Import Debian changes 4.16.12-1parrot12

linux (4.16.12-1parrot12) testing; urgency=medium * Import new Debian release. * Import Parrot configs and patches.

Import Debian changes 4.16.12-1parrot12
linux (4.16.12-1parrot12) testing; urgency=medium * Import new Debian release. * Import Parrot configs and patches.
7069ef75 · Lorenzo "Palinuro" Faletra · 3c5af882 · 7069ef75 · 7069ef75 · 7069ef75
Commit 7069ef75 authored May 28, 2018 by Lorenzo "Palinuro" Faletra
--- a/debian/changelog
+++ b/debian/changelog
--- a/debian/config/config
+++ b/debian/config/config
@@ -5978,8 +5978,8 @@ CONFIG_MODULE_SIG_SHA256=y
 ##
 ## choice: Timer frequency
 # CONFIG_HZ_100 is not set
-CONFIG_HZ_250=y
-# CONFIG_HZ_300 is not set
+CONFIG_HZ_300=y
+# CONFIG_HZ_250 is not set
 # CONFIG_HZ_1000 is not set
 ## end choice


--- a/debian/config/defines
+++ b/debian/config/defines
 [abi]
-abiname: 2
+abiname: parrot12
 ignore-changes:
 __cpuhp_*
 __xive_vm_h_*

--- a/debian/patches/debian/wireless-disable-regulatory.db-direct-loading.patch
+++ b/debian/patches/debian/wireless-disable-regulatory.db-direct-loading.patch
@@ -9,8 +9,10 @@ This is expected until we generate a signing key and update
 wireless-regdb to be signed with it.

 ---
--- a/net/wireless/reg.c
-+++ b/net/wireless/reg.c
+Index: linux-4.16.12/net/wireless/reg.c
+===================================================================
+--- linux-4.16.12.orig/net/wireless/reg.c
+++ linux-4.16.12/net/wireless/reg.c
 @@ -475,6 +475,7 @@ static void reg_regdb_apply(struct work_
 
 static DECLARE_WORK(reg_regdb_work, reg_regdb_apply);

