Re: [Openvpn-devel] portable pkitool shell script

my tests (Solaris 8 SPARC): SHELL=/usr/xpg4/bin/sh $SHELL -c 'if ! false ; then echo true ; fi' $SHELL -c 'export A=test ; echo $A' Both tests pass, and both fail with SHELL=/bin/sh. We can lift auto* magic to get this working on Solaris from bogofilter if desired for #! lines. -- Matthias Andree

[Openvpn-devel] [PATCH] plug fd leak (patch by Jaroslav Klaus)

xhaust system resources after a while.. Patch is attached." Please consider Jaroslav's patch for inclusion. -- Matthias Andree --- route.c.origMon Apr 11 05:43:56 2005 +++ route.c Mon May 16 21:13:41 2005 @@ -1380,6 +1380,7 @@ { warn("writing to routing

Re: [Openvpn-devel] The use of lzo if OpenSSL has zlib

LZO is a different compression, not compatible with zlib. -- Matthias Andree

Re: [Openvpn-devel] OpenVPN source repository migrated to svn (subversion)

art work. Best viewed with a nonproportional font :) -- Matthias Andree

Re: [Openvpn-devel] Re: OpenVPN source repository migrated to svn (subversion)

ntrol-links.html> - chances are there's a new promising contestant out that I've missed in the past quarter or someone that used to be centralized has now gone distributed. -- Matthias Andree

Re: [Openvpn-devel] OpenVPN 2.0.4 Released -- Note security fixes

release 2.0.4? Thanks, -- Matthias Andree

Re: [Openvpn-devel] OpenVPN 2.0.4 Released -- Note security fixes

On Tue, 01 Nov 2005, James Yonan wrote: > On Tue, 1 Nov 2005, Matthias Andree wrote: > > > ... however I found that the easy-rsa/2.0/ directory disappeared, > > it was present in 2.0.2 and gone in 2.0.4. What's the story about > > easy-rsa/* and easy-rsa/2.0/*

Re: [Openvpn-devel] OpenVPN 2.0.4 Released -- Note security fixes

download mirrors for OpenVPN? The FreeBSD ports system suggests to add some. -- Matthias Andree

[Openvpn-devel] [PATCH] self-test updates, fix unterminated loop in BSD jails

than "FAIL" if aborted), I suggest the attached updates to the t_* scripts, against SVN trunk (version 2.0.5). Tested on FreeBSD 5.4 i586, SUSE Linux 9.3 i686, Solaris 8 sun4u sparc. Please apply to 2.0 and 2.1. -- Matthias Andree Index: t_lpback.sh

Re: [Openvpn-devel] [PATCH] self-test updates, fix unterminated loop in BSD jails

SD 4 in a day or so. -- Matthias Andree

Re: [Openvpn-devel] Re: [Openvpn-users] Re: Simultaneous Access to Console Management

? The client sees the message (if one is sent), "connection reset by peer" and that's it. It's not too polite, but if it's a "one administration client only" model, probably the most portable, and at least the client might have a clue about what is going on. -- Matthias Andree

[Openvpn-devel] PATCH 2.0: revise t_cltsrv.sh (again FreeBSD jail support)

lp of Dirk Meyer (dinoex OF freebsd.org) and Vasil Dimov (vd OF freebsd.org). Thank you, -- Matthias Andree Index: t_cltsrv.sh === --- t_cltsrv.sh (Revision 913) +++ t_cltsrv.sh (Arbeitskopie) @@ -1,7 +1,7 @@ #! /bin/sh # # t_clts

Re: [Openvpn-devel] OpenVPN 2.0.6 released

ctives from the server which could > cause arbitrary code execution on the client via a LD_PRELOAD > attack. A successful attack appears to require that (a) the ... James: What is the MITRE CVE name for this vulnerability? Thanks, -- Matthias Andree

Re: [Openvpn-devel] MULTICAST: cannot join a group across the OpenVPN connection. Why?

