[Git][cip-project/cip-kernel/cip-kernel-sec][master] 7 commits: Import more data

Import more data

Signed-off-by: Ben Hutchings <ben.hutchings@...>

Delete duplicate of CVE-2017-18509

This issue was assigned CVE-2017-18509 and renamed in Debian's

kernel_sec repo, but import_debian.py isn't smart enough to handle

name changes.

Signed-off-by: Ben Hutchings <ben.hutchings@...>

Record stable fixes for CVE-2019-1125

The stable commits don't correspond 1:1 to the upstream fixes:

- The documentation update coulddn't be applied to some branches, and

  isn't strictly needed

- In some backports the JMPQ→JMP fix was squashed into the patch that

  it fixes

Signed-off-by: Ben Hutchings <ben.hutchings@...>

Record introduced-by commits for the TCP reconnect use-after-free

This is a stable-only issue so import_stable.py can't handle it

automatically.

Signed-off-by: Ben Hutchings <ben.hutchings@...>

Update fixed-by commits for CVE-2019-10638

As I understand it, the complete fix for weak randomisation of IP ID

generation was to switch from jhash to siphash.  The previously

identified commits improved it a bit but not enough to consider this

fixed.

Signed-off-by: Ben Hutchings <ben.hutchings@...>

Record fixed-by commit for CVE-2019-14763

Signed-off-by: Ben Hutchings <ben.hutchings@...>

Merge branch 'bwh/update-issues' into 'master'

Update issues

See merge request cip-project/cip-kernel/cip-kernel-sec!5
webview: Add "open issues" page similar to default report_affected output

Thew new page shows a table of open issues with the status for each
branch.

* Expose the page at /issue/open/
* Link to it from the root
* Align text to the left in the heading row

Signed-off-by: Ben Hutchings <ben.hutchings@...>

webview: Make open issues table headings "sticky"

The open issues table can easily be larger than a browser window.
Style the table headings for this table so that they don't scroll
away (in either dimension).

Tested with Firefox 60.8.0esr and 73.0.3683.75, and should be
compatible with current Edge and Safari.

Signed-off-by: Ben Hutchings <ben.hutchings@...>

Merge branch 'bwh/web-report-affected' into 'master'

webview: Add "open issues" page similar to default report_affected output

See merge request cip-project/cip-kernel/cip-kernel-sec!6
+<link rel="stylesheet" href="/static/style.css">

+<title>Open issues</title>

+<h1>Open issues</h1>

+<div class="table-container">

+  <table class="fixed-header">

+    <thead>

+      <tr>

+	<th/>

+	{% for name, _, _ in branches %}

+	<th>

+	  <a href="/branch/{{ name }}/">{{ name }}</a>

+	</th>

+	{% endfor %}

+      </tr>

+    </thead>

+    {% for cve_id, issue in cve_ids %}

+    <tr>

+      <th>

+	<a href="/issue/{{ cve_id }}/">{{ cve_id }}</a>

+      </th>

+      {% for name, branch, affected in branches %}

+      {% if not affected[cve_id] %}

+      {% if issue['fixed-by'] and issue['fixed-by'][name] %}

+      <td class="good">fixed</td>

+      {% else %}

+      <td class="good">never affected</td>

+      {% endif %}

+      {% else %}

+      {% if issue.ignore and (issue.ignore.all or issue.ignore[name]) %}

+      <td class="ignored">ignored</td>

+      {% else %}

+      <td class="bad">vulnerable</td>

+      {% endif %}

+      {% endif %}

+      {% endfor %}

+    </tr>

+    {% endfor %}

+  </table>

+</div>
 <title>Kernel security tracker</title>

 <h1>Kernel security tracker</h1>

 <p>

-  <a href="branch/">View branches</a> | <a href="issue/">View issues</a>

+  <a href="branch/">View branches</a> |

+  <a href="issue/open/">View open issues</a> |

+  <a href="issue/">View all issues</a>

 </p>
     vertical-align: top;

     white-space: nowrap;

 }

+thead th {

+    text-align: left;

+}

 th, td {

     padding-left: 0.5em;

     padding-right: 0.5em;

 }

+

+/*

+ * Stop table headings scrolling away using position: sticky; see

+ * <https://stackoverflow.com/questions/11891065/>.

