[Kernel-packages] [Bug 1670508] Re: CIFS: Enable encryption for SMB3

Launchpad Bug Tracker Tue, 06 Jun 2017 08:06:13 -0700

This bug was fixed in the package linux - 4.8.0-54.57

---------------
linux (4.8.0-54.57) yakkety; urgency=low


  * linux: 4.8.0-54.57 -proposed tracker (LP: #1692589)

  * CVE-2017-0605
    - tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()

  * Populating Hyper-V MSR for Ubuntu 13.10 (LP: #1193172)
    - SAUCE: (no-up) hv: Supply vendor ID and package ABI

  * [Hyper-V] Implement Hyper-V PTP Source (LP: #1676635)
    - hv: allocate synic pages for all present CPUs
    - hv: init percpu_list in hv_synic_alloc()
    - Drivers: hv: vmbus: Prevent sending data on a rescinded channel
    - hv: switch to cpuhp state machine for synic init/cleanup
    - hv: make CPU offlining prevention fine-grained
    - Drivers: hv: vmbus: Fix a rescind handling bug
    - Drivers: hv: util: kvp: Fix a rescind processing issue
    - Drivers: hv: util: Fcopy: Fix a rescind processing issue
    - Drivers: hv: util: Backup: Fix a rescind processing issue
    - Drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents
    - Drivers: hv: vmbus: Move the definition of generate_guest_id()
    - Revert "UBUNTU: SAUCE: (no-up) hv: Supply vendor ID and package ABI"
    - Drivers: hv vmbus: Move Hypercall page setup out of common code
    - Drivers: hv: vmbus: Move Hypercall invocation code out of common code
    - Drivers: hv: vmbus: Consolidate all Hyper-V specific clocksource code
    - Drivers: hv: vmbus: Move the extracting of Hypervisor version information
    - Drivers: hv: vmbus: Move the crash notification function
    - Drivers: hv: vmbus: Move the check for hypercall page setup
    - Drivers: hv: vmbus: Move the code to signal end of message
    - Drivers: hv: vmbus: Restructure the clockevents code
    - Drivers: hv: util: Use hv_get_current_tick() to get current tick
    - Drivers: hv: vmbus: Get rid of an unsused variable
    - Drivers: hv: vmbus: Define APIs to manipulate the message page
    - Drivers: hv: vmbus: Define APIs to manipulate the event page
    - Drivers: hv: vmbus: Define APIs to manipulate the synthetic interrupt
      controller
    - Drivers: hv: vmbus: Define an API to retrieve virtual processor index
    - Drivers: hv: vmbus: Define an APIs to manage interrupt state
    - Drivers: hv: vmbus: Cleanup hyperv_vmbus.h
    - hv_util: switch to using timespec64
    - Drivers: hv: restore hypervcall page cleanup before kexec
    - Drivers: hv: restore TSC page cleanup before kexec
    - Drivers: hv: balloon: add a fall through comment to hv_memory_notifier()
    - Drivers: hv: vmbus: Use all supported IC versions to negotiate
    - Drivers: hv: Log the negotiated IC versions.
    - Drivers: hv: Fix the bug in generating the guest ID
    - hv: export current Hyper-V clocksource
    - hv_utils: implement Hyper-V PTP source
    - SAUCE: (no-up) hv: Supply vendor ID and package ABI

  * CIFS: Enable encryption for SMB3 (LP: #1670508)
    - SMB3: Add mount parameter to allow user to override max credits
    - SMB2: Separate Kerberos authentication from SMB2_sess_setup
    - SMB2: Separate RawNTLMSSP authentication from SMB2_sess_setup
    - SMB3: parsing for new snapshot timestamp mount parm
    - cifs: Simplify SMB2 and SMB311 dependencies
    - cifs: Only select the required crypto modules
    - cifs: Add soft dependencies
    - CIFS: Separate SMB2 header structure
    - CIFS: Make SendReceive2() takes resp iov
    - CIFS: Make send_cancel take rqst as argument
    - CIFS: Send RFC1001 length in a separate iov
    - CIFS: Separate SMB2 sync header processing
    - CIFS: Separate RFC1001 length processing for SMB2 read
    - CIFS: Add capability to transform requests before sending
    - CIFS: Enable encryption during session setup phase
    - CIFS: Encrypt SMB3 requests before sending
    - CIFS: Add transform header handling callbacks
    - CIFS: Add mid handle callback
    - CIFS: Add copy into pages callback for a read operation
    - CIFS: Decrypt and process small encrypted packets
    - CIFS: Add capability to decrypt big read responses
    - CIFS: Allow to switch on encryption with seal mount option
    - CIFS: Fix possible use after free in demultiplex thread

