Do not list client exports for revoked certificates. #195
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
It works fine for SSL/TLS but doesn't work for SSL/TLS + User Auth servers. For that you'll need a test on the block just above this one, for example: <?php if (!$server['crlref'] || !is_cert_revoked($config['system']['user'][$user['uindex']]['cert'][$user['cindex']], $server['crlref'])) { ?>
servers[<?=$sindex?>][1][<?=$uindex?>] = new Array();
servers[<?=$sindex?>][1][<?=$uindex?>][0] = '<?=$user['uindex']?>';
servers[<?=$sindex?>][1][<?=$uindex?>][1] = '<?=$user['cindex']?>';
servers[<?=$sindex?>][1][<?=$uindex?>][2] = '<?=$user['name']?>';
servers[<?=$sindex?>][1][<?=$uindex?>][3] = '<?=str_replace("'", "\\'", $user['certname'])?>';
<? } |
|
That's not quite true. It works for SSL/TLS + User Auth, but only for non-local user databases. |
skrude61
force-pushed
the
openvpn_client_export_certificates
branch
3 times, most recently
from
c3b777b
to
c0621b5
Compare
|
This looks OK now, can you also bump the version in the Makefile so the package will get rebuilt? |
skrude61
force-pushed
the
openvpn_client_export_certificates
branch
from
c0621b5
to
db1a8b0
Compare
|
Done. |
|
@skreuzer can you please rebase your fork? This patch cannot be applied cleanly on current repo |
was this comment meant for someone else? |
|
@skreuzer yes, sorry! |
|
@skrude61 can you please rebase your fork? This patch cannot be applied cleanly on current repo |
skrude61
force-pushed
the
openvpn_client_export_certificates
branch
from
db1a8b0
to
6824df3
Compare
|
@rbgarga Done. |
netgate-git-updates
pushed a commit
that referenced
this pull request
Dec 2, 2016
netgate-git-updates
pushed a commit
that referenced
this pull request
Mar 3, 2020
From ChangeLog: https://github.com/TheLocehiliosan/yadm/releases/tag/2.4.0 Update version number and update documentation * Support multiple keys in `yadm.gpg-recipient` (#139) * Ensure all templates are written atomically (#142) * Add encrypt_with_checksums to the hooks collection (#188) * Escape white space in YADM_HOOK_FULL_COMMAND (#187) * Improve parsing of os-release (#194) * Improve identification of WSL (#196) * Fix troff warnings emitted by man page (#195) * Write encrypt-based exclusions during decrypt PR: 244509 Submitted by: vendion@gmail.com (maintainer)
netgate-git-updates
pushed a commit
that referenced
this pull request
Nov 20, 2021
Changes since 0.1.1:
> This version has some breaking changes in the config file and, you will
need to regenerate the config for all features to work.
- The tool is now compatible with next-gen/team-managed project.
- New filters when listing issues, viz:
- Filter by parent: This will allow you to list all sub-tasks of a task.
- Order by filter: This will allow you to display a list sorted by their
rank for example.
- You can now assign epic to the issue on creation.
- You can add issues to the sprint with `jira sprint add`
- feat: Allow to assign epic on create #194
- feat: Cmd to add issues to sprint #205
- feat: Allow to filter by parent #197
- feat: Add order-by filter #206
- feat: Add type on project listing #190
- fix: Make epic add work in next-gen project #195
- fix: Epic creation for next-gen project #192
- fix: Make epic remove work in next-gen project #196
- fix: Make epic list work for next-gen project #201
- fix: Segmentation fault on view #202
- fix(tui): Link/key copy is broken for altered key col #204
- cfg!: Expand config to include project type #191
- cfg!: Rename field to name and add link field to epic #193
- dep: Upgrade rivo/tview #176
- dep: Upgrade outdated deps to latest #177
- dep: Use Go 1.17 #178
**Full Changelog**: ankitpokhrel/jira-cli@v0.1.1...v0.2.0
netgate-git-updates
pushed a commit
that referenced
this pull request
Jan 23, 2023
ChangeLog: https://awstats.sourceforge.io/docs/awstats_changelog.txt * Add Windows 11 and Android 13 operating systems * Update Hungarian translation and migrate it to UTF-8. * fix cross site scripting * Replace hard coded text with $Message ( Monthly, Daily, Hourly ) * Android 11 + 12, MacOS 11 ( Big Sur ) + 12 ( Monterey ) * Catch up german translations * Change the substitution that replaces newlines with BR elements so that the syntax works for both HTML and XHTML. * Added a few robots and 1 phone browser. Also corrected some errors in devlop robots.pm * Only look for configuration in dedicated awstats directories * Unwrap SRS e-mail addresses * Fixes #195/CVE-2020-35176 * As geoip2_country doesn't have AddHTMLGraph_geoip2_country, it should only generate subpage for geoip2_city. * added support for HaikuOS and Safari based WebPositive browser * Adding missing td-tag opening * Tajik Language Support PR: 269051 Reported by: vidar@karlsen.tech (maintainer) MFH: 2023Q1 (security fixes) Security: CVE-2020-35176
netgate-git-updates
pushed a commit
that referenced
