APPLIED[Xenial]: [SRU][Xenial][Zesty][Artful][PATCH 0/1] SMB3: Validate negotiate request must always be signed

Joseph Salisbury joseph.salisbury at canonical.com
Mon Nov 20 15:04:53 UTC 2017


On 11/20/2017 06:09 AM, Stefan Bader wrote:
> On 03.11.2017 17:44, Joseph Salisbury wrote:
>> BugLink: http://bugs.launchpad.net/bugs/1729337
>>
>> == SRU Justification ==
>> The bug reporter stated they have a cluster of servers that applied Xenial updates 
>> and then were unable to mount CIFS shares after upgrading to 4.4.0-98. The 
>> same machines on 4.4.0-97 do not hit the regression.  It was found that the
>> regression is fixed by mainline commit:
>> 4587eee04e2a ("SMB3: Validate negotiate request must always be signed").
>>
>> This fix is required in all Ubuntu supported releases.  Commit 4587eee04e2a
>> landed in mailine as of 4.14-rc7.  It  was also cc'd to upstream stable, 
>> but it has not landed in any stable releases yet, which is the reason for 
>> this SRU.  
>>
>> Commit 4587eee04e2a is also required in Trusty, but Trusty needs a minor backort,
>> so it's SRU will be sent seperate. 
>>
>>     
>> == Fix ==
>> commit 4587eee04e2ac7ac3ac9fa2bc164fb6e548f99cd
>> Author: Steve French <smfrench at gmail.com>
>> Date:   Wed Oct 25 15:58:31 2017 -0500
>>     SMB3: Validate negotiate request must always be signed
>>
>> == Regression Potential ==
>> This patch is to fix a regression.  It was also cc'd to upstream stable, so 
>> it received addition review upstream.
>>
>> == Test Case ==
>> A test kernel was built with this patch and tested by the original bug reporter.
>> The bug reporter states the test kernel resolved the bug.
>>
>> Steve French (1):
>>   SMB3: Validate negotiate request must always be signed
>>
>>  fs/cifs/smb2pdu.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
> Applied to Xenial master-next. Wondering about the NAK for Zesty: was that
> intentional or should that have been Artful (where it is said to be already
> applied)?
>
> -Stefan
>
>
Yes, the NAK is needed for Zesty was because the regression was
introduced by commit
0603c96f ("SMB: Validate negotiate (to protect against
downgrade)downgrade) even if signing off").

This commit never made it to Zesty because upstream 4.10 is EOL.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20171120/3f0d4743/attachment.sig>


More information about the kernel-team mailing list