lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LSU.2.11.1801181309530.15660@eggly.anvils>
Date:   Thu, 18 Jan 2018 13:11:22 -0800 (PST)
From:   Hugh Dickins <hughd@...gle.com>
To:     Johannes Berg <johannes@...solutions.net>
cc:     linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] cfg80211: stop demanding lots of new stuff

A familiar error, let's try to attach this time...

On Thu, 18 Jan 2018, Hugh Dickins wrote:
> On Thu, 18 Jan 2018, Johannes Berg wrote:
> > On Wed, 2018-01-17 at 14:55 -0800, Hugh Dickins wrote:
> > > "make oldconfig" from 4.14 (when CONFIG_CFG80211_CERTIFICATION_ONUS
> > > is not set) to 4.15-rc, gets into asking lots of new questions, and
> > > configuring in unwanted stuff: I'm unsure of my Kconfig skills, but
> > > it looks like CFG80211_REQUIRE_SIGNED_REGDB's "default y" needs to
> > > be toned down when we don't even have CFG80211_CERTIFICATION_ONUS.
> > 
> > No, this is wrong - we want default configurations to be able to load a
> > signed regulatory database and validate the signature.
> 
> Great to enable that, but not so great to force new stuff on everyone.
> It doesn't surprise me at all if the patch here is the wrong one,
> but something needs to be done differently in this configuration.
> 
> Perhaps you did not try on a system without SYSTEM_DATA_VERIFICATION
> already enabled - that "select SYSTEM_DATA_VERIFICATION" seems to be
> taking effect even when CFG80211_REQUIRE_SIGNED_REGDB is not enabled,
> and pulls in a boatload.  I agree that seems strange: perhaps the
> Kconfig problem is somewhere else entirely.
> 
> Attached my old 4.14 config, so you can see for yourself - thanks.
> 
> In fact, I cannot even build the resulting config, without scurrying
> around to update userspace with stuff I never needed before:
> 
>   HOSTCC  scripts/extract-cert
> scripts/extract-cert.c:21:25: fatal error: openssl/bio.h: No such file or directory
> 
> Hugh
> 
> > 
> > johannes
> > 
> > > 
> > > Signed-off-by: Hugh Dickins <hughd@...gle.com>
> > > ---
> > > 
> > >  net/wireless/Kconfig |    2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > > 
> > > --- 4.15-rc8/net/wireless/Kconfig	2017-12-03 10:22:51.928845056 -0800
> > > +++ linux/net/wireless/Kconfig	2018-01-14 19:20:22.595472965 -0800
> > > @@ -89,7 +89,7 @@ config CFG80211_CERTIFICATION_ONUS
> > >  
> > >  config CFG80211_REQUIRE_SIGNED_REGDB
> > >  	bool "require regdb signature" if CFG80211_CERTIFICATION_ONUS
> > > -	default y
> > > +	default CFG80211_CERTIFICATION_ONUS
> > >  	select SYSTEM_DATA_VERIFICATION
> > >  	help
> > >  	  Require that in addition to the "regulatory.db" file a
Download attachment "config.414.gz" of type "APPLICATION/x-gzip" (19891 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