** Description changed: + [ Feature Freeze Exception ] + + * The NTRU plugin was enabled in all past releases, so if we re-enable + this actually it isn't a Feature change for upgraders. Instead if we + don't resolve this bug is a "loss of features" - therefore I'm even + unsure this would need an FFe but let us stick to the process. + + * Background: In an effort to synchronize between Debian and Ubuntu we + got many things enabled and packaged in Debian that were only in Ubuntu + before. But at the same time we disabled several plugins that are not + enabled by default and also unused according to bug/usage reports in the + past. This is such a report identifying one of our clearings being + overzealous; so I'd want to re-enable it. + + * The plugin is standardized (no experimental crap) [1] and considered + stable [2] since quite a while. + + [1]: https://wiki.strongswan.org/projects/strongswan/wiki/NTRU + [2]: https://wiki.strongswan.org/projects/strongswan/wiki/PluginList + + I'd be happy if the ubuntu-release Team could give a quick ack to my + assumptions so I can upload this to Focal once all things are in place. + + ------------ + + the post quantum Key Exchange Algo NTRU is missing in Focal on edgy is still there: # cat /etc/issue Ubuntu 19.10 \n \l # apt list | grep strongswan WARNING: apt does not have a stable CLI interface. Use with caution in scripts. libstrongswan-extra-plugins/eoan,now 5.7.2-1ubuntu3 amd64 [installed] libstrongswan-extra-plugins/eoan 5.7.2-1ubuntu3 i386 libstrongswan-standard-plugins/eoan,now 5.7.2-1ubuntu3 amd64 [installed,automatic] libstrongswan-standard-plugins/eoan 5.7.2-1ubuntu3 i386 libstrongswan/eoan,now 5.7.2-1ubuntu3 amd64 [installed,automatic] libstrongswan/eoan 5.7.2-1ubuntu3 i386 network-manager-strongswan/eoan 1.4.4-2 amd64 network-manager-strongswan/eoan 1.4.4-2 i386 strongswan-charon/eoan,now 5.7.2-1ubuntu3 amd64 [installed,automatic] strongswan-charon/eoan 5.7.2-1ubuntu3 i386 strongswan-libcharon/eoan,now 5.7.2-1ubuntu3 amd64 [installed,automatic] strongswan-libcharon/eoan 5.7.2-1ubuntu3 i386 strongswan-nm/eoan 5.7.2-1ubuntu3 amd64 strongswan-nm/eoan 5.7.2-1ubuntu3 i386 strongswan-pki/eoan 5.7.2-1ubuntu3 amd64 strongswan-pki/eoan 5.7.2-1ubuntu3 i386 strongswan-scepclient/eoan 5.7.2-1ubuntu3 amd64 strongswan-scepclient/eoan 5.7.2-1ubuntu3 i386 strongswan-starter/eoan,now 5.7.2-1ubuntu3 amd64 [installed,automatic] strongswan-starter/eoan 5.7.2-1ubuntu3 i386 strongswan-swanctl/eoan,now 5.7.2-1ubuntu3 amd64 [installed] strongswan-swanctl/eoan 5.7.2-1ubuntu3 i386 strongswan-tnc-base/eoan,eoan 5.7.2-1ubuntu3 all strongswan-tnc-client/eoan,eoan 5.7.2-1ubuntu3 all strongswan-tnc-ifmap/eoan,eoan 5.7.2-1ubuntu3 all strongswan-tnc-pdp/eoan,eoan 5.7.2-1ubuntu3 all strongswan-tnc-server/eoan,eoan 5.7.2-1ubuntu3 all strongswan/eoan,eoan,now 5.7.2-1ubuntu3 all [installed] # ipsec statusall | grep ntru - loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke vici updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-imc tnc-imv tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity counters + loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke vici updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-imc tnc-imv tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity counters ---------------------------------------------------------- but on current focal it is missing: ---------------------------------------------------------- # cat /etc/issue Ubuntu Focal Fossa (development branch) \n \l # apt list | grep strongswan WARNING: apt does not have a stable CLI interface. Use with caution in scripts. libstrongswan-extra-plugins/focal,now 5.8.2-1ubuntu1 amd64 [installed] libstrongswan-standard-plugins/focal,now 5.8.2-1ubuntu1 amd64 [installed] libstrongswan/focal,now 5.8.2-1ubuntu1 amd64 [installed,automatic] network-manager-strongswan/focal 1.4.4-2 amd64 strongswan-charon/focal,now 5.8.2-1ubuntu1 amd64 [installed,automatic] strongswan-libcharon/focal,now 5.8.2-1ubuntu1 amd64 [installed,automatic] strongswan-nm/focal 5.8.2-1ubuntu1 amd64 strongswan-pki/focal 5.8.2-1ubuntu1 amd64 strongswan-scepclient/focal 5.8.2-1ubuntu1 amd64 strongswan-starter/focal,now 5.8.2-1ubuntu1 amd64 [installed] strongswan-swanctl/focal,now 5.8.2-1ubuntu1 amd64 [installed] strongswan-tnc-base/focal,focal 5.8.2-1ubuntu1 all strongswan-tnc-client/focal,focal 5.8.2-1ubuntu1 all strongswan-tnc-ifmap/focal,focal 5.8.2-1ubuntu1 all strongswan-tnc-pdp/focal,focal 5.8.2-1ubuntu1 all strongswan-tnc-server/focal,focal 5.8.2-1ubuntu1 all strongswan/focal,focal,now 5.8.2-1ubuntu1 all [installed] # ipsec statusall | grep ntru # (nothing .. not there) # pluginlist of ipsec statusall: - loaded plugins: charon test-vectors ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm drbg curl attr kernel-netlink resolve socket-default connmark farp stroke vici updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity counters + loaded plugins: charon test-vectors ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm drbg curl attr kernel-netlink resolve socket-default connmark farp stroke vici updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity counters there is also no other post quantum algo available
** Changed in: strongswan (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1863749 Title: [FFe] NTRU Plugin Missing in Focal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1863749/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