--- a/debian/patches/debian/wireless-disable-regulatory.db-direct-loading.patch~
+++ b/debian/patches/debian/wireless-disable-regulatory.db-direct-loading.patch~
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Thu, 05 Apr 2018 18:13:52 +0200
+Subject: wireless: Disable regulatory.db direct loading
+Forwarded: not-needed
+Bug-Debian: https://bugs.debian.org/892229
+
+Don't complain about being unable to load regulatory.db directly.
+This is expected until we generate a signing key and update
+wireless-regdb to be signed with it.
+
+---
+--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
+@@ -475,6 +475,7 @@ static void reg_regdb_apply(struct work_
+ 
+ static DECLARE_WORK(reg_regdb_work, reg_regdb_apply);
+ 
+#if 0
+ static int reg_schedule_apply(const struct ieee80211_regdomain *regdom)
+ {
+ 	struct reg_regdb_apply_request *request;
+@@ -494,6 +495,7 @@ static int reg_schedule_apply(const stru
+ 	schedule_work(&reg_regdb_work);
+ 	return 0;
+ }
+#endif
+ 
+ #ifdef CONFIG_CFG80211_CRDA_SUPPORT
+ /* Max number of consecutive attempts to communicate with CRDA  */
+@@ -573,6 +575,29 @@ static inline int call_crda(const char *
+ /* code to directly load a firmware database through request_firmware */
+ static const struct fwdb_header *regdb;
+ 
+#if 1
+
+static int load_builtin_regdb_keys(void)
+{
+	return 0;
+}
+
+static void free_regdb_keyring(void)
+{
+}
+
+static int query_regdb_file(const char *alpha2)
+{
+	return -ENOENT;
+}
+
+int reg_reload_regdb(void)
+{
+	return -ENOENT;
+}
+
+#else /* disabled until we update wireless-regdb */
+
+ struct fwdb_country {
+ 	u8 alpha2[2];
+ 	__be16 coll_ptr;
+@@ -963,6 +988,8 @@ int reg_reload_regdb(void)
+ 	return err;
+ }
+ 
+#endif
+
+ static bool reg_query_database(struct regulatory_request *request)
+ {
+ 	if (query_regdb_file(request->alpha2) == 0)
--- a/debian/patches/features/all/wifi-injection.patch
+++ b/debian/patches/features/all/wifi-injection.patch
+--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
+@@ -580,7 +580,8 @@ static int ieee80211_set_monitor_channel
+ 			ret = ieee80211_vif_use_channel(sdata, chandef,
+ 					IEEE80211_CHANCTX_EXCLUSIVE);
+ 		}
+-	} else if (local->open_count == local->monitors) {
+       // Patch: Always allow channel change, even if a normal virtual interface is present
+       } else /*if (local->open_count == local->monitors)*/ {
+ 		local->_oper_chandef = *chandef;
+ 		ieee80211_hw_config(local, 0);
+ 	}
+--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
+@@ -795,11 +795,19 @@ ieee80211_tx_h_sequence(struct ieee80211
+ 
+ 	/*
+ 	 * Packet injection may want to control the sequence
+-	 * number, if we have no matching interface then we
+-	 * neither assign one ourselves nor ask the driver to.
+	 * number, so if an injected packet is found, skip
+	 * renumbering it. Also make the packet NO_ACK to avoid
+	 * excessive retries (ACKing and retrying should be
+	 * handled by the injecting application).
+	 * FIXME This may break hostapd and some other injectors.
+	 * This should be done using a radiotap flag.
+ 	 */
+-	if (unlikely(info->control.vif->type == NL80211_IFTYPE_MONITOR))
+	if (unlikely((info->flags & IEEE80211_TX_CTL_INJECTED) &&
+	   !(tx->sdata->u.mntr.flags & MONITOR_FLAG_COOK_FRAMES))) {
+		if (!ieee80211_has_morefrags(hdr->frame_control))
+			info->flags |= IEEE80211_TX_CTL_NO_ACK;
+ 		return TX_CONTINUE;
+	}
+ 
+ 	if (unlikely(ieee80211_is_ctl(hdr->frame_control)))
+ 		return TX_CONTINUE;
+@@ -1659,7 +1667,10 @@ void ieee80211_xmit(struct ieee80211_sub
+ 		}
+ 	}
+ 
