[Bug 277447] Re: script failed: could not execute external program

Thierry Carrez thierry.carrez at ubuntu.com
Tue Oct 7 10:23:30 BST 2008

Detailed Changelog from our rc9 to rc11-1 in Debian:

[regressionfix] Fixed --lladdr bug introduced in 2.1-rc9 where input validation code was incorrectly expecting the lladdr parameter to be an IP address when it is actually a MAC address (HoverHell).
[bugfix] Fixed a bug that can cause SSL/TLS negotiations in UDP mode to fail if UDP packets are dropped.
[feature] Added "--server-bridge" (without parameters) to enable DHCP proxy mode:  Configure server mode for ethernet bridging using a DHCP-proxy, where clients talk to the OpenVPN server-side DHCP server to receive their IP address allocation and DNS server addresses.
[feature] Added "--route-gateway dhcp", to enable the extraction of the gateway address from a DHCP negotiation with the OpenVPN server-side LAN.
[feature] Warn when ethernet bridging that the IP address of the bridge adapter is probably not the same address that the LAN adapter was set to previously.
[feature] When running as a server, warn if the LAN network address is the all-popular 192.168.[0|1].x, since this condition commonly leads to subnet conflicts down the road.
[bugfix] Primarily on the client, check for subnet conflicts between the local LAN and the VPN subnet.
[buildfix] Minor fix to cryptoapi.c to not compile itself unless USE_CRYPTO and USE_SSL flags are enabled (Alon Bar-Lev).
[buildfix] Updated openvpn/t_cltsrv.sh (used by "make check") to conform to new --script-security rules.  Also adds retrying if the addresses are in use (Matthias Andree).
[buildfix] Fixed build issue with ./configure --disable-socks --disable-http.
[buildfix] Fixed separate compile errors in options.c and ntlm.c that occur on strict C compilers (such as old versions of gcc) that require that C variable declarations occur at the start of a {} block, not in the middle.
[bugfix] Workaround bug in OpenSSL 0.9.6b ASN1_STRING_to_UTF8, which the new implementation of extract_x509_field_ssl depends on.
[bugfix] LZO compression buffer overflow errors will now invalidate the packet rather than trigger a fatal assertion.
[buildfix] Fixed minor compile issue in ntlm.c (mid-block declaration).
[regressionfix] Added --allow-pull-fqdn option which allows client to pull DNS names from server (rather than only IP address) for --ifconfig, --route, and --route-gateway.  OpenVPN versions 2.1_rc7 and earlier allowed DNS names for these options to be pulled and translated to IP addresses by default. Now --allow-pull-fqdn will be explicitly required on the client to enable DNS-name-to-IP-address translation of pulled options.
[regressionfix] 2.1_rc8 and earlier did implicit shell expansion on script arguments since all scripts were called by system(). The security hardening changes made to 2.1_rc9 no longer use system(), but rather use the safer execve or CreateProcess system calls.  The security hardening also introduced a backward incompatibility with 2.1_rc8 and earlier in that script parameters were no longer shell-expanded
[rfc-conformancefix] Modified ip_or_dns_addr_safe, which validates pulled DNS names to more closely conform to RFC 3696
[regressionfix] Fixed bug in intra-session TLS key rollover that was introduced with deferred authentication features in 2.1_rc8.

We would also merge the fix for "exit with 0 status when trying to start
an already running VPN" in our improved initscript.

script failed: could not execute external program 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openvpn in ubuntu.

More information about the Ubuntu-server-bugs mailing list