Bug#1031906: marked as done (openconnect: Fails with Unexpected Pulse config packet using newer pulse server)

Debian Bug Tracking System Sat, 25 Feb 2023 11:39:19 -0800

Your message dated Sat, 25 Feb 2023 19:35:14 +0000
with message-id <[email protected]>
and subject line Bug#1031906: fixed in openconnect 9.01-3
has caused the Debian Bug report #1031906,
regarding openconnect: Fails with Unexpected Pulse config packet using newer 
pulse server
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1031906: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031906
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: openconnect
Version: 9.01-2
Severity: important
X-Debbugs-Cc: none, Michael Welsh Duggan <[email protected]>

Dear Maintainer,

My place of work updated their Pulse VPN server.  After this upgrade, I
could no longer connect.  For example:

$ openconnect --protocol=pulse vpn.sei.cmu.edu/ipsec
Connected to 128.237.28.52:443
SSL negotiation with vpn.sei.cmu.edu
Connected to HTTPS on vpn.sei.cmu.edu with ciphersuite 
(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA512)-(AES-256-GCM)
Got HTTP response: HTTP/1.1 101 Switching Protocols
Enter user credentials:
Username:mwd
Password:
Enter secondary credentials:
Secondary password:
Unexpected Pulse config packet:
< 0000:  00 00 0a 4c 00 00 00 01  00 00 01 66 00 00 01 fc  |...L.......f....|
< 0010:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
< 0020:  2e 20 f0 00 00 00 00 00  00 00 01 56 2e 00 00 0d  |. .........V....|
< 0030:  03 00 00 00 40 25 00 01  01 2c 00 00 0d 03 00 00  |....@%...,......|
< 0040:  00 40 26 00 01 01 2e 00  00 18 01 00 00 00 07 00  |.@&.............|
< 0050:  00 10 00 00 ff ff 00 00  00 00 ff ff ff ff 00 00  |................|
< 0060:  01 08 03 00 00 00 40 00  00 01 01 40 01 00 01 01  |......@....@....|
< 0070:  40 1f 00 01 00 40 20 00  01 01 40 21 00 01 01 40  |@....@ ...@!...@|
< 0080:  05 00 04 00 00 05 78 00  03 00 04 0a 40 ff 64 40  |[email protected]@|
< 0090:  06 00 24 61 64 2e 73 65  69 2e 63 6d 75 2e 65 64  |..$ad.sei.cmu.ed|
< 00a0:  75 2c 73 65 69 2e 63 6d  75 2e 65 64 75 2c 63 65  |u,sei.cmu.edu,ce|
< 00b0:  72 74 2e 6f 72 67 00 40  07 00 04 00 00 00 01 00  |rt.org.@........|
< 00c0:  04 00 04 ff ff ff ff 40  19 00 01 01 40 1a 00 01  |.......@....@...|
< 00d0:  01 40 24 00 01 01 40 17  00 04 00 00 00 0f 40 0f  |.@$...@.......@.|
< 00e0:  00 02 00 00 40 10 00 02  00 05 40 11 00 02 00 03  |....@.....@.....|
< 00f0:  40 12 00 04 00 00 04 b0  40 13 00 04 00 00 00 00  |@.......@.......|
< 0100:  40 14 00 04 00 00 00 01  40 15 00 04 00 00 00 00  |@.......@.......|
< 0110:  40 16 00 02 11 94 40 17  00 04 00 00 00 0f 40 18  |@.....@.......@.|
< 0120:  00 04 00 00 00 3c 00 01  00 04 0a 40 c9 59 00 02  |.....<[email protected]..|
< 0130:  00 04 ff ff ff ff 40 0b  00 04 0a 40 cb 00 40 0a  |......@....@..@.|
< 0140:  00 01 01 40 0c 00 01 00  40 0d 00 01 00 40 0e 00  |...@....@....@..|
< 0150:  01 00 40 1b 00 01 00 40  1c 00 01 00 00 13 00 01  |..@....@........|
< 0160:  00 00 14 00 01 00                                 |......|
Creating SSL connection failed
Unknown error; exiting.