el list either, perhaps that's why nobody cares. -- Matthias Andree

Re: [Openvpn-devel] [PATCH] Use PAM correctly

're installing on FreeBSD, use the official port in version 2.0.6_4 and all this is automatic - no 2.0.9 port needed since all fixes since then were relevant for Windoze and we don't need to toss hundreds of MBytes around for no good. -- Matthias Andree

Re: [Openvpn-devel] On the way from tun0 to eth1, packets disappearing.

l: martian source 192.168.178.1 from 192.168.0.1, on dev eth1 There are sysctls to enable source route filtering - check net.ipv4.conf.*.log_martians if logging is enabled at all. The sample message was captured when OpenVPN hadn't noticed some link change. Restarting OpenVPN cured them in my case. -- Matthias Andree

Re: [Openvpn-devel] OpenVPN 2.1_rc4 fixes for NetBSD

termath of the FreeBSD autoconf changes. These changes should > be neutral for FreeBSD but are necessary for NetBSD. > (configure.ac) I didn't run extensive tests, but at least on FreeBSD 6.2-RELEASE-p5 i386, the patch doesn't cause compilation or "make check" failures. -- Matthias Andree

Re: [Openvpn-devel] [Openvpn-users] OpenVPN 2.1-rc5 released

On Thu, 24 Jan 2008, James Yonan wrote: > 2.1-rc5 has a minor pkcs11 option processing bug. I've built 2.1-rc6 with > the fix. > > Download: > > http://openvpn.net/beta/ I've submitted port updates to -rc6 for FreeBSD, to appear once a committer finds the time to go forward.

Re: [Openvpn-devel] OpenVPN 2.1_rc7 released

On Tue, 29 Jan 2008, James Yonan wrote: > Download: > > http://openvpn.net/download.html > > Change Log: > > 2008.01.29 -- Version 2.1_rc7 rc7 is now available for FreeBSD as the security/openvpn-devel port. -- Matthias Andree

Re: [Openvpn-devel] OpenVPN 2.1_rc9 released -- note security fix

brates the described security issue you fixed). 3 - one part of the self-test suite ("make check") needs to be adjusted to cater for the tightened script security. Patch attached (against SVN) - it also adds retrying if the addresses are in use. Note there are two "sv

Re: [Openvpn-devel] OpenVPN 2.1_rc9 released -- note security fix

using nroff or man properly. Sorry for this part of the noise. -- Matthias Andree

Re: [Openvpn-devel] rc9 and external commands

splitting - as documented in the --up section of the manpage - no longer works; it was probably formerly done by the implicit /bin/sh -c that is now gone with the switch to exec*(). (I didn't check, and didn't check the two Debian BTS reports either.) So either the code needs argument splitting or you need a two-line shell wrapper similar to: #! /bin/sh -e exec /tmp/foo up "$@" Not my call to make. -- Matthias Andree

Re: [Openvpn-devel] OpenVPN 2.1_rc11 released

new t_cltsrv-down.sh script doesn't become part of the tarball. The Makefile.am patch below fixes it. Please apply. Thanks & best regards -- Matthias Andree Index: Makefile.am === --- Makefile.am (Revision

Re: [Openvpn-devel] OpenVPN 2.1_rc13 released

e of not just adding new stuff to RC's but instead > introducing bugs in the RCs instead of just closing them... This particular change looks a lot like "feature missing for deployment/integration/...". -- Matthias Andree

Re: [Openvpn-devel] OpenVPN 2.1_rc13 released

On Mon, 27 Oct 2008, Felix Kronlage wrote: > On Fri, Oct 24, 2008 at 08:36:56AM +0200, Matthias Andree wrote: > > > This particular change looks a lot like "feature missing for > > deployment/integration/...". > > but why add features in a 'release cand

