[Openvpn-devel] [PATCH v2] src/openvpn/dco_freebsd.c: handle malloc failure

[Ilya Shipitsin]

malloc was not checked against NULL, I was able
to get core dump in case of failure

Signed-off-by: Ilya Shipitsin 
---
v2:
 - style correction

 src/openvpn/dco_freebsd.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index abeb..af7776bb 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -594,6 +594,10 @@ dco_available(int msglevel)
 }
 
 buf = malloc(ifcr.ifcr_total * IFNAMSIZ);
+if (!buf)
+{
+goto out;
+}
 
 ifcr.ifcr_count = ifcr.ifcr_total;
 ifcr.ifcr_buffer = buf;
-- 
2.35.3.windows.1



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] src/openvpn/dco_freebsd.c: handle malloc failure

[Ilya Shipitsin]

malloc was not checked against NULL, I was able
to get core dump in case of failure

Signed-off-by: Ilya Shipitsin 
---
 src/openvpn/dco_freebsd.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index abeb..adbd1120 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -594,6 +594,11 @@ dco_available(int msglevel)
 }
 
 buf = malloc(ifcr.ifcr_total * IFNAMSIZ);
+if (buf == NULL)
+{
+close(fd);
+return false;
+}
 
 ifcr.ifcr_count = ifcr.ifcr_total;
 ifcr.ifcr_buffer = buf;
-- 
2.35.3.windows.1



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] BUILD: MSVC: enable the Control-flow Enforcement Technology (CET) Shadow Stack mitigation

[Ilya Shipitsin]

found by BinSkim, more details:
https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160

Signed-off-by: Ilya Shipitsin 
---
 src/compat/Debug.props  | 10 ++
 src/compat/Release.props| 10 ++
 src/openvpn/openvpn.vcxproj |  4 
 src/openvpnmsica/openvpnmsica-Debug.props   | 10 ++
 src/openvpnmsica/openvpnmsica-Release.props | 10 ++
 src/openvpnserv/openvpnserv.vcxproj |  4 
 6 files changed, 48 insertions(+)

diff --git a/src/compat/Debug.props b/src/compat/Debug.props
index 31bb9d91..14d7a1f7 100644
--- a/src/compat/Debug.props
+++ b/src/compat/Debug.props
@@ -17,5 +17,15 @@
   EditAndContinue
 
   
+  
+
+  true
+
+  
+  
+
+  true
+
+  
   
 
\ No newline at end of file
diff --git a/src/compat/Release.props b/src/compat/Release.props
index 50eaa8de..df04ddf2 100644
--- a/src/compat/Release.props
+++ b/src/compat/Release.props
@@ -22,5 +22,15 @@
   true
 
   
+  
+
+  true
+
+  
+  
+
+  true
+
+  
   
 
\ No newline at end of file
diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj
index 65ee6839..38dd22de 100644
--- a/src/openvpn/openvpn.vcxproj
+++ b/src/openvpn/openvpn.vcxproj
@@ -158,6 +158,7 @@
   
Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib
   
$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)
   Console
+  true
 
   
   
@@ -173,6 +174,7 @@
   
Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib
   
$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)
   Console
+  true
 
   
   
@@ -204,6 +206,7 @@
   
Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib
   
$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)
   Console
+  true
 
   
   
@@ -220,6 +223,7 @@
   
Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib
   
$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)
   Console
+  true
 
   
   
diff --git a/src/openvpnmsica/openvpnmsica-Debug.props 
b/src/openvpnmsica/openvpnmsica-Debug.props
index 43532cfe..c99346af 100644
--- a/src/openvpnmsica/openvpnmsica-Debug.props
+++ b/src/openvpnmsica/openvpnmsica-Debug.props
@@ -10,5 +10,15 @@
   MultiThreadedDebug
 
   
+  
+
+  true
+
+  
+  
+
+  true
+
+  
   
 
\ No newline at end of file
diff --git a/src/openvpnmsica/openvpnmsica-Release.props 
b/src/openvpnmsica/openvpnmsica-Release.props
index 47727b35..70f82713 100644
--- a/src/openvpnmsica/openvpnmsica-Release.props
+++ b/src/openvpnmsica/openvpnmsica-Release.props
@@ -11,5 +11,15 @@
   Guard
 
   
+  
+
+  true
+
+  
+  
+
+  true
+
+  
   
 
\ No newline at end of file
diff --git a/src/openvpnserv/openvpnserv.vcxproj 
b/src/openvpnserv/openvpnserv.vcxproj
index 5fd7d60b..65d03e3b 100644
--- a/src/openvpnserv/openvpnserv.vcxproj
+++ b/src/openvpnserv/openvpnserv.vcxproj
@@ -130,6 +130,7 @@
 
   
Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)
   Console
+  true
 
   
   
@@ -141,6 +142,7 @@
 
   
legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)
   Console
+  true
 
   
   
@@ -163,6 +165,7 @@
 
   
Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)
   Console
+  true
 
   
   
@@ -174,6 +177,7 @@
 
   
legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)
   Console
+  true
 
   
   
-- 
2.29.2.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2] BUILD: enable CFG and Spectre mitigation for MSVC

[Ilya Shipitsin]

found by BinSkim

Signed-off-by: Ilya Shipitsin 
---
 src/compat/Release.props| 1 +
 src/compat/compat.vcxproj   | 6 ++
 src/openvpn/openvpn.vcxproj | 9 +
 src/openvpnmsica/openvpnmsica-Release.props | 1 +
 src/openvpnmsica/openvpnmsica.vcxproj   | 6 ++
 src/openvpnserv/openvpnserv.vcxproj | 6 ++
 src/tapctl/tapctl.vcxproj   | 6 ++
 7 files changed, 35 insertions(+)

diff --git a/src/compat/Release.props b/src/compat/Release.props
index 63828b79..50eaa8de 100644
--- a/src/compat/Release.props
+++ b/src/compat/Release.props
@@ -15,6 +15,7 @@
   MultiThreadedDLL
   ProgramDatabase
   
NDEBUG;%(PreprocessorDefinitions)
+  Guard
 
 
   true
diff --git a/src/compat/compat.vcxproj b/src/compat/compat.vcxproj
index 49824783..fe03a51a 100644
--- a/src/compat/compat.vcxproj
+++ b/src/compat/compat.vcxproj
@@ -38,33 +38,39 @@
 MultiByte
 true
 v142
+Spectre
   
   
 StaticLibrary
 MultiByte
 true
 v142
+Spectre
   
   
 StaticLibrary
 MultiByte
 true
 v142
+Spectre
   
   
 StaticLibrary
 MultiByte
 v142
+Spectre
   
   
 StaticLibrary
 MultiByte
 v142
+Spectre
   
   
 StaticLibrary
 MultiByte
 v142
+Spectre
   
   
   
diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj
index 5b3e0c6c..65ee6839 100644
--- a/src/openvpn/openvpn.vcxproj
+++ b/src/openvpn/openvpn.vcxproj
@@ -38,33 +38,39 @@
 true
 NotSet
 v142
+Spectre
   
   
 Application
 true
 NotSet
 v142
+Spectre
   
   
 Application
 true
 NotSet
 v142
+Spectre
   
   
 Application
 NotSet
 v142
+Spectre
   
   
 Application
 NotSet
 v142
+Spectre
   
   
 Application
 NotSet
 v142
+Spectre
   
   
   
@@ -191,6 +197,7 @@
   Level2
   true
   
..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)
+  Guard
 
 
 
@@ -206,6 +213,7 @@
   Level2
   true
   
..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)
+  Guard
 
 
 
@@ -221,6 +229,7 @@
   Level2
   true
   
..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)
+  Guard
 
 
 
diff --git a/src/openvpnmsica/openvpnmsica-Release.props 
b/src/openvpnmsica/openvpnmsica-Release.props
index 848fda8f..47727b35 100644
--- a/src/openvpnmsica/openvpnmsica-Release.props
+++ b/src/openvpnmsica/openvpnmsica-Release.props
@@ -8,6 +8,7 @@
   
 
   MultiThreaded
+  Guard
 
   
   
diff --git a/src/openvpnmsica/openvpnmsica.vcxproj 
b/src/openvpnmsica/openvpnmsica.vcxproj
index c39b1240..11aa78bb 100644
--- a/src/openvpnmsica/openvpnmsica.vcxproj
+++ b/src/openvpnmsica/openvpnmsica.vcxproj
@@ -40,18 +40,21 @@
 v142
 Unicode
 true
+Spectre
   
   
 DynamicLibrary
 true
 v142
 Unicode
+Spectre
   
   
 DynamicLibrary
 true
 v142
 Unicode
+Spectre
   
   
 DynamicLibrary
@@ -60,6 +63,7 @@
 true
 Unicode
 true
+Spectre
   
   
 DynamicLibrary
@@ -67,6 +71,7 @@
 v142
 true
 Unicode
+Spectre
   
   
 DynamicLibrary
@@ -74,6 +79,7 @@
 v142
 true
 Unicode
+Spectre
   
   
   
diff --git a/src/openvpnserv/openvpnserv.vcxproj 
b/src/openvpnserv/openvpnserv.vcxproj
index 8009ab3d..5fd7d60b 100644
--- a/src/openvpnserv/openvpnserv.vcxproj
+++ b/src/openvpnserv/openvpnserv.vcxproj
@@ -38,33 +38,39 @@
 Unicode
 true
 v142
+Spectre
   
   
 Application
 Unicode
 true
 v142
+Spectre
   
   
 Application
 Unicode
 true
 v142
+Spectre
   
   
 Application
 Unicode
 v142
+Spectre
   
   
 Application
 Unicode
 v142
+Spectre
   
   
 Application
 Unicode
 v142
+Spectre
   
   
   
diff --git a/src/tapctl/tapctl.vcxproj b/src/tapctl/tapctl.vcxproj
index ad96f02c..79da9d33 100644
--- a/src/tapctl/tapctl.vcxproj
+++ b/src/tapctl/tapctl.vcxproj
@@ -40,18 +40,21 @@
 v142
 Unicode
 true
+Spectre
   
   
 Application
 true
 v142
 Unicode
+Spectre
   
   
 Application
 true
 v142
 Unicode
+Spectre
   
   
 Application
@@ -60,6 +63,7 @@
 true
 Unicode
 true
+Spectre
   
   
 Application
@@ -67,6 +71,7 @@
 v142
 true
 Unicode
+Spectre
   
   
 Application
@@ -74,6 +79,7 @@
 v142
 true
 Unicode
+Spectre
   
   
   
-- 
2.29.2.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] BUILD: enable CFG and Spectre mitigation for MSVC

[Ilya Shipitsin]

found by BinSkim

Signed-off-by: Ilya Shipitsin 
---
 src/compat/Debug.props|  1 +
 src/compat/Release.props  |  1 +
 src/compat/compat.vcxproj |  6 ++
 src/openvpn/openvpn.vcxproj   | 12 
 src/openvpnmsica/openvpnmsica.props   |  1 +
 src/openvpnmsica/openvpnmsica.vcxproj |  6 ++
 src/openvpnserv/openvpnserv.vcxproj   |  6 ++
 src/tapctl/tapctl.vcxproj |  6 ++
 8 files changed, 39 insertions(+)

diff --git a/src/compat/Debug.props b/src/compat/Debug.props
index 31bb9d91..810609bf 100644
--- a/src/compat/Debug.props
+++ b/src/compat/Debug.props
@@ -15,6 +15,7 @@
   
_DEBUG;%(PreprocessorDefinitions)
   MultiThreadedDebugDLL
   EditAndContinue
+  Guard
 
   
   
diff --git a/src/compat/Release.props b/src/compat/Release.props
index 63828b79..50eaa8de 100644
--- a/src/compat/Release.props
+++ b/src/compat/Release.props
@@ -15,6 +15,7 @@
   MultiThreadedDLL
   ProgramDatabase
   
NDEBUG;%(PreprocessorDefinitions)
+  Guard
 
 
   true
diff --git a/src/compat/compat.vcxproj b/src/compat/compat.vcxproj
index 49824783..fe03a51a 100644
--- a/src/compat/compat.vcxproj
+++ b/src/compat/compat.vcxproj
@@ -38,33 +38,39 @@
 MultiByte
 true
 v142
+Spectre
   
   
 StaticLibrary
 MultiByte
 true
 v142
+Spectre
   
   
 StaticLibrary
 MultiByte
 true
 v142
+Spectre
   
   
 StaticLibrary
 MultiByte
 v142
+Spectre
   
   
 StaticLibrary
 MultiByte
 v142
+Spectre
   
   
 StaticLibrary
 MultiByte
 v142
+Spectre
   
   
   
diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj
index 5b3e0c6c..8d27f9c6 100644
--- a/src/openvpn/openvpn.vcxproj
+++ b/src/openvpn/openvpn.vcxproj
@@ -38,33 +38,39 @@
 true
 NotSet
 v142
+Spectre
   
