[FFe] NTRU Plugin Missing in Focal
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
strongswan (Debian) |
New
|
Unknown
|
|||
strongswan (Ubuntu) |
Fix Released
|
Medium
|
Christian Ehrhardt |
Bug Description
[ Feature Freeze Exception ]
* The NTRU plugin was enabled in all past releases, so if we re-enable this actually it isn't a Feature change for upgraders. Instead if we don't resolve this bug is a "loss of features" - therefore I'm even unsure this would need an FFe but let us stick to the process.
* Background: In an effort to synchronize between Debian and Ubuntu we got many things enabled and packaged in Debian that were only in Ubuntu before. But at the same time we disabled several plugins that are not enabled by default and also unused according to bug/usage reports in the past. This is such a report identifying one of our clearings being overzealous; so I'd want to re-enable it.
* The plugin is standardized (no experimental crap) [1] and considered stable [2] since quite a while.
[1]: https:/
[2]: https:/
I'd be happy if the ubuntu-release Team could give a quick ack to my assumptions so I can upload this to Focal once all things are in place.
------------
the post quantum Key Exchange Algo NTRU is missing in Focal
on edgy is still there:
# cat /etc/issue
Ubuntu 19.10 \n \l
# apt list | grep strongswan
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
libstrongswan-
libstrongswan-
libstrongswan-
libstrongswan-
libstrongswan/
libstrongswan/eoan 5.7.2-1ubuntu3 i386
network-
network-
strongswan-
strongswan-
strongswan-
strongswan-
strongswan-nm/eoan 5.7.2-1ubuntu3 amd64
strongswan-nm/eoan 5.7.2-1ubuntu3 i386
strongswan-pki/eoan 5.7.2-1ubuntu3 amd64
strongswan-pki/eoan 5.7.2-1ubuntu3 i386
strongswan-
strongswan-
strongswan-
strongswan-
strongswan-
strongswan-
strongswan-
strongswan-
strongswan-
strongswan-
strongswan-
strongswan/
# ipsec statusall | grep ntru
loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke vici updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-
-------
but on current focal it is missing:
-------
# cat /etc/issue
Ubuntu Focal Fossa (development branch) \n \l
# apt list | grep strongswan
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
libstrongswan-
libstrongswan-
libstrongswan/
network-
strongswan-
strongswan-
strongswan-nm/focal 5.8.2-1ubuntu1 amd64
strongswan-
strongswan-
strongswan-
strongswan-
strongswan-
strongswan-
strongswan-
strongswan-
strongswan-
strongswan/
# ipsec statusall | grep ntru
# (nothing .. not there)
# pluginlist of ipsec statusall:
loaded plugins: charon test-vectors ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm drbg curl attr kernel-netlink resolve socket-default connmark farp stroke vici updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity counters
there is also no other post quantum algo available
Related branches
- Christian Ehrhardt (community): Approve
- Canonical Server: Pending requested
- git-ubuntu import: Pending requested
-
Diff: 1934 lines (+1689/-3)6 files modifieddebian/changelog (+1661/-0)
debian/control (+8/-3)
debian/libcharon-extra-plugins.install (+6/-0)
debian/libcharon-extra-plugins.maintscript (+8/-0)
debian/libstrongswan-extra-plugins.install (+3/-0)
debian/rules (+3/-0)
- Christian Ehrhardt : Pending requested
- Canonical Server: Pending requested
-
Diff: 529 lines (+411/-2) (has conflicts)9 files modifieddebian/changelog (+19/-0)
debian/control (+61/-2)
debian/libcharon-extra-plugins.maintscript (+11/-0)
debian/patches/lp-1879692-1.patch (+75/-0)
debian/patches/lp-1879692-2.patch (+50/-0)
debian/patches/lp-1879692-3.patch (+37/-0)
debian/patches/lp-1879692-4.patch (+42/-0)
debian/patches/lp-1879692-5.patch (+111/-0)
debian/patches/series (+5/-0)
- Lucas Kanashiro (community): Approve
- Canonical Server packageset reviewers: Pending requested
- Canonical Server: Pending requested
-
Diff: 1868 lines (+1630/-3)6 files modifieddebian/changelog (+1602/-0)
debian/control (+8/-3)
debian/libcharon-extra-plugins.install (+6/-0)
debian/libcharon-extra-plugins.maintscript (+8/-0)
debian/libstrongswan-extra-plugins.install (+3/-0)
debian/rules (+3/-0)
- Robie Basak: Approve
- Canonical Server: Pending requested
- git-ubuntu developers: Pending requested
-
Diff: 110 lines (+24/-0)4 files modifieddebian/changelog (+10/-0)
debian/control (+4/-0)
debian/libstrongswan-extra-plugins.install (+8/-0)
debian/rules (+2/-0)
affects: | linux (Ubuntu) → strongswan (Ubuntu) |
Changed in strongswan (Ubuntu): | |
status: | Incomplete → New |
Changed in strongswan (Ubuntu): | |
status: | New → Triaged |
assignee: | nobody → Christian Ehrhardt (paelzer) |
tags: | added: patch-forwarded-debian |
tags: | added: server-next |
summary: |
- NTRU Plugin Missing in Focal + [FFe] NTRU Plugin Missing in Focal |
description: | updated |
Changed in strongswan (Ubuntu): | |
importance: | Undecided → Medium |
Changed in strongswan (Debian): | |
status: | Unknown → New |
tags: | removed: server-next |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1863749
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.