Re: [Openvpn-devel] OpenVPN 2.1_rc13 released

> feature, which is not present in 2.0.x. It sucks to deploy beta/RC software, > though. That assumes your requirements scheme is universal for each and every OpenVPN user. I dispute that. -- Matthias Andree

Re: [Openvpn-devel] [patch] enhance compatibility with HTTP/1.1 proxies

or newer, use Host: header */ } else { /* HTTP/1.0 or HTTP/0.9 */ } break; default: /* unsupported, complain and terminate */ } } You may want to accept only 1.0 and 1.1 rather than 1.0 and 1.n for n >= 1 - but there should only ever be A SINGLE PLACE to enforce that. Else you'll have a hell of work once you start implementing HTTP/1.2 later on... -- Matthias Andree

Re: [Openvpn-devel] OpenVPN 2.1_rc15 GCC 2.96 incompatibility

3 has been out of security support for more than half a decade now, and if OpenVPN 2.1 breaks on such systems, that's perhaps some more incentive for their users to upgrade. See: * <http://gcc.gnu.org/gcc-2.96.html> * <http://www.redhat.com/security/updates/eol/> -- Matthias Andree

[Openvpn-devel] [PATCH] Fix non-C89 comments

Hi, openvpn uses non-C89 //-style comments in two places. Patch to convert these to /* ... */ style comments attached. Best -- Matthias Andree Index: proto.h === --- proto.h (Revision 3896) +++ proto.h (Arbeitskopie) @@ -66,15

Re: [Openvpn-devel] OpenVPN 2.1_rc15 GCC 2.96 incompatibility

On Tue, 27 Jan 2009, Jos Vos wrote: > On Tue, Jan 27, 2009 at 04:45:19PM +0100, Matthias Andree wrote: > > > Come on, nobody needs support for outdated operating systems and rogue > > releases of GCC. There has never been a GCC 2.96, and Redhat 7.3 has > > been out of s

Re: [Openvpn-devel] [PATCH] Fix non-C89 comments

ht support such models or merge queues much better than Subversion does. -- Matthias Andree

Re: [Openvpn-devel] [PATCH] Fix non-C89 comments

last looked at an early Mercurial 0.X version (current is 1.1.X), or a Git version before 1.5 (current is beyond 1.6.1), you might want to know that lots of things have improved, particularly usability and documentation. Git has evolved into a real version control system that's usable. -- Matthias Andree

Re: [Openvpn-devel] OpenVPN 2.1_rc16 released

On Wed, 20 May 2009, James Yonan wrote: > We are very close to 2.1. I know there's been some discussion about the > Windows client GUI, whether it deserves to live in 2.1. We do have a > new client GUI that we've developed as a part of our Access Server > product and we are open to releasing

Re: [Openvpn-devel] OpenVPN 2.1_rc19 released

James Yonan schrieb: > 2009.07.16 -- Version 2.1_rc19 ... > * In configure.ac, use datadir instead of datarootdir for compatibility >with

Re: [Openvpn-devel] OpenVPN 2.1_rc19 released

Most useful if you can authenticate without password; if you can't, remove the s/\($$\)/ \&/; from sed and the echo "wait" from the subshell to serialize the rsync operations. HTH -- Matthias Andree

Re: [Openvpn-devel] recent change to ifconfig breaks OpenVPN?

t->remote_netmask; + r.netmask = tt->remote_netmask; + r.gateway = tt->local; + add_route (&r, tt, 0, es); +} + #elif defined (WIN32) { /* -- Matthias Andree

Re: [Openvpn-devel] recent change to ifconfig breaks OpenVPN?

proper ifconfig call would look like in this case. Stefan already uttered some ideas in that direction. I haven't had much time to investigate yet. -- Matthias Andree

Re: [Openvpn-devel] recent change to ifconfig breaks OpenVPN?

--topology subnet and net30 modes. I hope to try this on FreeBSD 6.X tomorrow, as that's also a supported release. -- Matthias Andree

[Openvpn-devel] PATCH 2.1-RC*: critical fix for FreeBSD 8 in topology subnet mode.