   
 Application
 true
 NotSet
 v142
+Spectre
   
   
 Application
 true
 NotSet
 v142
+Spectre
   
   
 Application
 NotSet
 v142
+Spectre
   
   
 Application
 NotSet
 v142
+Spectre
   
   
 Application
 NotSet
 v142
+Spectre
   
   
   
@@ -146,6 +152,7 @@
   Level2
   true
   
..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)
+  Guard
 
 
 
@@ -161,6 +168,7 @@
   Level2
   true
   
..\compat;$(SolutionDir)include;$(SolutionDir);%(AdditionalIncludeDirectories)
+  Guard
 
 
 
@@ -176,6 +184,7 @@
   Level2
   true
   
..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)
+  Guard
 
 
 
@@ -191,6 +200,7 @@
   Level2
   true
   
..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)
+  Guard
 
 
 
@@ -206,6 +216,7 @@
   Level2
   true
   
..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)
+  Guard
 
 
 
@@ -221,6 +232,7 @@
   Level2
   true
   
..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)
+  Guard
 
 
 
diff --git a/src/openvpnmsica/openvpnmsica.props 
b/src/openvpnmsica/openvpnmsica.props
index 074635d0..9e934a73 100644
--- a/src/openvpnmsica/openvpnmsica.props
+++ b/src/openvpnmsica/openvpnmsica.props
@@ -9,6 +9,7 @@
 
   
..\compat;$(TAP_WINDOWS_HOME)/include;%(AdditionalIncludeDirectories)
   
_WIN32_WINNT=_WIN32_WINNT_VISTA;%(PreprocessorDefinitions)
+  Guard
 
 
   Windows
diff --git a/src/openvpnmsica/openvpnmsica.vcxproj 
b/src/openvpnmsica/openvpnmsica.vcxproj
index c39b1240..11aa78bb 100644
--- a/src/openvpnmsica/openvpnmsica.vcxproj
+++ b/src/openvpnmsica/openvpnmsica.vcxproj
@@ -40,18 +40,21 @@
 v142
 Unicode
 true
+Spectre
   
   
 DynamicLibrary
 true
 v142
 Unicode
+Spectre
   
   
 DynamicLibrary
 true
 v142
 Unicode
+Spectre
   
   
 DynamicLibrary
@@ -60,6 +63,7 @@
 true
 Unicode
 true
+Spectre
   
   
 DynamicLibrary
@@ -67,6 +71,7 @@
 v142
 true
 Unicode
+Spectre
   
   
 DynamicLibrary
@@ -74,6 +79,7 @@
 v142
 true
 Unicode
+Spectre
   
   
   
diff --git a/src/openvpnserv/openvpnserv.vcxproj 
b/src/openvpnserv/openvpnserv.vcxproj
index 8009ab3d..5fd7d60b 100644
--- a/src/openvpnserv/openvpnserv.vcxproj
+++ b/src/openvpnserv/openvpnserv.vcxproj
@@ -38,33 +38,39 @@
 Unicode
 true
 v142
+Spectre
   
   
 Application
 Unicode
 true
 v142
+Spectre
   
   
 Application
 Unicode
 true
 v142
+Spectre
   
   
 Application
 Unicode
 v142
+Spectre
   
   
 Application
 Unicode
 v142
+Spectre
   
   
 Application
 Unicode
 v142
+Spectre
   
   
   
diff --git a/src/tapctl/tapctl.vcxproj b/src/tapctl/tapctl.vcxproj
index ad96f02c..79da9d33 100644
--- a/src/tapctl/tapctl.vcxproj
+++ b/src/tapctl

[Openvpn-devel] [PATCH] CI: github actions: keep "pdb" in artifacts

[Ilya Shipitsin]

"pdb" files are important for example, for BinSkim analysis. Let us
keep them
---
 .github/workflows/build.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index b2c16449..4c963114 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -227,3 +227,4 @@ jobs:
   path: |
 ${{ matrix.plat }}-Output/${{env.BUILD_CONFIGURATION}}/*.exe
 ${{ matrix.plat }}-Output/${{env.BUILD_CONFIGURATION}}/*.dll
+${{ matrix.plat }}-Output/${{env.BUILD_CONFIGURATION}}/*.pdb
\ No newline at end of file
-- 
2.29.2.windows.2



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2] travis-ci: cleanup, refactor, upgrade ssl libraries

[Ilya Shipitsin]

Both "compiler" and "exclude" are redundant, so remove them.
Add openssl-1.0.1u to build matrix. Enable explicit apt update
(it was disabled by default in travis-ci).

Signed-off-by: Ilya Shipitsin <chipits...@gmail.com>

--
v2: Add openssl-1.0.1u to build matrix (thanks to Steffan Karger),
Add explicit apt-get update (it was disabled by default in travis-ci)
---
---
 .travis.yml | 17 -
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 51645924..216f0a04 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -5,9 +5,6 @@ os: linux
 
 language: c
 
-compiler:
-  - gcc
-
 env:
   global:
 - JOBS=3
@@ -15,10 +12,10 @@ env:
 - TAP_WINDOWS_VERSION=9.21.2
 - LZO_VERSION=2.10
 - PKCS11_HELPER_VERSION=1.22
-- MBEDTLS_VERSION="2.5.1"
+- MBEDTLS_VERSION="2.8.0"
 - MBEDTLS_CFLAGS="-I${PREFIX}/include"
 - MBEDTLS_LIBS="-L${PREFIX}/lib -lmbedtls -lmbedx509 -lmbedcrypto"
-- OPENSSL_VERSION="1.0.2l"
+- OPENSSL_VERSION="1.0.2o"
 - OPENSSL_CFLAGS="-I${PREFIX}/include"
 - OPENSSL_LIBS="-L${PREFIX}/lib -lssl -lcrypto"
 # The next declaration is the encrypted COVERITY_SCAN_TOKEN, created
@@ -30,13 +27,16 @@ matrix:
 - env: SSLLIB="openssl" RUN_COVERITY="1"
   os: linux
   compiler: gcc
-- env: SSLLIB="openssl" OPENSSL_VERSION="1.1.0f"
+- env: SSLLIB="openssl" OPENSSL_VERSION="1.0.1u"
+  os: linux
+  compiler: gcc
+- env: SSLLIB="openssl" OPENSSL_VERSION="1.1.0h"
   os: linux
   compiler: gcc
 - env: SSLLIB="openssl" CFLAGS="-fsanitize=address"
   os: linux
   compiler: clang
-- env: SSLLIB="openssl" OPENSSL_VERSION="1.1.0f"
+- env: SSLLIB="openssl" OPENSSL_VERSION="1.1.0h"
   os: linux
   compiler: clang
 - env: SSLLIB="mbedtls"
@@ -65,11 +65,10 @@ matrix:
 - env: SSLLIB="openssl" EXTRA_CONFIG="--enable-small"
   os: linux
   compiler: clang
-  exclude:
-- compiler: gcc
 
 addons:
   apt:
+update: true
 packages:
   - liblzo2-dev
   - libpam0g-dev
-- 
2.14.3


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] travis-ci: cleanup and upgrade ssl libraries

[Ilya Shipitsin]

both "compiler" and "exclude" are redundant, so remove them

Signed-off-by: Ilya Shipitsin <chipits...@gmail.com>
---
 .travis.yml | 13 -
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 51645924..1cbd96bc 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -5,9 +5,6 @@ os: linux
 
 language: c
 
-compiler:
-  - gcc
-
 env:
   global:
 - JOBS=3
@@ -15,10 +12,10 @@ env:
 - TAP_WINDOWS_VERSION=9.21.2
 - LZO_VERSION=2.10
 - PKCS11_HELPER_VERSION=1.22
-- MBEDTLS_VERSION="2.5.1"
+- MBEDTLS_VERSION="2.8.0"
 - MBEDTLS_CFLAGS="-I${PREFIX}/include"
 - MBEDTLS_LIBS="-L${PREFIX}/lib -lmbedtls -lmbedx509 -lmbedcrypto"
-- OPENSSL_VERSION="1.0.2l"
+- OPENSSL_VERSION="1.0.2o"
 - OPENSSL_CFLAGS="-I${PREFIX}/include"
 - OPENSSL_LIBS="-L${PREFIX}/lib -lssl -lcrypto"
 # The next declaration is the encrypted COVERITY_SCAN_TOKEN, created
@@ -30,13 +27,13 @@ matrix:
 - env: SSLLIB="openssl" RUN_COVERITY="1"
   os: linux
   compiler: gcc
-- env: SSLLIB="openssl" OPENSSL_VERSION="1.1.0f"
+- env: SSLLIB="openssl" OPENSSL_VERSION="1.1.0h"
   os: linux
   compiler: gcc
 - env: SSLLIB="openssl" CFLAGS="-fsanitize=address"
   os: linux
   compiler: clang
-- env: SSLLIB="openssl" OPENSSL_VERSION="1.1.0f"
+- env: SSLLIB="openssl" OPENSSL_VERSION="1.1.0h"
   os: linux
   compiler: clang
 - env: SSLLIB="mbedtls"
@@ -65,8 +62,6 @@ matrix:
 - env: SSLLIB="openssl" EXTRA_CONFIG="--enable-small"
   os: linux
   compiler: clang
-  exclude:
-- compiler: gcc
 
 addons:
   apt:
-- 
2.14.3


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] travis-ci: add pkcs11-helper patch identical to openvpn-build

[Ilya Shipitsin]

currently patch of implementing RFC7512 URI Scheme is added during
building windows installer. The same patch was added to travis-ci
cross builds

Signed-off-by: Ilya Shipitsin <chipits...@gmail.com>
---
 .travis/build-deps.sh   |  17 +-
 .travis/pkcs11-helper-001-RFC7512.patch | 656 
 2 files changed, 669 insertions(+), 4 deletions(-)
 create mode 100644 .travis/pkcs11-helper-001-RFC7512.patch

diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh
index 96a030cc..6270a945 100755
--- a/.travis/build-deps.sh
+++ b/.travis/build-deps.sh
@@ -4,6 +4,11 @@ set -eux
 # Set defaults
 PREFIX="${PREFIX:-${HOME}/opt}"
 
+die() {
+echo "FATAL: $1" >&2
+exit 1
+}
+
 download_tap_windows () {
 if [ ! -f "download-cache/tap-windows-${TAP_WINDOWS_VERSION}.zip" ]; then
wget -P download-cache/ \
@@ -15,12 +20,12 @@ download_lzo () {
 if [ ! -f "download-cache/lzo-${LZO_VERSION}.tar.gz" ]; then
 wget -P download-cache/ \
 
"http://www.oberhumer.com/opensource/lzo/download/lzo-${LZO_VERSION}.tar.gz;
+tar zxf download-cache/lzo-${LZO_VERSION}.tar.gz
 fi
 }
 
 build_lzo () {
 if [ "$(cat ${PREFIX}/.lzo-version)" != "${LZO_VERSION}" ]; then
-tar zxf download-cache/lzo-${LZO_VERSION}.tar.gz
 (
 cd "lzo-${LZO_VERSION}"
 
@@ -36,12 +41,12 @@ download_pkcs11_helper () {
 if [ ! -f "pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2" ]; then
 wget -P download-cache/ \
 
"https://github.com/OpenSC/pkcs11-helper/releases/download/pkcs11-helper-${PKCS11_HELPER_VERSION}/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2;
+tar jxf download-cache/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2
 fi
 }
 
 build_pkcs11_helper () {
 if [ "$(cat ${PREFIX}/.pkcs11_helper-version)" != 
"${PKCS11_HELPER_VERSION}" ]; then
-tar jxf download-cache/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2
 (
 cd "pkcs11-helper-${PKCS11_HELPER_VERSION}"
 
