NAK: [Bionic][PATCH 0/1] Revert "crypto: hash - prevent using keyed hashes without setting key"
Joseph Salisbury
joseph.salisbury at canonical.com
Tue Apr 10 15:10:36 UTC 2018
On 04/03/2018 02:45 PM, Seth Forshee wrote:
> On Tue, Apr 03, 2018 at 01:47:23PM -0400, Joseph Salisbury wrote:
>> BugLink: http://bugs.launchpad.net/bugs/1759791
>>
>> == Bionic Justification ==
>> Mainline commit 9fa68f620041 introduced a regression in Bionic. Bionic
>> got this commit with the 4.15.4 updates as commit 46e8d06.
>>
>> This bug causes the NFS mounts with kerberos set up to stopped working.
>>
>> A proper patch is being discussed upstream, but it has not landed in mainline
>> as of yet:
>> https://patchwork.kernel.org/patch/10311831/
>>
>>
>> == Fix ==
>> A revert of commit:
>> 9fa68f620041 ("crypto: hash - prevent using keyed hashes without setting key")
> The patch being reverted is a security fix, so I'd prefer to not revert
> it. It looks like there's a fix in linux-next already:
>
> commit 190b22eedd032c14cbc2b9e13d112f039460522c
> Author: Eric Biggers <ebiggers at google.com>
> Date: Wed Mar 28 10:57:22 2018 -0700
>
> sunrpc: remove incorrect HMAC request initialization
>
> Can we try using this patch instead?
>
> Thanks,
> Seth
Testing of that commit is confirmed to resolve the bug by two separate
users that were affected. Can we pull that commit into Bionic instead
of the revert?
More information about the kernel-team
mailing list