Hi Jim, there has been a recent change in FreeBSD 8 BETA that will break OpenVPN 2.1's "topology subnet" mode by (rightfully!) rejecting the ifconfig command we're currently using (which incorrectly sets the local and remote P2P IPv4 addresses to be the same, the FreeBSD 8 kernel will reject that.

Re: [Openvpn-devel] Dropping Ubuntu 12.04 packages?

Am 20.12.18 um 14:17 schrieb Samuli Seppänen: > Hi, > > I've worked on openvpn-vagrant and sbuild_wrapper recently[*] and > noticed that mainstream support for Debian 7 and Ubuntu 12.04 ended: > > https://wiki.debian.org/DebianReleases > https://wiki.ubuntu.com/Releases > > However, Ubuntu 12.04 is

[Openvpn-devel] RFC: release/2.4 (OpenVPN 2.4.7) patch for building with LibreSSL

Greetings, FreeBSD has received a patch contribution to enable OpenVPN 2.4.x to be built with LibreSSL. I'm seeking comments, and yes I am aware of master's a47508606be2c6359d4b27c3b65b72dfe4786222 commit description that claims LibreSSL isn't in the best shape for TLS 1.3.

Re: [Openvpn-devel] [PATCHv2] openssl: Fix compilation without deprecated OpenSSL 1.1 APIs

Am 14.06.19 um 12:38 schrieb Arne Schwabe: > >> -#ifndef ENABLE_SMALL >> +# ifndef ENABLE_SMALL > The space between # and ifndef looks wrong. It's standard C. (Chapter 3.8 in the 1989/1990 standard, chapter 6.10 in recent editions, I checked 1999 and 2017/2018, although worded in a quite convolute

Re: [Openvpn-devel] RFC: release/2.4 (OpenVPN 2.4.7) patch for building with LibreSSL

Am 07.06.19 um 20:26 schrieb Matthias Andree: > Greetings, > > FreeBSD has received a patch contribution to enable OpenVPN 2.4.x to be > built with LibreSSL. I'm seeking comments, and yes I am aware of > master's a47508606be2c6359d4b27c3b65b72dfe4786222 commit descripti

[Openvpn-devel] [PATCH] Fix regression, reinstate LibreSSL support.

ports that OPNsense has been a long-time user of LibreSSL without reported breakage, see also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238382#c10 Signed-off-by: Matthias Andree --- src/openvpn/ssl_openssl.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/s

[Openvpn-devel] [PATCH] Fix regression, reinstate LibreSSL support.

ports that OPNsense has been a long-time user of LibreSSL without reported breakage, see also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238382#c10 Signed-off-by: Matthias Andree --- src/openvpn/ssl_openssl.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/s

[Openvpn-devel] v2: fix release/2.4 regression of 2.4.7, permit build with LibreSSL

It was deemed that the previous patch was insufficient, so let's take a new stab. Note that this does not mean I endorse using LibreSSL, but at least we should not be breaking existing library support in a point release 2.4.7 (that cannot be compiled against LibreSSL) when 2.4.6 could. Details on

[Openvpn-devel] PATCH: test portability, avoid GNUism and use POSIX regex

This patch should be applied to the 2.4 and master branches. ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] tests/t__lpback.sh: Switch sed(1) to POSIX-compatible regex.

From: Kyle Evans A test run with FreeBSD PR 229925 'Disallow escaping ordinary characters in regex(3)' reveals one sed expression that uses the GNU-extension "\s". Given that this is the only occurrence and it's a trivial fix, update it to be POSIX-compatible. Signe

Re: [Openvpn-devel] [PATCH] Fix regression, reinstate LibreSSL support.

