Your message dated Wed, 17 Aug 2022 13:53:57 +0000
with message-id <[email protected]>
and subject line Bug#1017379: fixed in openvpn 2.6.0~git20220811-2
has caused the Debian Bug report #1017379,
regarding nm-openvpn: capng_change_id() failed applying capabilities: Operation
not permitted (errno=1)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1017379: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017379
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: network-manager-openvpn
Version: 1.8.18-3
Severity: important
I upgraded some packages today and since then, I cannot connect to VPNs anymore.
* network-manager: 1.38.2-1 --> 1.38.4-1
* systemd: 251.3-1 --> 251.4-1
The connection seems to be successful at first, but then an error occurs (IP
addresses replaced by 1.2.3.4):
Aug 15 09:24:45 myhostname nm-openvpn[11804]: OpenVPN 2.6_git
x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO]
[AEAD] [DCO]
Aug 15 09:24:45 myhostname nm-openvpn[11804]: library versions: OpenSSL 3.0.5 5
Jul 2022, LZO 2.10
Aug 15 09:24:45 myhostname nm-openvpn[11804]: NOTE: the current
--script-security setting may allow this configuration to call user-defined
scripts
Aug 15 09:24:45 myhostname nm-openvpn[11804]: TCP/UDP: Preserving recently used
remote address: [AF_INET]1.2.3.4:1200
Aug 15 09:24:45 myhostname nm-openvpn[11804]: UDPv4 link local: (not bound)
Aug 15 09:24:45 myhostname nm-openvpn[11804]: UDPv4 link remote:
[AF_INET]1.2.3.4:1200
Aug 15 09:24:45 myhostname nm-openvpn[11804]: NOTE: chroot will be delayed
because of --client, --pull, or --up-delay
Aug 15 09:24:45 myhostname nm-openvpn[11804]: NOTE: UID/GID downgrade will be
delayed because of --client, --pull, or --up-delay
Aug 15 09:24:46 myhostname nm-openvpn[11804]: [fws-kef] Peer Connection
Initiated with [AF_INET]1.2.3.4:1200
Aug 15 09:24:46 myhostname nm-openvpn[11804]: sitnl_send: rtnl: generic error
(-17): File exists
Aug 15 09:24:46 myhostname nm-openvpn[11804]: DCO device tun1 opened
Aug 15 09:24:46 myhostname nm-openvpn[11804]:
/usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --debug 0 11799
--bus-name org.freedesktop.NetworkManager.openvpn.Connection_6 --tun -- tun1
1500 0 1.2.3.4 1.2.3.4 init
Aug 15 09:24:46 myhostname NetworkManager[1051]: <info> [1660548286.3476]
manager: (tun1): new Generic device (/org/freedesktop/NetworkManager/Devices/12)
Aug 15 09:24:46 myhostname kded5[3196]: org.kde.plasma.nm.kded: Unhandled VPN
connection state change: 4
Aug 15 09:24:46 myhostname NetworkManager[1051]: <info> [1660548286.3784]
device (tun1): carrier: link connected
Aug 15 09:24:46 myhostname nm-openvpn[11804]: chroot to
'/var/lib/openvpn/chroot' and cd to '/' succeeded
Aug 15 09:24:46 myhostname nm-openvpn[11804]: capng_change_id() failed applying
capabilities: Operation not permitted (errno=1)
Aug 15 09:24:46 myhostname nm-openvpn[11804]: NOTE: previous error likely due
to missing capability CAP_SETPCAP.
Aug 15 09:24:46 myhostname nm-openvpn[11804]: Exiting due to fatal error
Aug 15 09:24:46 myhostname nm-openvpn[11804]: net_addr_v4_del: 1.2.3.4 dev tun1
Aug 15 09:24:46 myhostname nm-openvpn[11804]: sitnl_send: rtnl: generic error
(-99): Cannot assign requested address
Aug 15 09:24:46 myhostname nm-openvpn[11804]: Linux can't del IP from iface tun1
Aug 15 09:24:46 myhostname kernel: tun1: tun1: deleting peer with id 28, reason 0
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.18.0-4-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages network-manager-openvpn depends on:
ii adduser 3.123
ii libc6 2.34-3
ii libglib2.0-0 2.72.3-1+b1
ii libnm0 1.38.4-1
ii network-manager 1.38.4-1
ii openvpn 2.6.0~git20220811-1
network-manager-openvpn recommends no packages.
