{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":251567680,"defaultBranch":"master","name":"openvpn","ownerLogin":"sailfishos-mirror","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2020-03-31T10:15:13.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/62875150?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1711131409.0","currentOid":""},"activityList":{"items":[{"before":"bccb22ab44d7e5a60bece286c9daf8b676f2b7c3","after":"d5ba4acc297a6041bb45f7aa1c9a99b37b7d5e44","ref":"refs/heads/master","pushedAt":"2024-05-09T12:15:42.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Support OpenBSD with cmake\n\nChange-Id: I85d4d27333773e8df109e42b1fa56ccf57994e57\nSigned-off-by: Arne Schwabe \nAcked-by: Frank Lichtenheld \nMessage-Id: <20240508220512.12362-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28648.html\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"Support OpenBSD with cmake"}},{"before":"18520e5a25a983b616762e6082da8436d0933411","after":"56fc48e87decfa16a15ab0293853c473bf56703f","ref":"refs/heads/release/2.6","pushedAt":"2024-05-06T18:16:48.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Only run coverity scan in OpenVPN/OpenVPN repository\n\nThis avoids the error message triggering every night that the run\nfailed in forked repositories\n\nChange-Id: Id95e0124d943912439c6ec6f562c0eb40d434163\nSigned-off-by: Arne Schwabe \nAcked-by: Frank Lichtenheld \nMessage-Id: <20240506155831.3524-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28627.html\nSigned-off-by: Gert Doering \n(cherry picked from commit 815df21d389bf70dbe98cb89f2c60b6e6e816faa)","shortMessageHtmlLink":"Only run coverity scan in OpenVPN/OpenVPN repository"}},{"before":"9d92221eb4e773cae913752af6d70082ae305fe8","after":"bccb22ab44d7e5a60bece286c9daf8b676f2b7c3","ref":"refs/heads/master","pushedAt":"2024-05-06T18:16:46.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"configure: update old copy of pkg.m4\n\nIf we copy this code, let's at least make sure we update\nit every decade ;)\n\nI also considered removing it. However, then autoconf\ncan't be run on systems without pkg-config installed\nanymore. While that is very unusual, didn't see a good\nreason to break that.\n\nChange-Id: I34e96a225446693f401549d86d872c02427ef7d5\nSigned-off-by: Frank Lichtenheld \nAcked-by: Arne Schwabe \nMessage-Id: <20240506160413.7189-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28631.html\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"configure: update old copy of pkg.m4"}},{"before":"066fcdba9741319fa38cbe40c1761c49727d3f9a","after":"9d92221eb4e773cae913752af6d70082ae305fe8","ref":"refs/heads/master","pushedAt":"2024-05-02T18:16:36.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Fix 'binary or' vs 'boolean or' related to server_bridge_proxy_dhcp\n\nBoth values are boolean so there is no reason to use \"|\"\nand it just confuses the reader whether there is something\nmore going on here.\n\nChange-Id: Ie61fa6a78875ecbaa9d3d8e7a50603d77c9ce09e\nSigned-off-by: Frank Lichtenheld \nAcked-by: Gert Doering \nMessage-Id: <20240502095322.9433-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28601.html\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"Fix 'binary or' vs 'boolean or' related to server_bridge_proxy_dhcp"}},{"before":"f50c67707ed033040c93a6b5d4efbbd2c0933459","after":"18520e5a25a983b616762e6082da8436d0933411","ref":"refs/heads/release/2.6","pushedAt":"2024-05-02T18:16:34.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Replace macos11 with macos14 in github runners\n\nGithub's documentation states: macos-11 label has been deprecated and\nwill no longer be available after 6/28/2024. Add macos14 which is nowadays\nsupported instead.\n\nThe github macos-14 runner is using the M1 platform with ARM, so this\nrequires a bit more adjustment of paths.