Am 18.08.19 um 14:11 schrieb Arne Schwabe: > Am 18.08.19 um 13:18 schrieb Matthias Andree: >> OpenVPN 2.4.6 could be compiled with LibreSSL, 2.4.7 cannot. This was broken >> since 9de7fe0a "Add support for tls-ciphersuites for TLS 1.3". >> >> This patch avoi

Re: [Openvpn-devel] [PATCH] tests/t__lpback.sh: Switch sed(1) to POSIX-compatible regex.

What is the review status of the change Kyle Evans proposed below that I've relayed on Sept 6th? Am 06.09.19 um 19:44 schrieb Matthias Andree: > From: Kyle Evans > > A test run with FreeBSD PR 229925 'Disallow escaping ordinary characters in > regex(3)' > reveal

Re: [Openvpn-devel] [PATCH applied] Re: Fix regression, reinstate LibreSSL support.

Am 18.09.19 um 14:01 schrieb Gert Doering: > Your patch has been applied to the release/2.4 branch. > > Sorry for the delay. Vacation, and too many distractions. > > Lightly tested on an OpenSSL 1.1, a mbedTLS build and an LibreSSL 2.7.2 > on OpenBSD 6.3 - with OpenSSL and mbedTLS, it builds and p

Re: [Openvpn-devel] [PATCH] tests/t__lpback.sh: Switch sed(1) to POSIX-compatible regex.

Ping again - please review. Am 06.09.19 um 19:44 schrieb Matthias Andree: > From: Kyle Evans > > A test run with FreeBSD PR 229925 'Disallow escaping ordinary characters in > regex(3)' > reveals one sed expression that uses the GNU-extension "\s". > Give

[Openvpn-devel] [PATCH 2/2] Permit make dist* targets without py*-docutils

Signed-off-by: Matthias Andree --- doc/Makefile.am | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/Makefile.am b/doc/Makefile.am index add92198..80cb2cb8 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -59,8 +59,9 @@ else endif if HAVE_PYDOCUTILS

[Openvpn-devel] [PATCH 1/2] Automake options: add subdir-objects, and clean up

Signed-off-by: Matthias Andree --- Makefile.am | 1 - configure.ac | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index 439120e4..e4125447 100644 --- a/Makefile.am +++ b/Makefile.am @@ -25,7 +25,6 @@ # This option prevents autoreconf from

[Openvpn-devel] [PATCH] Fix stack buffer overruns in NEXTADDR() macro:

copy first, then round up the length when adding padding to the advance. Found by: GCC 9.3.0 (FreeBSD) Signed-off-by: Matthias Andree --- src/openvpn/route.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index b57da5dd..7f760e9d

[Openvpn-devel] [PATCH] Merge Makefile.am's AUTOMAKE_OPTIONS into configure.ac's AM_INIT_AUTOMAKE.

Else one location overwrites options from the other. Signed-off-by: Matthias Andree --- Makefile.am | 3 --- configure.ac | 6 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Makefile.am b/Makefile.am index 439120e4..d1c10fc5 100644 --- a/Makefile.am +++ b/Makefile.am

[Openvpn-devel] [PATCH] Fix stack buffer overruns in NEXTADDR() macro:

copy first, then round up the length when adding padding to the advance. Found by: GCC 9.3.0 (FreeBSD) Signed-off-by: Matthias Andree --- src/openvpn/route.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index b57da5dd..24563ed6

[Openvpn-devel] [PATCH] Merge Makefile.am's AUTOMAKE_OPTIONS into configure.ac's AM_INIT_AUTOMAKE.

Else one location overwrites options from the other. Signed-off-by: Matthias Andree --- Makefile.am | 3 --- configure.ac | 4 +++- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/Makefile.am b/Makefile.am index 439120e4..d1c10fc5 100644 --- a/Makefile.am +++ b/Makefile.am

Re: [Openvpn-devel] [PATCH] Fix stack buffer overruns in NEXTADDR() macro:

Am 17.07.20 um 19:09 schrieb Matthias Andree: > @@ -3727,6 +3727,7 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_info > *rgi6, > msg(M_WARN, "GDG6: socket #1 failed"); > goto done; > } > +errno = 0; > if (write(s

Re: [Openvpn-devel] [PATCH] Merge Makefile.am's AUTOMAKE_OPTIONS into configure.ac's AM_INIT_AUTOMAKE.

