Attention is currently required from: flichtenheld.
cron2 has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/468?usp=email )
Change subject: test_user_pass: new UT for get_user_pass
..
Patch Set 7:
From: Frank Lichtenheld
UTs for basic functionality, without management functions.
v2:
- add CMake support
- add GHA support for both MSVC and mingw
v3:
- fix distcheck by adding input/ directory to dist
Change-Id: I193aef06912f01426dd4ac298aadfab97dd75a35
Signed-off-by: Frank Lichtenheld
Attention is currently required from: MaxF, flichtenheld.
cron2 has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/404?usp=email )
Change subject: Backport mbed TLS 3 support to OpenVPN 2.6
..
Patch
Hi,
On Mon, Nov 20, 2023 at 03:35:05PM +, MaxF (Code Review) wrote:
> Change subject: Backport mbed TLS 3 support to OpenVPN 2.6
> ..
>
> Backport mbed TLS 3 support to OpenVPN 2.6
>
> Based on commits
> -
Attention is currently required from: flichtenheld.
plaisthos has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/468?usp=email )
Change subject: test_user_pass: new UT for get_user_pass
..
Patch Set
Attention is currently required from: MaxF, flichtenheld.
plaisthos has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/404?usp=email )
Change subject: Backport mbed TLS 3 support to OpenVPN 2.6
..
Attention is currently required from: MaxF, flichtenheld.
plaisthos has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/404?usp=email )
Change subject: Backport mbed TLS 3 support to OpenVPN 2.6
..
cron2 has uploaded a new patch set (#3) to the change originally created by
flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/318?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by plaisthos
Change subject: Fix various 'Uninitialized scalar variable'
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/318?usp=email )
Change subject: Fix various 'Uninitialized scalar variable' warnings from
Coverity
..
Fix various 'Uninitialized scalar variable'
Generally I'm not a big fan of code changes just to appease a checking tool,
but I can see why coverity would warn (we pass on structures that contain
possibly-uninitialized data, and the callee "might decide to use them").
Your patch has been applied to the master branch.
commit
Your patch has been applied to the master branch.
commit 4bcb38c42ae62a3c3511511eb4ffe0d66b8e32eb
Author: Heiko Hund
Date: Wed Jan 17 14:49:29 2024 +0100
cmake: symlink whole build dir not just .json file
Signed-off-by: Heiko Hund
Acked-by: Gert Doering
Message-Id:
From: Heiko Hund
It turned out that symlinking compile_commands.json from the top level
source dir has some issues:
* file is not created on Windows and symlinking may cause an error
* some IDEs create their own json and error out b/c a file exists
Since clangd also looks for the json in
Attention is currently required from: d12fk, flichtenheld, plaisthos.
cron2 has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/501?usp=email )
Change subject: cmake: symlink whole build dir not just .json file
Attention is currently required from: d12fk, flichtenheld, plaisthos.
cron2 has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/501?usp=email )
Change subject: cmake: symlink whole build dir not just .json file
Change seems reasonable. Affects only NTLM stuff, adds better error
reporting and takes large domains/usernames into account.
Smoke tested on GHA and buildbot (no NTLM tests right now, though).
Your patch has been applied to the master branch.
release/2.6 is sufficiently different that a
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/497?usp=email )
Change subject: NTLM: increase size of phase 2 response we can handle
..
NTLM: increase size of phase 2 response we can handle
With
cron2 has uploaded a new patch set (#2) to the change originally created by
flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/497?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by cron2
Change subject: NTLM: increase size of phase 2 response we can handle
cron2 has uploaded a new patch set (#2) to the change originally created by
flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/494?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by cron2
Change subject: NTLM: increase size of phase 2 response we can handle
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/494?usp=email )
Change subject: NTLM: increase size of phase 2 response we can handle
..
