From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:36515 "EHLO
        out1-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1728648AbeLFFpx (ORCPT
        <rfc822;stable@vger.kernel.org>); Thu, 6 Dec 2018 00:45:53 -0500
Date: Thu, 6 Dec 2018 06:45:49 +0100
From: Greg KH <greg@kroah.com>
To: Ben Hutchings <ben.hutchings@codethink.co.uk>
Cc: Sasha Levin <sashal@kernel.org>, Ilya Dryomov <idryomov@gmail.com>,
        stable-commits@vger.kernel.org, stable@vger.kernel.org
Subject: Re: Patch "libceph: implement CEPHX_V2 calculation mode" has been
 added to the 4.14-stable tree
Message-ID: <20181206054549.GB12239@kroah.com>
References: <20181202155105.CA3F220851@mail.kernel.org>
 <CAOi1vP-2X7R4ru+A-pJEhnqnRECnfXkrjV1Z5Wh7L+FOZ3nUww@mail.gmail.com>
 <20181203152602.GH235790@sasha-vm>
 <CAOi1vP8DKXfjYgZPcpT0JVve=dwUfte_wRU4Wg0c=Sn8Ly8nug@mail.gmail.com>
 <20181203161632.GK235790@sasha-vm>
 <1544048717.2867.17.camel@codethink.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <1544048717.2867.17.camel@codethink.co.uk>
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On Wed, Dec 05, 2018 at 10:25:17PM +0000, Ben Hutchings wrote:
> On Mon, 2018-12-03 at 11:16 -0500, Sasha Levin wrote:
> > On Mon, Dec 03, 2018 at 04:32:18PM +0100, Ilya Dryomov wrote:
> > > On Mon, Dec 3, 2018 at 4:26 PM Sasha Levin <sashal@kernel.org> wrote:
> > > > 
> > > > + Ben
> > > > 
> > > > On Mon, Dec 03, 2018 at 12:09:25PM +0100, Ilya Dryomov wrote:
> [...]
> > > > > The CVEs mentioned in this series are server side and CEPHX_V2 is
> > > > > probably more of a new feature than a security fix.��That said, I don't
> > > > > object to including it in 4.14.z.��If you do, please pick up the
> > > > > remaining two patches for interoperability:
> > > > > 
> > > > > f1d10e046379 libceph: weaken sizeof check in ceph_x_verify_authorizer_reply()
> > > > > 130f52f2b203 libceph: check authorizer reply/challenge length before reading
> > > > 
> > > > Would I be pulling this patch if it didn't have the string
> > > > "CVE-2018-1129" in the commit message?
> > > 
> > > Well, I didn't mark this series for stable, so probably not.
> > 
> > Alrighty, thanks.
> > 
> > Ben, any objections to dropping this patch?
> 
> My understanding is that while the security impact is on the server
> side, an unpatched client won't be able to authenticate to a patched
> server.  Assuming that is correct, this change seems to fit the stable
> rules.

I kept them in the tree, and added the additional ones, thanks!

greg k-h