Am 17.07.20 um 19:09 schrieb Matthias Andree: > +LT_INIT() > + This guy escaped, so NAK on the first version of the patch. ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH 1/2] Automake options: add subdir-objects, and clean up

Am 17.07.20 um 17:05 schrieb Matthias Andree: > Signed-off-by: Matthias Andree > --- > Makefile.am | 1 - > configure.ac | 2 +- > 2 files changed, 1 insertion(+), 2 deletions(-) > > diff --git a/Makefile.am b/Makefile.am > index 439120e4..e4125447 100644 > --- a/Make

Re: [Openvpn-devel] [PATCH 2/2] Permit make dist* targets without py*-docutils

Am 17.07.20 um 17:05 schrieb Matthias Andree: > Signed-off-by: Matthias Andree > --- > doc/Makefile.am | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/doc/Makefile.am b/doc/Makefile.am > index add92198..80cb2cb8 100644 > --- a/doc/Makefile.am

Re: [Openvpn-devel] [PATCH] Merge Makefile.am's AUTOMAKE_OPTIONS into configure.ac's AM_INIT_AUTOMAKE.

Am 17.07.20 um 22:15 schrieb David Sommerseth: > On 17/07/2020 19:19, Matthias Andree wrote: >> Else one location overwrites options from the other. >> >> Signed-off-by: Matthias Andree >> --- >> Makefile.am | 3 --- >> configure.ac | 4 +++- >>

Re: [Openvpn-devel] Amend OpenVPN license to allow continued mbed TLS support (allow mbed TLS 3.x linking)

Am 14.01.23 um 18:29 schrieb Arne Schwabe: We also considered going for a change from GPL2 to GPL2+ but we think that GPL3 would hurt the ability to distribute OpenVPN as part of router or other embedded devices as the GPL3 has been explicitly developed (at least in part) to make this use case ha

Re: [Openvpn-devel] Amend OpenVPN license to allow continued mbed TLS support (allow mbed TLS 3.x linking)

Am 14.01.23 um 19:44 schrieb Arne Schwabe: Am 14.01.2023 um 19:35 schrieb Matthias Andree: Am 14.01.23 um 18:29 schrieb Arne Schwabe: We also considered going for a change from GPL2 to GPL2+ but we think that GPL3 would hurt the ability to distribute OpenVPN as part of router or other

Re: [Openvpn-devel] Amend OpenVPN license to allow continued mbed TLS support (allow mbed TLS 3.x linking)

Am 14.01.23 um 18:29 schrieb Arne Schwabe: Hey, This is the first round and will be only to the openvpn-devel list. After that I will also write to individuals email addresses but I want to start with sending this to the devel list. We are writing to you since you are or were a contributor in p

Re: [Openvpn-devel] Amend OpenVPN license to allow continued mbed TLS support (allow mbed TLS 3.x linking)

Am 15.01.23 um 12:44 schrieb Gert Doering: Hi, On Sat, Jan 14, 2023 at 05:28:09PM -0500, James Bottomley wrote: What do you mean "a source"? every apache licensed library that's statically linked with a GPLv2 program would be an example of this ... in the early days there was no dynamic linking

Re: [Openvpn-devel] OpenVPN 2.6.0 released

Am 25.01.23 um 20:50 schrieb Frank Lichtenheld: The OpenVPN community project team is proud to release OpenVPN 2.6.0. This is the new stable version of OpenVPN with some major new features. Hi Frank, OpenVPN 2.5.x releases also showed up in .tar.xz format - are there plans to provide these (an

