of patches is at
https://git.infradead.org/users/dwmw2/linux.git/shortlog/refs/heads/psci-hibernate
https://git.infradead.org/users/dwmw2/linux.git/shortlog/refs/heads/psci-hibernate-6.8
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https
NetworkManager-openconnect issues would be at
https://gitlab.gnome.org/GNOME/NetworkManager-openconnect but most of the hard
thinking ends up on the openconnect side.
So what is the best solution here? The external browser mode is useful
because we get the fully features of Chrome/Firefox and
https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect410/release/notes/release-
notes-
anyconnect-4-10.html#Cisco_Reference.dita_07f4a7eb-b660-4a09-844c-c3ed481aebc0
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Can we take this to https://gitlab.com/openconnect/openconnect/-/issues
please?
I think you want to enable the "external browser" support which we added
in OpenConnect 9.01.
cf.
We considered this a regression in OpenConnect and it is fixed in the
9.01 release.
We also made NetworkManager more resilient but don't wait for that.
** Also affects: openconnect (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a
What does "nmcli con show" say for the offending connection? Does NM
know the DNS server? Is this just a case of Ubuntu's NM not working
correctly with its systemd DNS setup?
If you connect with openconnect on the command line and add the `-v`
option, do you see DNS servers? I have a feeling
Can you file this upstream at
https://gitlab.com/OpenConnect/OpenConnect/issues please?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1870745
Title:
Routes not being added by
On Thu, 2020-03-19 at 09:44 +, Olivier Tilloy wrote:
> It looks like symlinking firefox and thunderbird's own copies of
> libnssckbi.so to the system-wide p11-kit-trust.so is the proper way to
> fix this bug, as far as Mozilla's products are concerned.
>
> Before I proceed to doing this, I'd
Rather than the hard-coded GP support, it would be better to merge the
later fix which just gets the list of protocols directly from
libopenconnect.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Now https://gitlab.gnome.org/GNOME/gnome-shell/issues/2105
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1609700
Title:
username is not saved in openconnect connection dialog
To manage
*** Bug 1705711 has been marked as a duplicate of this bug. ***
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1609700
Title:
username is not saved in openconnect connection dialog
To manage
According to https://bugs.launchpad.net/bugs/1609700 this bug has
reoccurred in f30.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1609700
Title:
username is not saved in openconnect connection
Please test the Fedora 30 build with that commit reverted, at
https://koji.fedoraproject.org/koji/taskinfo?taskID=36857342
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1609700
Title:
username is
I wonder if this regression is caused by
https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=009f7560867e939
?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1609700
Title:
That build seems not to fix it. I tried to build locally to bisect, but
can't seem to get the local build to work at all. May have to leave this
to the NM maintainers.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Package changed: network-manager-openconnect (Ubuntu) => gnome-shell
(Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1838838
Title:
username is not saved in openconnect connection dialog
I moved it to NetworkManager because that's where the regression is.
There's not a lot we can do about it in NetworkManager-openconnect.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1838838
Title:
** Package changed: network-manager-openconnect (Ubuntu) => network-
manager (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1838838
Title:
username is not saved in openconnect connection
@kvasko yes, it works here. Are you sure that's the version of
libnssckbi.so that is being used? There are lots; I've replaced them
all...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1647285
Title:
I have worked out the problem with the new NetworkManager which required
me to set ipv4.dns-priority=-1 (which, in turn, messes things up for
those with fresh installs that don't get the new NetworkManager).
The new NM sets ipv4.dns-search=~. automatically for full-tunnel VPNs
but it doesn't also
Any word on when this CVE will be fixed?
In the meantime I have put the 1.10.14-0ubuntu2 package into an apt
repository at http://david.woodhou.se/cve-2018-1000135/ for users who
need it. I couldn't work out how to copy it into a PPA without
rebuilding it.
