Menu
▾
▴
openvpn-devel — OpenVPN developers list
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
(24) |
May
(14) |
Jun
(29) |
Jul
(33) |
Aug
(3) |
Sep
(8) |
Oct
(18) |
Nov
(1) |
Dec
(10) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(3) |
Feb
(33) |
Mar
(7) |
Apr
(28) |
May
(30) |
Jun
(5) |
Jul
(10) |
Aug
(7) |
Sep
(32) |
Oct
(41) |
Nov
(20) |
Dec
(10) |
| 2004 |
Jan
(24) |
Feb
(18) |
Mar
(57) |
Apr
(40) |
May
(55) |
Jun
(48) |
Jul
(77) |
Aug
(15) |
Sep
(56) |
Oct
(80) |
Nov
(74) |
Dec
(52) |
| 2005 |
Jan
(38) |
Feb
(42) |
Mar
(39) |
Apr
(56) |
May
(79) |
Jun
(73) |
Jul
(16) |
Aug
(23) |
Sep
(68) |
Oct
(77) |
Nov
(52) |
Dec
(27) |
| 2006 |
Jan
(27) |
Feb
(18) |
Mar
(51) |
Apr
(62) |
May
(28) |
Jun
(50) |
Jul
(36) |
Aug
(33) |
Sep
(47) |
Oct
(50) |
Nov
(77) |
Dec
(13) |
| 2007 |
Jan
(15) |
Feb
(8) |
Mar
(14) |
Apr
(18) |
May
(25) |
Jun
(16) |
Jul
(16) |
Aug
(19) |
Sep
(32) |
Oct
(17) |
Nov
(5) |
Dec
(5) |
| 2008 |
Jan
(64) |
Feb
(25) |
Mar
(25) |
Apr
(6) |
May
(28) |
Jun
(20) |
Jul
(10) |
Aug
(27) |
Sep
(28) |
Oct
(59) |
Nov
(37) |
Dec
(43) |
| 2009 |
Jan
(40) |
Feb
(25) |
Mar
(12) |
Apr
(57) |
May
(46) |
Jun
(29) |
Jul
(39) |
Aug
(10) |
Sep
(20) |
Oct
(42) |
Nov
(50) |
Dec
(57) |
| 2010 |
Jan
(82) |
Feb
(165) |
Mar
(256) |
Apr
(260) |
May
(36) |
Jun
(87) |
Jul
(53) |
Aug
(89) |
Sep
(107) |
Oct
(51) |
Nov
(88) |
Dec
(117) |
| 2011 |
Jan
(69) |
Feb
(60) |
Mar
(113) |
Apr
(71) |
May
(67) |
Jun
(90) |
Jul
(88) |
Aug
(90) |
Sep
(48) |
Oct
(64) |
Nov
(69) |
Dec
(118) |
| 2012 |
Jan
(49) |
Feb
(528) |
Mar
(351) |
Apr
(190) |
May
(238) |
Jun
(193) |
Jul
(104) |
Aug
(100) |
Sep
(57) |
Oct
(41) |
Nov
(47) |
Dec
(51) |
| 2013 |
Jan
(94) |
Feb
(57) |
Mar
(96) |
Apr
(105) |
May
(77) |
Jun
(102) |
Jul
(27) |
Aug
(81) |
Sep
(32) |
Oct
(53) |
Nov
(127) |
Dec
(65) |
| 2014 |
Jan
(113) |
Feb
(59) |
Mar
(104) |
Apr
(259) |
May
(70) |
Jun
(70) |
Jul
(146) |
Aug
(45) |
Sep
(58) |
Oct
(149) |
Nov
(77) |
Dec
(83) |
| 2015 |
Jan
(53) |
Feb
(66) |
Mar
(86) |
Apr
(50) |
May
(135) |
Jun
(76) |
Jul
(151) |
Aug
(83) |
Sep
(97) |
Oct
(262) |
Nov
(245) |
Dec
(231) |
| 2016 |
Jan
(131) |
Feb
(233) |
Mar
(97) |
Apr
(138) |
May
(221) |
Jun
(254) |
Jul
(92) |
Aug
(248) |
Sep
(168) |
Oct
(275) |
Nov
(477) |
Dec
(445) |
| 2017 |
Jan
(218) |
Feb
(217) |
Mar
(146) |
Apr
(172) |
May
(216) |
Jun
(252) |
Jul
(164) |
Aug
(192) |
Sep
(190) |
Oct
(143) |
Nov
(255) |
Dec
(182) |
| 2018 |
Jan
(295) |
Feb
(164) |
Mar
(113) |
Apr
(147) |
May
(64) |
Jun
(262) |
Jul
(184) |
Aug
(90) |
Sep
(69) |
Oct
(364) |
Nov
(102) |
Dec
(101) |
| 2019 |
Jan
(119) |
Feb
(64) |
Mar
(64) |
Apr
(102) |
May
(57) |
Jun
(154) |
Jul
(84) |
Aug
(81) |
Sep
(76) |
Oct
(102) |
Nov
(233) |
Dec
(89) |
| 2020 |
Jan
(38) |
Feb
(170) |
Mar
(155) |
Apr
(172) |
May
(120) |
Jun
(223) |
Jul
(461) |
Aug
(227) |
Sep
(268) |
Oct
(113) |
Nov
(56) |
Dec
(124) |
| 2021 |
Jan
(121) |
Feb
(48) |
Mar
(334) |
Apr
(345) |
May
(207) |
Jun
(136) |
Jul
(71) |
Aug
(112) |
Sep
(122) |
Oct
(173) |
Nov
(184) |
Dec
(223) |
| 2022 |
Jan
(197) |
Feb
(206) |
Mar
(156) |
Apr
(212) |
May
(192) |
Jun
(170) |
Jul
(143) |
Aug
(380) |
Sep
(182) |
Oct
(148) |
Nov
(128) |
Dec
(269) |
| 2023 |
Jan
(248) |
Feb
(196) |
Mar
(264) |
Apr
(36) |
May
(123) |
Jun
(66) |
Jul
(120) |
Aug
(48) |
Sep
(157) |
Oct
(198) |
Nov
(300) |
Dec