NTLM: increase size of phase 2 response we can handle
With
Your patch has been applied to the release/2.6 branch.
commit 62d14fcf253c4ff4055b70c1db947ceae928c776 (release/2.6)
Author: Frank Lichtenheld
Date: Wed Jan 17 10:49:52 2024 +0100
NTLM: increase size of phase 2 response we can handle
Signed-off-by: Frank Lichtenheld
Acked-by:
From: Frank Lichtenheld
With NTLMv2 the target information buffer can be rather large
even with normal domain setups.
In my test setup it was 152 bytes starting at offset 71.
Overall the base64 encode phase 2 response was 300 byte long.
The linked documentation has 98 bytes at offset 60. 128
Attention is currently required from: flichtenheld, plaisthos.
cron2 has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/494?usp=email )
Change subject: NTLM: increase size of phase 2 response we can handle
cron2 has uploaded a new patch set (#2) to the change originally created by
flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/496?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by cron2
Change subject: NTLM: add length check to add_security_buffer
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/493?usp=email )
Change subject: NTLM: add length check to add_security_buffer
..
NTLM: add length check to add_security_buffer
Especially ntlmv2_response
cron2 has uploaded a new patch set (#2) to the change originally created by
flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/493?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by cron2
Change subject: NTLM: add length check to add_security_buffer
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/496?usp=email )
Change subject: NTLM: add length check to add_security_buffer
..
NTLM: add length check to add_security_buffer
Especially ntlmv2_response
Same patch as for master (commit a021de2aa), but 2.6 needs one extra
call due to "NTLMv1 not removed yet".
Your patch has been applied to the release/2.6 branch.
commit 7a9670dfe95da691937c608b2d3a3b939f7a4d45 (release/2.6)
Author: Frank Lichtenheld
Date: Wed Jan 17 10:17:11 2024 +0100
This extra check makes sense, the code is not very robust here - maybe
the wording of the message could be made more understandable (what does
"security buffer too big for message buffer" mean?) but at least we
have a check + message now.
I have not tested this for real as I do not have a working
stipa has abandoned this change. (
http://gerrit.openvpn.net/c/openvpn/+/495?usp=email )
Change subject: CMakeLists.txt: Don't fail on missing compile_commands.json
..
Abandoned
Original patch has been reworked and this
Attention is currently required from: d12fk, flichtenheld, plaisthos.
stipa has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/501?usp=email )
Change subject: cmake: symlink whole build dir not just .json file
From: Frank Lichtenheld
Especially ntlmv2_response can be very big, so make sure
we not do exceed the size of the phase3 buffer.
Change-Id: Icea931d29e3e504e23e045539b21013b42172664
Signed-off-by: Frank Lichtenheld
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and approved by
Attention is currently required from: flichtenheld, plaisthos.
cron2 has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/493?usp=email )
Change subject: NTLM: add length check to add_security_buffer
..
From: Frank Lichtenheld
With NTLMv2 the target information buffer can be rather large
even with normal domain setups.
In my test setup it was 152 bytes starting at offset 71.
Overall the base64 encode phase 2 response was 300 byte long.
The linked documentation has 98 bytes at offset 60. 128
Attention is currently required from: flichtenheld, plaisthos.
cron2 has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/497?usp=email )
Change subject: NTLM: increase size of phase 2 response we can handle
Attention is currently required from: cron2, d12fk, plaisthos.
stipa has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/489?usp=email )
Change subject: Windows: enforce 'block-local' with WFP filters
..
From: Frank Lichtenheld
Especially ntlmv2_response can be very big, so make sure
we not do exceed the size of the phase3 buffer.
Change-Id: Icea931d29e3e504e23e045539b21013b42172664
Signed-off-by: Frank Lichtenheld
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and approved by
Attention is currently required from: flichtenheld, plaisthos.
cron2 has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/496?usp=email )
Change subject: NTLM: add length check to add_security_buffer
..
Attention is currently required from: cron2, d12fk, plaisthos.
stipa has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/489?usp=email )
Change subject: Windows: enforce 'block-local' with WFP filters
..
38 matches
Mail list logo