+ */

+table-container {

+    display: inline-block;

+    overflow: auto;

+}

+table.fixed-header thead th {

+    position: -webkit-sticky;

+    position: sticky;

+    top: 0;

+    background-color: #ffffff;

+    background-clip: padding-box;

+}

+table.fixed-header tbody th {

+    position: -webkit-sticky;

+    position: sticky;

+    left: 0;

+    background-color: #ffffff;

+    background-clip: padding-box;

+}
 #!/usr/bin/python3

-# Copyright 2018 Codethink Ltd.

+# Copyright 2018-2019 Codethink Ltd.

 #

 # This script is distributed under the terms and conditions of the GNU General

 # Public License, Version 3 or later. See http://www.gnu.org/copyleft/gpl.html

             remotes=self._root.remotes)

+class OpenIssues:

+    _template = _template_env.get_template('open_issues.html')

+

+    def __init__(self, root):

+        self._root = root

+

+    @cherrypy.expose

+    def index(self):

+        open_cve_ids = []

+        branches = [

+            (branch_name, self._root.branch_defs[branch_name], {})

+            for branch_name in self._root.branch_names

+        ]

+        for cve_id in _issue_cache.keys():

+            issue = _issue_cache[cve_id]

+            ignore = issue.get('ignore', {})

+            if 'all' in ignore:

+                continue

+            is_open = False

+            for branch_name, branch, affected in branches:

+                if kernel_sec.issue.affects_branch(

+                        issue, branch, self._root.is_commit_in_branch):

+                    affected[cve_id] = True

+                    if branch_name not in ignore:

+                        is_open = True

+            if is_open:

+                open_cve_ids.append(cve_id)

+

+        return self._template.render(

+            cve_ids=[

+                (cve_id, _issue_cache[cve_id])

+                for cve_id in sorted(open_cve_ids,

+                                     key=kernel_sec.issue.get_id_sort_key)

+            ],

+            branches=branches)

+

+

 class Issues:

     _template = _template_env.get_template('issues.html')

     def _cp_dispatch(self, vpath):

         if len(vpath) == 1 and vpath[0] in _issue_cache:

             return Issue(vpath.pop(), self._root)

+        if len(vpath) == 1 and vpath[0] == 'open':

+            return OpenIssues(self._root)

         return vpath

     @cherrypy.expose

Record fixed-by commit for CVE-2019-14763

Signed-off-by: Ben Hutchings <ben.hutchings@...>

     c91815b59624.

 reporters:

 - Tuba Yavuz

+introduced-by:

+  mainline: [15b8d9332b927d76a0b26cf70c564756d1648133]

 fixed-by:

   linux-4.14.y: [59d3a952e4f3d505f9444e86db069081323351c7]

   mainline: [c91815b596245fd7da349ecc43c8def670d2269e]
webview: Make open issues table headings "sticky"

The open issues table can easily be larger than a browser window.
Style the table headings for this table so that they don't scroll
away (in either dimension).

Tested with Firefox 60.8.0esr and 73.0.3683.75, and should be
compatible with current Edge and Safari.

