Your message dated Thu, 31 May 2012 16:05:02 +0000
with message-id <[email protected]>
and subject line Bug#664873: fixed in strongswan 4.5.2-1.4
has caused the Debian Bug report #664873,
regarding strongswan-starter: strongswan replaces /etc/resolv.conf instead of
adding information
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
664873: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664873
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: strongswan-starter
Version: 4.5.2-1.3
Severity: important
Hi,
I'm using strongswan with IKEv2 to setup an ipsec tunnel in a
roadwarrior config. I use the dns plugin to add the “home network” dns
server to the resolver config when I mount the tunnel.
This works fine, except that it breaks resolvconf. In resolvconf setups,
/etc/resolv.conf is a symlink to /etc/resolvconf/run/resolv.conf, which
is updated using resolvconf rules.
Strongswan, when adding a dns server in /etc/resolv.conf, seems to
remove the file and recreate it, thus not preserving the symlink.
The best would be to support resolvconf, but even if it's not possible,
it shouldn't mess with the file itself, and just add information where
needed.
Regards,
--
Yves-Alexis
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500,
'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages strongswan-starter depends on:
ii debconf [debconf-2.0] 1.5.42
ii libc6 2.13-27
ii libstrongswan 4.5.2-1.3
ii strongswan-ikev2 4.5.2-1.3
strongswan-starter recommends no packages.
strongswan-starter suggests no packages.
-- Configuration Files:
/etc/ipsec.conf changed:
config setup
# plutodebug=all
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
# nat_traversal=yes
charonstart=yes
plutostart=no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn molly
left=%defaultroute
leftauth=psk
rightauth=psk
leftsourceip=%config
right=78.192.68.46
#rightsubnet=192.168.0.0/24
rightsubnet=0.0.0.0/0
auto=add
conn pass
rightsubnet=192.168.24.0/24
type=passthrough
authby=never
auto=route
/etc/ipsec.secrets [Errno 13] Permission denied: u'/etc/ipsec.secrets'
-- debconf information:
strongswan/x509_self_signed: true
strongswan/x509_country_code: AT
strongswan/ikev1: true
strongswan/x509_organization_name:
strongswan/existing_x509_key_filename:
strongswan/x509_state_name:
strongswan/x509_organizational_unit:
strongswan/how_to_get_x509_certificate: create
strongswan/restart: true
strongswan/x509_common_name:
strongswan/ikev2: true
strongswan/rsa_key_length: 2048
strongswan/existing_x509_certificate_filename:
strongswan/existing_x509_rootca_filename:
strongswan/install_x509_certificate: false
strongswan/x509_email_address:
strongswan/enable-oe: false
strongswan/runlevel_changes:
strongswan/x509_locality_name:
--- End Message ---
--- Begin Message ---
Source: strongswan
Source-Version: 4.5.2-1.4
We believe that the bug you reported is fixed in the latest version of
strongswan, which is due to be installed in the Debian FTP archive:
libstrongswan_4.5.2-1.4_amd64.deb
to main/s/strongswan/libstrongswan_4.5.2-1.4_amd64.deb
strongswan-dbg_4.5.2-1.4_amd64.deb
to main/s/strongswan/strongswan-dbg_4.5.2-1.4_amd64.deb
strongswan-ikev1_4.5.2-1.4_amd64.deb
to main/s/strongswan/strongswan-ikev1_4.5.2-1.4_amd64.deb
strongswan-ikev2_4.5.2-1.4_amd64.deb
to main/s/strongswan/strongswan-ikev2_4.5.2-1.4_amd64.deb
strongswan-nm_4.5.2-1.4_amd64.deb
to main/s/strongswan/strongswan-nm_4.5.2-1.4_amd64.deb
strongswan-starter_4.5.2-1.4_amd64.deb
to main/s/strongswan/strongswan-starter_4.5.2-1.4_amd64.deb
strongswan_4.5.2-1.4.debian.tar.gz
to main/s/strongswan/strongswan_4.5.2-1.4.debian.tar.gz
strongswan_4.5.2-1.4.dsc
to main/s/strongswan/strongswan_4.5.2-1.4.dsc
strongswan_4.5.2-1.4_all.deb
to main/s/strongswan/strongswan_4.5.2-1.4_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yves-Alexis Perez <[email protected]> (supplier of updated strongswan package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 24 May 2012 17:55:51 +0200
Source: strongswan
Binary: strongswan libstrongswan strongswan-dbg strongswan-starter
strongswan-ikev1 strongswan-ikev2 strongswan-nm
Architecture: source all amd64
Version: 4.5.2-1.4
Distribution: unstable
Urgency: high
Maintainer: Rene Mayrhofer <[email protected]>
Changed-By: Yves-Alexis Perez <[email protected]>
Description:
libstrongswan - strongSwan utility and crypto library
strongswan - IPsec VPN solution metapackage
strongswan-dbg - strongSwan library and binaries - debugging symbols
strongswan-ikev1 - strongSwan Internet Key Exchange (v1) daemon
strongswan-ikev2 - strongSwan Internet Key Exchange (v2) daemon
strongswan-nm - strongSwan plugin to interact with NetworkManager
strongswan-starter - strongSwan daemon starter and configuration file parser
Closes: 664873
Changes:
strongswan (4.5.2-1.4) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* debian/patches:
- 0001-Fix-boolean-return-value-if-an-empty-RSA-signature-i added,
backported from upstream. Fix CVE-2012-2388 (when using gmp plugin,
zero length RSA signatures are considered valid).
