[Openvpn-devel] [PATCH] Resolve several travis-ci issues

MBEDTLS_VERSION, OPENSSL_VERSION were defined twice - in both .travis.yml and .travis/build-deps.sh files, the last one defined OPENSSL_VERSION via nonexistent OPENSSL_VERION variable, which lead us to use openssl-1.0.1 instead of openssl-1.0.2, I removed variable definition from build-deps.sh "

[Openvpn-devel] [PATCH] Resolve several travis-ci issues

MBEDTLS_VERSION, OPENSSL_VERSION were defined twice - in both .travis.yml and .travis/build-deps.sh files, the last one defined OPENSSL_VERSION via nonexistent OPENSSL_VERION variable, which lead us to use openssl-1.0.1 instead of openssl-1.0.2, I removed variable definition from build-deps.sh "

[Openvpn-devel] [PATCH] Resolve several travis-ci issues

MBEDTLS_VERSION, OPENSSL_VERSION were defined twice - in both .travis.yml and .travis/build-deps.sh files, the last one defined OPENSSL_VERSION via nonexistent OPENSSL_VERION variable, which lead us to use openssl-1.0.1 instead of openssl-1.0.2, I removed variable definition from build-deps.sh "

[Openvpn-devel] [PATCH] Resolve several travis-ci issues

MBEDTLS_VERSION, OPENSSL_VERSION were defined twice - in both .travis.yml and .travis/build-deps.sh files, the last one defined OPENSSL_VERSION via nonexistent OPENSSL_VERION variable, which lead us to use openssl-1.0.1 instead of openssl-1.0.2, I removed variable definition from build-deps.sh "c

[Openvpn-devel] [PATCH] v2, add PR template in order to simplify new developers cooperate properly if they open PR. discussed here: https://sourceforge.net/p/openvpn/mailman/message/35601310/

v2: @mattock has changed links and provided an example of "git send-email" --- .github/PULL_REQUEST_TEMPLATE.md | 15 +++ 1 file changed, 15 insertions(+) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE

[Openvpn-devel] [PATCH] travis-ci: add "make distcheck" to test scenario

in rare cases openvpn is built from tarball, it happens during "installer build" process. "make distcheck" helps to prevent problems during such builds. Signed-off-by: Ilya Shipitsin --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.trav

[Openvpn-devel] [PATCH] travis-ci: add "make distcheck" to test scenario, V2

in rare cases openvpn is built from tarball, it happens during "installer build" process. "make distcheck" helps to prevent problems during such builds. V2: limit "make distcheck" to one build configuration Signed-off-by: Ilya Shipitsin --- .travis.yml | 3 ++-

[Openvpn-devel] [PATCH] travis-ci: remove unused files

Those files were commited by mistake. I implemented building dependencies in 4 separate scripts, later Steffan Karger combined all 4 scripts into "build-deps.sh". Signed-off-by: Ilya Shipitsin --- .travis/build-mbedtls-linux.sh | 9 - .travis/build-mbedtls-osx

[Openvpn-devel] [PATCH] resolve format string warnings

[src/openvpn/options.c:1163]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'. [src/openvpn/route.c:3187]: (warning) %d in format string (no. 5) requires 'int *' but the argument type is 'unsigned int

[Openvpn-devel] [PATCH] v2: resolve format string warnings

*'. v2: use "uint8_t" in options.c, thanks to Gert Doering Signed-off-by: Ilya Shipitsin --- src/openvpn/options.c | 4 ++-- src/openvpn/route.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index dcb6ecf..6a

[Openvpn-devel] [PATCH] travis-ci: add 2 mingw "build only configurations"

Inspired by https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13032.html build options are taken from regular windows installer builds Signed-off-by: Ilya Shipitsin --- .travis.yml | 30 +--- .travis/build-deps.sh | 55

[Openvpn-devel] [PATCH] v3: resolve format string warnings

[src/openvpn/options.c:1163]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'. [src/openvpn/route.c:3187]: (warning) %d in format string (no. 5) requires 'int *' but the argument type is 'unsigned int