In the short term can someone please at
> That's weird, do you understand why? The update was deleted so you should be
> back to initial
> situation, we had no change to the previous package build
Other package changes? Certainly systemd-resolver although we don't use
that (because of a previous VPN DNS leak problem) we use dnsmasq.
Do we have any idea when this will be fixed? Most of my users used to
get away with the DNS leakage and it was "only" a security problem but
stuff actually worked. Then the NM and other updates were shipped, we
set ipv4.dns-priority=-1 and ipv4.dns-search=~. and it all worked fine.
Then the NM
@ddstreet We don't use systemd-resolver here. It's fairly trivial to set
up a VPN service; the openconnect 'make check' uses ocserv
automatically, for example. You shouldn't have difficulty reproducing
this locally.
--
You received this bug notification because you are a member of Ubuntu
Bugs,
And (in case any of my colleagues are paying attention and inclined to
do it before the next time I get to spend any real time in front of a
computer, next week), without the dns-priority and dns-search settings
that made it work again after the recent NM update.
--
You received this bug
Till, you want that for the case where dnsmasq is being used and is
misbehaving?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1754671
Title:
Full-tunnel VPN DNS leakage regression
To manage
On the 1.10.14 regression simply making those dns-priority/dns-
search settings the *default* behaviour for a full-tunnel VPN would
appear to be the correct thing to do (i.e. use the DNS of a full-tunnel
VPN for *all* lookups), and I think it should resolve the problems
people were seeing.
--
Dammit, "completely unnecessary in bionic but inherited from xenial"...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1754671
Title:
Full-tunnel VPN DNS leakage regression
To manage notifications
On the switch to using dnsmasq: that decision predates my tenure so I
have limited visibility. I can try to get our IT team to expend effort
in moving to systemd-resolved and see what breaks. It may even be
completely unnecessary in xenial, and is merely inherited to make our
bionic setups less
This is Bionic.
After last week's update to 1.10.14-0ubuntu2 all my VPN users (who are
using dnsmasq) reported that DNS supported working for them while they
were on the VPN. Some internal names were looked up correctly, others
weren't.
I resolved it for them as follows:
$ sudo nmcli con modify
We aren't using systemd-resolver for various historical reasons; we are
using dnsmasq which should be expected to work. It isn't, but we have
manually added the dns-priority=-1;dns-search=~. settings which make it
work, as an emergency deployment when the latest NM update broke things
for
These systems are using dnsmasq not systemd-resolver. This was done for
historical reasons; I'm not sure of the specific bug which caused that
choice.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I am receiving reports that it isn't fixed in 18.04 either. Users are
still seeing DNS lookups on the local network, until they manually edit
the VPN config to include:
[ipv4]
dns-priority=-1
dns-search=~.;
I thought that wasn't going to be necessary?
--
You received this bug notification
Are you referring to my comment 16? You do need your distribution to
ship p11-kit-trust.so in place of Mozilla's libnssckbi.so, so it has a
consistent set of trusted CAs with the rest of the system.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
On Thu, 2019-04-11 at 09:45 +, J Prino wrote:
> I agree however there's no 8.02 version for openconnect (disco). Can
> libopenconnect be fixed?
You are using *different* versions of openconnect vs. libopenconnect.
By all means update them both. Together. But don't try to run different
builds
On Thu, 2019-04-11 at 09:09 +, J Prino wrote:
> NetworkManager WARNING: This version of openconnect is v8.02-1 but
> NetworkManager the libopenconnect library is v8.02
I stopped reading here :)
> kernel openconnect[30840]: segfault at 1 ip 7f5b62cda521
> sp
Er, the latter. On request from the reported, after he attached a
tcpdump. I've deleted that and made it public again. And also granted
you permissions on the gitlab project so you should be able to see it
anyway (amongst other things).
--
You received this bug notification because you are a
Is this https://gitlab.com/openconnect/openconnect/issues/21 ?
** Bug watch added: gitlab.com/openconnect/openconnect/issues #21
https://gitlab.com/openconnect/openconnect/issues/21
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Public bug reported:
OpenConnect 8.02 fixes an issue with so-called Cisco Secure Desktop.