\n\nChange-Id: Ia70f230b2e9a78939d1875395205c8f48c4944b7\nSigned-off-by: Arne Schwabe \nAcked-by: Frank Lichtenheld \nMessage-Id: <20240502122231.672-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/search?l=mid&q=20240502122231.672-1-gert@greenie.muc.de\nSigned-off-by: Gert Doering \n(cherry picked from commit 02f0845be7e54e8676e73621e424b6a1540b88b5)","shortMessageHtmlLink":"Replace macos11 with macos14 in github runners"}},{"before":"d4eb413181d1c414b854d0829f00cda5ad1e293d","after":"066fcdba9741319fa38cbe40c1761c49727d3f9a","ref":"refs/heads/master","pushedAt":"2024-05-02T00:17:35.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Use topology default of \"subnet\" only for server mode\n\nThe setting of --topology changes the syntax of --ifconfig.\nSo changing the default of --topology breaks all existing\nconfigs that use --ifconfig but not --topology.\n\nFor P2P setups that is probably a signification percentage.\nFor server setups the percentage is hopefully lower since\n--ifconfig is implicitly set by --server. Also more people\nmight have set their topology explicitly since it makes a\nmuch bigger difference. Clients will usually get the\ntopology and the IP config pushed by the server.\n\nSo we decided to not switch the default for everyone to\nnot affect P2P setups. What we care about is to change\nthe default for --mode server, so we only do that now. For\npeople using --server this should be transparent except\nfor a pool reset.\n\nGithub: Openvpn/openvpn#529\nChange-Id: Iefd209c0856ef395ab74055496130de00b86ead0\nSigned-off-by: Frank Lichtenheld \nAcked-by: Arne Schwabe \nMessage-Id: <20240501124254.29114-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28592.html\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"Use topology default of \"subnet\" only for server mode"}},{"before":"32e6586687a548174b88b64fe54bfae6c74d4c19","after":"d4eb413181d1c414b854d0829f00cda5ad1e293d","ref":"refs/heads/master","pushedAt":"2024-05-01T18:18:51.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Add missing EVP_KDF_CTX_free in ssl_tls1_PRF\n\nThis is just missing in the function. Found by clang+ASAN.\n\nChange-Id: I5d70198f6adbee8add619ee8a0bd6b5b1f61e506\nSigned-off-by: Arne Schwabe \nAcked-by: Frank Lichtenheld \nMessage-Id: <20240501121819.12805-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28591.html\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"Add missing EVP_KDF_CTX_free in ssl_tls1_PRF"}},{"before":"e2ff9161e1b1b3e8c83bf01e3c488e0601834c0c","after":"32e6586687a548174b88b64fe54bfae6c74d4c19","ref":"refs/heads/master","pushedAt":"2024-04-03T18:16:59.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Change default of \"topology\" to \"subnet\"\n\nChange-Id: Iede3e7c028cbb715e28bc88c7e583f84dadc02c8\nSigned-off-by: Frank Lichtenheld \nAcked-by: Arne Schwabe \nMessage-Id: <20231201112022.15337-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27627.html\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"Change default of \"topology\" to \"subnet\""}},{"before":"e81e3eb1a4322148b06f353eaa22b0a803fd74f4","after":"e2ff9161e1b1b3e8c83bf01e3c488e0601834c0c","ref":"refs/heads/master","pushedAt":"2024-04-03T12:15:18.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"forked-test-driver: Show test output always\n\nWe want to see the progress, at least for slow tests\nlike t_client.sh.\n\nChange-Id: I11e0091482d9acee89ca018374cb8d96d22f8514\nSigned-off-by: Frank Lichtenheld \nAcked-by: Arne Schwabe \nMessage-Id: <20240125110122.16257-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28133.html\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"forked-test-driver: Show test output always"}},{"before":"ff402c7c2fbc49ff6d352ebdc3cdc4c27c2bbcbb","after":"e81e3eb1a4322148b06f353eaa22b0a803fd74f4","ref":"refs/heads/master","pushedAt":"2024-04-02T18:22:02.