From 01997497f915e8f79871f3f2acb55ac465051d24 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 20:49:59 +0200
Subject: Adding debian version 6.1.76-1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 ...ding-as-mitigation-against-local-exploits.patch | 48 ++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch

(limited to 'debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch')

diff --git a/debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch b/debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch
new file mode 100644
index 000000000..b532d0054
--- /dev/null
+++ b/debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch
@@ -0,0 +1,48 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Mon, 05 Aug 2019 00:29:11 +0100
+Subject: hamradio: Disable auto-loading as mitigation against local exploits
+Forwarded: not-needed
+
+We can mitigate the effect of vulnerabilities in obscure protocols by
+preventing unprivileged users from loading the modules, so that they
+are only exploitable on systems where the administrator has chosen to
+load the protocol.
+
+The 'ham' radio protocols (ax25, netrom, rose) are not actively
+maintained or widely used.  Therefore disable auto-loading.
+
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+--- a/net/ax25/af_ax25.c
++++ b/net/ax25/af_ax25.c
+@@ -1986,7 +1986,7 @@ module_init(ax25_init);
+ MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
+ MODULE_DESCRIPTION("The amateur radio AX.25 link layer protocol");
+ MODULE_LICENSE("GPL");
+-MODULE_ALIAS_NETPROTO(PF_AX25);
++/* MODULE_ALIAS_NETPROTO(PF_AX25); */
+ 
+ static void __exit ax25_exit(void)
+ {
+--- a/net/netrom/af_netrom.c
++++ b/net/netrom/af_netrom.c
+@@ -1486,7 +1486,7 @@ MODULE_PARM_DESC(nr_ndevs, "number of NE
+ MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
+ MODULE_DESCRIPTION("The amateur radio NET/ROM network and transport layer protocol");
+ MODULE_LICENSE("GPL");
+-MODULE_ALIAS_NETPROTO(PF_NETROM);
++/* MODULE_ALIAS_NETPROTO(PF_NETROM); */
+ 
+ static void __exit nr_exit(void)
+ {
+--- a/net/rose/af_rose.c
++++ b/net/rose/af_rose.c
+@@ -1577,7 +1577,7 @@ MODULE_PARM_DESC(rose_ndevs, "number of
+ MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
+ MODULE_DESCRIPTION("The amateur radio ROSE network layer protocol");
+ MODULE_LICENSE("GPL");
+-MODULE_ALIAS_NETPROTO(PF_ROSE);
++/* MODULE_ALIAS_NETPROTO(PF_ROSE); */
+ 
+ static void __exit rose_exit(void)
+ {
-- 
cgit v1.2.3