(273) |
| 2024 |
Jan
(271) |
Feb
(147) |
Mar
(207) |
Apr
(78) |
May
(107) |
Jun
(168) |
Jul
(151) |
Aug
(51) |
Sep
(438) |
Oct
(221) |
Nov
(302) |
Dec
(357) |
| 2025 |
Jan
(451) |
Feb
(219) |
Mar
(326) |
Apr
(232) |
May
(306) |
Jun
(181) |
Jul
(452) |
Aug
(171) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-07-09 15:25:05
|
Attention is currently required from: d12fk, plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email ) Change subject: mac dns: compare servers before restoring backup ...................................................................... Patch Set 4: -Code-Review (1 comment) Patchset: PS4: t_client now passes again -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67 Gerrit-Change-Number: 1075 Gerrit-PatchSet: 4 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: d12fk <he...@op...> Gerrit-Comment-Date: Wed, 09 Jul 2025 13:22:54 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: d12fk (C. Review) <ge...@op...> - 2025-07-09 15:20:12
|
Attention is currently required from: flichtenheld, plaisthos. d12fk has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1074?usp=email ) Change subject: move macOS dns-updown common code into functions ...................................................................... Patch Set 3: (1 comment) File distro/dns-scripts/macos-dns-updown.sh: http://gerrit.openvpn.net/c/openvpn/+/1074/comment/aa674cbb_a590cc31 : PS3, Line 242: local addresses="$(addresses_string $n)" > addresses seems to be unused? Yeah, it will get used in #1075, slipped through. Think it's no biggie, as both will be applied anyway. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1074?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Id6f70237c7205063b001528a40391678b0d093ac Gerrit-Change-Number: 1074 Gerrit-PatchSet: 3 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Wed, 09 Jul 2025 12:44:36 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld <fr...@li...> Gerrit-MessageType: comment |
|
From: Johan D. <jo...@op...> - 2025-07-09 15:07:41
|
Meeting summary for 9 July 2025:
*
*Updated, closed: Changes to community pages on main website*
Company has published the updated community
page:https://openvpn.net/community/
There were some issues related to community documentation living on
openvpn.net - this is resolved.
*
*Updated: cve.mitre.org deprecation notice*
The MITRE CVE site we are linking to for all CVE record references
has a deprecation notice. Instead cve.org is being advised as the
site to use from now on.
novaflash made an internal company ticket to update links on the
main site.
novaflash search/replaced all the CVE links on community wiki to the
new address.
*
*Updated: Release 2.7*
For macOS DNS script there is a patch up for review.
For multisocket, a bug report came in, and a patch is up for review.
For float and DCO, lev has an idea on how to implement it but needs
some agreement with ordex on adjustments for user space.
For the DCO related changes, DCO+TCP is improving. Epoch data keys
still needs to be done, mssfix not planned yet.
For the live route updates changes, chances are improving that it
may get in to 2.7 after all.
As always you're welcome to join at #openvpn-meeting on Libera IRC
network every Wednesday at 14:00 Central European Time.
Kind regards,
Johan Draaisma
|
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-07-09 15:06:51
|
Attention is currently required from: plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1081?usp=email ) Change subject: Do not compile mbed key helper with MBEDTLS_SSL_KEYING_MATERIAL_EXPORT ...................................................................... Patch Set 1: -Code-Review (1 comment) Patchset: PS1: > Why should we include that? The fix is also for older version as we compile in functions that are no […] Okay, I will put it in #1079 and rebase that on top of your change -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1081?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0f325800ebeb20bd5ef3ff78e5c5fcf0f6f74efd Gerrit-Change-Number: 1081 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos <arn...@rf...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Comment-Date: Wed, 09 Jul 2025 14:42:10 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Comment-In-Reply-To: plaisthos <arn...@rf...> Comment-In-Reply-To: flichtenheld <fr...@li...> Gerrit-MessageType: comment |
|
From: plaisthos (C. Review) <ge...@op...> - 2025-07-09 15:03:16
|
Attention is currently required from: flichtenheld. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1081?usp=email ) Change subject: Do not compile mbed key helper with MBEDTLS_SSL_KEYING_MATERIAL_EXPORT ...................................................................... Patch Set 1: (1 comment) Patchset: PS1: > Can we include the GHA update to 3.6. […] Why should we include that? The fix is also for older version as we compile in functions that are not used. So it didn't feel like that is strictly tied to a specific version. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1081?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0f325800ebeb20bd5ef3ff78e5c5fcf0f6f74efd Gerrit-Change-Number: 1081 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos <arn...@rf...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Wed, 09 Jul 2025 14:34:13 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld <fr...@li...> Gerrit-MessageType: comment |
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-07-09 15:03:05
|
Attention is currently required from: plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1081?usp=email ) Change subject: Do not compile mbed key helper with MBEDTLS_SSL_KEYING_MATERIAL_EXPORT ...................................................................... Patch Set 1: Code-Review-1 (1 comment) File src/openvpn/ssl_mbedtls.c: http://gerrit.openvpn.net/c/openvpn/+/1081/comment/eaa93c85_55785638 : PS1, Line 177: #if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB && !defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) Change makes sense, but now every clause of the #if .. #elif .. #elif has a `!defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT)`. So I think it would be easier to understand wrapping the whole thing into a separate `#if !defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT`. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1081?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0f325800ebeb20bd5ef3ff78e5c5fcf0f6f74efd Gerrit-Change-Number: 1081 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos <arn...@rf...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Comment-Date: Wed, 09 Jul 2025 15:02:49 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: plaisthos (C. Review) <ge...@op...> - 2025-07-09 11:58:03
|
Attention is currently required from: flichtenheld. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1081?usp=email ) Change subject: Do not compile mbed key helper with MBEDTLS_SSL_KEYING_MATERIAL_EXPORT ...................................................................... Patch Set 1: (1 comment) Patchset: PS1: Github Actions run: https://github.com/schwabe/openvpn/actions/runs/16168579847/job/45636215699 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1081?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0f325800ebeb20bd5ef3ff78e5c5fcf0f6f74efd Gerrit-Change-Number: 1081 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos <arn...@rf...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Wed, 09 Jul 2025 11:57:49 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment |
|
From: plaisthos (C. Review) <ge...@op...> - 2025-07-09 11:57:38
|
Attention is currently required from: flichtenheld.
Hello flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1081?usp=email
to review the following change.
Change subject: Do not compile mbed key helper with MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
......................................................................
Do not compile mbed key helper with MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
The helper methods are only used when we don't have
MBEDTLS_SSL_KEYING_MATERIAL_EXPORT and mbedtls_ssl_export_keying_material.
Change-Id: I0f325800ebeb20bd5ef3ff78e5c5fcf0f6f74efd
Signed-off-by: Arne Schwabe <ar...@rf...>
---
M src/openvpn/ssl_mbedtls.c
1 file changed, 3 insertions(+), 2 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/81/1081/1
diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
index ecccc26..911d4bb 100644
--- a/src/openvpn/ssl_mbedtls.c
+++ b/src/openvpn/ssl_mbedtls.c
@@ -174,7 +174,7 @@
return ctx->initialised;
}
-#if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB
+#if HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB && !defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT)
/*
* Key export callback for older versions of mbed TLS, to be used with
* mbedtls_ssl_conf_export_keys_ext_cb(). It is called with the master
@@ -205,7 +205,7 @@
return 0;
}
-#elif HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB
+#elif defined(HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB) && !defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT)
/*
* Key export callback for newer versions of mbed TLS, to be used with
* mbedtls_ssl_set_export_keys_cb(). When used with TLS 1.2, the callback
@@ -255,6 +255,7 @@
#error mbedtls_ssl_conf_export_keys_ext_cb, mbedtls_ssl_set_export_keys_cb or mbedtls_ssl_export_keying_material must be available in mbed TLS
#endif /* HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB */
+
bool
key_state_export_keying_material(struct tls_session *session,
const char *label, size_t label_size,
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1081?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I0f325800ebeb20bd5ef3ff78e5c5fcf0f6f74efd
Gerrit-Change-Number: 1081
Gerrit-PatchSet: 1
Gerrit-Owner: plaisthos <arn...@rf...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newchange
|
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-07-09 11:47:32
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1080?usp=email
to review the following change.
Change subject: GHA: Update dependencies July 2025 (2.6)
......................................................................
GHA: Update dependencies July 2025 (2.6)
Pin dependencies
chore(deps): update lukka/get-cmake action to v4
chore(deps): update vcpkg digest to f33cc49
Change-Id: I46177b0614ad8b167a421c50d3cc8e7da4054e42
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M .github/workflows/build.yaml
M .github/workflows/coverity-scan.yml
2 files changed, 6 insertions(+), 6 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/80/1080/1
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 22b7aca..65d5fd4 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -51,11 +51,11 @@
- name: Checkout OpenVPN
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: lukka/get-cmake@56d043d188c3612951d8755da8f4b709ec951ad6 # v3.31.6
+ - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3
- name: Restore from cache and install vcpkg
uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
with:
- vcpkgGitCommitId: acd5bba5aac8b6573b5f6f463dc0341ac0ee6fa4
+ vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf
vcpkgJsonGlob: '**/mingw/vcpkg.json'
- name: Run CMake with vcpkg.json manifest
@@ -92,7 +92,7 @@
name: "mingw unittest ${{ matrix.test }} - ${{ matrix.arch }} - OSSL"
steps:
- name: Retrieve mingw unittest
- uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
+ uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
with:
name: openvpn-mingw-${{ matrix.arch }}-tests
path: unittests
@@ -227,7 +227,7 @@
runs-on: windows-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: lukka/get-cmake@56d043d188c3612951d8755da8f4b709ec951ad6 # v3.31.6
+ - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3
- name: Install rst2html
run: python -m pip install --upgrade pip docutils
@@ -235,7 +235,7 @@
- name: Restore artifacts, or setup vcpkg (do not install any package)
uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
with:
- vcpkgGitCommitId: acd5bba5aac8b6573b5f6f463dc0341ac0ee6fa4
+ vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf
vcpkgJsonGlob: '**/windows/vcpkg.json'
- name: Run CMake with vcpkg.json manifest (NO TESTS)
diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml
index 7998632d6..1a9e5a3 100644
--- a/.github/workflows/coverity-scan.yml
+++ b/.github/workflows/coverity-scan.yml
@@ -25,7 +25,7 @@
- name: Checkout OpenVPN
if: steps.check_submit.outputs.cache-hit != 'true'
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Download Coverity Build Tool
if: steps.check_submit.outputs.cache-hit != 'true'
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1080?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: release/2.6
Gerrit-Change-Id: I46177b0614ad8b167a421c50d3cc8e7da4054e42
Gerrit-Change-Number: 1080
Gerrit-PatchSet: 1
Gerrit-Owner: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-MessageType: newchange
|
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-07-09 11:47:14
|
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1079?usp=email
to review the following change.
Change subject: GHA: Dependency updates July 2025
......................................................................
GHA: Dependency updates July 2025
chore(deps): update dependency aws/aws-lc to v1.55.0
chore(deps): update lukka/get-cmake action to v4.0.3
chore(deps): update vcpkg digest to f33cc49
Change-Id: I6122225cc12c4f299a2a48db24bc7379ac6c5921
Signed-off-by: Frank Lichtenheld <fr...@li...>
---
M .github/workflows/build.yaml
1 file changed, 8 insertions(+), 8 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/79/1079/1
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index d4fdc9d..f02a182 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -54,11 +54,11 @@
steps:
- name: Checkout OpenVPN
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1
+ - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3
- name: Install vcpkg
uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
with:
- vcpkgGitCommitId: b12aa38a44a29bd8461404f2514e4c7cf00e1fc5
+ vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf
- name: Install dependencies
run: ${VCPKG_ROOT}/vcpkg install openssl lz4 cmocka
- name: configure OpenVPN with cmake
@@ -88,11 +88,11 @@
- name: Checkout OpenVPN
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1
+ - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3
- name: Restore from cache and install vcpkg
uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
with:
- vcpkgGitCommitId: b12aa38a44a29bd8461404f2514e4c7cf00e1fc5
+ vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf
vcpkgJsonGlob: '**/mingw/vcpkg.json'
- name: Run CMake with vcpkg.json manifest
@@ -276,7 +276,7 @@
runs-on: windows-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1
+ - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3
- name: Install rst2html
run: python -m pip install --upgrade pip docutils
@@ -284,7 +284,7 @@
- name: Restore artifacts, or setup vcpkg (do not install any package)
uses: lukka/run-vcpkg@5e0cab206a5ea620130caf672fce3e4a6b5666a1 # v11.5
with:
- vcpkgGitCommitId: b12aa38a44a29bd8461404f2514e4c7cf00e1fc5
+ vcpkgGitCommitId: f33cc491c85a7d643c5ab6da1667c1458e6d7abf
vcpkgJsonGlob: '**/windows/vcpkg.json'
- name: Run CMake with vcpkg.json manifest (NO TESTS)
@@ -471,8 +471,8 @@
path: aws-lc
# versioning=semver-coerced
repository: aws/aws-lc
- ref: v1.51.2
- - uses: lukka/get-cmake@57c20a23a6cac5b90f31864439996e5b206df9dc # v4.0.1
+ ref: v1.55.0
+ - uses: lukka/get-cmake@6b3e96a9bc9976b8b546346fdd102effedae0ca8 # v4.0.3
- name: "AWS-LC: build"
run: |
mkdir build
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1079?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I6122225cc12c4f299a2a48db24bc7379ac6c5921
Gerrit-Change-Number: 1079
Gerrit-PatchSet: 1
Gerrit-Owner: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-MessageType: newchange
|
|
From: d12fk (C. Review) <ge...@op...> - 2025-07-09 10:25:32
|
Attention is currently required from: flichtenheld, plaisthos. d12fk has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email ) Change subject: mac dns: compare servers before restoring backup ...................................................................... Patch Set 3: (1 comment) Patchset: PS2: > Before running the test: […] Thanks -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67 Gerrit-Change-Number: 1075 Gerrit-PatchSet: 3 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Wed, 09 Jul 2025 10:25:23 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld <fr...@li...> Comment-In-Reply-To: d12fk <he...@op...> Gerrit-MessageType: comment |
|
From: d12fk (C. Review) <ge...@op...> - 2025-07-09 10:25:17
|
Attention is currently required from: d12fk, plaisthos.
