[Bug 942856] Re: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication
Untargetting for Bionic, SRUing the current version failed since it changed DNS behaviour in some configuration which created issue for existing users. There isn't anyone currently working on resolving those issues so it's more realistic to untarget from Bionic. If the problem really needs to be resolved in that serie best to go through the rls-bb-incoming nomination process again. -- You received this bug notification because you are a member of Network- manager, which is subscribed to NetworkManager. https://bugs.launchpad.net/bugs/942856 Title: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager/+bug/942856/+subscriptions -- ubuntu-desktop mailing list ubuntu-desktop@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop
[Bug 942856] Re: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication
** No longer affects: network-manager (Ubuntu Bionic) -- You received this bug notification because you are a member of Network- manager, which is subscribed to NetworkManager. https://bugs.launchpad.net/bugs/942856 Title: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager/+bug/942856/+subscriptions -- ubuntu-desktop mailing list ubuntu-desktop@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop
[Bug 942856] Re: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication
Launchpad has imported 2 comments from the remote bug at https://bugzilla.gnome.org/show_bug.cgi?id=670999. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. On 2012-02-28T19:55:16+00:00 Walter Mundt wrote: NetworkManager does not appear to support private keys encrypted with AES. At the very least, it will not validate such a key in nm-util when setting up a WPA 802.1x TLS wifi connection. To test via nm-applet: 1. Start with a working (cleartext or DES-3) private key/cert for a network. Set up a connection and verify that everything works. 2. Re-encrypt the key with AES-256 with this command: "openssl rsa -in working-key.pem -out aes-key.pem -aes256" (the output should have a line starting with "DEK-Info: AES-256-CBC,") 3. Delete the settings for the test network and attempt to reconnect using the new key. Even with the correct passphrase, the "Connect" button will remain disabled; debugging output will show that nm-util is failing to validate the private key. Workaround for anyone running into this issue: Re-encrypt your key with DES-3. The incantation is "openssl rsa -in aes-key.pem -out working- key.pem -des3". Reply at: https://bugs.launchpad.net/ubuntu/+source/network- manager/+bug/942856/comments/1 On 2012-02-29T19:04:00+00:00 Walter Mundt wrote: Specific version information, as requested on the Ubuntu bug at https://bugs.launchpad.net/network-manager/+bug/942856 and added here in case it's useful upstream: Ubuntu Release: 11.10 network-manager version: 0.9.1.90-0ubuntu5.1 network-manager-gnome version: 0.9.1.90-0ubuntu6 FWIW, based on my cursory examination of the code, the issue does not appear to be introduced by any Ubuntu packages. This may be classifiable as "enhancement" or "wishlist" depending on whether feature parity with openssl is part of the "current feature set" of the application. Based on my searches today, there's no common standard for specifying anything more elaborate than a DES cipher in the DEK-Info header of a PEM file. Still, it would be nice to at least have some kind of error message about the key format being unsupported instead of this case just getting treated as if the key passphrase is always incorrect by the UI. Reply at: https://bugs.launchpad.net/ubuntu/+source/network- manager/+bug/942856/comments/4 ** Changed in: network-manager Status: Unknown => Confirmed ** Changed in: network-manager Importance: Unknown => Wishlist -- You received this bug notification because you are a member of Network- manager, which is subscribed to NetworkManager. https://bugs.launchpad.net/bugs/942856 Title: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager/+bug/942856/+subscriptions -- ubuntu-desktop mailing list ubuntu-desktop@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop
[Bug 942856] Re: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication
** Bug watch added: bugzilla.gnome.org/ #670999 https://bugzilla.gnome.org/show_bug.cgi?id=670999 ** Changed in: network-manager Importance: Wishlist => Unknown ** Changed in: network-manager Status: Confirmed => Unknown ** Changed in: network-manager Remote watch: GNOME Bug Tracker #670999 => bugzilla.gnome.org/ #670999 ** Bug watch removed: GNOME Bug Tracker #670999 https://gitlab.gnome.org/670999 -- You received this bug notification because you are a member of Network- manager, which is subscribed to NetworkManager. https://bugs.launchpad.net/bugs/942856 Title: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager/+bug/942856/+subscriptions -- ubuntu-desktop mailing list ubuntu-desktop@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop
[Bug 942856] Re: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication
** Changed in: network-manager (Ubuntu Bionic) Assignee: (unassigned) => Till Kamppeter (till-kamppeter) -- You received this bug notification because you are a member of Network- manager, which is subscribed to NetworkManager. https://bugs.launchpad.net/bugs/942856 Title: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager/+bug/942856/+subscriptions -- ubuntu-desktop mailing list ubuntu-desktop@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop
[Bug 942856] Re: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication
Due to the SRU regressions reported in LP: #1829838 and LP: #1829566, I have reverted this SRU for the moment, restoring network-manager 1.10.6-2ubuntu1.1 to bionic-updates. I am marking this bug verification-failed pending resolution of the reported regressions. ** Changed in: network-manager (Ubuntu Bionic) Status: Fix Released => In Progress ** Tags removed: verification-done verification-done-bionic ** Tags added: verification-failed verification-failed-bionic -- You received this bug notification because you are a member of Network- manager, which is subscribed to NetworkManager. https://bugs.launchpad.net/bugs/942856 Title: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager/+bug/942856/+subscriptions -- ubuntu-desktop mailing list ubuntu-desktop@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop
[Bug 942856] Re: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication
Resetting verification status to verification-done as the re-upload is a trivial fix of the autopkg test which does not change anything in the functionality of the package itself. ** Tags removed: verification-needed verification-needed-bionic ** Tags added: verification-done verification-done-bionic -- You received this bug notification because you are a member of Network- manager, which is subscribed to NetworkManager. https://bugs.launchpad.net/bugs/942856 Title: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager/+bug/942856/+subscriptions -- ubuntu-desktop mailing list ubuntu-desktop@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop
[Bug 942856] Re: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication
This bug was fixed in the package network-manager - 1.10.14-0ubuntu2 --- network-manager (1.10.14-0ubuntu2) bionic; urgency=medium [ Till Kamppeter ] * debian/tests/nm: Add gi.require_version() calls for NetworkManager and NMClient to avoid stderr output which fails the test. [ Iain Lane ] * debian/tests/control: The nm tests need dnsmasq-base and isc-dhcp-client too. network-manager (1.10.14-0ubuntu1) bionic; urgency=medium * New stable version (LP: #1809132), including: - Support private keys encrypted with AES-{192,256}-CBC in libnm (LP: #942856) - Fix leak of DNS queries to local name servers when connecting to a full-tunnel VPN (CVE-2018-1000135) (LP: #1754671) * Dropped patch applied upstream: - debian/patches/CVE-2018-15688.patch - debian/patches/e91f1a7d2a6b8400b6b331d5b72287dcb5164a39.patch * Refreshed patches: - debian/patches/Don-t-make-NetworkManager-D-Bus-activatable.patch - debian/patches/Force-online-state-with-unmanaged-devices.patch - debian/patches/Read-system-connections-from-run.patch - debian/patches/Update-dnsmasq-parameters.patch - debian/patches/libnm-register-empty-NMClient-and-NetworkManager-when-loa.patch -- Till Kamppeter Fri, 10 May 2019 13:34:00 +0200 ** Changed in: network-manager (Ubuntu Bionic) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2018-1000135 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-15688 -- You received this bug notification because you are a member of Network- manager, which is subscribed to NetworkManager. https://bugs.launchpad.net/bugs/942856 Title: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager/+bug/942856/+subscriptions -- ubuntu-desktop mailing list ubuntu-desktop@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop
[Bug 942856] Re: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication
Hello Walter, or anyone else affected, Accepted network-manager into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/network- manager/1.10.14-0ubuntu2 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Tags removed: verification-done verification-done-bionic ** Tags added: verification-needed verification-needed-bionic -- You received this bug notification because you are a member of Network- manager, which is subscribed to NetworkManager. https://bugs.launchpad.net/bugs/942856 Title: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager/+bug/942856/+subscriptions -- ubuntu-desktop mailing list ubuntu-desktop@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop
[Bug 942856] Re: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication
Please test and share your feedback on this new version here, but refrain from changing the verification-needed-bionic tag for now. This new version includes many changes and we want to give it an extended testing period to ensure no regressions sneak in, before it is published to bionic-updates. Thanks! -- You received this bug notification because you are a member of Network- manager, which is subscribed to NetworkManager. https://bugs.launchpad.net/bugs/942856 Title: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager/+bug/942856/+subscriptions -- ubuntu-desktop mailing list ubuntu-desktop@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop
[Bug 942856] Re: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication
Hello Walter, or anyone else affected, Accepted network-manager into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/network- manager/1.10.14-0ubuntu1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: network-manager (Ubuntu Bionic) Status: New => Fix Committed ** Tags added: verification-needed verification-needed-bionic -- You received this bug notification because you are a member of Network- manager, which is subscribed to NetworkManager. https://bugs.launchpad.net/bugs/942856 Title: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager/+bug/942856/+subscriptions -- ubuntu-desktop mailing list ubuntu-desktop@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop