blob: 263c6190ab5e3a21ad841aed0f9831926ba52562 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
From 56fd8c36614e9aaeadec647ce3d07f1ceb16a0a4 Mon Sep 17 00:00:00 2001
From: Paul Gortmaker <paul.gortmaker@windriver.com>
Date: Wed, 5 May 2021 00:11:29 -0400
Subject: [PATCH] net/dccp: make it depend on CONFIG_BROKEN (CVE-2020-16119)
There were some proposed fixes for this back in 2020, but the discussion
largely fizzled out[1] and never got picked up again.
We can see other distros are either blacklisting it from user space[2]
or explicitly calling it out as "is not set" in their base config[3] but
that really doesn't bind the workaround to the kernel source in any
robust transportable way.
So I've done the tried and true "depends on BROKEN" to ensure the
workaround goes wherever the kernel source goes.
We can revert this if a real fix eventually appears, but given that it
was marked "EXPERIMENTAL" back when we had that, I don't expect we'll
need to. Also note that none of our base ktypes or BSPs enabled it.
[1] https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/
[2] https://access.redhat.com/security/cve/cve-2020-16119
[3] https://github.com/archlinux/svntogit-packages/commit/c07751100e1d64d9aa5789881ddc2ef68e43aed4
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
net/dccp/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/dccp/Kconfig b/net/dccp/Kconfig
index 0c7d2f66ba27..efa01566da0f 100644
--- a/net/dccp/Kconfig
+++ b/net/dccp/Kconfig
@@ -2,6 +2,7 @@
menuconfig IP_DCCP
tristate "The DCCP Protocol"
depends on INET
+ depends on BROKEN
help
Datagram Congestion Control Protocol (RFC 4340)
--
2.19.1
|
