Bugs

From Driver Backports Wiki
(Difference between revisions)
Jump to: navigation, search
(Move "Reporting security vulnerabilites" from other page)
(Move content from Bugzilla page)
Line 19: Line 19:
 
The report will be handled in private, once the issue is fixed and propagated to users, the security fix will be disclosed and documented. As of date we have had no security vulnerabilities issues reported. Until then this page can be used to track updates on vulnerabilities related to Linux backports. The attack surface to Linux backports consists about 1-2% of code, this varies depending on what kernel you are on. The older kernel you are on the higher the security risk. Security issues on Linux should affect users of Linux backports if the code is carried over into backports, fixes for that are addressed through new release of backports with the corresponding upstream fixes. Security fixes for Linux belong upstream on Linux, not on Linux backports. To learn how to report Linux kernel security issues refer to [https://www.kernel.org/doc/Documentation/SecurityBugs SecurityBugs documentation].
 
The report will be handled in private, once the issue is fixed and propagated to users, the security fix will be disclosed and documented. As of date we have had no security vulnerabilities issues reported. Until then this page can be used to track updates on vulnerabilities related to Linux backports. The attack surface to Linux backports consists about 1-2% of code, this varies depending on what kernel you are on. The older kernel you are on the higher the security risk. Security issues on Linux should affect users of Linux backports if the code is carried over into backports, fixes for that are addressed through new release of backports with the corresponding upstream fixes. Security fixes for Linux belong upstream on Linux, not on Linux backports. To learn how to report Linux kernel security issues refer to [https://www.kernel.org/doc/Documentation/SecurityBugs SecurityBugs documentation].
  
<h1>Backports bugzilla</h1>
+
= Backports Bugzilla =
  
For future reference: [[bugzilla|backports bugzilla]]
+
== Bugzilla for kernel backports ==
 +
 
 +
The Linux kernel bugzilla has an entry for backport bugs.
 +
 
 +
== Reporting new backport bugs ==
 +
 
 +
To report a new bug use the '''Backports project''' section, or just visit this page:
 +
 
 +
https://bugzilla.kernel.org/enter_bug.cgi?product=Backports%20project
 +
 
 +
Use the ''backports'' component. Its the only component available right now.
 +
 
 +
== Open backport bugs ==
 +
 
 +
https://bugzilla.kernel.org/buglist.cgi?query_format=specific&order=relevance+desc&bug_status=__open__&product=Backports+project&content=.
 +
 
 +
== Closed backport bugs ==
 +
 
 +
https://bugzilla.kernel.org/buglist.cgi?query_format=specific&order=relevance+desc&bug_status=__closed__&product=Backports+project&content=.
  
 
[[File:88x31.png‎]] - This text is licensed under a [https://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 Unported License].
 
[[File:88x31.png‎]] - This text is licensed under a [https://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 Unported License].

Revision as of 01:27, 25 June 2017

Report any bugs you think you may have found because you are working with the latest and greatest drivers! If your bug is backport compatibility-related then we should still try to fix it within the compatibility layer. If you are not sure you can let us help you. To date we have only have identified 2 backport related bugs, all other reported bugs were real bugs in actual upstream code!

We are working on a bugzilla entry for compat / compat-drivers, until then please report all bugs you think you my have found to the backports mailing list and if you know what subsystem you think the bug belongs to Cc: the respective mailing list. Remember that chances are high that the bug is not a backport bug but instead a real upstream bug that must be fixed.

Contents

What mailing lists to report bugs to

Always use: backports@vger.kernel.org and then use one of the following mailing lists depending on the subsystem from where your driver belongs:

 * bluetooth: linux-bluetooth@vger.kernel.org
 * wireless: linux-wireless@vger.kernel.org
 * ethernet: netdev@vger.kernel.org

Reporting security vulnerabilities

If you have a security vulnerabilities issue to report and you know it is backports related you can report this directly to the maintainers:

 * hauke@hauke-m.de, mcgrof@kernel.org, johannes@sipsolutions.net

The report will be handled in private, once the issue is fixed and propagated to users, the security fix will be disclosed and documented. As of date we have had no security vulnerabilities issues reported. Until then this page can be used to track updates on vulnerabilities related to Linux backports. The attack surface to Linux backports consists about 1-2% of code, this varies depending on what kernel you are on. The older kernel you are on the higher the security risk. Security issues on Linux should affect users of Linux backports if the code is carried over into backports, fixes for that are addressed through new release of backports with the corresponding upstream fixes. Security fixes for Linux belong upstream on Linux, not on Linux backports. To learn how to report Linux kernel security issues refer to SecurityBugs documentation.

Backports Bugzilla

Bugzilla for kernel backports

The Linux kernel bugzilla has an entry for backport bugs.

Reporting new backport bugs

To report a new bug use the Backports project section, or just visit this page:

https://bugzilla.kernel.org/enter_bug.cgi?product=Backports%20project

Use the backports component. Its the only component available right now.

Open backport bugs

https://bugzilla.kernel.org/buglist.cgi?query_format=specific&order=relevance+desc&bug_status=__open__&product=Backports+project&content=.

Closed backport bugs

https://bugzilla.kernel.org/buglist.cgi?query_format=specific&order=relevance+desc&bug_status=__closed__&product=Backports+project&content=.

88x31.png - This text is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

Personal tools