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Remove/combine redundant call of EVP_CipherInit before EVP_CipherInit_Ex\n\nEVP_CipherInit basically is the same EVP_CipherInit_ex except that it\nin some instances it resets/inits the ctx parameter first. We already\ncall EVP_CIPHER_CTX_reset to reset/init the ctx before. Also ensure that\nEVP_CipherInit_Ex gets the cipher to actually be able to initialise the\ncontext.\n\nOpenSSL 1.0.2:\n\nhttps://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/evp/evp_enc.c#L94\n\nEVP_CipherInit calls first EVP_CIPHER_CTX_init and then EVP_CipherInit_ex\n\nOur openssl_compat.h has\n\nfor these older OpenSSL versions\n\nOpenSSL 3.0:\n\nhttps://github.com/openssl/openssl/blob/openssl-3.2/crypto/evp/evp_enc.c#L450\n\nbasically the same as 1.0.2. Just that method names have been changed.\n\nChange-Id: I911e25949a8647b567fd4178683534d4404ab469\nSigned-off-by: Arne Schwabe \nAcked-by: Gert Doering \nMessage-Id: <20240402134909.6340-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28523.html\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"Remove/combine redundant call of EVP_CipherInit before EVP_CipherInit_Ex"}},{"before":"4d907bf46a470ccbd2940b9ecb64d6502d9d86bf","after":"ff402c7c2fbc49ff6d352ebdc3cdc4c27c2bbcbb","ref":"refs/heads/master","pushedAt":"2024-04-02T12:17:01.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Match ifdef for get_sigtype function with if ifdef of caller\n\nThese two ifdef needs to be the same otherwise the compiler will\nbreak with a undefined function.\n\nChange-Id: I5b14bf90bb07935f0bb84373ec4e62352752c03f\nSigned-off-by: Arne Schwabe \nAcked-by: Gert Doering \nMessage-Id: <20240402063646.25490-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28512.html\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"Match ifdef for get_sigtype function with if ifdef of caller"}},{"before":"4c71e816031f564f834df695b3fa717ea22720d2","after":"4d907bf46a470ccbd2940b9ecb64d6502d9d86bf","ref":"refs/heads/master","pushedAt":"2024-03-31T18:14:16.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"crypto_backend: fix type of enc parameter\n\nWe had parts of a abstraction, but it wasn't consistent.\nGCC 13 now complains about the type mismatch with mbedtls now:\n\ncrypto_mbedtls.c:568:1: error:\nconflicting types for ‘cipher_ctx_init’ due to enum/integer mismatch;\nhave ‘void(mbedtls_cipher_context_t *, const uint8_t *, const char *, const mbedtls_operation_t)’\n[...] [-Werror=enum-int-mismatch]\ncrypto_backend.h:341:6: note:\nprevious declaration of ‘cipher_ctx_init’ with type\n‘void(cipher_ctx_t *, const uint8_t *, const char *, int)’ [...]\n\nPrevious compiler versions did not complain.\n\nv2:\n - clean solution instead of quick solution. Fix the actual API\n definition\n\nChange-Id: If0dcdde30879fd6185efb2ad31399c1629c04d22\nSigned-off-by: Frank Lichtenheld \nAcked-by: Arne Schwabe \nMessage-Id: <20240327162621.1792414-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28498.html\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"crypto_backend: fix type of enc parameter"}},{"before":"ea0d9c70a44e3d871136f68bddb0befc299dd692","after":"f50c67707ed033040c93a6b5d4efbbd2c0933459","ref":"refs/heads/release/2.6","pushedAt":"2024-03-29T12:15:09.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"misc.c: remove unused code\n\nCommit\n\n 3a4fb1 \"Ensure --auth-nocache is handled during renegotiation\"\n\nhas changed the behavior of set_auth_token(), but left unused parameter\n\n struct user_pass *up\n\nRemove this parameter and amend comments accordingly. Also remove\nunused function definition from misc.h.\n\nSigned-off-by: Lev Stipakov \nAcked-by: Frank Lichtenheld \n\nChange-Id: Ic440f2c8d46dfcb5ff41ba2f33bf28bb7286eec4\nMessage-Id: <20240329103739.28254-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28503.html\nSigned-off-by: Gert Doering \n(cherry picked from commit 4c71e816031f564f834df695b3fa717ea22720d2)","shortMessageHtmlLink":"misc.c: remove unused code"}},{"before":"a94226cdc8ed037a6763675aa47e6c821983f174","after":"4c71e816031f564f834df695b3fa717ea22720d2","ref":"refs/heads/master","pushedAt":"2024-03-29T12:15:07.