[Openvpn-devel] [XS] Change in openvpn[release/2.6]: Support for long INFO/INFO_PRE messages
stipa has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/327?usp=email ) Change subject: Support for long INFO/INFO_PRE messages .. Abandoned We decided that this is a server bug, it is not supposed to send that long INFO mesagess. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/327?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: release/2.6 Gerrit-Change-Id: I2139b62117ba69d643b585d2610e8aef15f71d3e Gerrit-Change-Number: 327 Gerrit-PatchSet: 2 Gerrit-Owner: stipa Gerrit-Reviewer: flichtenheld Gerrit-CC: openvpn-devel Gerrit-CC: plaisthos Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [S] Change in openvpn[release/2.6]: Warn user if INFO control command is too long
Attention is currently required from: flichtenheld.
Hello flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/329?usp=email
to review the following change.
Change subject: Warn user if INFO control command is too long
..
Warn user if INFO control command is too long
"INFO_PRE,..." command length is limited to 256 bytes. If the server
implementation pushes command which is too long, warn the user and
don't send the truncated command to a management client.
Change-Id: If3c27a2a2ba24f2af0e3e3c95eea57ed420b2542
Signed-off-by: Lev Stipakov
---
M src/openvpn/push.c
1 file changed, 8 insertions(+), 2 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/29/329/1
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index d468211..19849c5 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -244,8 +244,14 @@
* for management greeting and we don't want to confuse the client
*/
struct buffer out = alloc_buf_gc(256, );
-buf_printf(, ">%s:%s", "INFOMSG", m);
-management_notify_generic(management, BSTR());
+if (buf_printf(, ">%s:%s", "INFOMSG", m))
+{
+management_notify_generic(management, BSTR());
+}
+else
+{
+msg(D_PUSH_ERRORS, "WARNING: Received INFO command is too long,
won't notify management client.");
+}
gc_free();
}
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/329?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings
Gerrit-Project: openvpn
Gerrit-Branch: release/2.6
Gerrit-Change-Id: If3c27a2a2ba24f2af0e3e3c95eea57ed420b2542
Gerrit-Change-Number: 329
Gerrit-PatchSet: 1
Gerrit-Owner: stipa
Gerrit-Reviewer: flichtenheld
Gerrit-CC: openvpn-devel
Gerrit-Attention: flichtenheld
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] GHA: new workflow to submit scan to Coverity Scan service
On Fri, Aug 11, 2023 at 05:35:03PM +0200, Arne Schwabe wrote: > Am 11.08.23 um 17:12 schrieb Gert Doering: > > Hi, > > > > generally good, but... > > > > On Fri, Jul 28, 2023 at 02:40:05PM +0200, Frank Lichtenheld wrote: > > > index ..0620f638 > > > --- /dev/null > > > +++ b/.github/workflows/coverity-scan.yml > > > @@ -0,0 +1,45 @@ > > > +name: coverity-scan > > > +on: > > > + schedule: > > > +- cron: '0 20 * * *' # Daily at 20:00 UTC > > > + workflow_dispatch: > > > > ... not sure this is the best way to approach the run limit, as > > we can have many days with no commits at all, so we'd waste credits. > > > > Maybe cache the last commit ID and only run coverity if this has > > changed? Or run it "on commit", but cache the current day, and only > > run it again on the next commit that's not on the same day? > > > > (My typical workflow is "you folks queue up patches, and then I find > > half a day of free time, and go merge as many as I can make sense of") > > You can get that behaviour but it is tricky. You have to resort tricks like > this: https://github.com/orgs/community/discussions/26519 of saving > something to a cache and then reading the cache on the next run and check if > something changed. We can probably implement like that and then trigger on > push too? I've basically implemented this now in v2 of the patch (just updated to v3 of cache action). This should address the resource waste concern and also remove unnecessary noise. I've still left the action to trigger on schedule instead of push. I think implementing rate limiting based on push is not worth the effort. Especially since it would often mean that if you have multiple pushes per day the end-result is actually likely to be scanned later since the first pushes eat your rate limit. If some changes should be scanned immediately you can always trigger the workflow manually. Otherwise once per day should be fine. Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH v2] GHA: new workflow to submit scan to Coverity Scan service
Not on every push due to submit limits.
