{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":4151993,"defaultBranch":"master","name":"openvpn","ownerLogin":"OpenVPN","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2012-04-26T20:42:48.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/1569141?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1711114533.0","currentOid":""},"activityList":{"items":[{"before":"65fb67cd6c320a426567b2922c4282fb8738ba3f","after":"2f2ff186564c3999efaf48d734df95471ac22d84","ref":"refs/heads/release/2.6","pushedAt":"2024-06-02T15:50:34.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Allow to set ifmode for existing DCO interfaces in FreeBSD\n\nWhile prexisting devices work well TUN/TAP the DCO interfaces require\nsetting the ifmode which cannot be done by FreeBSD base tooling.  In\npeer-to-peer mode this is not a problem because that is the default mode.\nSubnet mode, however, will fail to be set and the resulting connection does\nnot start:\n\n  Failed to create interface ovpns2 (SIOCSIFNAME): File exists (errno=17)\n  DCO device ovpns2 already exists, won't be destroyed at shutdown\n  /sbin/ifconfig ovpns2 10.1.8.1/24 mtu 1500 up\n  ifconfig: in_exec_nl(): Empty IFA_LOCAL/IFA_ADDRESS\n  ifconfig: ioctl (SIOCAIFADDR): Invalid argument\n  FreeBSD ifconfig failed: external program exited with error status: 1\n  Exiting due to fatal error\n\nSlightly restructure the code to catch the specific error\ncondition and execute dco_set_ifmode() in this case as well.\n\nSigned-off-by: Franco Fichtner <franco@opnsense.org>\nAcked-by: Gert Doering <gert@greenie.muc.de>\nMessage-Id: <AE20A784-506C-488B-9302-2D3AE775B168@opnsense.org>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28688.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>\n(cherry picked from commit 82036c17c45d45c3fe8725f64b33720cb9c94dad)","shortMessageHtmlLink":"Allow to set ifmode for existing DCO interfaces in FreeBSD"}},{"before":"fbe3b49b373ea8e81aaa31a383258403a3bfcd07","after":"82036c17c45d45c3fe8725f64b33720cb9c94dad","ref":"refs/heads/master","pushedAt":"2024-06-02T15:50:34.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Allow to set ifmode for existing DCO interfaces in FreeBSD\n\nWhile prexisting devices work well TUN/TAP the DCO interfaces require\nsetting the ifmode which cannot be done by FreeBSD base tooling.  In\npeer-to-peer mode this is not a problem because that is the default mode.\nSubnet mode, however, will fail to be set and the resulting connection does\nnot start:\n\n  Failed to create interface ovpns2 (SIOCSIFNAME): File exists (errno=17)\n  DCO device ovpns2 already exists, won't be destroyed at shutdown\n  /sbin/ifconfig ovpns2 10.1.8.1/24 mtu 1500 up\n  ifconfig: in_exec_nl(): Empty IFA_LOCAL/IFA_ADDRESS\n  ifconfig: ioctl (SIOCAIFADDR): Invalid argument\n  FreeBSD ifconfig failed: external program exited with error status: 1\n  Exiting due to fatal error\n\nSlightly restructure the code to catch the specific error\ncondition and execute dco_set_ifmode() in this case as well.\n\nSigned-off-by: Franco Fichtner <franco@opnsense.org>\nAcked-by: Gert Doering <gert@greenie.muc.de>\nMessage-Id: <AE20A784-506C-488B-9302-2D3AE775B168@opnsense.org>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28688.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Allow to set ifmode for existing DCO interfaces in FreeBSD"}},{"before":"55bb3260c12bae33b6a8eac73cbb6972f8517411","after":"fbe3b49b373ea8e81aaa31a383258403a3bfcd07","ref":"refs/heads/master","pushedAt":"2024-06-01T20:27:29.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Allow the TLS session to send out TLS alerts\n\nPrevious OpenVPN versions shut down the TLS control channel immediately\nwhen encountering an error. This also meant that we would not send out\nTLS alerts to notify a client about potential problems like mismatching\nTLS versions or having no common cipher.\n\nThis commit adds a new key_state S_ERROR_PRE which still allows to\nsend out the remaining TLS packets of the control session which are\ntypically the alert message and then going to S_ERROR. We do not\nwait for retries. So this is more a one-shot notify but that is\nacceptable in this situation.