@@ -158,8 +163,12 @@ if [ ! -z ${CHOST+x} ]; then
   unzip download-cache/tap-windows-${TAP_WINDOWS_VERSION}.zip
 
   download_lzo
-  build_lzo
-
   download_pkcs11_helper
+
+  for f in .travis/*.patch; do
+  patch -p1 < "${f}" || die "Patch '${f}'"
+  done
+
+  build_lzo
   build_pkcs11_helper
 fi
diff --git a/.travis/pkcs11-helper-001-RFC7512.patch 
b/.travis/pkcs11-helper-001-RFC7512.patch
new file mode 100644
index ..ad21c854
--- /dev/null
+++ b/.travis/pkcs11-helper-001-RFC7512.patch
@@ -0,0 +1,656 @@
+diff --git a/pkcs11-helper-1.22/lib/pkcs11h-serialization.c 
b/pkcs11-helper-1.22/lib/pkcs11h-serialization.c
+index ad275f8..1d077e4 100644
+--- a/pkcs11-helper-1.22/lib/pkcs11h-serialization.c
 b/pkcs11-helper-1.22/lib/pkcs11h-serialization.c
+@@ -61,29 +61,127 @@
+ 
+ #if defined(ENABLE_PKCS11H_TOKEN) || defined(ENABLE_PKCS11H_CERTIFICATE)
+ 
++#define URI_SCHEME "pkcs11:"
++
++#define token_field_ofs(field) ((unsigned long)&(((struct pkcs11h_token_id_s 
*)0)->field))
++#define token_field_size(field) sizeofstruct pkcs11h_token_id_s 
*)0)->field))
++#define token_field(name, field) { name "=", sizeof(name), \
++ token_field_ofs(field), 
token_field_size(field) }
++
++static struct {
++  const char const *name;
++  size_t namelen;
++  unsigned long field_ofs;
++  size_t field_size;
++} __token_fields[] = {
++  token_field ("model", model),
++  token_field ("token", label),
++  token_field ("manufacturer", manufacturerID ),
++  token_field ("serial", serialNumber ),
++  { NULL },
++};
++
++#define   P11_URL_VERBATIM  "abcdefghijklmnopqrstuvwxyz" \
++"ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
++"0123456789_-."
++
++static
++int
++__token_attr_escape(char *uri, char *attr, size_t attrlen)
++{
++  int len = 0, i;
++
++  for (i = 0; i < attrlen; i++) {
++  if (strchr(P11_URL_VERBATIM, attr[i])) {
++  if (uri) {
++  *(uri++) = attr[i];
++  }
++  len++;
++  } else {
++  if (uri) {
++  sprintf(uri, "%%%02x", (unsigned char)attr[i]);
++  uri += 3;
++  }
++  len += 3;
++  }
++  }
++  return len;
++}
++
++static
++CK_RV
++__generate_pkcs11_uri (
++  OUT char * const sz,
++  IN OUT size_t *max,
++  IN const pkcs11h_certificate_id_t certificate_id,
++   

[Openvpn-devel] [PATCH] travis-ci: modify openssl build script to support openssl-1.1.0

[Ilya Shipitsin]

no-multilib is only supported on openssl-1.0.X, do not use it
if OPENSSL_VERSION is 1.1.0

Signed-off-by: Ilya Shipitsin <chipits...@gmail.com>
---
 .travis/build-deps.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh
index bc538853..1761932e 100755
--- a/.travis/build-deps.sh
+++ b/.travis/build-deps.sh
@@ -110,8 +110,9 @@ build_openssl_mingw () {
 export TARGET=mingw64
 fi
 
-./Configure --cross-compile-prefix=${CHOST}- shared \
-   ${TARGET} no-multilib no-capieng --prefix="${PREFIX}" 
--openssldir="${PREFIX}" -static-libgcc
+./Configure --cross-compile-prefix=${CHOST}- shared ${TARGET} \
+   $([[ ${OPENSSL_VERSION} == "1.0."* ]] && echo "no-multilib") \
+   no-capieng --prefix="${PREFIX}" --openssldir="${PREFIX}" 
-static-libgcc
 make install
 )
 }
-- 
2.14.3


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v3] travis-ci: add brew cache, remove ccache

[Ilya Shipitsin]

1-2 minutes speedup osx builds by using brew cache.
Also, ccache was removed for a while (builds fail
after travis-ci upgraded clang to version 5.0.0)
---
v2: this is a "v2" of previously issued "enable ccache for osx and mingw builds"
patch. I decided not to enable ccache for mingw builds as it does not
speedup them

v3: removed ccache at all, because it fails on clang-5.0.0

 .travis.yml   |  2 +-
 .travis/build-deps.sh | 10 --
 2 files changed, 1 insertion(+), 11 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 1f669b30..43217b59 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -78,10 +78,10 @@ addons:
   - man2html
 
 cache:
-  ccache: true
   directories:
   - download-cache
   - ${HOME}/opt
+  - ${HOME}/Library/Caches/Homebrew
 
 before_install:
   - if [ "${TRAVIS_OS_NAME}" = "osx" ]; then brew update ; fi
diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh
index e787abab..bc538853 100755
--- a/.travis/build-deps.sh
+++ b/.travis/build-deps.sh
@@ -130,16 +130,6 @@ build_openssl () {
 fi
 }
 
-# Enable ccache
-if [ "${TRAVIS_OS_NAME}" != "osx" ] && [ -z ${CHOST+x} ]; then
-# ccache not available on osx, see:
-# https://github.com/travis-ci/travis-ci/issues/5567
-# also ccache not enabled for cross builds
-mkdir -p "${HOME}/bin"
-ln -s "$(which ccache)" "${HOME}/bin/${CC}"
-PATH="${HOME}/bin:${PATH}"
-fi
-
 if [ ! -z ${CHOST+x} ]; then
   #
   # openvpn requires at least mingw-gcc-4.9, which is available at xenial 
repo
-- 
2.14.3


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] travis-ci: speedup osx build by enabling brew cache

[Ilya Shipitsin]

1-2 minutes speedup by using brew cache, also ccache
is no more disabled for osx build (even it does not
speedup significantly, it simplifies the overall script)

---
this is a "v2" of previously issued "enable ccache for osx and mingw builds"
patch. I decided not to enable ccache for mingw builds as it does not
speedup them

 .travis.yml   | 5 +++--
 .travis/build-deps.sh | 7 ++-
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 1f669b30..34e0ac04 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -82,10 +82,11 @@ cache:
   directories:
   - download-cache
   - ${HOME}/opt
+  - ${HOME}/Library/Caches/Homebrew
 
 before_install:
-  - if [ "${TRAVIS_OS_NAME}" = "osx" ]; then brew update ; fi
-  - if [ "${TRAVIS_OS_NAME}" = "osx" ]; then brew install lzo; fi
+  - if [ "${TRAVIS_OS_NAME}" = "osx" ]; then brew update; fi
+  - if [ "${TRAVIS_OS_NAME}" = "osx" ]; then brew install lzo ccache; fi
 
 install:
   - if [ ! -z "${CHOST}" ]; then unset CC; fi
diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh
index e787abab..e7036b6b 100755
--- a/.travis/build-deps.sh
+++ b/.travis/build-deps.sh
@@ -130,11 +130,8 @@ build_openssl () {
 fi
 }
 
-# Enable ccache
-if [ "${TRAVIS_OS_NAME}" != "osx" ] && [ -z ${CHOST+x} ]; then
-# ccache not available on osx, see:
-# https://github.com/travis-ci/travis-ci/issues/5567
-# also ccache not enabled for cross builds
+# Enable ccache except cross builds
+if [ -z ${CHOST+x} ]; then
 mkdir -p "${HOME}/bin"
 ln -s "$(which ccache)" "${HOME}/bin/${CC}"
 PATH="${HOME}/bin:${PATH}"
-- 
2.14.3


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] travis-ci: enable ccache for osx and mingw builds

[Ilya Shipitsin]

--
ccache was now tested by me and works for osx
and mingw builds as well
---
 .travis.yml   |  2 +-
 .travis/build-deps.sh | 14 ++
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 366e6599..8efb1cbd 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -88,7 +88,7 @@ cache:
 
 before_install:
   - if [ "${TRAVIS_OS_NAME}" = "osx" ]; then brew update ; fi
-  - if [ "${TRAVIS_OS_NAME}" = "osx" ]; then brew install lzo; fi
+  - if [ "${TRAVIS_OS_NAME}" = "osx" ]; then brew install lzo ccache; fi
 
 install:
   - if [ ! -z "${CHOST}" ]; then unset CC; fi
diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh
index e787abab..001565f3 100755
--- a/.travis/build-deps.sh
+++ b/.travis/build-deps.sh
@@ -130,15 +130,13 @@ build_openssl () {
 fi
 }
 
-# Enable ccache
-if [ "${TRAVIS_OS_NAME}" != "osx" ] && [ -z ${CHOST+x} ]; then
-# ccache not available on osx, see:
-# https://github.com/travis-ci/travis-ci/issues/5567
-# also ccache not enabled for cross builds
-mkdir -p "${HOME}/bin"
-ln -s "$(which ccache)" "${HOME}/bin/${CC}"
-PATH="${HOME}/bin:${PATH}"
+mkdir -p "${HOME}/bin"
+if [ -z ${CHOST+x} ]; then
+ln -s "$(which ccache)" "${HOME}/bin/${CC}"
+else
+ln -s "$(which ccache)" "${HOME}/bin/${CHOST}-cc"
 fi
+PATH="${HOME}/bin:${PATH}"
 
 if [ ! -z ${CHOST+x} ]; then
   #
-- 
2.13.3


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 0/1] travis-ci: libressl support for osx

[Ilya Shipitsin]

Tunnelblick ships openvpn binary built with libressl
(see https://github.com/Tunnelblick/Tunnelblick/issues/317 )

Ilya Shipitsin (1):
  travis-ci: add libressl build for osx

 .travis.yml|  5 +
 .travis/build-check.sh |  4 
 .travis/build-deps.sh  | 31 +++
 3 files changed, 40 insertions(+)

-- 
2.13.3


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] v2 travis-ci: update pkcs11-helper to 1.22

[Ilya Shipitsin]

use pkcs11-helper from https://github.com/OpenSC/pkcs11-helper/
to match build process used in windows installer build

Signed-off-by: Ilya Shipitsin <chipits...@gmail.com>
---
v2: break lines up into 80-char, thanks Steffan Karger

 .travis.yml   | 2 +-
 .travis/build-deps.sh | 8 ++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index db90e03a..fc98a4d0 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -14,7 +14,7 @@ env:
 - PREFIX="${HOME}/opt"
 - TAP_WINDOWS_VERSION=9.21.2
 - LZO_VERSION=2.10
-- PKCS11_HELPER_VERSION=1.11
+- PKCS11_HELPER_VERSION=1.22
 - MBEDTLS_VERSION="2.4.0"
 - MBEDTLS_CFLAGS="-I${PREFIX}/include"
 - MBEDTLS_LIBS="-L${PREFIX}/lib -lmbedtls -lmbedx509 -lmbedcrypto"
diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh
index 9cc18584..e787abab 100755
--- a/.travis/build-deps.sh
+++ b/.travis/build-deps.sh
@@ -35,7 +35,7 @@ build_lzo () {
 download_pkcs11_helper () {
 if [ ! -f "pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2" ]; then
 wget -P download-cache/ \
-
"http://downloads.sourceforge.net/project/opensc/pkcs11-helper/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2;
+
"https://github.com/OpenSC/pkcs11-helper/releases/download/pkcs11-helper-${PKCS11_HELPER_VERSION}/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2;
 fi
 }
 
@@ -46,7 +46,11 @@ build_pkcs11_helper () {
 cd "pkcs11-helper-${PKCS11_HELPER_VERSION}"
 
 ./configure --host=${CHOST} --program-prefix='' 
--libdir=${PREFIX}/lib \
- --prefix=${PREFIX} --build=x86_64-pc-linux-gnu 
--disable-crypto-engine-gnutls --disable-crypto-engine-nss
+ --prefix=${PREFIX} --build=x86_64-pc-linux-gnu \
+ --disable-crypto-engine-gnutls \
+ --disable-crypto-engine-nss \
+ --disable-crypto-engine-polarssl \
+ --disable-crypto-engine-mbedtls
 make all install
  )
  echo "${PKCS11_HELPER_VERSION}" > "${PREFIX}/.pkcs11_helper-version"
-- 
2.13.3


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 1/3] travis-ci: update pkcs11-helper to 1.22

[Ilya Shipitsin]

use pkcs11-helper from https://github.com/OpenSC/pkcs11-helper/
to match build process used in windows installer build
---
 .travis.yml   | 2 +-
 .travis/build-deps.sh | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index db90e03a..fc98a4d0 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -14,7 +14,7 @@ env:
 - PREFIX="${HOME}/opt"
 - TAP_WINDOWS_VERSION=9.21.2
 - LZO_VERSION=2.10
-- PKCS11_HELPER_VERSION=1.11
+- PKCS11_HELPER_VERSION=1.22
 - MBEDTLS_VERSION="2.4.0"
 - MBEDTLS_CFLAGS="-I${PREFIX}/include"
 - MBEDTLS_LIBS="-L${PREFIX}/lib -lmbedtls -lmbedx509 -lmbedcrypto"
diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh
index 9cc18584..7d8f911b 100755
--- a/.travis/build-deps.sh
+++ b/.travis/build-deps.sh
@@ -35,7 +35,7 @@ build_lzo () {
 download_pkcs11_helper () {
 if [ ! -f "pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2" ]; then
 wget -P download-cache/ \
-
"http://downloads.sourceforge.net/project/opensc/pkcs11-helper/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2;
+
"https://github.com/OpenSC/pkcs11-helper/releases/download/pkcs11-helper-${PKCS11_HELPER_VERSION}/pkcs11-helper-${PKCS11_HELPER_VERSION}.tar.bz2;
 fi
 }
 