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"misc.c: remove unused code\n\nCommit\n\n 3a4fb1 \"Ensure --auth-nocache is handled during renegotiation\"\n\nhas changed the behavior of set_auth_token(), but left unused parameter\n\n struct user_pass *up\n\nRemove this parameter and amend comments accordingly. Also remove\nunused function definition from misc.h.\n\nSigned-off-by: Lev Stipakov \nAcked-by: Frank Lichtenheld \n\nChange-Id: Ic440f2c8d46dfcb5ff41ba2f33bf28bb7286eec4\nMessage-Id: <20240329103739.28254-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28503.html\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"misc.c: remove unused code"}},{"before":"5591af17694d98054da2cdf4cfd42508a8a4fb8e","after":"ea0d9c70a44e3d871136f68bddb0befc299dd692","ref":"refs/heads/release/2.6","pushedAt":"2024-03-26T18:16:33.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"script-options.rst: Update ifconfig_* variables\n\n- Remove obsolete ifconfig_broadcast. Since this was\n removed in 2.5.0, do not add a removal note but just\n completely remove it.\n- Add missing documentation of IPv6 variants for\n ifconfig_pool_* variables.\n\nGithub: fixes Openvpn/openvpn#527\nChange-Id: Ia8c8de6799f0291fc900628fbd06c8a414e741ca\nSigned-off-by: Frank Lichtenheld \nAcked-by: Gert Doering \nMessage-Id: <20240321161623.2794161-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28438.html\nSigned-off-by: Gert Doering \n(cherry picked from commit a94226cdc8ed037a6763675aa47e6c821983f174)","shortMessageHtmlLink":"script-options.rst: Update ifconfig_* variables"}},{"before":"6889d9e2f1458272ded4c035df40378ace3d7395","after":"a94226cdc8ed037a6763675aa47e6c821983f174","ref":"refs/heads/master","pushedAt":"2024-03-26T18:16:31.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"script-options.rst: Update ifconfig_* variables\n\n- Remove obsolete ifconfig_broadcast. Since this was\n removed in 2.5.0, do not add a removal note but just\n completely remove it.\n- Add missing documentation of IPv6 variants for\n ifconfig_pool_* variables.\n\nGithub: fixes Openvpn/openvpn#527\nChange-Id: Ia8c8de6799f0291fc900628fbd06c8a414e741ca\nSigned-off-by: Frank Lichtenheld \nAcked-by: Gert Doering \nMessage-Id: <20240321161623.2794161-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28438.html\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"script-options.rst: Update ifconfig_* variables"}},{"before":"e8c629fe64c67ea0a8454753be99db44df7ce53e","after":"6889d9e2f1458272ded4c035df40378ace3d7395","ref":"refs/heads/master","pushedAt":"2024-03-26T12:16:28.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Fix snprintf/swnprintf related compiler warnings\n\nWhen openvpn_snprintf is replaced by snprintf the GCC/MSVC compiler\nwill perform additional checks that the result is not truncated.\n\nThis warning can be avoid by either explicitly checking the return value\nof snprintf (proxy) or ensuring that it is never truncated(tls crypt)\n\nChange-Id: If23988a05dd53a519c5e57f2aa3b2d10bd29df1d\nSigned-off-by: Arne Schwabe \nAcked-by: Frank Lichtenheld \nMessage-Id: <20240326104101.531291-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28475.html\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"Fix snprintf/swnprintf related compiler warnings"}},{"before":"ba0f62fb950c56a0f992b1f8269bdeac209d4e55","after":"5591af17694d98054da2cdf4cfd42508a8a4fb8e","ref":"refs/heads/release/2.6","pushedAt":"2024-03-25T18:15:16.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"phase2_tcp_server: fix Coverity issue 'Dereference after null check'\n\nAs Coverity says:\nEither the check against null is unnecessary, or there may be a null\npointer dereference.\nIn phase2_tcp_server: Pointer is checked against null but then\ndereferenced anyway\n\nThere is only one caller (link_socket_init_phase2) and it already has\nan ASSERT(sig_info). So use that here was well.\n\nv2:\n - fix cleanly by actually asserting that sig_info is defined\n\nChange-Id: I8ef199463d46303129a3f563fd9eace780a58b8a\nSigned-off-by: Frank Lichtenheld \nAcked-by: Arne Schwabe \nMessage-Id: <20240325071448.12143-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28452.html\nSigned-off-by: Gert Doering \n(cherry picked from commit e8c629fe64c67ea0a8454753be99db44df7ce53e)","shortMessageHtmlLink":"phase2_tcp_server: fix Coverity issue 'Dereference after null check'"}},{"before":"fd6b8395f6cee8a61111c28f335ec25ed6db11f7","after":"e8c629fe64c67ea0a8454753be99db44df7ce53e","ref":"refs/heads/master","pushedAt":"2024-03-25T18:15:14.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"phase2_tcp_server: fix Coverity issue 'Dereference after null check'\n\nAs Coverity says:\nEither the check against null is unnecessary, or there may be a null\npointer dereference.\nIn phase2_tcp_server: Pointer is checked against null but then\ndereferenced anyway\n\nThere is only one caller (link_socket_init_phase2) and it already has\nan ASSERT(sig_info). So use that here was well.\n\nv2:\n - fix cleanly by actually asserting that sig_info is defined\n\nChange-Id: I8ef199463d46303129a3f563fd9eace780a58b8a\nSigned-off-by: Frank Lichtenheld \nAcked-by: Arne Schwabe \nMessage-Id: <20240325071448.12143-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28452.html\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"phase2_tcp_server: fix Coverity issue 'Dereference after null check'"}},{"before":"d29496cce2d91a74706e3d5e4c48773715b10812","after":"fccae1fa71140bd66f4a57597ca3c7307ba05b30","ref":"refs/heads/release/2.5","pushedAt":"2024-03-22T18:16:47.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Preparing release 2.5.10\n\nversion.m4, ChangeLog, Changes.rst\n\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"Preparing release 2.5.10"}},{"before":"462fed53c7a5f21c07dafa4910765efe56d7402d","after":"ba0f62fb950c56a0f992b1f8269bdeac209d4e55","ref":"refs/heads/release/2.6","pushedAt":"2024-03-20T18:17:37.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"preparing release 2.6.10\n\nversion.m4, ChangeLog, Changes.rst\n\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"preparing release 2.6.10"}},{"before":"e0775c042c7908a9b315da8092b436d03abea08a","after":"d29496cce2d91a74706e3d5e4c48773715b10812","ref":"refs/heads/release/2.5","pushedAt":"2024-03-20T18:17:34.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"interactive.c: Fix potential stack overflow issue\n\nWhen reading message from the pipe, we first peek the pipe to get the size\nof the message waiting to be read and then read the message. A compromised\nOpenVPN process could send an excessively large message, which would result\nin a stack-allocated message buffer overflow.\n\nTo address this, we terminate the misbehaving process if the peeked message\nsize exceeds the maximum allowable size.\n\nThis commit is backported from 9b2693f in release/2.6 branch, fixing\nmerge conflicts around &ring_buffer_handles and wins_cfg_message_t.\n\nCVE: 2024-27459\nMicrosoft case number: 85932\n\nReported-by: Vladimir Tokarev \nChange-Id: Ib5743cba0741ea11f9ee62c4978b2c6789b81ada\nSigned-off-by: Lev Stipakov \nAcked-by: Heiko Hund \nAcked-by: Gert Doering \nMessage-Id: <20240320082000.284-2-lev@openvpn.net>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28433.html\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"interactive.c: Fix potential stack overflow issue"}},{"before":"989b22cb6e007fd1addcfaf7d12f4fec9fbc9639","after":"fd6b8395f6cee8a61111c28f335ec25ed6db11f7","ref":"refs/heads/master","pushedAt":"2024-03-20T00:17:45.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Disable DCO if proxy is set via management\n\nCommit\n\n 45a1cb2a (\"Disable DCO if proxy is set via management\")\n\nattempted to disable DCO when proxy is set via management interface. However,\nat least on Windows this doesn't work, since:\n\n - setting tuntap_options->disable_dco to true is not enough to disable DCO\n - at this point it is a bit too late, since we've already done DCO-specific\n adjustments\n\nSince proxy can be set via management only if --management-query-proxy is\nspecified, the better way is to add a check to dco_check_startup_option().\n\nGithub: fixes OpenVPN/openvpn#522\n\nChange-Id: I16d6a9fefa317d7d4a195e786618328445bdbca8\nSigned-off-by: Lev Stipakov \nAcked-by: Frank Lichtenheld \nMessage-Id: <20240318181744.20625-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28415.html\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"Disable DCO if proxy is set via management"}},{"before":"9b2693feff9c49b9485cf94797c1c3502259dbe1","after":"462fed53c7a5f21c07dafa4910765efe56d7402d","ref":"refs/heads/release/2.6","pushedAt":"2024-03-20T00:17:43.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Disable DCO if proxy is set via management\n\nCommit\n\n 45a1cb2a (\"Disable DCO if proxy is set via management\")\n\nattempted to disable DCO when proxy is set via management interface. However,\nat least on Windows this doesn't work, since:\n\n - setting tuntap_options->disable_dco to true is not enough to disable DCO\n - at this point it is a bit too late, since we've already done DCO-specific\n adjustments\n\nSince proxy can be set via management only if --management-query-proxy is\nspecified, the better way is to add a check to dco_check_startup_option().\n\nGithub: fixes OpenVPN/openvpn#522\n\nChange-Id: I16d6a9fefa317d7d4a195e786618328445bdbca8\nSigned-off-by: Lev Stipakov \nAcked-by: Frank Lichtenheld \nMessage-Id: <20240318181744.20625-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28415.html\nSigned-off-by: Gert Doering \n(cherry picked from commit fd6b8395f6cee8a61111c28f335ec25ed6db11f7)","shortMessageHtmlLink":"Disable DCO if proxy is set via management"}},{"before":"b25c6d7e861d446b7a2e03cbcfb892d554c1ef73","after":"989b22cb6e007fd1addcfaf7d12f4fec9fbc9639","ref":"refs/heads/master","pushedAt":"2024-03-19T18:17:20.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"interactive.c: Fix potential stack overflow issue\n\nWhen reading message from the pipe, we first peek the pipe to get the size\nof the message waiting to be read and then read the message. A compromised\nOpenVPN process could send an excessively large message, which would result\nin a stack-allocated message buffer overflow.\n\nTo address this, we terminate the misbehaving process if the peeked message\nsize exceeds the maximum allowable size.\n\nCVE: 2024-27459\nMicrosoft case number: 85932\n\nReported-by: Vladimir Tokarev \nChange-Id: Ib5743cba0741ea11f9ee62c4978b2c6789b81ada\nSigned-off-by: Lev Stipakov \nAcked-by: Heiko Hund \nMessage-Id: <20240319152803.1801-2-lev@openvpn.net>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28420.html\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"interactive.c: Fix potential stack overflow issue"}},{"before":"3d9b4ce394f9d1a66842a5391aa744f7310a48a6","after":"e0775c042c7908a9b315da8092b436d03abea08a","ref":"refs/heads/release/2.5","pushedAt":"2024-03-19T18:17:18.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"interactive.c: disable remote access to the service pipe\n\nRemote access to the service pipe is not needed and might\nbe a potential attack vector.\n\nFor example, if an attacker manages to get credentials for\na user which is the member of \"OpenVPN Administrators\" group\non a victim machine, an attacker might be able to communicate\nwith the privileged interactive service on a victim machine\nand start openvpn processes remotely.\n\nCVE: 2024-24974\n\nMicrosoft case number: 85925\n\nReported-by: Vladimir Tokarev \nChange-Id: I8739c5f127e9ca0683fcdbd099dba9896ae46277\nSigned-off-by: Lev Stipakov \nAcked-by: Heiko Hund \nMessage-Id: <20240319151723.936-2-lev@openvpn.net>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28419.html\nSigned-off-by: Gert Doering \n(cherry picked from commit 2c1de0f0803360c0a6408f754066bd3a6fb28237)","shortMessageHtmlLink":"interactive.c: disable remote access to the service pipe"}},{"before":"ff06f4ca4290fde46019d61d9c1039ad05b12701","after":"9b2693feff9c49b9485cf94797c1c3502259dbe1","ref":"refs/heads/release/2.6","pushedAt":"2024-03-19T18:17:16.000Z","pushType":"push","commitsCount":4,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"interactive.c: Fix potential stack overflow issue\n\nWhen reading message from the pipe, we first peek the pipe to get the size\nof the message waiting to be read and then read the message. A compromised\nOpenVPN process could send an excessively large message, which would result\nin a stack-allocated message buffer overflow.\n\nTo address this, we terminate the misbehaving process if the peeked message\nsize exceeds the maximum allowable size.\n\nCVE: 2024-27459\nMicrosoft case number: 85932\n\nReported-by: Vladimir Tokarev \nChange-Id: Ib5743cba0741ea11f9ee62c4978b2c6789b81ada\nSigned-off-by: Lev Stipakov \nAcked-by: Heiko Hund \nMessage-Id: <20240319152803.1801-2-lev@openvpn.net>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28420.html\nSigned-off-by: Gert Doering \n(cherry picked from commit 989b22cb6e007fd1addcfaf7d12f4fec9fbc9639)","shortMessageHtmlLink":"interactive.c: Fix potential stack overflow issue"}},{"before":"91eb4606a4a3e8e2a4ed2ac4e2257e7ea44ccc44","after":"b25c6d7e861d446b7a2e03cbcfb892d554c1ef73","ref":"refs/heads/master","pushedAt":"2024-03-18T18:17:02.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Update Copyright statements to 2024\n\nChange-Id: Ic377958d303b1dcfa9d877d3a63ecf39bdff7aef\nSigned-off-by: Frank Lichtenheld \nAcked-by: Gert Doering \nMessage-Id: <20240315170054.2368254-1-frank@lichtenheld.com>\nURL: https://sourceforge.net/p/openvpn/mailman/message/58749316/\nSigned-off-by: Gert Doering ","shortMessageHtmlLink":"Update Copyright statements to 2024"}},{"before":"366ca5b9b5ec104e0c7ae2f3cf563b9057ee879a","after":"ff06f4ca4290fde46019d61d9c1039ad05b12701","ref":"refs/heads/release/2.6","pushedAt":"2024-03-18T18:17:00.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Update Copyright statements to 2024\n\nChange-Id: Ic377958d303b1dcfa9d877d3a63ecf39bdff7aef\nSigned-off-by: Frank Lichtenheld \nAcked-by: Gert Doering \nMessage-Id: <20240315170054.2368254-1-frank@lichtenheld.com>\nURL: https://sourceforge.net/p/openvpn/mailman/message/58749316/\nSigned-off-by: Gert Doering \n(cherry picked from commit b25c6d7e861d446b7a2e03cbcfb892d554c1ef73)","shortMessageHtmlLink":"Update Copyright statements to 2024"}},{"before":"bbc77d1719d2d5b33e58abac5eba8b8e409561ab","after":"366ca5b9b5ec104e0c7ae2f3cf563b9057ee879a","ref":"refs/heads/release/2.6","pushedAt":"2024-03-15T12:15:41.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jollaitbot","name":"Jolla IT Bot","path":"/jollaitbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5138957?s=80&v=4"},"commit":{"message":"Remove license warning from README.mbedtls\n\nThe licenses are compatible now, so we can remove the warning.\n\nChange-Id: I1879c893ed19b165fd086728fb97951eac251681\nSigned-off-by: Max Fillinger \nAcked-by: Gert Doering \nMessage-Id: <20240314185527.26803-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28400.html\nSigned-off-by: Gert Doering \n(cherry picked from commit 91eb4606a4a3e8e2a4ed2ac4e2257e7ea44ccc44)","shortMessageHtmlLink":"Remove license warning from README.mbedtls"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAERZT-pwA","startCursor":null,"endCursor":null}},"title":"Activity · sailfishos-mirror/openvpn"}