Bug#496314: openvpn: script failed: could not execute external program

[Vincent Danjean]

Package: openvpn
Version: 2.1~rc9-3
Severity: important

  After upgrading the openvpn package, my vpn cannot be launched. I got
"script failed: could not execute external program"
  I saw the NEWS.Debian talking about --script-security.
This is a first (needed) step but this is not enought.

  I used to have shell script in my 'up' and 'route-up' parameters :

up "ifconfig $dev hw ether $(hostname | md5sum | sed -s 
's/\\(..\\)\\(..\\)\\(..\\)\\(..\\).*/00:ff:\\1:\\2:\\3:\\4/') && : "
route-up "run() { ifup $dev=dhcp & } ; run"

The documentation (man page) tells that it is correct:
[...]
       --up cmd
[...]
              Note that cmd can be a shell command with multiple arguments, in
              which case all OpenVPN-generated arguments will be  appended  to
              cmd to build a command line which will be passed to the shell.
[...]

  This is not the case anymore. It seems that openvpn try to execute the whole
'up' or 'route-up' parameter (without taking into account any parameters).

I tried:
up "/tmp/cmd $dev"
=> it fails (/tmp/cmd is not run at all (/tmp/cmd create a logfile in /tmp when
   run))
up "/tmp/cmd"
=> it works

  So, the documentation (manpage at least) must be updated and the NEWS.Debian
should be completed so that admin knows what to do when upgrading.

  Best regards,
    Vincent


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.27-rc3-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openvpn depends on:
ii  debconf [debconf-2.0]         1.5.23     Debian configuration management sy
ii  libc6                         2.7-13     GNU C Library: Shared libraries
ii  liblzo2-2                     2.03-1     data compression library
ii  libpam0g                      1.0.1-3    Pluggable Authentication Modules l
ii  libpkcs11-helper1             1.05-1     library that simplifies the intera
ii  libssl0.9.8                   0.9.8g-13  SSL shared libraries
ii  openssl-blacklist             0.4.2      list of blacklisted OpenSSL RSA ke
ii  openvpn-blacklist             0.3        list of blacklisted OpenVPN RSA sh

Versions of packages openvpn recommends:
ii  net-tools                     1.60-19    The NET-3 networking toolkit

Versions of packages openvpn suggests:
ii  openssl                       0.9.8g-13  Secure Socket Layer (SSL) binary a
ii  resolvconf                    1.42       name server information handler

-- debconf information:
  openvpn/vulnerable_prng:
  openvpn/create_tun: false



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]