Bug 458612 - OpenVPN 2.1rc9 contains two inacceptable regressions for EPEL and Fedora
OpenVPN 2.1rc9 contains two inacceptable regressions for EPEL and Fedora
Status: CLOSED NEXTRELEASE
Product: Fedora EPEL
Classification: Fedora
Component: openvpn (Show other bugs)
el5
All Linux
medium Severity urgent
: ---
: ---
Assigned To: Steven Pritchard
Fedora Extras Quality Assurance
http://openvpn.net/index.php/document...
:
Depends On: 458594 458600
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-10 17:53 EDT by Robert Scheck
Modified: 2008-12-21 03:33 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-12-02 18:16:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Robert Scheck 2008-08-10 17:53:51 EDT
Description of problem:
OpenVPN 2.1rc9 contains two inacceptable regressions for EPEL and Fedora:

 1. Missing "--script-security 3" in initscript for backward compatibility
    without breaking current setups during upgrade (2.1rc9 is a security
    bugfix release), see bug #458594

 2. It looks like the change from system() -> execvp() breaks tls-verify
    commands in pipe behaviour or line foldings/endings, see bug #458600

The issues don't exist in OpenVPN 2.1rc8 or previous, came up with 2.1rc9
the first time, so this is an OpenVPN regression then. I know, you're just
the downstream maintainer, but the problems have to be solved, before any
new OpenVPN package should ever go to stable. I really did not have a nice
Sunday today caused by this stuff ;-)

As far as I can see and reproduce, this problem affects Fedora and EPEL.

Version-Release number of selected component (if applicable):
openvpn-2.1-0.27.rc9

How reproducible:
Everytime, see above.

Expected results:
Both issues solved before a push of the new OpenVPN packages to stable.
Comment 1 Robert Scheck 2008-10-13 14:20:27 EDT
OpenVPN 2.1rc13 still shows exactly the same issues to me. It also breaks (as 
starting with rc9) client-connect/disconnect scripts by just not executing 
them - completely independent of what I set script-security option to. Can we 
please unpull the crappy OpenVPN package from EPEL really ASAP?
Comment 2 Robert Scheck 2008-10-14 02:29:34 EDT
James, maybe a more important thing: Can you unbreak client-connect/disconnect 
scripts again, please? Seemingly, both scripts (e.g. /etc/openvpn/connect.sh) are just not executed, script-security 3 doesn't change anything; script has
some iptables commands in it choosed by the given CN.
Comment 3 Robert Scheck 2008-10-30 03:26:41 EDT
James, can we please concentrate on the non-working client-connect/disconnect 
scripts first rather bug #458600? Thank you.
Comment 4 Robert Scheck 2008-11-02 17:52:21 EST
The non-working client-connect/disconnect scripts are caused by missing PATH 
exports since rc9. Using full path inside of the script solves the issue. For
Fedora and especially EPEL this is a regression.
Comment 5 Fedora Update System 2008-11-30 09:44:48 EST
openvpn-2.1-0.29.rc15.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/openvpn-2.1-0.29.rc15.fc9
Comment 6 Fedora Update System 2008-11-30 09:44:51 EST
openvpn-2.1-0.29.rc15.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/openvpn-2.1-0.29.rc15.fc10
Comment 7 Fedora Update System 2008-11-30 09:45:00 EST
openvpn-2.1-0.29.rc15.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/openvpn-2.1-0.29.rc15.fc8
Comment 8 Fedora Update System 2008-12-21 03:18:28 EST
openvpn-2.1-0.29.rc15.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2008-12-21 03:21:34 EST
openvpn-2.1-0.29.rc15.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2008-12-21 03:33:09 EST
openvpn-2.1-0.29.rc15.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.