Merge branch 'master' into next

2026-04-09 18:45:54 +02:00 · 2021-02-16 17:37:26 +00:00
parent 9572ae7b1d 9aa6f9a89f
commit 5459c8a4b7
16 changed files with 51 additions and 46 deletions
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -889,6 +889,7 @@ WARNING: untranslated string: smb daemon = SMB Daemon
 WARNING: untranslated string: user management = User Management
 WARNING: untranslated string: winbind daemon = Winbind Daemon
 WARNING: untranslated string: wlan client encryption wpa3 = WPA3
+WARNING: untranslated string: wlan client management frame protection = Management Frame Protection
 WARNING: untranslated string: wlanap 802.11w disabled = Disabled
 WARNING: untranslated string: wlanap 802.11w enforced = Enforced
 WARNING: untranslated string: wlanap 802.11w optional = Optional
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -2132,6 +2132,7 @@ WARNING: untranslated string: wlan client group cipher = Group cipher
 WARNING: untranslated string: wlan client group key algorithm = GKA
 WARNING: untranslated string: wlan client identity = Identity
 WARNING: untranslated string: wlan client invalid key length = Invalid key length.
+WARNING: untranslated string: wlan client management frame protection = Management Frame Protection
 WARNING: untranslated string: wlan client method = Method
 WARNING: untranslated string: wlan client new entry = Create new wireless client configuration
 WARNING: untranslated string: wlan client new network = New network
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1509,6 +1509,7 @@ WARNING: untranslated string: wlan client group cipher = Group cipher
 WARNING: untranslated string: wlan client group key algorithm = GKA
 WARNING: untranslated string: wlan client identity = Identity
 WARNING: untranslated string: wlan client invalid key length = Invalid key length.
+WARNING: untranslated string: wlan client management frame protection = Management Frame Protection
 WARNING: untranslated string: wlan client method = Method
 WARNING: untranslated string: wlan client new entry = Create new wireless client configuration
 WARNING: untranslated string: wlan client new network = New network
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -919,3 +919,4 @@ WARNING: untranslated string: routing config changed = unknown string
 WARNING: untranslated string: token = Token:
 WARNING: untranslated string: token not set = No Token has been given.
 WARNING: untranslated string: wlan client encryption wpa3 = WPA3
+WARNING: untranslated string: wlan client management frame protection = Management Frame Protection
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -1197,6 +1197,7 @@ WARNING: untranslated string: wlan client eap state = EAP Status
 WARNING: untranslated string: wlan client encryption eap = EAP
 WARNING: untranslated string: wlan client encryption wpa3 = WPA3
 WARNING: untranslated string: wlan client identity = Identity
+WARNING: untranslated string: wlan client management frame protection = Management Frame Protection
 WARNING: untranslated string: wlan client method = Method
 WARNING: untranslated string: wlan client password = Password
 WARNING: untranslated string: wlan client tls cipher = TLS Cipher
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -1237,6 +1237,7 @@ WARNING: untranslated string: wlan client eap state = EAP Status
 WARNING: untranslated string: wlan client encryption eap = EAP
 WARNING: untranslated string: wlan client encryption wpa3 = WPA3
 WARNING: untranslated string: wlan client identity = Identity
+WARNING: untranslated string: wlan client management frame protection = Management Frame Protection
 WARNING: untranslated string: wlan client method = Method
 WARNING: untranslated string: wlan client password = Password
 WARNING: untranslated string: wlan client tls cipher = TLS Cipher
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1509,6 +1509,7 @@ WARNING: untranslated string: wlan client group cipher = Group cipher
 WARNING: untranslated string: wlan client group key algorithm = GKA
 WARNING: untranslated string: wlan client identity = Identity
 WARNING: untranslated string: wlan client invalid key length = Invalid key length.
