Bug#1053467: network-manager-openconnect-gnome: No option to specify UserAgent header in GUI
Package: network-manager-openconnect-gnome Version: 1.2.6-4 Severity: wishlist Tags: patch X-Debbugs-Cc: f...@butterbrot.org Dear Maintainer, our Cisco VPN apparently got upgraded a few days ago and now requires a specific UserAgent header to still allow clients to connect, e.g. using the string "AnyConnect Windows 4.10.04071". There is an upstream patch that fixes this issue, adding a UI field for the user agent string: https://gitlab.gnome.org/GNOME/NetworkManager- openconnect/-/commit/b5e154c06fd9013a925f85c2aa38d88e4ee53db0 I've verified that this patch works on 1.2.6; I'd suggest to add this into at least buster-backports and bullseye-backports, and perhaps also into 1.2.8 on bookworm, if applicable (AFAICT this patch has not yet been merged upstream). Thanks and best, Florian -- System Information: Debian Release: bookworm/sid APT prefers jammy-updates APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 'jammy'), (100, 'jammy-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.15.0-67-generic (SMP w/8 CPU threads) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to de_DE.UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages network-manager-openconnect-gnome depends on: ii libc62.35-0ubuntu3.4 ii libgcr-base-3-1 3.40.0-4 ii libgcr-ui-3-13.40.0-4 ii libglib2.0-0 2.72.4-0ubuntu2.2 ii libgtk-3-0 3.24.33-1ubuntu2 ii libnm0 1.36.6-0ubuntu2 ii libopenconnect5 8.20-1 ii libsecret-1-00.20.5-2 ii libsoup2.4-1 2.74.2-3 ii libwebkit2gtk-4.0-37 2.40.5-0ubuntu0.22.04.1 ii libxml2 2.9.13+dfsg-1ubuntu0.3 ii network-manager-openconnect 1.2.6-4 network-manager-openconnect-gnome recommends no packages. network-manager-openconnect-gnome suggests no packages. -- no debconf information
Bug#635684: libproxy0: libproxy fails to parse URLs with user and port, but no password
Package: libproxy0
Version: 0.3.1-2ubuntu5
Severity: important
Tags: patch
libproxy0 contains a string parsing error in url.c:308 - when the URL
contains username and port, but no pass, the parsing fails with an
assertion failure in misc.c:39: px_malloc0. Patch to fix included.
-- System Information:
Debian Release: squeeze/sid
APT prefers natty-updates
APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty')
Architecture: i386 (i686)
Kernel: Linux 2.6.38-10-generic (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to de_DE.utf8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libproxy0 depends on:
ii libc6 2.13-0ubuntu13 Embedded GNU C Library: Shared lib
libproxy0 recommends no packages.
Versions of packages libproxy0 suggests:
ii libwebkitgtk-1.0-0 1.3.13-0ubuntu2 Web content engine library for Gtk
-- no debconf informationdiff -ur libproxy-0.3.1-old/src/lib/url.c libproxy-0.3.1/src/lib/url.c
--- libproxy-0.3.1-old/src/lib/url.c 2009-09-29 21:52:50.0 +0200
+++ libproxy-0.3.1/src/lib/url.c 2011-07-28 09:44:01.318668280 +0200
@@ -300,13 +300,20 @@
start += strlen(self-scheme) + 3;
/* If we have a username and password */
- if (strchr(start, '@') (strchr(start, '/') strchr(start, '@') || strchr(start, '/') == NULL))
+ char* atpos = strchr(start,'@');
+ char* slashpos = strchr(start,'/');
+ char* colpos = strchr(start,':');
+ if (atpos (slashpos atpos || slashpos == NULL))
{
- if (!strchr(start, ':')) goto error; // Can't find user/pass delimiter
- self-username = px_strndup(start, strchr(start, ':') - start);
- start += strlen(self-username) + 1;
- self-password = px_strndup(start, strchr(start, '@') - start);
- start += strlen(self-password) + 1;
+ if (colpos atpos || colpos == NULL) { // we have user (and possibly port), but no pass
+ self-username = px_strndup(start, atpos - start);
+ start += strlen(self-username) + 1;
+ } else { // regular user and pass
+ self-username = px_strndup(start, colpos - start);
+ start += strlen(self-username) + 1;
+ self-password = px_strndup(start, atpos - start);
+ start += strlen(self-password) + 1;
+ }
}
/* Get host */
@@ -337,6 +344,8 @@
self-url = px_malloc0(strlen(url) + 1);
if (self-username self-password)
snprintf(self-url, strlen(url) + 1, %s://%s:%s@%s, self-scheme, self-username, self-password, self-host);
+ else if (self-username)
+ snprintf(self-url, strlen(url) + 1, %s://%s@%s, self-scheme, self-username, self-host);
else
snprintf(self-url, strlen(url) + 1, %s://%s, self-scheme, self-host);
if (port_specified)
Bug#635684: libproxy0: libproxy fails to parse URLs with user and port, but no password
Bug is present upstream in release 0.3.1 and in the 0.3 branch. libproxy-0.4.* seems to be a more or less complete rewrite, so it's hard to say, but from a quick look at the code, it appears to be fixed in 0.4.0. Florian On Thu, 28 Jul 2011, Emilio Pozuelo Monfort wrote: On 28/07/11 10:26, Florian Echtler wrote: Package: libproxy0 Version: 0.3.1-2ubuntu5 Severity: important Tags: patch libproxy0 contains a string parsing error in url.c:308 - when the URL contains username and port, but no pass, the parsing fails with an assertion failure in misc.c:39: px_malloc0. Patch to fix included. Is this fixed upstream? -- _Nothing_ brightens up my morning. Coffee simply provides a shade of grey just above the pitch-black of the infinite depths of the _abyss_. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#629646: vpnc: patch to support Fritz!Box VPN servers
Package: vpnc
Version: 0.5.3r449-2.1ubuntu1
Severity: normal
Tags: patch
VPNC doesn't offer support for draft-ietf-ipsec-nat-t-ike-03, which is
required by the Fritz!Box series of home routers. This patch adds
support for that feature so that VPNC can connect to these routers.
