| 2018-05-22 19:17:09 |
Alexander Lochmann |
bug |
|
|
added bug |
| 2018-05-23 14:25:43 |
Joshua Powers |
bug watch added |
|
https://bugzilla.redhat.com/show_bug.cgi?id=1574939 |
|
| 2018-05-23 14:25:43 |
Joshua Powers |
bug task added |
|
strongswan (CentOS) |
|
| 2018-05-23 14:26:22 |
Joshua Powers |
strongswan (Ubuntu): status |
New |
Confirmed |
|
| 2018-05-23 14:26:25 |
Joshua Powers |
strongswan (Ubuntu): importance |
Undecided |
Medium |
|
| 2018-05-23 14:26:32 |
Joshua Powers |
bug |
|
|
added subscriber Ubuntu Server |
| 2018-05-23 14:26:57 |
Joshua Powers |
bug |
|
|
added subscriber Joshua Powers |
| 2018-05-29 09:52:24 |
Christian Ehrhardt |
merge proposal linked |
|
https://code.launchpad.net/~paelzer/ubuntu/+source/strongswan/+git/strongswan/+merge/347026 |
|
| 2018-05-29 09:52:49 |
Christian Ehrhardt |
strongswan (Ubuntu): status |
Confirmed |
In Progress |
|
| 2018-06-05 09:19:12 |
Launchpad Janitor |
strongswan (Ubuntu): status |
In Progress |
Fix Released |
|
| 2018-08-08 09:07:38 |
Léon Hagenaars-Keus |
bug |
|
|
added subscriber Léon Hagenaars-Keus |
| 2018-08-26 12:48:00 |
Peter Taylor |
information type |
Public |
Public Security |
|
| 2018-08-26 12:48:46 |
Peter Taylor |
information type |
Public Security |
Public |
|
| 2018-08-26 12:49:41 |
Peter Taylor |
bug |
|
|
added subscriber Peter Taylor |
| 2019-03-08 11:29:51 |
Stuart Meek |
bug |
|
|
added subscriber Stuart Meek |
| 2019-03-08 16:06:05 |
Sebastien Bacher |
tags |
|
rls-bb-incoming |
|
| 2019-04-01 17:31:23 |
Shelnutt2 |
bug |
|
|
added subscriber Shelnutt2 |
| 2019-06-21 08:13:35 |
Sebastien |
bug |
|
|
added subscriber Sebastien |
| 2019-06-21 08:19:30 |
fabien |
bug |
|
|
added subscriber fabien |
| 2019-10-30 23:16:51 |
Bryce Harrington |
nominated for series |
|
Ubuntu Bionic |
|
| 2019-10-30 23:16:51 |
Bryce Harrington |
bug task added |
|
strongswan (Ubuntu Bionic) |
|
| 2019-10-30 23:18:56 |
Bryce Harrington |
tags |
rls-bb-incoming |
rls-bb-incoming server-next |
|
| 2019-11-01 17:00:49 |
Launchpad Janitor |
strongswan (Ubuntu Bionic): status |
New |
Confirmed |
|
| 2019-11-01 17:02:47 |
Simon |
bug |
|
|
added subscriber Simon |
| 2019-11-06 17:36:58 |
Andreas Hasenack |
strongswan (Ubuntu Bionic): importance |
Undecided |
High |
|
| 2019-11-12 11:37:21 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~paelzer/ubuntu/+source/strongswan/+git/strongswan/+merge/375430 |
|
| 2019-11-12 14:07:40 |
Christian Ehrhardt |
attachment added |
|
test-strongswan-bug-1772705.tgz https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1772705/+attachment/5304816/+files/test-strongswan-bug-1772705.tgz |
|
| 2019-11-12 14:15:31 |
Christian Ehrhardt |
description |
Description: Ubuntu 18.04 LTS
Release: 18.04
strongswan-nm:
Installed: 5.6.2-1ubuntu2
Candidate: 5.6.2-1ubuntu2
Version table:
*** 5.6.2-1ubuntu2 500
500 http://de.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
100 /var/lib/dpkg/status
Expectation:
Strongswan should actually receive and set the DNS server properly.
What does happen:
Strongswan-nm (charon-nm) does set a random DNS server which breaks the name resolution completely.
The bug has already been reported for RedHat, and has been fixed in the strongswan upstream repo:
https://bugzilla.redhat.com/show_bug.cgi?id=1574939 |
[Impact]
* Due to a rework of libnm-glib to libnm there was an error in the
strongswan code. This error lead to pass garbadge (pointer instead of
string) to the parser that pushes new config to NM on connection.
* Upstream had a fix for quite a while, it already is in Ubuntu since
Cosmic. But we should also backport it to Bionic.
[Test Case]
* The test follows 4 rough steps, comment #15 has details about them
0. prep a VPN server/client setup with IKEv2
1. Install test system
2. Make sure you have installed strongswan-nm
3. Setup a strongswan connection in NM GUI
[Regression Potential]
* Compared to accessing almost random data the new code seems much safer.
But let us be strict and anticipate regressions, I think in a setup
that was used to get "no valid" DNS carried over it might now actually
get proper DNS which might change name resolution for those clients.
I doubt this is too much of an issue, as the wrong DNS before would
already have added a delay forcing the user to debug and workaround,
but that is the one regression that comes to mind.
* This change only affects charon-nm which means
a) not the strongswan server
b) no systemd-networkd setups
c) no setups that didn't use the NM plugin
[Other Info]
* n/a
---
Description: Ubuntu 18.04 LTS
Release: 18.04
strongswan-nm:
Installed: 5.6.2-1ubuntu2
Candidate: 5.6.2-1ubuntu2
Version table:
*** 5.6.2-1ubuntu2 500
500 http://de.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
100 /var/lib/dpkg/status
Expectation:
Strongswan should actually receive and set the DNS server properly.
What does happen:
Strongswan-nm (charon-nm) does set a random DNS server which breaks the name resolution completely.
The bug has already been reported for RedHat, and has been fixed in the strongswan upstream repo:
https://bugzilla.redhat.com/show_bug.cgi?id=1574939 |
|
| 2019-11-22 12:03:16 |
Timo Aaltonen |
strongswan (Ubuntu Bionic): status |
Confirmed |
Fix Committed |
|
| 2019-11-22 12:03:19 |
Timo Aaltonen |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2019-11-22 12:03:20 |
Timo Aaltonen |
bug |
|
|
added subscriber SRU Verification |
| 2019-11-22 12:03:26 |
Timo Aaltonen |
tags |
rls-bb-incoming server-next |
rls-bb-incoming server-next verification-needed verification-needed-bionic |
|
| 2019-12-16 20:21:45 |
Simon Déziel |
tags |
rls-bb-incoming server-next verification-needed verification-needed-bionic |
rls-bb-incoming server-next verification-failed verification-failed-bionic |
|
| 2020-01-16 15:50:15 |
Simon Déziel |
tags |
rls-bb-incoming server-next verification-failed verification-failed-bionic |
rls-bb-incoming server-next verification-done verification-done-bionic |
|
| 2020-01-20 16:54:07 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2020-01-20 17:04:11 |
Launchpad Janitor |
strongswan (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
