Remove Amateur Radio X.25 PLP Rose for CVE-2022-2961 (#10826)

rlmenge · web-flow · commit c5b6704f8043 · 2024-10-24T14:40:32.000-07:00
The rose_bind() function which is used in the AX.25 PLP Rose protocol introduced a race condition which has CVE-2022-2961. Therefore remove rose support.
diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec
@@ -10,7 +10,7 @@
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-signed-%{buildarch}
 Version:        5.15.167.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %exclude /module_info.ld
 
 %changelog
+* Wed Oct 23 2024 Rachel Menge <rachelmenge@microsoft.com> - 5.15.167.1-2
+- Bump release to match kernel
+
 * Wed Sep 18 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 5.15.167.1-1
 - Auto-upgrade to 5.15.167.1
 
diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec
@@ -12,7 +12,7 @@
 Summary:        Linux API header files
 Name:           kernel-headers
 Version:        5.15.167.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -73,6 +73,9 @@ done
 %endif
 
 %changelog
+* Wed Oct 23 2024 Rachel Menge <rachelmenge@microsoft.com> - 5.15.167.1-2
+- Bump release to match kernel
+
 * Wed Sep 18 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 5.15.167.1-1
 - Auto-upgrade to 5.15.167.1
 
diff --git a/SPECS/kernel/config_aarch64 b/SPECS/kernel/config_aarch64
@@ -1789,7 +1789,7 @@ CONFIG_HAMRADIO=y
 CONFIG_AX25=m
 CONFIG_AX25_DAMA_SLAVE=y
 CONFIG_NETROM=m
-CONFIG_ROSE=m
+# CONFIG_ROSE is not set
 
 #
 # AX.25 network device drivers
diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json
@@ -2,7 +2,7 @@
   "Signatures": {
     "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0",
     "config": "dc024483419fd8d1df7191058e01d80d7421d1c141f0bfc30f330201abb51ed3",
-    "config_aarch64": "784b95a886e48269d5da1ca7451ead489a84d8af9a8579874f9554741fa73916",
+    "config_aarch64": "000300cac16ea745e68e93e1cada7c344518d4e848e287530b2d3f1225b51e05",
     "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f",
     "kernel-5.15.167.1.tar.gz": "2f529a3abf4167d1de5f7dd73043827db2c08d647d924990843ee914b0558ee0"
   }
diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec
@@ -28,7 +28,7 @@
 Summary:        Linux Kernel
 Name:           kernel
 Version:        5.15.167.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -426,6 +426,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %{_sysconfdir}/bash_completion.d/bpftool
 
 %changelog
+* Wed Oct 23 2024 Rachel Menge <rachelmenge@microsoft.com> - 5.15.167.1-2
+- Remove Amateur Radio X.25 PLP Rose for CVE-2022-2961
+
 * Wed Sep 18 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 5.15.167.1-1
 - Auto-upgrade to 5.15.167.1
 
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -1,5 +1,5 @@
 filesystem-1.1-20.cm2.aarch64.rpm
-kernel-headers-5.15.167.1-1.cm2.noarch.rpm
+kernel-headers-5.15.167.1-2.cm2.noarch.rpm
 glibc-2.35-7.cm2.aarch64.rpm
 glibc-devel-2.35-7.cm2.aarch64.rpm
 glibc-i18n-2.35-7.cm2.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -1,5 +1,5 @@
 filesystem-1.1-20.cm2.x86_64.rpm
-kernel-headers-5.15.167.1-1.cm2.noarch.rpm
+kernel-headers-5.15.167.1-2.cm2.noarch.rpm
 glibc-2.35-7.cm2.x86_64.rpm
 glibc-devel-2.35-7.cm2.x86_64.rpm
 glibc-i18n-2.35-7.cm2.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -136,7 +136,7 @@ intltool-0.51.0-7.cm2.noarch.rpm
 itstool-2.0.6-4.cm2.noarch.rpm
 kbd-2.2.0-1.cm2.aarch64.rpm
 kbd-debuginfo-2.2.0-1.cm2.aarch64.rpm
-kernel-headers-5.15.167.1-1.cm2.noarch.rpm
+kernel-headers-5.15.167.1-2.cm2.noarch.rpm
 kmod-29-2.cm2.aarch64.rpm
 kmod-debuginfo-29-2.cm2.aarch64.rpm
 kmod-devel-29-2.cm2.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -141,8 +141,8 @@ intltool-0.51.0-7.cm2.noarch.rpm
 itstool-2.0.6-4.cm2.noarch.rpm
 kbd-2.2.0-1.cm2.x86_64.rpm
 kbd-debuginfo-2.2.0-1.cm2.x86_64.rpm
-kernel-cross-headers-5.15.167.1-1.cm2.noarch.rpm
-kernel-headers-5.15.167.1-1.cm2.noarch.rpm
+kernel-cross-headers-5.15.167.1-2.cm2.noarch.rpm
+kernel-headers-5.15.167.1-2.cm2.noarch.rpm
 kmod-29-2.cm2.x86_64.rpm
 kmod-debuginfo-29-2.cm2.x86_64.rpm
 kmod-devel-29-2.cm2.x86_64.rpm

Original file line number	Diff line number	Diff line change
`@@ -1789,7 +1789,7 @@ CONFIG_HAMRADIO=y`
`1789`	`1789`	`CONFIG_AX25=m`
`1790`	`1790`	`CONFIG_AX25_DAMA_SLAVE=y`
`1791`	`1791`	`CONFIG_NETROM=m`
`1792`		`-CONFIG_ROSE=m`
	`1792`	`+# CONFIG_ROSE is not set`
`1793`	`1793`
`1794`	`1794`	`#`
`1795`	`1795`	`# AX.25 network device drivers`
Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@`
`2`	`2`	`"Signatures": {`
`3`	`3`	`"cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0",`
`4`	`4`	`"config": "dc024483419fd8d1df7191058e01d80d7421d1c141f0bfc30f330201abb51ed3",`
`5`		`- "config_aarch64": "784b95a886e48269d5da1ca7451ead489a84d8af9a8579874f9554741fa73916",`
	`5`	`+ "config_aarch64": "000300cac16ea745e68e93e1cada7c344518d4e848e287530b2d3f1225b51e05",`
`6`	`6`	`"sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f",`
`7`	`7`	`"kernel-5.15.167.1.tar.gz": "2f529a3abf4167d1de5f7dd73043827db2c08d647d924990843ee914b0558ee0"`
`8`	`8`	`}`