\n\nSending out alerts is a slight compromise in security as alerts give\nout a bit of information that otherwise is not given\nout. But since all other consumers TLS implementations are already doing this\nand TLS implementations (nowadays) are very careful not to leak (sensitive)\ninformation by alerts and since the user experience is much better with\nalerts, this compromise is worth it.\n\nChange-Id: I0ad48915004ddee587e97c8ed190ba8ee989e48d\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240408124933.243991-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28540.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Allow the TLS session to send out TLS alerts"}},{"before":"763b35f652b1913ddd01e6c548b3e6a57076ba42","after":"55bb3260c12bae33b6a8eac73cbb6972f8517411","ref":"refs/heads/master","pushedAt":"2024-05-17T06:44:21.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Only schedule_exit() once\n\nIf an exit has already been scheduled we should not schedule it again.\nOtherwise, the exit signal is never emitted if the peer reschedules the\nexit before the timeout occurs.\n\nschedule_exit() now only takes the context as argument. The signal is\nhard coded to SIGTERM, and the interval is read directly from the\ncontext options.\n\nFurthermore, schedule_exit() now returns a bool signifying whether an\nexit was scheduled; false if exit is already scheduled. The call sites\nare updated accordingly. A notable difference is that management is only\nnotified *once* when an exit is scheduled - we no longer notify\nmanagement on redundant exit.\n\nThis patch was assigned a CVE number after already reviewed and ACKed,\nbecause it was discovered that a misbehaving client can use the (now\nfixed) server behaviour to avoid being disconnected by means of a\nmanagment interface \"client-kill\" command - the security issue here is\n\"client can circumvent security policy set by management interface\".\n\nThis only affects previously authenticated clients, and only management\nclient-kill, so normal renegotion / AUTH_FAIL (\"your session ends\") is not\naffected.\n\nCVE: 2024-28882\n\nChange-Id: I9457f005f4ba970502e6b667d9dc4299a588d661\nSigned-off-by: Reynir Björnsson <reynir@reynir.dk>\nAcked-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nMessage-Id: <20240516120434.23499-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28679.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Only schedule_exit() once"}},{"before":"8aed156be81a3bdd3098bfed5e8f95662d06633c","after":"65fb67cd6c320a426567b2922c4282fb8738ba3f","ref":"refs/heads/release/2.6","pushedAt":"2024-05-17T06:44:21.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Only schedule_exit() once\n\nIf an exit has already been scheduled we should not schedule it again.\nOtherwise, the exit signal is never emitted if the peer reschedules the\nexit before the timeout occurs.\n\nschedule_exit() now only takes the context as argument. The signal is\nhard coded to SIGTERM, and the interval is read directly from the\ncontext options.\n\nFurthermore, schedule_exit() now returns a bool signifying whether an\nexit was scheduled; false if exit is already scheduled. The call sites\nare updated accordingly. A notable difference is that management is only\nnotified *once* when an exit is scheduled - we no longer notify\nmanagement on redundant exit.\n\nThis patch was assigned a CVE number after already reviewed and ACKed,\nbecause it was discovered that a misbehaving client can use the (now\nfixed) server behaviour to avoid being disconnected by means of a\nmanagment interface \"client-kill\" command - the security issue here is\n\"client can circumvent security policy set by management interface\".\n\nThis only affects previously authenticated clients, and only management\nclient-kill, so normal renegotion / AUTH_FAIL (\"your session ends\") is not\naffected.\n\nCVE: 2024-28882\n\nChange-Id: I9457f005f4ba970502e6b667d9dc4299a588d661\nSigned-off-by: Reynir Björnsson <reynir@reynir.dk>\nAcked-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nMessage-Id: <20240516120434.23499-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28679.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>\n(cherry picked from commit 55bb3260c12bae33b6a8eac73cbb6972f8517411)","shortMessageHtmlLink":"Only schedule_exit() once"}},{"before":"51f80db910eb48e720ce106b5b9b5ec96d8e0e23","after":"763b35f652b1913ddd01e6c548b3e6a57076ba42","ref":"refs/heads/master","pushedAt":"2024-05-15T11:40:30.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Remove custom TLS 1.0 PRF implementation only used by LibreSSL/wolfSSL\n\nAfter the removal of the OpenSSL 1.0.2 support, LibreSSL/wolfSSL are the\nonly libraries that still needs the custom implementation.\n\nSince our LibreSSL/wolfSSL support is always best effort, we can afford to\nlimit LibreSSL support in this way. If they want to support this, they\nshould expose the functionality as well.\n\nChange-Id: I5bfa3630ad4dff2807705658bc877c4a429a39ce\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Gert Doering <gert@greenie.muc.de>\nMessage-Id: <20240515100115.11056-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28672.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Remove custom TLS 1.0 PRF implementation only used by LibreSSL/wolfSSL"}},{"before":"b3a271b11723cbe520ad4ce6b4b0459de57ade06","after":"51f80db910eb48e720ce106b5b9b5ec96d8e0e23","ref":"refs/heads/master","pushedAt":"2024-05-14T16:50:50.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Remove OpenSSL 1.0.2 support\n\nWith Centos 7/Red Hat Enterprise Linux 7 being EOL this June, the last\ndistributions that still support OpenSSL 1.0.2 are finally EOL. This\nmeans we no longer need to support OpenSSL 1.0.2\n\nChange-Id: I90875311a4e4c403e77e30b609c1878cbaaaad45\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Gert Doering <gert@greenie.muc.de>\nMessage-Id: <20240514141550.17544-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28665.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Remove OpenSSL 1.0.2 support"}},{"before":"56fc48e87decfa16a15ab0293853c473bf56703f","after":"8aed156be81a3bdd3098bfed5e8f95662d06633c","ref":"refs/heads/release/2.6","pushedAt":"2024-05-13T15:24:08.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Workaround issue in LibreSSL crashing when enumerating digests/ciphers\n\nOpenBSD/LibreSSL reimplemented EVP_get_cipherbyname/EVP_get_digestbyname\nand broke calling EVP_get_cipherbynid/EVP_get_digestbyname with an\ninvalid nid in the process so that it would segfault.\n\nWorkaround but doing that NULL check in OpenVPN instead of leaving it\nto the library.\n\nGithub: see also https://github.com/libressl/openbsd/issues/150\n\nChange-Id: Ia08a9697d0ff41721fb0acf17ccb4cfa23cb3934\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Gert Doering <gert@greenie.muc.de>\nMessage-Id: <20240508220540.12554-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28649.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>\n(cherry picked from commit b3a271b11723cbe520ad4ce6b4b0459de57ade06)","shortMessageHtmlLink":"Workaround issue in LibreSSL crashing when enumerating digests/ciphers"}},{"before":"d5ba4acc297a6041bb45f7aa1c9a99b37b7d5e44","after":"b3a271b11723cbe520ad4ce6b4b0459de57ade06","ref":"refs/heads/master","pushedAt":"2024-05-13T15:24:08.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Workaround issue in LibreSSL crashing when enumerating digests/ciphers\n\nOpenBSD/LibreSSL reimplemented EVP_get_cipherbyname/EVP_get_digestbyname\nand broke calling EVP_get_cipherbynid/EVP_get_digestbyname with an\ninvalid nid in the process so that it would segfault.\n\nWorkaround but doing that NULL check in OpenVPN instead of leaving it\nto the library.\n\nGithub: see also https://github.com/libressl/openbsd/issues/150\n\nChange-Id: Ia08a9697d0ff41721fb0acf17ccb4cfa23cb3934\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Gert Doering <gert@greenie.muc.de>\nMessage-Id: <20240508220540.12554-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28649.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Workaround issue in LibreSSL crashing when enumerating digests/ciphers"}},{"before":"bccb22ab44d7e5a60bece286c9daf8b676f2b7c3","after":"d5ba4acc297a6041bb45f7aa1c9a99b37b7d5e44","ref":"refs/heads/master","pushedAt":"2024-05-09T10:12:42.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Support OpenBSD with cmake\n\nChange-Id: I85d4d27333773e8df109e42b1fa56ccf57994e57\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240508220512.12362-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28648.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Support OpenBSD with cmake"}},{"before":"815df21d389bf70dbe98cb89f2c60b6e6e816faa","after":"bccb22ab44d7e5a60bece286c9daf8b676f2b7c3","ref":"refs/heads/master","pushedAt":"2024-05-06T16:35:06.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"configure: update old copy of pkg.m4\n\nIf we copy this code, let's at least make sure we update\nit every decade ;)\n\nI also considered removing it. However, then autoconf\ncan't be run on systems without pkg-config installed\nanymore. While that is very unusual, didn't see a good\nreason to break that.\n\nChange-Id: I34e96a225446693f401549d86d872c02427ef7d5\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nMessage-Id: <20240506160413.7189-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28631.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"configure: update old copy of pkg.m4"}},{"before":"18520e5a25a983b616762e6082da8436d0933411","after":"56fc48e87decfa16a15ab0293853c473bf56703f","ref":"refs/heads/release/2.6","pushedAt":"2024-05-06T16:02:10.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Only run coverity scan in OpenVPN/OpenVPN repository\n\nThis avoids the error message triggering every night that the run\nfailed in forked repositories\n\nChange-Id: Id95e0124d943912439c6ec6f562c0eb40d434163\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240506155831.3524-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28627.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>\n(cherry picked from commit 815df21d389bf70dbe98cb89f2c60b6e6e816faa)","shortMessageHtmlLink":"Only run coverity scan in OpenVPN/OpenVPN repository"}},{"before":"b90a6e56250ccb18b4913bb115e5dcf4905dbfb1","after":"815df21d389bf70dbe98cb89f2c60b6e6e816faa","ref":"refs/heads/master","pushedAt":"2024-05-06T16:02:10.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Only run coverity scan in OpenVPN/OpenVPN repository\n\nThis avoids the error message triggering every night that the run\nfailed in forked repositories\n\nChange-Id: Id95e0124d943912439c6ec6f562c0eb40d434163\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240506155831.3524-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28627.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Only run coverity scan in OpenVPN/OpenVPN repository"}},{"before":"130548fe4d23afac5d2948d4e5ee164eef635cfd","after":"b90a6e56250ccb18b4913bb115e5dcf4905dbfb1","ref":"refs/heads/master","pushedAt":"2024-05-06T15:37:15.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Repeat the unknown command in errors from management interface\n\nThis help pinpointing errors in logs from my app\n\nChange-Id: Ie2b62bc95371daf7e1eb58e0323835f169399910\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240506142303.13198-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28621.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Repeat the unknown command in errors from management interface"}},{"before":"9d92221eb4e773cae913752af6d70082ae305fe8","after":"130548fe4d23afac5d2948d4e5ee164eef635cfd","ref":"refs/heads/master","pushedAt":"2024-05-06T15:27:54.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Remove openvpn_snprintf and similar functions\n\nOld Microsoft versions did strange behaviour but according to the\nnewly added unit test and\nhttps://stackoverflow.com/questions/7706936/is-snprintf-always-null-terminating\nthis is now standard conforming and we can use the normal snprintf\nmethod.\n\nMicrosoft own documentation to swprintf also says you nowadays need to\ndefine _CRT_NON_CONFORMING_SWPRINTFS to get to non-standard behaviour.\n\nChange-Id: I07096977e3b562bcb5d2c6f11673a4175b8e12ac\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240506102710.8976-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28617.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Remove openvpn_snprintf and similar functions"}},{"before":"02f0845be7e54e8676e73621e424b6a1540b88b5","after":"9d92221eb4e773cae913752af6d70082ae305fe8","ref":"refs/heads/master","pushedAt":"2024-05-02T15:15:30.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Fix 'binary or' vs 'boolean or' related to server_bridge_proxy_dhcp\n\nBoth values are boolean so there is no reason to use \"|\"\nand it just confuses the reader whether there is something\nmore going on here.\n\nChange-Id: Ie61fa6a78875ecbaa9d3d8e7a50603d77c9ce09e\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Gert Doering <gert@greenie.muc.de>\nMessage-Id: <20240502095322.9433-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28601.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Fix 'binary or' vs 'boolean or' related to server_bridge_proxy_dhcp"}},{"before":"066fcdba9741319fa38cbe40c1761c49727d3f9a","after":"02f0845be7e54e8676e73621e424b6a1540b88b5","ref":"refs/heads/master","pushedAt":"2024-05-02T12:57:41.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Replace macos11 with macos14 in github runners\n\nGithub's documentation states:  macos-11 label has been deprecated and\nwill no longer be available after 6/28/2024. Add macos14 which is nowadays\nsupported instead.\n\nThe github macos-14 runner is using the M1 platform with ARM, so this\nrequires a bit more adjustment of paths.\n\nChange-Id: Ia70f230b2e9a78939d1875395205c8f48c4944b7\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240502122231.672-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/search?l=mid&q=20240502122231.672-1-gert@greenie.muc.de\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Replace macos11 with macos14 in github runners"}},{"before":"f50c67707ed033040c93a6b5d4efbbd2c0933459","after":"18520e5a25a983b616762e6082da8436d0933411","ref":"refs/heads/release/2.6","pushedAt":"2024-05-02T12:57:41.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Replace macos11 with macos14 in github runners\n\nGithub's documentation states:  macos-11 label has been deprecated and\nwill no longer be available after 6/28/2024. Add macos14 which is nowadays\nsupported instead.\n\nThe github macos-14 runner is using the M1 platform with ARM, so this\nrequires a bit more adjustment of paths.\n\nChange-Id: Ia70f230b2e9a78939d1875395205c8f48c4944b7\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240502122231.672-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/search?l=mid&q=20240502122231.672-1-gert@greenie.muc.de\nSigned-off-by: Gert Doering <gert@greenie.muc.de>\n(cherry picked from commit 02f0845be7e54e8676e73621e424b6a1540b88b5)","shortMessageHtmlLink":"Replace macos11 with macos14 in github runners"}},{"before":"d4eb413181d1c414b854d0829f00cda5ad1e293d","after":"066fcdba9741319fa38cbe40c1761c49727d3f9a","ref":"refs/heads/master","pushedAt":"2024-05-01T20:13:04.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Use topology default of \"subnet\" only for server mode\n\nThe setting of --topology changes the syntax of --ifconfig.\nSo changing the default of --topology breaks all existing\nconfigs that use --ifconfig but not --topology.\n\nFor P2P setups that is probably a signification percentage.\nFor server setups the percentage is hopefully lower since\n--ifconfig is implicitly set by --server. Also more people\nmight have set their topology explicitly since it makes a\nmuch bigger difference. Clients will usually get the\ntopology and the IP config pushed by the server.\n\nSo we decided to not switch the default for everyone to\nnot affect P2P setups. What we care about is to change\nthe default for --mode server, so we only do that now. For\npeople using --server this should be transparent except\nfor a pool reset.\n\nGithub: Openvpn/openvpn#529\nChange-Id: Iefd209c0856ef395ab74055496130de00b86ead0\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nMessage-Id: <20240501124254.29114-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28592.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Use topology default of \"subnet\" only for server mode"}},{"before":"32e6586687a548174b88b64fe54bfae6c74d4c19","after":"d4eb413181d1c414b854d0829f00cda5ad1e293d","ref":"refs/heads/master","pushedAt":"2024-05-01T16:37:34.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Add missing EVP_KDF_CTX_free in ssl_tls1_PRF\n\nThis is just missing in the function. Found by clang+ASAN.\n\nChange-Id: I5d70198f6adbee8add619ee8a0bd6b5b1f61e506\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240501121819.12805-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28591.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Add missing EVP_KDF_CTX_free in ssl_tls1_PRF"}},{"before":"e2ff9161e1b1b3e8c83bf01e3c488e0601834c0c","after":"32e6586687a548174b88b64fe54bfae6c74d4c19","ref":"refs/heads/master","pushedAt":"2024-04-03T17:27:17.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Change default of \"topology\" to \"subnet\"\n\nChange-Id: Iede3e7c028cbb715e28bc88c7e583f84dadc02c8\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nMessage-Id: <20231201112022.15337-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27627.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Change default of \"topology\" to \"subnet\""}},{"before":"e81e3eb1a4322148b06f353eaa22b0a803fd74f4","after":"e2ff9161e1b1b3e8c83bf01e3c488e0601834c0c","ref":"refs/heads/master","pushedAt":"2024-04-03T07:41:13.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"forked-test-driver: Show test output always\n\nWe want to see the progress, at least for slow tests\nlike t_client.sh.\n\nChange-Id: I11e0091482d9acee89ca018374cb8d96d22f8514\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nMessage-Id: <20240125110122.16257-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28133.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"forked-test-driver: Show test output always"}},{"before":"ff402c7c2fbc49ff6d352ebdc3cdc4c27c2bbcbb","after":"e81e3eb1a4322148b06f353eaa22b0a803fd74f4","ref":"refs/heads/master","pushedAt":"2024-04-02T14:56:41.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Remove/combine redundant call of EVP_CipherInit before EVP_CipherInit_Ex\n\nEVP_CipherInit basically is the same EVP_CipherInit_ex except that it\nin some instances it resets/inits the ctx parameter first. We already\ncall EVP_CIPHER_CTX_reset to reset/init the ctx before. Also ensure that\nEVP_CipherInit_Ex gets the cipher to actually be able to initialise the\ncontext.\n\nOpenSSL 1.0.2:\n\nhttps://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/evp/evp_enc.c#L94\n\nEVP_CipherInit calls first EVP_CIPHER_CTX_init and then EVP_CipherInit_ex\n\nOur openssl_compat.h has\n\nfor these older OpenSSL versions\n\nOpenSSL 3.0:\n\nhttps://github.com/openssl/openssl/blob/openssl-3.2/crypto/evp/evp_enc.c#L450\n\nbasically the same as 1.0.2. Just that method names have been changed.\n\nChange-Id: I911e25949a8647b567fd4178683534d4404ab469\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Gert Doering <gert@greenie.muc.de>\nMessage-Id: <20240402134909.6340-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28523.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Remove/combine redundant call of EVP_CipherInit before EVP_CipherInit_Ex"}},{"before":"4d907bf46a470ccbd2940b9ecb64d6502d9d86bf","after":"ff402c7c2fbc49ff6d352ebdc3cdc4c27c2bbcbb","ref":"refs/heads/master","pushedAt":"2024-04-02T09:55:41.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Match ifdef for get_sigtype function with if ifdef of caller\n\nThese two ifdef needs to be the same otherwise the compiler will\nbreak with a undefined function.\n\nChange-Id: I5b14bf90bb07935f0bb84373ec4e62352752c03f\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Gert Doering <gert@greenie.muc.de>\nMessage-Id: <20240402063646.25490-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28512.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Match ifdef for get_sigtype function with if ifdef of caller"}},{"before":"4c71e816031f564f834df695b3fa717ea22720d2","after":"4d907bf46a470ccbd2940b9ecb64d6502d9d86bf","ref":"refs/heads/master","pushedAt":"2024-03-31T14:17:40.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"crypto_backend: fix type of enc parameter\n\nWe had parts of a abstraction, but it wasn't consistent.\nGCC 13 now complains about the type mismatch with mbedtls now:\n\ncrypto_mbedtls.c:568:1: error:\nconflicting types for ‘cipher_ctx_init’ due to enum/integer mismatch;\nhave ‘void(mbedtls_cipher_context_t *, const uint8_t *, const char *, const mbedtls_operation_t)’\n[...] [-Werror=enum-int-mismatch]\ncrypto_backend.h:341:6: note:\nprevious declaration of ‘cipher_ctx_init’ with type\n‘void(cipher_ctx_t *, const uint8_t *, const char *, int)’ [...]\n\nPrevious compiler versions did not complain.\n\nv2:\n - clean solution instead of quick solution. Fix the actual API\n   definition\n\nChange-Id: If0dcdde30879fd6185efb2ad31399c1629c04d22\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nMessage-Id: <20240327162621.1792414-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28498.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"crypto_backend: fix type of enc parameter"}},{"before":"a94226cdc8ed037a6763675aa47e6c821983f174","after":"4c71e816031f564f834df695b3fa717ea22720d2","ref":"refs/heads/master","pushedAt":"2024-03-29T11:54:51.