Use caching to not submit a scan for the same git commit
twice. Since we have many days without pushes to master
this saves a lot of Github and Coverity resources.
v2:
- add caching to not submit redundant scans
Change-Id: I302ccc82f9d5c43b58350bbbf7f16ad1c559248f
Signed-off-by: Frank Lichtenheld
---
.github/workflows/coverity-scan.yml | 69 +
1 file changed, 69 insertions(+)
create mode 100644 .github/workflows/coverity-scan.yml
diff --git a/.github/workflows/coverity-scan.yml
b/.github/workflows/coverity-scan.yml
new file mode 100644
index ..c1079332
--- /dev/null
+++ b/.github/workflows/coverity-scan.yml
@@ -0,0 +1,69 @@
+name: coverity-scan
+on:
+ schedule:
+- cron: '0 20 * * *' # Daily at 20:00 UTC
+ workflow_dispatch:
+
+jobs:
+ latest:
+runs-on: ubuntu-latest
+steps:
+ - name: Check submission cache
+id: check_submit
+uses: actions/cache/restore@v3
+with:
+ path: |
+cov-int
+ key: check-submit-${{ github.sha }}
+
+ - name: Install dependencies
+if: steps.check_submit.outputs.cache-hit != 'true'
+run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev
liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html libcmocka-dev
python3-docutils libtool automake autoconf libssl-dev libpkcs11-helper1-dev
softhsm2 gnutls-bin
+
+ - name: Checkout OpenVPN
+if: steps.check_submit.outputs.cache-hit != 'true'
+uses: actions/checkout@v3
+
+ - name: Download Coverity Build Tool
+if: steps.check_submit.outputs.cache-hit != 'true'
+run: |
+ wget -q https://scan.coverity.com/download/cxx/linux64 --post-data
"token=$TOKEN=OpenVPN%2Fopenvpn" -O cov-analysis-linux64.tar.gz
+ mkdir cov-analysis-linux64
+ tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
+env:
+ TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+
+ - name: autoconf
+if: steps.check_submit.outputs.cache-hit != 'true'
+run: autoreconf -fvi
+ - name: configure
+if: steps.check_submit.outputs.cache-hit != 'true'
+run: ./configure --enable-pkcs11
+
+ - name: Build with cov-build
+if: steps.check_submit.outputs.cache-hit != 'true'
+run: |
+ PATH=`pwd`/cov-analysis-linux64/bin:$PATH
+ cov-build --dir cov-int make
+
+ - name: Submit the result to Coverity Scan
+if: steps.check_submit.outputs.cache-hit != 'true'
+run: |
+ tar czvf openvpn.tgz cov-int
+ curl --form token=$TOKEN \
+ --form email=$EMAIL \
+ --form file=@openvpn.tgz \
+ --form version="$GITHUB_SHA" \
+ --form description="master" \
+ https://scan.coverity.com/builds?project=OpenVPN%2Fopenvpn
+env:
+ TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+ EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
+
+ - name: Cache submission
+if: steps.check_submit.outputs.cache-hit != 'true'
+uses: actions/cache/save@v3
+with:
+ path: |
+cov-int
+ key: ${{ steps.check_submit.outputs.cache-primary-key }}
--
2.34.1
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH v2] Fix StatusChangeCallback so it works without a LogCallback
Thank you for the update, and patience. My first email-based patch :) On Mon, Sep 11, 2023, 1:57 AM David Sommerseth wrote: > On 06/09/2023 19:17, Jeremy Fleischman wrote: > > `StatusChangeCallback` requires that LogForward be enabled, which > > previously only happened in `LogCallback`. Now both of them do it, which > > requires a bit of bookkeeping. This fixes > > https://github.com/OpenVPN/openvpn3-linux/issues/197 > > > > Signed-off-by: Jeremy Fleischman > > --- > > src/python/openvpn3/SessionManager.py | 69 ++- > > 1 file changed, 58 insertions(+), 11 deletions(-) > > > > Thanks a lot for your patience and persistence through this review. > > Your patch has been put into the queue for the coming v21 release. I've > not yet pushed out that branch, as I'm waiting for our QA team to > complete the testing of an updated OpenVPN 3 Core library release first; > which is required to be able to build OpenVPN 3 Linux from the public > repos. > > But consider your patch applied. I've only done minor edits to some > comments and commit messages, but the code itself is unchanged. > > I'll follow-up with an update once this commit is public. > > > -- > kind regards, > > David Sommerseth > OpenVPN Inc > > > ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH v2] Fix StatusChangeCallback so it works without a LogCallback
On 06/09/2023 19:17, Jeremy Fleischman wrote: `StatusChangeCallback` requires that LogForward be enabled, which previously only happened in `LogCallback`. Now both of them do it, which requires a bit of bookkeeping. This fixes https://github.com/OpenVPN/openvpn3-linux/issues/197 Signed-off-by: Jeremy Fleischman --- src/python/openvpn3/SessionManager.py | 69 ++- 1 file changed, 58 insertions(+), 11 deletions(-) Thanks a lot for your patience and persistence through this review. Your patch has been put into the queue for the coming v21 release. I've not yet pushed out that branch, as I'm waiting for our QA team to complete the testing of an updated OpenVPN 3 Core library release first; which is required to be able to build OpenVPN 3 Linux from the public repos. But consider your patch applied. I've only done minor edits to some comments and commit messages, but the code itself is unchanged. I'll follow-up with an update once this commit is public. -- kind regards, David Sommerseth OpenVPN Inc ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
