In message: [PATCH v5.10] net/dccp: make it depend on CONFIG_BROKEN (CVE-2020-16119) on 05/05/2021 Paul Gortmaker wrote:
> There were some proposed fixes for this back in 2020, but the discussion > largely fizzled out[1] and never got picked up again. > > We can see other distros are either blacklisting it from user space[2] > or explicitly calling it out as "is not set" in their base config[3] but > that really doesn't bind the workaround to the kernel source in any > robust transportable way. > > So I've done the tried and true "depends on BROKEN" to ensure the > workaround goes wherever the kernel source goes. > > We can revert this if a real fix eventually appears, but given that it > was marked "EXPERIMENTAL" back when we had that, I don't expect we'll > need to. Also note that none of our base ktypes or BSPs enabled it. Sounds good to me. This is now merged and pushed to all the 5.10 branches, and queued for the next kernel that is generated. Bruce > > [1] > https://lore.kernel.org/netdev/[email protected]/T/ > [2] https://access.redhat.com/security/cve/cve-2020-16119 > [3] > https://github.com/archlinux/svntogit-packages/commit/c07751100e1d64d9aa5789881ddc2ef68e43aed4 > > Signed-off-by: Paul Gortmaker <[email protected]> > > diff --git a/net/dccp/Kconfig b/net/dccp/Kconfig > index 0c7d2f66ba27..efa01566da0f 100644 > --- a/net/dccp/Kconfig > +++ b/net/dccp/Kconfig > @@ -2,6 +2,7 @@ > menuconfig IP_DCCP > tristate "The DCCP Protocol" > depends on INET > + depends on BROKEN > help > Datagram Congestion Control Protocol (RFC 4340) > > -- > 2.25.1 >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#9844): https://lists.yoctoproject.org/g/linux-yocto/message/9844 Mute This Topic: https://lists.yoctoproject.org/mt/82597190/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/linux-yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
