Devuan bug report logs - #430
ax.25 on kernels above 4.1

Package: linux-image; Maintainer for linux-image is (unknown);

Reported by: n1uro@n1uro.ampr.org

Date: Sat, 25 Apr 2020 16:03:02 UTC

Severity: normal

Tags: debian

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to devuan-bugs@lists.dyne.org, devuan-dev@lists.dyne.org:
bug#430; Package linux-image. (Sat, 25 Apr 2020 16:03:02 GMT) (full text, mbox, link).


Acknowledgement sent to n1uro@n1uro.ampr.org:
New bug report received and forwarded. Copy sent to devuan-dev@lists.dyne.org.

Your message had a Version: pseudo-header with an invalid package version:

all above 4.1

please either use found or fixed to the control server with a correct version, or reply to this report indicating the correct version so the maintainer (or someone else) can correct it for you.

(Sat, 25 Apr 2020 16:03:04 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.devuan.org (full text, mbox, reply):

From: Brian <n1uro@n1uro.ampr.org>
To: submit@bugs.devuan.org
Subject: ax.25 on kernels above 4.1
Date: Sat, 25 Apr 2020 11:52:18 -0400
Package: linux-image
Version: all above 4.1

There's a critical bug in the ax.25 module that popped up beginning with
kernel version 4.2 where if a user connected to a site using NetRom, the
underlaying ax.25 virtual circuit fails to close thus leaving a zombie
socket open and available for possible attack. This has been a known
issue on the URONode email list for quite some time, and I'm the
developer of the uronode package in your repositories.  

A fix was supplied by Marius YO2LOJ on the list:

---
Let me explain the patch so maybe you can do it yourself, since the
code 
will probably not work on a 5.x kernel...

The target function is ax25_disconnect(ax25_cb *ax25, int reason).

The function is in the file ax25_subr.c in the 4.9 version.

the last part is an:

if (ax25->sk != NULL) {

(...the ax25 socket is closed here...)

}

This if catches only full ax25 connections, not the ones associated with 
netrom connections.

So for netrom connections, we also need a socket deletion, so add to 
this if the following else:

else {

ax25_destroy_socket(ax25);

}

Maybe this helps get you going...

Marius, YO2LOJ
---

A weblink to his mail:
https://n1uro.ampr.org/cgi-bin/mailman/private/uronode/2019-September/001284.html
however it's only available to subscribers.

-- 
If Confucius were alive today:
"A computing device left in the OFF power state never crashes" 
-----
73 de Brian N1URO
IPv6 Certified
SMTP: n1uro-at-n1uro.ampr.org


Information forwarded to devuan-bugs@lists.dyne.org, devuan-dev@lists.dyne.org:
bug#430; Package linux-image. (Sat, 25 Apr 2020 17:18:02 GMT) (full text, mbox, link).


Message #8 received at 430@bugs.devuan.org (full text, mbox, reply):

From: Mark Hindley <mark@hindley.org.uk>
To: 430@bugs.devuan.org, Brian <n1uro@n1uro.ampr.org>
Subject: Re: ax.25 on kernels above 4.1
Date: Sat, 25 Apr 2020 18:01:37 +0100
Control: tags -1 debian

On Sat, 25 Apr 2020 11:52:18 -0400 Brian <n1uro@n1uro.ampr.org> wrote:
> Package: linux-image
> Version: all above 4.1

Brian,

Thanks for this. However the linux kernel packages are not forked in Devuan and
we use the Debian packages directly.

You would be better reporting this to bugs.debian.org.

Thanks

Mark

Added tag(s) debian. Request was from Mark Hindley <mark@hindley.org.uk> to 430-submit@bugs.devuan.org. (Sat, 25 Apr 2020 17:18:04 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Thu Feb 25 10:50:55 2021;