diff --git a/debian/changelog b/debian/changelog index 7f989560e..bbcadf562 100644 --- a/debian/changelog +++ b/debian/changelog @@ -258,7 +258,6 @@ linux (4.19.124-1) UNRELEASED; urgency=medium - net: moxa: Fix a potential double 'free_irq()' - drop_monitor: work around gcc-10 stringop-overflow warning - virtio-blk: handle block_device_operations callbacks after hot unplug - - scsi: sg: add sg_remove_request in sg_write - mmc: sdhci-acpi: Add SDHCI_QUIRK2_BROKEN_64_BIT_DMA for AMDI0040 - net: fix a potential recursive NETDEV_FEAT_CHANGE - netlabel: cope with NULL catmap diff --git a/debian/patches/bugfix/all/scsi-sg-add-sg_remove_request-in-sg_write.patch b/debian/patches/bugfix/all/scsi-sg-add-sg_remove_request-in-sg_write.patch deleted file mode 100644 index 6d9c96f1f..000000000 --- a/debian/patches/bugfix/all/scsi-sg-add-sg_remove_request-in-sg_write.patch +++ /dev/null @@ -1,42 +0,0 @@ -From: Wu Bo -Date: Tue, 14 Apr 2020 10:13:28 +0800 -Subject: scsi: sg: add sg_remove_request in sg_write -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=34fcb4291e234468f9bf9d4b851c9f522f3bbb13 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-12770 - -commit 83c6f2390040f188cc25b270b4befeb5628c1aee upstream. - -If the __copy_from_user function failed we need to call sg_remove_request -in sg_write. - -Link: https://lore.kernel.org/r/610618d9-e983-fd56-ed0f-639428343af7@huawei.com -Acked-by: Douglas Gilbert -Signed-off-by: Wu Bo -Signed-off-by: Martin K. Petersen -Signed-off-by: Sasha Levin -[groeck: Backport to v5.4.y and older kernels] -Signed-off-by: Guenter Roeck -Signed-off-by: Greg Kroah-Hartman ---- - drivers/scsi/sg.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c -index ac8535d2b41a..6bb45ae19d58 100644 ---- a/drivers/scsi/sg.c -+++ b/drivers/scsi/sg.c -@@ -694,8 +694,10 @@ sg_write(struct file *filp, const char __user *buf, size_t count, loff_t * ppos) - hp->flags = input_size; /* structure abuse ... */ - hp->pack_id = old_hdr.pack_id; - hp->usr_ptr = NULL; -- if (__copy_from_user(cmnd, buf, cmd_size)) -+ if (__copy_from_user(cmnd, buf, cmd_size)) { -+ sg_remove_request(sfp, srp); - return -EFAULT; -+ } - /* - * SG_DXFER_TO_FROM_DEV is functionally equivalent to SG_DXFER_FROM_DEV, - * but is is possible that the app intended SG_DXFER_TO_DEV, because there --- -2.27.0.rc0 - diff --git a/debian/patches/series b/debian/patches/series index 7264177eb..1eca3b1d4 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -297,7 +297,6 @@ features/arm/staging-vc04_services-Use-correct-cache-line-size.patch debian/i386-686-pae-pci-set-pci-nobios-by-default.patch debian/ntfs-mark-it-as-broken.patch bugfix/x86/kvm-svm-fix-potential-memory-leak-in-svm_cpu_init.patch -bugfix/all/scsi-sg-add-sg_remove_request-in-sg_write.patch bugfix/all/usb-gadget-fix-illegal-array-access-in-binding-with-.patch bugfix/all/netlabel-cope-with-NULL-catmap.patch bugfix/all/fs-binfmt_elf.c-allocate-initialized-memory-in-fill_.patch