2017-11-23 21:22:50 |
Jan-Otto Kröpke |
bug |
|
|
added bug |
2017-11-24 10:15:06 |
Christian Ehrhardt |
strongswan (Ubuntu): status |
New |
Confirmed |
|
2017-11-24 10:15:09 |
Christian Ehrhardt |
bug |
|
|
added subscriber ChristianEhrhardt |
2017-11-24 10:15:17 |
Christian Ehrhardt |
bug |
|
|
added subscriber Ubuntu Server Team |
2017-12-14 17:42:12 |
Launchpad Janitor |
strongswan (Ubuntu): status |
Confirmed |
Fix Released |
|
2017-12-14 17:42:12 |
Launchpad Janitor |
cve linked |
|
2017-11185 |
|
2017-12-18 09:00:38 |
Christian Ehrhardt |
nominated for series |
|
Ubuntu Artful |
|
2017-12-18 09:00:38 |
Christian Ehrhardt |
bug task added |
|
strongswan (Ubuntu Artful) |
|
2017-12-18 09:00:38 |
Christian Ehrhardt |
nominated for series |
|
Ubuntu Zesty |
|
2017-12-18 09:00:38 |
Christian Ehrhardt |
bug task added |
|
strongswan (Ubuntu Zesty) |
|
2017-12-18 09:00:38 |
Christian Ehrhardt |
nominated for series |
|
Ubuntu Xenial |
|
2017-12-18 09:00:38 |
Christian Ehrhardt |
bug task added |
|
strongswan (Ubuntu Xenial) |
|
2017-12-18 09:19:52 |
Christian Ehrhardt |
strongswan (Ubuntu Xenial): status |
New |
Triaged |
|
2017-12-18 09:19:53 |
Christian Ehrhardt |
strongswan (Ubuntu Zesty): status |
New |
Triaged |
|
2017-12-18 09:19:55 |
Christian Ehrhardt |
strongswan (Ubuntu Artful): status |
New |
Triaged |
|
2017-12-18 10:47:00 |
Christian Ehrhardt |
description |
See: https://wiki.strongswan.org/issues/2223
There is a chance to get an backport into xenial?
It's fixed in the upstream version 5.5.2
# apt-cache policy strongswan
strongswan:
Installed: 5.3.5-1ubuntu3.4
Candidate: 5.3.5-1ubuntu3.4
# lsb_release -rd
Description: Ubuntu 16.04.3 LTS
Release: 16.04 |
[Impact]
* charon unnecessarily selects a wrong PSK in some cases:
* A site-to-site connection using resolvable hostnames (e.g., DynDNS) as identities in /etc/ipsec.secrets and a Roadwarrior connection (using %any as remote peer identity)
* Multiple site-to-site connections using resolvable hostnames as identities
* Fix is a backport from upstream in since 5.5.2
[Test Case]
* There are detailed steps on how to configure for this case on
https://wiki.strongswan.org/issues/2223
[Regression Potential]
* It is known (see discussion in upstream bug) that this can slightly
increase the connection setup as it adds a dns query. But un-breaking
the covered use cases was considered worth to do so upstream, and so
should we.
* By changing the IKEv1 PSK codepath is the only changed path, so this is
the area where unexpected regressions could occur. None of the testing
found some so far and since upstream didn't change it for a while it
seems safe to me.
[Other Info]
* n/a
---
See: https://wiki.strongswan.org/issues/2223
There is a chance to get an backport into xenial?
It's fixed in the upstream version 5.5.2
# apt-cache policy strongswan
strongswan:
Installed: 5.3.5-1ubuntu3.4
Candidate: 5.3.5-1ubuntu3.4
# lsb_release -rd
Description: Ubuntu 16.04.3 LTS
Release: 16.04 |
|
2017-12-18 11:58:56 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~paelzer/ubuntu/+source/strongswan/+git/strongswan/+merge/335311 |
|
2017-12-18 11:59:31 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~paelzer/ubuntu/+source/strongswan/+git/strongswan/+merge/335312 |
|
2017-12-18 11:59:50 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~paelzer/ubuntu/+source/strongswan/+git/strongswan/+merge/335313 |
|
2017-12-19 09:15:37 |
Christian Ehrhardt |
strongswan (Ubuntu Xenial): status |
Triaged |
In Progress |
|
2017-12-19 09:15:38 |
Christian Ehrhardt |
strongswan (Ubuntu Zesty): status |
Triaged |
In Progress |
|
2017-12-19 09:15:40 |
Christian Ehrhardt |
strongswan (Ubuntu Artful): status |
Triaged |
In Progress |
|
2017-12-20 00:34:35 |
Chris Halse Rogers |
strongswan (Ubuntu Artful): status |
In Progress |
Fix Committed |
|
2017-12-20 00:34:37 |
Chris Halse Rogers |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2017-12-20 00:34:39 |
Chris Halse Rogers |
bug |
|
|
added subscriber SRU Verification |
2017-12-20 00:34:44 |
Chris Halse Rogers |
tags |
|
verification-needed verification-needed-artful |
|
2017-12-20 00:53:52 |
Chris Halse Rogers |
strongswan (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
2017-12-20 00:54:02 |
Chris Halse Rogers |
tags |
verification-needed verification-needed-artful |
verification-needed verification-needed-artful verification-needed-xenial |
|
2017-12-20 00:58:10 |
Chris Halse Rogers |
strongswan (Ubuntu Zesty): status |
In Progress |
Fix Committed |
|
2017-12-20 00:58:17 |
Chris Halse Rogers |
tags |
verification-needed verification-needed-artful verification-needed-xenial |
verification-needed verification-needed-artful verification-needed-xenial verification-needed-zesty |
|
2017-12-20 23:05:01 |
Simon Déziel |
tags |
verification-needed verification-needed-artful verification-needed-xenial verification-needed-zesty |
verification-done-xenial verification-needed verification-needed-artful verification-needed-zesty |
|
2018-01-02 10:02:50 |
Christian Ehrhardt |
tags |
verification-done-xenial verification-needed verification-needed-artful verification-needed-zesty |
verification-done verification-done-artful verification-done-xenial verification-done-zesty |
|
2018-01-02 10:56:04 |
Launchpad Janitor |
strongswan (Ubuntu Artful): status |
Fix Committed |
Fix Released |
|
2018-01-02 10:56:13 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2018-01-02 10:58:25 |
Launchpad Janitor |
strongswan (Ubuntu Zesty): status |
Fix Committed |
Fix Released |
|
2018-01-03 12:02:14 |
Launchpad Janitor |
strongswan (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|