Signed-off-by: Ben Hutchings <ben.hutchings@...>

 <link rel="stylesheet" href="/static/style.css">

 <title>Open issues</title>

 <h1>Open issues</h1>

-<table>

-  <thead>

+<div class="table-container">

+  <table class="fixed-header">

+    <thead>

+      <tr>

+	<th/>

+	{% for name, _, _ in branches %}

+	<th>

+	  <a href="/branch/{{ name }}/">{{ name }}</a>

+	</th>

+	{% endfor %}

+      </tr>

+    </thead>

+    {% for cve_id, issue in cve_ids %}

     <tr>

-      <td/>

-      {% for name, _, _ in branches %}

       <th>

-	<a href="/branch/{{ name }}/">{{ name }}</a>

+	<a href="/issue/{{ cve_id }}/">{{ cve_id }}</a>

       </th>

+      {% for name, branch, affected in branches %}

+      {% if not affected[cve_id] %}

+      {% if issue['fixed-by'] and issue['fixed-by'][name] %}

+      <td class="good">fixed</td>

+      {% else %}

+      <td class="good">never affected</td>

+      {% endif %}

+      {% else %}

+      {% if issue.ignore and (issue.ignore.all or issue.ignore[name]) %}

+      <td class="ignored">ignored</td>

+      {% else %}

+      <td class="bad">vulnerable</td>

+      {% endif %}

+      {% endif %}

       {% endfor %}

     </tr>

-  </thead>

-  {% for cve_id, issue in cve_ids %}

-  <tr>

-    <th>

-      <a href="/issue/{{ cve_id }}/">{{ cve_id }}</a>

-    </th>

-    {% for name, branch, affected in branches %}

-    {% if not affected[cve_id] %}

-    {% if issue['fixed-by'] and issue['fixed-by'][name] %}

-    <td class="good">fixed</td>

-    {% else %}

-    <td class="good">never affected</td>

-    {% endif %}

-    {% else %}

-    {% if issue.ignore and (issue.ignore.all or issue.ignore[name]) %}

-    <td class="ignored">ignored</td>

-    {% else %}

-    <td class="bad">vulnerable</td>

-    {% endif %}

-    {% endif %}

     {% endfor %}

-  </tr>

-  {% endfor %}

-</table>
+  </table>

+</div>
     padding-left: 0.5em;

     padding-right: 0.5em;

 }

+

+/*

+ * Stop table headings scrolling away using position: sticky; see

+ * <https://stackoverflow.com/questions/11891065/>.

+ */

+table-container {

+    display: inline-block;

+    overflow: auto;

+}

+table.fixed-header thead th {

+    position: -webkit-sticky;

+    position: sticky;

+    top: 0;

+    background-color: #ffffff;

+    background-clip: padding-box;

+}

+table.fixed-header tbody th {

+    position: -webkit-sticky;

+    position: sticky;

+    left: 0;

+    background-color: #ffffff;

+    background-clip: padding-box;

+}
webview: Add "open issues" page similar to default report_affected output

Thew new page shows a table of open issues with the status for each
branch.

* Expose the page at /issue/open/
* Link to it from the root
* Align text to the left in the heading row

Signed-off-by: Ben Hutchings <ben.hutchings@...>

webview: Make open issues table headings "sticky"

The open issues table can easily be larger than a browser window.
Style the table headings for this table so that they don't scroll
away (in either dimension).

Tested with Firefox 60.8.0esr and 73.0.3683.75, and should be
compatible with current Edge and Safari.

Signed-off-by: Ben Hutchings <ben.hutchings@...>

+<link rel="stylesheet" href="/static/style.css">

+<title>Open issues</title>

+<h1>Open issues</h1>

+<div class="table-container">

+  <table class="fixed-header">

+    <thead>

+      <tr>

+	<td/>

+	{% for name, _, _ in branches %}

+	<th>

+	  <a href="/branch/{{ name }}/">{{ name }}</a>

+	</th>

+	{% endfor %}

+      </tr>

+    </thead>

+    {% for cve_id, issue in cve_ids %}

+    <tr>

+      <th>

+	<a href="/issue/{{ cve_id }}/">{{ cve_id }}</a>

+      </th>

+      {% for name, branch, affected in branches %}

+      {% if not affected[cve_id] %}

+      {% if issue['fixed-by'] and issue['fixed-by'][name] %}

+      <td class="good">fixed</td>

+      {% else %}

+      <td class="good">never affected</td>

+      {% endif %}

+      {% else %}

+      {% if issue.ignore and (issue.ignore.all or issue.ignore[name]) %}

+      <td class="ignored">ignored</td>

+      {% else %}

+      <td class="bad">vulnerable</td>

+      {% endif %}

+      {% endif %}

+      {% endfor %}

+    </tr>

+    {% endfor %}

+  </table>

+</div>
 <title>Kernel security tracker</title>

 <h1>Kernel security tracker</h1>

 <p>

-  <a href="branch/">View branches</a> | <a href="issue/">View issues</a>

+  <a href="branch/">View branches</a> |

+  <a href="issue/open/">View open issues</a> |

+  <a href="issue/">View all issues</a>

 </p>
     vertical-align: top;

     white-space: nowrap;

 }

+thead th {

+    text-align: left;

+}

 th, td {

     padding-left: 0.5em;

     padding-right: 0.5em;

 }

+

+/*

+ * Stop table headings scrolling away using position: sticky; see

+ * <https://stackoverflow.com/questions/11891065/>.

