[Bug 854946] Re: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer
I stand corrected: Lucid has indeed all the correct patches applied. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in Ubuntu. https://bugs.launchpad.net/bugs/854946 Title: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/854946/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 854946] Re: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer
James, for 1.6.2 (lucid) a similar set of patches were sent I think at about the same time, but I can be mistaken here. A cursory look seems to imply that they were not applied to Lucid. I am digging through my email graveyard to find them: I will forward them to you as soon as I find them. Thanks for checking! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in Ubuntu. https://bugs.launchpad.net/bugs/854946 Title: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/854946/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 854946] Re: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer
** Branch linked: lp:ubuntu/eucalyptus -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in Ubuntu. https://bugs.launchpad.net/bugs/854946 Title: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/854946/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 854946] Re: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer
This bug was fixed in the package eucalyptus - 2.0.1+bzr1256-0ubuntu8 --- eucalyptus (2.0.1+bzr1256-0ubuntu8) oneiric; urgency=low * Fix compatibility issues with SSLv3 (LP: #851611): - d/patches/29-euca_conf-sslv3.patch: Use --secure-protocol=SSLv3 with wget when communicating with CLC. - d/eucalyptus-cloud.upstart: Use --secure-protocol=SSLv3 with wget when checking for CLC startup complete. * d/patches/30-clock_drift.patch: Resolve issue with rampart blocking communication between CC and NC when time is fractionally in the future (LP: #854946): -- James PageWed, 21 Sep 2011 09:57:58 +0100 ** Changed in: eucalyptus (Ubuntu Oneiric) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in Ubuntu. https://bugs.launchpad.net/bugs/854946 Title: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/854946/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 854946] Re: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer
Graziano Will this effect eucalyptus 1.6 in lucid as well? or is it constrained to >= 2.0? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in Ubuntu. https://bugs.launchpad.net/bugs/854946 Title: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/854946/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 854946] Re: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer
** Branch linked: lp:~james-page/ubuntu/oneiric/eucalyptus/fix- sslv3-compat -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in Ubuntu. https://bugs.launchpad.net/bugs/854946 Title: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/854946/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 854946] Re: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer
** Changed in: eucalyptus (Ubuntu Oneiric) Assignee: (unassigned) => James Page (james-page) ** Changed in: eucalyptus (Ubuntu Oneiric) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in Ubuntu. https://bugs.launchpad.net/bugs/854946 Title: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/854946/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 854946] Re: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer
Thanks for the quick answer! Yes it was part of our 2.0.3 release, which was a security release only. My understanding (which I can confirm if you want) is that with the addition of more stringent rules for rampartC, this second patch was needed to allow communication between components when the clocks were not perfectly synchronized. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in Ubuntu. https://bugs.launchpad.net/bugs/854946 Title: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/854946/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 854946] Re: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer
Thanks for raising this graziano, and attaching a patch.. Am i correct in saying this should have been part of the security update? Thanks. ** Changed in: eucalyptus (Ubuntu) Importance: Undecided => Medium ** Changed in: eucalyptus (Ubuntu) Status: New => Confirmed ** Changed in: eucalyptus (Ubuntu) Milestone: None => ubuntu-11.10-beta-2 ** Also affects: eucalyptus (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: eucalyptus (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: eucalyptus (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: eucalyptus (Ubuntu Oneiric) Importance: Medium Status: Confirmed ** Changed in: eucalyptus (Ubuntu Natty) Status: New => Confirmed ** Changed in: eucalyptus (Ubuntu Natty) Importance: Undecided => Medium ** Changed in: eucalyptus (Ubuntu Maverick) Status: New => Confirmed ** Changed in: eucalyptus (Ubuntu Lucid) Status: New => Confirmed ** Changed in: eucalyptus (Ubuntu Lucid) Importance: Undecided => Medium ** Changed in: eucalyptus (Ubuntu Maverick) Importance: Undecided => Medium ** Tags added: server-o-rs -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in Ubuntu. https://bugs.launchpad.net/bugs/854946 Title: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/854946/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 854946] Re: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer
This issue was solved in Eucalyptus 2.0.3 (upstream) with the attached patch. It's just a 2 liners that ensure rampartC policy to be more lenient on the time difference. ** Patch added: "clock_drift.patch" https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/854946/+attachment/2432684/+files/clock_drift.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in Ubuntu. https://bugs.launchpad.net/bugs/854946 Title: Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/854946/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
