Package: openvpn Version: 2.1~rc9-1 Severity: important Hi,
since the introduction of the script-security parameter, tunnels, which make use of the resolvconf script, don't start anymore. Instead something like this is printed to the logfile: Wed Aug 13 19:37:56 2008 /etc/openvpn/update-resolv-conf tun0 1434 1492 172.16.16.10 172.16.16.9 init Wed Aug 13 19:37:56 2008 openvpn_execve: external program may not be called due to setting of --script-security level Wed Aug 13 19:37:56 2008 script failed: external program fork failed That is because the script-security parameter defaults to the value of 1 which only allows calling of "built-in executables such as ifconfig, ip, route, or netsh" (citation from the manpage). I think this default will break openvpn in a lot of installations, because this forbids the use of the update-resolvconf script, which is described in README.Debian. The best would be to change the default to 2 which seems to be a more sane, less paranoid default or at least document the change in NEWS. The workaround for users of the resolv conf package is it to include the script-security parameter in the configuration file, like this: script-security 2 (2 -- Allow calling of built-in executables and user-defined scripts.) Best Regards, Patrick -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openvpn depends on: ii debconf [debconf-2.0] 1.5.23 Debian configuration management sy ii libc6 2.7-13 GNU C Library: Shared libraries ii liblzo2-2 2.03-1 data compression library ii libpam0g 1.0.1-2 Pluggable Authentication Modules l ii libpkcs11-helper1 1.05-1 library that simplifies the intera ii libssl0.9.8 0.9.8g-13 SSL shared libraries ii openssl-blacklist 0.4.2 list of blacklisted OpenSSL RSA ke ii openvpn-blacklist 0.3 list of blacklisted OpenVPN RSA sh Versions of packages openvpn recommends: ii net-tools 1.60-19 The NET-3 networking toolkit Versions of packages openvpn suggests: ii openssl 0.9.8g-13 Secure Socket Layer (SSL) binary a ii resolvconf 1.41 name server information handler -- debconf information: * openvpn/vulnerable_prng: openvpn/change_init: false openvpn/stop2upgrade: false openvpn/default_port: openvpn/change_init2: false openvpn/create_tun: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