The client is supposed to post a report to the VPN server, but DNS round-robin
sometimes means that the report is posted to a server other than the one which
OpenConnect is actually trying to log into.
There are other important fixes in 8.0x including for CVE-2018-20319
and the CSD handling to make it resilient to round-robin DNS changes.
A simple update to 8.02 might be the better option.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20319
--
You received this bug
@seb128 please see "In 16.04 the NetworkManager package used to carry
this patch..." in the bug description above.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1754671
Title:
Full-tunnel VPN DNS
Is there a 16.04 package? This was a regression there caused by an
earlier update.
I have users reporting the same bizarre behaviour I wasn't able to
clearly describe before — essentially, DNS being sent out seemingly
random interfaces (sometimes VPN, sometimes local). My advice to just
install
Not sure what happened there. It was looking up *some* names in the
$COMPANY.com domain on the VPN, but others not, consistently. I couldn't
see a pattern.
I have manually set ipv4.dns-search="~." and ipv4.dns-priority=-1 and
now it does seem to be behaving. However, this shouldn't be necessary.
Hm, that didn't last long. Now it isn't looking up *anything* in the VPN
domains. It's all going to the local VPN server. I don't know what
changed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
network-manager-1.10.14-0ubuntu1 does seem to fix the DNS problem here;
thanks.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1754671
Title:
Full-tunnel VPN DNS leakage regression
To manage
Any progress on fixing this?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1647285
Title:
SSL trust not system-wide
To manage notifications about this bug go to:
** Description changed:
- On Ubuntu 16.04 with xserver-xorg-1:7.7+13ubuntu3, xvimagesink fails for
+ On Ubuntu 16.04 with xorg-server-hwe-16.04-1.19.5, xvimagesink fails for
certain sizes of image. Originally seen when receiving a meeting screen
share in Pidgin, reproducible as follows:
** Description changed:
- On Ubuntu 16.04 with xserver-xorg-2:1.17.2-2, xvimagesink fails for
+ On Ubuntu 16.04 with xserver-xorg-1:7.7+13ubuntu3, xvimagesink fails for
certain sizes of image. Originally seen when receiving a meeting screen
share in Pidgin, reproducible as follows:
$
Public bug reported:
On Ubuntu 16.04 with xserver-xorg-2:1.17.2-2, xvimagesink fails for
certain sizes of image. Originally seen when receiving a meeting screen
share in Pidgin, reproducible as follows:
$ gst-launch-1.0 -v videotestsrc ! video/x-raw,width=905,height=720 !
xvimagesink
The
Public bug reported:
gnutls_server_name_set(sess, GNUTLS_NAME_DNS, "stophere.please",
8);
Length 8. That's supposed to set the SNI to "stophere". It doesn't in
16.04's 3.4.10-4ubuntu1.4
See attached test case.
This was supposed to be fixed upstream with commit c1334fee5ee, I
thought.
This is CVE-2018-1000135. For some reason the 'Link to CVE' option above
doesn't seem to work.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000135
** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2018-1000135
--
You received this bug notification because you are a
*** This bug is a security vulnerability ***
Public security bug reported:
In 16.04 the NetworkManager package used to carry this patch:
http://bazaar.launchpad.net/~network-manager/network-manager/ubuntu/view/head:/debian/patches/Filter-DNS-servers-to-add-to-dnsmasq-based-on-availa.patch
It
I don't think this should be considered a 'feature request'. If you have
a full-tunnel VPN, your employer will *expect* all your network traffic
to go via the VPN as if you were dialled directly into the corporate
network. Allowing some of the DNS traffic to "escape" to be seen by
potentially
Public bug reported:
Pidgin requires the "liveadder" element from gstreamer1.0-plugins-bad,
and has no error handling for the case where it isn't present:
https://developer.pidgin.im/ticket/17290
Perhaps the package should depend on gstreamer1.0-plugins-bad to avoid
this failure mode.