Hello flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email
to look at the new patch set (#4).
Change subject: mac dns: compare servers before restoring backup
......................................................................
mac dns: compare servers before restoring backup
In case anything changed the global DNS server addresses, while the
tunnel was connected, do not restore the backup of the global DNS
configuration we made when connecting. Doing so would likely change
DNS to something unexpected. Instead just clear the backup and leave
a message in the log.
Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67
Signed-off-by: Heiko Hund <he...@is...>
---
M distro/dns-scripts/macos-dns-updown.sh
1 file changed, 14 insertions(+), 4 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/75/1075/4
diff --git a/distro/dns-scripts/macos-dns-updown.sh b/distro/dns-scripts/macos-dns-updown.sh
index 56f1009..73bbee9 100644
--- a/distro/dns-scripts/macos-dns-updown.sh
+++ b/distro/dns-scripts/macos-dns-updown.sh
@@ -111,6 +111,10 @@
property_value State:/Network/Global/DNS SearchDomains
}
+function get_server_addresses {
+ property_value "$(primary_dns_key)" ServerAddresses
+}
+
function set_search_domains {
[ -n "$1" ] || return
local dns_key=$(primary_dns_key)
@@ -239,11 +243,10 @@
function unset_dns {
local n="$(find_compat_profile)"
- local addresses="$(addresses_string $n)"
- local search_domains="$(search_domains_string $n)"
local match_domains="$(match_domains_string $n)"
if [ -n "$match_domains" ]; then
+ local search_domains="$(search_domains_string $n)"
echo "remove ${itf_dns_key}" | /usr/sbin/scutil
unset_search_domains "$search_domains"
else
@@ -252,8 +255,15 @@
[[ "${dns_backup_key}" =~ ${dev}/ ]] || return
local cmds=""
- cmds+="get ${dns_backup_key}\n"
- cmds+="set $(primary_dns_key)\n"
+ local servers="$(get_server_addresses)"
+ local addresses="$(addresses_string $n)"
+ # Only restore backup if the server addresses match
+ if [ "${servers}" = "${addresses}" ]; then
+ cmds+="get ${dns_backup_key}\n"
+ cmds+="set $(primary_dns_key)\n"
+ else
+ echo "not restoring global DNS configuration, server addresses have changed"
+ fi
cmds+="remove ${dns_backup_key}\n"
echo -e "${cmds}" | /usr/sbin/scutil
fi
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67
Gerrit-Change-Number: 1075
Gerrit-PatchSet: 4
Gerrit-Owner: d12fk <he...@op...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: d12fk <he...@op...>
Gerrit-MessageType: newpatchset
|
|
From: flichtenheld (C. Review) <ge...@op...> - 2025-07-09 10:08:49
|
Attention is currently required from: d12fk, plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email ) Change subject: mac dns: compare servers before restoring backup ...................................................................... Patch Set 2: Code-Review-2 (1 comment) Patchset: PS2: > Could you please also post the output of `show State:/Network/Service/0347C55F-C172-49FF-BECC-C533F0 […] Before running the test: ``` > show State:/Network/Service/0347C55F-C172-49FF-BECC-C533F04B4B13/DNS <dictionary> { DomainName : flow.local ServerAddresses : <array> { 0 : 172.31.32.1 } } > show State:/Network/Global/DNS <dictionary> { SearchDomains : <array> { 0 : flow.local } ServerAddresses : <array> { 0 : 10.8.144.10 1 : 10.8.160.10 2 : 172.31.32.1 } __CONFIGURATION_ID__ : Default: 0 __FLAGS__ : 2 __ORDER__ : 0 } > show Setup:/Network/Service/0347C55F-C172-49FF-BECC-C533F04B4B13/DNS <dictionary> { ServerAddresses : <array> { 0 : 10.8.144.10 1 : 10.8.160.10 2 : 172.31.32.1 } } ``` After running the test: ``` > show State:/Network/Service/0347C55F-C172-49FF-BECC-C533F04B4B13/DNS <dictionary> { DomainName : flow.local ServerAddresses : <array> { 0 : 172.31.32.1 } } > show State:/Network/Global/DNS <dictionary> { SearchDomains : <array> { 0 : open.vpn } SearchOrder : 5000 ServerAddresses : <array> { 0 : 10.194.0.1 } __CONFIGURATION_ID__ : Default: 0 __FLAGS__ : 2 __ORDER__ : 0 } > show Setup:/Network/Service/0347C55F-C172-49FF-BECC-C533F04B4B13/DNS <dictionary> { SearchDomains : <array> { 0 : open.vpn } SearchOrder : 5000 ServerAddresses : <array> { 0 : 10.194.0.1 1 : fd00:abcd:194::1 } } ``` -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67 Gerrit-Change-Number: 1075 Gerrit-PatchSet: 2 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: d12fk <he...@op...> Gerrit-Comment-Date: Wed, 09 Jul 2025 10:08:40 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Comment-In-Reply-To: flichtenheld <fr...@li...> Comment-In-Reply-To: d12fk <he...@op...> Gerrit-MessageType: comment |