+ */

+table-container {

+    display: inline-block;

+    overflow: auto;

+}

+table.fixed-header thead th {

+    position: -webkit-sticky;

+    position: sticky;

+    top: 0;

+    background-color: #ffffff;

+    background-clip: padding-box;

+}

+table.fixed-header tbody th {

+    position: -webkit-sticky;

+    position: sticky;

+    left: 0;

+    background-color: #ffffff;

+    background-clip: padding-box;

+}
 #!/usr/bin/python3

-# Copyright 2018 Codethink Ltd.

+# Copyright 2018-2019 Codethink Ltd.

 #

 # This script is distributed under the terms and conditions of the GNU General

 # Public License, Version 3 or later. See http://www.gnu.org/copyleft/gpl.html

             remotes=self._root.remotes)

+class OpenIssues:

+    _template = _template_env.get_template('open_issues.html')

+

+    def __init__(self, root):

+        self._root = root

+

+    @cherrypy.expose

+    def index(self):

+        open_cve_ids = []

+        branches = [

+            (branch_name, self._root.branch_defs[branch_name], {})

+            for branch_name in self._root.branch_names

+        ]

+        for cve_id in _issue_cache.keys():

+            issue = _issue_cache[cve_id]

+            ignore = issue.get('ignore', {})

+            if 'all' in ignore:

+                continue

+            is_open = False

+            for branch_name, branch, affected in branches:

+                if kernel_sec.issue.affects_branch(

+                        issue, branch, self._root.is_commit_in_branch):

+                    affected[cve_id] = True

+                    if branch_name not in ignore:

+                        is_open = True

+            if is_open:

+                open_cve_ids.append(cve_id)

+

+        return self._template.render(

+            cve_ids=[

+                (cve_id, _issue_cache[cve_id])

+                for cve_id in sorted(open_cve_ids,

+                                     key=kernel_sec.issue.get_id_sort_key)

+            ],

+            branches=branches)

+

+

 class Issues:

     _template = _template_env.get_template('issues.html')

     def _cp_dispatch(self, vpath):

         if len(vpath) == 1 and vpath[0] in _issue_cache:

             return Issue(vpath.pop(), self._root)

+        if len(vpath) == 1 and vpath[0] == 'open':

+            return OpenIssues(self._root)

         return vpath

     @cherrypy.expose

Import more data

Signed-off-by: Ben Hutchings <ben.hutchings@...>

Fill in status for linux-4.4.y-cip-rt for two issues

I missed these two when adding the -rt branches.

Fixes: 71a5163608b3 ("Add linux-4.{4,19}.y-cip-rt branches to ...")
Signed-off-by: Ben Hutchings <ben.hutchings@...>

Merge branch 'bwh/update-issues' into 'master'

Update issues

See merge request cip-project/cip-kernel/cip-kernel-sec!4
 description: 'nvmet-fc: ensure target queue id within range'

+references:

+- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18379

+- https://git.kernel.org/linus/0c319d3a144d4b8f1ea2047fd614d2149b68f889

+comments:

+  Debian-bwh: |-

+    Introduced in Linux 4.10 by commit c53432030d86 "nvme-fabrics: Add

+    target support for FC transport".

 introduced-by:

   mainline: [c53432030d86429dc9fe5adc3d68cb9d1343b0b2]

 fixed-by:

+description: IPv6 mroute missing type check

+references:

+- https://lists.openwall.net/netdev/2017/12/04/40

+fixed-by:

+  linux-4.4.y: [ee2f25641633ffb03fb88e4fa8a6424d24d3f295]

+  linux-4.9.y: [1e531ad4316cb47c6c2b42f3257d1841a6e837e7]

+  mainline: [99253eb750fda6a644d5188fb26c43bad8d5a745]
 - https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=afca6c5b2595fc44383919fba740c194b0b76aff

 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13093

 - https://github.com/torvalds/linux/commit/afca6c5b2595fc44383919fba740c194b0b76aff

+reporters:

+- Wen Xu

 introduced-by:

   mainline: [1da177e4c3f41524e886b7f1b8a0c1fc7321cac2]

 fixed-by:

 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20854

 - https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6acb47d1a318e5b3b7115354ebc4ea060c59d3a1

 - https://github.com/torvalds/linux/commit/6acb47d1a318e5b3b7115354ebc4ea060c59d3a1

+comments:

+  Debian-carnil: |-

+    Driver intorduced in same upstream version as per 51f6b410fc22

+    ("phy: add driver for Microsemi Ocelot SerDes muxing") so it is

+    disputable why this has a CVE.

 introduced-by:

   mainline: [51f6b410fc220d8a5a4fae00ebfd8243b6c11d4e]

 fixed-by:

 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7

 - https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0625b4ba1a5d4703c7fb01c497bd6c156908af00

 - https://github.com/torvalds/linux/commit/0625b4ba1a5d4703c7fb01c497bd6c156908af00

+comments:

+  Debian-bwh: |-

+    Introduced in Linux 4.17 by commit 41d902cb7c32 "RDMA/mlx5: Fix

+    definition of mlx5_ib_create_qp_resp".