Also, the default timeout is lowered to 3600 seconds (also required by
Fritz!Boxes).
-- System Information:
Debian Release: squeeze/sid
APT prefers natty-updates
APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.38-8-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to de_DE.utf8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vpnc depends on:
ii libc6 2.13-0ubuntu13 Embedded GNU C Library: Shared lib
ii libgcrypt11 1.4.6-4ubuntu2 LGPL Crypto library - runtime libr
ii libgnutls26 2.8.6-1ubuntu2 the GNU TLS library - runtime libr
Versions of packages vpnc recommends:
ii iproute 20100519-3 networking and traffic control too
Versions of packages vpnc suggests:
pn resolvconfnone (no description available)
-- Configuration Files:
/etc/vpnc/example.conf [Errno 13] Permission denied: u'/etc/vpnc/example.conf'
/etc/vpnc/vpnc-script [Errno 13] Permission denied: u'/etc/vpnc/vpnc-script'
-- no debconf information
diff -urNad vpnc-0.5.3r449.orig/vpnc.c vpnc-0.5.3r449/vpnc.c
--- vpnc-0.5.3r449.orig/vpnc.c 2010-03-18 04:05:23.0 +0100
+++ vpnc-0.5.3r449/vpnc.c 2011-06-08 13:01:44.592464761 +0200
@@ -88,6 +88,10 @@
0x90, 0xCB, 0x80, 0x91, 0x3E, 0xBB, 0x69, 0x6E,
0x08, 0x63, 0x81, 0xB5, 0xEC, 0x42, 0x7B, 0x1F
};
+const unsigned char VID_NATT_03[] = { /* draft-ietf-ipsec-nat-t-ike-03 */
+ 0x7d, 0x94, 0x19, 0xa6, 0x53, 0x10, 0xca, 0x6f,
+ 0x2c, 0x17, 0x9d, 0x92, 0x15, 0x52, 0x9d, 0x56
+};
const unsigned char VID_NATT_RFC[] = { /* RFC 3947 */
0x4A, 0x13, 0x1C, 0x81, 0x07, 0x03, 0x58, 0x45,
0x5C, 0x57, 0x28, 0xF2, 0x0E, 0x95, 0x45, 0x2F
@@ -141,6 +145,7 @@
{ VID_NATT_01, sizeof(VID_NATT_01), Nat-T 01 },
{ VID_NATT_02, sizeof(VID_NATT_02), Nat-T 02 },
{ VID_NATT_02N, sizeof(VID_NATT_02N), Nat-T 02N },
+ { VID_NATT_03, sizeof(VID_NATT_03), Nat-T 03 },
{ VID_NATT_RFC, sizeof(VID_NATT_RFC), Nat-T RFC },
{ VID_DWR, sizeof(VID_DWR), Delete With Reason },
{ VID_CISCO_FRAG, sizeof(VID_CISCO_FRAG), Cisco Fragmentation },
@@ -1082,7 +1087,7 @@
a-af = isakmp_attr_lots;
a-u.lots.length = 4;
a-u.lots.data = xallocc(a-u.lots.length);
- *((uint32_t *) a-u.lots.data) = htonl(2147483);
+ *((uint32_t *) a-u.lots.data) = htonl(3600);
a = new_isakmp_attribute_16(IKE_ATTRIB_LIFE_TYPE, IKE_LIFE_TYPE_SECONDS, a);
a = new_isakmp_attribute_16(IKE_ATTRIB_AUTH_METHOD, auth, a);
a = new_isakmp_attribute_16(IKE_ATTRIB_GROUP_DESC, dh_group, a);
@@ -1267,6 +1272,8 @@
l = l-next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
VID_NATT_RFC, sizeof(VID_NATT_RFC));
l = l-next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
+VID_NATT_03, sizeof(VID_NATT_03));
+ l = l-next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
VID_NATT_02N, sizeof(VID_NATT_02N));
l = l-next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
VID_NATT_02, sizeof(VID_NATT_02));
@@ -1501,6 +1508,12 @@
seen_natt_vid = 1;
if (natt_draft 1) natt_draft = 2;
DEBUG(2, printf(peer is NAT-T capable (RFC 3947)\n));
+} else if (rp-u.vid.length == sizeof(VID_NATT_03)
+ memcmp(rp-u.vid.data, VID_NATT_03,
+ sizeof(VID_NATT_03)) == 0) {
+ seen_natt_vid = 1;
+ if (natt_draft 1) natt_draft = 2;
+ DEBUG(2, printf(peer is NAT-T capable (draft-03)\n));
} else if (rp-u.vid.length == sizeof(VID_NATT_02N)
memcmp(rp-u.vid.data, VID_NATT_02N,
sizeof(VID_NATT_02N)) == 0) {
@@ -2454,7 +2467,7 @@
a-af = isakmp_attr_lots;
a-u.lots.length = 4;
a-u.lots.data = xallocc(a-u.lots.length);
- *((uint32_t *) a-u.lots.data) = htonl(2147483);
+ *((uint32_t *) a-u.lots.data) = htonl(3600);
a = new_isakmp_attribute_16(ISAKMP_IPSEC_ATTRIB_SA_LIFE_TYPE, IPSEC_LIFE_SECONDS, a);
if (dh_group)