@@ -46,7 +46,7 @@ build_pkcs11_helper () {
 cd "pkcs11-helper-${PKCS11_HELPER_VERSION}"
 
 ./configure --host=${CHOST} --program-prefix='' 
--libdir=${PREFIX}/lib \
- --prefix=${PREFIX} --build=x86_64-pc-linux-gnu 
--disable-crypto-engine-gnutls --disable-crypto-engine-nss
+ --prefix=${PREFIX} --build=x86_64-pc-linux-gnu 
--disable-crypto-engine-gnutls --disable-crypto-engine-nss 
--disable-crypto-engine-polarssl --disable-crypto-engine-mbedtls
 make all install
  )
  echo "${PKCS11_HELPER_VERSION}" > "${PREFIX}/.pkcs11_helper-version"
-- 
2.13.3


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 2/3] travis-ci: update openssl to 1.0.2l, update mbedtls to 2.5.1

[Ilya Shipitsin]

---
 .travis.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index fc98a4d0..0b531529 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -15,10 +15,10 @@ env:
 - TAP_WINDOWS_VERSION=9.21.2
 - LZO_VERSION=2.10
 - PKCS11_HELPER_VERSION=1.22
-- MBEDTLS_VERSION="2.4.0"
+- MBEDTLS_VERSION="2.5.1"
 - MBEDTLS_CFLAGS="-I${PREFIX}/include"
 - MBEDTLS_LIBS="-L${PREFIX}/lib -lmbedtls -lmbedx509 -lmbedcrypto"
-- OPENSSL_VERSION="1.0.2k"
+- OPENSSL_VERSION="1.0.2l"
 - OPENSSL_CFLAGS="-I${PREFIX}/include"
 - OPENSSL_LIBS="-L${PREFIX}/lib -lssl -lcrypto"
 
-- 
2.13.3


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 3/3] add a test to "openvpn --help"

[Ilya Shipitsin]

inspired by 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13808.html
---
 tests/Makefile.am |  2 +-
 tests/t_usage.sh  | 29 +
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100755 tests/t_usage.sh

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 0795680c..7306d1d1 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -14,7 +14,7 @@ MAINTAINERCLEANFILES = \
 
 SUBDIRS = unit_tests
 
-test_scripts = t_client.sh
+test_scripts = t_client.sh t_usage.sh
 if ENABLE_CRYPTO
 test_scripts += t_lpback.sh t_cltsrv.sh
 endif
diff --git a/tests/t_usage.sh b/tests/t_usage.sh
new file mode 100755
index ..f4845468
--- /dev/null
+++ b/tests/t_usage.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+#
+# run "openvpn --help"
+# - check that openvpn did not crash
+#
+# prerequisites:
+# - openvpn binary in current directory
+#
+# inspired by 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13808.html
+#
+
+top_builddir="${top_builddir:-..}"
+
+if [ ! -x "${top_builddir}/src/openvpn/openvpn" ]
+then
+echo "no (executable) openvpn binary in current build tree. FAIL." >&2
+exit 1
+fi
+
+exit_code=0
+
+"${top_builddir}/src/openvpn/openvpn" --help >/dev/null
+
+if [ $? -ne 1 ]
+then
+   exit_code=1
+fi
+
+exit $exit_code
-- 
2.13.3


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] win32 build: check for ENETUNREACH

[Ilya Shipitsin]

Currently, we do not check for mingw-gcc version. For example,
Debian 7 is shipped with 4.6.3, which does not know about ENETUNREACH
---

this is for 2.4 and HEAD branches

 configure.ac | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/configure.ac b/configure.ac
index 60bb465..80b26ff 100644
--- a/configure.ac
+++ b/configure.ac
@@ -708,6 +708,20 @@ m4_define(
[setsockopt getsockopt getsockname poll]dnl
 )
 if test "${WIN32}" = "yes"; then
+
+#
+# check for ENETUNREACH 
+# at least Debian 7 is shipped with gcc-mingw-w64-4.6.3, which is too old
+#
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
+[[#include 
+#if !defined (ENETUNREACH)
+# error ENETUNREACH not defined
+#endif
+]])],
+   ,
+   [AC_MSG_ERROR([gcc-mingw is too old, please update])])
+
 # normal autoconf function checking does not find inet_ntop/inet_pton
 # because they need to include the actual header file and link ws2_32.dll
LIBS="${LIBS} -lws2_32"
-- 
2.9.4


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] travis-ci: added gcc and clang openssl-1.1.0 builds

[Ilya Shipitsin]

openssl build script was modified according to official openssl manual:
https://wiki.openssl.org/index.php/Compilation_and_Installation
---
 .travis.yml   | 6 ++
 .travis/build-deps.sh | 6 +++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index bb44222..db90e03 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -27,9 +27,15 @@ matrix:
 - env: SSLLIB="openssl"
   os: linux
   compiler: gcc
+- env: SSLLIB="openssl" OPENSSL_VERSION="1.1.0f"
+  os: linux
+  compiler: gcc
 - env: SSLLIB="openssl"
   os: linux
   compiler: clang
+- env: SSLLIB="openssl" OPENSSL_VERSION="1.1.0f"
+  os: linux
+  compiler: clang
 - env: SSLLIB="mbedtls"
   os: linux
   compiler: gcc
diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh
index c5c1188..9cc1858 100755
--- a/.travis/build-deps.sh
+++ b/.travis/build-deps.sh
@@ -82,7 +82,7 @@ download_openssl () {
 build_openssl_linux () {
 (
 cd "openssl-${OPENSSL_VERSION}/"
-./config shared --openssldir="${PREFIX}" -DPURIFY
+./config shared --prefix="${PREFIX}" --openssldir="${PREFIX}" -DPURIFY
 make all install_sw
 )
 }
@@ -91,7 +91,7 @@ build_openssl_osx () {
 (
 cd "openssl-${OPENSSL_VERSION}/"
 ./Configure darwin64-x86_64-cc shared \
---openssldir="${PREFIX}" -DPURIFY
+--prefix="${PREFIX}" --openssldir="${PREFIX}" -DPURIFY
 make depend all install_sw
 )
 }
@@ -107,7 +107,7 @@ build_openssl_mingw () {
 fi
 
 ./Configure --cross-compile-prefix=${CHOST}- shared \
-   ${TARGET} no-multilib no-capieng --openssldir="${PREFIX}" 
-static-libgcc
+   ${TARGET} no-multilib no-capieng --prefix="${PREFIX}" 
--openssldir="${PREFIX}" -static-libgcc
 make install
 )
 }
-- 
2.5.5


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] v4, travis-ci: add 2 mingw "build only" configurations

[Ilya Shipitsin]

Inspired by 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13032.html
build options are taken from regular windows installer builds

Signed-off-by: Ilya Shipitsin <chipits...@gmail.com>
---
v2: moved download/build dependencies into functions, changed cross build
detection from shell expansion ${CHOST+x} to more recognised -z "${CHOST}",
which required changing 'set -eux' to 'set -ex'. Added comments to make
code readable without looking into commit message.

v3: fixed "trailing whitespaces" found by Samuli Seppänen. Added back "set -u",
thanks to Steffan Karger. Changed repo manipulation to "apt-add-repository", 
thanks
to Nathan Stratton Treadway.

v4: moved build/test logic into separate script running with "set -eux", thanks
to Steffan Karger

 .travis.yml| 22 ++--
 .travis/build-check.sh | 30 
 .travis/build-deps.sh  | 98 +++---
 3 files changed, 135 insertions(+), 15 deletions(-)
 create mode 100755 .travis/build-check.sh

diff --git a/.travis.yml b/.travis.yml
index 3c0aa7d..bb44222 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -12,6 +12,9 @@ env:
   global:
 - JOBS=3
 - PREFIX="${HOME}/opt"
+- TAP_WINDOWS_VERSION=9.21.2
+- LZO_VERSION=2.10
+- PKCS11_HELPER_VERSION=1.11
 - MBEDTLS_VERSION="2.4.0"
 - MBEDTLS_CFLAGS="-I${PREFIX}/include"
 - MBEDTLS_LIBS="-L${PREFIX}/lib -lmbedtls -lmbedx509 -lmbedcrypto"
@@ -50,6 +53,12 @@ matrix:
   os: osx
   osx_image: xcode7.3
   compiler: clang
+- env: SSLLIB="openssl" CHOST=x86_64-w64-mingw32
+  os: linux
+  compiler: ": Win64 build only"
+- env: SSLLIB="openssl" CHOST=i686-w64-mingw32
+  os: linux
+  compiler: ": Win32 build only"
   exclude:
 - compiler: gcc
 
@@ -60,6 +69,7 @@ addons:
   - libpam0g-dev
   - liblz4-dev
   - linux-libc-dev
+  - man2html
 
 cache:
   ccache: true
@@ -72,16 +82,8 @@ before_install:
   - if [ "${TRAVIS_OS_NAME}" = "osx" ]; then brew install lzo; fi
 
 install:
+  - if [ ! -z "${CHOST}" ]; then unset CC; fi
   - .travis/build-deps.sh > build-deps.log 2>&1 || (cat build-deps.log && exit 
1)
 
 script:
-  - if [ "${TRAVIS_OS_NAME}" = "linux" ]; then export 
LD_LIBRARY_PATH="${PREFIX}/lib:${LD_LIBRARY_PATH}"; fi
-  - if [ "${TRAVIS_OS_NAME}" = "osx"   ]; then export 
DYLD_LIBRARY_PATH="${PREFIX}/lib:${DYLD_LIBRARY_PATH}"; fi
-  - autoreconf -vi
-  - ./configure --with-crypto-library="${SSLLIB}" ${EXTRA_CONFIG} || (cat 
config.log && exit 1)
-  - make -j$JOBS
-  - src/openvpn/openvpn --version || true
-  - if [ "${TRAVIS_OS_NAME}" = "linux" ]; then ldd src/openvpn/openvpn; fi
-  - if [ "${TRAVIS_OS_NAME}" = "osx" ]; then otool -L src/openvpn/openvpn; fi
-  - make check
-  - $EXTRA_SCRIPT
+  - .travis/build-check.sh
diff --git a/.travis/build-check.sh b/.travis/build-check.sh
new file mode 100755
index 000..5ef8c6c
--- /dev/null
+++ b/.travis/build-check.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+set -eux
+
+if [ "${TRAVIS_OS_NAME}" = "linux" ]; then 
+   export LD_LIBRARY_PATH="${PREFIX}/lib:${LD_LIBRARY_PATH:-}"
+fi
+
+if [ "${TRAVIS_OS_NAME}" = "osx"   ]; then 
+   export DYLD_LIBRARY_PATH="${PREFIX}/lib:${DYLD_LIBRARY_PATH:-}"
+fi
+
+autoreconf -vi
+
+if [ -z ${CHOST+x} ]; then
+   ./configure --with-crypto-library="${SSLLIB}" ${EXTRA_CONFIG:-} || (cat 
config.log && exit 1)
+   make -j$JOBS
+   src/openvpn/openvpn --version || true
+   if [ "${TRAVIS_OS_NAME}" = "linux" ]; then ldd src/openvpn/openvpn; fi
+   if [ "${TRAVIS_OS_NAME}" = "osx" ]; then otool -L src/openvpn/openvpn; 
fi
+   make check
+   ${EXTRA_SCRIPT:-}
+else
+   export TAP_CFLAGS="-I${PWD}/tap-windows-${TAP_WINDOWS_VERSION}/include"
+   export LZO_CFLAGS="-I${PREFIX}/include"
+   export LZO_LIBS="-L${PREFIX}/lib -llzo2"
+   export PKCS11_HELPER_LIBS="-L${PREFIX}/lib -lpkcs11-helper"
+   export PKCS11_HELPER_CFLAGS="-I${PREFIX}/include"
+   ./configure --with-crypto-library="${SSLLIB}" --host=${CHOST} 
--build=x86_64-pc-linux-gnu --enable-pkcs11 --disable-plugins || (cat 
config.log && exit 1)
+   make -j${JOBS}
+fi
diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh
index 3ffba0b..c5c1188 100755
--- a/.travis/build-deps.sh
+++ b/.travis/build-deps.sh
@@ -4,6 +4,55 @@ set -eux
 # Set defaults
 PREFIX="${PREFIX:-${HOME}/opt}"
 
+download_tap_windows () {
+if [ ! -f "download-cache/tap-windows-${TAP_WINDOWS_VERSION}.