+introduced-by:

+  mainline: [41d902cb7c326d711674977763c4b30df87611bc]

 fixed-by:

   mainline: [0625b4ba1a5d4703c7fb01c497bd6c156908af00]

 ignore:

 - https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.7

 - https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54648cf1ec2d7f4b6a71767799c45676a138ca24

 - https://github.com/torvalds/linux/commit/54648cf1ec2d7f4b6a71767799c45676a138ca24

+comments:

+  Debian-bwh: |-

+    Introduced in Linux 3.18 by commit 7c94e1c157a2 "block: introduce

+    blk_flush_queue to drive flush machinery".

 introduced-by:

   mainline: [7c94e1c157a227837b04f02f5edeff8301410ba2]

 fixed-by:

 references:

 - https://www.openwall.com/lists/oss-security/2019/07/25/1

 - https://lore.kernel.org/linux-bluetooth/20190725120909.31235-1-vdronov@.../T/#u

+- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10207

+- https://lore.kernel.org/linux-bluetooth/20190729122215.9948-1-vdronov@.../

+comments:

+  Debian-bwh: |-

+    For hci_ath, this was introduced in Linux 2.6.36 by commit

+    b3190df62861 "Bluetooth: Support for Atheros AR300x serial chip".

+    For hci_uart, this was introduced in Linux 4.2 by commit

+    2a973dfada2b "Bluetooth: hci_uart: Add new line discipline

+    enhancements".

+fixed-by:

+  linux-4.14.y: [69f9c2bc3f754ad1d610b30b940681d678c8e684]

+  linux-4.19.y: [56966212e23f82ced10831f7cca02f7339147428]

+  linux-4.4.y: [37fb924139954a28a1f04959070c3cc762b0de4c]

+  linux-4.9.y: [58a01b0bd8ea5fddb51d4d854bb149a1a7312c12]

+  linux-5.2.y: [785b5dc6c06083a874d7bda593de06a01ac7fe6a]

+  mainline: [b36a1552d7319bbfd5cf7f08726c23c5c66d4f73]
     f223c10cf17689353a41e052bfc16c9ac4758132, adef560d1ef8ab84aceee8b6ebae6f515c2b7a66,

     179adc415f947eb64eb12a15c90d0d8da09418b9, 8be7f1183d2f113d82c0c68a5e23a44d7fb8a8b6,

     683f9fba8c27817b6c2f7320a4095ca353022651]

+  linux-4.4.y-cip-rt: [a50e2ca5757f54fc5b0eabbb77a509209cbcc40d, 31a2c5f7a25b1cf4739ccd0244b0b270c42dab89,

+    71041afe26a30d8a5bfb75ff5699c9cfdee5250a, 693eb3bdaf19dd58aea99a5ed088dd6319ecc098,

+    0f961ec593057bad865d3a9f6834c0ca1582d486, 3092ad5c4f2ed6925847273a65c5598a73ee88d8,

+    2b26dff34698b8f4b57c5492c17a3fcf71e32de6, 0144cbc1247411f6fa07447ce9a4ae204903031a,

+    e2896d6b1e485605b5c436f11abc2016a60c083a, 06deb655ae265b397cd013db5cb77aa442a68617,

+    48204fd98023ff7d05166c7ddb9d8afd2c5006e9, e0e64cdc7fd9eb3dbcf670e8c3dd9dfd0501d104,

+    9fe26a407f0eca058829dec41a4de71c70bfc3ec, 3fb41b4e2d389f2b187e2e12a7c8611d6c4b0e30,

+    8c7398befdf1ecb163b5d0f6f5ba27b45c63211e, d4c1e6cbbcdca0f4688a58092ecbb81a58fe4421,

+    a41a2dee403d99e6c13d35b935a310b0609b8e6a, 7a6c2a6c4235e68472d1924b2d3f6f808ee5d39a,

