Bug 458612
| Summary: | OpenVPN 2.1rc9 contains two inacceptable regressions for EPEL and Fedora | ||
|---|---|---|---|
| Product: | [Fedora] Fedora EPEL | Reporter: | Robert Scheck <redhat-bugzilla> |
| Component: | openvpn | Assignee: | Steven Pritchard <steve> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | urgent | Docs Contact: | |
| Priority: | medium | ||
| Version: | el5 | CC: | earthbase2008, redhat, robert.scheck |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://openvpn.net/index.php/documentation/change-log/changelog-21.html | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-12-02 23:16:06 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 458594, 458600 | ||
| Bug Blocks: | |||
OpenVPN 2.1rc13 still shows exactly the same issues to me. It also breaks (as starting with rc9) client-connect/disconnect scripts by just not executing them - completely independent of what I set script-security option to. Can we please unpull the crappy OpenVPN package from EPEL really ASAP? James, maybe a more important thing: Can you unbreak client-connect/disconnect scripts again, please? Seemingly, both scripts (e.g. /etc/openvpn/connect.sh) are just not executed, script-security 3 doesn't change anything; script has some iptables commands in it choosed by the given CN. James, can we please concentrate on the non-working client-connect/disconnect scripts first rather bug #458600? Thank you. The non-working client-connect/disconnect scripts are caused by missing PATH exports since rc9. Using full path inside of the script solves the issue. For Fedora and especially EPEL this is a regression. openvpn-2.1-0.29.rc15.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/openvpn-2.1-0.29.rc15.fc9 openvpn-2.1-0.29.rc15.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/openvpn-2.1-0.29.rc15.fc10 openvpn-2.1-0.29.rc15.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/openvpn-2.1-0.29.rc15.fc8 openvpn-2.1-0.29.rc15.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. openvpn-2.1-0.29.rc15.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. openvpn-2.1-0.29.rc15.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: OpenVPN 2.1rc9 contains two inacceptable regressions for EPEL and Fedora: 1. Missing "--script-security 3" in initscript for backward compatibility without breaking current setups during upgrade (2.1rc9 is a security bugfix release), see bug #458594 2. It looks like the change from system() -> execvp() breaks tls-verify commands in pipe behaviour or line foldings/endings, see bug #458600 The issues don't exist in OpenVPN 2.1rc8 or previous, came up with 2.1rc9 the first time, so this is an OpenVPN regression then. I know, you're just the downstream maintainer, but the problems have to be solved, before any new OpenVPN package should ever go to stable. I really did not have a nice Sunday today caused by this stuff ;-) As far as I can see and reproduce, this problem affects Fedora and EPEL. Version-Release number of selected component (if applicable): openvpn-2.1-0.27.rc9 How reproducible: Everytime, see above. Expected results: Both issues solved before a push of the new OpenVPN packages to stable.