[Bug 1969734] Re: [Jammy] NetworkManager-openconnect 1.2.6 not compatible with openconnect 8.20

Luís Cunha dos Reis Infante da Câmara 1969734 at bugs.launchpad.net
Fri Aug 5 21:01:29 UTC 2022 

** Description changed:

  This bug only affects the specific combination of network-manager-
  openconnect and openconnect that ended up in Jammy.
  
  openconnect 8.20 breaks compatibility with NetworkManager-openconnect
  8.20:
  
  "As of openconnect 8.20, INTERNAL_IPx_NETMASK can be set to 0.0.0.0 and
  /0 and this causes network manager to fail with a bad IP configuration.
  This happens because 0.0.0.0/0 is set as a split route, but rewritten to
  be used as netmask instead.
  If we detect this we force a /32 or /128 (IPv6) netmask prefix and avoid
  setting the CONFIG_NEVER_DEFAULT options."
  
  This commit was reverted because the upstream devs intention is to
  always be backwards compatible. Later the feature was implemented again
  in another way.
  
  So the best way forward for Jammy is to revert the openconnect commit.
  
  Working on making an SRU from this...
  
  [Impact]
- 
-  * Users with a common GlobalProtect serverside configuration will not be able
-    to connect.
+ Users with a common GlobalProtect serverside configuration will not be able to connect.
  
   * This is caused by an backwards incompatible change in openconnect between
-    openconnect and network-manager-openconnect
+    openconnect and network-manager-openconnect, that adds the ability for NetworkManager to override the server-provided configuration for split VPN.
  
   * The debdiff fixes it by reverting the backwards incompatible change.
  
  [Test Plan]
+ A GlobalProtect server is needed to test it, so perhaps we can collect reports from affected users.
  
-  * You need a GlobalProtect server to test it, so perhaps we can collect reports
-    from affected users.
- 
-  * This follows upstreams fixes only.
+ This follows upstream fixes only.
  
  [Where problems could occur]
- 
-  * WIP
+ Other packages in the Ubuntu archive can depend on the feature, potentially causing regressions, or have other regressions due to the change.
  
  [Other Info]
- 
-  * There is no Debian release with this combination of versions so we
-    can't import the fix from there.
- 
-  * WIP
+ There is no Debian release with this combination of versions so we can't import the fix from there.

** Description changed:

  This bug only affects the specific combination of network-manager-
  openconnect and openconnect that ended up in Jammy.
  
  openconnect 8.20 breaks compatibility with NetworkManager-openconnect
  8.20:
  
  "As of openconnect 8.20, INTERNAL_IPx_NETMASK can be set to 0.0.0.0 and
  /0 and this causes network manager to fail with a bad IP configuration.
  This happens because 0.0.0.0/0 is set as a split route, but rewritten to
  be used as netmask instead.
  If we detect this we force a /32 or /128 (IPv6) netmask prefix and avoid
  setting the CONFIG_NEVER_DEFAULT options."
  
  This commit was reverted because the upstream devs intention is to
  always be backwards compatible. Later the feature was implemented again
  in another way.
  
  So the best way forward for Jammy is to revert the openconnect commit.
  
  Working on making an SRU from this...
  
  [Impact]
  Users with a common GlobalProtect serverside configuration will not be able to connect.
  
-  * This is caused by an backwards incompatible change in openconnect between
-    openconnect and network-manager-openconnect, that adds the ability for NetworkManager to override the server-provided configuration for split VPN.
+ This is caused by an backwards incompatible change in openconnect
+ between openconnect and network-manager-openconnect, that adds the
+ ability for NetworkManager to override the server-provided configuration
+ for split VPN.
  
-  * The debdiff fixes it by reverting the backwards incompatible change.
+ The debdiff fixes it by reverting this change.
  
  [Test Plan]
  A GlobalProtect server is needed to test it, so perhaps we can collect reports from affected users.
  
  This follows upstream fixes only.
  
  [Where problems could occur]
  Other packages in the Ubuntu archive can depend on the feature, potentially causing regressions, or have other regressions due to the change.
  
  [Other Info]
  There is no Debian release with this combination of versions so we can't import the fix from there.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1969734

Title:
  [Jammy] NetworkManager-openconnect 1.2.6 not compatible with
  openconnect 8.20

Status in network-manager-openconnect:
  Fix Released
Status in network-manager-openconnect package in Ubuntu:
  Confirmed
Status in openconnect package in Ubuntu:
  Fix Released
Status in network-manager-openconnect source package in Jammy:
  New
Status in openconnect source package in Jammy:
  Incomplete

Bug description:
  This bug only affects the specific combination of network-manager-
  openconnect and openconnect that ended up in Jammy.

  openconnect 8.20 breaks compatibility with NetworkManager-openconnect
  8.20:

  "As of openconnect 8.20, INTERNAL_IPx_NETMASK can be set to 0.0.0.0 and
  /0 and this causes network manager to fail with a bad IP configuration.
  This happens because 0.0.0.0/0 is set as a split route, but rewritten to
  be used as netmask instead.
  If we detect this we force a /32 or /128 (IPv6) netmask prefix and avoid
  setting the CONFIG_NEVER_DEFAULT options."

  This commit was reverted because the upstream devs intention is to
  always be backwards compatible. Later the feature was implemented
  again in another way.

  So the best way forward for Jammy is to revert the openconnect commit.

  Working on making an SRU from this...

  [Impact]
  Users with a common GlobalProtect serverside configuration will not be able to connect.

  This is caused by an backwards incompatible change in openconnect
  between openconnect and network-manager-openconnect, that adds the
  ability for NetworkManager to override the server-provided
  configuration for split VPN.

  The debdiff fixes it by reverting this change.

  [Test Plan]
  A GlobalProtect server is needed to test it, so perhaps we can collect reports from affected users.

  This follows upstream fixes only.

  [Where problems could occur]
  Other packages in the Ubuntu archive can depend on the feature, potentially causing regressions, or have other regressions due to the change.

  [Other Info]
  There is no Debian release with this combination of versions so we can't import the fix from there.

To manage notifications about this bug go to:
https://bugs.launchpad.net/network-manager-openconnect/+bug/1969734/+subscriptions

More information about the Ubuntu-sponsors mailing list