**
** Patch added:
"0001-Ensure-labelled-buttons-are-shown-for-search-results.patch"
https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/1751038/+attachment/5060326/+files/0001-Ensure-labelled-buttons-are-shown-for-search-results.patch
--
You received this bug notification because you are a
** Patch added: "0001-Fix-Finch-search-results-display-17238.patch"
https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/1751039/+attachment/5060327/+files/0001-Fix-Finch-search-results-display-17238.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
Public bug reported:
Every time Pidgin starts up, it rewrites all the buddy icon files for no
good reason.
Fixed in 2.13 by #17259: https://developer.pidgin.im/ticket/17259
** Affects: pidgin (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
Every time Pidgin
** Patch added:
"0001-Pidgin-Indicate-mute-unmute-status-when-changed-remo.patch"
https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/1751037/+attachment/5060325/+files/0001-Pidgin-Indicate-mute-unmute-status-when-changed-remo.patch
--
You received this bug notification because you are a
** Patch added:
"0001-Do-not-rewrite-custom-buddy-icons-already-in-the-cac.patch"
https://bugs.launchpad.net/ubuntu/+source/pidgin/+bug/1751046/+attachment/5060328/+files/0001-Do-not-rewrite-custom-buddy-icons-already-in-the-cac.patch
--
You received this bug notification because you are a
Public bug reported:
Finch doesn't clear the previous search results when they are updated in
real time.
Fixed upstream by #17238: https://developer.pidgin.im/ticket/17238
Please could you pull this fix into the packages, even if 2.13 isn't
released in time.
** Affects: pidgin (Ubuntu)
Public bug reported:
When I am on an audio call and the remote end mutes me, that is not
correctly displayed in the local UI. Fixed in Pidgin 2.13 by #17273:
https://developer.pidgin.im/ticket/17273
Please could you pull this fix into the packages, even if 2.13 isn't
released in time.
**
Public bug reported:
Pidgin fails to display buttons with custom labels in search dialogs.
Fixed in 2.13 by #17188: https://developer.pidgin.im/ticket/17188
(by cherry-picking an existing fix from the master branch for #14821).
Please could you pull this fix into the packages, even if 2.13
Public bug reported:
This ought to work, but doesn't:
$ openconnect -v -c
~/git/openconnect/tests/certs/user-key-nonascii-password.p12 facebook.com
--key-password ĂŻ
POST https://facebook.com/
Attempting to connect to server 31.13.92.36:443
Connected to 31.13.92.36:443
Using certificate file
The above was on Ubuntu 16.04 with 3.4.10-4ubuntu1.3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1710626
Title:
Cannot use non-ASCII password on certificate
To manage notifications about this
Public bug reported:
PKCS#11 modules should generally install a module file for p11-kit so
that they appear automatically to applications. (cf.
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/1649796 )
The SoftHSM2 package doesn't do this. Amongst other things, this causes
'make check' to
cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741005
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704180
https://lists.freedesktop.org/archives/p11-glue/2013-June/000331.html
** Bug watch added: Debian Bug tracker #741005
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741005
This appears to still be broken in 16.04.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/420411
Title:
vpn connection handshake times out too soon
To manage notifications about this bug go to:
I believe NSS wants these patches backported from 3.30:
https://bugzilla.mozilla.org/show_bug.cgi?id=1334976
Firefox has its own copy of NSS which I think as of Firefox 54 should be fine.
Thunderbird also needs fixing, I think.
** Bug watch added: Mozilla Bugzilla #1334976
I believe we need to update p11-kit to v0.23.4 to make the key pinning
work correctly in the recommended configuration, by adding the
CKA_NSS_MOZILLA_CA_POLICY attribute.
https://bugs.freedesktop.org/show_bug.cgi?id=99453
https://bugzilla.mozilla.org/show_bug.cgi?id=1324096
** Bug watch added:
https://git.gnome.org/browse/network-manager-
openconnect/commit/?id=f58893e15fc7
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1673015
Title:
openconnect config file import cannot handle "(null)"
Arguably the problem here is that you have, literally, "(null)" as the
string in the config file. IF you have a file with that name, you should
be permitted to use that.