+-	ieee80211_set_qos_hdr(sdata, skb);
+        // Don't overwrite QoS header in monitor mode
+        if (likely(info->control.vif->type != NL80211_IFTYPE_MONITOR)) {
+            ieee80211_set_qos_hdr(sdata, skb);
+        }
+ 	ieee80211_tx(sdata, sta, skb, false);
+ }
+ 
+--- a/net/wireless/chan.c
+++ b/net/wireless/chan.c
+@@ -857,8 +857,10 @@ int cfg80211_set_monitor_channel(struct
+ {
+ 	if (!rdev->ops->set_monitor_channel)
+ 		return -EOPNOTSUPP;
+-	if (!cfg80211_has_monitors_only(rdev))
+-		return -EBUSY;
+	// Always allow user to change channel, even if there is another normal
+	// virtual interface using the device.
+	//if (!cfg80211_has_monitors_only(rdev))
+	//	return -EBUSY;
+ 
+ 	return rdev_set_monitor_channel(rdev, chandef);
+ }
+--- a/drivers/net/wireless/zydas/zd1211rw/zd_mac.c
+++ b/drivers/net/wireless/zydas/zd1211rw/zd_mac.c
+@@ -242,14 +242,19 @@ void zd_mac_clear(struct zd_mac *mac)
+ static int set_rx_filter(struct zd_mac *mac)
+ {
+ 	unsigned long flags;
+-	u32 filter = STA_RX_FILTER;
+	struct zd_ioreq32 ioreqs[] = {
+		{CR_RX_FILTER, STA_RX_FILTER},
+		{ CR_SNIFFER_ON, 0U },
+	};
+ 
+ 	spin_lock_irqsave(&mac->lock, flags);
+-	if (mac->pass_ctrl)
+-		filter |= RX_FILTER_CTRL;
+	if (mac->pass_ctrl) {
+		ioreqs[0].value |= 0xFFFFFFFF;
+		ioreqs[1].value = 0x1;
+	}
+ 	spin_unlock_irqrestore(&mac->lock, flags);
+ 
+-	return zd_iowrite32(&mac->chip, CR_RX_FILTER, filter);
+	return zd_iowrite32a(&mac->chip, ioreqs, ARRAY_SIZE(ioreqs));
+ }
+ 
+ static int set_mac_and_bssid(struct zd_mac *mac)
+@@ -1057,7 +1062,8 @@ int zd_mac_rx(struct ieee80211_hw *hw, c
+ 	/* Caller has to ensure that length >= sizeof(struct rx_status). */
+ 	status = (struct rx_status *)
+ 		(buffer + (length - sizeof(struct rx_status)));
+-	if (status->frame_status & ZD_RX_ERROR) {
+	if ((status->frame_status & ZD_RX_ERROR) || 
+		(status->frame_status & ~0x21)) {
+ 		if (mac->pass_failed_fcs &&
+ 				(status->frame_status & ZD_RX_CRC32_ERROR)) {
+ 			stats.flag |= RX_FLAG_FAILED_FCS_CRC;
+@@ -1400,7 +1406,7 @@ struct ieee80211_hw *zd_mac_alloc_hw(str
+ 	ieee80211_hw_set(hw, MFP_CAPABLE);
+ 	ieee80211_hw_set(hw, HOST_BROADCAST_PS_BUFFERING);
+ 	ieee80211_hw_set(hw, RX_INCLUDES_FCS);
+-	ieee80211_hw_set(hw, SIGNAL_UNSPEC);
+	ieee80211_hw_set(hw, SIGNAL_DBM);
+ 
+ 	hw->wiphy->interface_modes =
+ 		BIT(NL80211_IFTYPE_MESH_POINT) |
+--- a/drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c
+++ b/drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c
+@@ -251,8 +251,17 @@ static void rtl8187_tx(struct ieee80211_
+ 	flags |= RTL818X_TX_DESC_FLAG_NO_ENC;
+ 
+ 	flags |= ieee80211_get_tx_rate(dev, info)->hw_value << 24;
+
+	// When this flag is set the firmware waits untill ALL fragments have
+	// reached the USB device. Then it sends the first fragment and waits
+	// for ACKS's. Of course in monitor mode it won't detect these ACK's.
+ 	if (ieee80211_has_morefrags(tx_hdr->frame_control))
+-		flags |= RTL818X_TX_DESC_FLAG_MOREFRAG;
+	{
+		// If info->control.vif is NULL it's most likely in monitor mode
+		if (likely(info->control.vif != NULL && info->control.vif->type != NL80211_IFTYPE_MONITOR)) {
+			flags |= RTL818X_TX_DESC_FLAG_MOREFRAG;
+		}
+	}
+ 
+ 	/* HW will perform RTS-CTS when only RTS flags is set.
+ 	 * HW will perform CTS-to-self when both RTS and CTS flags are set.
--- a/debian/patches/features/all/wireless-carl9170-Enable-sniffer-mode-promisc-flag-t.patch
+++ b/debian/patches/features/all/wireless-carl9170-Enable-sniffer-mode-promisc-flag-t.patch
+From c46a994dd78befbe94e66771db41c18351be2aae Mon Sep 17 00:00:00 2001