+    f223c10cf17689353a41e052bfc16c9ac4758132, adef560d1ef8ab84aceee8b6ebae6f515c2b7a66,

+    179adc415f947eb64eb12a15c90d0d8da09418b9, 8be7f1183d2f113d82c0c68a5e23a44d7fb8a8b6,

+    683f9fba8c27817b6c2f7320a4095ca353022651]

   linux-4.9.y: [ffe8cffc8be1ae47c08cbc3571bed6b5b0fa53ad, 192d1975450e51c1abb725343a7e19a4d61e30bd,

     626743f43da44598076019a82193caf49dca1fde, 2a099011de8abebac475a90dad1835c60dfca88c,

     da360f1f5eb43e0d71009bab3be53c7a06d40caf, 96c06cda5b4bdc6a3a9a8f8adc46c86077a70ee0,

 - https://github.com/torvalds/linux/commit/8fde12ca79aff9b5ba951fce1a2641901b8d8e64

 - https://github.com/torvalds/linux/commit/f958d7b528b1b40c44cfda5eabe2d82760d868c3

 - https://usn.ubuntu.com/usn/usn-4069-1

+- https://usn.ubuntu.com/usn/usn-4069-2

 comments:

   Debian-bwh: |-

     I'm having trouble backporting to this to 3.16 because we don't

   linux-3.16.y: Minor issue, difficult to backport fix

   linux-4.4.y: Minor issue, difficult to backport fix

   linux-4.4.y-cip: Minor issue, difficult to backport fix

+  linux-4.4.y-cip-rt: Minor issue, difficult to backport fix
 - http://www.openwall.com/lists/oss-security/2019/04/29/2

 - https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04f5866e41fb70690e28397487d8bd8eea7d712a

 - https://usn.ubuntu.com/usn/usn-4069-1

+- https://usn.ubuntu.com/usn/usn-4069-2

 comments:

   Debian-bwh: |-

     The backports to 4.4 and 4.9 are still under discussion.

 - https://usn.ubuntu.com/usn/usn-4068-2

 - https://usn.ubuntu.com/usn/usn-4069-1

 - https://usn.ubuntu.com/usn/usn-4076-1

+- https://usn.ubuntu.com/usn/usn-4069-2

 introduced-by:

   mainline: [a86c61812637c7dd0c57e29880cffd477b62f2e7]

 fixed-by:

 - https://usn.ubuntu.com/usn/usn-4068-2

 - https://usn.ubuntu.com/usn/usn-4069-1

 - https://usn.ubuntu.com/usn/usn-4076-1

+- https://usn.ubuntu.com/usn/usn-4069-2

 comments:

   Debian-carnil: similar issue to CVE-2011-1079.

 fixed-by:

 introduced-by:

   mainline: [a19ceb56cbd1e1beff3e9cf6042e1f31f6487aa6]

 fixed-by:

+  linux-4.14.y: [81bf168d855cc1d97a7c9cde6787ff42485556c8]

   linux-4.19.y: [d657077eda7b5572d86f2f618391bb016b5d9a64]

+  linux-4.4.y: [3ca20e950203a6c7759186ec4e89cbd33ee2bf81]

+  linux-4.9.y: [2628fa1a6d824ee1f3fe67a272a3d00ba33d23fa]

   linux-5.2.y: [63fabf4287b23da069986b7a7fdc6ad0b202f00a]

   mainline: [2a017fd82c5402b3c8df5e3d6e5165d9e6147dc1]

 ignore:

 references:

 - https://patchwork.ozlabs.org/patch/1133904/

 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13648

+- https://www.openwall.com/lists/oss-security/2019/07/30/1

 comments:

   Debian-bwh: |-

     We have disabled CONFIG_PPC_TRANSACTIONAL_MEM in 4.9.184-1 for

 introduced-by:

   mainline: [2b0a576d15e0e14751f00f9c87e46bad27f217e7]

 fixed-by:

+  linux-4.14.y: [26bee6ef0d72193d58a085610fe49169d23baa83]

+  linux-4.19.y: [b993a66d8ddc1c26da0d9aa3471789cc170b28ee]

+  linux-4.4.y: [e67fd28f9ed887d0c8124bda96b66dab87823eac]

+  linux-4.9.y: [08ee34d86c9c6a9b93c0986d7fc6e272690e8d24]