this pull request
Feb 15, 2023
Major changes between sudo 1.9.13 and 1.9.12p2: * Fixed a bug running relative commands via sudo when "log_subcmds" is enabled. GitHub issue #194. * Fixed a signal handling bug when running sudo commands in a shell script. Signals were not being forwarded to the command when the sudo process was not run in its own process group. * Fixed a bug in cvtsudoers' LDIF parsing when the file ends without a newline and a backslash is the last character of the file. * Fixed a potential use-after-free bug with cvtsudoers filtering. GitHub issue #198. * Added a reminder to the default lecture that the password will not echo. This line is only displayed when the pwfeedback option is disabled. GitHub issue #195. * Fixed potential memory leaks in error paths. GitHub issues #199, #202. * Fixed potential NULL dereferences on memory allocation failure. GitHub issues #204, #211. * Sudo now uses C23-style attributes in function prototypes instead of gcc-style attributes if supported. * Added a new "list" pseudo-command in sudoers to allow a user to list another user's privileges. Previously, only root or a user with the ability to run any command as either root or the target user on the current host could use the -U option. This also includes a fix to the log entry when a user lacks permission to run "sudo -U otheruser -l command". Previously, the logs would indicate that the user tried to run the actual command, now the log entry includes the list operation. * JSON logging now escapes control characters if they happen to appear in the command or environment. * New Albanian translation from translationproject.org. * Regular expressions in sudoers or logsrvd.conf may no longer contain consecutive repetition operators. This is implementation- specific behavior according to POSIX, but some implementations will allocate excessive amounts of memory. This mainly affects the fuzzers. * Sudo now builds AIX-style shared libraries and dynamic shared objects by default instead of svr4-style. This means that the default sudo plugins are now .a (archive) files that contain a .so shared object file instead of bare .so files. This was done to improve compatibility with the AIX Freeware ecosystem, specifically, the AIX Freeware build of OpenSSL. Sudo will still load svr4-style .so plugins and if a .so file is requested, either via sudo.conf or the sudoers file, and only the .a file is present, sudo will convert the path from plugin.so to plugin.a(plugin.so) when loading it. This ensures compatibility with existing configurations. To restore the old, pre-1.9.13 behavior, run configure using the --with-aix-soname=svr4 option. * Sudo no longer checks the ownership and mode of the plugins that it loads. Plugins are configured via either the sudo.conf or sudoers file which are trusted configuration files. These checks suffered from time-of-check vs. time-of-use race conditions and complicate loading plugins that are not simple paths. Ownership and mode checks are still performed when loading the sudo.conf and sudoers files, which do not suffer from race conditions. The sudo.conf "developer_mode" setting is no longer used. * Control characters in sudo log messages and "sudoreplay -l" output are now escaped in octal format. Space characters in the command path are also escaped. Command line arguments that contain spaces are surrounded by single quotes and any literal single quote or backslash characters are escaped with a backslash. This makes it possible to distinguish multiple command line arguments from a single argument that contains spaces. * Improved support for DragonFly BSD which uses a different struct procinfo than either FreeBSD or 4.4BSD. * Fixed a compilation error on Linux arm systems running older kernels that may not define EM_ARM in linux/elf-em.h. GitHub issue #232. * Fixed a compilation error when LDFLAGS contains -Wl,--no-undefined. Sudo will now link using -Wl,--no-undefined by default if possible. GitHub issue #234. * Fixed a bug executing a command with a very long argument vector when "log_subcmds" or "intercept" is enabled on a system where "intercept_type" is set to "trace". GitHub issue #194. * When sudo is configured to run a command in a pseudo-terminal but the standard input is not connected to a terminal, the command will now be run as a background process. This works around a problem running sudo commands in the background from a shell script where changing the terminal to raw mode could interfere with the interactive shell that ran the script. GitHub issue #237. * A missing include file in sudoers is no longer a fatal error unless the error_recovery plugin argument has been set to false. PR: 269563 Submitted by: cy Reported by: cy Approved by: garga MFH: 2023Q1
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Exporting clients for revoked certificates makes no sense.