/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-9781/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-1593/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-2041/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-4170/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-4177/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-7515/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-7515/^4.4/0.patch
|
||||
git apply $cvePatches/CVE-2015-7550/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-8967/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-0758/ANY/0.patch
|
||||
|
@ -1,9 +1,9 @@
|
||||
#!/bin/bash
|
||||
cd $base"kernel/motorola/msm8916"
|
||||
git apply $cvePatches/CVE-2014-9420/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-9420/3.2-^3.18/1.patch
|
||||
git apply $cvePatches/CVE-2014-9781/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-1593/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-7515/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2015-7515/^4.4/0.patch
|
||||
git apply $cvePatches/CVE-2015-8967/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2016-10231/ANY/1.patch
|
||||
git apply $cvePatches/CVE-2016-10233/3.10/1.patch
|
||||
|
@ -2,7 +2,7 @@
|
||||
cd $base"kernel/samsung/smdk4412"
|
||||
git apply $cvePatches/CVE-2014-1739/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-4656/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-9420/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-9420/^3.18/0.patch
|
||||
git apply $cvePatches/CVE-2014-9781/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-9870/ANY/0.patch
|
||||
git apply $cvePatches/CVE-2014-9900/ANY/0.patch
|
||||
|
Loading…
Reference in New Issue
Block a user