[Bug 1969734] Re: [Jammy] NetworkManager-openconnect 1.2.6 not compatible with openconnect 8.20

Łukasz Zemczak 1969734 at bugs.launchpad.net
Tue Aug 2 08:06:46 UTC 2022 

I have reviewed the debdiff, the proposed changes are sane and I was
able to find the original change in the upstream repository. I'll
sponsor it to the Unapproved queue, but before this can be reviewed and
accepted as an SRU, me (and possibly other SRU members) would like to
know:

 * What is the regression potential of this change? The [Where problems could occur] section needs to be filled in with regression analysis.
 * Related to the point above, since this fix basically reverts a bugfix, how big of an impact will this have on the users? Was the bug a very frequently encountered one? Seems more like an edge-case though? I'd like this info included in the bug description as well.

Thanks.

** Also affects: openconnect (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Also affects: network-manager-openconnect (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Changed in: openconnect (Ubuntu)
       Status: New => Fix Released

** Changed in: openconnect (Ubuntu Jammy)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1969734

Title:
  [Jammy] NetworkManager-openconnect 1.2.6 not compatible with
  openconnect 8.20

Status in network-manager-openconnect:
  Fix Released
Status in network-manager-openconnect package in Ubuntu:
  Confirmed
Status in openconnect package in Ubuntu:
  Fix Released
Status in network-manager-openconnect source package in Jammy:
  New
Status in openconnect source package in Jammy:
  Incomplete

Bug description:
  This bug only affects the specific combination of network-manager-
  openconnect and openconnect that ended up in Jammy.

  openconnect 8.20 breaks compatibility with NetworkManager-openconnect
  8.20:

  "As of openconnect 8.20, INTERNAL_IPx_NETMASK can be set to 0.0.0.0 and
  /0 and this causes network manager to fail with a bad IP configuration.
  This happens because 0.0.0.0/0 is set as a split route, but rewritten to
  be used as netmask instead.
  If we detect this we force a /32 or /128 (IPv6) netmask prefix and avoid
  setting the CONFIG_NEVER_DEFAULT options."

  This commit was reverted because the upstream devs intention is to
  always be backwards compatible. Later the feature was implemented
  again in another way.

  So the best way forward for Jammy is to revert the openconnect commit.

  Working on making an SRU from this...

  [Impact]

   * Users with a common GlobalProtect serverside configuration will not be able
     to connect.

   * This is caused by an backwards incompatible change in openconnect between
     openconnect and network-manager-openconnect

   * The debdiff fixes it by reverting the backwards incompatible
  change.

  [Test Plan]

   * You need a GlobalProtect server to test it, so perhaps we can collect reports
     from affected users.

   * This follows upstreams fixes only.

  [Where problems could occur]

   * WIP

  [Other Info]

   * There is no Debian release with this combination of versions so we
     can't import the fix from there.

   * WIP

To manage notifications about this bug go to:
https://bugs.launchpad.net/network-manager-openconnect/+bug/1969734/+subscriptions

More information about the Ubuntu-sponsors mailing list