+From: Steve deRosier <derosier@cal-sierra.com>
+Date: Fri, 29 Sep 2017 10:48:19 -0700
+Subject: [PATCH] wireless: carl9170: Enable sniffer mode promisc flag to fix
+ injection
+
+The removal of the AR9170_MAC_SNIFFER_ENABLE_PROMISC flag to fix an issue
+many years ago caused the AR9170 to not be able to pass probe response
+packets with different MAC addresses back up to the driver. In general
+operation, this doesn't matter, but in the case of packet injection with
+aireplay-ng it is important. aireplay-ng specifically injects packets with
+spoofed MAC addresses on the probe requests and looks for probe responses
+back to those addresses. No other combination of filter flags seem to fix
+this issue and so AR9170_MAC_SNIFFER_ENABLE is required to get these packets.
+
+This was originally caused by commit e0509d3bdd7365d06c9bf570bf9f11 which
+removed this flag in order to avoid spurious ack noise from the hardware.
+In testing for this issue, keeping this flag but not restoring the
+AR9170_MAC_RX_CTRL_ACK_IN_SNIFFER flag on the rc_ctrl seems to solve this
+issue, at least with the most current firmware v1.9.9.
+
+Signed-off-by: Steve deRosier <derosier@cal-sierra.com>
+---
+ drivers/net/wireless/ath/carl9170/mac.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/drivers/net/wireless/ath/carl9170/mac.c b/drivers/net/wireless/ath/carl9170/mac.c
+index 7d4a72dc98db..c617e883f47a 100644
+--- a/drivers/net/wireless/ath/carl9170/mac.c
+++ b/drivers/net/wireless/ath/carl9170/mac.c
+@@ -309,6 +309,7 @@ int carl9170_set_operating_mode(struct ar9170 *ar)
+ 	u32 rx_ctrl = AR9170_MAC_RX_CTRL_DEAGG |
+ 		      AR9170_MAC_RX_CTRL_SHORT_FILTER;
+ 	u32 sniffer = AR9170_MAC_SNIFFER_DEFAULTS;
+	u32 mac_ftf = AR9170_MAC_FTF_DEFAULTS;
+ 	int err = 0;
+ 
+ 	rcu_read_lock();
+@@ -373,6 +374,9 @@ int carl9170_set_operating_mode(struct ar9170 *ar)
+ 
+ 	if (ar->sniffer_enabled) {
+ 		enc_mode |= AR9170_MAC_ENCRYPTION_RX_SOFTWARE;
+		mac_ftf = AR9170_MAC_FTF_MONITOR;
+		sniffer |= AR9170_MAC_SNIFFER_ENABLE_PROMISC;
+		mac_addr = NULL;
+ 	}
+ 
+ 	err = carl9170_set_mac_reg(ar, AR9170_MAC_REG_MAC_ADDR_L, mac_addr);
+@@ -384,6 +388,7 @@ int carl9170_set_operating_mode(struct ar9170 *ar)
+ 		return err;
+ 
+ 	carl9170_regwrite_begin(ar);
+	carl9170_regwrite(AR9170_MAC_REG_FRAMETYPE_FILTER, mac_ftf);
+ 	carl9170_regwrite(AR9170_MAC_REG_SNIFFER, sniffer);
+ 	carl9170_regwrite(AR9170_MAC_REG_CAM_MODE, cam_mode);
+ 	carl9170_regwrite(AR9170_MAC_REG_ENCRYPTION, enc_mode);
+-- 
+2.14.1
+
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -29,6 +29,10 @@ features/all/aufs4/aufs4-base.patch
 features/all/aufs4/aufs4-mmap.patch
 features/all/aufs4/aufs4-standalone.patch

+# Parrot changes
+features/all/wifi-injection.patch
+features/all/wireless-carl9170-Enable-sniffer-mode-promisc-flag-t.patch
+
 # Change some defaults for security reasons
 debian/af_802154-Disable-auto-loading-as-mitigation-against.patch
 debian/rds-Disable-auto-loading-as-mitigation-against-local.patch

--- a/debian/templates/control.source.in
+++ b/debian/templates/control.source.in
 Section: kernel
 Priority: optional
-Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
-Uploaders: Bastian Blank <waldi@debian.org>, maximilian attems <maks@debian.org>, Ben Hutchings <ben@decadent.org.uk>, Salvatore Bonaccorso <carnil@debian.org>
+Maintainer: Parrot Dev Team <team@parrotsec.org>
+Uploaders: Lorenzo "Palinuro" Faletra <palinuro@parrotsec.org>
 Standards-Version: 4.1.1
 Build-Depends:
 debhelper (>= 10.1~), dh-exec,