| 2020-05-15 09:46:25 |
Alex |
bug |
|
|
added bug |
| 2020-05-15 12:19:18 |
Lucas Kanashiro |
strongswan (Ubuntu): status |
New |
Confirmed |
|
| 2020-05-15 12:19:49 |
Lucas Kanashiro |
bug |
|
|
added subscriber Ubuntu Server |
| 2020-05-18 14:02:52 |
Lucas Kanashiro |
nominated for series |
|
Ubuntu Focal |
|
| 2020-05-18 14:02:52 |
Lucas Kanashiro |
bug task added |
|
strongswan (Ubuntu Focal) |
|
| 2020-05-18 14:03:00 |
Lucas Kanashiro |
strongswan (Ubuntu Focal): status |
New |
Confirmed |
|
| 2020-05-19 22:36:58 |
Lucas Kanashiro |
strongswan (Ubuntu Focal): assignee |
|
Lucas Kanashiro (lucaskanashiro) |
|
| 2020-05-19 22:37:02 |
Lucas Kanashiro |
strongswan (Ubuntu): assignee |
|
Lucas Kanashiro (lucaskanashiro) |
|
| 2020-05-19 22:37:14 |
Lucas Kanashiro |
strongswan (Ubuntu Focal): importance |
Undecided |
High |
|
| 2020-05-19 22:37:22 |
Lucas Kanashiro |
strongswan (Ubuntu): importance |
Undecided |
High |
|
| 2020-05-21 20:52:22 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~lucaskanashiro/ubuntu/+source/strongswan/+git/strongswan/+merge/384385 |
|
| 2020-05-22 20:54:42 |
Lucas Kanashiro |
description |
Hello,
As title says. Looks like the eap-peap plugin is not contained in libcharon-extra-plugins
anymore.
Ubuntu 18.04 has one, but Ubuntu 20.04 not. |
[Impact]
Some libcharon EAP plugins were removed since version 5.8.0-2 by the Debian maintainer in order to keep only the essential plugins, reducing the complexity. So users upgrading from Bionic (5.6.2-1ubuntu2.5) to Focal (5.8.2-1ubuntu3) will find some missing plugins. The problem is that many users rely on some of the removed plugins, and it might be considered as a regression for them when upgrading to Focal.
After a nice explanation from Tobias (upstream maintainer) on comment #4 of this bug we decided to enable again 2 of those removed plugins, they are: eap-dynamic and eap-peap. In short, the eap-dynamic plugin allows clients to select an alternative EAP method when the chosen one is not available; and the eap-peap is still widely used mainly because it is what Microsoft implements (not just it but most of the clients support it), EAP-PEAP is often used in conjunction with EAP-MSCHAPv2 to authenticate in Wifi networks for instance and use it for VPNs allows users to reuse the existent infrastructure.
And to avoid any confusion we are also removing the configuration files from the other plugins removed since 5.8.0-2. They are not used anymore but they are still there.
[Test Case]
$ lxc launch ubuntu-daily:bionic strongswan-sru
$ lxc shell strongswan-sru
$ apt update && apt upgrade -y
$ apt install strongswan libcharon-extra-plugins -y
$ dpkg -L libcharon-extra-plugins | grep eap-dynamic
/etc/strongswan.d/charon/eap-dynamic.conf
/usr/lib/ipsec/plugins/libstrongswan-eap-dynamic.so
/usr/share/strongswan/templates/config/plugins/eap-dynamic.conf
$ dpkg -L libcharon-extra-plugins | grep eap-peap
/etc/strongswan.d/charon/eap-peap.conf
/usr/lib/ipsec/plugins/libstrongswan-eap-peap.so
/usr/share/strongswan/templates/config/plugins/eap-peap.conf
# Upgrade to Focal
$ do-release-upgrade
# Note the conf file was not removed by the upgrade even after the plugin was disabled
$ dpkg -L libcharon-extra-plugins | grep eap-dynamic
/etc/strongswan.d/charon/eap-dynamic.conf
# Note the conf file was not removed by the upgrade even after the plugin was disabled
$ dpkg -L libcharon-extra-plugins | grep eap-peap
/etc/strongswan.d/charon/eap-peap.conf
# If you check for all the EAP plugins in libcharon-extra-plugins you can see those old conf files are still there even after the removal of the respective plugins
$ dpkg -L libcharon-extra-plugins | grep eap
/etc/strongswan.d/charon/eap-aka.conf
/etc/strongswan.d/charon/eap-gtc.conf
/etc/strongswan.d/charon/eap-identity.conf
/etc/strongswan.d/charon/eap-md5.conf
/etc/strongswan.d/charon/eap-radius.conf
/etc/strongswan.d/charon/eap-tls.conf
/etc/strongswan.d/charon/eap-tnc.conf