[Openvpn-devel] [PATCH] v3: resolve format string warnings

[Ilya Shipitsin]

[src/openvpn/options.c:1163]: (warning) %x in format string (no. 1) requires 
'unsigned int *' but the argument type is 'signed int *'.
[src/openvpn/route.c:3187]: (warning) %d in format string (no. 5) requires 'int 
*' but the argument type is 'unsigned int *'.

Signed-off-by: Ilya Shipitsin <chipits...@gmail.com>
---
v2: use "uint8_t" in options.c, thanks to Gert Doering

v3: switch back to "unsigned int", thanks to David Sommerseth

 src/openvpn/options.c | 2 +-
 src/openvpn/route.c   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index dcb6ecf..2bc7e62 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1147,7 +1147,7 @@ parse_hash_fingerprint(const char *str, int nbytes, int 
msglevel, struct gc_aren
 const char *cp = str;
 uint8_t *ret = (uint8_t *) gc_malloc(nbytes, true, gc);
 char term = 1;
-int byte;
+unsigned int byte;
 char bs[3];
 
 for (i = 0; i < nbytes; ++i)
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index 08998d5..ecfa60f 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -3184,7 +3184,7 @@ get_default_gateway(struct route_gateway_info *rgi)
 unsigned int flags = 0;
 char name[16];
 name[0] = 0;
-const int np = sscanf(line, 
"%15s\t%x\t%x\t%x\t%*s\t%*s\t%d\t%x",
+const int np = sscanf(line, 
"%15s\t%x\t%x\t%x\t%*s\t%*s\t%u\t%x",
   name,
   _x,
   _x,
-- 
2.5.5


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] travis-ci: add 2 mingw "build only configurations"

[Ilya Shipitsin]

Inspired by 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13032.html
build options are taken from regular windows installer builds

Signed-off-by: Ilya Shipitsin <chipits...@gmail.com>
---
 .travis.yml   | 30 +---
 .travis/build-deps.sh | 55 ++-
 2 files changed, 73 insertions(+), 12 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 3c0aa7d..9ab30a2 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -12,6 +12,9 @@ env:
   global:
 - JOBS=3
 - PREFIX="${HOME}/opt"
+- TAP_WINDOWS_VERSION=9.21.2
+- LZO_VERSION=2.10
+- PKCS11_HELPER_VERSION=1.11
 - MBEDTLS_VERSION="2.4.0"
 - MBEDTLS_CFLAGS="-I${PREFIX}/include"
 - MBEDTLS_LIBS="-L${PREFIX}/lib -lmbedtls -lmbedx509 -lmbedcrypto"
@@ -50,6 +53,12 @@ matrix:
   os: osx
   osx_image: xcode7.3
   compiler: clang
+- env: SSLLIB="openssl" CHOST=x86_64-w64-mingw32
+  os: linux
+  compiler: ": Win64 build only"
+- env: SSLLIB="openssl" CHOST=i686-w64-mingw32
+  os: linux
+  compiler: ": Win32 build only"
   exclude:
 - compiler: gcc
 
@@ -60,6 +69,7 @@ addons:
   - libpam0g-dev
   - liblz4-dev
   - linux-libc-dev
+  - man2html
 
 cache:
   ccache: true
@@ -72,16 +82,22 @@ before_install:
   - if [ "${TRAVIS_OS_NAME}" = "osx" ]; then brew install lzo; fi
 
 install:
+  - if [ ! -z "${CHOST+xxx}" ]; then unset CC; unset CXX; fi
   - .travis/build-deps.sh > build-deps.log 2>&1 || (cat build-deps.log && exit 
1)
 
 script:
   - if [ "${TRAVIS_OS_NAME}" = "linux" ]; then export 
LD_LIBRARY_PATH="${PREFIX}/lib:${LD_LIBRARY_PATH}"; fi
   - if [ "${TRAVIS_OS_NAME}" = "osx"   ]; then export 
DYLD_LIBRARY_PATH="${PREFIX}/lib:${DYLD_LIBRARY_PATH}"; fi
   - autoreconf -vi
-  - ./configure --with-crypto-library="${SSLLIB}" ${EXTRA_CONFIG} || (cat 
config.log && exit 1)
-  - make -j$JOBS
-  - src/openvpn/openvpn --version || true
-  - if [ "${TRAVIS_OS_NAME}" = "linux" ]; then ldd src/openvpn/openvpn; fi
-  - if [ "${TRAVIS_OS_NAME}" = "osx" ]; then otool -L src/openvpn/openvpn; fi
-  - make check
-  - $EXTRA_SCRIPT
+  - if [ -z "${CHOST+xxx}" ]; then
+  ./configure --with-crypto-library="${SSLLIB}" ${EXTRA_CONFIG} || (cat 
config.log && exit 1);
+  make -j$JOBS;
+  src/openvpn/openvpn --version || true;
+  if [ "${TRAVIS_OS_NAME}" = "linux" ]; then ldd src/openvpn/openvpn; fi;
+  if [ "${TRAVIS_OS_NAME}" = "osx" ]; then otool -L src/openvpn/openvpn; 
fi;
+  make check;
+  $EXTRA_SCRIPT;
+else
+  TAP_CFLAGS="-I${PWD}/tap-windows-${TAP_WINDOWS_VERSION}/include" 
LZO_CFLAGS="-I${PREFIX}/include" LZO_LIBS="-L${PREFIX}/lib -llzo2" 
PKCS11_HELPER_LIBS="-L${PREFIX}/lib -lpkcs11-helper" 
PKCS11_HELPER_CFLAGS="-I${PREFIX}/include" ./configure --host=${CHOST} 
--build=x86_64-pc-linux-gnu --enable-pkcs11 --disable-plugins || (cat 
config.log && exit 1);
+  make -j$JOBS;
+fi
diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh
index 3ffba0b..18f40ec 100755
--- a/.travis/build-deps.sh
+++ b/.travis/build-deps.sh
@@ -31,7 +31,6 @@ download_openssl () {
 }
 
 build_openssl_linux () {
-tar zxf "download-cache/openssl-${OPENSSL_VERSION}.tar.gz"
 (
 cd "openssl-${OPENSSL_VERSION}/"
 ./config shared --openssldir="${PREFIX}" -DPURIFY
@@ -40,7 +39,6 @@ build_openssl_linux () {
 }
 
 build_openssl_osx () {
-tar zxf "download-cache/openssl-${OPENSSL_VERSION}.tar.gz"
 (
 cd "openssl-${OPENSSL_VERSION}/"
 ./Configure darwin64-x86_64-cc shared \
@@ -49,9 +47,25 @@ build_openssl_osx () {
 )
 }
 
+build_openssl_mingw () {
+(
+cd "openssl-${OPENSSL_VERSION}/"
+
+if [ "${CHOST}" = "i686-w64-mingw32" ]; then export target=mingw; fi
+if [ "${CHOST}" = "x86_64-w64-mingw32" ]; then export target=mingw64; 
fi
+
+./Configure --cross-compile-prefix=${CHOST}- shared \
+   $target no-multilib no-capieng --openssldir="${PREFIX}" 
-static-libgcc
+make install  
+)
+}
+
 build_openssl () {
 if [ "$(cat ${PREFIX}/.openssl-version)" != "${OPENSSL_VERSION}" ]; then
-if [ "${TRAVIS_OS_NAME}" = "osx" ]; then
+tar zxf "download-cache/openssl-${OPENSSL_VERSION}.tar.gz"
+if [ ! -z ${CHOST+xxx} ]; then
+build_openssl_mingw
+elif [ "${TRAVIS_OS_NAME}" = "osx" ]; then
 

[Openvpn-devel] [PATCH] v2: resolve format string warnings

[Ilya Shipitsin]

[src/openvpn/options.c:1163]: (warning) %x in format string (no. 1) requires 
'unsigned int *' but the argument type is 'signed int *'.
[src/openvpn/route.c:3187]: (warning) %d in format string (no. 5) requires 'int 
*' but the argument type is 'unsigned int *'.

v2: use "uint8_t" in options.c, thanks to Gert Doering
Signed-off-by: Ilya Shipitsin <chipits...@gmail.com>
---
 src/openvpn/options.c | 4 ++--
 src/openvpn/route.c   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index dcb6ecf..6aa72dc 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1147,7 +1147,7 @@ parse_hash_fingerprint(const char *str, int nbytes, int 
msglevel, struct gc_aren
 const char *cp = str;
 uint8_t *ret = (uint8_t *) gc_malloc(nbytes, true, gc);
 char term = 1;
-int byte;
+uint8_t byte;
 char bs[3];
 
 for (i = 0; i < nbytes; ++i)
@@ -1164,7 +1164,7 @@ parse_hash_fingerprint(const char *str, int nbytes, int 
msglevel, struct gc_aren
 {
 msg(msglevel, "format error in hash fingerprint hex byte: %s", 
str);
 }
-ret[i] = (uint8_t)byte;
+ret[i] = byte;
 term = *cp++;
 if (term != ':' && term != 0)
 {
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index 08998d5..ecfa60f 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -3184,7 +3184,7 @@ get_default_gateway(struct route_gateway_info *rgi)
 unsigned int flags = 0;
 char name[16];
 name[0] = 0;
-const int np = sscanf(line, 
"%15s\t%x\t%x\t%x\t%*s\t%*s\t%d\t%x",
+const int np = sscanf(line, 
"%15s\t%x\t%x\t%x\t%*s\t%*s\t%u\t%x",
   name,
   _x,
   _x,
-- 
2.5.5


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] resolve format string warnings

[Ilya Shipitsin]

[src/openvpn/options.c:1163]: (warning) %x in format string (no. 1) requires 
'unsigned int *' but the argument type is 'signed int *'.
[src/openvpn/route.c:3187]: (warning) %d in format string (no. 5) requires 'int 
*' but the argument type is 'unsigned int *'.

Signed-off-by: Ilya Shipitsin <chipits...@gmail.com>
---
 src/openvpn/options.c | 2 +-
 src/openvpn/route.c   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index dcb6ecf..2bc7e62 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1147,7 +1147,7 @@ parse_hash_fingerprint(const char *str, int nbytes, int 
msglevel, struct gc_aren
 const char *cp = str;
 uint8_t *ret = (uint8_t *) gc_malloc(nbytes, true, gc);
 char term = 1;
-int byte;
+unsigned int byte;
 char bs[3];
 
 for (i = 0; i < nbytes; ++i)
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index 08998d5..ecfa60f 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -3184,7 +3184,7 @@ get_default_gateway(struct route_gateway_info *rgi)
 unsigned int flags = 0;
 char name[16];
 name[0] = 0;
-const int np = sscanf(line, 
"%15s\t%x\t%x\t%x\t%*s\t%*s\t%d\t%x",
+const int np = sscanf(line, 
"%15s\t%x\t%x\t%x\t%*s\t%*s\t%u\t%x",
   name,
   _x,
   _x,
-- 
2.5.5


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] travis-ci: remove unused files

[Ilya Shipitsin]

Those files were commited by mistake. I implemented building
dependencies in 4 separate scripts, later Steffan Karger combined
all 4 scripts into "build-deps.sh".

