| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Jun 2014 13:50:08 -0700 From: Kamal Mostafa <kamal@...onical.com> To: Johan Hedberg <johan.hedberg@...el.com> Cc: linux-kernel@...r.kernel.org, stable@...r.kernel.org, kernel-team@...ts.ubuntu.com, Marcel Holtmann <marcel@...tmann.org> Subject: Re: [PATCH 3.13 131/160] Bluetooth: Fix redundant encryption request for reauthentication On Wed, 2014-06-11 at 07:55 +0300, Johan Hedberg wrote: > Hi, > > On Tue, Jun 10, 2014, Kamal Mostafa wrote: > > 3.13.11.3 -stable review patch. If anyone has any objections, please let me know. > > > > ------------------ > > > > From: Johan Hedberg <johan.hedberg@...el.com> > > > > commit 09da1f3463eb81d59685df723b1c5950b7570340 upstream. > > > > When we're performing reauthentication (in order to elevate the > > security level from an unauthenticated key to an authenticated one) we > > do not need to issue any encryption command once authentication > > completes. Since the trigger for the encryption HCI command is the > > ENCRYPT_PEND flag this flag should not be set in this scenario. > > Instead, the REAUTH_PEND flag takes care of all necessary steps for > > reauthentication. > > > > Signed-off-by: Johan Hedberg <johan.hedberg@...el.com> > > Signed-off-by: Marcel Holtmann <marcel@...tmann.org> > > Signed-off-by: Kamal Mostafa <kamal@...onical.com> > > --- > > net/bluetooth/hci_conn.c | 9 ++++++--- > > 1 file changed, 6 insertions(+), 3 deletions(-) > > This one has a regression reported against it: > > https://bugzilla.kernel.org/show_bug.cgi?id=77541 > > The report also has a working fix for the issue which we'll be sending > to the stable trees (it's already in the Bluetooth subsystem tree). So > I'm not sure what the right way to proceed here: ignore this patch until > the other patch is available, apply this one and wait for the other one, > or just forget about both patches for the stable trees. > > Johan > Thanks very much for the heads-up, Johan! I've dropped this patch from the upcoming 3.13.11.3 release. Please let me know when the fix-fix lands in mainline so that I can pick them both up together. -Kamal -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists