Ubuntu
openvpn package

openvpn --script-security is not working

Bug #1124398 reported by Marc Gariépy
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openvpn (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Fix Released
Undecided
Unassigned
Quantal
Fix Released
Undecided
Unassigned

Bug Description

== Rationale ==
The openvpn init script calculates script_security based on what's set in /etc/openvpn/{$NAME}.conf, however that variable isn't currently being passed to openvpn itself.
This was likely caused by a mismerge with Debian.

== Test case ==
1) Don't set script_security in /etc/openvpn/{$NAME}.conf
2) set a line "up ./server.up" in /etc/openvpn/{$NAME}.conf
3) Restart openvpn
4) Ensure that --script-security is passed to the daemon

== Regression potential ==
Can't think of any, unless someone had an invalid script_security value which was currently being ignored and may then break their VPN. However this is technically a bad config and wouldn't really qualify as a bug.

--- original bug report ---

On ubuntu 12.04, the option ""--script-security 2"" is never added to the command line of openvpn daemon
here is the diff that need to be applied to the /etc/init.d/openvpn to start the daemon correctly.

If you need more information, please let me know.
=================================
--- /tmp/openvpn 2013-02-13 13:40:53.885828899 -0500
+++ /etc/init.d/openvpn 2013-02-13 13:13:52.598704452 -0500
@@ -89,7 +89,7 @@
         --pidfile /var/run/openvpn.$NAME.pid \
         --exec $DAEMON -- $OPTARGS --writepid /var/run/openvpn.$NAME.pid \
         $DAEMONARG $STATUSARG --cd $CONFIG_DIR \
- --config $CONFIG_DIR/$NAME.conf < /dev/null || STATUS=1
+ --config $CONFIG_DIR/$NAME.conf $script_security < /dev/null || STATUS=1

     [ "$OMIT_SENDSIGS" -ne 1 ] || ln -s /var/run/openvpn.$NAME.pid /run/sendsigs.omit.d/openvpn.$NAME.pid

=================================

See original description
Stéphane Graber (stgraber)
Changed in openvpn (Ubuntu):
status: New → In Progress
status: In Progress → Fix Committed
Changed in openvpn (Ubuntu Precise):
status: New → In Progress
Stéphane Graber (stgraber)
description: updated
Changed in openvpn (Ubuntu Quantal):
status: New → In Progress
Marc Gariépy (mgariepy)
description: updated
description: updated
Revision history for this message
Stéphane Graber (stgraber) wrote :

Uploaded to raring, 12.10 and 12.04. Please help test once it's accepted in -proposed.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openvpn - 2.2.1-8ubuntu3

---------------
openvpn (2.2.1-8ubuntu3) raring; urgency=low

  [ Marc Gariépy ]
  * Add --script-security to the init.d script (was generated but not passed
    to openvpn). (LP: #1124398)
 -- Stephane Graber <email address hidden> Wed, 13 Feb 2013 16:10:48 -0500

Changed in openvpn (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Colin Watson (cjwatson) wrote : Please test proposed package

Hello Marc, or anyone else affected,

Accepted openvpn into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/openvpn/2.2.1-8ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in openvpn (Ubuntu Precise):
status: In Progress → Fix Committed
tags: added: verification-needed
Changed in openvpn (Ubuntu Quantal):
status: In Progress → Fix Committed
Revision history for this message
Colin Watson (cjwatson) wrote :

Hello Marc, or anyone else affected,

Accepted openvpn into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/openvpn/2.2.1-8ubuntu2.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Marc Gariépy (mgariepy) wrote :

I just tested the precise-proposed package and it works correctly.
Thnks for pushing this in the archive.

tags: added: verification-done
removed: verification-needed
Brian Murray (brian-murray)
tags: added: verification-done-precise verification-needed
removed: verification-done
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openvpn - 2.2.1-8ubuntu1.1

---------------
openvpn (2.2.1-8ubuntu1.1) precise-proposed; urgency=low

  [ Marc Gariépy ]
  * Add --script-security to the init.d script (was generated but not passed
    to openvpn). (LP: #1124398)
 -- Stephane Graber <email address hidden> Wed, 13 Feb 2013 16:17:34 -0500

Changed in openvpn (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Simon Déziel (sdeziel) wrote :

The quantal-proposed package works fine, thanks.

tags: added: verification-done verification-done-quantal
removed: verification-needed
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openvpn - 2.2.1-8ubuntu2.1

---------------
openvpn (2.2.1-8ubuntu2.1) quantal-proposed; urgency=low

  [ Marc Gariépy ]
  * Add --script-security to the init.d script (was generated but not passed
    to openvpn). (LP: #1124398)
 -- Stephane Graber <email address hidden> Wed, 13 Feb 2013 16:10:48 -0500

Changed in openvpn (Ubuntu Quantal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.