Confirming this is broken. Dropping the patch 0001-dns-use-DBus-to-make-
dnsmasq-nameserver-changes.patch in network-manager
(1.2.4-0ubuntu0.16.04.1) was done, but it looks like not all the code in
that patch was actually upstream.
** Changed in: network-manager (Ubuntu)
Status: New => Confirmed
** Changed in: network-manager (Ubuntu)
Importance: Undecided => High
** Tags added: regression-update
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1754671
Title:
Full-tunnel VPN DNS leakage regression
Status in network-manager package in Ubuntu:
Confirmed
Bug description:
In 16.04 the NetworkManager package used to carry this patch:
http://bazaar.launchpad.net/~network-manager/network-manager/ubuntu/view/head:/debian/patches/Filter-DNS-servers-to-add-to-dnsmasq-based-on-availa.patch
It fixed the DNS setup so that when I'm on the VPN, I am not sending
unencrypted DNS queries to the (potentially hostile) local
nameservers.
This patch disappeared in an update. I think it was present in
1.2.2-0ubuntu0.16.04.4 but was dropped some time later.
This security bug exists upstream too:
https://bugzilla.gnome.org/show_bug.cgi?id=746422
It's not a *regression* there though, as they didn't fix it yet
(unfortunately!)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1754671/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
