Bug#854914: marked as done (openvpn: chroot missing /dev/random and /dev/urandom)

Wed, 11 Jan 2023 15:21:17 -0800 

Your message dated Wed, 11 Jan 2023 23:19:13 +0000
with message-id <[email protected]>
and subject line Bug#820554: fixed in network-manager-openvpn 1.10.2-2
has caused the Debian Bug report #820554,
regarding openvpn: chroot missing /dev/random and /dev/urandom
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
820554: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820554
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: openvpn
Version: 2.4.0-3
Severity: normal

Dear Maintainer,

I was trying to start/control an OpenVPN tunnel through NetworkManager, and I
ran into the following failure:

Feb 11 15:31:30 bolt NetworkManager[1125]: <info>  [1486848690.8671] device 
(tun0): state change: unmanaged -> unavailable (reason 'connection-assumed') 
[10 20 41]
Feb 11 15:31:30 bolt nm-openvpn[3510]: TCP/UDP: Preserving recently used remote 
address: [AF_INET6]2604:180:0:244::3:1194
Feb 11 15:31:30 bolt nm-openvpn[3510]: UDP link local: (not bound)
Feb 11 15:31:30 bolt nm-openvpn[3510]: UDP link remote: 
[AF_INET6]2604:180:0:244::3:1194
Feb 11 15:31:30 bolt nm-openvpn[3510]: chroot to '/var/lib/openvpn/chroot' and 
cd to '/' succeeded
Feb 11 15:31:30 bolt nm-openvpn[3510]: GID set to nm-openvpn
Feb 11 15:31:30 bolt nm-openvpn[3510]: UID set to nm-openvpn
Feb 11 15:31:30 bolt nm-openvpn[3510]: OpenSSL: error:24064064:random number 
generator:SSLEAY_RAND_BYTES:PRNG not seeded
Feb 11 15:31:30 bolt nm-openvpn[3510]: RAND_bytes() failed
Feb 11 15:31:30 bolt nm-openvpn[3510]: Assertion failed at crypto.c:1780 
(rand_bytes(output, len))
Feb 11 15:31:30 bolt nm-openvpn[3510]: Exiting due to fatal error
Feb 11 15:31:30 bolt NetworkManager[1125]: <error> [1486848690.8778] 
platform-linux: do-add-ip4-route[5: 0.0.0.0/0 50]: failure 19 (Kein passendes 
Gerät gefunden)
Feb 11 15:31:30 bolt NetworkManager[1125]: <warn>  [1486848690.8779] 
default-route: failed to add default route 0.0.0.0/0 via 0.0.0.0 dev 5 metric 
50 mss 0 src vpn with effective metric 50

Creating device nodes /var/lib/openvpn/chroot/dev/{u,}random fixed this problem.

Thanks!
Andreas


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'unstable'), 
(500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openvpn depends on:
ii  debconf [debconf-2.0]  1.5.60
ii  init-system-helpers    1.47
ii  iproute2               4.9.0-1
ii  libc6                  2.24-9
ii  liblz4-1               0.0~r131-2
ii  liblzo2-2              2.08-1.2
ii  libpam0g               1.1.8-3.5
ii  libpkcs11-helper1      1.21-1
ii  libssl1.0.2            1.0.2k-1
ii  libsystemd0            232-15
ii  lsb-base               9.20161125

Versions of packages openvpn recommends:
pn  easy-rsa  <none>

Versions of packages openvpn suggests:
ii  openssl     1.1.0c-2
pn  resolvconf  <none>

-- Configuration Files:
/etc/default/openvpn changed [not included]

-- debconf information:
  openvpn/create_tun: false

--- End Message ---
--- Begin Message --- 
Source: network-manager-openvpn
Source-Version: 1.10.2-2
Done: Michael Biebl <[email protected]>

We believe that the bug you reported is fixed in the latest version of
network-manager-openvpn, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated network-manager-openvpn 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 11 Jan 2023 23:28:39 +0100
Source: network-manager-openvpn
Architecture: source
Version: 1.10.2-2
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team 
<[email protected]>
Changed-By: Michael Biebl <[email protected]>
Closes: 820554
Changes:
 network-manager-openvpn (1.10.2-2) unstable; urgency=medium
 .
   * Stop creating /var/lib/openvpn/chroot/tmp.
     This will prevent nm-openvpn from running in a chroot. While in theory
     it is an additonal safety measure, this feature can cause problems and
     is not well tested upstream. (Closes: #820554)
Checksums-Sha1:
 e7c6427fc9fea59ecd05d596e4d8fa8f22777ea2 2395 
network-manager-openvpn_1.10.2-2.dsc
 518fb460849143239a22e67ec08cdd214350c897 7752 
network-manager-openvpn_1.10.2-2.debian.tar.xz
 a5d0a48913ed6db0e4da0ce677edd177af875e53 13938 
network-manager-openvpn_1.10.2-2_source.buildinfo
Checksums-Sha256:
 2b11ba8a31feb3111763e476e99ea50cb15c8419791dd7de54e49483d60dd249 2395 
network-manager-openvpn_1.10.2-2.dsc
 a0ef5ddcd7c870bc3707c9d4d93c12ddded5377121eb642603fe8f3d499b4433 7752 
network-manager-openvpn_1.10.2-2.debian.tar.xz
 1613ecadec40436c1163092cd5793e246a92a1711a923bd143d78a64fb63c997 13938 
network-manager-openvpn_1.10.2-2_source.buildinfo
Files:
 34d8fef462a6dfe83527208cf3bf428c 2395 net optional 
network-manager-openvpn_1.10.2-2.dsc
 d8b91e01da9710c67bd2eb4980fced6d 7752 net optional 
network-manager-openvpn_1.10.2-2.debian.tar.xz
 ae1111d6f8555acdc5c179e741723cdc 13938 net optional 
network-manager-openvpn_1.10.2-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmO/ORoACgkQauHfDWCP
ItzF0Q/+MLVfqwIkZ5P3RZXWyp14hTryA6S/kDR9z/ECZLSmNJaiWKOuXxy3bsL5
D2FEUglBr7ZgW6S/aDbLSnSlTiVEZc8LG3FViFm4vyf4SNqX07Y3MmFFQeupi7UQ
/RFR3ZVM7YjwAqy4QMfLwMj54mxdryE9Xs/Afwy82CUk2qj5GlqysQQyVM8PJ6OT
X8mRhBGB1Tzq0aSfzTbGBnClig1qvQkADdyx12mwX75EY7zRJPrLKrO2R5P7B4Gf
hwMyy0XEKKnsSPQW5nzrW8GBnwJzJh/xZdyS5We7drG3yP69gTq4ophyt2nkqC1l
orA7i8hH42nn71NegvhoB2csztJPwCpLtu9SnHoVbeQUL1J68QMEIkOOhWRRZSsq
QNpk5HaM9nJY79Om8GBOgX/fwl1zO+tDRwNHvkwg3tj8bEyxcTIe3F8uJHuzzjVB
JoF/uWOngRBOWLLllt35XQpDnpEW60KKSlP7OhCQkChirZgDN44Pm8wQyE7sikyp
1u52SBGzmTbakdYEbOx7CsN0rvrvqWoiI0UAtzkGnshFQzytoX01WNip5O3o9JEc
YnezEa90TUicl3yLcAWtJH4CX7iwM1ONYTb5QoDUIOzc0HxyG5/w7u77MLt6pXsg
gbNHNZlQaU4pGSBFSDVWoqgK/4A/A/6mh7MD+UNNNjs3YH5LkBg=
=5PTo
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to