[Openvpn-devel] [PATCH] travis-ci: add 2 mingw "build only" configurations

Inspired by https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13032.html build options are taken from regular windows installer builds Signed-off-by: Ilya Shipitsin --- v2: moved download/build dependencies into functions, changed cross build detection from shell expansion

[Openvpn-devel] [PATCH] v3, travis-ci: add 2 mingw "build only" configurations

Inspired by https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13032.html build options are taken from regular windows installer builds Signed-off-by: Ilya Shipitsin --- v2: moved download/build dependencies into functions, changed cross build detection from shell expansion

[Openvpn-devel] [PATCH] v4, travis-ci: add 2 mingw "build only" configurations

Inspired by https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13032.html build options are taken from regular windows installer builds Signed-off-by: Ilya Shipitsin --- v2: moved download/build dependencies into functions, changed cross build detection from shell expansion

[Openvpn-devel] [PATCH] travis-ci: added gcc and clang openssl-1.1.0 builds

openssl build script was modified according to official openssl manual: https://wiki.openssl.org/index.php/Compilation_and_Installation --- .travis.yml | 6 ++ .travis/build-deps.sh | 6 +++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml i

[Openvpn-devel] [PATCH] win32 build: check for ENETUNREACH

Currently, we do not check for mingw-gcc version. For example, Debian 7 is shipped with 4.6.3, which does not know about ENETUNREACH --- this is for 2.4 and HEAD branches configure.ac | 14 ++ 1 file changed, 14 insertions(+) diff --git a/configure.ac b/configure.ac index 60bb465..8

[Openvpn-devel] [PATCH 2/3] travis-ci: update openssl to 1.0.2l, update mbedtls to 2.5.1

--- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index fc98a4d0..0b531529 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,10 +15,10 @@ env: - TAP_WINDOWS_VERSION=9.21.2 - LZO_VERSION=2.10 - PKCS11_HELPER_VERSION=1.22

[Openvpn-devel] [PATCH 3/3] add a test to "openvpn --help"

inspired by https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13808.html --- tests/Makefile.am | 2 +- tests/t_usage.sh | 29 + 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100755 tests/t_usage.sh diff --git a/tests/Makefile.am b/t

[Openvpn-devel] [PATCH 1/3] travis-ci: update pkcs11-helper to 1.22

use pkcs11-helper from https://github.com/OpenSC/pkcs11-helper/ to match build process used in windows installer build --- .travis.yml | 2 +- .travis/build-deps.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index db90e03a..fc98a4d0

[Openvpn-devel] [PATCH] v2 travis-ci: update pkcs11-helper to 1.22

use pkcs11-helper from https://github.com/OpenSC/pkcs11-helper/ to match build process used in windows installer build Signed-off-by: Ilya Shipitsin --- v2: break lines up into 80-char, thanks Steffan Karger .travis.yml | 2 +- .travis/build-deps.sh | 8 ++-- 2 files changed, 7

[Openvpn-devel] [PATCH 0/1] travis-ci: libressl support for osx

Tunnelblick ships openvpn binary built with libressl (see https://github.com/Tunnelblick/Tunnelblick/issues/317 ) Ilya Shipitsin (1): travis-ci: add libressl build for osx .travis.yml| 5 + .travis/build-check.sh | 4 .travis/build-deps.sh | 31

[Openvpn-devel] [PATCH 1/1] travis-ci: add libressl build for osx

--- .travis.yml| 5 + .travis/build-check.sh | 4 .travis/build-deps.sh | 31 +++ 3 files changed, 40 insertions(+) diff --git a/.travis.yml b/.travis.yml index 0b531529..4f5661d6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -21,6 +21,7 @@ env:

[Openvpn-devel] [PATCH] travis-ci: enable ccache for osx and mingw builds

-- ccache was now tested by me and works for osx and mingw builds as well --- .travis.yml | 2 +- .travis/build-deps.sh | 14 ++ 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/.travis.yml b/.travis.yml index 366e6599..8efb1cbd 100644 --- a/.travis.yml +++ b/.