+  linux-5.2.y: [8716e8d122e12799eff9e92c05fdabba31d47b2f]

   mainline: [f16d80b75a096c52354c6e0a574993f3b0dfbdfe]

 ignore:

   linux-4.19.y-cip: No members are using powerpc

 description: 'floppy: fix out-of-bounds read in copy_buffer'

+references:

+- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14283

+- https://git.kernel.org/linus/da99466ac243f15fbba65bd261bfc75ffa1532b6

+introduced-by:

+  mainline: [1da177e4c3f41524e886b7f1b8a0c1fc7321cac2]

 fixed-by:

+  linux-4.14.y: [80637a906eded08e04ed8a6fbbdd2b8112eaa387]

   linux-4.19.y: [ff54c44f103825a426e46d08b5d3d76e44791a87]

+  linux-4.4.y: [d105eaf5fb67a193df8fe72e64690c43e343a560]

+  linux-4.9.y: [1fdefbb5bc70ff20ea49083c6984aae86e3ecf93]

   linux-5.2.y: [d39c2e97277229970fe2ae56dcbf67a535e14873]

   mainline: [da99466ac243f15fbba65bd261bfc75ffa1532b6]

 ignore:

 description: 'floppy: fix div-by-zero in setup_format_params'

+references:

+- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14284

+- https://git.kernel.org/linus/f3554aeb991214cbfafd17d55e2bfddb50282e32

+introduced-by:

+  mainline: [1da177e4c3f41524e886b7f1b8a0c1fc7321cac2]

 fixed-by:

+  linux-4.14.y: [a904a690ea0317fcd88c5b9dfef40ef0f98d9530]

   linux-4.19.y: [6e34fd07484a0622a17b40e0ca89ed451260ef45]

+  linux-4.4.y: [26d6284d5d392bd96c414f745bcbf3620e93c8fd]

+  linux-4.9.y: [604206cde7a6c1907f6f03d90c37505a45ef1b62]

   linux-5.2.y: [697c0af7468a941522c1e26345aa5128fa2a4815]

   mainline: [f3554aeb991214cbfafd17d55e2bfddb50282e32]

 ignore:

 fixed-by:

   linux-4.14.y: [ae446749492d8bd23f1d0b81adba16e5739dc740, 46c7fce709dccb4b0e4a5a06bfacdf2bb1a4fc43,

     011942d12cc28c58fdeb2ca77e745c4c370fc250]

+  linux-4.19.y: [3af3b843aee41ed22343b011a4cf3812a80d2f38, 239910101c4ebf91a00e6f4a81ac3144b121f0c4,

+    02cdc166128cf9cb2be4786b997eebbc0b976bfa]

   mainline: [e2412c07f8f3040593dfb88207865a3cd58680c0, e79b431fb901ba1106670bcc80b9b617b25def7d,

     c1ea02f15ab5efb3e93fc3144d895410bf79fcf2]
Start a "Triaging kernel security issues" document

This is intended to cover some of the manual triage that I'm currently

doing after importing issue data.

Signed-off-by: Ben Hutchings <ben.hutchings@...>

Merge branch 'bwh/issue-triage-doc' into 'master'

Start a "Triaging kernel security issues" document

See merge request cip-project/cip-kernel/cip-kernel-sec!3
+# Triaging kernel security issues

+

+The import scripts can automatically fill in much of the important

+information about security issues, but sometimes you will need to

+manually fill in details.  This document describes how to do that,

+specifically to record that issues don't affect some or all branches.

+

+## Check that the issue is valid

+

+Anyone can apply to MITRE to assign a CVE ID, and MITRE does not

+verify that the security issues are real.  In some cases,

+inexperienced security researchers request CVE IDs for bugs that look

+like security issues, but are not.

+

+For example, a potential null pointer dereference that can be

+triggered by an unprivileged user would be a denial-of-service

+vulnerability.  However, if it can only be triggered by a user with

+the global CAP\_SYS\_ADMIN capability then it is not a security issue

+because a user with that capability can already shut down the system.

+

+If the issue is not valid, mark it to be ignored for all branches

+and add a comment explaining why:

+

+    comments:

+      your-short-name: |-

+        This is invalid because …

+    …

+    ignore:

+      all: Invalid

+

+## Identify how the issue was introduced

+

+If the import scripts did not fill in the "introduced-by" field

+for an issue, you should try to fill it in yourself, so that it's

+known which branches are affected.