[Openvpn-devel] [PATCH] make dist: Ship ovpn_dco_freebsd.h, too

This file was missing from src/openvpn/Makefile.am. --- src/openvpn/Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index 3ed73fa4..a8e44528 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -78,6 +78,7 @@ openvp

Re: [Openvpn-devel] [PATCH applied] Re: make dist: Ship ovpn_dco_freebsd.h, too

Am 28.01.23 um 19:55 schrieb Gert Doering: Acked-by: Gert Doering To see the actual failure, one needs to build a tarball ("make dist"), and from that tarball, compile with "configure --enable-dco", on FreeBSD - so a pure "make distcheck" did not see it. Apologies for that oversight. Your pat

Re: [Openvpn-devel] OpenVPN 2.5.9 released

Am 16.02.23 um 18:52 schrieb Gert Doering: Hi, On Thu, Feb 16, 2023 at 08:48:26AM -0500, Jonathan K. Bullard wrote: On Thu, Feb 16, 2023 at 7:51 AM Frank Lichtenheld wrote: The OpenVPN community project team is proud to release OpenVPN 2.5.9. This is a small bugfix release. Was this sent a b

Re: [Openvpn-devel] [PATCH] unit_tests: make cert_data.h compile with MSVC

Am 23.03.23 um 15:31 schrieb Frank Lichtenheld: Currently this is not obvious since we never build the UTs with MSVC, but it doesn't like the initializers with "const" variables. They cause error C2099: initializer is not a constant What MSVC version are you using? What options? I've tried with

Re: [Openvpn-devel] [PATCH] unit_tests: make cert_data.h compile with MSVC

Am 24.03.23 um 22:12 schrieb Selva Nair: Hi, On Fri, Mar 24, 2023 at 4:18 PM Matthias Andree wrote: Am 23.03.23 um 15:31 schrieb Frank Lichtenheld: > Currently this is not obvious since we never build the > UTs with MSVC, but it doesn't like the initializers with

Re: [Openvpn-devel] [PATCH] Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant

Am 27.03.23 um 13:49 schrieb selva.n...@gmail.com: From: Selva Nair - Do not use non-literal initializers for static objects - Replace empty initializer {} by {0} Should we go to a revision, I would suggest to not make something compliant to a compiler because that is assigning it way too muc

Re: [Openvpn-devel] [PATCH] Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant

Am 27.03.23 um 16:45 schrieb Selva Nair: Hi, On Mon, Mar 27, 2023 at 9:59 AM Matthias Andree wrote: Am 27.03.23 um 13:49 schrieb selva.n...@gmail.com: > From: Selva Nair > > - Do not use non-literal initializers for static objects > - Replace empty initiali

Re: [Openvpn-devel] [PATCH] Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant

Am 28.03.23 um 10:47 schrieb Frank Lichtenheld: On Mon, Mar 27, 2023 at 09:45:53PM +0200, Matthias Andree wrote: Am 27.03.23 um 16:45 schrieb Selva Nair: Hi, On Mon, Mar 27, 2023 at 9:59 AM Matthias Andree wrote: Am 27.03.23 um 13:49 schrieb selva.n...@gmail.com: > From: Se

Re: [Openvpn-devel] [PATCH] GHA: remove Ubuntu 18.04 builds

Am 28.03.23 um 12:09 schrieb Frank Lichtenheld: Github will stop supporting them on April, 1st. ACK nowledged. OpenPGP_signature Description: OpenPGP digital signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists

Re: [Openvpn-devel] [PATCH] buffer: use memcpy in buf_catrunc

Am 28.03.23 um 17:12 schrieb Frank Lichtenheld: Since we use strlen() to determine the length and then check it ourselves, there is really no point in using strncpy. But the compiler might complain that we use the output of strlen() for the length of strncpy which is usually a sign for bugs: er