[Openvpn-devel] [PATCH] travis-ci: speedup osx build by enabling brew cache

1-2 minutes speedup by using brew cache, also ccache is no more disabled for osx build (even it does not speedup significantly, it simplifies the overall script) --- this is a "v2" of previously issued "enable ccache for osx and mingw builds" patch. I decided not to enable ccache for mingw builds

[Openvpn-devel] [PATCH v3] travis-ci: add brew cache, remove ccache

1-2 minutes speedup osx builds by using brew cache. Also, ccache was removed for a while (builds fail after travis-ci upgraded clang to version 5.0.0) --- v2: this is a "v2" of previously issued "enable ccache for osx and mingw builds" patch. I decided not to enable ccache for mingw builds as it do

[Openvpn-devel] [PATCH] travis-ci: modify openssl build script to support openssl-1.1.0

no-multilib is only supported on openssl-1.0.X, do not use it if OPENSSL_VERSION is 1.1.0 Signed-off-by: Ilya Shipitsin --- .travis/build-deps.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh index bc538853..1761932e

[Openvpn-devel] [PATCH v2] travis-ci: modify openssl build script to support openssl-1.1.0

get rid of no-multilib, as it is not supported on openssl-1.1.0 Signed-off-by: Ilya Shipitsin --- v2: get rid of no-multilib instead of including it conditionally, thanks to Steffan Karger .travis/build-deps.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis/build

[Openvpn-devel] [PATCH] travis-ci: add pkcs11-helper patch identical to openvpn-build

currently patch of implementing RFC7512 URI Scheme is added during building windows installer. The same patch was added to travis-ci cross builds Signed-off-by: Ilya Shipitsin --- .travis/build-deps.sh | 17 +- .travis/pkcs11-helper-001-RFC7512.patch | 656

[Openvpn-devel] [PATCH] travis-ci: cleanup and upgrade ssl libraries

both "compiler" and "exclude" are redundant, so remove them Signed-off-by: Ilya Shipitsin --- .travis.yml | 13 - 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/.travis.yml b/.travis.yml index 51645924..1cbd96bc 100644 --- a/.travis.yml +++ b/.tra

[Openvpn-devel] [PATCH v2] travis-ci: cleanup, refactor, upgrade ssl libraries

Both "compiler" and "exclude" are redundant, so remove them. Add openssl-1.0.1u to build matrix. Enable explicit apt update (it was disabled by default in travis-ci). Signed-off-by: Ilya Shipitsin -- v2: Add openssl-1.0.1u to build matrix (thanks to Steffan Karger), Add exp

[Openvpn-devel] [PATCH] initial travis-ci support

--- .travis.yml| 85 ++ .travis/build-mbedtls-linux.sh | 10 + .travis/build-mbedtls-osx.sh | 9 + .travis/build-openssl-linux.sh | 12 ++ .travis/build-openssl-osx.sh | 11 ++ 5 files changed, 127 insertions(+) crea

[Openvpn-devel] [PATCH] travis-ci refactor by Steffan Karger

From: Steffan Karger Signed-off-by: Steffan Karger --- .travis.yml | 63 -- .travis/build-deps.sh | 85 +++ 2 files changed, 119 insertions(+), 29 deletions(-) create mode 100755 .travis/build-deps.sh

[Openvpn-devel] [PATCH] initial travis-ci support

--- .travis.yml| 85 ++ .travis/build-mbedtls-linux.sh | 10 + .travis/build-mbedtls-osx.sh | 9 + .travis/build-openssl-linux.sh | 12 ++ .travis/build-openssl-osx.sh | 11 ++ 5 files changed, 127 insertions(+) crea

[Openvpn-devel] [PATCH] travis-ci refactor by Steffan Karger

From: Steffan Karger Signed-off-by: Steffan Karger --- .travis.yml | 63 -- .travis/build-deps.sh | 85 +++ 2 files changed, 119 insertions(+), 29 deletions(-) create mode 100755 .travis/build-deps.sh

[Openvpn-devel] [PATCH] skip t_lpback.sh and t_cltsrv.sh if openvpn configured --disable-crypto

--- configure.ac | 1 + tests/Makefile.am | 5 - 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index d733023..dc95123 100644 --- a/configure.ac +++ b/configure.ac @@ -1192,6 +1192,7 @@ AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"]) AM_CONDI