  * APST quirk needed for Samsung 512GB NVMe drive (LP: #1678184)
    - nvme: Adjust the Samsung APST quirk
    - nvme: Quirk APST off on "THNSF5256GPUK TOSHIBA"

 -- Kleber Sacilotto de Souza <kleber.so...@canonical.com>  Mon, 22 May
2017 18:56:12 +0200

** Changed in: linux (Ubuntu Yakkety)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-0605

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1670508

Title:
  CIFS: Enable encryption for SMB3

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  In Progress
Status in linux source package in Yakkety:
  Fix Released
Status in linux source package in Zesty:
  Fix Released

Bug description:
  There has been work upstream to enable encryption support for SMB3
  connections. This is a particularly valuable (and commonly requested)
  feature with the Azure Files service as encryption is required to
  connect to an Azure Files storage share from on-prem or from a
  different Azure region.

  The relevant commits are as follows:

  CIFS: Fix possible use after free in demultiplex thread
  Commit 61cfac6f267dabcf2740a7ec8a0295833b28b5f5

  CIFS: Allow to switch on encryption with seal mount option
  Commit ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31

  CIFS: Add capability to decrypt big read responses
  Commit c42a6abe3012832a68a371dabe17c2ced97e62ad

  CIFS: Decrypt and process small encrypted packets
  Commit 4326ed2f6a16ae9d33e4209b540dc9a371aba840

  CIFS: Add copy into pages callback for a read operation
  Commit d70b9104b1ca586f73aaf59426756cec3325a40e

  CIFS: Add mid handle callback
  Commit 9b7c18a2d4b798963ea80f6769701dcc4c24b55e

  CIFS: Add transform header handling callbacks
  Commit 9bb17e0916a03ab901fb684e874d77a1e96b3d1e

  CIFS: Encrypt SMB3 requests before sending
  Commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398

  CIFS: Enable encryption during session setup phase
  Commit cabfb3680f78981d26c078a26e5c748531257ebb

  CIFS: Add capability to transform requests before sending
  Commit 7fb8986e7449d0a5cebd84d059927afa423fbf85

  CIFS: Separate RFC1001 length processing for SMB2 read
  Commit b8f57ee8aad414a3122bff72d7968a94baacb9b6

  CIFS: Separate SMB2 sync header processing
  Commit cb200bd6264a80c04e09e8635fa4f3901cabdaef

  CIFS: Send RFC1001 length in a separate iov
  Commit 738f9de5cdb9175c19d24cfdf90b4543fc3b47bf

  CIFS: Make send_cancel take rqst as argument
  Commit fb2036d817584df42504910fe104f68517e8990e

  CIFS: Make SendReceive2() takes resp iov
  Commit da502f7df03d2d0b416775f92ae022f3f82bedd5

  CIFS: Separate SMB2 header structure
  Commit 31473fc4f9653b73750d3792ffce6a6e1bdf0da7

  cifs: Add soft dependencies
  Commit b9be76d585d48cb25af8db0d35e1ef9030fbe13a

  cifs: Only select the required crypto modules
  Commit 3692304bba6164be3810afd41b84ecb0e1e41db1

  cifs: Simplify SMB2 and SMB311 dependencies
  Commit c1ecea87471bbb614f8121e00e5787f363140365

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1670508/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1670508] Re: CIFS: Enable encryption for SMB3

Reply via email to