Signed-off-by: Ilya Shipitsin <chipits...@gmail.com>
---
 .travis/build-mbedtls-linux.sh |  9 -
 .travis/build-mbedtls-osx.sh   |  9 -
 .travis/build-openssl-linux.sh | 12 
 .travis/build-openssl-osx.sh   | 11 ---
 4 files changed, 41 deletions(-)
 delete mode 100755 .travis/build-mbedtls-linux.sh
 delete mode 100755 .travis/build-mbedtls-osx.sh
 delete mode 100755 .travis/build-openssl-linux.sh
 delete mode 100755 .travis/build-openssl-osx.sh

diff --git a/.travis/build-mbedtls-linux.sh b/.travis/build-mbedtls-linux.sh
deleted file mode 100755
index dc92aaf..000
--- a/.travis/build-mbedtls-linux.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-
-if [ ! -f download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz ]; then
-   wget -O download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz 
https://tls.mbed.org/download/mbedtls-${MBEDTLS_VERSION}-apache.tgz;
-fi
-
-tar zxf download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz
-cd mbedtls-${MBEDTLS_VERSION} && make > build.log 2>&1 || (cat build.log && 
exit 1)
-make install DESTDIR=$MBEDTLS_PREFIX && cd ..
diff --git a/.travis/build-mbedtls-osx.sh b/.travis/build-mbedtls-osx.sh
deleted file mode 100755
index dc92aaf..000
--- a/.travis/build-mbedtls-osx.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-
-if [ ! -f download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz ]; then
-   wget -O download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz 
https://tls.mbed.org/download/mbedtls-${MBEDTLS_VERSION}-apache.tgz;
-fi
-
-tar zxf download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz
-cd mbedtls-${MBEDTLS_VERSION} && make > build.log 2>&1 || (cat build.log && 
exit 1)
-make install DESTDIR=$MBEDTLS_PREFIX && cd ..
diff --git a/.travis/build-openssl-linux.sh b/.travis/build-openssl-linux.sh
deleted file mode 100755
index 84f4aae..000
--- a/.travis/build-openssl-linux.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/sh
-
-if [ ! -f download-cache/openssl-${OPENSSL_VERSION}.tar.gz ]; then
-   wget -O download-cache/openssl-${OPENSSL_VERSION}.tar.gz 
https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz;
-fi
-
-tar zxf download-cache/openssl-${OPENSSL_VERSION}.tar.gz
-cd openssl-${OPENSSL_VERSION}/
-./config shared --prefix=$OPENSSL_PREFIX -DPURIFY > build.log 2>&1 || (cat 
build.log && exit 1)
-make > build.log 2>&1 || (cat build.log && exit 1)
-make install_sw > build.log 2>&1 || (cat build.log && exit 1)
-cd ..
diff --git a/.travis/build-openssl-osx.sh b/.travis/build-openssl-osx.sh
deleted file mode 100755
index 61c8016..000
--- a/.travis/build-openssl-osx.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-if [ ! -f download-cache/openssl-${OPENSSL_VERSION}.tar.gz ]; then
-wget -O download-cache/openssl-${OPENSSL_VERSION}.tar.gz 
https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz;
-fi
-
-tar zxf download-cache/openssl-${OPENSSL_VERSION}.tar.gz
-cd openssl-${OPENSSL_VERSION}/
-./Configure darwin64-x86_64-cc shared --prefix=$OPENSSL_PREFIX -DPURIFY > 
build.log 2>&1 || (cat build.log && exit 1)
-make depend install > build.log 2>&1 || (cat build.log && exit 1)
-cd ..
-- 
2.5.5


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] travis-ci: add "make distcheck" to test scenario, V2

[Ilya Shipitsin]

in rare cases openvpn is built from tarball, it happens during "installer build"
process. "make distcheck" helps to prevent problems during such builds.

V2: limit "make distcheck" to one build configuration
Signed-off-by: Ilya Shipitsin <chipits...@gmail.com>
---
 .travis.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index a68374a..3c0aa7d 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -33,7 +33,7 @@ matrix:
 - env: SSLLIB="mbedtls"
   os: linux
   compiler: clang
-- env: SSLLIB="openssl" EXTRA_CONFIG="--disable-crypto"
+- env: SSLLIB="openssl" EXTRA_CONFIG="--disable-crypto" EXTRA_SCRIPT="make 
distcheck"
   os: linux
   compiler: clang
 - env: SSLLIB="openssl" EXTRA_CONFIG="--disable-lzo"
@@ -84,3 +84,4 @@ script:
   - if [ "${TRAVIS_OS_NAME}" = "linux" ]; then ldd src/openvpn/openvpn; fi
   - if [ "${TRAVIS_OS_NAME}" = "osx" ]; then otool -L src/openvpn/openvpn; fi
   - make check
+  - $EXTRA_SCRIPT
-- 
2.5.5


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] travis-ci: add "make distcheck" to test scenario

[Ilya Shipitsin]

in rare cases openvpn is built from tarball, it happens during "installer build"
process. "make distcheck" helps to prevent problems during such builds.

Signed-off-by: Ilya Shipitsin <chipits...@gmail.com>
---
 .travis.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.travis.yml b/.travis.yml
index a68374a..6ebfa39 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -79,6 +79,7 @@ script:
   - if [ "${TRAVIS_OS_NAME}" = "osx"   ]; then export 
DYLD_LIBRARY_PATH="${PREFIX}/lib:${DYLD_LIBRARY_PATH}"; fi
   - autoreconf -vi
   - ./configure --with-crypto-library="${SSLLIB}" ${EXTRA_CONFIG} || (cat 
config.log && exit 1)
+  - make distcheck > build.log 2>&1 || (cat build.log && exit 1)
   - make -j$JOBS
   - src/openvpn/openvpn --version || true
   - if [ "${TRAVIS_OS_NAME}" = "linux" ]; then ldd src/openvpn/openvpn; fi
-- 
2.5.5


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] v2, add PR template in order to simplify new developers cooperate properly if they open PR. discussed here: https://sourceforge.net/p/openvpn/mailman/message/35601310/

[Ilya Shipitsin]

v2: @mattock has changed links and provided an example of "git send-email"
---
 .github/PULL_REQUEST_TEMPLATE.md | 15 +++
 1 file changed, 15 insertions(+)
 create mode 100644 .github/PULL_REQUEST_TEMPLATE.md

diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 000..a8653d8
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,15 @@
+# Thank you for your contribution
+
+You are welcome to open PR, but they are used for discussion only. All
+patches must eventually go to the openvpn-devel mailing list for review:
+
+* https://lists.sourceforge.net/lists/listinfo/openvpn-devel
+
+Please send your patch using 
[git-send-email](https://git-scm.com/docs/git-send-email). For example to send 
your latest commit to the list:
+
+$ git send-email --to=openvpn-devel@lists.sourceforge.net HEAD~1
+
+For details, see these Wiki articles:
+
+* https://community.openvpn.net/openvpn/wiki/Contributing
+* https://community.openvpn.net/openvpn/wiki/DeveloperDocumentation
-- 
2.5.5


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Resolve several travis-ci issues

[Ilya Shipitsin]

MBEDTLS_VERSION, OPENSSL_VERSION were defined twice - in both
.travis.yml  and .travis/build-deps.sh files, the last one
defined OPENSSL_VERSION via nonexistent OPENSSL_VERION
variable, which lead us to use openssl-1.0.1 instead of
openssl-1.0.2, I removed variable definition from build-deps.sh

"cache: [ apt: true ]" is not a travis supported option, it was
introduced by mistake, I removed it

LD_LIBRARY_PATH was defined for the entire test run, it includes
custom openssl build, which was picked by "wget", so "wget"
could not verify SSL cert at https://www.openssl.org sometimes.
We do not want wget to pick our custom LD_LIBRARY_PATH, so I moved
that variable to "script" section

LD_LIBRARY_PATH was defined for both linux and osx environments,
for the second DYLD_LIBRARY_PATH must be defined instead

v2: Upgrade openssl, mbedtls to the most recent versions

v3: DYLD_LIBRARY_PATH was defined via LD_LIBRARY_PATH by mistake
---
 .travis.yml   | 8 
 .travis/build-deps.sh | 2 --
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 369db97..a68374a 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -12,13 +12,12 @@ env:
   global:
 - JOBS=3
 - PREFIX="${HOME}/opt"
-- MBEDTLS_VERSION="2.2.1"
+- MBEDTLS_VERSION="2.4.0"
 - MBEDTLS_CFLAGS="-I${PREFIX}/include"
 - MBEDTLS_LIBS="-L${PREFIX}/lib -lmbedtls -lmbedx509 -lmbedcrypto"
-- OPENSSL_VERSION="1.0.1t"
+- OPENSSL_VERSION="1.0.2k"
 - OPENSSL_CFLAGS="-I${PREFIX}/include"
 - OPENSSL_LIBS="-L${PREFIX}/lib -lssl -lcrypto"
-- LD_LIBRARY_PATH="${PREFIX}/lib:${LD_LIBRARY_PATH}"
 
 matrix:
   include:
@@ -63,7 +62,6 @@ addons:
   - linux-libc-dev
 
 cache:
-  apt: true
   ccache: true
   directories:
   - download-cache
@@ -77,6 +75,8 @@ install:
   - .travis/build-deps.sh > build-deps.log 2>&1 || (cat build-deps.log && exit 
1)
 
 script:
+  - if [ "${TRAVIS_OS_NAME}" = "linux" ]; then export 
LD_LIBRARY_PATH="${PREFIX}/lib:${LD_LIBRARY_PATH}"; fi
+  - if [ "${TRAVIS_OS_NAME}" = "osx"   ]; then export 
DYLD_LIBRARY_PATH="${PREFIX}/lib:${DYLD_LIBRARY_PATH}"; fi
   - autoreconf -vi
   - ./configure --with-crypto-library="${SSLLIB}" ${EXTRA_CONFIG} || (cat 
config.log && exit 1)
   - make -j$JOBS
diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh
index bda54ee..3ffba0b 100755
--- a/.travis/build-deps.sh
+++ b/.travis/build-deps.sh
@@ -2,8 +2,6 @@
 set -eux
 
 # Set defaults
-MBEDTLS_VERSION="${MBEDTLS_VERSION:-2.2.1}"
-OPENSSL_VERSION="${OPENSSL_VERION:-1.0.2h}"
 PREFIX="${PREFIX:-${HOME}/opt}"
 
 download_mbedtls () {
-- 
2.5.5


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Resolve several travis-ci issues

[Ilya Shipitsin]

MBEDTLS_VERSION, OPENSSL_VERSION were defined twice - in both
 .travis.yml  and .travis/build-deps.sh files, the last one
defined OPENSSL_VERSION via nonexistent OPENSSL_VERION
variable, which lead us to use openssl-1.0.1 instead of
openssl-1.0.2, I removed variable definition from build-deps.sh

"cache: [ apt: true ]" is not a travis supported option, it was
introduced by mistake, I removed it

LD_LIBRARY_PATH was defined for the entire test run, it includes
custom openssl build, which was picked by "wget", so "wget"
could not verify SSL cert at https://www.openssl.org sometimes.
We do not want wget to pick our custom LD_LIBRARY_PATH, so I moved
that variable to "script" section

LD_LIBRARY_PATH was defined for both linux and osx environments,
for the second DYLD_LIBRARY_PATH must be defined instead

v2: Upgrade openssl, mbedtls to the most recent versions
---
 .travis.yml   | 8 
 .travis/build-deps.sh | 2 --
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 369db97..9741d6d 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -12,13 +12,12 @@ env:
   global:
 - JOBS=3
 - PREFIX="${HOME}/opt"
-- MBEDTLS_VERSION="2.2.1"
+- MBEDTLS_VERSION="2.4.0"
 - MBEDTLS_CFLAGS="-I${PREFIX}/include"
 - MBEDTLS_LIBS="-L${PREFIX}/lib -lmbedtls -lmbedx509 -lmbedcrypto"
-- OPENSSL_VERSION="1.0.1t"
+- OPENSSL_VERSION="1.0.2k"
 - OPENSSL_CFLAGS="-I${PREFIX}/include"
 - OPENSSL_LIBS="-L${PREFIX}/lib -lssl -lcrypto"
-- LD_LIBRARY_PATH="${PREFIX}/lib:${LD_LIBRARY_PATH}"
 
 matrix:
   include:
@@ -63,7 +62,6 @@ addons:
   - linux-libc-dev
 
 cache:
-  apt: true
   ccache: true
   directories:
   - download-cache
@@ -77,6 +75,8 @@ install:
   - .travis/build-deps.sh > build-deps.log 2>&1 || (cat build-deps.log && exit 
1)
 
 script:
+  - if [ "${TRAVIS_OS_NAME}" = "linux" ]; then export 
LD_LIBRARY_PATH="${PREFIX}/lib:${LD_LIBRARY_PATH}"; fi
+  - if [ "${TRAVIS_OS_NAME}" = "osx"   ]; then export 
DYLD_LIBRARY_PATH="${PREFIX}/lib:${LD_LIBRARY_PATH}"; fi
   - autoreconf -vi
   - ./configure --with-crypto-library="${SSLLIB}" ${EXTRA_CONFIG} || (cat 
config.log && exit 1)
   - make -j$JOBS
diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh
index bda54ee..3ffba0b 100755
--- a/.travis/build-deps.sh
+++ b/.travis/build-deps.sh
@@ -2,8 +2,6 @@
 set -eux
 
 # Set defaults
-MBEDTLS_VERSION="${MBEDTLS_VERSION:-2.2.1}"
-OPENSSL_VERSION="${OPENSSL_VERION:-1.0.2h}"
 PREFIX="${PREFIX:-${HOME}/opt}"
 
 download_mbedtls () {
-- 
2.5.5


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Resolve several travis-ci issues

[Ilya Shipitsin]