[Openvpn-devel] [PATCH] enable "--disable-crypto" build configuration

--- .travis.yml | 4 1 file changed, 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 452c48e..369db97 100644 --- a/.travis.yml +++ b/.travis.yml @@ -51,10 +51,6 @@ matrix: os: osx osx_image: xcode7.3 compiler: clang - allow_failures: -- env: SSLLIB="open

[Openvpn-devel] [PATCH] cppcheck finding: add "ASSERT( maxoutput > 0 || separator != NULL )" to prevent possible null pointer derefence

--- src/openvpn/buffer.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c index 52c6ab9..57bded9 100644 --- a/src/openvpn/buffer.c +++ b/src/openvpn/buffer.c @@ -438,10 +438,12 @@ format_hex_ex (const uint8_t *data, int size, int

[Openvpn-devel] [PATCH] Resolving several travis-ci issues:

* moving LD_LIBRARY_PATH as far as possible (otherwise "wget" picks it, which is not desirable) * split LD_LIBRARY_PATH into LD_LIBRARY_PATH/DYLD_LIBRARY_PATH depending on operating system * removed MBEDTLS_VERSION, OPENSSL_VERSION (the last depended on nonexistent OPENSSL_VERION variable) * rem

[Openvpn-devel] [PATCH] resolving trivial issue found by clang static analyzer variable "ret" is assigned a value that is redefined later

details can be found here: https://delft.syzzer.nl/openvpn-scan-build/2017-01-10-20-23912-1/report-856cea.html#EndPath --- src/openvpn/init.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index b2547f4..5b39929 100644 --- a/src/openvpn/init.c +++ b

[Openvpn-devel] [PATCH] add PR template in order to simplify new developers cooperate properly if they open PR. discussed here: https://sourceforge.net/p/openvpn/mailman/message/35601310/

--- .github/PULL_REQUEST_TEMPLATE.md | 8 1 file changed, 8 insertions(+) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 000..d0cfd7f --- /dev/null +++ b/.github/PULL_REQ

[Openvpn-devel] [PATCH] src/openvpn/dco_freebsd.c: handle malloc failure

malloc was not checked against NULL, I was able to get core dump in case of failure Signed-off-by: Ilya Shipitsin --- src/openvpn/dco_freebsd.c | 5 + 1 file changed, 5 insertions(+) diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c index abeb..adbd1120 100644 --- a

[Openvpn-devel] [PATCH v2] src/openvpn/dco_freebsd.c: handle malloc failure

malloc was not checked against NULL, I was able to get core dump in case of failure Signed-off-by: Ilya Shipitsin --- v2: - style correction src/openvpn/dco_freebsd.c | 4 1 file changed, 4 insertions(+) diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c index abeb

[Openvpn-devel] [PATCH] CI: github actions: keep "pdb" in artifacts

"pdb" files are important for example, for BinSkim analysis. Let us keep them --- .github/workflows/build.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index b2c16449..4c963114 100644 --- a/.github/workflows/build.yaml +++ b/.g

[Openvpn-devel] [PATCH] BUILD: enable CFG and Spectre mitigation for MSVC

found by BinSkim Signed-off-by: Ilya Shipitsin --- src/compat/Debug.props| 1 + src/compat/Release.props | 1 + src/compat/compat.vcxproj | 6 ++ src/openvpn/openvpn.vcxproj | 12 src/openvpnmsica/openvpnmsica.props | 1

[Openvpn-devel] [PATCH v2] BUILD: enable CFG and Spectre mitigation for MSVC

found by BinSkim Signed-off-by: Ilya Shipitsin --- src/compat/Release.props| 1 + src/compat/compat.vcxproj | 6 ++ src/openvpn/openvpn.vcxproj | 9 + src/openvpnmsica/openvpnmsica-Release.props | 1 + src/openvpnmsica

[Openvpn-devel] [PATCH] BUILD: MSVC: enable the Control-flow Enforcement Technology (CET) Shadow Stack mitigation

found by BinSkim, more details: https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160 Signed-off-by: Ilya Shipitsin --- src/compat/Debug.props | 10 ++ src/compat/Release.props| 10 ++ src/openvpn/openvpn.vcxproj