Some applications (like the civetweb web server) still use functions
that are deprecated by openssl. If OPENSSL_NO_DEPRECATED is defined,
openssl will not provide these functions. This patch removes the define
so that the functions are available.
Using panic() with interrupts disabled could lead to an additional error
(INTERNAL_ERROR_BAD_THREAD_DISPATCH_ENVIRONMENT) due to a potentially
blocking output.
In case no "dr_mode" property is present in the device tree, then
default to USB host mode. This is necessary to support the Cyclone V
SoC Development Kit.
The issue is this:
static int dpaa_eth_macless_probe(struct platform_device *_of_dev)
{
[...]
INIT_LIST_HEAD(&priv->dpa_fq_list);
err = dpa_fq_probe_macless(dev, &priv->dpa_fq_list, RX);
if (!err)
err = dpa_fq_probe_macless(dev, &priv->dpa_fq_list,
TX);
if (err < 0)
goto fq_probe_failed;
[...]
/* Add the FQs to the interface, and make them active */
/* For MAC-less devices we only get here for RX frame queues
* initialization, which are the TX queues of the other
* partition.
* It is safe to rely on one partition to set the FQ taildrop
* threshold for the TX queues of the other partition
* because the ERN notifications will be received by the
* partition doing qman_enqueue.
*/
err = dpa_fqs_init(dev, &priv->dpa_fq_list, true);
if (err < 0)
goto fq_alloc_failed;
[...]
The priv->dpa_fq_list contains a list of FQ_TYPE_RX_PCD and FQ_TYPE_TX
items. I don't understand what the "For MAC-less devices we only get
here for RX frame queues initialization" means in this context. The
td_enable == true in dpa_fqs_init(). So, we have:
int dpa_fq_init(struct dpa_fq *dpa_fq, bool td_enable)
{
[...]
if (dpa_fq->fq_type == FQ_TYPE_TX ||
dpa_fq->fq_type == FQ_TYPE_TX_CONFIRM ||
dpa_fq->fq_type == FQ_TYPE_TX_CONF_MQ) {
[...]
initfq.we_mask |= QM_INITFQ_WE_OAC;
[...]
}
if (td_enable) {
initfq.we_mask |= QM_INITFQ_WE_TDTHRESH;
qm_fqd_taildrop_set(&initfq.fqd.td,
DPA_FQ_TD, 1);
initfq.fqd.fq_ctrl = QM_FQCTRL_TDE;
}
The td_enable == true && dpa_fq->fq_type == FQ_TYPE_TX causes later:
int qman_init_fq(struct qman_fq *fq, u32 flags, struct qm_mcc_initfq *opts)
{
[...]
if (opts && (opts->we_mask & QM_INITFQ_WE_OAC)) {
/* And can't be set at the same time as TDTHRESH */
if (opts->we_mask & QM_INITFQ_WE_TDTHRESH)
return -EINVAL;
}
This aborts the initialization of the MAC-less driver. I don't
understand why this path doesn't happen on the SDK Linux system.
Update #3277.
hostapd: Avoid key reinstallation in FT handshake
Prevent reinstallation of an already in-use group key
Extend protection of GTK/IGTK reinstallation of WNM-Sleep Mode cases
Fix TK configuration to the driver in EAPOL-Key 3/4 retry case
Prevent installation of an all-zero TK
Fix PTK rekeying to generate a new ANonce
TDLS: Reject TPK-TK reconfiguration
WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use
WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used
WNM: Ignore WNM-Sleep Mode Response without pending request
FT: Do not allow multiple Reassociation Response frames
TDLS: Ignore incoming TDLS Setup Response retries
Submitted by: jhb
Obtained from: https://w1.fi/security/2017-01/ (against later version)
Security: FreeBSD-SA-17:07
Security: CERT VU#228519
Security: CVE-2017-13077
Security: CVE-2017-13078
Security: CVE-2017-13079
Security: CVE-2017-13080
Security: CVE-2017-13081
Security: CVE-2017-13082
Security: CVE-2017-13086
Security: CVE-2017-13087
Security: CVE-2017-13088
Differential Revision: https://reviews.freebsd.org/D12693