+WARNING: untranslated string: wlan client management frame protection = Management Frame Protection
 WARNING: untranslated string: wlan client method = Method
 WARNING: untranslated string: wlan client new entry = Create new wireless client configuration
 WARNING: untranslated string: wlan client new network = New network
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1502,6 +1502,7 @@ WARNING: untranslated string: wlan client group cipher = Group cipher
 WARNING: untranslated string: wlan client group key algorithm = GKA
 WARNING: untranslated string: wlan client identity = Identity
 WARNING: untranslated string: wlan client invalid key length = Invalid key length.
+WARNING: untranslated string: wlan client management frame protection = Management Frame Protection
 WARNING: untranslated string: wlan client method = Method
 WARNING: untranslated string: wlan client new entry = Create new wireless client configuration
 WARNING: untranslated string: wlan client new network = New network
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -1067,6 +1067,7 @@ WARNING: untranslated string: vulnerable = Vulnerable
 WARNING: untranslated string: whois results from = WHOIS results from
 WARNING: untranslated string: winbind daemon = Winbind Daemon
 WARNING: untranslated string: wlan client encryption wpa3 = WPA3
+WARNING: untranslated string: wlan client management frame protection = Management Frame Protection
 WARNING: untranslated string: wlanap 802.11w disabled = Disabled
 WARNING: untranslated string: wlanap 802.11w enforced = Enforced
 WARNING: untranslated string: wlanap 802.11w optional = Optional
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -65,6 +65,7 @@
 < wlanap 802.11w enforced
 < wlanap 802.11w optional
 < wlan client encryption wpa3
+< wlan client management frame protection
 ############################################################################
 # Checking cgi-bin translations for language: es                           #
 ############################################################################
@@ -927,6 +928,7 @@
 < wlan client group key algorithm
 < wlan client identity
 < wlan client invalid key length
+< wlan client management frame protection
 < wlan client method
 < wlan client new entry
 < wlan client new network
@@ -974,6 +976,7 @@
 < token not set
 < upload fcdsl.o
 < wlan client encryption wpa3
+< wlan client management frame protection
 ############################################################################
 # Checking cgi-bin translations for language: it                           #
 ############################################################################
@@ -1339,6 +1342,7 @@
 < wlan client encryption eap
 < wlan client encryption wpa3
 < wlan client identity
+< wlan client management frame protection
 < wlan client method
 < wlan client password
 < wlan client tls cipher
@@ -1777,6 +1781,7 @@
 < wlan client encryption eap
 < wlan client encryption wpa3
 < wlan client identity
+< wlan client management frame protection
 < wlan client method
 < wlan client password
 < wlan client tls cipher
@@ -2643,6 +2648,7 @@
 < wlan client group key algorithm
 < wlan client identity
 < wlan client invalid key length
+< wlan client management frame protection
 < wlan client method
 < wlan client new entry
 < wlan client new network
@@ -3529,6 +3535,7 @@
 < wlan client group key algorithm
 < wlan client identity
 < wlan client invalid key length
+< wlan client management frame protection
 < wlan client method
 < wlan client new entry
 < wlan client new network
@@ -3738,6 +3745,7 @@
 < wlanap neighbor scan warning
 < wlanap ssid
 < wlan client encryption wpa3
+< wlan client management frame protection
 < working
 < zoneconf access native
 < zoneconf access none
--- a/html/cgi-bin/dhcp.cgi
+++ b/html/cgi-bin/dhcp.cgi
@@ -180,12 +180,12 @@ if ($dhcpsettings{'ACTION'} eq $Lang::tr{'save'}) {
 		if (($dhcpsettings{"START_ADDR_${itf}"}) eq '' && ($dhcpsettings{"END_ADDR_${itf}"}) eq '') {
 			$errormessage = "DHCP on ${itf}: " . $Lang::tr{'dhcp valid range required when deny known clients checked'};
 			goto ERROR;
+		}
 	    }