/etc/strongswan.d/charon/eap-ttls.conf
/etc/strongswan.d/charon/xauth-eap.conf
/usr/lib/ipsec/plugins/libstrongswan-eap-aka.so
/usr/lib/ipsec/plugins/libstrongswan-eap-dynamic.so
/usr/lib/ipsec/plugins/libstrongswan-eap-gtc.so
/usr/lib/ipsec/plugins/libstrongswan-eap-identity.so
/usr/lib/ipsec/plugins/libstrongswan-eap-md5.so
/usr/lib/ipsec/plugins/libstrongswan-eap-radius.so
/usr/lib/ipsec/plugins/libstrongswan-eap-tls.so
/usr/lib/ipsec/plugins/libstrongswan-eap-tnc.so
/usr/lib/ipsec/plugins/libstrongswan-eap-ttls.so
/usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so
/usr/share/strongswan/templates/config/plugins/eap-aka.conf
/usr/share/strongswan/templates/config/plugins/eap-gtc.conf
/usr/share/strongswan/templates/config/plugins/eap-identity.conf
/usr/share/strongswan/templates/config/plugins/eap-md5.conf
/usr/share/strongswan/templates/config/plugins/eap-radius.conf
/usr/share/strongswan/templates/config/plugins/eap-tls.conf
/usr/share/strongswan/templates/config/plugins/eap-tnc.conf
/usr/share/strongswan/templates/config/plugins/eap-ttls.conf
/usr/share/strongswan/templates/config/plugins/xauth-eap.conf
/etc/strongswan.d/charon/eap-aka-3gpp2.conf
/etc/strongswan.d/charon/eap-dynamic.conf
/etc/strongswan.d/charon/eap-peap.conf
/etc/strongswan.d/charon/eap-sim-file.conf
/etc/strongswan.d/charon/eap-sim-pcsc.conf
/etc/strongswan.d/charon/eap-sim.conf
/etc/strongswan.d/charon/eap-simaka-pseudonym.conf
/etc/strongswan.d/charon/eap-simaka-reauth.conf
/etc/strongswan.d/charon/eap-simaka-sql.conf
[Regression Potential]
The proposed changes affects the libcharon-extra-plugins binary package, so if any non expected behavior is identified in it might be related to this SRU. Some maintainer scripts were added to the libcharon-extra-plugins, therefore if there is any issue during installation/upgrade/removal/purge of this package might be triggered by these changes.
[Original Description]
Hello,
As title says. Looks like the eap-peap plugin is not contained in libcharon-extra-plugins
anymore.
Ubuntu 18.04 has one, but Ubuntu 20.04 not. |
|
| 2020-05-22 20:54:53 |
Lucas Kanashiro |
summary |
No EAP-PEAP support anymore |
[SRU] No EAP-PEAP support anymore |
|
| 2020-05-22 21:05:16 |
Lucas Kanashiro |
strongswan (Ubuntu Focal): status |
Confirmed |
In Progress |
|
| 2020-05-22 21:05:19 |
Lucas Kanashiro |
strongswan (Ubuntu): status |
Confirmed |
In Progress |
|
| 2020-05-22 21:26:11 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~lucaskanashiro/ubuntu/+source/strongswan/+git/strongswan/+merge/384464 |
|
| 2020-05-22 21:29:50 |
Lucas Kanashiro |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2020-05-22 21:30:30 |
Lucas Kanashiro |
tags |
|
verification-done verification-done-focal |
|
| 2020-05-26 17:02:55 |
Launchpad Janitor |
strongswan (Ubuntu): status |
In Progress |
Fix Released |
|
| 2020-05-27 02:34:18 |
Chris Halse Rogers |
strongswan (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
| 2020-05-27 02:34:21 |
Chris Halse Rogers |
bug |
|
|
added subscriber SRU Verification |
| 2020-05-27 02:34:26 |
Chris Halse Rogers |
tags |
verification-done verification-done-focal |
verification-needed verification-needed-focal |
|
| 2020-05-27 15:38:30 |
Lucas Kanashiro |
tags |
verification-needed verification-needed-focal |
verification-done verification-done-focal |
|
| 2020-06-04 07:20:38 |
Launchpad Janitor |
strongswan (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2020-06-04 07:20:46 |
Ćukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2021-01-19 11:44:26 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~paelzer/ubuntu/+source/strongswan/+git/strongswan/+merge/396490 |
|
| 2021-09-21 09:27:46 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~paride/ubuntu/+source/strongswan/+git/strongswan/+merge/408927 |
|
| 2021-11-12 14:49:24 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~paride/ubuntu/+source/strongswan/+git/strongswan/+merge/411793 |
|