|
From: plaisthos (C. Review) <ge...@op...> - 2025-07-09 09:25:42
|
Attention is currently required from: d12fk, flichtenheld. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1076?usp=email ) Change subject: mac dns: do not run dns-updown in parallel ...................................................................... Patch Set 3: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1076?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I7adfaa08df6a17545cca8264d7230b5e65e49719 Gerrit-Change-Number: 1076 Gerrit-PatchSet: 3 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Attention: d12fk <he...@op...> Gerrit-Comment-Date: Wed, 09 Jul 2025 09:25:33 +0000 Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment |
|
From: plaisthos (C. Review) <ge...@op...> - 2025-07-09 09:25:41
|
Attention is currently required from: d12fk, flichtenheld. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1076?usp=email ) Change subject: mac dns: do not run dns-updown in parallel ...................................................................... Patch Set 3: (1 comment) File distro/dns-scripts/macos-dns-updown.sh: http://gerrit.openvpn.net/c/openvpn/+/1076/comment/909b8361_68ade6ca : PS2, Line 30: lockfile=/tmp/openvpn-dns-updown.lock > Done Yeah. YOu probably did more reaseach than me. I just thought that there is probably a better place than /tmp/ -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1076?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I7adfaa08df6a17545cca8264d7230b5e65e49719 Gerrit-Change-Number: 1076 Gerrit-PatchSet: 3 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Attention: d12fk <he...@op...> Gerrit-Comment-Date: Wed, 09 Jul 2025 09:25:26 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: plaisthos <arn...@rf...> Comment-In-Reply-To: d12fk <he...@op...> Gerrit-MessageType: comment |
|
From: d12fk (C. Review) <ge...@op...> - 2025-07-09 08:57:39
|
Attention is currently required from: flichtenheld, plaisthos. d12fk has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1076?usp=email ) Change subject: mac dns: do not run dns-updown in parallel ...................................................................... Patch Set 3: (1 comment) File distro/dns-scripts/macos-dns-updown.sh: http://gerrit.openvpn.net/c/openvpn/+/1076/comment/aa5d5f96_700b53e9 : PS2, Line 30: lockfile=/tmp/openvpn-dns-updown.lock > Did a little bit of research, but found nothing in particular about the missing /var/lock in macOS. […] Done -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1076?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I7adfaa08df6a17545cca8264d7230b5e65e49719 Gerrit-Change-Number: 1076 Gerrit-PatchSet: 3 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Wed, 09 Jul 2025 08:57:30 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: plaisthos <arn...@rf...> Comment-In-Reply-To: d12fk <he...@op...> Gerrit-MessageType: comment |
|
From: d12fk (C. Review) <ge...@op...> - 2025-07-09 08:57:15
|
Attention is currently required from: flichtenheld, plaisthos.
Hello flichtenheld, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1076?usp=email
to look at the new patch set (#3).
Change subject: mac dns: do not run dns-updown in parallel
......................................................................
mac dns: do not run dns-updown in parallel
In case more than one openvpn connection is coming up or going down at
the same time, there is potential for breakage, since the operations
performed are not atomic.
Introduce a locking mechanism, which let's scripts run in sequence, to
prevent races between them.