MBEDTLS_VERSION, OPENSSL_VERSION were defined twice - in both
 .travis.yml  and .travis/build-deps.sh files, the last one
defined OPENSSL_VERSION via nonexistent OPENSSL_VERION
variable, which lead us to use openssl-1.0.1 instead of
openssl-1.0.2, I removed variable definition from build-deps.sh

"cache: [ apt: true ]" is not a travis supported option, it was
introduced by mistake, I removed it

LD_LIBRARY_PATH was defined for the entire test run, it includes
custom openssl build, which was picked by "wget", so "wget"
could not verify SSL cert at https://www.openssl.org sometimes.
We do not want wget to pick our custom LD_LIBRARY_PATH, so I moved
that variable to "script" section

LD_LIBRARY_PATH was defined for both linux and osx environments,
for the second DYLD_LIBRARY_PATH must be defined instead

v2: Upgrade openssl, mbedtls to the most recent versions
---
 .travis.yml   | 7 +++
 .travis/build-deps.sh | 2 --
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 369db97..dd340f5 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -12,13 +12,12 @@ env:
   global:
 - JOBS=3
 - PREFIX="${HOME}/opt"
-- MBEDTLS_VERSION="2.2.1"
+- MBEDTLS_VERSION="2.4.0"
 - MBEDTLS_CFLAGS="-I${PREFIX}/include"
 - MBEDTLS_LIBS="-L${PREFIX}/lib -lmbedtls -lmbedx509 -lmbedcrypto"
-- OPENSSL_VERSION="1.0.1t"
+- OPENSSL_VERSION="1.0.2k"
 - OPENSSL_CFLAGS="-I${PREFIX}/include"
 - OPENSSL_LIBS="-L${PREFIX}/lib -lssl -lcrypto"
-- LD_LIBRARY_PATH="${PREFIX}/lib:${LD_LIBRARY_PATH}"
 
 matrix:
   include:
@@ -63,7 +62,6 @@ addons:
   - linux-libc-dev
 
 cache:
-  apt: true
   ccache: true
   directories:
   - download-cache
@@ -77,6 +75,7 @@ install:
   - .travis/build-deps.sh > build-deps.log 2>&1 || (cat build-deps.log && exit 
1)
 
 script:
+  - export LD_LIBRARY_PATH="${PREFIX}/lib:${LD_LIBRARY_PATH}"
   - autoreconf -vi
   - ./configure --with-crypto-library="${SSLLIB}" ${EXTRA_CONFIG} || (cat 
config.log && exit 1)
   - make -j$JOBS
diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh
index bda54ee..3ffba0b 100755
--- a/.travis/build-deps.sh
+++ b/.travis/build-deps.sh
@@ -2,8 +2,6 @@
 set -eux
 
 # Set defaults
-MBEDTLS_VERSION="${MBEDTLS_VERSION:-2.2.1}"
-OPENSSL_VERSION="${OPENSSL_VERION:-1.0.2h}"
 PREFIX="${PREFIX:-${HOME}/opt}"
 
 download_mbedtls () {
-- 
2.5.5


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] Resolve several travis-ci issues

[Ilya Shipitsin]

MBEDTLS_VERSION, OPENSSL_VERSION were defined twice - in both
 .travis.yml  and .travis/build-deps.sh files, the last one
defined OPENSSL_VERSION via nonexistent OPENSSL_VERION
variable, which lead us to use openssl-1.0.1 instead of
openssl-1.0.2, I removed variable definition from build-deps.sh

"cache: [ apt: true ]" is not a travis supported option, it was
introduced by mistake, I removed it

LD_LIBRARY_PATH was defined for the entire test run, it includes
custom openssl build, which was picked by "wget", so "wget"
could not verify SSL cert at https://www.openssl.org sometimes.
We do not want wget to pick our custom LD_LIBRARY_PATH, so I moved
that variable to "script" section

LD_LIBRARY_PATH was defined for both linux and osx environments,
for the second DYLD_LIBRARY_PATH must be defined instead
---
 .travis.yml   | 3 +--
 .travis/build-deps.sh | 2 --
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 369db97..f3727fa 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -18,7 +18,6 @@ env:
 - OPENSSL_VERSION="1.0.1t"
 - OPENSSL_CFLAGS="-I${PREFIX}/include"
 - OPENSSL_LIBS="-L${PREFIX}/lib -lssl -lcrypto"
-- LD_LIBRARY_PATH="${PREFIX}/lib:${LD_LIBRARY_PATH}"
 
 matrix:
   include:
@@ -63,7 +62,6 @@ addons:
   - linux-libc-dev
 
 cache:
-  apt: true
   ccache: true
   directories:
   - download-cache
@@ -77,6 +75,7 @@ install:
   - .travis/build-deps.sh > build-deps.log 2>&1 || (cat build-deps.log && exit 
1)
 
 script:
+  - export LD_LIBRARY_PATH="${PREFIX}/lib:${LD_LIBRARY_PATH}"
   - autoreconf -vi
   - ./configure --with-crypto-library="${SSLLIB}" ${EXTRA_CONFIG} || (cat 
config.log && exit 1)
   - make -j$JOBS
diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh
index bda54ee..3ffba0b 100755
--- a/.travis/build-deps.sh
+++ b/.travis/build-deps.sh
@@ -2,8 +2,6 @@
 set -eux
 
 # Set defaults
-MBEDTLS_VERSION="${MBEDTLS_VERSION:-2.2.1}"
-OPENSSL_VERSION="${OPENSSL_VERION:-1.0.2h}"
 PREFIX="${PREFIX:-${HOME}/opt}"
 
 download_mbedtls () {
-- 
2.5.5


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] cppcheck finding: add "ASSERT( maxoutput > 0 || separator != NULL )" to prevent possible null pointer derefence

[Ilya Shipitsin]

---
 src/openvpn/buffer.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c
index 52c6ab9..57bded9 100644
--- a/src/openvpn/buffer.c
+++ b/src/openvpn/buffer.c
@@ -438,10 +438,12 @@ format_hex_ex (const uint8_t *data, int size, int 
maxoutput,
   unsigned int space_break_flags, const char* separator,
   struct gc_arena *gc)
 {
-  struct buffer out = alloc_buf_gc (maxoutput ? maxoutput :
+  int i;
+  struct buffer out;
+  ASSERT( maxoutput > 0 || separator != NULL );
+  out = alloc_buf_gc (maxoutput ? maxoutput :
((size * 2) + (size / (space_break_flags & 
FHE_SPACE_BREAK_MASK)) * (int) strlen (separator) + 2),
gc);
-  int i;
   for (i = 0; i < size; ++i)
 {
   if (separator && i && !(i % (space_break_flags & FHE_SPACE_BREAK_MASK)))
-- 
2.5.5


--
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] enable "--disable-crypto" build configuration

[Ilya Shipitsin]

---
 .travis.yml | 4 
 1 file changed, 4 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 452c48e..369db97 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -51,10 +51,6 @@ matrix:
   os: osx
   osx_image: xcode7.3
   compiler: clang
-  allow_failures:
-- env: SSLLIB="openssl" EXTRA_CONFIG="--disable-crypto"
-  os: linux
-  compiler: clang
   exclude:
 - compiler: gcc
 
-- 
2.5.5


--
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] travis-ci refactor by Steffan Karger

[Ilya Shipitsin]

From: Steffan Karger 

Signed-off-by: Steffan Karger 
---
 .travis.yml   | 63 --
 .travis/build-deps.sh | 85 +++
 2 files changed, 119 insertions(+), 29 deletions(-)
 create mode 100755 .travis/build-deps.sh

diff --git a/.travis.yml b/.travis.yml
index 6f719a1..452c48e 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -11,43 +11,49 @@ compiler:
 env:
   global:
 - JOBS=3
-- MBEDTLS_VERSION=2.2.1
-- MBEDTLS_PREFIX=~/opt/mbedtls
-- MBEDTLS_LIBS="-L$MBEDTLS_PREFIX/lib -lmbedtls -lmbedx509 -lmbedcrypto"
-- MBEDTLS_CFLAGS="-I$MBEDTLS_PREFIX/include"
-- OPENSSL_VERSION=1.0.1t
-- OPENSSL_PREFIX=~/opt/openssl
-- OPENSSL_LIB=$OPENSSL_PREFIX/lib
-- OPENSSL_INC=$OPENSSL_PREFIX/include
-- OPENSSL_CFLAGS="-I$OPENSSL_PREFIX/include"
-- OPENSSL_LIBS="-L$OPENSSL_PREFIX/lib -lssl -lcrypto"
+- PREFIX="${HOME}/opt"
+- MBEDTLS_VERSION="2.2.1"
+- MBEDTLS_CFLAGS="-I${PREFIX}/include"
+- MBEDTLS_LIBS="-L${PREFIX}/lib -lmbedtls -lmbedx509 -lmbedcrypto"
+- OPENSSL_VERSION="1.0.1t"
+- OPENSSL_CFLAGS="-I${PREFIX}/include"
+- OPENSSL_LIBS="-L${PREFIX}/lib -lssl -lcrypto"
+- LD_LIBRARY_PATH="${PREFIX}/lib:${LD_LIBRARY_PATH}"
 
 matrix:
   include:
-- env: CONFIG="--with-crypto-library=openssl"
+- env: SSLLIB="openssl"
+  os: linux
   compiler: gcc
-- env: CONFIG="--with-crypto-library=openssl"
+- env: SSLLIB="openssl"
+  os: linux
   compiler: clang
-- env: CONFIG="--with-crypto-library=mbedtls"
+- env: SSLLIB="mbedtls"
+  os: linux
   compiler: gcc
-- env: CONFIG="--with-crypto-library=mbedtls"
+- env: SSLLIB="mbedtls"
+  os: linux
   compiler: clang
-- env: CONFIG="--with-crypto-library=openssl --disable-crypto"
+- env: SSLLIB="openssl" EXTRA_CONFIG="--disable-crypto"
+  os: linux
   compiler: clang
-- env: CONFIG="--with-crypto-library=openssl --disable-lzo"
+- env: SSLLIB="openssl" EXTRA_CONFIG="--disable-lzo"
+  os: linux
   compiler: clang
-- env: CONFIG="--with-crypto-library=openssl --enable-small"
+- env: SSLLIB="openssl" EXTRA_CONFIG="--enable-small"
+  os: linux
   compiler: clang
-- env: CONFIG="--with-crypto-library=openssl"
+- env: SSLLIB="openssl"
   os: osx
   osx_image: xcode7.3
   compiler: clang
-- env: CONFIG="--with-crypto-library=mbedtls"
+- env: SSLLIB="mbedtls"
   os: osx
   osx_image: xcode7.3
   compiler: clang
   allow_failures:
-- env: CONFIG="--with-crypto-library=openssl --disable-crypto"
+- env: SSLLIB="openssl" EXTRA_CONFIG="--disable-crypto"
+  os: linux
   compiler: clang
   exclude:
 - compiler: gcc
@@ -65,21 +71,20 @@ cache:
   ccache: true
   directories:
   - download-cache
+  - ${HOME}/opt
 
 before_install:
-  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew update ; fi
-  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install lzo; fi
+  - if [ "${TRAVIS_OS_NAME}" = "osx" ]; then brew update ; fi
+  - if [ "${TRAVIS_OS_NAME}" = "osx" ]; then brew install lzo; fi
 
 install:
-  - mkdir ~/bin && ln -s $(which ccache) ~/bin/$CC && export 
PATH=$HOME/bin:$PATH
-  - if [ ! -d download-cache ]; then mkdir download-cache; fi
-  - if [[ $CONFIG == *"--with-crypto-library=openssl"* ]]; then 
.travis/build-openssl-${TRAVIS_OS_NAME}.sh; fi
-  - if [[ $CONFIG == *"--with-crypto-library=mbedtls"* ]]; then 
.travis/build-mbedtls-${TRAVIS_OS_NAME}.sh; fi
+  - .travis/build-deps.sh > build-deps.log 2>&1 || (cat build-deps.log && exit 
1)
 
 script:
   - autoreconf -vi
-  - ./configure $CONFIG || (cat config.log && exit 1)
+  - ./configure --with-crypto-library="${SSLLIB}" ${EXTRA_CONFIG} || (cat 
config.log && exit 1)
   - make -j$JOBS
-  - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then ldd src/openvpn/openvpn; fi
-  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then otool -L src/openvpn/openvpn; fi
+  - src/openvpn/openvpn --version || true
+  - if [ "${TRAVIS_OS_NAME}" = "linux" ]; then ldd src/openvpn/openvpn; fi
+  - if [ "${TRAVIS_OS_NAME}" = "osx" ]; then otool -L src/openvpn/openvpn; fi
   - make check
diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh
new file mode 100755
index 000..bda54ee
--- /dev/null
+++ b/.travis/build-deps.sh
@@ -0,0 +1,85 @@
+#!/bin/sh
+set -eux
+
+# Set defaults
+MBEDTLS_VERSION="${MBEDTLS_VERSION:-2.2.1}"
+OPENSSL_VERSION="${OPENSSL_VERION:-1.0.2h}"
+PREFIX="${PREFIX:-${HOME}/opt}"
+
+download_mbedtls () {
+if [ ! -f "download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz" ]; then
+wget -P download-cache/ \
+
"https://tls.mbed.org/download/mbedtls-${MBEDTLS_VERSION}-apache.tgz;
+fi
+}
+
+build_mbedtls () {
+if [ "$(cat ${PREFIX}/.mbedtls-version)" != "${MBEDTLS_VERSION}" ]; then
+tar zxf download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz
+(
+ 

