2017-03-06 22:48:47 |
Stephen A. Zarkos |
bug |
|
|
added bug |
2017-03-06 23:00:11 |
Brad Figg |
linux (Ubuntu): status |
New |
Incomplete |
|
2017-03-06 23:03:20 |
Stephen A. Zarkos |
description |
There has been work upstream to enable encryption support for SMB3 connections. This is particularly useful with the Azure Files feature as encryption is required to connected to an Azure Files storage share from on-prem or from a different region.
The relevant commits are as follows:
CIFS: Fix possible use after free in demultiplex thread
Commit 61cfac6f267dabcf2740a7ec8a0295833b28b5f5
CIFS: Allow to switch on encryption with seal mount option
Commit ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31
CIFS: Add capability to decrypt big read responses
Commit c42a6abe3012832a68a371dabe17c2ced97e62ad
CIFS: Decrypt and process small encrypted packets
Commit 4326ed2f6a16ae9d33e4209b540dc9a371aba840
CIFS: Add copy into pages callback for a read operation
Commit d70b9104b1ca586f73aaf59426756cec3325a40e
CIFS: Add mid handle callback
Commit 9b7c18a2d4b798963ea80f6769701dcc4c24b55e
CIFS: Add transform header handling callbacks
Commit 9bb17e0916a03ab901fb684e874d77a1e96b3d1e
CIFS: Encrypt SMB3 requests before sending
Commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398
CIFS: Enable encryption during session setup phase
Commit cabfb3680f78981d26c078a26e5c748531257ebb
CIFS: Add capability to transform requests before sending
Commit 7fb8986e7449d0a5cebd84d059927afa423fbf85
CIFS: Separate RFC1001 length processing for SMB2 read
Commit b8f57ee8aad414a3122bff72d7968a94baacb9b6
CIFS: Separate SMB2 sync header processing
Commit cb200bd6264a80c04e09e8635fa4f3901cabdaef
CIFS: Send RFC1001 length in a separate iov
Commit 738f9de5cdb9175c19d24cfdf90b4543fc3b47bf
CIFS: Make send_cancel take rqst as argument
Commit fb2036d817584df42504910fe104f68517e8990e
CIFS: Make SendReceive2() takes resp iov
Commit da502f7df03d2d0b416775f92ae022f3f82bedd5
CIFS: Separate SMB2 header structure
Commit 31473fc4f9653b73750d3792ffce6a6e1bdf0da7
cifs: Add soft dependencies
Commit b9be76d585d48cb25af8db0d35e1ef9030fbe13a
cifs: Only select the required crypto modules
Commit 3692304bba6164be3810afd41b84ecb0e1e41db1
cifs: Simplify SMB2 and SMB311 dependencies
Commit c1ecea87471bbb614f8121e00e5787f363140365 |
There has been work upstream to enable encryption support for SMB3 connections. This is a particularly valuable (and commonly requested) feature with the Azure Files service as encryption is required to connect to an Azure Files storage share from on-prem or from a different Azure region.
The relevant commits are as follows:
CIFS: Fix possible use after free in demultiplex thread
Commit 61cfac6f267dabcf2740a7ec8a0295833b28b5f5
CIFS: Allow to switch on encryption with seal mount option
Commit ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31
CIFS: Add capability to decrypt big read responses
Commit c42a6abe3012832a68a371dabe17c2ced97e62ad
CIFS: Decrypt and process small encrypted packets
Commit 4326ed2f6a16ae9d33e4209b540dc9a371aba840
CIFS: Add copy into pages callback for a read operation
Commit d70b9104b1ca586f73aaf59426756cec3325a40e
CIFS: Add mid handle callback
Commit 9b7c18a2d4b798963ea80f6769701dcc4c24b55e
CIFS: Add transform header handling callbacks
Commit 9bb17e0916a03ab901fb684e874d77a1e96b3d1e
CIFS: Encrypt SMB3 requests before sending
Commit 026e93dc0a3eefb0be060bcb9ecd8d7a7fd5c398
CIFS: Enable encryption during session setup phase
Commit cabfb3680f78981d26c078a26e5c748531257ebb
CIFS: Add capability to transform requests before sending
Commit 7fb8986e7449d0a5cebd84d059927afa423fbf85
CIFS: Separate RFC1001 length processing for SMB2 read
Commit b8f57ee8aad414a3122bff72d7968a94baacb9b6
CIFS: Separate SMB2 sync header processing
Commit cb200bd6264a80c04e09e8635fa4f3901cabdaef
CIFS: Send RFC1001 length in a separate iov
Commit 738f9de5cdb9175c19d24cfdf90b4543fc3b47bf
CIFS: Make send_cancel take rqst as argument
Commit fb2036d817584df42504910fe104f68517e8990e