+

+If a fix is available, its commit message should include a "Fixes"

+trailer that specifies the commit that introduced the issue.  This is

+*usually*, but not always, accurate.  You should review the specified

+commit and decide for yourself whether it really introduced the issue

+or whether the issue already existed in the previous version of the

+file(s).  Also check that it is an upstream commit (output of `git

+rev-list torvalds/master..`*commit-id* should be empty).  In case it

+is a commit on a stable branch, use the corresponding upstream commit

+ID instead.

+

+**TODO:** What if multiple commits are identified?

+

+If a fix is available, but it doesn't include a "Fixes" trailer or you

+decided that the specified commit was wrongly identified, you will

+need to review the git history.  First make sure that you understand

+where the bug was located, i.e. which function(s) and file(s) were

+incorrect.  Then use `git log -p`, possibly with the `-L` option, to

+view changes in those locations.  When you find a commit that appears

+to introduce the bug, make sure to review the complete diff to check

+whether the bug was really new, or if it already existed in some other

+source location.  If it already existed, you need to look further back

+in the history of that other source location.

+

+In some cases, the code that needs to be fixed was correct when

+originally introduced but became incorrect later because of an API

+change.  For example, it might have originally handled the two

+possible values of a parameter, but later on a third possible value

+was added.  In that case the "introduced-by" commit should be the one

+that made the API change.

+

+If the issue existed since the beginning of git history for the kernel

+(Linux 2.6.12-rc2), you should use that commit as the "introduced-by"

+commit.  Do *not* use commit IDs for older versions that are in

+converted repositories, as this may cause problems for other users

+that have not added those as remotes.

+

+Sometimes the commit that introduced the issue will have been

+backported to stable branches.  Use `scripts/import_stable.py` to

+fill in information about those backports.

+

+## Check the kernel configurations

+

+For CIP kernel branches, you can check in the

+[cip-kernel-config](https://gitlab.com/cip-project/cip-kernel/cip-kernel-config)

+repository whether the affected feature or source files are actually

+used by members.  If they are not used on a given branch, you can mark

+the issue to be ignored for that branch.

+

+Remember that the source files might have been renamed since a branch

+was created.  For example, if there is an issue in `tx.c` in the iwlwifi

+driver, you can check whether that was renamed between linux-4.4.y-cip

+and upstream by running:

+

+    git log --summary --full-diff --reverse cip/linux-4.4.y-cip..torvalds/master \

+        -- drivers/net/wireless/intel/iwlwifi/pcie/tx.c

+

+You can then see at the top of the log that the first commit to this

+filename renamed multiple source files, and what the old name for this

+file was:

+

+     rename drivers/net/wireless/{ => intel}/iwlwifi/pcie/tx.c (100%)

+

Ben Hutchings pushed to branch master at cip-project / cip-kernel / cip-kernel-sec

Commits:

30 changed files:

The diff was not included because it is too large.

Ben Hutchings deleted branch bwh/web-report-affected at cip-project / cip-kernel / cip-kernel-sec

Ben Hutchings pushed to branch master at cip-project / cip-kernel / cip-kernel-sec

Commits:

4 changed files:

Changes:

Ben Hutchings pushed to branch bwh/update-issues at cip-project / cip-kernel / cip-kernel-sec

Commits:

1 changed file:

Changes:

Ben Hutchings pushed to branch bwh/web-report-affected at cip-project / cip-kernel / cip-kernel-sec

Commits:

2 changed files:

Changes:

Ben Hutchings pushed to branch bwh/web-report-affected at cip-project / cip-kernel / cip-kernel-sec

Commits:

4 changed files:

Changes:

Ben Hutchings pushed new branch bwh/web-report-affected at cip-project / cip-kernel / cip-kernel-sec

Ben Hutchings pushed new branch bwh/update-issues at cip-project / cip-kernel / cip-kernel-sec

Ben Hutchings pushed to branch master at cip-project / cip-kernel / cip-kernel-sec

Commits:

17 changed files:

Changes:

Ben Hutchings deleted branch bwh/update-issues at cip-project / cip-kernel / cip-kernel-sec

Ben Hutchings deleted branch bwh/issue-triage-doc at cip-project / cip-kernel / cip-kernel-sec

Ben Hutchings pushed to branch master at cip-project / cip-kernel / cip-kernel-sec

Commits:

1 changed file:

Changes: