{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":4151993,"defaultBranch":"master","name":"openvpn","ownerLogin":"OpenVPN","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2012-04-26T20:42:48.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/1569141?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1711114533.0","currentOid":""},"activityList":{"items":[{"before":"02f0845be7e54e8676e73621e424b6a1540b88b5","after":"9d92221eb4e773cae913752af6d70082ae305fe8","ref":"refs/heads/master","pushedAt":"2024-05-02T15:15:30.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Fix 'binary or' vs 'boolean or' related to server_bridge_proxy_dhcp\n\nBoth values are boolean so there is no reason to use \"|\"\nand it just confuses the reader whether there is something\nmore going on here.\n\nChange-Id: Ie61fa6a78875ecbaa9d3d8e7a50603d77c9ce09e\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Gert Doering <gert@greenie.muc.de>\nMessage-Id: <20240502095322.9433-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28601.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Fix 'binary or' vs 'boolean or' related to server_bridge_proxy_dhcp"}},{"before":"066fcdba9741319fa38cbe40c1761c49727d3f9a","after":"02f0845be7e54e8676e73621e424b6a1540b88b5","ref":"refs/heads/master","pushedAt":"2024-05-02T12:57:41.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Replace macos11 with macos14 in github runners\n\nGithub's documentation states:  macos-11 label has been deprecated and\nwill no longer be available after 6/28/2024. Add macos14 which is nowadays\nsupported instead.\n\nThe github macos-14 runner is using the M1 platform with ARM, so this\nrequires a bit more adjustment of paths.\n\nChange-Id: Ia70f230b2e9a78939d1875395205c8f48c4944b7\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240502122231.672-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/search?l=mid&q=20240502122231.672-1-gert@greenie.muc.de\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Replace macos11 with macos14 in github runners"}},{"before":"f50c67707ed033040c93a6b5d4efbbd2c0933459","after":"18520e5a25a983b616762e6082da8436d0933411","ref":"refs/heads/release/2.6","pushedAt":"2024-05-02T12:57:41.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Replace macos11 with macos14 in github runners\n\nGithub's documentation states:  macos-11 label has been deprecated and\nwill no longer be available after 6/28/2024. Add macos14 which is nowadays\nsupported instead.\n\nThe github macos-14 runner is using the M1 platform with ARM, so this\nrequires a bit more adjustment of paths.\n\nChange-Id: Ia70f230b2e9a78939d1875395205c8f48c4944b7\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240502122231.672-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/search?l=mid&q=20240502122231.672-1-gert@greenie.muc.de\nSigned-off-by: Gert Doering <gert@greenie.muc.de>\n(cherry picked from commit 02f0845be7e54e8676e73621e424b6a1540b88b5)","shortMessageHtmlLink":"Replace macos11 with macos14 in github runners"}},{"before":"d4eb413181d1c414b854d0829f00cda5ad1e293d","after":"066fcdba9741319fa38cbe40c1761c49727d3f9a","ref":"refs/heads/master","pushedAt":"2024-05-01T20:13:04.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Use topology default of \"subnet\" only for server mode\n\nThe setting of --topology changes the syntax of --ifconfig.\nSo changing the default of --topology breaks all existing\nconfigs that use --ifconfig but not --topology.\n\nFor P2P setups that is probably a signification percentage.\nFor server setups the percentage is hopefully lower since\n--ifconfig is implicitly set by --server. Also more people\nmight have set their topology explicitly since it makes a\nmuch bigger difference. Clients will usually get the\ntopology and the IP config pushed by the server.\n\nSo we decided to not switch the default for everyone to\nnot affect P2P setups. What we care about is to change\nthe default for --mode server, so we only do that now. For\npeople using --server this should be transparent except\nfor a pool reset.\n\nGithub: Openvpn/openvpn#529\nChange-Id: Iefd209c0856ef395ab74055496130de00b86ead0\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nMessage-Id: <20240501124254.29114-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28592.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Use topology default of \"subnet\" only for server mode"}},{"before":"32e6586687a548174b88b64fe54bfae6c74d4c19","after":"d4eb413181d1c414b854d0829f00cda5ad1e293d","ref":"refs/heads/master","pushedAt":"2024-05-01T16:37:34.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Add missing EVP_KDF_CTX_free in ssl_tls1_PRF\n\nThis is just missing in the function. Found by clang+ASAN.\n\nChange-Id: I5d70198f6adbee8add619ee8a0bd6b5b1f61e506\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240501121819.12805-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28591.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Add missing EVP_KDF_CTX_free in ssl_tls1_PRF"}},{"before":"e2ff9161e1b1b3e8c83bf01e3c488e0601834c0c","after":"32e6586687a548174b88b64fe54bfae6c74d4c19","ref":"refs/heads/master","pushedAt":"2024-04-03T17:27:17.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Change default of \"topology\" to \"subnet\"\n\nChange-Id: Iede3e7c028cbb715e28bc88c7e583f84dadc02c8\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nMessage-Id: <20231201112022.15337-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27627.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Change default of \"topology\" to \"subnet\""}},{"before":"e81e3eb1a4322148b06f353eaa22b0a803fd74f4","after":"e2ff9161e1b1b3e8c83bf01e3c488e0601834c0c","ref":"refs/heads/master","pushedAt":"2024-04-03T07:41:13.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"forked-test-driver: Show test output always\n\nWe want to see the progress, at least for slow tests\nlike t_client.sh.\n\nChange-Id: I11e0091482d9acee89ca018374cb8d96d22f8514\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nMessage-Id: <20240125110122.16257-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28133.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"forked-test-driver: Show test output always"}},{"before":"ff402c7c2fbc49ff6d352ebdc3cdc4c27c2bbcbb","after":"e81e3eb1a4322148b06f353eaa22b0a803fd74f4","ref":"refs/heads/master","pushedAt":"2024-04-02T14:56:41.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Remove/combine redundant call of EVP_CipherInit before EVP_CipherInit_Ex\n\nEVP_CipherInit basically is the same EVP_CipherInit_ex except that it\nin some instances it resets/inits the ctx parameter first. We already\ncall EVP_CIPHER_CTX_reset to reset/init the ctx before. Also ensure that\nEVP_CipherInit_Ex gets the cipher to actually be able to initialise the\ncontext.\n\nOpenSSL 1.0.2:\n\nhttps://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/evp/evp_enc.c#L94\n\nEVP_CipherInit calls first EVP_CIPHER_CTX_init and then EVP_CipherInit_ex\n\nOur openssl_compat.h has\n\nfor these older OpenSSL versions\n\nOpenSSL 3.0:\n\nhttps://github.com/openssl/openssl/blob/openssl-3.2/crypto/evp/evp_enc.c#L450\n\nbasically the same as 1.0.2. Just that method names have been changed.\n\nChange-Id: I911e25949a8647b567fd4178683534d4404ab469\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Gert Doering <gert@greenie.muc.de>\nMessage-Id: <20240402134909.6340-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28523.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Remove/combine redundant call of EVP_CipherInit before EVP_CipherInit_Ex"}},{"before":"4d907bf46a470ccbd2940b9ecb64d6502d9d86bf","after":"ff402c7c2fbc49ff6d352ebdc3cdc4c27c2bbcbb","ref":"refs/heads/master","pushedAt":"2024-04-02T09:55:41.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Match ifdef for get_sigtype function with if ifdef of caller\n\nThese two ifdef needs to be the same otherwise the compiler will\nbreak with a undefined function.\n\nChange-Id: I5b14bf90bb07935f0bb84373ec4e62352752c03f\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Gert Doering <gert@greenie.muc.de>\nMessage-Id: <20240402063646.25490-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28512.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Match ifdef for get_sigtype function with if ifdef of caller"}},{"before":"4c71e816031f564f834df695b3fa717ea22720d2","after":"4d907bf46a470ccbd2940b9ecb64d6502d9d86bf","ref":"refs/heads/master","pushedAt":"2024-03-31T14:17:40.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"crypto_backend: fix type of enc parameter\n\nWe had parts of a abstraction, but it wasn't consistent.\nGCC 13 now complains about the type mismatch with mbedtls now:\n\ncrypto_mbedtls.c:568:1: error:\nconflicting types for ‘cipher_ctx_init’ due to enum/integer mismatch;\nhave ‘void(mbedtls_cipher_context_t *, const uint8_t *, const char *, const mbedtls_operation_t)’\n[...] [-Werror=enum-int-mismatch]\ncrypto_backend.h:341:6: note:\nprevious declaration of ‘cipher_ctx_init’ with type\n‘void(cipher_ctx_t *, const uint8_t *, const char *, int)’ [...]\n\nPrevious compiler versions did not complain.\n\nv2:\n - clean solution instead of quick solution. Fix the actual API\n   definition\n\nChange-Id: If0dcdde30879fd6185efb2ad31399c1629c04d22\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nMessage-Id: <20240327162621.1792414-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28498.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"crypto_backend: fix type of enc parameter"}},{"before":"a94226cdc8ed037a6763675aa47e6c821983f174","after":"4c71e816031f564f834df695b3fa717ea22720d2","ref":"refs/heads/master","pushedAt":"2024-03-29T11:54:51.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"misc.c: remove unused code\n\nCommit\n\n  3a4fb1 \"Ensure --auth-nocache is handled during renegotiation\"\n\nhas changed the behavior of set_auth_token(), but left unused parameter\n\n  struct user_pass *up\n\nRemove this parameter and amend comments accordingly. Also remove\nunused function definition from misc.h.\n\nSigned-off-by: Lev Stipakov <lev@openvpn.net>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\n\nChange-Id: Ic440f2c8d46dfcb5ff41ba2f33bf28bb7286eec4\nMessage-Id: <20240329103739.28254-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28503.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"misc.c: remove unused code"}},{"before":"ea0d9c70a44e3d871136f68bddb0befc299dd692","after":"f50c67707ed033040c93a6b5d4efbbd2c0933459","ref":"refs/heads/release/2.6","pushedAt":"2024-03-29T11:54:51.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"misc.c: remove unused code\n\nCommit\n\n  3a4fb1 \"Ensure --auth-nocache is handled during renegotiation\"\n\nhas changed the behavior of set_auth_token(), but left unused parameter\n\n  struct user_pass *up\n\nRemove this parameter and amend comments accordingly. Also remove\nunused function definition from misc.h.\n\nSigned-off-by: Lev Stipakov <lev@openvpn.net>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\n\nChange-Id: Ic440f2c8d46dfcb5ff41ba2f33bf28bb7286eec4\nMessage-Id: <20240329103739.28254-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28503.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>\n(cherry picked from commit 4c71e816031f564f834df695b3fa717ea22720d2)","shortMessageHtmlLink":"misc.c: remove unused code"}},{"before":"4b95656536be1f402a55ef5dffe140fa78e7eb51","after":"a94226cdc8ed037a6763675aa47e6c821983f174","ref":"refs/heads/master","pushedAt":"2024-03-26T13:23:07.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"script-options.rst: Update ifconfig_* variables\n\n- Remove obsolete ifconfig_broadcast. Since this was\n  removed in 2.5.0, do not add a removal note but just\n  completely remove it.\n- Add missing documentation of IPv6 variants for\n  ifconfig_pool_* variables.\n\nGithub: fixes Openvpn/openvpn#527\nChange-Id: Ia8c8de6799f0291fc900628fbd06c8a414e741ca\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Gert Doering <gert@greenie.muc.de>\nMessage-Id: <20240321161623.2794161-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28438.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"script-options.rst: Update ifconfig_* variables"}},{"before":"e36359aa7e5193ad002768e90ae660896a5a0fa6","after":"ea0d9c70a44e3d871136f68bddb0befc299dd692","ref":"refs/heads/release/2.6","pushedAt":"2024-03-26T13:23:07.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"script-options.rst: Update ifconfig_* variables\n\n- Remove obsolete ifconfig_broadcast. Since this was\n  removed in 2.5.0, do not add a removal note but just\n  completely remove it.\n- Add missing documentation of IPv6 variants for\n  ifconfig_pool_* variables.\n\nGithub: fixes Openvpn/openvpn#527\nChange-Id: Ia8c8de6799f0291fc900628fbd06c8a414e741ca\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Gert Doering <gert@greenie.muc.de>\nMessage-Id: <20240321161623.2794161-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28438.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>\n(cherry picked from commit a94226cdc8ed037a6763675aa47e6c821983f174)","shortMessageHtmlLink":"script-options.rst: Update ifconfig_* variables"}},{"before":"6889d9e2f1458272ded4c035df40378ace3d7395","after":"4b95656536be1f402a55ef5dffe140fa78e7eb51","ref":"refs/heads/master","pushedAt":"2024-03-26T13:13:37.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Add bracket in fingerprint message and do not warn about missing verification\n\nGithub: fixes OpenVPN/openvpn#516\n\nChange-Id: Ia73d53002f4ba2658af18c17cce1b68f79de5781\nSigned-off-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240326103853.494572-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28474.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Add bracket in fingerprint message and do not warn about missing veri…"}},{"before":"5591af17694d98054da2cdf4cfd42508a8a4fb8e","after":"e36359aa7e5193ad002768e90ae660896a5a0fa6","ref":"refs/heads/release/2.6","pushedAt":"2024-03-26T13:13:37.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Add bracket in fingerprint message and do not warn about missing verification\n\nGithub: fixes OpenVPN/openvpn#516\n\nChange-Id: Ia73d53002f4ba2658af18c17cce1b68f79de5781\nSigned-off-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240326103853.494572-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28474.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>\n(cherry picked from commit 4b95656536be1f402a55ef5dffe140fa78e7eb51)","shortMessageHtmlLink":"Add bracket in fingerprint message and do not warn about missing veri…"}},{"before":"e8c629fe64c67ea0a8454753be99db44df7ce53e","after":"6889d9e2f1458272ded4c035df40378ace3d7395","ref":"refs/heads/master","pushedAt":"2024-03-26T11:28:27.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Fix snprintf/swnprintf related compiler warnings\n\nWhen openvpn_snprintf is replaced by snprintf the GCC/MSVC compiler\nwill perform additional checks that the result is not truncated.\n\nThis warning can be avoid by either explicitly checking the return value\nof snprintf (proxy) or ensuring that it is never truncated(tls crypt)\n\nChange-Id: If23988a05dd53a519c5e57f2aa3b2d10bd29df1d\nSigned-off-by: Arne Schwabe <arne@rfc2549.org>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240326104101.531291-1-frank@lichtenheld.com>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28475.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Fix snprintf/swnprintf related compiler warnings"}},{"before":"11ca69cfac1c6d3ed34652650688a4b3c99573b0","after":"5591af17694d98054da2cdf4cfd42508a8a4fb8e","ref":"refs/heads/release/2.6","pushedAt":"2024-03-25T17:22:48.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"phase2_tcp_server: fix Coverity issue 'Dereference after null check'\n\nAs Coverity says:\nEither the check against null is unnecessary, or there may be a null\npointer dereference.\nIn phase2_tcp_server: Pointer is checked against null but then\ndereferenced anyway\n\nThere is only one caller (link_socket_init_phase2) and it already has\nan ASSERT(sig_info). So use that here was well.\n\nv2:\n - fix cleanly by actually asserting that sig_info is defined\n\nChange-Id: I8ef199463d46303129a3f563fd9eace780a58b8a\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nMessage-Id: <20240325071448.12143-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28452.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>\n(cherry picked from commit e8c629fe64c67ea0a8454753be99db44df7ce53e)","shortMessageHtmlLink":"phase2_tcp_server: fix Coverity issue 'Dereference after null check'"}},{"before":"6a60d1bef424088df55f4d07efd45ce080fc7132","after":"e8c629fe64c67ea0a8454753be99db44df7ce53e","ref":"refs/heads/master","pushedAt":"2024-03-25T17:22:48.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"phase2_tcp_server: fix Coverity issue 'Dereference after null check'\n\nAs Coverity says:\nEither the check against null is unnecessary, or there may be a null\npointer dereference.\nIn phase2_tcp_server: Pointer is checked against null but then\ndereferenced anyway\n\nThere is only one caller (link_socket_init_phase2) and it already has\nan ASSERT(sig_info). So use that here was well.\n\nv2:\n - fix cleanly by actually asserting that sig_info is defined\n\nChange-Id: I8ef199463d46303129a3f563fd9eace780a58b8a\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nMessage-Id: <20240325071448.12143-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28452.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"phase2_tcp_server: fix Coverity issue 'Dereference after null check'"}},{"before":"7993084c7f2b537e20a0a0d67385733d7d56688c","after":"11ca69cfac1c6d3ed34652650688a4b3c99573b0","ref":"refs/heads/release/2.6","pushedAt":"2024-03-25T16:43:33.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Use snprintf instead of sprintf for get_ssl_library_version\n\nThis is avoid a warning/error (when using -Werror) under current macOS\nof sprintf:\n\n   __deprecated_msg(\"This function is provided for compatibility\n   reasons only.  Due to security concerns inherent in the design\n   of sprintf(3), it is highly recommended that you use snprintf(3)\n   instead.\")\n\nChange-Id: I3c6fd36eb9daee9244d6dc6d9f22de1c5cf9d039\nSigned-off-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240325125052.14135-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28458.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>\n(cherry picked from commit 6a60d1bef424088df55f4d07efd45ce080fc7132)","shortMessageHtmlLink":"Use snprintf instead of sprintf for get_ssl_library_version"}},{"before":"3fdf5aa04f7b96a3b7110f75306306ac5d7ed5fd","after":"6a60d1bef424088df55f4d07efd45ce080fc7132","ref":"refs/heads/master","pushedAt":"2024-03-25T16:43:33.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Use snprintf instead of sprintf for get_ssl_library_version\n\nThis is avoid a warning/error (when using -Werror) under current macOS\nof sprintf:\n\n   __deprecated_msg(\"This function is provided for compatibility\n   reasons only.  Due to security concerns inherent in the design\n   of sprintf(3), it is highly recommended that you use snprintf(3)\n   instead.\")\n\nChange-Id: I3c6fd36eb9daee9244d6dc6d9f22de1c5cf9d039\nSigned-off-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240325125052.14135-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28458.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Use snprintf instead of sprintf for get_ssl_library_version"}},{"before":"b0fc10abd06fa2307e95c8a60fa94f7ccc08d2ac","after":"3fdf5aa04f7b96a3b7110f75306306ac5d7ed5fd","ref":"refs/heads/master","pushedAt":"2024-03-25T15:25:38.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"documentation: make section levels consistent\n\nPreviously the sections \"Encryption Options\" and\n\"Data channel cipher negotiation\" were on the same\nlevel as \"OPTIONS\", which makes no sense. Instead\nmove them and their subsections one level down.\n\nUse ` since that was already in use in section\n\"Virtual Routing and Forwarding\".\n\nChange-Id: Ib5a7f9a978bda5ad58830e43580232660401f66d\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nMessage-Id: <20240325071520.12513-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28453.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"documentation: make section levels consistent"}},{"before":"371cc5874faf67057c9f95796195306beeba0628","after":"7993084c7f2b537e20a0a0d67385733d7d56688c","ref":"refs/heads/release/2.6","pushedAt":"2024-03-25T15:25:38.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"documentation: make section levels consistent\n\nPreviously the sections \"Encryption Options\" and\n\"Data channel cipher negotiation\" were on the same\nlevel as \"OPTIONS\", which makes no sense. Instead\nmove them and their subsections one level down.\n\nUse ` since that was already in use in section\n\"Virtual Routing and Forwarding\".\n\nChange-Id: Ib5a7f9a978bda5ad58830e43580232660401f66d\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nMessage-Id: <20240325071520.12513-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28453.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>\n(cherry picked from commit 3fdf5aa04f7b96a3b7110f75306306ac5d7ed5fd)","shortMessageHtmlLink":"documentation: make section levels consistent"}},{"before":"ba0f62fb950c56a0f992b1f8269bdeac209d4e55","after":"371cc5874faf67057c9f95796195306beeba0628","ref":"refs/heads/release/2.6","pushedAt":"2024-03-25T12:55:00.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"samples: Update sample configurations\n\n- Remove compression settings. Not recommended anymore.\n- Remove old cipher setting. Replaced by data-ciphers negotiation.\n- Add comment how to set data-ciphers for very old clients.\n- Remove/reword some old comments. e.g. no need to reference\n  OpenVPN 1.x anymore.\n- Mention peer-fingerprint alternative.\n- comment out \"tls-auth\" as that is not needed for a bare-bones VPN config\n  and needs additional setup.\n\nGithub: #511\nChange-Id: I1a36651c0dea52259533ffc00bccb9b03bf82e26\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nMessage-Id: <20240325071320.11348-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28451.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>\n(cherry picked from commit b0fc10abd06fa2307e95c8a60fa94f7ccc08d2ac)","shortMessageHtmlLink":"samples: Update sample configurations"}},{"before":"fd6b8395f6cee8a61111c28f335ec25ed6db11f7","after":"b0fc10abd06fa2307e95c8a60fa94f7ccc08d2ac","ref":"refs/heads/master","pushedAt":"2024-03-25T12:55:00.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"samples: Update sample configurations\n\n- Remove compression settings. Not recommended anymore.\n- Remove old cipher setting. Replaced by data-ciphers negotiation.\n- Add comment how to set data-ciphers for very old clients.\n- Remove/reword some old comments. e.g. no need to reference\n  OpenVPN 1.x anymore.\n- Mention peer-fingerprint alternative.\n- comment out \"tls-auth\" as that is not needed for a bare-bones VPN config\n  and needs additional setup.\n\nGithub: #511\nChange-Id: I1a36651c0dea52259533ffc00bccb9b03bf82e26\nSigned-off-by: Frank Lichtenheld <frank@lichtenheld.com>\nAcked-by: Arne Schwabe <arne-openvpn@rfc2549.org>\nMessage-Id: <20240325071320.11348-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28451.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"samples: Update sample configurations"}},{"before":"d29496cce2d91a74706e3d5e4c48773715b10812","after":"fccae1fa71140bd66f4a57597ca3c7307ba05b30","ref":"refs/heads/release/2.5","pushedAt":"2024-03-22T13:35:13.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Preparing release 2.5.10\n\nversion.m4, ChangeLog, Changes.rst\n\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Preparing release 2.5.10"}},{"before":"462fed53c7a5f21c07dafa4910765efe56d7402d","after":"ba0f62fb950c56a0f992b1f8269bdeac209d4e55","ref":"refs/heads/release/2.6","pushedAt":"2024-03-20T15:28:06.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"preparing release 2.6.10\n\nversion.m4, ChangeLog, Changes.rst\n\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"preparing release 2.6.10"}},{"before":"e0775c042c7908a9b315da8092b436d03abea08a","after":"d29496cce2d91a74706e3d5e4c48773715b10812","ref":"refs/heads/release/2.5","pushedAt":"2024-03-20T15:28:06.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"interactive.c: Fix potential stack overflow issue\n\nWhen reading message from the pipe, we first peek the pipe to get the size\nof the message waiting to be read and then read the message. A compromised\nOpenVPN process could send an excessively large message, which would result\nin a stack-allocated message buffer overflow.\n\nTo address this, we terminate the misbehaving process if the peeked message\nsize exceeds the maximum allowable size.\n\nThis commit is backported from 9b2693f in release/2.6 branch, fixing\nmerge conflicts around &ring_buffer_handles and wins_cfg_message_t.\n\nCVE: 2024-27459\nMicrosoft case number: 85932\n\nReported-by: Vladimir Tokarev <vtokarev@microsoft.com>\nChange-Id: Ib5743cba0741ea11f9ee62c4978b2c6789b81ada\nSigned-off-by: Lev Stipakov <lev@openvpn.net>\nAcked-by: Heiko Hund <heiko@openvpn.net>\nAcked-by: Gert Doering <gert@greenie.muc.de>\nMessage-Id: <20240320082000.284-2-lev@openvpn.net>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28433.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"interactive.c: Fix potential stack overflow issue"}},{"before":"9b2693feff9c49b9485cf94797c1c3502259dbe1","after":"462fed53c7a5f21c07dafa4910765efe56d7402d","ref":"refs/heads/release/2.6","pushedAt":"2024-03-19T19:35:33.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Disable DCO if proxy is set via management\n\nCommit\n\n    45a1cb2a (\"Disable DCO if proxy is set via management\")\n\nattempted to disable DCO when proxy is set via management interface. However,\nat least on Windows this doesn't work, since:\n\n - setting tuntap_options->disable_dco to true is not enough to disable DCO\n - at this point it is a bit too late, since we've already done DCO-specific\n   adjustments\n\nSince proxy can be set via management only if --management-query-proxy is\nspecified, the better way is to add a check to dco_check_startup_option().\n\nGithub: fixes OpenVPN/openvpn#522\n\nChange-Id: I16d6a9fefa317d7d4a195e786618328445bdbca8\nSigned-off-by: Lev Stipakov <lev@openvpn.net>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240318181744.20625-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28415.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>\n(cherry picked from commit fd6b8395f6cee8a61111c28f335ec25ed6db11f7)","shortMessageHtmlLink":"Disable DCO if proxy is set via management"}},{"before":"989b22cb6e007fd1addcfaf7d12f4fec9fbc9639","after":"fd6b8395f6cee8a61111c28f335ec25ed6db11f7","ref":"refs/heads/master","pushedAt":"2024-03-19T19:35:33.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"cron2","name":"Gert Doering","path":"/cron2","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3456368?s=80&v=4"},"commit":{"message":"Disable DCO if proxy is set via management\n\nCommit\n\n    45a1cb2a (\"Disable DCO if proxy is set via management\")\n\nattempted to disable DCO when proxy is set via management interface. However,\nat least on Windows this doesn't work, since:\n\n - setting tuntap_options->disable_dco to true is not enough to disable DCO\n - at this point it is a bit too late, since we've already done DCO-specific\n   adjustments\n\nSince proxy can be set via management only if --management-query-proxy is\nspecified, the better way is to add a check to dco_check_startup_option().\n\nGithub: fixes OpenVPN/openvpn#522\n\nChange-Id: I16d6a9fefa317d7d4a195e786618328445bdbca8\nSigned-off-by: Lev Stipakov <lev@openvpn.net>\nAcked-by: Frank Lichtenheld <frank@lichtenheld.com>\nMessage-Id: <20240318181744.20625-1-gert@greenie.muc.de>\nURL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28415.html\nSigned-off-by: Gert Doering <gert@greenie.muc.de>","shortMessageHtmlLink":"Disable DCO if proxy is set via management"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEP_D6PgA","startCursor":null,"endCursor":null}},"title":"Activity · OpenVPN/openvpn"}