From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail.kernel.org ([198.145.29.99]:57762 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726608AbeLCQQy (ORCPT <rfc822;stable@vger.kernel.org>);
        Mon, 3 Dec 2018 11:16:54 -0500
Date: Mon, 3 Dec 2018 11:16:32 -0500
From: Sasha Levin <sashal@kernel.org>
To: Ilya Dryomov <idryomov@gmail.com>
Cc: stable-commits@vger.kernel.org, stable@vger.kernel.org,
        ben.hutchings@codethink.co.uk
Subject: Re: Patch "libceph: implement CEPHX_V2 calculation mode" has been
 added to the 4.14-stable tree
Message-ID: <20181203161632.GK235790@sasha-vm>
References: <20181202155105.CA3F220851@mail.kernel.org>
 <CAOi1vP-2X7R4ru+A-pJEhnqnRECnfXkrjV1Z5Wh7L+FOZ3nUww@mail.gmail.com>
 <20181203152602.GH235790@sasha-vm>
 <CAOi1vP8DKXfjYgZPcpT0JVve=dwUfte_wRU4Wg0c=Sn8Ly8nug@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
In-Reply-To: <CAOi1vP8DKXfjYgZPcpT0JVve=dwUfte_wRU4Wg0c=Sn8Ly8nug@mail.gmail.com>
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On Mon, Dec 03, 2018 at 04:32:18PM +0100, Ilya Dryomov wrote:
>On Mon, Dec 3, 2018 at 4:26 PM Sasha Levin <sashal@kernel.org> wrote:
>>
>> + Ben
>>
>> On Mon, Dec 03, 2018 at 12:09:25PM +0100, Ilya Dryomov wrote:
>> >On Sun, Dec 2, 2018 at 4:51 PM Sasha Levin <sashal@kernel.org> wrote:
>> >>
>> >> This is a note to let you know that I've just added the patch titled
>> >>
>> >>     libceph: implement CEPHX_V2 calculation mode
>> >>
>> >> to the 4.14-stable tree which can be found at:
>> >>     http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
>> >>
>> >> The filename of the patch is:
>> >>      libceph-implement-cephx_v2-calculation-mode.patch
>> >> and it can be found in the queue-4.14 subdirectory.
>> >>
>> >> If you, or anyone else, feels it should not be added to the stable tree,
>> >> please let <stable@vger.kernel.org> know about it.
>> >>
>> >>
>> >>
>> >> commit 14735e0afb6ed378becd0dedf37d1e5ddfa12084
>> >> Author: Ilya Dryomov <idryomov@gmail.com>
>> >> Date:   Fri Jul 27 19:25:32 2018 +0200
>> >>
>> >>     libceph: implement CEPHX_V2 calculation mode
>> >>
>> >>     commit cc255c76c70f7a87d97939621eae04b600d9f4a1 upstream.
>> >>
>> >>     Derive the signature from the entire buffer (both AES cipher blocks)
>> >>     instead of using just the first half of the first block, leaving out
>> >>     data_crc entirely.
>> >>
>> >>     This addresses CVE-2018-1129.
>> >>
>> >>     Link: http://tracker.ceph.com/issues/24837
>> >>     Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
>> >>     Reviewed-by: Sage Weil <sage@redhat.com>
>> >>     Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
>> >>     Signed-off-by: Sasha Levin <sashal@kernel.org>
>> >
>> >Hi Sasha,
>> >
>> >The CVEs mentioned in this series are server side and CEPHX_V2 is
>> >probably more of a new feature than a security fix.  That said, I don't
>> >object to including it in 4.14.z.  If you do, please pick up the
>> >remaining two patches for interoperability:
>> >
>> >f1d10e046379 libceph: weaken sizeof check in ceph_x_verify_authorizer_reply()
>> >130f52f2b203 libceph: check authorizer reply/challenge length before reading
>>
>> Would I be pulling this patch if it didn't have the string
>> "CVE-2018-1129" in the commit message?
>
>Well, I didn't mark this series for stable, so probably not.

Alrighty, thanks.

Ben, any objections to dropping this patch?

--
Thanks,
Sasha