Change-Id: I7adfaa08df6a17545cca8264d7230b5e65e49719
Signed-off-by: Heiko Hund <he...@is...>
---
M distro/dns-scripts/macos-dns-updown.sh
1 file changed, 17 insertions(+), 0 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/76/1076/3
diff --git a/distro/dns-scripts/macos-dns-updown.sh b/distro/dns-scripts/macos-dns-updown.sh
index 282b034..065a725 100644
--- a/distro/dns-scripts/macos-dns-updown.sh
+++ b/distro/dns-scripts/macos-dns-updown.sh
@@ -26,6 +26,23 @@
# dns_server_1_sni dns.mycorp.in
#
+lockdir=/var/lock
+if [ ! -d "${lockdir}" ]; then
+ /bin/mkdir "${lockdir}"
+ /bin/chmod 1777 "${lockdir}"
+fi
+
+i=1
+lockfile="${lockdir}/openvpn-dns-updown.lock"
+while ! /usr/bin/shlock -f $lockfile -p $$; do
+ if [ $((++i)) -gt 10 ]; then
+ echo "dns-updown failed, could not acquire lock"
+ exit 1
+ fi
+ sleep 0.2
+done
+trap "/bin/rm -f ${lockfile}" EXIT
+
[ -z "${dns_vars_file}" ] || . "${dns_vars_file}"
itf_dns_key="State:/Network/Service/openvpn-${dev}/DNS"
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1076?usp=email
To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I7adfaa08df6a17545cca8264d7230b5e65e49719
Gerrit-Change-Number: 1076
Gerrit-PatchSet: 3
Gerrit-Owner: d12fk <he...@op...>
Gerrit-Reviewer: flichtenheld <fr...@li...>
Gerrit-Reviewer: plaisthos <arn...@rf...>
Gerrit-CC: openvpn-devel <ope...@li...>
Gerrit-Attention: plaisthos <arn...@rf...>
Gerrit-Attention: flichtenheld <fr...@li...>
Gerrit-MessageType: newpatchset
|
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-09 07:46:49
|
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/1077?usp=email ) Change subject: dns: do not run updown scripts with lwipovpn ...................................................................... dns: do not run updown scripts with lwipovpn Running the script doesn't make sense with the AFUNIX dev node, so we simply clear any scripts that have been set before. Change-Id: I7e9a0c668e0950257632452cfd9eeb236f0120f2 Signed-off-by: Heiko Hund <he...@is...> Acked-by: Arne Schwabe <arn...@rf...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg32069.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/options.c 1 file changed, 8 insertions(+), 0 deletions(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index af097f8..0662b49 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -61,6 +61,7 @@ #include "xkey_common.h" #include "dco.h" #include "options_util.h" +#include "tun_afunix.h" #include <ctype.h> @@ -3593,6 +3594,13 @@ struct gc_arena gc = gc_new(); struct dns_options *dns = &o->dns_options; + if (is_tun_afunix(o->dev_node)) + { + /* Disable running dns-updown script with lwipovpn */ + dns->updown_flags = DNS_UPDOWN_NO_FLAGS; + dns->updown = NULL; + } + if (dns->servers || dns_updown_user_set(dns) || dns_updown_forced(dns)) { /* Clean up env from --dhcp-option DNS config */ -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1077?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I7e9a0c668e0950257632452cfd9eeb236f0120f2 Gerrit-Change-Number: 1077 Gerrit-PatchSet: 3 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: merged |
|
From: cron2 (C. Review) <ge...@op...> - 2025-07-09 07:46:48
|
cron2 has uploaded a new patch set (#3) to the change originally created by d12fk. ( http://gerrit.openvpn.net/c/openvpn/+/1077?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by plaisthos Change subject: dns: do not run updown scripts with lwipovpn ...................................................................... dns: do not run updown scripts with lwipovpn Running the script doesn't make sense with the AFUNIX dev node, so we simply clear any scripts that have been set before. Change-Id: I7e9a0c668e0950257632452cfd9eeb236f0120f2 Signed-off-by: Heiko Hund <he...@is...> Acked-by: Arne Schwabe <arn...@rf...> Message-Id: <202...@gr...> URL: https://www.mail-archive.com/ope...@li.../msg32069.html Signed-off-by: Gert Doering <ge...@gr...> --- M src/openvpn/options.c 1 file changed, 8 insertions(+), 0 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/77/1077/3 diff --git a/src/openvpn/options.c b/src/openvpn/options.c index af097f8..0662b49 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -61,6 +61,7 @@ #include "xkey_common.h" #include "dco.h" #include "options_util.h" +#include "tun_afunix.h" #include <ctype.h> @@ -3593,6 +3594,13 @@ struct gc_arena gc = gc_new(); struct dns_options *dns = &o->dns_options; + if (is_tun_afunix(o->dev_node)) + { + /* Disable running dns-updown script with lwipovpn */ + dns->updown_flags = DNS_UPDOWN_NO_FLAGS; + dns->updown = NULL; + } + if (dns->servers || dns_updown_user_set(dns) || dns_updown_forced(dns)) { /* Clean up env from --dhcp-option DNS config */ -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1077?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I7e9a0c668e0950257632452cfd9eeb236f0120f2 Gerrit-Change-Number: 1077 Gerrit-PatchSet: 3 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-MessageType: newpatchset |
|
From: Gert D. <ge...@gr...> - 2025-07-09 07:46:27
|
Lightly tested on a FreeBSD build with lwipovpn, and stared a bit at
the code.