CIFS: Make SendReceive2() takes resp iov
Commit da502f7df03d2d0b416775f92ae022f3f82bedd5
CIFS: Separate SMB2 header structure
Commit 31473fc4f9653b73750d3792ffce6a6e1bdf0da7
cifs: Add soft dependencies
Commit b9be76d585d48cb25af8db0d35e1ef9030fbe13a
cifs: Only select the required crypto modules
Commit 3692304bba6164be3810afd41b84ecb0e1e41db1
cifs: Simplify SMB2 and SMB311 dependencies
Commit c1ecea87471bbb614f8121e00e5787f363140365 |
|
2017-03-06 23:06:44 |
Stephen A. Zarkos |
linux (Ubuntu): status |
Incomplete |
Confirmed |
|
2017-03-07 13:59:29 |
Christian Rank |
bug |
|
|
added subscriber Christian Rank |
2017-03-07 17:06:42 |
Tim Gardner |
nominated for series |
|
Ubuntu Zesty |
|
2017-03-07 17:06:42 |
Tim Gardner |
bug task added |
|
linux (Ubuntu Zesty) |
|
2017-03-07 17:08:19 |
Tim Gardner |
linux (Ubuntu Zesty): status |
Confirmed |
Fix Committed |
|
2017-03-07 17:08:19 |
Tim Gardner |
linux (Ubuntu Zesty): assignee |
|
Tim Gardner (timg-tpi) |
|
2017-03-09 17:41:34 |
Brad Figg |
nominated for series |
|
Ubuntu Xenial |
|
2017-03-09 17:41:34 |
Brad Figg |
bug task added |
|
linux (Ubuntu Xenial) |
|
2017-03-16 15:02:52 |
Launchpad Janitor |
linux (Ubuntu Zesty): status |
Fix Committed |
Fix Released |
|
2017-03-16 15:02:52 |
Launchpad Janitor |
cve linked |
|
2017-2636 |
|
2017-03-16 16:32:55 |
Launchpad Janitor |
linux (Ubuntu Xenial): status |
New |
Confirmed |
|
2017-03-16 16:33:21 |
Brad Figg |
nominated for series |
|
Ubuntu Yakkety |
|
2017-03-16 16:33:21 |
Brad Figg |
bug task added |
|
linux (Ubuntu Yakkety) |
|
2017-03-16 16:34:06 |
Joshua R. Poulson |
linux (Ubuntu Yakkety): status |
New |
Confirmed |
|
2017-03-16 16:34:48 |
Joseph Salisbury |
linux (Ubuntu Zesty): importance |
Undecided |
Medium |
|
2017-03-16 16:34:50 |
Joseph Salisbury |
linux (Ubuntu Yakkety): importance |
Undecided |
Medium |
|
2017-03-16 17:34:24 |
Joseph Salisbury |
linux (Ubuntu Xenial): importance |
Undecided |
Medium |
|
2017-03-16 17:34:34 |
Joseph Salisbury |
tags |
|
kernel-da-key kernel-hyper-v |
|
2017-03-23 18:21:53 |
Joseph Salisbury |
linux (Ubuntu Xenial): assignee |
|
Joseph Salisbury (jsalisbury) |
|
2017-03-23 18:21:56 |
Joseph Salisbury |
linux (Ubuntu Yakkety): assignee |
|
Joseph Salisbury (jsalisbury) |
|
2017-03-23 18:22:00 |
Joseph Salisbury |
linux (Ubuntu Yakkety): status |
Confirmed |
In Progress |
|
2017-03-23 18:22:03 |
Joseph Salisbury |
linux (Ubuntu Xenial): status |
Confirmed |
In Progress |
|
2017-05-05 17:59:18 |
Thadeu Lima de Souza Cascardo |
linux (Ubuntu Yakkety): status |
In Progress |
Fix Committed |
|
2017-05-29 10:12:19 |
Kleber Sacilotto de Souza |
tags |
kernel-da-key kernel-hyper-v |
kernel-da-key kernel-hyper-v verification-needed-yakkety |
|
2017-06-06 08:12:19 |
Kleber Sacilotto de Souza |
tags |
kernel-da-key kernel-hyper-v verification-needed-yakkety |
kernel-da-key kernel-hyper-v verification-done-yakkety |
|
2017-06-06 14:47:18 |
Launchpad Janitor |
linux (Ubuntu Yakkety): status |
Fix Committed |
Fix Released |
|
2017-06-06 14:47:18 |
Launchpad Janitor |
cve linked |
|
2017-0605 |
|
2017-06-28 17:46:12 |
Thadeu Lima de Souza Cascardo |
linux (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
2017-07-10 08:21:24 |
Kleber Sacilotto de Souza |
tags |
kernel-da-key kernel-hyper-v verification-done-yakkety |
kernel-da-key kernel-hyper-v verification-done-yakkety verification-needed-xenial |
|
2017-07-18 10:10:34 |
Kleber Sacilotto de Souza |
tags |
kernel-da-key kernel-hyper-v verification-done-yakkety verification-needed-xenial |
kernel-da-key kernel-hyper-v verification-done-yakkety verification-failed-xenial |
|
2017-07-21 18:47:35 |
Pavel Shilovsky |
bug |
|
|
added subscriber Pavel Shilovsky |
2017-07-24 07:59:49 |
Launchpad Janitor |
linux (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2017-07-24 07:59:49 |
Launchpad Janitor |
cve linked |
|
2017-1000364 |
|
2017-07-24 07:59:49 |
Launchpad Janitor |
linux (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|