network-manager-openvpn suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: openvpn
Source-Version: 2.6.0~git20220811-2
Done: Bernhard Schmidt <[email protected]>
We believe that the bug you reported is fixed in the latest version of
openvpn, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bernhard Schmidt <[email protected]> (supplier of updated openvpn package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 17 Aug 2022 15:30:31 +0200
Source: openvpn
Architecture: source
Version: 2.6.0~git20220811-2
Distribution: unstable
Urgency: medium
Maintainer: Bernhard Schmidt <[email protected]>
Changed-By: Bernhard Schmidt <[email protected]>
Closes: 1017379
Changes:
openvpn (2.6.0~git20220811-2) unstable; urgency=medium
.
* Cherry-Pick proposed upstream fix to disable DCO if unable to retain
capabilities, fixes network-manager-openvpn together with DCO
(Closes: #1017379)
Checksums-Sha1:
7136add050d35a8fae0f24b8b442f0b3fd04f661 2276 openvpn_2.6.0~git20220811-2.dsc
8c6b6d40255836eeef20637e8d56ed244d7752c9 60380
openvpn_2.6.0~git20220811-2.debian.tar.xz
12342414dfde2675904af97470949886450db61c 7994
openvpn_2.6.0~git20220811-2_amd64.buildinfo
Checksums-Sha256:
00ae8d874ec338ccfa445b183a12ef1aeae353f39d0032f6c1bf142ffec1555a 2276
openvpn_2.6.0~git20220811-2.dsc
b831c0443480cd7ec7b14fbec61d1d879ee1b3699ec2c48e88cfc6a0baf349f0 60380
openvpn_2.6.0~git20220811-2.debian.tar.xz
6242fb42f1e88090a01b3405a3714844b95e343bf16c6215582c6dc00708c76c 7994
openvpn_2.6.0~git20220811-2_amd64.buildinfo
Files:
28b9caa7d18ecade50ce343bd786040d 2276 net optional
openvpn_2.6.0~git20220811-2.dsc
512af16918082eaf0438527347a7b01d 60380 net optional
openvpn_2.6.0~git20220811-2.debian.tar.xz
e7ebd23afaedac9db2c9b0217e256e0a 7994 net optional
openvpn_2.6.0~git20220811-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAmL87tARHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJMt4Q//Y/39j4xn6teDeEG1CqwCj8X6FuKd/E2r
BUKtY80OiztHboRXLj8yhfeXePfKQDIjhmq2wmxIqV+HK78fn8mPWeHuQPooKJ81
gXbEU4TnSUlWPx3iDJUHPT8R0nDIq9iTNgh8lgNbKjxckoBcVOE0zk32XpaUbLXK
yiHLgfY791VkR8qwGJ3Utmqp5YL9eyTrJeUq+i9nvsKSwfHkeXk4OPoQ/SmVX1Sp
QBvMuShlIJfpdcL9om5udhaXHLTH5Cdu/EwBPCPBSHiIjaAeK/XWoVtvT26puXLB
3N0FnZry/O2WxDNoJyzoHg/Aoo5IsxUcQAeR5WIuJ7edUB7D6RFQA0z50ogz9vBV
LKeVbs0JtcJ6czGftzSfJN0NMMXJOPDKNIosoVscX2S91+d11eA/DUZ61tlNMioQ
Ij/Qu0hco3oDAai2IBy8mQZVCjHdVq7ZhlK2RTkCPP/XQufCL9bK1QNDgvH4hCWX
1khbumQQXx+AYdZ7CA6nuryfpaijjqBGvh9067mZiXhPHBuJ99bO5i5J369ESbKE
iFFIZOmyUaUsz2J7hJDS8yWuFI/Hyiroq1U3AZpGfLEZaANgrL0SoGKRvh8WtnMD
/8vW0mbioGMYrOEXkoFQh0yfdGnEpV2GUXY0l5EKiEGMIzIRlfuxtkStvOBJSxc4
SjQlmSw7GZI=
=GmkE
-----END PGP SIGNATURE-----
--- End Message ---