This is a bug in the *EXPORT* not the import. We shouldn't (ideally)
special-case that filename on import. Although we might
Public bug reported:
When I undock my laptop and the external displays are disconnected,
sometimes the windows which were on those displays end up on my laptop's
internal display. This is useful.
Often, however, they don't. I can still see them in the panel, and I can
click on them to bring them
I think this is already fixed as part of
https://bugzilla.gnome.org/show_bug.cgi?id=770880 isn't it?
** Bug watch added: GNOME Bug Tracker #770880
https://bugzilla.gnome.org/show_bug.cgi?id=770880
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
If it really is resolved by using --no-dtls then show output with DTLS
enabled and with '-vv' on the command line. Make sure you're using up-
to-date GnuTLS and OpenConnect though.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Public bug reported:
In Ubuntu 16.04 with Evolution 3.18, I obtained a new S/MIME cert from
Comodo and sent myself an encrypted email. Evolution can't decrypt its
own message, reporting 'Could not parse S/MIME message: security
library: invalid algorithm. (-8186) - Decoder failed'.
The same
This of course means that even if I wanted to work around bug 1647285
(where apps using NSS don't honour the system SSL trust settings) by
manually adding the company certs to /etc/pki/nssdb, applications can't
even use *that*...
--
You received this bug notification because you are a member of
Public bug reported:
Ubuntu 16.04 appears to ship with libnsssysinit.so configured in
/etc/pki/nssdb as it should be, but the library isn't *present*. So when
applications such as Evolution attempt to open it, they fail:
(evolution:20974): camel-WARNING **: Failed to initialize NSS SQL
database
Yes, that fixes the crash. Thanks.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1648901
Title:
SPNEGO crash on mechanism failure
To manage notifications about this bug go to:
On 16.04. Apologies, I looked but couldn't see where Launchpad expects
me to enter that information.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1648901
Title:
SPNEGO crash on mechanism failure
Sure, I can attempt to test. It needs Kerberos to fail, while another
mechanism is possible. So fix up the packaging errors noted in bug
1648898 so that GSS-NTLMSSP is actually registered properly, then just
KRB5CCNAME=/dev/null google-chrome $SOME_URL_WHICH_USES_NEGOTIATE_AUTH
--
You received
Not sure if this is a related issue. HP 850 G3 laptop with docking
station, external VGA connected.
If the display blanks for more than an instant, the external display
doesn't come back on until I undock and redock. This is OK:
$ xset dpms force off; xset dpms force on
This, on the other hand,
This is actually a NetworkManager bug. As noted in bug 1648905 it's
fixed upstream by
https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=nm-1-2=bb45adeda0bf427ada23b09daf970b0757e82d60
** Also affects: network-manager (Ubuntu)
Importance: Undecided
Status: New
** Bug
*** This bug is a duplicate of bug 1609700 ***
https://bugs.launchpad.net/bugs/1609700
Actually, this is probably a duplicate of bug 1609700
** This bug has been marked a duplicate of bug 1609700
username is not saved in openconnect connection dialog
--
You received this bug
When do we get a fix for 16.04?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1648905
Title:
VPN username and settings not saved
To manage notifications about this bug go to:
Public bug reported:
I inserted my Yubikey, ensured that the opensc-pkcs11 package was
installed, and attempted to connect to the VPN as described at
http://www.infradead.org/openconnect/pkcs11.html
$ openconnect -c 'pkcs11:manufacturer=piv_II;id=%01' vpn.example.com
It didn't work. The OpenSC
Testing on Fedora (GnuTLS 3.5.7) shows that GnuTLS returns the wrong
error code in this situation but doesn't crash. So probably a separate
bug: https://bugzilla.redhat.com/show_bug.cgi?id=1404192
** Bug watch added: Red Hat Bugzilla #1404192
https://bugzilla.redhat.com/show_bug.cgi?id=1404192
And indeed openconnect fails too:
$ openconnect -c tests/certs/ec-cert.pem -k tests/certs/ec-key-
pkcs8-pbes2-sha1.pem auth.startssl.com
It doesn't show up in the openconnect 'make check' because adding
'--key-password password' to the command line actually fixes it; it's
something to do with
Without debugging symbols I can at least strace it. The last file opened was
openconnect/tests/certs/ec-key-pkcs8-pbes2-sha1.pem
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1649270
Title:
Crash
Isn't that true of Kerberos too? Or do you not build with GSSAPI support
either? I really ought to add that to 'openconnect --version' output.
