- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Sep 6 2017
falso fixed in 1.1.8
changes cherry-picked to lithium branch
Sep 4 2017
@syncer: Thinking about it I have a different proposal:
Sep 3 2017
Just added Finished Board for 1.2.x project
we likely will keep all there before include it in some milestone release
Tag VyOS 1.2.x should be removed as CVE is already fixed.
Aug 31 2017
maybe we can use something like | not-strip-private
for cases when dump should contain all info
strip-private is a bash-pipe function (/etc/bash_completion.d/vyatta-op).
Aug 30 2017
@UnicronNL can we fix and include this in 1.1.8 ?
@dmbaturin can you merge this pull request?
@EwaldvanGeffen confirmed that fix was done for 1.1.x
@dmbaturin can you merge it and introduce in 1.1.8 ?
Can you check this @dmbaturin @UnicronNL
VyOS 1.1.7 also has two interfaces (vti0 and ip_vti0)
Using VyOS 999.201708292137 I'm able to reproduce this.
Aug 29 2017
reproducible like that
@c-po try to delete upper node
I double checked with VyOS 1.1.7 where I can not reproduce the error. Is version 1.1.7 correct in this BUG report?
@c-po I don't have any of that in my configuration any longer. As I said in my last comment, I found a work-around to delete the bit that was causing the problem. I ended up not using vti interfaces in my system.
@ethomas could you please provide a full configuration for my tests? The only thing I see is:
I'll start an investigation after T345.
Ok
@c-po do you want to pick up this?
Basically we need to filter out private info by default
currently it possible to do via
Hey Christian,
assigning it to you
Aug 28 2017
Fine!
Fine.
Fixed in Kernel 4.4.26. VyOS 1.2.x (development) uses 4.4.47.
Aug 26 2017
@EwaldvanGeffen pointed another issue in T329
.bash_history content also must be processed (private info must be stripped) before it included
Well is part of show tech-support, output of which must be reviewed,
but i agree
Aug 25 2017
@syncer not in the config dump, in the bash-history that's included.
@EwaldvanGeffen see T328
I just noticed your pastes. We need to filter out the set password commands as they will contain plaintext passwords. This could be solved by making the command interactive (it asks for the password to be typed in) similarly to other platforms. There might be other stuff that requires filtering-out history or refactoring.
Aug 24 2017
We need to change default behaviour and enable strip-private by default
add key not-strip-private for cases when complete dump required
Aug 21 2017
this one is simple,
Kim please check
As this already merged, moving this to backlog for 1.1.8
Another good candidate for 1.1.8,
@UnicronNL @dmbaturin can you confirm and move to backlog
Please confirm that i can move this to 1.1.8 backlog
@EwaldvanGeffen can this patch go to 1.1.8?
Another CVE considered for 1.1.8
As this was merged, moving it to 1.1.8 backlog
Please check when you have time for 1.1.8
@dmbaturin @UnicronNL
any idea why this can happen,
as per report both current and stable affected
@dmbaturin confirmed that it can be included in 1.1.8
Added to 1.1.8 backlog
@UnicronNL @dmbaturin is something that is acceptable for 1.1.8 or should i move it to 1.2.x wish list instead?
I move this to backlog as it seems to be merged already
@UnicronNL can you add this fix
Assigned to Kim
@higebu lets change OS to Debian6 (so we can assign VMXNET3)
and set VMXNET3 adapter by default
We need to include that in 1.1.8