Red Hat Bugzilla – Bug 458612
OpenVPN 2.1rc9 contains two inacceptable regressions for EPEL and Fedora
Last modified: 2008-12-21 03:33:09 EST
Description of problem:
OpenVPN 2.1rc9 contains two inacceptable regressions for EPEL and Fedora:
1. Missing "--script-security 3" in initscript for backward compatibility
without breaking current setups during upgrade (2.1rc9 is a security
bugfix release), see bug #458594
2. It looks like the change from system() -> execvp() breaks tls-verify
commands in pipe behaviour or line foldings/endings, see bug #458600
The issues don't exist in OpenVPN 2.1rc8 or previous, came up with 2.1rc9
the first time, so this is an OpenVPN regression then. I know, you're just
the downstream maintainer, but the problems have to be solved, before any
new OpenVPN package should ever go to stable. I really did not have a nice
Sunday today caused by this stuff ;-)
As far as I can see and reproduce, this problem affects Fedora and EPEL.
Version-Release number of selected component (if applicable):
Everytime, see above.
Both issues solved before a push of the new OpenVPN packages to stable.
OpenVPN 2.1rc13 still shows exactly the same issues to me. It also breaks (as
starting with rc9) client-connect/disconnect scripts by just not executing
them - completely independent of what I set script-security option to. Can we
please unpull the crappy OpenVPN package from EPEL really ASAP?
James, maybe a more important thing: Can you unbreak client-connect/disconnect
scripts again, please? Seemingly, both scripts (e.g. /etc/openvpn/connect.sh) are just not executed, script-security 3 doesn't change anything; script has
some iptables commands in it choosed by the given CN.
James, can we please concentrate on the non-working client-connect/disconnect
scripts first rather bug #458600? Thank you.
The non-working client-connect/disconnect scripts are caused by missing PATH
exports since rc9. Using full path inside of the script solves the issue. For
Fedora and especially EPEL this is a regression.
openvpn-2.1-0.29.rc15.fc9 has been submitted as an update for Fedora 9.
openvpn-2.1-0.29.rc15.fc10 has been submitted as an update for Fedora 10.
openvpn-2.1-0.29.rc15.fc8 has been submitted as an update for Fedora 8.
openvpn-2.1-0.29.rc15.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
openvpn-2.1-0.29.rc15.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
openvpn-2.1-0.29.rc15.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.