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"misc.c: remove unused code\n\nCommit\n\n  3a4fb1 \"Ensure --auth-nocache is handled during renegotiation\"\n\nhas changed the behavior of set_auth_token(), but left unused parameter\n\n  struct user_pass *up\n\nRemove this parameter and amend comments accordingly. Also remove\nunused function definition from misc.h.\n\nSigned-off-by: Lev Stipakov <lev@openvpn.net>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\n\nChange-Id: Ic440f2c8d46dfcb5ff41ba2f33bf28bb7286eec4\nMessage-Id: <20240329103739.28254-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28503.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"misc.c: remove unused code"}},{"before":"ea0d9c70a44e3d871136f68bddb0befc299dd692","after":"f50c67707ed033040c93a6b5d4efbbd2c0933459","ref":"refs/heads/release/2.6","pushedAt":"2024-03-29T11:54:51.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"misc.c: remove unused code\n\nCommit\n\n  3a4fb1 \"Ensure --auth-nocache is handled during renegotiation\"\n\nhas changed the behavior of set_auth_token(), but left unused parameter\n\n  struct user_pass *up\n\nRemove this parameter and amend comments accordingly. Also remove\nunused function definition from misc.h.\n\nSigned-off-by: Lev Stipakov <lev@openvpn.net>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\n\nChange-Id: Ic440f2c8d46dfcb5ff41ba2f33bf28bb7286eec4\nMessage-Id: <20240329103739.28254-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28503.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>\n(cherry picked from commit 4c71e816031f564f834df695b3fa717ea22720d2)","shortMessageHtmlLink":"misc.c: remove unused code"}},{"before":"4b95656536be1f402a55ef5dffe140fa78e7eb51","after":"a94226cdc8ed037a6763675aa47e6c821983f174","ref":"refs/heads/master","pushedAt":"2024-03-26T13:23:07.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"script-options.rst: Update ifconfig_* variables\n\n- Remove obsolete ifconfig_broadcast. Since this was\n  removed in 2.5.0, do not add a removal note but just\n  completely remove it.\n- Add missing documentation of IPv6 variants for\n  ifconfig_pool_* variables.\n\nGithub: fixes Openvpn/openvpn#527\nChange-Id: Ia8c8de6799f0291fc900628fbd06c8a414e741ca\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Gert Doering <gert@greenie.muc.de>\nMessage-Id: <20240321161623.2794161-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28438.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"script-options.rst: Update ifconfig_* variables"}},{"before":"e36359aa7e5193ad002768e90ae660896a5a0fa6","after":"ea0d9c70a44e3d871136f68bddb0befc299dd692","ref":"refs/heads/release/2.6","pushedAt":"2024-03-26T13:23:07.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"script-options.rst: Update ifconfig_* variables\n\n- Remove obsolete ifconfig_broadcast. Since this was\n  removed in 2.5.0, do not add a removal note but just\n  completely remove it.\n- Add missing documentation of IPv6 variants for\n  ifconfig_pool_* variables.\n\nGithub: fixes Openvpn/openvpn#527\nChange-Id: Ia8c8de6799f0291fc900628fbd06c8a414e741ca\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Gert Doering <gert@greenie.muc.de>\nMessage-Id: <20240321161623.2794161-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28438.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>\n(cherry picked from commit a94226cdc8ed037a6763675aa47e6c821983f174)","shortMessageHtmlLink":"script-options.rst: Update ifconfig_* variables"}},{"before":"6889d9e2f1458272ded4c035df40378ace3d7395","after":"4b95656536be1f402a55ef5dffe140fa78e7eb51","ref":"refs/heads/master","pushedAt":"2024-03-26T13:13:37.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Add bracket in fingerprint message and do not warn about missing verification\n\nGithub: fixes OpenVPN/openvpn#516\n\nChange-Id: Ia73d53002f4ba2658af18c17cce1b68f79de5781\nSigned-off-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240326103853.494572-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28474.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Add bracket in fingerprint message and do not warn about missing veri…"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEWj5cvgA","startCursor":null,"endCursor":null}},"title":"Activity · OpenVPN/openvpn"}