Your patch has been applied to the master branch.
commit 4dc57d923d23bdc73c7c24a9851c9137f2097d8c
Author: Heiko Hund
Date: Tue Jul 8 20:52:04 2025 +0200
dns: do not run updown scripts with lwipovpn
Signed-off-by: Heiko Hund <he...@is...>
Acked-by: Arne Schwabe <arn...@rf...>
Message-Id: <202...@gr...>
URL: https://www.mail-archive.com/ope...@li.../msg32069.html
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
|
From: Gert D. <ge...@gr...> - 2025-07-08 18:52:24
|
From: Heiko Hund <he...@is...> Running the script doesn't make sense with the AFUNIX dev node, so we simply clear any scripts that have been set before. Change-Id: I7e9a0c668e0950257632452cfd9eeb236f0120f2 Signed-off-by: Heiko Hund <he...@is...> Acked-by: Arne Schwabe <arn...@rf...> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1077 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Arne Schwabe <arn...@rf...> diff --git a/src/openvpn/options.c b/src/openvpn/options.c index af097f8..0662b49 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -61,6 +61,7 @@ #include "xkey_common.h" #include "dco.h" #include "options_util.h" +#include "tun_afunix.h" #include <ctype.h> @@ -3593,6 +3594,13 @@ struct gc_arena gc = gc_new(); struct dns_options *dns = &o->dns_options; + if (is_tun_afunix(o->dev_node)) + { + /* Disable running dns-updown script with lwipovpn */ + dns->updown_flags = DNS_UPDOWN_NO_FLAGS; + dns->updown = NULL; + } + if (dns->servers || dns_updown_user_set(dns) || dns_updown_forced(dns)) { /* Clean up env from --dhcp-option DNS config */ |
|
From: Gert D. <ge...@gr...> - 2025-07-08 16:51:04
|
Thanks. Your patch has been applied to the master branch.
commit f2364488d36a758c8f2ac273af4642dc84b1b28f
Author: Christian Schürmann
Date: Fri Jul 4 10:28:14 2025 +0200
Replace deprecated OpenSSL.crypto.load_crl
Signed-off-by: Christian Schürmann <sp...@fe...>
Acked-by: Arne Schwabe <ar...@rf...>
Message-Id: <202...@fe...>
URL: https://www.mail-archive.com/ope...@li.../msg32037.html
Signed-off-by: Gert Doering <ge...@gr...>
--
kind regards,
Gert Doering
|
|
From: d12fk (C. Review) <ge...@op...> - 2025-07-08 14:21:22
|
Attention is currently required from: flichtenheld, plaisthos. d12fk has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email ) Change subject: mac dns: compare servers before restoring backup ...................................................................... Patch Set 2: (1 comment) Patchset: PS2: > Fails t_client tests on macos buildbot worker. […] Could you please also post the output of `show State:/Network/Service/0347C55F-C172-49FF-BECC-C533F04B4B13/DNS` -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1075?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I1aabd62e60dd18408a57baccbb0f4ebd6d2f8d67 Gerrit-Change-Number: 1075 Gerrit-PatchSet: 2 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Tue, 08 Jul 2025 14:21:08 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld <fr...@li...> Gerrit-MessageType: comment |
|
From: d12fk (C. Review) <ge...@op...> - 2025-07-08 13:15:29
|
Attention is currently required from: flichtenheld, plaisthos. d12fk has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/1076?usp=email ) Change subject: mac dns: do not run dns-updown in parallel ...................................................................... Patch Set 2: (1 comment) File distro/dns-scripts/macos-dns-updown.sh: http://gerrit.openvpn.net/c/openvpn/+/1076/comment/8dbf5453_c73f60d9 : PS2, Line 30: lockfile=/tmp/openvpn-dns-updown.lock > I have one that is from 2011 on my system 😊 […] Did a little bit of research, but found nothing in particular about the missing /var/lock in macOS. /var/run seems not to be the right dir either, given its original purpose. Are you concerned that the lock file will be cleaned up while in use because it is stored in /tmp? In that case I'd rather create /var/lock if it doesn't exist. I think /tmp is good enough, tough. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1076?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I7adfaa08df6a17545cca8264d7230b5e65e49719 Gerrit-Change-Number: 1076 Gerrit-PatchSet: 2 Gerrit-Owner: d12fk <he...@op...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Attention: flichtenheld <fr...@li...> Gerrit-Comment-Date: Tue, 08 Jul 2025 13:15:20 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: plaisthos <arn...@rf...> Comment-In-Reply-To: d12fk <he...@op...> Gerrit-MessageType: comment |
|
From: Arne S. <ar...@rf...> - 2025-07-08 09:10:23
|
Am 04.07.25 um 10:28 schrieb Christian Schürmann: > OpenSSL.crypto.load_crl was deprecated with with pyOpenSSL 23.3.0 and > eventually removed in 24.3.0. pyOpenSSL recommends using cryptography.x509's > CRL functions as a replacement. > See also: https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst > > Signed-off-by: Christian Schürmann <sp...@fe...> Acked-By: Arne Schwabe <ar...@rf...> |
153 messages has been excluded from this view by a project administrator.