Applying the following patch from the openconnect upstream repository
fixes this problem for me:

https://gitlab.com/openconnect/openconnect/-/commit/c9831b382c7839682b3f1ea0a7f950e6cb55d5e8


-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.0.0-2-amd64 (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openconnect depends on:
ii  libc6            2.36-8
ii  libgnutls30      3.7.8-5
ii  libopenconnect5  9.01-2
ii  libproxy1v5      0.4.18-1.2
ii  libxml2          2.9.14+dfsg-1.1+b3
ii  vpnc-scripts     0.1~git20220510-1

Versions of packages openconnect recommends:
ii  python3             3.11.1-3
ii  python3-asn1crypto  1.5.1-2
ii  python3-mechanize   1:0.4.8+pypi-5
ii  python3-netifaces   0.11.0-2+b1

Versions of packages openconnect suggests:
ii  bash-completion  1:2.11-6
ii  xdg-utils        1.1.3-4.1

-- no debconf information

-- 
Michael Welsh Duggan
([email protected])

--- End Message ---

--- Begin Message ---

Source: openconnect
Source-Version: 9.01-3
Done: Luca Boccassi <[email protected]>

We believe that the bug you reported is fixed in the latest version of
openconnect, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luca Boccassi <[email protected]> (supplier of updated openconnect package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 25 Feb 2023 18:46:29 +0000
Source: openconnect
Architecture: source
Version: 9.01-3
Distribution: unstable
Urgency: medium
Maintainer: Mike Miller <[email protected]>
Changed-By: Luca Boccassi <[email protected]>
Closes: 1031906
Changes:
 openconnect (9.01-3) unstable; urgency=medium
 .
   * Bump Standards-Version to 4.6.2, no changes
   * Backport patch to fix connection to Pulse server v9.1R16 (Closes:
     #1031906)
Checksums-Sha1:
 2fe13fddb82a457235f9c3e7dc739732f88bfe97 2988 openconnect_9.01-3.dsc
 971235415989fd57161e19f2f3806671c7802262 17236 openconnect_9.01-3.debian.tar.xz
 ba0173145f0c2feb63517495b104bcf985fab150 11089 
openconnect_9.01-3_source.buildinfo
Checksums-Sha256:
 6a137b242c03299abc868ee907e3f7d621e81e08936c4abe50fbcfbdf4070faa 2988 
openconnect_9.01-3.dsc
 e59c943be5f162b1319ad89880372ef8dc215d91ece2b6841e6f297ca4779529 17236 
openconnect_9.01-3.debian.tar.xz
 53efbdd3d59b9b1d600f95811eb2f3a827435ac824c85545a8ba803905ae11e5 11089 
openconnect_9.01-3_source.buildinfo
Files:
 f68d1359b6e9e846bba92f101434b472 2988 net optional openconnect_9.01-3.dsc
 675024b4a9db0b4d12a92d6bee4a8f94 17236 net optional 
openconnect_9.01-3.debian.tar.xz
 4075b2970fbeb252831069274c725865 11089 net optional 
openconnect_9.01-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEErCSqx93EIPGOymuRKGv37813JB4FAmP6WDARHGJsdWNhQGRl
Ymlhbi5vcmcACgkQKGv37813JB42hQ//WjtlgLsHTxjKv4dx0qul6WyR5jRSAUeh
UGc60XFBhvfbdDRjeshtDlN+r4ZFWWFv60Wq4px+i9wPVBX1L9cRi0A96XgrMMmh
rHsDiimX+T/5gzO7MoGFSgNqbRhgWt4CD5WQZEjuzlWzZjLIlC9xZaFKIX6LSr3X
jUOnR/mqMyH9iVshA+xCSUWKh85Aq7aeu4EaX24gZtOV5O88DLL7PWFaE+4U1GOn
8sjG7rBDEW0bwC/1SASdoiulRBKoIX8CsZQngchynM1gTQScwA9HtLYJ7cSI3A/N
Wcca+miJ8Bh/9qRGWs8j6Gg24zJVezPh8l40oepEbhl5+6bM4FZt+JvI2mdkRviw
+YcJfneyQXFU2IM6Kfgbo1d2SgbGQVkMZTB7WQdHkdzCwzUy978gBIcXs6ZctgUw
0xonZdrrfKRgLiLJrZrEPdYGYJhZDOKRxdqz2YS/UfiDhJc1oWkknkR66fYHzHba
rUjihg2I3Wc6fcqI/Emy8NEgvzT7lEFgCnZo8OYxyv6mwQ3zK/pZbRmm2o2fuDhd
PFNMvsouxvS37jvDo+9oSZiugle97PrG3zz+9i0EBiic5A91yyTvUN7icDURy0VK
oGH3YhrcxWy49ZwhV9zGE0gucr0RFzzctLb+7IrN0YUHmlMkQhPzEhq/Wy8d9tUi
S7AcXn/fHBM=
=iodL
-----END PGP SIGNATURE-----

--- End Message ---

Bug#1031906: marked as done (openconnect: Fails with Unexpected Pulse config packet using newer pulse server)

Reply via email to