Your message dated Sun, 18 Sep 2016 12:20:41 +0000 with message-id <e1blb5n-00070f...@franck.debian.org> and subject line Bug#838194: fixed in strongswan 5.5.0-2 has caused the Debian Bug report #838194, regarding support for network-manager-strongswan 1.4? to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 838194: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838194 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: strongswan-nm Version: 5.5.0-1 Severity: wishlist Tags: patch Hi Yves, I would like to upgrade the network-manager-strongswan package for Stretch to version 1.4.0, but this requires 2 patches to charon-nm. See https://www.strongswan.org/download.html and the attachment. Do you think it would be possible to add these patches to strongswan 5.5.0? Of course I see that upstream plans to release strongswan 5.5.1 (including the patches) in about 3 weeks. Adding the patches to 5.5.0 now would save the time. Thanx very much HarriFrom 9e74a0952e27e3ac0055b0831919aaddfef1e1b5 Mon Sep 17 00:00:00 2001 From: Tobias Brunner <tob...@strongswan.org> Date: Mon, 5 Sep 2016 10:54:07 +0200 Subject: [PATCH] nm: Enforce min. length for PSKs in backend --- src/charon-nm/nm/nm_service.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c index 5991c24..c0c78ef 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c @@ -428,6 +428,16 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, { user = identification_create_from_string((char*)str); str = nm_setting_vpn_get_secret(vpn, "password"); + if (auth_class == AUTH_CLASS_PSK && + strlen(str) < 20) + { + g_set_error(err, NM_VPN_PLUGIN_ERROR, + NM_VPN_PLUGIN_ERROR_BAD_ARGUMENTS, + "pre-shared key is too short."); + gateway->destroy(gateway); + user->destroy(user); + return FALSE; + } priv->creds->set_username_password(priv->creds, user, (char*)str); } } -- 1.9.1 From f201d86debb12731b634625a0278e289e3e05e10 Mon Sep 17 00:00:00 2001 From: Tobias Brunner <tob...@strongswan.org> Date: Mon, 5 Sep 2016 14:34:07 +0200 Subject: [PATCH] nm: Pass external gateway to NM This seems to be required by newer versions. --- src/charon-nm/nm/nm_service.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c index c0c78ef..0fe10e0 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c @@ -88,12 +88,19 @@ static void signal_ipv4_config(NMVPNPlugin *plugin, GValue *val; GHashTable *config; enumerator_t *enumerator; - host_t *me; + host_t *me, *other; nm_handler_t *handler; config = g_hash_table_new(g_str_hash, g_str_equal); handler = priv->handler; + /* NM apparently requires to know the gateway */ + val = g_slice_new0 (GValue); + g_value_init (val, G_TYPE_UINT); + other = ike_sa->get_other_host(ike_sa); + g_value_set_uint (val, *(uint32_t*)other->get_address(other).ptr); + g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_EXT_GATEWAY, val); + /* NM requires a tundev, but netkey does not use one. Passing the physical * interface does not work, as NM fiddles around with it. So we pass a dummy * TUN device along for NM to play with... */ -- 1.9.1signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Source: strongswan Source-Version: 5.5.0-2 We believe that the bug you reported is fixed in the latest version of strongswan, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 838...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Yves-Alexis Perez <cor...@debian.org> (supplier of updated strongswan package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 18 Sep 2016 13:47:41 +0200 Source: strongswan Binary: strongswan libstrongswan libstrongswan-standard-plugins libstrongswan-extra-plugins libcharon-extra-plugins strongswan-starter strongswan-libcharon strongswan-charon strongswan-ike strongswan-nm strongswan-ikev1 strongswan-ikev2 charon-cmd strongswan-pki strongswan-scepclient strongswan-swanctl charon-systemd Architecture: source Version: 5.5.0-2 Distribution: unstable Urgency: medium Maintainer: strongSwan Maintainers <pkg-swan-de...@lists.alioth.debian.org> Changed-By: Yves-Alexis Perez <cor...@debian.org> Description: charon-cmd - standalone IPsec client charon-systemd - strongSwan IPsec client, systemd support libcharon-extra-plugins - strongSwan charon library (extra plugins) libstrongswan - strongSwan utility and crypto library libstrongswan-extra-plugins - strongSwan utility and crypto library (extra plugins) libstrongswan-standard-plugins - strongSwan utility and crypto library (standard plugins) strongswan - IPsec VPN solution metapackage strongswan-charon - strongSwan Internet Key Exchange daemon strongswan-ike - strongSwan Internet Key Exchange daemon (transitional package) strongswan-ikev1 - strongSwan IKEv1 daemon, transitional package strongswan-ikev2 - strongSwan IKEv2 daemon, transitional package strongswan-libcharon - strongSwan charon library strongswan-nm - strongSwan plugin to interact with NetworkManager strongswan-pki - strongSwan IPsec client, pki command strongswan-scepclient - strongSwan IPsec client, SCEP client strongswan-starter - strongSwan daemon starter and configuration file parser strongswan-swanctl - strongSwan IPsec client, swanctl command Closes: 835095 838194 Changes: strongswan (5.5.0-2) unstable; urgency=medium . * debian/rules: - add patch from Raphaƫl Geissert to use /etc/ssl/certs instead of /usr/share/ca-certificates for strongswan-nm. closes: #835095 - update argument name for dh_strip dbgsym migration * debian/control: - update debhelper dependency to a version which supports dbgsym migration. * debian/patches: - 05_network-manager-strongswan-1.4 added, backport two upstream patches to support network-manager-strongswan 1.4 in charon-nm. closes: #838194 Checksums-Sha1: 8c15a7b9e4ed5426e1a5b83396f7e2747e8ba0af 3239 strongswan_5.5.0-2.dsc 918672c6df512032b27af735e8800ae675372627 122064 strongswan_5.5.0-2.debian.tar.xz Checksums-Sha256: 2f0cc0cc1dc0f4badc511c00c49499a0b02c8043eeee2fe9b5dd6bfd9e41216e 3239 strongswan_5.5.0-2.dsc 015a12e3dde32970320b00c82c000c873ff3f945212b37b9e7d38b9d1cf6932b 122064 strongswan_5.5.0-2.debian.tar.xz Files: 646378d9a38352c41e9cae5ceadf359e 3239 net optional strongswan_5.5.0-2.dsc b28ae10f33486fe0c460693f2be2d249 122064 net optional strongswan_5.5.0-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJX3oQTAAoJEG3bU/KmdcClq6YH/jwV3O5B69OI6+Bhd/Kvek1V N2wqlGa8l4uBon11TEHV2+PFirsi7pqYqH8iwIvOIM88Yo+cxd6Cv81lQozHi8if 22fhDNnay3vB1UjGKl7ce7KZguoC4QvpLELFmqxDUvNlS7RgjCkoLxAKZX93vCjq qpl0/fOf5fJMKdCjggtIhzw2Rr2lMbkXNgqiGBt9q2yCWXr4UwXuZ25UHMCYkYg7 zdOT/Y05bks0V1vRXWhRpeHltjXIhbg4LckscuicL6QpV4uw2jp7zzd4tM6G1rr6 CxJVZvY2qv5yklTSP1FBA13Aeo1tzcKcSKlt0xUgyjWBr6GiAZL3gRufRepfZuY= =lgP0 -----END PGP SIGNATURE-----
--- End Message ---