Racoon fails to load the crypto modules
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ipsec-tools (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Oneiric |
Fix Released
|
High
|
Unassigned |
Bug Description
Racoon fails to load the crypto modules and therefore fails.
This is dues to the racoon-tool improperly checking the version number:
It uses the following code to work out the module extensions, but will get the wrong (old) extension on 3.0.x Kernels.
(As in Oneiric 1:0.8.0-3ubuntu1)
$modext = ( $kver =~ /^2\.6\./ ? ".ko" : ".o" );
SRU Justification:
======
IMPACT:
* racoon fails to load necessary modules on oneiric if installation uses racoon-tool administrative front-end to manage configuration. This is optional (debconf question at racoon pkg installation). If racoon-tool is chosen over directly editing config, /etc/init.d/racoon init script makes use of racoon-tool which does is broken on oneiric due to a bug in kernel version detection in racoon-tool.pl
ADDRESSED:
* racoon-tool.pl is maintained in Debian and has since been fixed to properly parse 3.x kernel versions as wel as 2.6.x. It has been fixed in the latest Ubuntu development version since ipsec-tools 1:0.8.0-9ubuntu1.
REPRODUCE:
* apt-get -y install racoon. Choose 'racoon-tool' at the first debconf question. '/etc/init.d/racoon start' reports dozens of errors similar to: FATAL: Module seed. not found.
REGRESSION POTENTIAL:
* Minimal. oneiric is the only affected release as its the only Ubuntu release running a 3.x kernel with an affected ipsec-tools package.
======
Related branches
- Luke Yelavich (community): Approve
- Ubuntu branches: Pending requested
-
Diff: 28 lines (+9/-1)2 files modifieddebian/changelog (+7/-0)
debian/racoon-tool.pl (+2/-1)
Changed in ipsec-tools (Ubuntu): | |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in ipsec-tools (Ubuntu Oneiric): | |
assignee: | nobody → Adam Gandelman (gandelman-a) |
importance: | Undecided → High |
status: | New → Confirmed |
description: | updated |
Changed in ipsec-tools (Ubuntu Oneiric): | |
assignee: | Adam Gandelman (gandelman-a) → nobody |
tags: |
added: verification-done removed: verification-needed |
The racool-tool.pl script is maintained in Debian. This has since been fixed there and fixed in Ubuntu as of ipsec-tools 1:0.8.0-9ubuntu1 via merge Bug #881097