 	    if (!($dhcpsettings{"DEFAULT_LEASE_TIME_${itf}"} =~ /^\d+$/)) {
 		$errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid default lease time'} . $dhcpsettings{'DEFAULT_LEASE_TIME_${itf}'};
 		goto ERROR;
-		}
 	    }

 	    if (!($dhcpsettings{"MAX_LEASE_TIME_${itf}"} =~ /^\d+$/)) {
--- a/html/cgi-bin/wirelessclient.cgi
+++ b/html/cgi-bin/wirelessclient.cgi
@@ -324,6 +324,8 @@ END
 			$encryption_mode = $Lang::tr{'wlan client encryption wpa'};
 		} elsif ($config[3] eq "WPA2") {
 			$encryption_mode = $Lang::tr{'wlan client encryption wpa2'};
+		} elsif ($config[3] eq "WPA3") {
+			$encryption_mode = $Lang::tr{'wlan client encryption wpa3'};
 		} elsif ($config[3] eq "EAP") {
 			$encryption_mode = $Lang::tr{'wlan client encryption eap'};
 		}
@@ -682,6 +684,19 @@ sub ShowStatus() {
 				</tr>
 END

+		if ($status{'pmf'} eq "1") {
+			print <<END;
+				<tr>
+					<td width='20%'>
+						$Lang::tr{'wlan client management frame protection'}
+					</td>
+					<td width='80%'>
+						$Lang::tr{'active'}
+					</td>
+				</tr>
+END
+		}
+
 		if ($status{'EAP state'}) {
 			my $selected_method = $status{'selectedMethod'};
 			$selected_method =~ s/\d+ \((.*)\)/$1/e;
@@ -736,12 +751,25 @@ END
 		}

 		if (($status{'pairwise_cipher'} ne "NONE") || ($status{'group_cipher'} ne "NONE")) {
-			print <<END;
+			if ($status{'key_mgmt'} eq "SAE") {
+				print <<END;
+				<tr>
+					<td colspan='2'>
+						<strong>$Lang::tr{'wlan client encryption wpa3'}</strong>
+					</td>
+				</tr>
+END
+			} else {
+				print <<END;
 				<tr>
 					<td colspan='2'>
 						<strong>$Lang::tr{'wlan client encryption wpa'}</strong>
 					</td>
 				</tr>
+END
+			}
+
+			print <<END;
 				<tr>
 					<td width='20%'>
 						$Lang::tr{'wlan client pairwise cipher'}
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -2956,6 +2956,7 @@
 'wlan client group key algorithm' => 'GKA',
 'wlan client identity' => 'Identity',
 'wlan client invalid key length' => 'Invalid key length.',
+'wlan client management frame protection' => 'Management Frame Protection',
 'wlan client method' => 'Method',
 'wlan client new entry' => 'Create new wireless client configuration',
 'wlan client new network' => 'New network',
--- a/lfs/dhcpcd
+++ b/lfs/dhcpcd
@@ -24,7 +24,7 @@

 include Config

-VER        = 9.3.4
+VER        = 9.1.4

 THISAPP    = dhcpcd-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)

 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = badb02dfc69fe9bbeec35a02efcdb4db
+$(DL_FILE)_MD5 = dd77711cf3232002bb075f5210269f88

 install : $(TARGET)

@@ -70,9 +70,6 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
-
-	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dhcpcd/01_Fix_Linux_i386_for_SECCOMP_as_it_just_uses_socketcall.patch
-
 	cd $(DIR_APP) && ./configure --prefix="" --sysconfdir=/var/ipfire/dhcpc \
 			--dbdir=/var/ipfire/dhcpc \
 			--libexecdir=/var/ipfire/dhcpc \
--- a/src/initscripts/system/wlanclient
+++ b/src/initscripts/system/wlanclient
@@ -275,9 +275,7 @@ function wpa_supplicant_start() {
 	# Build wpa_supplicant command line.
 	local wpa_suppl_cmd="wpa_supplicant -B -qqq -i${device} -c${config}"

-	if device_is_wireless ${device}; then
-		wpa_suppl_cmd="${wpa_suppl_cmd} -Dwext"
-	else
+	if ! device_is_wireless ${device}; then
 		wpa_suppl_cmd="${wpa_suppl_cmd} -Dwired"
 	fi

--- a/src/patches/dhcpcd/01_Fix_Linux_i386_for_SECCOMP_as_it_just_uses_socketcall.patch
+++ b/src/patches/dhcpcd/01_Fix_Linux_i386_for_SECCOMP_as_it_just_uses_socketcall.patch
@@ -1,36 +0,0 @@
-diff --git a/src/privsep-linux.c b/src/privsep-linux.c
-index 050a30cf..d31d720d 100644
--- a/src/privsep-linux.c
-+++ b/src/privsep-linux.c
-@@ -32,6 +32,7 @@
- 
- #include <linux/audit.h>
- #include <linux/filter.h>
-+#include <linux/net.h>
- #include <linux/seccomp.h>
- #include <linux/sockios.h>
- 
-@@ -304,6 +305,23 @@ static struct sock_filter ps_seccomp_filter[] = {
- #ifdef __NR_sendto
- 	SECCOMP_ALLOW(__NR_sendto),
- #endif
-+#ifdef __NR_socketcall
-+	/* i386 needs this and demonstrates why SECCOMP
-+	 * is poor compared to OpenBSD pledge(2) and FreeBSD capsicum(4)
-+	 * as this is soooo tied to the kernel API which changes per arch
-+	 * and likely libc as well. */
-+	SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_ACCEPT),
-+	SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_ACCEPT4),
-+	SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_LISTEN),
-+	SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_GETSOCKOPT),	/* overflow */
-+	SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_RECV),
-+	SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_RECVFROM),
-+	SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_RECVMSG),
-+	SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_SEND),
-+	SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_SENDMSG),
-+	SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_SENDTO),
-+	SECCOMP_ALLOW_ARG(__NR_socketcall, 0, SYS_SHUTDOWN),
-+#endif
- #ifdef __NR_shutdown
- 	SECCOMP_ALLOW(__NR_shutdown),
- #endif