[Openvpn-devel] [PATCH] initial travis-ci support

[Ilya Shipitsin]

---
 .travis.yml| 85 ++
 .travis/build-mbedtls-linux.sh | 10 +
 .travis/build-mbedtls-osx.sh   |  9 +
 .travis/build-openssl-linux.sh | 12 ++
 .travis/build-openssl-osx.sh   | 11 ++
 5 files changed, 127 insertions(+)
 create mode 100644 .travis.yml
 create mode 100755 .travis/build-mbedtls-linux.sh
 create mode 100755 .travis/build-mbedtls-osx.sh
 create mode 100755 .travis/build-openssl-linux.sh
 create mode 100755 .travis/build-openssl-osx.sh

diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 000..6f719a1
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,85 @@
+sudo: required
+dist: trusty
+
+os: linux
+
+language: c
+
+compiler:
+  - gcc
+
+env:
+  global:
+- JOBS=3
+- MBEDTLS_VERSION=2.2.1
+- MBEDTLS_PREFIX=~/opt/mbedtls
+- MBEDTLS_LIBS="-L$MBEDTLS_PREFIX/lib -lmbedtls -lmbedx509 -lmbedcrypto"
+- MBEDTLS_CFLAGS="-I$MBEDTLS_PREFIX/include"
+- OPENSSL_VERSION=1.0.1t
+- OPENSSL_PREFIX=~/opt/openssl
+- OPENSSL_LIB=$OPENSSL_PREFIX/lib
+- OPENSSL_INC=$OPENSSL_PREFIX/include
+- OPENSSL_CFLAGS="-I$OPENSSL_PREFIX/include"
+- OPENSSL_LIBS="-L$OPENSSL_PREFIX/lib -lssl -lcrypto"
+
+matrix:
+  include:
+- env: CONFIG="--with-crypto-library=openssl"
+  compiler: gcc
+- env: CONFIG="--with-crypto-library=openssl"
+  compiler: clang
+- env: CONFIG="--with-crypto-library=mbedtls"
+  compiler: gcc
+- env: CONFIG="--with-crypto-library=mbedtls"
+  compiler: clang
+- env: CONFIG="--with-crypto-library=openssl --disable-crypto"
+  compiler: clang
+- env: CONFIG="--with-crypto-library=openssl --disable-lzo"
+  compiler: clang
+- env: CONFIG="--with-crypto-library=openssl --enable-small"
+  compiler: clang
+- env: CONFIG="--with-crypto-library=openssl"
+  os: osx
+  osx_image: xcode7.3
+  compiler: clang
+- env: CONFIG="--with-crypto-library=mbedtls"
+  os: osx
+  osx_image: xcode7.3
+  compiler: clang
+  allow_failures:
+- env: CONFIG="--with-crypto-library=openssl --disable-crypto"
+  compiler: clang
+  exclude:
+- compiler: gcc
+
+addons:
+  apt:
+packages:
+  - liblzo2-dev
+  - libpam0g-dev
+  - liblz4-dev
+  - linux-libc-dev
+
+cache:
+  apt: true
+  ccache: true
+  directories:
+  - download-cache
+
+before_install:
+  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew update ; fi
+  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install lzo; fi
+
+install:
+  - mkdir ~/bin && ln -s $(which ccache) ~/bin/$CC && export 
PATH=$HOME/bin:$PATH
+  - if [ ! -d download-cache ]; then mkdir download-cache; fi
+  - if [[ $CONFIG == *"--with-crypto-library=openssl"* ]]; then 
.travis/build-openssl-${TRAVIS_OS_NAME}.sh; fi
+  - if [[ $CONFIG == *"--with-crypto-library=mbedtls"* ]]; then 
.travis/build-mbedtls-${TRAVIS_OS_NAME}.sh; fi
+
+script:
+  - autoreconf -vi
+  - ./configure $CONFIG || (cat config.log && exit 1)
+  - make -j$JOBS
+  - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then ldd src/openvpn/openvpn; fi
+  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then otool -L src/openvpn/openvpn; fi
+  - make check
diff --git a/.travis/build-mbedtls-linux.sh b/.travis/build-mbedtls-linux.sh
new file mode 100755
index 000..c21f4e6
--- /dev/null
+++ b/.travis/build-mbedtls-linux.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+if [ ! -f download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz ]; then 
+   wget -O download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz 
https://tls.mbed.org/download/mbedtls-${MBEDTLS_VERSION}-apache.tgz; 
+fi
+
+tar zxf download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz
+cd mbedtls-${MBEDTLS_VERSION} && make > build.log 2>&1 || (cat build.log && 
exit 1)
+make install DESTDIR=$MBEDTLS_PREFIX && cd ..
+
diff --git a/.travis/build-mbedtls-osx.sh b/.travis/build-mbedtls-osx.sh
new file mode 100755
index 000..e7f07ea
--- /dev/null
+++ b/.travis/build-mbedtls-osx.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+if [ ! -f download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz ]; then 
+   wget -O download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz 
https://tls.mbed.org/download/mbedtls-${MBEDTLS_VERSION}-apache.tgz; 
+fi
+
+tar zxf download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz
+cd mbedtls-${MBEDTLS_VERSION} && make > build.log 2>&1 || (cat build.log && 
exit 1)
+make install DESTDIR=$MBEDTLS_PREFIX && cd ..
diff --git a/.travis/build-openssl-linux.sh b/.travis/build-openssl-linux.sh
new file mode 100755
index 000..931e2c9
--- /dev/null
+++ b/.travis/build-openssl-linux.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+if [ ! -f download-cache/openssl-${OPENSSL_VERSION}.tar.gz ]; then 
+   wget -O download-cache/openssl-${OPENSSL_VERSION}.tar.gz 
https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz; 
+fi
+
+tar zxf download-cache/openssl-${OPENSSL_VERSION}.tar.gz
+cd openssl-${OPENSSL_VERSION}/
+./config shared --prefix=$OPENSSL_PREFIX -DPURIFY > build.log 2>&1 || (cat 

[Openvpn-devel] [PATCH] initial travis-ci support

[Ilya Shipitsin]

---
 .travis.yml| 85 ++
 .travis/build-mbedtls-linux.sh | 10 +
 .travis/build-mbedtls-osx.sh   |  9 +
 .travis/build-openssl-linux.sh | 12 ++
 .travis/build-openssl-osx.sh   | 11 ++
 5 files changed, 127 insertions(+)
 create mode 100644 .travis.yml
 create mode 100755 .travis/build-mbedtls-linux.sh
 create mode 100755 .travis/build-mbedtls-osx.sh
 create mode 100755 .travis/build-openssl-linux.sh
 create mode 100755 .travis/build-openssl-osx.sh

diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 000..6f719a1
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,85 @@
+sudo: required
+dist: trusty
+
+os: linux
+
+language: c
+
+compiler:
+  - gcc
+
+env:
+  global:
+- JOBS=3
+- MBEDTLS_VERSION=2.2.1
+- MBEDTLS_PREFIX=~/opt/mbedtls
+- MBEDTLS_LIBS="-L$MBEDTLS_PREFIX/lib -lmbedtls -lmbedx509 -lmbedcrypto"
+- MBEDTLS_CFLAGS="-I$MBEDTLS_PREFIX/include"
+- OPENSSL_VERSION=1.0.1t
+- OPENSSL_PREFIX=~/opt/openssl
+- OPENSSL_LIB=$OPENSSL_PREFIX/lib
+- OPENSSL_INC=$OPENSSL_PREFIX/include
+- OPENSSL_CFLAGS="-I$OPENSSL_PREFIX/include"
+- OPENSSL_LIBS="-L$OPENSSL_PREFIX/lib -lssl -lcrypto"
+
+matrix:
+  include:
+- env: CONFIG="--with-crypto-library=openssl"
+  compiler: gcc
+- env: CONFIG="--with-crypto-library=openssl"
+  compiler: clang
+- env: CONFIG="--with-crypto-library=mbedtls"
+  compiler: gcc
+- env: CONFIG="--with-crypto-library=mbedtls"
+  compiler: clang
+- env: CONFIG="--with-crypto-library=openssl --disable-crypto"
+  compiler: clang
+- env: CONFIG="--with-crypto-library=openssl --disable-lzo"
+  compiler: clang
+- env: CONFIG="--with-crypto-library=openssl --enable-small"
+  compiler: clang
+- env: CONFIG="--with-crypto-library=openssl"
+  os: osx
+  osx_image: xcode7.3
+  compiler: clang
+- env: CONFIG="--with-crypto-library=mbedtls"
+  os: osx
+  osx_image: xcode7.3
+  compiler: clang
+  allow_failures:
+- env: CONFIG="--with-crypto-library=openssl --disable-crypto"
+  compiler: clang
+  exclude:
+- compiler: gcc
+
+addons:
+  apt:
+packages:
+  - liblzo2-dev
+  - libpam0g-dev
+  - liblz4-dev
+  - linux-libc-dev
+
+cache:
+  apt: true
+  ccache: true
+  directories:
+  - download-cache
+
+before_install:
+  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew update ; fi
+  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install lzo; fi
+
+install:
+  - mkdir ~/bin && ln -s $(which ccache) ~/bin/$CC && export 
PATH=$HOME/bin:$PATH
+  - if [ ! -d download-cache ]; then mkdir download-cache; fi
+  - if [[ $CONFIG == *"--with-crypto-library=openssl"* ]]; then 
.travis/build-openssl-${TRAVIS_OS_NAME}.sh; fi
+  - if [[ $CONFIG == *"--with-crypto-library=mbedtls"* ]]; then 
.travis/build-mbedtls-${TRAVIS_OS_NAME}.sh; fi
+
+script:
+  - autoreconf -vi
+  - ./configure $CONFIG || (cat config.log && exit 1)
+  - make -j$JOBS
+  - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then ldd src/openvpn/openvpn; fi
+  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then otool -L src/openvpn/openvpn; fi
+  - make check
diff --git a/.travis/build-mbedtls-linux.sh b/.travis/build-mbedtls-linux.sh
new file mode 100755
index 000..c21f4e6
--- /dev/null
+++ b/.travis/build-mbedtls-linux.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+if [ ! -f download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz ]; then 
+   wget -O download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz 
https://tls.mbed.org/download/mbedtls-${MBEDTLS_VERSION}-apache.tgz; 
+fi
+
+tar zxf download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz
+cd mbedtls-${MBEDTLS_VERSION} && make > build.log 2>&1 || (cat build.log && 
exit 1)
+make install DESTDIR=$MBEDTLS_PREFIX && cd ..
+
diff --git a/.travis/build-mbedtls-osx.sh b/.travis/build-mbedtls-osx.sh
new file mode 100755
index 000..e7f07ea
--- /dev/null
+++ b/.travis/build-mbedtls-osx.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+if [ ! -f download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz ]; then 
+   wget -O download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz 
https://tls.mbed.org/download/mbedtls-${MBEDTLS_VERSION}-apache.tgz; 
+fi
+
+tar zxf download-cache/mbedtls-${MBEDTLS_VERSION}-apache.tgz
+cd mbedtls-${MBEDTLS_VERSION} && make > build.log 2>&1 || (cat build.log && 
exit 1)
+make install DESTDIR=$MBEDTLS_PREFIX && cd ..
diff --git a/.travis/build-openssl-linux.sh b/.travis/build-openssl-linux.sh
new file mode 100755
index 000..931e2c9
--- /dev/null
+++ b/.travis/build-openssl-linux.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+if [ ! -f download-cache/openssl-${OPENSSL_VERSION}.tar.gz ]; then 
+   wget -O download-cache/openssl-${OPENSSL_VERSION}.tar.gz 
https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz; 
+fi
+
+tar zxf download-cache/openssl-${OPENSSL_VERSION}.tar.gz
+cd openssl-${OPENSSL_VERSION}/
+./config shared --prefix=$OPENSSL_PREFIX -DPURIFY > build.log 2>&1 || (cat