Perhaps when addressing the OpenSSL 1.1 build problems, we could port it
to GnuTLS instead?
--
You received this bug notification because you are a
Public bug reported:
$ git clone git://git.infradead.org/users/dwmw2/openconnect.git
$ nm-connection-editor
Add a Wifi connection, use EAP-TLS and click the button to select a
private key. Navigate to the openconnect/tests/certs/ directory. Watch
it segfault instead of displaying the contents
The Mozilla bugs you link are a bit of a red herring. They refer to an
abortive attempt by Mozilla/NSS to have a 'shared system database' in
sql:/etc/pki/nssdb. The idea is that applications specify that as their
NSS database and although it's obviously read-only, it automatically
adds the user's
Public bug reported:
Please enable TPM and Yubikey support in the OpenConnect build.
$ openconnect -c .key.pem -k .key.tss vpn.example.com
POST https://vpn.example.com/
Attempting to connect to server [fec0::1]:443
This version of OpenConnect was built without TPM support
Loading certificate
Even when I fix that so the module gets loaded, it still doesn't seem to
work.
$ KRB5CCNAME=/dev/null curl -v --negotiate -u : $SERVER
...
> GET / HTTP/1.1
> Authorization: Negotiate YEAGBisGAQUFAqA2MDSgDjA...
...
< HTTP/1.1 401 Unauthorized
* gss_init_sec_context() failed: Not a user credential
Public bug reported:
The OpenConnect VPN auth-dialog doesn't remember usernames and other
settings.
See discussion (and fix) in
https://bugzilla.redhat.com/show_bug.cgi?id=1332491
** Affects: network-manager (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug
Public bug reported:
Chrome (and other things) crash when Kerberos fails to authenticate:
https://bugs.chromium.org/p/chromium/issues/detail?id=554905
This was fixed in MIT krb5 in January:
https://github.com/krb5/krb5/pull/385
Thread 22 "Chrome_IOThread" received signal SIGSEGV, Segmentation
Public bug reported:
The gss-ntlmssp package installs a file in /etc/gss/mech.d which is
supposed to make it get loaded.
It doesn't work for two reason. Firstly, it gets completely ignored
because its filename doesn't end in ".conf".
Secondly, it contains an incorrect entry for the shared
https://bugzilla.gnome.org/show_bug.cgi?id=723084
** Bug watch added: GNOME Bug Tracker #723084
https://bugzilla.gnome.org/show_bug.cgi?id=723084
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Setting aside the wisdom of that response, and my surprise at
discovering that the distribution even *permits* you to ship your own
copy of certain libraries — *especially* security-critical libraries —
in your own package instead of using the system's version doesn't
that mean you should be
Public bug reported:
When opencryptoki is installed, it creates a symlink from /etc/pkcs11 to
/var/lib/opencryptoki, which is readable only by root.
This means that anything using p11-kit to find the PKCS#11 modules which
are configured to be available in the system (which is basically any
** Also affects: thunderbird (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1648616
Title:
Firefox uses its own version of NSS, incompatible with
1 - 100 of 151 matches
Mail list logo
