debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486)

This commit is contained in:
Salvatore Bonaccorso 2019-04-26 16:11:04 +02:00
parent 859ec5f504
commit ad494c2131
3 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
debian/changelog vendored
View File

@ -832,6 +832,7 @@ linux (4.19.34-1) UNRELEASED; urgency=medium
* inotify: Fix fsnotify_mark refcount leak in
inotify_update_existing_watch() (CVE-2019-9857)
* [x86] Disable R3964 due to lack of security support
* tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486)
[ Aurelien Jarno ]
* [mips] Fix indirect syscall tracing & seccomp filtering for big endian

46
debian/patches/bugfix/all/tty-mark-Siemens-R3964-line-discipline-as-BROKEN.patch vendored Normal file
View File

@ -0,0 +1,46 @@
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 5 Apr 2019 15:39:26 +0200
Subject: tty: mark Siemens R3964 line discipline as BROKEN
Origin: https://git.kernel.org/linus/c7084edc3f6d67750f50d4183134c4fb5712a5c8
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-11486
The n_r3964 line discipline driver was written in a different time, when
SMP machines were rare, and users were trusted to do the right thing.
Since then, the world has moved on but not this code, it has stayed
rooted in the past with its lovely hand-crafted list structures and
loads of "interesting" race conditions all over the place.
After attempting to clean up most of the issues, I just gave up and am
now marking the driver as BROKEN so that hopefully someone who has this
hardware will show up out of the woodwork (I know you are out there!)
and will help with debugging a raft of changes that I had laying around
for the code, but was too afraid to commit as odds are they would break
things.
Many thanks to Jann and Linus for pointing out the initial problems in
this codebase, as well as many reviews of my attempts to fix the issues.
It was a case of whack-a-mole, and as you can see, the mole won.
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
drivers/char/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
index 72866a004f07..466ebd84ad17 100644
--- a/drivers/char/Kconfig
+++ b/drivers/char/Kconfig
@@ -348,7 +348,7 @@ config XILINX_HWICAP
config R3964
tristate "Siemens R3964 line discipline"
- depends on TTY
+ depends on TTY && BROKEN
---help---
This driver allows synchronous communication with devices using the
Siemens R3964 packet protocol. Unless you are dealing with special
--
2.11.0

1
debian/patches/series vendored
View File

@ -149,6 +149,7 @@ debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
bugfix/all/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
debian/ntfs-mark-it-as-broken.patch
bugfix/all/inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch
bugfix/all/tty-mark-Siemens-R3964-line-discipline-as-BROKEN.patch
# Fix exported symbol versions
bugfix/all/module-disable-matching-missing-version-crc.patch