- 0001-Added-support-for-the-resolvconf-framework-in-resolv added,
correctly handle resolvconf-managed /etc/resolv.conf. closes: #664873
Checksums-Sha1:
9a375a3da80a88eca76ee6a66b82e570b877ccac 2515 strongswan_4.5.2-1.4.dsc
2bea0db3e2b935d171d37f6f64cde3d0b482b0bf 143886
strongswan_4.5.2-1.4.debian.tar.gz
fd5d099f1e9243664405078545559f0f93ca699a 81204 strongswan_4.5.2-1.4_all.deb
09c3de572628f8787bb08da5a70258acf0f1acf7 520878
libstrongswan_4.5.2-1.4_amd64.deb
cba280dc601b6ac4aa78a51db0ac298064e4c8e7 203934
strongswan-dbg_4.5.2-1.4_amd64.deb
00317576f7300deea7edb3a1318a417750283d25 317728
strongswan-starter_4.5.2-1.4_amd64.deb
6b06a84a82f344571f82707b15e53c44342aa5c4 345602
strongswan-ikev1_4.5.2-1.4_amd64.deb
b461c0671c0c0f5e8027399b5cc621f2b886b690 388096
strongswan-ikev2_4.5.2-1.4_amd64.deb
89387ffee2dd94cf393e24b39b53e896e3895b54 58410
strongswan-nm_4.5.2-1.4_amd64.deb
Checksums-Sha256:
79bacf691201afd217aee4dcc3b3554119e2018cab176810a3c3fe30d8a87c8c 2515
strongswan_4.5.2-1.4.dsc
8278301c86f8f0b77a14831800ae144dbfb76e124c2966f6d3bc5193e5bd81d2 143886
strongswan_4.5.2-1.4.debian.tar.gz
6f784c9b80065da61a97f3b9623a87ccadfebcd5dc664eaed8da51110bacdd05 81204
strongswan_4.5.2-1.4_all.deb
9ff045dcba37f8f9abcea68b9be69e8146c4109f8348bb91bb38186bfa4877ce 520878
libstrongswan_4.5.2-1.4_amd64.deb
af2d1b20cc775e7ee64828246df9b0d68e243e0faf5fffb702fc022e5f459e2b 203934
strongswan-dbg_4.5.2-1.4_amd64.deb
976d79b9e19b4d628808c81c64a6b2b3c51b3a6b302093c7c5a8ff8b612f7124 317728
strongswan-starter_4.5.2-1.4_amd64.deb
cf3a7ef9c2dc6b2d35e49321432a1e493f9b9249b3c9a74aaecbbf7fe8b908c9 345602
strongswan-ikev1_4.5.2-1.4_amd64.deb
7f95009efd0fa49fd590cd14d1d70f9c4b6fe402abbf60cffd8e373fbef29d8b 388096
strongswan-ikev2_4.5.2-1.4_amd64.deb
23bc7a03564c7caed5eadeaf11b6aa55e4c0b518d0cb593198123ffb7353722f 58410
strongswan-nm_4.5.2-1.4_amd64.deb
Files:
1050b139c8478d046d9218845699410d 2515 net optional strongswan_4.5.2-1.4.dsc
febbd1ab30c9cd6ac025e2ed0ca5cd2b 143886 net optional
strongswan_4.5.2-1.4.debian.tar.gz
91aa0b5f430a0a5be334d64adb89718d 81204 net optional
strongswan_4.5.2-1.4_all.deb
530547d295ad9b087050e0110f876f95 520878 net optional
libstrongswan_4.5.2-1.4_amd64.deb
25a8cbf1c51493ab279e59dfba4f5741 203934 debug extra
strongswan-dbg_4.5.2-1.4_amd64.deb
91b20d68585e47475e07c6cc42e6ec58 317728 net optional
strongswan-starter_4.5.2-1.4_amd64.deb
d5c5821e8f1146667e30c8c89cea88dd 345602 net optional
strongswan-ikev1_4.5.2-1.4_amd64.deb
f492d5523edea0c41335d2779b04ee02 388096 net optional
strongswan-ikev2_4.5.2-1.4_amd64.deb
67bba5e426baadac6a6e366fcf47f166 58410 net optional
strongswan-nm_4.5.2-1.4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJPxnM3AAoJEDBVD3hx7wuoYMcQAJNiXBr1oioAbzX3RaYSnYWw
V8iMF/iYgxzkrp0CFQdl4JP/kBTbjB+riSgX4xRdgAuWBWBmoVlMDIgNJ00jsTtL
d7EByoKDKNo9pQNmuQ8RTTypxwumISawGGfrWViiH7F95HYbPs6TNnrvKoHGXK18
mgZTbEb06d/J+tezDmyERic/CPaBs9Ixyq/ockp1wYVkfKa/3gU3yT/6fKlWBE5A
O4ZoQ+GTizFnkOsAyT5BTAsRKk3Aedawr3d4bsq11PvzCgV3DGrABmwwRq2Uy2g5
2oQn1EH7aN9rCAlOXeHgX8PCr+W3MCGS9KcV50M0o1pTsx/6qk9ZjHTR7CymIOnO
fWM4sJnmLJPNCdoqUTfYP8n6teVaMjQP4LF75g73iu83oF/HIXu2kwrn2y7fobM1
W9H75MWm+TAyv8Rt4/1ooGBvVpZcXfvC3F1pgd4VNMvU/OEjl9oNBmlXQsBv7qMj
sMCbkhzObHEgi8RQScgMBYipjSOupiMVfCQbIhe4jSU7/F9NK3ZEnTE6c/yjjgw1
L1NOPV94eIO8xk9QVBJjjBdriYASsEboGrGhfPZE0hF8YlZV7Nil8JyDIQBBEhWP
zDbja6kbQVAAnGEyPNzafxVBuOcPLKLlTolpzRqNmFZfPVXSzqbYWWZXivqQDASI
1Jk3TmdLZCXeFTYJKxkF
=GbHq
-----END PGP SIGNATURE-----
--- End Message ---