Re: [Openvpn-devel] [PATCH] buffer: use memcpy in buf_catrunc

Am 28.03.23 um 20:58 schrieb Antonio Quartulli: Hi, On 28/03/2023 20:51, Matthias Andree wrote: Am 28.03.23 um 17:12 schrieb Frank Lichtenheld: Since we use strlen() to determine the length and then check it ourselves, there is really no point in using strncpy. But the compiler might

Re: [Openvpn-devel] [PATCH] src/openvpn/dco_freebsd.c: handle malloc failure

Am 17.05.23 um 22:47 schrieb Antonio Quartulli: Hi, On 17/05/2023 22:01, Ilya Shipitsin wrote: malloc was not checked against NULL, I was able to get core dump in case of failure Signed-off-by: Ilya Shipitsin ---   src/openvpn/dco_freebsd.c | 5 +   1 file changed, 5 insertions(+) diff --

Re: [Openvpn-devel] [PATCH] src/openvpn/dco_freebsd.c: handle malloc failure

Am 18.05.23 um 09:09 schrieb Gert Doering: Hi, On Thu, May 18, 2023 at 09:00:26AM +0200, Matthias Andree wrote: That, and constants usually go on the left-hand side of comparison so the compiler flags the accidental if (foo = NULL) even if it does not produce "add a pair of parentheses i

Re: [Openvpn-devel] [PATCH 1/2] Deprecate non TLS mode in OpenVPN

Am 25.03.21 um 01:01 schrieb Arne Schwabe: > The non-TLS mode is a relict from OpenVPN 1.x or 2.0. When tls mode was > introduce the advantages of TLS over non-tls were small but tls mode > evolved to include a lot more features. (NCP, multipeer, AEAD ciphers to name > a few). > > Today VPN that us

Re: [Openvpn-devel] [PATCH 1/2] Deprecate non TLS mode in OpenVPN

Am 25.03.21 um 20:57 schrieb Antonio Quartulli: > Hi, > > On 25/03/2021 20:29, Matthias Andree wrote: >> I find the reasons you present to withdraw the symmetric non-TLS mode >> too weak to justify its deprecation or removal. Yes, TLS-based >> configurations may be more

[Openvpn-devel] [PATCH] Fix SIGSEGV (NULL deref) receiving push "echo"

sd.org/bugzilla/show_bug.cgi?id=256331 Fixes: Trac #1409 Reported-by: p...@nethead.se (to FreeBSD) Signed-off-by: Matthias Andree --- src/openvpn/options.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 8d417206..a54bc562 100644 --

Re: [Openvpn-devel] [PATCH v2] Remove support for PF (Packet Filter)

Am 27.08.21 um 21:00 schrieb Antonio Quartulli: > OpenVPN shipped a small packet filtering tool called PF. It has never > been straightforward as it required a plugin to work. On top of that, > keeping PF support, makes the code more complicated and increases the > maintenance cost of OpenVPN. > >

Re: [Openvpn-devel] [PATCH] Completely remove DES checks

Am 07.11.21 um 10:01 schrieb Arne Schwabe: We already removed the check in d67658fee for OpenSSL 3.0. This removes the checks entirely for all crypto libraries. Signed-off-by: Arne Schwabe --- src/openvpn/crypto.c | 15 src/openvpn/crypto_backend.h | 28 --- src

Re: [Openvpn-devel] [PATCH] Completely remove DES checks

Am 07.11.21 um 13:13 schrieb Arne Schwabe: Am 07.11.21 um 12:57 schrieb Matthias Andree: Am 07.11.21 um 10:01 schrieb Arne Schwabe: We already removed the check in d67658fee for OpenSSL 3.0. This removes the checks entirely for all crypto libraries. Signed-off-by: Arne Schwabe ---   src

[Openvpn-devel] Licensing questions

or permissions (= restriction exceptions) granted to OpenVPN that I have missed and am unaware of? Any other license incompatibilities that the public should be aware of? TIA Matthias Andree ___ Openvpn-devel mailing list Openvpn-devel@lists.source

<    1   2   3